last executing test programs: 3m42.51019875s ago: executing program 1 (id=578): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r2, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x69801}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x2}}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x1}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) sendto$packet(r0, &(0x7f00000001c0)="11eb0300", 0x4, 0x2404c081, &(0x7f0000000200)={0x11, 0x88a8, 0x0, 0x1, 0x4, 0x6, @multicast}, 0x14) 3m42.398546616s ago: executing program 1 (id=580): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x10) socket$alg(0x26, 0x5, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_udp(0xa, 0x2, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}}, 0x0) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000190a0102"], 0x14}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000030000000060a010400000000000000000100000008000b40000000000900010073797a3000000000050007400800000014000000110001"], 0xa4}, 0x1, 0x0, 0x0, 0x2004c899}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f000000c2c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 3m42.31585439s ago: executing program 1 (id=582): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x3, 0x3, @dev={0xfe, 0x80, '\x00', 0xd}, 0x9}, 0x1c) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)=',', 0x1}, {&(0x7f0000000ec0)="c9fbe0378bef0a6749d715b5c3e27d03e68c83579553d3bd9cc08edbae86d2f95e95a3fa8ab031e21b5a47e4205c87eefc819e6ea7bd0f6772e957f739339398cd07aeb0522339dde07af5b6ee6b94221ca3494c29be340810d421808f27877885583a2c80d4331aca54533ad84a0ccc5fa28956504f2eafc0f098f878ae3caf30b7981d5e778aaa197d235aa31c4c77fdf0e1c0d31fc7c43969830f82c4b5631e47df6b9a9f59a57e0e7bd1f9e4fcdb4150f713fb9e3530650b43a92853d1e3334fe72113d518a558343615ba8d3412bda82b725855e14c29f7ed81e1cbb76f9684cc6b7fcdc2808119a0f8328b0c5d0e996e50e95605724abb1c635b0bf633f4bcca6213fef03260e56321e3270f322eb13b8ab70c726cbce78c93e4c87d7d242ae9459775aa7c045233df9912fc47d6793f40bb5543b537ed6b79e0091e3c069644ce8d6ea00125815fae3c25f4d5c847e76c0c6987e5040b85522dcf5c3de2a92fd45ba17d7df260ba36e6917f75ccd289070477665e64ac3e00c93228b7", 0x180}, {&(0x7f00000001c0)="ff4a", 0x2}], 0x3, 0x0, 0x0, 0x2c}, 0x44084) 3m42.27713739s ago: executing program 1 (id=583): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f0000000280)={[{@noload}, {@resgid}]}, 0x3, 0x45f, &(0x7f0000000940)="$eJzs3M9vFFUcAPDvTH8gArYi/uCHWkVj44+WAioHD2o08YCJiR702LSFIAs1tCZCiIIxeDLGxLvx6L/gSS/GeDLxqndDQgwXfpzGzO5M2V12l7Js2Zb9fJJh35t5y3vfnXm7783bbQADayL/J4nYGhF/R8RYLdtYYKL2cPXy2blrl8/OJZFl7/+XVMtduXx2rixaPm9LkZlMI9Kvktjdot6l02eOz1YqC6eK/PTyiU+ml06feenYidmjC0cXTu4/dOjggZlXX9n/ck/izNt0Zdfni3t2vvPRd+8e/qYh/qY4emSi08Fns6zH1fXXtrp0Mlx9GOpbY1i1/CTlp2uk2v/HYiiGV46Nxdtf9rVxwJrKsizbEtNZm4+jcxlwD0uiMa/Lw6AoP+jz+W+5NQ8CXl/jMUg/XXqjNgHK475abLUjw5EWZUaa5re9NBERH567/kO+xdrchwAAaPBLPv55sdX4L41H6so9UKwNjUfEgxGxPSIeiogdEfFwRLXsoxHx2G3W37xIcvP4J73YVWCrlI//XivWthrHf+XoL8aHity2avwjyZFjlYV9xWsyGSOb8vxMhzp+feuvb9sdqx//5VtefzkWLNpxcXhT43PmZ5dn7yTmeklE7BpuFX+yshKQl9mZl+uyjmPP/7Sn3bFbx9/BcJcNqpP9GPFc7fyfi6b4S0nn9cnp+6KysG+6vCpu9sefF95rV38t/mxTRBfx98Cl8xH3t7z+V+IfT+rXa5duv44L/3zddk7T7fU/mnxQTY8W+z6bXV4+NRMxmhyuNbp+//4bzy3zZfk8/sm9rfv/9rjxSuyOiPwifjwinoiIJ4u2PxURT0fE3g7x//7mMx93H//ayuOfv63zfyMxGs17WieGjv/2c0Ol4zfFf63z+T9YTU0We1bz/readnV3NQMAAMDGk0bE1kjSqZV0mk5N1b4vvyMirSwuLb9wZPHTk/O13wiMR6Tlna6xuvuhM8W0vpY/HxG1rxaUxw8U942/H9pczU/NLVbm+x08DLgtbfp/7l+/4IB7Xw/W0YANSv+HwaX/w+DS/2Fwtej/m/vRDuDua/X5/0Uf2gHcfU3937IfDBDzfxhc+j8MLv0fBtLS5rj1j+Q7Jsr/6VaFrxd/cfBO6tpIiRhZF81Ys0Sk66IZ6zYxssp+sV4T/XtPAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6KX/AwAA//8P5+JA") r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x0, 0x0) syz_clone(0x2000, &(0x7f0000000380), 0x0, 0x0, &(0x7f00000004c0), &(0x7f0000000600)="032a78ced86fd3dcb7cb7017553d98c430bd7f47d06d15ab3c7bc4446c4916a7656db11f9bc81d986df0ef30ee3f63eff76246fd02b6ad64") open_by_handle_at(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="08000000020000000b"], 0x0) 3m41.473902706s ago: executing program 1 (id=590): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x69801}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x2}}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x1}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) sendto$packet(r0, &(0x7f00000001c0)="11eb0300", 0x4, 0x2404c081, &(0x7f0000000200)={0x11, 0x88a8, r3, 0x1, 0x4, 0x6, @multicast}, 0x14) 3m41.083896092s ago: executing program 1 (id=604): bpf$MAP_CREATE(0x0, &(0x7f0000000940)=@base={0x1a, 0xfffffeff, 0x9, 0x8, 0x47, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x1}, 0x50) 3m41.083666814s ago: executing program 32 (id=604): bpf$MAP_CREATE(0x0, &(0x7f0000000940)=@base={0x1a, 0xfffffeff, 0x9, 0x8, 0x47, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x1}, 0x50) 4.265641395s ago: executing program 4 (id=2952): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/consoles\x00', 0x0, 0x0) r3 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000200)=0x48, 0x4) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r5 = openat$urandom(0xffffffffffffff9c, 0x0, 0x103902, 0x0) sendfile(r5, r5, 0x0, 0x2) r6 = getpid() ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000340)={{0xfffffffe, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x2, 0x4, r6, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r3, 0xc4c85513, &(0x7f00000006c0)={{0x5, 0x0, 0x1, 0x6, 'syz1\x00', 0x10001}, 0x1, [0x7, 0x800, 0x800000000, 0xd, 0xd18, 0x6, 0x9, 0x3, 0xfffffffffffff000, 0x9, 0x2, 0xffffffffffffffff, 0x1, 0x400, 0x2, 0x1, 0x9, 0x9, 0x2, 0x146bf227, 0x7, 0x5, 0xa, 0x1, 0xfffffffffffffffb, 0x9, 0x7, 0x5, 0x6903fcd9, 0x7ff, 0x6, 0x7, 0x8, 0xf, 0x2, 0x7fff, 0x6, 0x7e, 0x37, 0x0, 0x100000001, 0x4, 0x7, 0x401, 0x6, 0x2, 0x0, 0x9, 0x400, 0x7f6aaa55, 0x5, 0x2, 0x7, 0x6, 0x5, 0x7fffffffffffffff, 0x0, 0x9, 0x0, 0x8000000000fff, 0x6, 0x2, 0x7, 0x2, 0x0, 0x9, 0x1695b04f, 0xc, 0x98f, 0x800, 0x7, 0x4, 0x1, 0x6, 0x1, 0x0, 0x100000002, 0x7, 0x6, 0x45a, 0x2, 0xb, 0x4, 0x2, 0x3, 0x10001, 0x40, 0x0, 0xfffffffffffffff8, 0x9, 0x1000, 0x48, 0xb687, 0x1, 0xe1, 0xaf31, 0x6, 0xffff, 0x615, 0xe8, 0xffffffff, 0x3ab0, 0x7, 0xd904, 0x8000000000000000, 0x3, 0x600, 0x4, 0x5, 0x8001, 0x7f, 0xfffffffffffffff8, 0x10001, 0xf, 0x0, 0x1, 0xb, 0x9, 0x78, 0x9, 0x5, 0xfffffffffffffffc, 0x80, 0x0, 0x8000, 0x2, 0x7ff, 0x800001]}) close(0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r7, 0x890b, &(0x7f0000000300)={0x0, {0x2, 0x0, @dev}, {0x2, 0x4e20, @remote}, {0x2, 0x4, @multicast1}, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x200}) ioctl$sock_inet_SIOCADDRT(r7, 0x890b, &(0x7f0000000840)={0x0, {0x2, 0x0, @empty}, {0x4, 0x4e20, @loopback}, {0x2, 0x4e22, @remote}, 0x10c, 0x0, 0x0, 0xfdffffffffffffff, 0x0, &(0x7f0000000180)='lo\x00', 0x0, 0xa00, 0x1000}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, 0x0) 4.224030738s ago: executing program 0 (id=2953): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000}) 3.789197552s ago: executing program 4 (id=2955): ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x48}) read(0xffffffffffffffff, &(0x7f0000000140)=""/238, 0x20) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) 3.787237864s ago: executing program 0 (id=2956): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000580)={'veth1_to_bond\x00'}) r2 = bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000680)={r2, r3, 0x4, r0}, 0x6) syz_init_net_socket$llc(0x1a, 0x0, 0x0) syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r6, 0x8914, &(0x7f0000000000)) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0) r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r7, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r8, &(0x7f0000000140)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, 0x3, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x40) connect$rose(r8, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="34020000", @ANYRES16, @ANYBLOB="050000000000000000003f00000008000300", @ANYRES32=r9, @ANYBLOB="6c005e80080003000300000008000200a609000008000600c0dc000008000900050000000800070098010000200001"], 0x234}}, 0x0) sendmsg$NL80211_CMD_GET_POWER_SAVE(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, 0x0, 0x10, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x9, 0x65}}}}, ["", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x40800) 3.372801354s ago: executing program 4 (id=2962): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0) 2.918604895s ago: executing program 0 (id=2963): socketpair(0x2b, 0x1, 0x0, &(0x7f0000000040)) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000080)={0x7, {{0xa, 0x4e20, 0xe0, @mcast2, 0x138e}}, {{0xa, 0x4e21, 0x9, @private2, 0x4}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000002d00)={0x9, {{0xa, 0x4e23, 0x1000, @mcast2, 0x3}}, {{0xa, 0x4e22, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0xb0}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, &(0x7f00000005c0)={0x8, {{0xa, 0x4e24, 0x5, @mcast2, 0x6d00}}, {{0xa, 0x4620, 0xfffffff8, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8000}}}, 0x108) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) listen(r2, 0x2) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000"], 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_buf(r4, 0x1, 0x39, 0xffffffffffffffff, &(0x7f0000000100)) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000ffff1701009580000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ppoll(&(0x7f0000000500)=[{r3}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x80, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x8, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000400)={0x0, @local, @multicast2}, &(0x7f0000000440)=0xc) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000480)={'batadv0\x00', 0x0}) sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0xd871021}, 0xc, &(0x7f00000004c0)={&(0x7f0000000700)={0xd0, 0x0, 0x4, 0x70bd27, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x3}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x50, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @local}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x28, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast2}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r7}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xff}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x37, 0x800000, 0x8, 0x9, 0x8000}) write$bt_hci(r1, &(0x7f0000000080)=ANY=[], 0x6) socket$inet_sctp(0x2, 0x1, 0x84) ppoll(&(0x7f00000001c0)=[{r0, 0x200}], 0x1, 0x0, 0x0, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x3, 0xfd}, 0x8) 2.480849345s ago: executing program 4 (id=2967): r0 = fsopen(&(0x7f00000014c0)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) syz_open_dev$ttys(0xc, 0x2, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x1) socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x0, 0x0, 0xb49, 0x100000000, 0x8, 0xfffffff8, 0x3}, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @private=0xa010101}, 0x1, 0x1cf1cd988231dbb, 0x3, 0x6, 0x9, 0xffff}, 0x20) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) ioctl(r4, 0x8b32, &(0x7f0000000040)) shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') lseek(r5, 0x1000000, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) syz_emit_ethernet(0x76, 0x0, 0x0) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=ANY=[@ANYRESOCT, @ANYRES8=r3], 0x20}}, 0x0) 2.470767721s ago: executing program 3 (id=2968): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket$inet6(0xa, 0x1, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040884}, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r1 = socket(0x400000000010, 0x3, 0x0) write(r1, &(0x7f0000000040)="3a03000018002551075c0165ff0ffc02802000030004000500e1000c0400070080000900", 0x33a) 2.423087155s ago: executing program 3 (id=2970): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000}) 2.359581967s ago: executing program 5 (id=2972): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @multicast2}, 0x3}}, 0x2e) connect$pppl2tp(r0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x14, 0x2e, 0x1, 0xf0bd26, 0x25dfdbfc, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) 2.343323418s ago: executing program 3 (id=2973): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, 0x0, &(0x7f00000001c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_io_uring_setup(0x73d3, &(0x7f0000000240)={0x0, 0x7d89, 0x10100, 0x2, 0x215}, &(0x7f0000000040)=0x0, &(0x7f00000001c0)=0x0) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000140)=0x15) syz_io_uring_submit(r5, r6, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd=r7, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r4, 0x1d39, 0xcec, 0x0, 0x0, 0x0) 2.271706786s ago: executing program 5 (id=2974): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000580)={'veth1_to_bond\x00'}) r2 = bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000680)={r2, r3, 0x4, r0}, 0x6) syz_init_net_socket$llc(0x1a, 0x0, 0x0) syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r6, 0x8914, &(0x7f0000000000)) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0) r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r7, 0x890b, 0x0) r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r8, &(0x7f0000000140)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, 0x3, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x40) connect$rose(r8, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="34020000", @ANYRES16, @ANYBLOB="050000000000000000003f00000008000300", @ANYRES32=r9, @ANYBLOB="6c005e80080003000300000008000200a609000008000600c0dc000008000900050000000800070098010000200001"], 0x234}}, 0x0) sendmsg$NL80211_CMD_GET_POWER_SAVE(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, 0x0, 0x10, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x9, 0x65}}}}, ["", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x40800) 1.974419708s ago: executing program 0 (id=2975): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) r5 = socket(0x10, 0x3, 0x0) close(r4) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x2000006}, [@TCA_NETEM_CORRUPT={0xc, 0x4, {0xffffff7f, 0x1}}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 1.685638876s ago: executing program 0 (id=2977): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="c8010000", @ANYRES16=r1, @ANYBLOB="0100000000000000000001000000060006000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5426c010880f4000080060005000180000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff240002001bc715ee4868b12a49f4df11bc05475489f6a27c4d6483ad2fa5e45903b0ce8514000400e76a686bac1414aa00000000000000008c00098028000080060001000a00000014000200ff020000000000000000000000000001050003000000000028000080060001000a000000140002000000000000000000000000000000000105000300030000001c000080060001000200da0008000200e000000105000300000000001c000080060001000200000008000200ac141400050003000000000074000080200004000a004e2200000000fc0000000000"], 0x1c8}}, 0x0) 1.520950995s ago: executing program 0 (id=2984): syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000059770c40c009030243d30000000109"], 0x0) syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d4"]) syz_emit_ethernet(0xbe, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd69010000001406fffe800000000000000000000039fe8000000000000000000000000000aa4e224e24000000", @ANYRES32=0x41424344, @ANYBLOB="51c2"], 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac9", 0x3}], 0x1}}], 0x1, 0x4000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}}) 1.467770328s ago: executing program 4 (id=2985): socketpair(0x2b, 0x1, 0x0, &(0x7f0000000040)) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000080)={0x7, {{0xa, 0x4e20, 0xe0, @mcast2, 0x138e}}, {{0xa, 0x4e21, 0x9, @private2, 0x4}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000002d00)={0x9, {{0xa, 0x4e23, 0x1000, @mcast2, 0x3}}, {{0xa, 0x4e22, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0xb0}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, &(0x7f00000005c0)={0x8, {{0xa, 0x4e24, 0x5, @mcast2, 0x6d00}}, {{0xa, 0x4620, 0xfffffff8, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8000}}}, 0x108) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) listen(r2, 0x2) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000"], 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_buf(r4, 0x1, 0x39, 0xffffffffffffffff, &(0x7f0000000100)) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000ffff1701009580000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ppoll(&(0x7f0000000500)=[{r3}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x80, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x8, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000400)={0x0, @local, @multicast2}, &(0x7f0000000440)=0xc) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000480)={'batadv0\x00', 0x0}) sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0xd871021}, 0xc, &(0x7f00000004c0)={&(0x7f0000000700)={0xd0, 0x0, 0x4, 0x70bd27, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x3}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x50, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @local}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x28, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast2}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r7}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xff}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x37, 0x800000, 0x8, 0x9, 0x8000}) write$bt_hci(r1, &(0x7f0000000080)=ANY=[], 0x6) socket$inet_sctp(0x2, 0x1, 0x84) ppoll(&(0x7f00000001c0)=[{r0, 0x200}], 0x1, 0x0, 0x0, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x3, 0xfd}, 0x8) 1.453118585s ago: executing program 3 (id=2986): sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140), 0x0) r5 = accept4(r4, 0x0, 0x0, 0x80000) sendmsg$TIPC_NL_LINK_SET(r5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400c010}, 0x20004000) recvmsg(r5, 0x0, 0x12041) sendmsg$NFT_MSG_GETSET(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000000a0a01ff"], 0x14}}, 0x0) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r6, 0x400452c8, &(0x7f0000000100)) 1.420048193s ago: executing program 5 (id=2987): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f00000003c0)={0x0, 0xfffffffffffffd90, &(0x7f0000000380)={&(0x7f0000000240)={0x14, r1, 0x701, 0x74bd2b, 0x0, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x20004074}, 0x0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0) 1.359842926s ago: executing program 5 (id=2988): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r0) ioctl$SIOCSIFHWADDR(r0, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 1.359535059s ago: executing program 5 (id=2989): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000080)) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x3ef4, 0x81, r0}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x5) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) statfs(0x0, 0x0) 786.117594ms ago: executing program 2 (id=2992): r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/card0/oss_mixer\x00', 0x2, 0x0) write$proc_mixer(r0, 0x0, 0x0) close(r0) 757.018463ms ago: executing program 2 (id=2993): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socket(0x10, 0x803, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20040040}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, 0x0, 0x0) 683.774148ms ago: executing program 2 (id=2994): openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/address_bits', 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x40, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 668.885124ms ago: executing program 2 (id=2995): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="c8010000", @ANYRES16=r1, @ANYBLOB="0100000000000000000001000000060006000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5426c010880f4000080060005000180000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff240002001bc715ee4868b12a49f4df11bc05475489f6a27c4d6483ad2fa5e45903b0ce8514000400e76a686bac1414aa00000000000000008c00098028000080060001000a00000014000200ff020000000000000000000000000001050003000000000028000080060001000a000000140002000000000000000000000000000000000105000300030000001c000080060001000200da0008000200e000000105000300000000001c000080060001000200000008000200ac141400050003000000000074000080200004000a004e2200000000fc0000000000"], 0x1c8}}, 0x0) 643.216461ms ago: executing program 2 (id=2996): syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="12010000000000108117980800000000000109024100010000000009040000020308000009210000010122290a09058103", @ANYRESOCT], 0x0) syz_open_dev$evdev(&(0x7f0000000100), 0xfefffffa, 0x165400) 601.754611ms ago: executing program 4 (id=2997): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000580)={'veth1_to_bond\x00'}) r2 = bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000680)={r2, r3, 0x4, r0}, 0x6) syz_init_net_socket$llc(0x1a, 0x0, 0x0) syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r6, 0x8914, &(0x7f0000000000)) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0) r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r7, 0x890b, 0x0) r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r8, &(0x7f0000000140)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, 0x3, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x40) connect$rose(r8, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="34020000", @ANYRES16, @ANYBLOB="050000000000000000003f00000008000300", @ANYRES32=r9, @ANYBLOB="6c005e80080003000300000008000200a609000008000600c0dc000008000900050000000800070098010000200001"], 0x234}}, 0x0) sendmsg$NL80211_CMD_GET_POWER_SAVE(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, 0x0, 0x10, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x9, 0x65}}}}, ["", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x40800) 582.711978ms ago: executing program 3 (id=2998): semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x1a1, 0x8}, 0x136b7fe3, 0x80, 0x4}) 519.667545ms ago: executing program 3 (id=2999): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0x36b78000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$UI_GET_SYSNAME(r5, 0x8040552c, &(0x7f0000000340)) sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x6) r6 = socket$alg(0x26, 0x5, 0x0) munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) r7 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r7, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x900}, 0x60) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c", 0x15) r8 = accept4(r6, 0x0, 0x0, 0x800) sendmmsg$alg(r8, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412b", 0xf}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bb", 0x48}, {0x0}], 0x3}], 0x1, 0x40800) recvmsg(r8, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_GET(r9, 0x0, 0x4000) ioctl$TIOCL_BLANKSCREEN(r0, 0x560e, &(0x7f0000000000)) kcmp$KCMP_EPOLL_TFD(0x0, r2, 0x7, r9, &(0x7f0000000740)={0xffffffffffffffff, r0, 0x9}) ioctl$TIOCSWINSZ(r0, 0x5414, &(0x7f0000000040)={0x9, 0x2, 0x1000, 0x5}) 518.935535ms ago: executing program 5 (id=3000): socket$alg(0x26, 0x5, 0x0) socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000380)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x28, 0x0, 0x0, 0x6ebf}, {0x6}]}, 0x10) sendmmsg$unix(r2, &(0x7f00000000c0), 0x3f, 0x0) 0s ago: executing program 2 (id=3001): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0) read(r0, &(0x7f0000000140)=""/238, 0x20) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) kernel console output (not intermixed with test programs): 0000-000000000000. [ 153.348854][ T6554] EXT4-fs error (device loop2): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 153.355950][ T6554] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 153.359174][ T6554] EXT4-fs error (device loop2): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error [ 153.627466][ T6551] Bluetooth: hci3: command 0x0406 tx timeout [ 153.627510][ T6551] Bluetooth: hci2: command 0x0406 tx timeout [ 153.627542][ T6551] Bluetooth: hci1: command 0x0406 tx timeout [ 153.689218][T11485] syzkaller0: entered promiscuous mode [ 153.689253][T11485] syzkaller0: entered allmulticast mode [ 153.690180][T11489] loop2: detected capacity change from 0 to 2048 [ 153.693625][T11489] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 153.696169][T11489] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 154.549813][T11511] loop2: detected capacity change from 0 to 1024 [ 154.552665][T11511] EXT4-fs: Ignoring removed bh option [ 154.554114][T11511] EXT4-fs: inline encryption not supported [ 154.567866][T11511] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 154.583709][T11511] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 154.597709][T11511] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 2: comm syz.2.1563: lblock 2 mapped to illegal pblock 2 (length 1) [ 154.603372][T11511] Quota error (device loop2): qtree_write_dquot: dquota write failed [ 154.608454][T11511] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 48: comm syz.2.1563: lblock 0 mapped to illegal pblock 48 (length 1) [ 154.630280][T11511] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 154.630324][T11511] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.1563: Failed to acquire dquot type 0 [ 154.634659][T11511] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 154.638071][T11511] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.1563: mark_inode_dirty error [ 154.640200][T11511] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 154.640265][T11511] EXT4-fs (loop2): 1 orphan inode deleted [ 154.640714][T11511] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 154.650676][ T6746] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:9: lblock 1 mapped to illegal pblock 1 (length 1) [ 154.653037][ T6746] Quota error (device loop2): remove_tree: Can't read quota data block 1 [ 154.653065][ T6746] EXT4-fs error (device loop2): ext4_release_dquot:6981: comm kworker/u8:9: Failed to release dquot type 0 [ 154.869732][ T6554] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.870805][ T6554] EXT4-fs error (device loop2): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 154.870921][ T6554] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 154.870986][ T6554] EXT4-fs error (device loop2): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error [ 155.196009][T11544] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1572'. [ 155.247677][T11543] loop3: detected capacity change from 0 to 1024 [ 155.651176][ T5558] hfsplus: b-tree write err: -5, ino 4 [ 155.727516][T11606] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1579'. [ 155.820922][T11618] loop2: detected capacity change from 0 to 7 [ 155.822521][T11618] Dev loop2: unable to read RDB block 7 [ 155.823844][T11618] loop2: unable to read partition table [ 155.827068][T11618] loop2: partition table beyond EOD, truncated [ 155.836609][T11618] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 156.814329][T11665] loop4: detected capacity change from 0 to 40427 [ 156.834006][T11665] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 156.837252][T11665] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 156.841237][T11665] syz.4.1594: attempt to access beyond end of device [ 156.841237][T11665] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 156.858952][T11669] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.859106][T11669] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.877865][T11678] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 157.113686][T11669] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 157.127452][T11669] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 157.570262][ T6550] syz-executor: attempt to access beyond end of device [ 157.570262][ T6550] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 157.573016][ T6550] CPU: 1 UID: 0 PID: 6550 Comm: syz-executor Not tainted syzkaller #0 PREEMPT [ 157.573034][ T6550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 157.573039][ T6550] Call trace: [ 157.573042][ T6550] show_stack+0x2c/0x3c (C) [ 157.573057][ T6550] __dump_stack+0x30/0x40 [ 157.573066][ T6550] dump_stack_lvl+0xd8/0x12c [ 157.573074][ T6550] dump_stack+0x1c/0x28 [ 157.573080][ T6550] f2fs_handle_critical_error+0x34c/0x4b8 [ 157.573090][ T6550] f2fs_stop_checkpoint+0x5c/0x70 [ 157.573096][ T6550] f2fs_write_end_io+0x768/0xa70 [ 157.573103][ T6550] bio_endio+0x858/0x894 [ 157.573108][ T6550] submit_bio_noacct+0xd64/0x186c [ 157.573115][ T6550] submit_bio+0x3b4/0x550 [ 157.573121][ T6550] f2fs_submit_write_bio+0x13c/0x324 [ 157.573127][ T6550] __submit_merged_bio+0x254/0x704 [ 157.573132][ T6550] __submit_merged_write_cond+0x23c/0x4ac [ 157.573138][ T6550] f2fs_write_data_pages+0x1d28/0x2634 [ 157.573145][ T6550] do_writepages+0x270/0x468 [ 157.573157][ T6550] filemap_fdatawrite+0x14c/0x1f4 [ 157.573162][ T6550] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 157.573168][ T6550] f2fs_write_checkpoint+0x70c/0x1c30 [ 157.573173][ T6550] kill_f2fs_super+0x228/0x594 [ 157.573179][ T6550] deactivate_locked_super+0xc4/0x12c [ 157.573186][ T6550] deactivate_super+0xe0/0x100 [ 157.573192][ T6550] cleanup_mnt+0x31c/0x3ac [ 157.573198][ T6550] __cleanup_mnt+0x20/0x30 [ 157.573204][ T6550] task_work_run+0x1dc/0x260 [ 157.573211][ T6550] exit_to_user_mode_loop+0xfc/0x178 [ 157.573218][ T6550] el0_svc+0x170/0x254 [ 157.573224][ T6550] el0t_64_sync_handler+0x84/0x12c [ 157.573230][ T6550] el0t_64_sync+0x198/0x19c [ 157.574526][ T6550] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 157.611110][ T12] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.612741][ T12] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.614280][ T12] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.619263][ T12] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.786424][T11722] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1602'. [ 158.029488][T11731] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 158.029657][T11731] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 158.038975][T11731] loop2: detected capacity change from 0 to 7 [ 158.039967][T11731] Dev loop2: unable to read RDB block 7 [ 158.039986][T11731] loop2: unable to read partition table [ 158.040044][T11731] loop2: partition table beyond EOD, truncated [ 158.040789][T11731] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 158.169100][T11742] binder: 11741:11742 ioctl c0306201 200001c0 returned -14 [ 158.602933][T11754] binder: 11753:11754 BC_FREE_BUFFER no match for buffer at offset 0 [ 158.604555][T11754] binder: 11753:11754 BC_ACQUIRE_DONE u0000000000000001 no match [ 158.676734][ T6561] Bluetooth: hci0: command 0x0405 tx timeout [ 159.000402][T11769] loop2: detected capacity change from 0 to 7 [ 159.001420][T11769] Dev loop2: unable to read RDB block 7 [ 159.001440][T11769] loop2: unable to read partition table [ 159.001492][T11769] loop2: partition table beyond EOD, truncated [ 159.001501][T11769] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 160.006407][T11805] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1636'. [ 160.109009][T11813] tipc: Enabling of bearer rejected, failed to enable media [ 160.109319][T11813] syzkaller0: entered promiscuous mode [ 160.109329][T11813] syzkaller0: entered allmulticast mode [ 160.531982][T11823] syzkaller0: entered promiscuous mode [ 160.532015][T11823] syzkaller0: entered allmulticast mode [ 160.666361][T11830] loop4: detected capacity change from 0 to 2048 [ 160.683549][T11830] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 160.737062][T11837] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1647'. [ 160.745756][ T6561] Bluetooth: hci0: command 0x0405 tx timeout [ 160.924748][T11848] netlink: 148 bytes leftover after parsing attributes in process `syz.5.1652'. [ 161.141209][T11859] syzkaller0: entered promiscuous mode [ 161.142452][T11859] syzkaller0: entered allmulticast mode [ 161.451297][ T6550] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.502711][T11866] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1659'. [ 161.542970][T11868] fuse: Unknown parameter '0x0000000000000004' [ 161.547745][T11870] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1661'. [ 161.549750][T11870] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1661'. [ 162.078680][T11890] syzkaller0: entered promiscuous mode [ 162.081295][T11890] syzkaller0: entered allmulticast mode [ 162.468997][T11896] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1671'. [ 162.516944][T11898] netlink: 428 bytes leftover after parsing attributes in process `syz.3.1672'. [ 162.537175][T11900] fuse: Unknown parameter '0x0000000000000004' [ 163.574498][T11921] syzkaller0: entered promiscuous mode [ 163.575395][T11921] syzkaller0: entered allmulticast mode [ 163.967819][T11924] loop2: detected capacity change from 0 to 40427 [ 163.974704][T11929] netlink: 108 bytes leftover after parsing attributes in process `syz.5.1683'. [ 163.987916][T11924] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 163.990158][T11924] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 163.996583][T11924] syz.2.1677: attempt to access beyond end of device [ 163.996583][T11924] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 164.038546][T11935] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 164.038741][T11935] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 164.058976][T11937] fuse: Unknown parameter '0x0000000000000004' [ 164.203876][T11943] loop4: detected capacity change from 0 to 2048 [ 164.388465][ T6554] syz-executor: attempt to access beyond end of device [ 164.388465][ T6554] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 164.388515][ T6554] CPU: 1 UID: 0 PID: 6554 Comm: syz-executor Not tainted syzkaller #0 PREEMPT [ 164.388527][ T6554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 164.388533][ T6554] Call trace: [ 164.388537][ T6554] show_stack+0x2c/0x3c (C) [ 164.388549][ T6554] __dump_stack+0x30/0x40 [ 164.388555][ T6554] dump_stack_lvl+0xd8/0x12c [ 164.388560][ T6554] dump_stack+0x1c/0x28 [ 164.388564][ T6554] f2fs_handle_critical_error+0x34c/0x4b8 [ 164.388572][ T6554] f2fs_stop_checkpoint+0x5c/0x70 [ 164.388577][ T6554] f2fs_write_end_io+0x768/0xa70 [ 164.388583][ T6554] bio_endio+0x858/0x894 [ 164.388589][ T6554] submit_bio_noacct+0xd64/0x186c [ 164.388595][ T6554] submit_bio+0x3b4/0x550 [ 164.388601][ T6554] f2fs_submit_write_bio+0x13c/0x324 [ 164.388607][ T6554] __submit_merged_bio+0x254/0x704 [ 164.388612][ T6554] __submit_merged_write_cond+0x23c/0x4ac [ 164.388618][ T6554] f2fs_write_data_pages+0x1d28/0x2634 [ 164.388624][ T6554] do_writepages+0x270/0x468 [ 164.388632][ T6554] filemap_fdatawrite+0x14c/0x1f4 [ 164.388636][ T6554] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 164.388641][ T6554] f2fs_write_checkpoint+0x70c/0x1c30 [ 164.388646][ T6554] kill_f2fs_super+0x228/0x594 [ 164.388652][ T6554] deactivate_locked_super+0xc4/0x12c [ 164.388659][ T6554] deactivate_super+0xe0/0x100 [ 164.388664][ T6554] cleanup_mnt+0x31c/0x3ac [ 164.388670][ T6554] __cleanup_mnt+0x20/0x30 [ 164.388676][ T6554] task_work_run+0x1dc/0x260 [ 164.388683][ T6554] exit_to_user_mode_loop+0xfc/0x178 [ 164.388689][ T6554] el0_svc+0x170/0x254 [ 164.388696][ T6554] el0t_64_sync_handler+0x84/0x12c [ 164.388701][ T6554] el0t_64_sync+0x198/0x19c [ 164.388720][ T6554] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 164.415199][T11943] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 164.930567][T11961] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 165.187496][ T6550] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.262809][T11968] fuse: Unknown parameter 'fd0x0000000000000004' [ 165.292797][T11972] syzkaller0: entered promiscuous mode [ 165.292830][T11972] syzkaller0: entered allmulticast mode [ 166.095408][T11978] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1700'. [ 166.333219][T11980] loop3: detected capacity change from 0 to 40427 [ 166.338008][T11980] F2FS-fs (loop3): Small segment_count (9 < 1 * 24) [ 166.338054][T11980] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 166.350851][T11988] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 166.351168][T11988] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 166.366720][T11980] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 166.372867][T11980] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 166.372904][T11980] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 166.544818][T11996] xt_l2tp: v2 sid > 0xffff: 262144 [ 167.104335][T12001] fuse: Unknown parameter 'fd0x0000000000000004' [ 167.470864][ T6560] syz-executor: attempt to access beyond end of device [ 167.470864][ T6560] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 167.470918][ T6560] CPU: 1 UID: 0 PID: 6560 Comm: syz-executor Not tainted syzkaller #0 PREEMPT [ 167.470931][ T6560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 167.470937][ T6560] Call trace: [ 167.470941][ T6560] show_stack+0x2c/0x3c (C) [ 167.470958][ T6560] __dump_stack+0x30/0x40 [ 167.470966][ T6560] dump_stack_lvl+0xd8/0x12c [ 167.470971][ T6560] dump_stack+0x1c/0x28 [ 167.470976][ T6560] f2fs_handle_critical_error+0x34c/0x4b8 [ 167.470984][ T6560] f2fs_stop_checkpoint+0x5c/0x70 [ 167.470989][ T6560] f2fs_write_end_io+0x768/0xa70 [ 167.470996][ T6560] bio_endio+0x858/0x894 [ 167.471001][ T6560] submit_bio_noacct+0xd64/0x186c [ 167.471008][ T6560] submit_bio+0x3b4/0x550 [ 167.471014][ T6560] f2fs_submit_write_bio+0x13c/0x324 [ 167.471019][ T6560] __submit_merged_bio+0x254/0x704 [ 167.471025][ T6560] __submit_merged_write_cond+0x23c/0x4ac [ 167.471031][ T6560] f2fs_write_data_pages+0x1d28/0x2634 [ 167.471037][ T6560] do_writepages+0x270/0x468 [ 167.471045][ T6560] filemap_fdatawrite+0x14c/0x1f4 [ 167.471050][ T6560] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 167.471055][ T6560] f2fs_write_checkpoint+0x70c/0x1c30 [ 167.471060][ T6560] kill_f2fs_super+0x228/0x594 [ 167.471066][ T6560] deactivate_locked_super+0xc4/0x12c [ 167.471073][ T6560] deactivate_super+0xe0/0x100 [ 167.471079][ T6560] cleanup_mnt+0x31c/0x3ac [ 167.471085][ T6560] __cleanup_mnt+0x20/0x30 [ 167.471091][ T6560] task_work_run+0x1dc/0x260 [ 167.471098][ T6560] exit_to_user_mode_loop+0xfc/0x178 [ 167.471105][ T6560] el0_svc+0x170/0x254 [ 167.471112][ T6560] el0t_64_sync_handler+0x84/0x12c [ 167.471117][ T6560] el0t_64_sync+0x198/0x19c [ 167.471137][ T6560] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 168.050981][T12028] fuse: Unknown parameter 'fd0x0000000000000004' [ 168.386435][ T3977] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 168.447769][T12044] loop5: detected capacity change from 0 to 2048 [ 168.453818][T12044] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 168.459655][T12044] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 168.546818][ T3977] usb 1-1: Using ep0 maxpacket: 8 [ 168.549480][ T3977] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 168.549510][ T3977] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 168.549525][ T3977] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 168.549539][ T3977] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 168.549559][ T3977] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 168.549571][ T3977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.568469][ T3977] usbtmc 1-1:16.0: bulk endpoints not found [ 168.780498][ T6563] usb 1-1: USB disconnect, device number 13 [ 169.124859][T12056] syzkaller0: entered promiscuous mode [ 169.126160][T12056] syzkaller0: entered allmulticast mode [ 169.201706][T12059] binder: 12053:12059 got transaction to context manager from process owning it [ 169.201835][T12059] binder: 12053:12059 transaction call to 12053:0 failed 16/29201/-22, code 0 size 72-24 line 3223 [ 169.776382][T12064] loop5: detected capacity change from 0 to 1024 [ 169.778432][T12064] EXT4-fs: Ignoring removed bh option [ 169.778459][T12064] EXT4-fs: inline encryption not supported [ 169.782468][T12062] loop0: detected capacity change from 0 to 40427 [ 169.789713][T12064] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 169.790671][T12064] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 169.794758][T12064] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 2: comm syz.5.1731: lblock 2 mapped to illegal pblock 2 (length 1) [ 169.794972][T12064] Quota error (device loop5): qtree_write_dquot: dquota write failed [ 169.795001][T12064] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 48: comm syz.5.1731: lblock 0 mapped to illegal pblock 48 (length 1) [ 169.795167][T12064] Quota error (device loop5): v2_write_file_info: Can't write info structure [ 169.795179][T12064] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.1731: Failed to acquire dquot type 0 [ 169.795297][T12064] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 169.795369][T12064] EXT4-fs error (device loop5): ext4_evict_inode:254: inode #11: comm syz.5.1731: mark_inode_dirty error [ 169.795426][T12064] EXT4-fs warning (device loop5): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 169.795459][T12064] EXT4-fs (loop5): 1 orphan inode deleted [ 169.795921][T12064] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 169.832097][ T5558] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:8: lblock 1 mapped to illegal pblock 1 (length 1) [ 169.835880][ T5558] Quota error (device loop5): remove_tree: Can't read quota data block 1 [ 169.835917][ T5558] EXT4-fs error (device loop5): ext4_release_dquot:6981: comm kworker/u8:8: Failed to release dquot type 0 [ 169.886844][ T1856] binder: undelivered TRANSACTION_ERROR: 29201 [ 169.910142][ T8341] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.911229][T12062] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 169.911436][ T8341] EXT4-fs error (device loop5): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 169.913283][ T8341] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 169.913393][ T8341] EXT4-fs error (device loop5): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error [ 169.915057][T12062] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 169.988673][T12075] nvme_fabrics: missing parameter 'transport=%s' [ 169.990716][T12075] nvme_fabrics: missing parameter 'nqn=%s' [ 171.309205][ T9] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 171.343652][T12111] syzkaller0: entered promiscuous mode [ 171.343684][T12111] syzkaller0: entered allmulticast mode [ 171.457590][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 171.488886][ T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 171.488930][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 171.488963][ T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 171.488978][ T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 171.488999][ T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 171.489014][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.495657][ T9] usbtmc 1-1:16.0: bulk endpoints not found [ 171.523136][T12114] loop5: detected capacity change from 0 to 40427 [ 171.547502][T12114] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 171.549430][T12114] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 171.596916][T12122] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1748'. [ 171.987055][ T6563] usb 1-1: USB disconnect, device number 14 [ 172.009095][T12127] devtmpfs: Bad value for 'nr_inodes' [ 172.043012][T12129] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1751'. [ 172.879372][T12151] syzkaller0: entered promiscuous mode [ 172.879402][T12151] syzkaller0: entered allmulticast mode [ 172.978342][T12160] netlink: 148 bytes leftover after parsing attributes in process `syz.5.1763'. [ 173.824054][T12183] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 173.827617][T12183] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 175.590150][T12211] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 175.653240][T12221] loop3: detected capacity change from 0 to 1024 [ 175.654905][T12221] EXT4-fs: Ignoring removed bh option [ 175.656315][T12221] EXT4-fs: inline encryption not supported [ 175.659673][T12221] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 175.666089][T12221] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 175.845115][T12221] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 2: comm syz.3.1785: lblock 2 mapped to illegal pblock 2 (length 1) [ 175.848888][T12221] Quota error (device loop3): qtree_write_dquot: dquota write failed [ 175.848944][T12221] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 48: comm syz.3.1785: lblock 0 mapped to illegal pblock 48 (length 1) [ 175.853120][T12221] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 175.853160][T12221] EXT4-fs error (device loop3): ext4_acquire_dquot:6945: comm syz.3.1785: Failed to acquire dquot type 0 [ 175.856520][T12221] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 175.858227][T12221] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.1785: mark_inode_dirty error [ 175.860475][T12221] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 175.860545][T12221] EXT4-fs (loop3): 1 orphan inode deleted [ 175.861037][T12221] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 175.871455][ T42] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:3: lblock 1 mapped to illegal pblock 1 (length 1) [ 175.874867][ T42] Quota error (device loop3): remove_tree: Can't read quota data block 1 [ 175.874905][ T42] EXT4-fs error (device loop3): ext4_release_dquot:6981: comm kworker/u8:3: Failed to release dquot type 0 [ 175.935698][T12239] netlink: 508 bytes leftover after parsing attributes in process `syz.2.1790'. [ 176.024436][T12243] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 176.026701][T12243] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 176.033736][ T6560] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.035805][ T6560] EXT4-fs error (device loop3): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 176.038584][ T6560] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 176.040311][ T6560] EXT4-fs error (device loop3): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error [ 176.363648][T12251] loop3: detected capacity change from 0 to 2048 [ 176.375707][T12251] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 176.378709][T12251] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 176.652573][T12272] loop5: detected capacity change from 0 to 1024 [ 176.668061][T12272] EXT4-fs: Ignoring removed bh option [ 176.669461][T12272] EXT4-fs: inline encryption not supported [ 176.671873][T12272] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 176.675500][T12272] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 176.678869][T12272] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 2: comm syz.5.1802: lblock 2 mapped to illegal pblock 2 (length 1) [ 176.681385][T12272] Quota error (device loop5): qtree_write_dquot: dquota write failed [ 176.682254][T12272] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 48: comm syz.5.1802: lblock 0 mapped to illegal pblock 48 (length 1) [ 176.685166][T12272] Quota error (device loop5): v2_write_file_info: Can't write info structure [ 176.685214][T12272] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.1802: Failed to acquire dquot type 0 [ 176.688783][T12272] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 176.690608][T12272] EXT4-fs error (device loop5): ext4_evict_inode:254: inode #11: comm syz.5.1802: mark_inode_dirty error [ 176.692697][T12272] EXT4-fs warning (device loop5): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 176.692753][T12272] EXT4-fs (loop5): 1 orphan inode deleted [ 176.694739][T12272] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.709151][T10758] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:22: lblock 1 mapped to illegal pblock 1 (length 1) [ 176.711827][T10758] Quota error (device loop5): remove_tree: Can't read quota data block 1 [ 176.711872][T10758] EXT4-fs error (device loop5): ext4_release_dquot:6981: comm kworker/u8:22: Failed to release dquot type 0 [ 176.809473][ T8341] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.813300][ T8341] EXT4-fs error (device loop5): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 176.817152][ T8341] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 176.820703][ T8341] EXT4-fs error (device loop5): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error [ 176.865005][T12275] syzkaller0: entered promiscuous mode [ 176.865045][T12275] syzkaller0: entered allmulticast mode [ 177.465028][T12297] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 177.840394][T12302] loop5: detected capacity change from 0 to 1024 [ 177.840759][T12302] EXT4-fs: Ignoring removed bh option [ 177.840790][T12302] EXT4-fs: inline encryption not supported [ 177.849821][T12302] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 177.855843][T12302] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 177.860648][T12302] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 2: comm syz.5.1813: lblock 2 mapped to illegal pblock 2 (length 1) [ 177.863253][T12302] Quota error (device loop5): qtree_write_dquot: dquota write failed [ 177.863315][T12302] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 48: comm syz.5.1813: lblock 0 mapped to illegal pblock 48 (length 1) [ 177.867469][T12302] Quota error (device loop5): v2_write_file_info: Can't write info structure [ 177.867967][T12302] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.1813: Failed to acquire dquot type 0 [ 177.873709][T12302] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 177.875868][T12302] EXT4-fs error (device loop5): ext4_evict_inode:254: inode #11: comm syz.5.1813: mark_inode_dirty error [ 177.878662][T12302] EXT4-fs warning (device loop5): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 177.878760][T12302] EXT4-fs (loop5): 1 orphan inode deleted [ 177.882222][T12302] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.888034][ T6746] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:9: lblock 1 mapped to illegal pblock 1 (length 1) [ 177.890661][ T6746] Quota error (device loop5): remove_tree: Can't read quota data block 1 [ 177.890694][ T6746] EXT4-fs error (device loop5): ext4_release_dquot:6981: comm kworker/u8:9: Failed to release dquot type 0 [ 177.989026][ T8341] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.991212][ T8341] EXT4-fs error (device loop5): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 177.995516][ T8341] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 177.998532][ T8341] EXT4-fs error (device loop5): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error [ 178.050231][T12309] loop2: detected capacity change from 0 to 7 [ 178.051590][T12309] Dev loop2: unable to read RDB block 7 [ 178.051625][T12309] loop2: AHDI p1 p2 p3 [ 178.051633][T12309] loop2: partition table partially beyond EOD, truncated [ 178.051703][T12309] loop2: p1 start 1601398130 is beyond EOD, truncated [ 178.051711][T12309] loop2: p2 start 1702059890 is beyond EOD, truncated [ 178.082611][T12315] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1818'. [ 178.085930][T12315] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.086267][T12315] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.534392][T12325] loop3: detected capacity change from 0 to 40427 [ 178.537309][T12325] F2FS-fs (loop3): Small segment_count (9 < 1 * 24) [ 178.537352][T12325] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 178.777981][T12325] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 178.784090][T12325] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 178.786195][T12325] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 178.981869][T12344] xt_l2tp: v2 sid > 0xffff: 262144 [ 179.269021][T12349] syzkaller0: entered promiscuous mode [ 179.269058][T12349] syzkaller0: entered allmulticast mode [ 179.473302][T12360] loop0: detected capacity change from 0 to 1024 [ 179.693547][ T6560] syz-executor: attempt to access beyond end of device [ 179.693547][ T6560] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 179.693990][ T6560] CPU: 0 UID: 0 PID: 6560 Comm: syz-executor Not tainted syzkaller #0 PREEMPT [ 179.694000][ T6560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 179.694005][ T6560] Call trace: [ 179.694007][ T6560] show_stack+0x2c/0x3c (C) [ 179.694021][ T6560] __dump_stack+0x30/0x40 [ 179.694027][ T6560] dump_stack_lvl+0xd8/0x12c [ 179.694031][ T6560] dump_stack+0x1c/0x28 [ 179.694036][ T6560] f2fs_handle_critical_error+0x34c/0x4b8 [ 179.694044][ T6560] f2fs_stop_checkpoint+0x5c/0x70 [ 179.694049][ T6560] f2fs_write_end_io+0x768/0xa70 [ 179.694055][ T6560] bio_endio+0x858/0x894 [ 179.694061][ T6560] submit_bio_noacct+0xd64/0x186c [ 179.694067][ T6560] submit_bio+0x3b4/0x550 [ 179.694073][ T6560] f2fs_submit_write_bio+0x13c/0x324 [ 179.694079][ T6560] __submit_merged_bio+0x254/0x704 [ 179.694085][ T6560] __submit_merged_write_cond+0x23c/0x4ac [ 179.694091][ T6560] f2fs_write_data_pages+0x1d28/0x2634 [ 179.694097][ T6560] do_writepages+0x270/0x468 [ 179.694110][ T6560] filemap_fdatawrite+0x14c/0x1f4 [ 179.694115][ T6560] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 179.694121][ T6560] f2fs_write_checkpoint+0x70c/0x1c30 [ 179.694126][ T6560] kill_f2fs_super+0x228/0x594 [ 179.694132][ T6560] deactivate_locked_super+0xc4/0x12c [ 179.694146][ T6560] deactivate_super+0xe0/0x100 [ 179.694152][ T6560] cleanup_mnt+0x31c/0x3ac [ 179.694159][ T6560] __cleanup_mnt+0x20/0x30 [ 179.694165][ T6560] task_work_run+0x1dc/0x260 [ 179.694172][ T6560] exit_to_user_mode_loop+0xfc/0x178 [ 179.694179][ T6560] el0_svc+0x170/0x254 [ 179.694186][ T6560] el0t_64_sync_handler+0x84/0x12c [ 179.694192][ T6560] el0t_64_sync+0x198/0x19c [ 179.694283][ T6560] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 180.118230][T12366] syzkaller0: entered promiscuous mode [ 180.118263][T12366] syzkaller0: entered allmulticast mode [ 180.203109][ T6746] hfsplus: b-tree write err: -5, ino 4 [ 180.290078][T12399] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 180.291957][T12399] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 180.351407][T12407] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 180.354542][T12407] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 180.790430][T12411] syzkaller0: entered promiscuous mode [ 180.791542][T12411] syzkaller0: entered allmulticast mode [ 181.183314][T12423] vhci_hcd: invalid port number 96 [ 181.183376][T12423] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 182.242974][T12452] tipc: Enabled bearer , priority 0 [ 182.244673][T12452] syzkaller0: entered promiscuous mode [ 182.245727][T12452] syzkaller0: entered allmulticast mode [ 182.250832][T12452] tipc: Resetting bearer [ 182.252092][T12451] tipc: Resetting bearer [ 182.256646][T12451] tipc: Disabling bearer [ 182.892900][T12474] syzkaller0: entered promiscuous mode [ 182.892934][T12474] syzkaller0: entered allmulticast mode [ 183.559973][T12499] tipc: Enabled bearer , priority 0 [ 183.560202][T12500] syzkaller0: entered promiscuous mode [ 183.560214][T12500] syzkaller0: entered allmulticast mode [ 183.588485][T12492] tipc: Resetting bearer [ 183.590657][T12490] tipc: Resetting bearer [ 183.597459][T12490] tipc: Disabling bearer [ 183.662699][ T31] audit: type=1326 audit(2487.613:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12511 comm="syz.2.1880" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 183.666828][ T31] audit: type=1326 audit(2487.613:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12511 comm="syz.2.1880" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 183.671724][ T31] audit: type=1326 audit(2487.623:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12511 comm="syz.2.1880" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=148 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 183.675515][ T31] audit: type=1326 audit(2487.623:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12511 comm="syz.2.1880" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 183.675549][ T31] audit: type=1326 audit(2487.623:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12511 comm="syz.2.1880" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 183.683388][T12512] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1880'. [ 183.685019][ T31] audit: type=1326 audit(2487.633:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12511 comm="syz.2.1880" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=211 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 183.953980][ T9] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 183.960845][ T31] audit: type=1326 audit(2487.903:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12511 comm="syz.2.1880" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 183.960894][ T31] audit: type=1326 audit(2487.903:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12511 comm="syz.2.1880" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 184.089904][T12522] loop3: detected capacity change from 0 to 1024 [ 184.098962][T12522] EXT4-fs: Ignoring removed bh option [ 184.099009][T12522] EXT4-fs: inline encryption not supported [ 184.108747][T12522] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 184.116245][T12522] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 184.118712][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 184.121909][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 184.121946][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 184.121965][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 184.121984][ T9] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 184.121996][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.132671][ T9] usb 1-1: config 0 descriptor?? [ 184.138400][T12522] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 2: comm syz.3.1882: lblock 2 mapped to illegal pblock 2 (length 1) [ 184.141971][T12522] Quota error (device loop3): qtree_write_dquot: dquota write failed [ 184.143652][T12522] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 48: comm syz.3.1882: lblock 0 mapped to illegal pblock 48 (length 1) [ 184.146379][T12522] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 184.146414][T12522] EXT4-fs error (device loop3): ext4_acquire_dquot:6945: comm syz.3.1882: Failed to acquire dquot type 0 [ 184.148417][T12522] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 184.156242][T12522] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.1882: mark_inode_dirty error [ 184.158597][T12522] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 184.158716][T12522] EXT4-fs (loop3): 1 orphan inode deleted [ 184.159203][T12522] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 184.221536][ T5558] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:8: lblock 1 mapped to illegal pblock 1 (length 1) [ 184.227094][ T5558] EXT4-fs error (device loop3): ext4_release_dquot:6981: comm kworker/u8:8: Failed to release dquot type 0 [ 184.255815][ T6560] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.256103][ T6560] EXT4-fs error (device loop3): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 184.256194][ T6560] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 184.256258][ T6560] EXT4-fs error (device loop3): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error [ 184.351864][ T6561] Bluetooth: hci4: command 0x0406 tx timeout [ 184.569184][ T9] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0005/input/input10 [ 184.631476][T12546] syzkaller0: entered promiscuous mode [ 184.632735][T12546] syzkaller0: entered allmulticast mode [ 184.822553][ T9] microsoft 0003:045E:07DA.0005: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 184.833292][ T9] usb 1-1: USB disconnect, device number 15 [ 184.867340][T12551] fido_id[12551]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 184.947649][T12557] loop2: detected capacity change from 0 to 2048 [ 184.965474][T12557] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 184.966049][T12557] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 186.804914][T12613] tipc: Enabled bearer , priority 0 [ 186.815220][T12613] tipc: Resetting bearer [ 186.819958][T12612] tipc: Disabling bearer [ 186.841797][T12615] syzkaller0: entered promiscuous mode [ 186.843145][T12615] syzkaller0: entered allmulticast mode [ 187.391006][ T2453] ieee802154 phy1 wpan1: encryption failed: -22 [ 187.480041][T12629] loop0: detected capacity change from 0 to 1024 [ 187.986095][T12648] syzkaller0: entered promiscuous mode [ 187.986138][T12648] syzkaller0: entered allmulticast mode [ 188.182399][ T6746] hfsplus: b-tree write err: -5, ino 4 [ 188.469653][ T1856] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 188.621622][ T1856] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 188.621660][ T1856] usb 1-1: can't read configurations, error -61 [ 188.749378][ T1856] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 188.901494][ T1856] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 188.901530][ T1856] usb 1-1: can't read configurations, error -61 [ 188.901666][ T1856] usb usb1-port1: attempt power cycle [ 189.100163][T12656] tipc: Enabling of bearer rejected, failed to enable media [ 189.183260][T12683] syzkaller0: entered promiscuous mode [ 189.188246][T12683] syzkaller0: entered allmulticast mode [ 189.239385][ T1856] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 189.274982][ T1856] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 189.275016][ T1856] usb 1-1: can't read configurations, error -61 [ 189.639078][ T1856] usb 1-1: new full-speed USB device number 19 using dummy_hcd [ 189.663543][ T1856] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 189.663573][ T1856] usb 1-1: can't read configurations, error -61 [ 189.666186][ T1856] usb usb1-port1: unable to enumerate USB device [ 190.316057][T12719] tipc: Enabled bearer , priority 0 [ 190.317872][T12719] tipc: Resetting bearer [ 190.317927][T12717] virt_wifi0 speed is unknown, defaulting to 1000 [ 190.317967][T12717] virt_wifi0 speed is unknown, defaulting to 1000 [ 190.328060][T12718] tipc: Disabling bearer [ 190.332202][T12717] virt_wifi0 speed is unknown, defaulting to 1000 [ 190.334594][T12717] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 190.337952][T12717] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 190.348188][T12717] virt_wifi0 speed is unknown, defaulting to 1000 [ 190.348669][T12717] virt_wifi0 speed is unknown, defaulting to 1000 [ 190.351577][T12717] virt_wifi0 speed is unknown, defaulting to 1000 [ 190.351910][T12717] virt_wifi0 speed is unknown, defaulting to 1000 [ 190.352230][T12717] virt_wifi0 speed is unknown, defaulting to 1000 [ 190.921196][T12748] loop5: detected capacity change from 0 to 1024 [ 191.349312][T12752] binder: 12751:12752 tried to acquire reference to desc 0, got 1 instead [ 191.349410][T12752] binder: 12751:12752 got transaction with unaligned buffers size, 31 [ 191.349532][T12752] binder: 12751:12752 transaction async to 12751:0 failed 21/29201/-22, code 0 size 0-0 line 3445 [ 191.354563][ T11] binder: undelivered TRANSACTION_ERROR: 29201 [ 191.392428][T12757] loop3: detected capacity change from 0 to 1024 [ 191.392779][T12757] EXT4-fs: Ignoring removed bh option [ 191.392796][T12757] EXT4-fs: inline encryption not supported [ 191.403829][T12757] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 191.406607][T12757] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 191.411797][T12757] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 2: comm syz.3.1955: lblock 2 mapped to illegal pblock 2 (length 1) [ 191.414400][T12757] __quota_error: 2 callbacks suppressed [ 191.414443][T12757] Quota error (device loop3): qtree_write_dquot: dquota write failed [ 191.414484][T12757] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 48: comm syz.3.1955: lblock 0 mapped to illegal pblock 48 (length 1) [ 191.420442][T12757] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 191.420476][T12757] EXT4-fs error (device loop3): ext4_acquire_dquot:6945: comm syz.3.1955: Failed to acquire dquot type 0 [ 191.425776][T12757] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 191.428098][T12757] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.1955: mark_inode_dirty error [ 191.431438][T12757] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 191.431541][T12757] EXT4-fs (loop3): 1 orphan inode deleted [ 191.432045][T12757] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.443217][T10758] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:22: lblock 1 mapped to illegal pblock 1 (length 1) [ 191.446064][T10758] Quota error (device loop3): remove_tree: Can't read quota data block 1 [ 191.446108][T10758] EXT4-fs error (device loop3): ext4_release_dquot:6981: comm kworker/u8:22: Failed to release dquot type 0 [ 191.543202][ T6560] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.548624][ T6560] EXT4-fs error (device loop3): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 191.551156][ T6560] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 191.552985][ T6560] EXT4-fs error (device loop3): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error [ 191.614214][T10758] hfsplus: b-tree write err: -5, ino 4 [ 191.647069][ T6565] Bluetooth: hci0: link tx timeout [ 191.647232][ T6565] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 192.571548][T12790] Driver unsupported XDP return value 0 on prog (id 144) dev N/A, expect packet loss! [ 192.732536][T12798] futex_wake_op: syz.3.1972 tries to shift op by 32; fix this program [ 192.789635][T12803] tipc: Enabled bearer , priority 0 [ 192.792754][T12804] netlink: 332 bytes leftover after parsing attributes in process `syz.3.1972'. [ 192.792813][T12804] netlink: 'syz.3.1972': attribute type 9 has an invalid length. [ 192.792822][T12804] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1972'. [ 192.792831][T12804] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1972'. [ 192.799795][T12803] syzkaller0: entered promiscuous mode [ 192.799828][T12803] syzkaller0: entered allmulticast mode [ 192.813872][T12804] netlink: 'syz.3.1972': attribute type 4 has an invalid length. [ 192.820723][T12802] tipc: Resetting bearer [ 192.826623][T12802] tipc: Disabling bearer [ 193.656090][T12820] loop3: detected capacity change from 0 to 1024 [ 193.678427][T12820] EXT4-fs: Ignoring removed bh option [ 193.683041][T12820] EXT4-fs: inline encryption not supported [ 193.684080][T12820] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 193.690164][T12820] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 193.698512][T12820] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 2: comm syz.3.1978: lblock 2 mapped to illegal pblock 2 (length 1) [ 193.701479][T12820] Quota error (device loop3): qtree_write_dquot: dquota write failed [ 193.701520][T12820] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 48: comm syz.3.1978: lblock 0 mapped to illegal pblock 48 (length 1) [ 193.701791][T12820] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 193.701801][T12820] EXT4-fs error (device loop3): ext4_acquire_dquot:6945: comm syz.3.1978: Failed to acquire dquot type 0 [ 193.703206][T12820] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 193.707685][T12820] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.1978: mark_inode_dirty error [ 193.708605][T12820] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 193.708664][T12820] EXT4-fs (loop3): 1 orphan inode deleted [ 193.709227][T12820] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 193.710041][ T6561] Bluetooth: hci0: command 0x0405 tx timeout [ 193.721047][ T6746] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:9: lblock 1 mapped to illegal pblock 1 (length 1) [ 193.723784][ T6746] Quota error (device loop3): remove_tree: Can't read quota data block 1 [ 193.723820][ T6746] EXT4-fs error (device loop3): ext4_release_dquot:6981: comm kworker/u8:9: Failed to release dquot type 0 [ 193.811692][ T6560] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.815431][ T6560] EXT4-fs error (device loop3): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 193.819077][ T6560] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 193.824242][ T6560] EXT4-fs error (device loop3): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error [ 194.063403][T12827] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1979'. [ 194.361393][T12852] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.361564][T12852] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.521964][T12859] loop4: detected capacity change from 0 to 1024 [ 194.524496][T12859] EXT4-fs: Ignoring removed bh option [ 194.526402][T12859] EXT4-fs: inline encryption not supported [ 194.530462][T12859] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 194.534677][T12859] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 194.544070][T12859] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 2: comm syz.4.1989: lblock 2 mapped to illegal pblock 2 (length 1) [ 194.547992][T12859] Quota error (device loop4): qtree_write_dquot: dquota write failed [ 194.558037][T12859] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 48: comm syz.4.1989: lblock 0 mapped to illegal pblock 48 (length 1) [ 194.561699][T12859] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 194.561739][T12859] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.1989: Failed to acquire dquot type 0 [ 194.563446][T12865] tipc: Enabled bearer , priority 0 [ 194.563750][T12865] syzkaller0: entered promiscuous mode [ 194.563760][T12865] syzkaller0: entered allmulticast mode [ 194.566074][T12865] tipc: Resetting bearer [ 194.571753][T12859] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 194.573827][T12859] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.1989: mark_inode_dirty error [ 194.575982][T12859] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 194.576073][T12859] EXT4-fs (loop4): 1 orphan inode deleted [ 194.576553][T12859] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 194.582912][T12864] tipc: Resetting bearer [ 194.590133][ T6746] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:9: lblock 1 mapped to illegal pblock 1 (length 1) [ 194.592895][ T6746] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 194.592926][ T6746] EXT4-fs error (device loop4): ext4_release_dquot:6981: comm kworker/u8:9: Failed to release dquot type 0 [ 194.596584][T12864] tipc: Disabling bearer [ 194.685842][ T6550] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.688151][ T6550] EXT4-fs error (device loop4): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 194.691576][ T6550] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 194.693349][ T6550] EXT4-fs error (device loop4): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error [ 194.788999][T12890] loop2: detected capacity change from 0 to 7 [ 194.790568][T12890] Dev loop2: unable to read RDB block 7 [ 194.790599][T12890] loop2: unable to read partition table [ 194.790741][T12890] loop2: partition table beyond EOD, truncated [ 194.790757][T12890] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 195.398564][T12920] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 195.402184][T12920] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 195.409448][T12920] loop2: detected capacity change from 0 to 7 [ 195.412058][T12920] Dev loop2: unable to read RDB block 7 [ 195.413091][T12920] loop2: unable to read partition table [ 195.415310][T12920] loop2: partition table beyond EOD, truncated [ 195.415348][T12920] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 195.478318][T12926] loop5: detected capacity change from 0 to 1024 [ 195.482864][T12926] EXT4-fs: Ignoring removed bh option [ 195.484931][T12926] EXT4-fs: inline encryption not supported [ 195.486647][T12926] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 195.490922][T12926] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 195.495228][T12926] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 2: comm syz.5.2001: lblock 2 mapped to illegal pblock 2 (length 1) [ 195.499049][T12926] Quota error (device loop5): qtree_write_dquot: dquota write failed [ 195.502069][T12926] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 48: comm syz.5.2001: lblock 0 mapped to illegal pblock 48 (length 1) [ 195.503378][T12926] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.2001: Failed to acquire dquot type 0 [ 195.504375][T12926] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 195.504480][T12926] EXT4-fs error (device loop5): ext4_evict_inode:254: inode #11: comm syz.5.2001: mark_inode_dirty error [ 195.504565][T12926] EXT4-fs warning (device loop5): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 195.504607][T12926] EXT4-fs (loop5): 1 orphan inode deleted [ 195.505049][T12926] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 195.570538][ T42] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:3: lblock 1 mapped to illegal pblock 1 (length 1) [ 195.570776][ T42] EXT4-fs error (device loop5): ext4_release_dquot:6981: comm kworker/u8:3: Failed to release dquot type 0 [ 195.600764][ T8341] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.601028][ T8341] EXT4-fs error (device loop5): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 195.601101][ T8341] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 195.601175][ T8341] EXT4-fs error (device loop5): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error [ 195.676073][T12936] virt_wifi0 speed is unknown, defaulting to 1000 [ 196.350212][T12958] loop2: detected capacity change from 0 to 1024 [ 196.350626][T12958] EXT4-fs: Ignoring removed bh option [ 196.350658][T12958] EXT4-fs: inline encryption not supported [ 196.354924][T12958] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 196.596284][T12958] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 196.679968][T12958] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 2: comm syz.2.2012: lblock 2 mapped to illegal pblock 2 (length 1) [ 196.680189][T12958] __quota_error: 2 callbacks suppressed [ 196.680201][T12958] Quota error (device loop2): qtree_write_dquot: dquota write failed [ 196.680215][T12958] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 48: comm syz.2.2012: lblock 0 mapped to illegal pblock 48 (length 1) [ 196.680624][T12958] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 196.680637][T12958] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.2012: Failed to acquire dquot type 0 [ 196.680841][T12958] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 196.680975][T12958] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.2012: mark_inode_dirty error [ 196.681151][T12958] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 196.681185][T12958] EXT4-fs (loop2): 1 orphan inode deleted [ 196.681715][T12958] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 196.752886][ T6746] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:9: lblock 1 mapped to illegal pblock 1 (length 1) [ 196.753030][ T6746] Quota error (device loop2): remove_tree: Can't read quota data block 1 [ 196.753056][ T6746] EXT4-fs error (device loop2): ext4_release_dquot:6981: comm kworker/u8:9: Failed to release dquot type 0 [ 196.790735][ T6554] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.791335][ T6554] EXT4-fs error (device loop2): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 196.791464][ T6554] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 196.791527][ T6554] EXT4-fs error (device loop2): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error [ 197.825815][T12975] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 198.469293][T13024] 9pnet_virtio: no channels available for device syz [ 200.588557][T13061] loop0: detected capacity change from 0 to 1024 [ 200.590029][T13061] EXT4-fs: Ignoring removed bh option [ 200.595087][T13061] EXT4-fs: inline encryption not supported [ 200.606646][T13061] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 200.612928][T13061] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 200.616526][T13061] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #3: block 2: comm syz.0.2042: lblock 2 mapped to illegal pblock 2 (length 1) [ 200.619083][T13061] Quota error (device loop0): qtree_write_dquot: dquota write failed [ 200.619128][T13061] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #3: block 48: comm syz.0.2042: lblock 0 mapped to illegal pblock 48 (length 1) [ 200.623099][T13061] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 200.623135][T13061] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.2042: Failed to acquire dquot type 0 [ 200.628011][T13061] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 200.635270][T13061] EXT4-fs error (device loop0): ext4_evict_inode:254: inode #11: comm syz.0.2042: mark_inode_dirty error [ 200.642286][T13061] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 200.642364][T13061] EXT4-fs (loop0): 1 orphan inode deleted [ 200.642925][T13061] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.651599][ T6746] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:9: lblock 1 mapped to illegal pblock 1 (length 1) [ 200.654005][ T6746] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 200.654042][ T6746] EXT4-fs error (device loop0): ext4_release_dquot:6981: comm kworker/u8:9: Failed to release dquot type 0 [ 200.683325][T13069] netlink: 'syz.3.2045': attribute type 1 has an invalid length. [ 200.695774][T13069] bond1: entered promiscuous mode [ 200.696776][T13069] bond1: entered allmulticast mode [ 200.724612][T13069] bond1: (slave dummy0): making interface the new active one [ 200.755092][ T6553] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.762098][ T6553] EXT4-fs error (device loop0): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 200.762231][ T6553] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 200.762652][ T6553] EXT4-fs error (device loop0): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error [ 200.772456][T13069] dummy0: entered promiscuous mode [ 200.774244][T13069] dummy0: entered allmulticast mode [ 200.774668][T13069] bond1: (slave dummy0): Enslaving as an active interface with an up link [ 201.098662][T13090] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2051'. [ 201.159456][T13094] wireguard0: entered promiscuous mode [ 201.162751][T13094] wireguard0: entered allmulticast mode [ 201.389778][T13101] loop4: detected capacity change from 0 to 1024 [ 201.390875][T13101] EXT4-fs: Ignoring removed bh option [ 201.390895][T13101] EXT4-fs: inline encryption not supported [ 201.391588][T13101] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 201.396804][T13101] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 201.397678][T13101] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 2: comm syz.4.2056: lblock 2 mapped to illegal pblock 2 (length 1) [ 201.397759][T13101] Quota error (device loop4): qtree_write_dquot: dquota write failed [ 201.397771][T13101] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 48: comm syz.4.2056: lblock 0 mapped to illegal pblock 48 (length 1) [ 201.397843][T13101] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 201.397849][T13101] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.2056: Failed to acquire dquot type 0 [ 201.397935][T13101] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 201.401520][T13101] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.2056: mark_inode_dirty error [ 201.402003][T13101] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 201.402060][T13101] EXT4-fs (loop4): 1 orphan inode deleted [ 201.402537][T13101] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 201.411409][ T6746] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:9: lblock 1 mapped to illegal pblock 1 (length 1) [ 201.439892][ T6746] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 201.439951][ T6746] EXT4-fs error (device loop4): ext4_release_dquot:6981: comm kworker/u8:9: Failed to release dquot type 0 [ 201.494943][ T6550] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.495245][ T6550] EXT4-fs error (device loop4): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 201.495340][ T6550] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 201.495404][ T6550] EXT4-fs error (device loop4): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error [ 201.724275][T13113] netlink: 'syz.0.2060': attribute type 1 has an invalid length. [ 201.731221][T13113] bond1: entered promiscuous mode [ 201.732142][T13113] bond1: entered allmulticast mode [ 202.389403][T13126] tipc: Enabled bearer , priority 0 [ 202.389832][T13126] syzkaller0: entered promiscuous mode [ 202.389843][T13126] syzkaller0: entered allmulticast mode [ 202.403012][T13126] tipc: Resetting bearer [ 202.465892][T13125] tipc: Resetting bearer [ 202.473815][T13125] tipc: Disabling bearer [ 202.911612][T13136] ptrace attach of "./syz-executor exec"[6550] was attempted by ""[13136] [ 203.132993][T13145] netlink: 'syz.0.2071': attribute type 1 has an invalid length. [ 203.152558][T13145] bond2: entered promiscuous mode [ 203.152596][T13145] bond2: entered allmulticast mode [ 203.163996][T13150] loop2: detected capacity change from 0 to 7 [ 203.164325][T13150] Dev loop2: unable to read RDB block 7 [ 203.164355][T13150] loop2: unable to read partition table [ 203.164412][T13150] loop2: partition table beyond EOD, truncated [ 203.164428][T13150] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 203.250938][T13160] tipc: Enabled bearer , priority 0 [ 203.252601][T13160] syzkaller0: entered promiscuous mode [ 203.253707][T13160] syzkaller0: entered allmulticast mode [ 203.257474][T13160] tipc: Resetting bearer [ 203.259732][T13159] tipc: Resetting bearer [ 203.265413][T13159] tipc: Disabling bearer [ 203.544791][T13181] netlink: 'syz.0.2084': attribute type 1 has an invalid length. [ 203.555189][T13181] bond3: entered promiscuous mode [ 203.555222][T13181] bond3: entered allmulticast mode [ 203.579015][T13184] loop2: detected capacity change from 0 to 7 [ 203.582909][T13184] Dev loop2: unable to read RDB block 7 [ 203.582940][T13184] loop2: unable to read partition table [ 203.583017][T13184] loop2: partition table beyond EOD, truncated [ 203.583026][T13184] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 204.056443][T13193] smc: net device bond0 applied user defined pnetid SYZ0 [ 204.058529][T13193] smc: net device bond0 erased user defined pnetid SYZ0 [ 204.443220][T13199] wireguard0: entered promiscuous mode [ 204.443271][T13199] wireguard0: entered allmulticast mode [ 204.539082][T13202] tipc: Enabled bearer , priority 0 [ 204.543049][T13202] syzkaller0: entered promiscuous mode [ 204.543077][T13202] syzkaller0: entered allmulticast mode [ 204.549251][T13202] tipc: Resetting bearer [ 204.561512][T13201] tipc: Resetting bearer [ 204.565755][T13201] tipc: Disabling bearer [ 205.388913][T13260] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2107'. [ 205.468230][T13263] [U] ³•¯1WT`8ºÁÍÇÚH$Ô0©·ÑÃÝ9\ [ 205.662165][T13273] tipc: Enabling of bearer rejected, failed to enable media [ 205.681165][T13261] [U] ;2}U‚˜GVÏÄ¥ËÚ#ÈO9ÏÔÕ¥>-ƒÊß´ÜS…Ý [ 205.782512][T13281] bridge0: port 3(syz_tun) entered blocking state [ 205.782575][T13281] bridge0: port 3(syz_tun) entered disabled state [ 205.782797][T13281] syz_tun: entered allmulticast mode [ 205.783489][T13281] syz_tun: entered promiscuous mode [ 206.264750][T13299] tipc: Enabled bearer , priority 0 [ 206.265372][T13299] syzkaller0: entered promiscuous mode [ 206.265387][T13299] syzkaller0: entered allmulticast mode [ 206.281776][T13299] tipc: Resetting bearer [ 206.285142][T13298] tipc: Resetting bearer [ 206.293166][T13298] tipc: Disabling bearer [ 206.563806][T13313] loop2: detected capacity change from 0 to 7 [ 206.565775][T13313] Dev loop2: unable to read RDB block 7 [ 206.566837][T13313] loop2: unable to read partition table [ 206.568001][T13313] loop2: partition table beyond EOD, truncated [ 206.569166][T13313] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 206.687090][T13318] tipc: Enabled bearer , priority 0 [ 206.689882][T13318] syzkaller0: entered promiscuous mode [ 206.692829][T13318] syzkaller0: entered allmulticast mode [ 206.699950][T13318] tipc: Resetting bearer [ 206.702703][T13316] tipc: Resetting bearer [ 206.970305][T13316] tipc: Disabling bearer [ 207.085085][T13327] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2127'. [ 207.150500][T13333] netlink: 'syz.4.2129': attribute type 1 has an invalid length. [ 207.204013][T13335] tipc: Enabled bearer , priority 0 [ 207.206784][T13335] syzkaller0: entered promiscuous mode [ 207.209929][T13335] syzkaller0: entered allmulticast mode [ 207.229144][T13335] tipc: Resetting bearer [ 207.238174][T13334] tipc: Resetting bearer [ 207.305431][T13334] tipc: Disabling bearer [ 207.576585][T13339] virt_wifi0 speed is unknown, defaulting to 1000 [ 207.703383][T13351] virt_wifi0 speed is unknown, defaulting to 1000 [ 208.224931][T13364] tipc: Enabled bearer , priority 0 [ 208.227652][T13364] syzkaller0: entered promiscuous mode [ 208.229112][T13364] syzkaller0: entered allmulticast mode [ 208.276832][T13364] tipc: Resetting bearer [ 208.284889][T13363] tipc: Resetting bearer [ 208.292192][T13363] tipc: Disabling bearer [ 208.581230][T13372] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2142'. [ 208.591602][T13375] tipc: Enabled bearer , priority 0 [ 208.593270][T13375] syzkaller0: entered promiscuous mode [ 208.594744][T13375] syzkaller0: entered allmulticast mode [ 208.604296][T13375] tipc: Resetting bearer [ 208.610022][T13374] tipc: Resetting bearer [ 208.618231][T13374] tipc: Disabling bearer [ 208.683299][T13378] block nbd4: shutting down sockets [ 208.706900][T13381] Bluetooth: hci0: unsupported parameter 255 [ 208.708087][T13381] Bluetooth: hci0: unsupported parameter 255 [ 208.811747][T13389] bridge1: entered allmulticast mode [ 208.822863][T13389] ªªªªª»: renamed from hsr0 [ 209.487820][T13410] tipc: Enabled bearer , priority 0 [ 209.489860][T13410] syzkaller0: entered promiscuous mode [ 209.491719][T13410] syzkaller0: entered allmulticast mode [ 209.516981][T13410] tipc: Resetting bearer [ 209.527307][T13409] tipc: Resetting bearer [ 209.545468][T13409] tipc: Disabling bearer [ 209.813038][T13432] input: syz1 as /devices/virtual/input/input11 [ 209.883201][T13439] tipc: Enabled bearer , priority 0 [ 209.883483][T13439] syzkaller0: entered promiscuous mode [ 209.883514][T13439] syzkaller0: entered allmulticast mode [ 209.893650][T13439] tipc: Resetting bearer [ 209.896565][T13438] tipc: Resetting bearer [ 209.902481][T13438] tipc: Disabling bearer [ 211.109194][T13477] virt_wifi0 speed is unknown, defaulting to 1000 [ 211.152702][T13479] netlink: 'syz.4.2185': attribute type 21 has an invalid length. [ 211.152763][T13479] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2185'. [ 211.248603][T13488] tipc: Enabled bearer , priority 0 [ 211.251243][T13488] syzkaller0: entered promiscuous mode [ 211.253996][T13488] syzkaller0: entered allmulticast mode [ 211.284691][T13492] loop2: detected capacity change from 0 to 1024 [ 211.285033][T13492] EXT4-fs: Ignoring removed bh option [ 211.285049][T13492] EXT4-fs: inline encryption not supported [ 211.294556][T13488] tipc: Resetting bearer [ 211.301639][T13492] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 211.307142][T13487] tipc: Resetting bearer [ 211.308953][T13492] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 211.322405][T13492] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 2: comm syz.2.2189: lblock 2 mapped to illegal pblock 2 (length 1) [ 211.322577][T13492] Quota error (device loop2): qtree_write_dquot: dquota write failed [ 211.322590][T13492] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 48: comm syz.2.2189: lblock 0 mapped to illegal pblock 48 (length 1) [ 211.322660][T13492] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 211.322667][T13492] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.2189: Failed to acquire dquot type 0 [ 211.322767][T13492] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 211.322835][T13492] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.2189: mark_inode_dirty error [ 211.323214][T13492] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 211.323261][T13492] EXT4-fs (loop2): 1 orphan inode deleted [ 211.323691][T13492] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 211.418122][T13487] tipc: Disabling bearer [ 211.419516][T13494] tipc: Enabling of bearer rejected, failed to enable media [ 211.419650][ T12] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:0: lblock 1 mapped to illegal pblock 1 (length 1) [ 211.420738][ T12] Quota error (device loop2): remove_tree: Can't read quota data block 1 [ 211.420765][ T12] EXT4-fs error (device loop2): ext4_release_dquot:6981: comm kworker/u8:0: Failed to release dquot type 0 [ 211.424660][ T6554] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.425411][ T6554] EXT4-fs error (device loop2): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 211.425513][ T6554] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 211.425687][ T6554] EXT4-fs error (device loop2): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error [ 211.443678][T13494] netlink: 'syz.5.2190': attribute type 39 has an invalid length. [ 211.489719][T13503] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2194'. [ 211.493035][T13503] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 211.495738][T13503] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 211.510218][T13503] batadv0 (unregistering): left allmulticast mode [ 211.782824][T13527] netlink: 'syz.4.2202': attribute type 1 has an invalid length. [ 211.824113][T13528] input: syz1 as /devices/virtual/input/input13 [ 212.124478][T13540] loop2: detected capacity change from 0 to 7 [ 212.126165][T13540] Dev loop2: unable to read RDB block 7 [ 212.127495][T13540] loop2: unable to read partition table [ 212.129883][T13540] loop2: partition table beyond EOD, truncated [ 212.133127][T13540] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 212.661980][T13556] netlink: 88 bytes leftover after parsing attributes in process `syz.0.2214'. [ 212.942612][ T1856] kernel read not supported for file /vga_arbiter (pid: 1856 comm: kworker/0:2) [ 213.562901][T13608] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2227'. [ 213.684603][T13615] input: syz1 as /devices/virtual/input/input14 [ 213.807305][T13622] tipc: Enabled bearer , priority 0 [ 213.808916][T13622] syzkaller0: entered promiscuous mode [ 213.808948][T13622] syzkaller0: entered allmulticast mode [ 213.885816][T13628] tipc: Resetting bearer [ 213.892544][T13619] tipc: Resetting bearer [ 213.933765][T13619] tipc: Disabling bearer [ 214.384829][T13666] netlink: 108 bytes leftover after parsing attributes in process `syz.5.2242'. [ 214.397925][T13668] fuse: Bad value for 'fd' [ 214.498846][T13677] virt_wifi0 speed is unknown, defaulting to 1000 [ 214.499055][T13686] syzkaller0: entered promiscuous mode [ 214.499182][T13686] syzkaller0: entered allmulticast mode [ 215.067903][T13725] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2257'. [ 215.093615][T13728] fuse: Bad value for 'fd' [ 215.207332][T13736] binder: 13735:13736 ioctl c0306201 20000080 returned -14 [ 215.213515][T13736] binder: 13735:13736 tried to acquire reference to desc 0, got 1 instead [ 215.215172][T13736] binder: 13735:13736 got transaction with invalid offset (32, min 0 max 120) or object. [ 215.216762][T13736] binder: 13735:13736 transaction async to 13735:0 failed 26/29201/-22, code 0 size 120-24 line 3505 [ 215.218861][ T6563] binder: undelivered TRANSACTION_ERROR: 29201 [ 215.412079][T13744] syzkaller0: entered promiscuous mode [ 215.413471][T13744] syzkaller0: entered allmulticast mode [ 215.526827][T13754] fuse: Bad value for 'fd' [ 215.788085][T13776] siw: device registration error -23 [ 216.408809][T13787] syz_tun: entered allmulticast mode [ 216.608839][T13801] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2289'. [ 217.353141][T13824] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2294'. [ 218.165505][ T31] audit: type=1326 audit(2522.119:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13845 comm="syz.2.2305" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 218.169283][ T31] audit: type=1326 audit(2522.119:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13845 comm="syz.2.2305" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 218.177071][ T31] audit: type=1326 audit(2522.129:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13845 comm="syz.2.2305" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=107 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 218.178273][ T31] audit: type=1326 audit(2522.129:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13845 comm="syz.2.2305" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 218.184630][ T31] audit: type=1326 audit(2522.129:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13845 comm="syz.2.2305" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 218.188457][ T31] audit: type=1326 audit(2522.139:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13845 comm="syz.2.2305" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=110 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 218.192413][ T31] audit: type=1326 audit(2522.139:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13845 comm="syz.2.2305" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff98dda9d8 code=0x7ffc0000 [ 218.193094][ T31] audit: type=1326 audit(2522.149:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13845 comm="syz.2.2305" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff98dda9d8 code=0x7ffc0000 [ 218.199185][ T31] audit: type=1326 audit(2522.149:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13845 comm="syz.2.2305" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff98dda9d8 code=0x7ffc0000 [ 218.202893][ T31] audit: type=1326 audit(2522.159:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13845 comm="syz.2.2305" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff98dda9d8 code=0x7ffc0000 [ 218.239487][T13849] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 218.651994][T13866] tipc: Enabled bearer , priority 0 [ 218.654275][T13866] syzkaller0: entered promiscuous mode [ 218.654301][T13866] syzkaller0: entered allmulticast mode [ 218.672176][T13866] tipc: Resetting bearer [ 218.676452][T13865] tipc: Resetting bearer [ 218.683192][T13865] tipc: Disabling bearer [ 219.150732][T13880] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 219.429830][T13902] loop4: detected capacity change from 0 to 128 [ 219.450490][T13904] loop4: detected capacity change from 0 to 256 [ 219.457937][T13904] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1cbb3694, utbl_chksum : 0xe619d30d) [ 219.557662][T13912] loop2: detected capacity change from 0 to 1024 [ 219.559397][T13912] EXT4-fs: Ignoring removed bh option [ 219.560809][T13912] EXT4-fs: inline encryption not supported [ 219.576346][T13912] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 219.607355][T13912] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 219.619080][T13912] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 2: comm syz.2.2331: lblock 2 mapped to illegal pblock 2 (length 1) [ 219.622091][T13912] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 48: comm syz.2.2331: lblock 0 mapped to illegal pblock 48 (length 1) [ 219.624946][T13912] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.2331: Failed to acquire dquot type 0 [ 219.626979][T13912] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 219.628820][T13912] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.2331: mark_inode_dirty error [ 219.630727][T13912] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 219.630787][T13912] EXT4-fs (loop2): 1 orphan inode deleted [ 219.631235][T13912] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 219.636715][T13916] syzkaller0: entered promiscuous mode [ 219.636728][T13916] syzkaller0: entered allmulticast mode [ 219.642949][T10758] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:22: lblock 1 mapped to illegal pblock 1 (length 1) [ 219.645419][T10758] EXT4-fs error (device loop2): ext4_release_dquot:6981: comm kworker/u8:22: Failed to release dquot type 0 [ 219.737116][ T6554] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.806340][ T6554] EXT4-fs error (device loop2): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 219.808407][ T6554] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 219.808676][ T6554] EXT4-fs error (device loop2): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error [ 219.956276][T13930] loop0: detected capacity change from 0 to 8192 [ 219.959300][T13930] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 220.520771][T13934] tipc: Enabled bearer , priority 0 [ 220.521025][T13935] syzkaller0: entered promiscuous mode [ 220.521035][T13935] syzkaller0: entered allmulticast mode [ 220.528902][T13942] tipc: Resetting bearer [ 220.544507][T13927] tipc: Resetting bearer [ 220.548380][T13927] tipc: Disabling bearer [ 220.581627][T13955] binder: 13954:13955 ioctl c0306201 0 returned -14 [ 221.092631][T13983] netlink: 'syz.3.2352': attribute type 1 has an invalid length. [ 221.105031][T13984] Bluetooth: hci0: invalid length 0, exp 2 for type 6 [ 221.149906][T13983] 8021q: adding VLAN 0 to HW filter on device bond2 [ 221.331540][T14008] syzkaller0: entered promiscuous mode [ 221.336053][T14008] syzkaller0: entered allmulticast mode [ 222.630356][T14036] Bluetooth: hci0: invalid length 0, exp 2 for type 6 [ 222.638705][T14038] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2364'. [ 223.156068][T14061] bridge0: port 1(veth1_to_bridge) entered blocking state [ 223.156156][T14061] bridge0: port 1(veth1_to_bridge) entered disabled state [ 223.157339][T14061] veth1_to_bridge: entered allmulticast mode [ 223.158985][T14061] veth1_to_bridge: entered promiscuous mode [ 223.300000][T14069] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2374'. [ 224.019607][T14085] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 224.019768][T14085] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 224.021488][T14085] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 224.021645][T14085] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 224.121687][T14085] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 224.124380][T14085] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 224.975755][T14118] netlink: 516 bytes leftover after parsing attributes in process `syz.5.2392'. [ 225.055269][T14125] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2394'. [ 225.586297][T14131] netlink: 112 bytes leftover after parsing attributes in process `syz.4.2397'. [ 225.925848][T14142] netlink: 'syz.5.2402': attribute type 1 has an invalid length. [ 226.037289][T14144] svc: failed to register nfsdv3 RPC service (errno 111). [ 226.040620][T14144] svc: failed to register nfsaclv3 RPC service (errno 111). [ 226.570758][T14164] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2409'. [ 227.632639][ T9] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 227.782664][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 227.785543][ T9] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 227.785579][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 227.788193][ T9] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 227.788214][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.788227][ T9] usb 1-1: Product: syz [ 227.788233][ T9] usb 1-1: Manufacturer: syz [ 227.788240][ T9] usb 1-1: SerialNumber: syz [ 227.882838][ T9] usb 1-1: config 0 descriptor?? [ 227.890698][ T9] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 227.890878][ T9] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 228.529575][T14214] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 228.533844][T14214] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 228.558450][ T9] em28xx 1-1:0.0: chip ID is em2874 [ 229.227439][ T26] usb 1-1: USB disconnect, device number 20 [ 229.232041][ T26] em28xx 1-1:0.0: Disconnecting em28xx [ 229.235326][ T26] em28xx 1-1:0.0: Freeing device [ 229.266565][T14229] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 229.266750][T14229] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 229.303065][T10758] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.303121][T10758] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.303163][T10758] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.303192][T10758] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.755856][T14243] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2437'. [ 229.755892][T14243] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2437'. [ 230.191189][T14258] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2441'. [ 231.121029][T14278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 231.121302][T14278] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 232.102798][T14296] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2454'. [ 232.138275][T14296] block nbd0: not configured, cannot reconfigure [ 232.156714][T14299] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2453'. [ 232.416251][T14297] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 233.269587][T14334] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2465'. [ 233.846442][T14354] syzkaller0: entered promiscuous mode [ 233.846474][T14354] syzkaller0: entered allmulticast mode [ 234.227088][T14352] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2471'. [ 234.338316][T14365] syzkaller0: entered promiscuous mode [ 234.338350][T14365] syzkaller0: entered allmulticast mode [ 234.485687][ T6563] usb 1-1: new full-speed USB device number 21 using dummy_hcd [ 234.752067][T14371] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2477'. [ 234.864878][ T6563] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 234.864908][ T6563] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 235.004035][ T6563] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 235.010322][ T6563] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 235.017751][ T6563] usb 1-1: Product: syz [ 235.025139][ T6563] usb 1-1: Manufacturer: syz [ 235.027294][ T6563] usb 1-1: SerialNumber: syz [ 235.042677][ T6563] usb 1-1: config 0 descriptor?? [ 235.147545][T14377] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 235.147718][T14377] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 235.813794][T14385] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 235.815728][T14385] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 236.764659][T14405] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 236.764828][T14405] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 236.880476][ T6563] usb 1-1: USB disconnect, device number 21 [ 236.956158][T14420] syzkaller0: entered promiscuous mode [ 236.956192][T14420] syzkaller0: entered allmulticast mode [ 237.631368][T14433] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 237.631546][T14433] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 237.841070][T14433] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 237.841248][T14433] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 237.886945][T14438] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2500'. [ 238.132940][T14438] wireguard0: entered promiscuous mode [ 238.132989][T14438] wireguard0: entered allmulticast mode [ 238.432704][ T6607] usb 1-1: new full-speed USB device number 22 using dummy_hcd [ 238.515920][T14463] loop4: detected capacity change from 0 to 1024 [ 238.518061][T14463] EXT4-fs: Ignoring removed bh option [ 238.519065][T14463] EXT4-fs: inline encryption not supported [ 238.523712][T14463] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 238.526402][T14463] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 238.531773][T14463] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 2: comm syz.4.2512: lblock 2 mapped to illegal pblock 2 (length 1) [ 238.532199][T14463] __quota_error: 943 callbacks suppressed [ 238.532214][T14463] Quota error (device loop4): qtree_write_dquot: dquota write failed [ 238.532246][T14463] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 48: comm syz.4.2512: lblock 0 mapped to illegal pblock 48 (length 1) [ 238.532344][T14463] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 238.532351][T14463] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.2512: Failed to acquire dquot type 0 [ 238.532448][T14463] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 238.532518][T14463] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.2512: mark_inode_dirty error [ 238.535260][T14463] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 238.535342][T14463] EXT4-fs (loop4): 1 orphan inode deleted [ 238.535808][T14463] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 238.542743][T10248] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:16: lblock 1 mapped to illegal pblock 1 (length 1) [ 238.552333][T10248] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 238.552375][T10248] EXT4-fs error (device loop4): ext4_release_dquot:6981: comm kworker/u8:16: Failed to release dquot type 0 [ 238.732026][ T6607] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 238.734290][ T6607] usb 1-1: config 0 has no interfaces? [ 238.749718][ T6607] usb 1-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 238.751305][ T6607] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.753138][ T6607] usb 1-1: Product: syz [ 238.753995][ T6607] usb 1-1: Manufacturer: syz [ 238.754957][ T6607] usb 1-1: SerialNumber: syz [ 238.863190][ T6607] usb 1-1: config 0 descriptor?? [ 238.896605][ T6550] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 238.897942][ T6550] EXT4-fs error (device loop4): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 238.898060][ T6550] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 238.898127][ T6550] EXT4-fs error (device loop4): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error [ 238.981343][T14481] wireguard0: entered promiscuous mode [ 238.981390][T14481] wireguard0: entered allmulticast mode [ 239.315641][T14494] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2520'. [ 240.225015][ T6563] usb 1-1: USB disconnect, device number 22 [ 240.845058][ T31] audit: type=1326 audit(2800.793:1109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14541 comm="syz.2.2535" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x0 [ 240.857265][T14543] loop0: detected capacity change from 0 to 1024 [ 241.202474][T14552] virt_wifi0 speed is unknown, defaulting to 1000 [ 241.593219][T14561] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2540'. [ 241.633280][T10068] hfsplus: b-tree write err: -5, ino 4 [ 242.537779][T14592] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 242.637387][T14606] pim6reg: entered allmulticast mode [ 243.553723][T14623] wireguard0: entered promiscuous mode [ 243.553772][T14623] wireguard0: entered allmulticast mode [ 244.804945][T14683] wireguard0: entered promiscuous mode [ 244.804995][T14683] wireguard0: entered allmulticast mode [ 245.111432][T14687] virt_wifi0 speed is unknown, defaulting to 1000 [ 245.130214][T14690] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 245.130390][T14690] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 246.207622][T14742] syzkaller0: entered promiscuous mode [ 246.207656][T14742] syzkaller0: entered allmulticast mode [ 246.324097][T14733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 246.326034][T14733] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 246.350088][T14747] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2600'. [ 247.558234][T14779] loop2: detected capacity change from 0 to 1024 [ 247.851113][T14793] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2614'. [ 247.851466][T14793] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2614'. [ 248.102203][ T42] hfsplus: b-tree write err: -5, ino 4 [ 248.213748][T14808] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 248.216421][T14808] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 248.663141][ T31] audit: type=1326 audit(2808.523:1110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14814 comm="syz.2.2625" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 248.667321][ T31] audit: type=1326 audit(2808.523:1111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14814 comm="syz.2.2625" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 248.673473][ T31] audit: type=1326 audit(2808.533:1112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14814 comm="syz.2.2625" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=40 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 248.679275][ T31] audit: type=1326 audit(2808.533:1113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14814 comm="syz.2.2625" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 248.684820][ T31] audit: type=1326 audit(2808.533:1114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14814 comm="syz.2.2625" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 248.684899][ T31] audit: type=1326 audit(2808.533:1115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14814 comm="syz.2.2625" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=40 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 248.690344][ T31] audit: type=1326 audit(2808.533:1116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14814 comm="syz.2.2625" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 248.690454][ T31] audit: type=1326 audit(2808.533:1117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14814 comm="syz.2.2625" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 248.695732][ T31] audit: type=1326 audit(2808.533:1118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14814 comm="syz.2.2625" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 248.701353][ T31] audit: type=1326 audit(2808.533:1119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14814 comm="syz.2.2625" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000 [ 248.833260][ T2453] ieee802154 phy1 wpan1: encryption failed: -22 [ 249.234007][T14817] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 249.331304][ T6561] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 251.025993][ T9] kernel write not supported for file [eventfd] (pid: 9 comm: kworker/0:0) [ 251.144011][T14902] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 251.144199][T14902] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 251.144788][T14902] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2656'. [ 251.156416][T14902] bond1: (slave dummy0): Releasing active interface [ 251.157713][T14902] dummy0 (unregistering): left promiscuous mode [ 251.159194][T14902] dummy0 (unregistering): left allmulticast mode [ 252.193002][T14929] virt_wifi0 speed is unknown, defaulting to 1000 [ 252.871778][T14948] netlink: 'syz.0.2672': attribute type 1 has an invalid length. [ 252.918749][T14948] bond4: entered promiscuous mode [ 252.920039][T14948] bond4: entered allmulticast mode [ 252.947389][T14948] dummy0: entered promiscuous mode [ 252.948996][T14948] dummy0: entered allmulticast mode [ 252.950763][T14948] bond4: (slave dummy0): Enslaving as an active interface with an up link [ 252.978157][T14950] kernel profiling enabled (shift: 17) [ 253.707816][T14977] fuse: Bad value for 'fd' [ 253.931728][T14994] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 253.935279][T14994] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 254.176625][T15008] loop4: detected capacity change from 0 to 1024 [ 254.442772][ T6563] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 254.596059][ T6563] usb 1-1: Using ep0 maxpacket: 8 [ 254.599351][ T6563] usb 1-1: config index 0 descriptor too short (expected 30, got 18) [ 254.606483][ T6563] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 254.606508][ T6563] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.606517][ T6563] usb 1-1: Product: syz [ 254.606523][ T6563] usb 1-1: Manufacturer: syz [ 254.606530][ T6563] usb 1-1: SerialNumber: syz [ 254.610430][ T6563] usb 1-1: config 0 descriptor?? [ 254.645313][T15025] netlink: 'syz.2.2698': attribute type 1 has an invalid length. [ 254.871550][ T6563] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 254.871587][ T6563] usb 1-1: setting power ON [ 254.874306][ T6563] dvb-usb: bulk message failed: -22 (2/0) [ 254.879002][ T6563] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 254.880940][ T6563] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 254.880980][ T6563] usb 1-1: media controller created [ 254.884104][ T6563] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 254.889745][ T6563] usb 1-1: selecting invalid altsetting 6 [ 254.889785][ T6563] usb 1-1: digital interface selection failed (-22) [ 254.889798][ T6563] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 254.890519][ T6563] usb 1-1: setting power OFF [ 254.890535][ T6563] dvb-usb: bulk message failed: -22 (2/0) [ 254.890543][ T6563] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 254.890549][ T6563] (NULL device *): no alternate interface [ 254.906595][T10758] hfsplus: b-tree write err: -5, ino 4 [ 254.914488][ T6563] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 254.917157][ T6563] usb 1-1: USB disconnect, device number 23 [ 254.924153][ T6561] Bluetooth: hci1: unexpected event for opcode 0x0c03 [ 256.541226][T15080] loop3: detected capacity change from 0 to 1024 [ 257.266617][T10758] hfsplus: b-tree write err: -5, ino 4 [ 257.334623][ T6561] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 257.929753][T15133] virt_wifi0 speed is unknown, defaulting to 1000 [ 258.194311][T15158] loop0: detected capacity change from 0 to 1024 [ 258.603610][T15170] tipc: Enabled bearer , priority 0 [ 258.611940][T15170] tipc: Resetting bearer [ 258.622884][T15169] tipc: Disabling bearer [ 258.925174][T10248] hfsplus: b-tree write err: -5, ino 4 [ 259.096284][T15188] syzkaller0: entered promiscuous mode [ 259.096319][T15188] syzkaller0: entered allmulticast mode [ 261.054946][T15231] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 261.055100][T15231] block device autoloading is deprecated and will be removed. [ 261.117816][T15250] loop3: detected capacity change from 0 to 2048 [ 261.129330][T15250] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 261.135169][T15250] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 261.657244][T15268] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2764'. [ 262.596405][T15299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 262.598298][T15299] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 262.926954][T15304] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 262.956079][T15307] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2777'. [ 263.006207][T15310] block nbd3: NBD_DISCONNECT [ 263.006278][T15310] block nbd3: Disconnected due to user request. [ 263.006285][T15310] block nbd3: shutting down sockets [ 263.780717][T15329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 263.783692][T15329] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 263.787540][T15329] loop2: detected capacity change from 0 to 7 [ 263.795701][T15329] Dev loop2: unable to read RDB block 7 [ 263.795749][T15329] loop2: unable to read partition table [ 263.795814][T15329] loop2: partition table beyond EOD, truncated [ 263.795831][T15329] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 264.798038][T15354] loop5: detected capacity change from 0 to 1024 [ 265.330677][T15358] syzkaller0: entered promiscuous mode [ 265.332160][T15358] syzkaller0: entered allmulticast mode [ 265.748267][ T42] hfsplus: b-tree write err: -5, ino 4 [ 265.867007][T15377] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2799'. [ 265.904907][ T6565] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 265.907912][ T6565] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 265.909637][ T6565] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 265.913740][ T6565] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 265.916367][ T6565] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 265.936119][T15382] virt_wifi0 speed is unknown, defaulting to 1000 [ 265.992265][T15382] chnl_net:caif_netlink_parms(): no params data found [ 266.020409][T15382] bridge0: port 1(bridge_slave_0) entered blocking state [ 266.020496][T15382] bridge0: port 1(bridge_slave_0) entered disabled state [ 266.020594][T15382] bridge_slave_0: entered allmulticast mode [ 266.021611][T15382] bridge_slave_0: entered promiscuous mode [ 266.024420][T15382] bridge0: port 2(bridge_slave_1) entered blocking state [ 266.024476][T15382] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.024551][T15382] bridge_slave_1: entered allmulticast mode [ 266.025096][T15382] bridge_slave_1: entered promiscuous mode [ 266.055280][T15382] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 266.059380][T15382] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 266.071349][T15382] team0: Port device team_slave_0 added [ 266.072393][T15382] team0: Port device team_slave_1 added [ 266.081891][T15382] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 266.081913][T15382] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 266.082842][T15382] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 266.084165][T15382] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 266.084173][T15382] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 266.084187][T15382] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 266.103796][T15382] hsr_slave_0: entered promiscuous mode [ 266.104242][T15382] hsr_slave_1: entered promiscuous mode [ 266.154635][ T6932] syz_tun (unregistering): left allmulticast mode [ 266.446665][T10758] bridge_slave_1: left allmulticast mode [ 266.446700][T10758] bridge_slave_1: left promiscuous mode [ 266.447274][T10758] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.451253][T10758] bridge_slave_0: left allmulticast mode [ 266.453011][T10758] bridge_slave_0: left promiscuous mode [ 266.453282][T10758] bridge0: port 1(bridge_slave_0) entered disabled state [ 266.719506][T15403] loop5: detected capacity change from 0 to 2048 [ 266.736954][T15403] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 266.737530][T15403] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 266.767924][T15406] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2807'. [ 266.873486][T10758] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 266.924671][T10758] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 267.013729][T15412] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2808'. [ 267.177378][T10758] bond0 (unregistering): Released all slaves [ 267.185136][T10758] bond1 (unregistering): (slave batadv1): Releasing active interface [ 267.221424][T10758] bond1 (unregistering): Released all slaves [ 267.282042][T15382] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 267.286441][T15382] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 267.289346][T15382] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 267.292328][T15382] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 267.493681][T10758] tipc: Left network mode [ 267.737310][T15425] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2810'. [ 267.818481][T15382] 8021q: adding VLAN 0 to HW filter on device bond0 [ 267.844021][T15382] 8021q: adding VLAN 0 to HW filter on device team0 [ 268.185802][ T15] bridge0: port 1(bridge_slave_0) entered blocking state [ 268.185843][ T15] bridge0: port 1(bridge_slave_0) entered forwarding state [ 268.190387][ T6561] Bluetooth: hci5: command tx timeout [ 268.245388][T15431] netlink: 112 bytes leftover after parsing attributes in process `syz.5.2812'. [ 268.296937][T10248] bridge0: port 2(bridge_slave_1) entered blocking state [ 268.296986][T10248] bridge0: port 2(bridge_slave_1) entered forwarding state [ 268.589926][T15436] snd_dummy snd_dummy.0: control 2:0:128:syz0:0 is already present [ 268.957584][T15444] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 268.959436][T15444] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 269.030526][T10758] hsr_slave_0: left promiscuous mode [ 269.030796][T10758] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 269.034349][T10758] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 269.172809][T15457] loop0: detected capacity change from 0 to 2048 [ 269.178033][T15457] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 269.180910][T15457] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 269.630018][T10758] team0 (unregistering): Port device team_slave_1 removed [ 269.643688][T10758] team0 (unregistering): Port device team_slave_0 removed [ 269.898981][T15382] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 270.202779][ T6561] Bluetooth: hci5: command tx timeout [ 270.206783][T15382] veth0_vlan: entered promiscuous mode [ 270.234807][T15382] veth1_vlan: entered promiscuous mode [ 270.277208][T15382] veth0_macvtap: entered promiscuous mode [ 270.279768][T15382] veth1_macvtap: entered promiscuous mode [ 270.292341][T15382] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 270.299944][T15382] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 270.324521][T10256] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.324564][T10256] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.324597][T10256] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.324614][T10256] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.418669][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 270.418701][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 270.449044][T10256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 270.449086][T10256] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 270.523364][ T6563] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 270.556825][ T26] IPVS: starting estimator thread 0... [ 270.630417][T15493] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 270.635223][T15493] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 270.730572][T15489] IPVS: using max 45 ests per chain, 108000 per kthread [ 270.862257][ T6563] usb 1-1: Using ep0 maxpacket: 8 [ 270.928667][T15495] netlink: 112 bytes leftover after parsing attributes in process `syz.4.2827'. [ 270.950786][ T6563] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 270.950818][ T6563] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 270.950841][ T6563] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 270.950855][ T6563] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 270.950875][ T6563] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 270.950888][ T6563] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.063732][T15504] tipc: Enabled bearer , priority 0 [ 271.064191][T15504] syzkaller0: entered promiscuous mode [ 271.064206][T15504] syzkaller0: entered allmulticast mode [ 271.073405][T15502] tipc: Resetting bearer [ 271.087996][T15502] tipc: Disabling bearer [ 271.174634][ T6563] usb 1-1: GET_CAPABILITIES returned 0 [ 271.174670][ T6563] usbtmc 1-1:16.0: can't read capabilities [ 271.546024][ T11] usb 1-1: USB disconnect, device number 24 [ 272.493244][ T6561] Bluetooth: hci5: command tx timeout [ 273.055000][T15536] tipc: Enabled bearer , priority 0 [ 273.055332][T15536] syzkaller0: entered promiscuous mode [ 273.055342][T15536] syzkaller0: entered allmulticast mode [ 273.075604][T15537] tipc: Enabled bearer , priority 0 [ 273.078373][T15535] tipc: Resetting bearer [ 273.090198][T15535] tipc: Disabling bearer [ 273.093917][T15537] syzkaller0: entered promiscuous mode [ 273.095037][T15537] syzkaller0: entered allmulticast mode [ 273.104824][T15534] tipc: Resetting bearer [ 273.117758][T15534] tipc: Disabling bearer [ 273.228666][T15546] tipc: Enabled bearer , priority 0 [ 273.235263][T15546] tipc: Resetting bearer [ 273.242319][T15545] tipc: Disabling bearer [ 273.571157][ T31] kauditd_printk_skb: 2 callbacks suppressed [ 273.571456][ T31] audit: type=1326 audit(2833.353:1122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15542 comm="syz.5.2844" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9d35b9e8 code=0x0 [ 273.635055][T15554] netlink: 'syz.0.2847': attribute type 1 has an invalid length. [ 273.680226][T15554] 8021q: adding VLAN 0 to HW filter on device bond5 [ 274.079502][T15564] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2848'. [ 274.208257][T15574] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2855'. [ 274.212456][T15574] bond4: (slave dummy0): Releasing backup interface [ 274.225262][T15574] dummy0: left promiscuous mode [ 274.225346][T15574] dummy0: left allmulticast mode [ 274.239890][T15577] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 274.252162][T15577] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 274.592900][ T6561] Bluetooth: hci5: command tx timeout [ 274.722644][ T6621] usb 1-1: new full-speed USB device number 25 using dummy_hcd [ 275.016952][T15600] 9pnet_fd: Insufficient options for proto=fd [ 275.035196][ T6621] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 275.035238][ T6621] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 275.040054][ T6621] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 275.040094][ T6621] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 275.040104][ T6621] usb 1-1: Product: syz [ 275.040111][ T6621] usb 1-1: Manufacturer: syz [ 275.040119][ T6621] usb 1-1: SerialNumber: syz [ 275.048232][ T6621] usb 1-1: config 0 descriptor?? [ 275.148164][ T6565] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 275.151068][ T6565] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 275.155153][ T6565] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 275.156916][ T6565] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 275.160014][ T6565] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 275.207024][ T6550] syz_tun (unregistering): left allmulticast mode [ 275.207059][ T6550] syz_tun (unregistering): left promiscuous mode [ 275.207087][ T6550] bridge0: port 3(syz_tun) entered disabled state [ 275.789683][T15606] chnl_net:caif_netlink_parms(): no params data found [ 276.162236][T15606] bridge0: port 1(bridge_slave_0) entered blocking state [ 276.166765][T15606] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.166981][T15606] bridge_slave_0: entered allmulticast mode [ 276.167484][T15606] bridge_slave_0: entered promiscuous mode [ 276.187510][T15606] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.187548][T15606] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.187632][T15606] bridge_slave_1: entered allmulticast mode [ 276.190573][T15606] bridge_slave_1: entered promiscuous mode [ 276.215057][T15606] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 276.217451][T15606] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 276.232103][T15606] team0: Port device team_slave_0 added [ 276.317552][T15606] team0: Port device team_slave_1 added [ 276.361083][T15606] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 276.362461][T15606] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 276.367693][T15606] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 276.373015][T15606] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 276.375409][T15606] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 276.380409][T15606] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 276.400290][T15606] hsr_slave_0: entered promiscuous mode [ 276.400843][T15606] hsr_slave_1: entered promiscuous mode [ 276.401122][T15606] debugfs: 'hsr0' already exists in 'hsr' [ 276.401133][T15606] Cannot create hsr debugfs directory [ 276.941461][T15606] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 276.944409][T15606] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 276.947133][T15606] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 276.949633][T15606] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 276.988728][T15606] 8021q: adding VLAN 0 to HW filter on device bond0 [ 276.996474][T15606] 8021q: adding VLAN 0 to HW filter on device team0 [ 277.010408][ T15] bridge0: port 1(bridge_slave_0) entered blocking state [ 277.010452][ T15] bridge0: port 1(bridge_slave_0) entered forwarding state [ 277.015436][ T15] bridge0: port 2(bridge_slave_1) entered blocking state [ 277.015491][ T15] bridge0: port 2(bridge_slave_1) entered forwarding state [ 277.069756][T15660] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2880'. [ 277.069796][T15660] block nbd0: not configured, cannot reconfigure [ 277.111037][T15664] tipc: Started in network mode [ 277.112071][T15664] tipc: Node identity , cluster identity 4711 [ 277.113382][T15664] tipc: Failed to obtain node identity [ 277.114428][T15664] tipc: Enabling of bearer rejected, failed to enable media [ 277.124655][T15664] syzkaller0: entered promiscuous mode [ 277.125690][T15664] syzkaller0: entered allmulticast mode [ 277.137903][T15606] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 277.234342][ T6561] Bluetooth: hci3: command tx timeout [ 277.289942][ T1856] usb 1-1: USB disconnect, device number 25 [ 277.323364][T15675] loop0: detected capacity change from 0 to 2048 [ 277.329129][T15675] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 277.329849][T15675] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 277.448287][T15679] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 277.452148][T15679] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 278.145966][T15606] veth0_vlan: entered promiscuous mode [ 278.193202][T15606] veth1_vlan: entered promiscuous mode [ 278.199763][T15606] veth0_macvtap: entered promiscuous mode [ 278.202225][T15606] veth1_macvtap: entered promiscuous mode [ 278.211035][T15606] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 278.215696][T15606] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 278.218959][T10248] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.219070][T10248] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.219098][T10248] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.219115][T10248] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.364279][T15692] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 278.365478][T15692] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 278.373297][T15692] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 278.374642][T15692] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 278.380729][T15692] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2888'. [ 278.496446][ T6746] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 278.496482][ T6746] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 278.551284][ T6746] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 278.551321][ T6746] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 278.724111][T15702] netlink: 112 bytes leftover after parsing attributes in process `syz.4.2867'. [ 279.312689][ T6561] Bluetooth: hci3: command tx timeout [ 279.551704][T15719] loop0: detected capacity change from 0 to 2048 [ 279.558071][T15719] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 279.561596][T15719] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 280.562647][T15747] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2906'. [ 281.392974][ T6561] Bluetooth: hci3: command tx timeout [ 281.620591][T15803] 9pnet_fd: Insufficient options for proto=fd [ 281.643832][T15805] loop4: detected capacity change from 0 to 2048 [ 281.647066][T15805] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 281.648455][T15805] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 281.650491][T15721] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 282.335724][T15829] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2919'. [ 282.636104][T15833] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2920'. [ 282.990501][T15850] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 282.990665][T15850] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 283.472974][ T6561] Bluetooth: hci3: command tx timeout [ 283.545085][T15858] loop0: detected capacity change from 0 to 2048 [ 283.551364][T15858] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 283.555008][T15858] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 283.574500][T15862] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2933'. [ 284.583604][T15894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 284.585194][T15894] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 285.132359][T15916] loop3: detected capacity change from 0 to 2048 [ 285.137871][T15916] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 285.142450][T15916] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 286.532961][T15956] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2960'. [ 287.242294][T15949] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2961'. [ 287.831766][T15995] tipc: Enabled bearer , priority 0 [ 287.833912][T15995] syzkaller0: entered promiscuous mode [ 287.833931][T15995] syzkaller0: entered allmulticast mode [ 287.867281][T15995] tipc: Resetting bearer [ 287.879944][T15997] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2976'. [ 287.977663][T15994] tipc: Resetting bearer [ 287.992815][T15994] tipc: Disabling bearer [ 288.219070][T16008] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2977'. [ 288.257436][ T26] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 288.259887][ T26] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 288.319053][T16011] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 288.319243][T16011] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 288.482646][ T11] usb 1-1: new full-speed USB device number 26 using dummy_hcd [ 288.634508][ T11] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 288.635793][ T11] usb 1-1: can't read configurations, error -61 [ 288.762617][ T11] usb 1-1: new full-speed USB device number 27 using dummy_hcd [ 288.921938][ T11] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 288.923444][ T11] usb 1-1: can't read configurations, error -61 [ 288.924648][ T11] usb usb1-port1: attempt power cycle [ 289.104796][T16042] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2995'. [ 289.136153][T16044] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 289.136348][T16044] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 289.280237][ T11] usb 1-1: new full-speed USB device number 28 using dummy_hcd [ 289.295174][ T11] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 289.295206][ T11] usb 1-1: can't read configurations, error -61 [ 289.432822][ T11] usb 1-1: new full-speed USB device number 29 using dummy_hcd [ 289.555330][ T11] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 289.555366][ T11] usb 1-1: can't read configurations, error -61 [ 289.556027][ T11] usb usb1-port1: unable to enumerate USB device [ 289.792558][ C0] ------------[ cut here ]------------ [ 289.792592][ C0] ODEBUG: free active (active state 0) object: 000000006c8c4044 object type: timer_list hint: rose_t0timer_expiry+0x0/0x348 [ 289.792752][ C0] WARNING: CPU: 0 PID: 16058 at lib/debugobjects.c:615 debug_check_no_obj_freed+0x390/0x470 [ 289.796921][ C0] Modules linked in: [ 289.797521][ C0] CPU: 0 UID: 0 PID: 16058 Comm: syz.2.3001 Not tainted syzkaller #0 PREEMPT [ 289.798848][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 289.800316][ C0] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 289.801579][ C0] pc : debug_check_no_obj_freed+0x390/0x470 [ 289.802485][ C0] lr : debug_check_no_obj_freed+0x390/0x470 [ 289.803365][ C0] sp : ffff800097927aa0 [ 289.803999][ C0] x29: ffff800097927ae0 x28: ffff0000c881e600 x27: 0000000000000000 [ 289.805168][ C0] x26: ffff80008aed7f20 x25: ffff0000c881e490 x24: ffff800089f7446c [ 289.806389][ C0] x23: ffff0000df015818 x22: ffff0000c881e000 x21: dfff800000000000 [ 289.807498][ C0] x20: 0000000000000000 x19: ffff0000c881e400 x18: 1fffe000337db690 [ 289.808778][ C0] x17: 626f203434303463 x16: ffff800082deb6c0 x15: 0000000000000001 [ 289.810057][ C0] x14: 1ffff00012f24ec8 x13: 0000000000000000 x12: 0000000000000000 [ 289.811296][ C0] x11: ffff700012f24ec9 x10: 0000000000ff0100 x9 : ea9eccc92cea2e00 [ 289.812599][ C0] x8 : ea9eccc92cea2e00 x7 : ffff800080564a40 x6 : 0000000000000000 [ 289.813879][ C0] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807d6130 [ 289.815221][ C0] x2 : 0000000000000002 x1 : 0000000000000102 x0 : 0000000000000000 [ 289.816606][ C0] Call trace: [ 289.817117][ C0] debug_check_no_obj_freed+0x390/0x470 (P) [ 289.818120][ C0] kfree+0x120/0x600 [ 289.818789][ C0] rose_timer_expiry+0x43c/0x5ac [ 289.819592][ C0] call_timer_fn+0x1b4/0x818 [ 289.820287][ C0] __run_timer_base+0x51c/0x76c [ 289.821100][ C0] run_timer_softirq+0xcc/0x194 [ 289.821836][ C0] handle_softirqs+0x328/0xc88 [ 289.822566][ C0] __do_softirq+0x14/0x20 [ 289.823236][ C0] ____do_softirq+0x14/0x20 [ 289.823947][ C0] call_on_irq_stack+0x30/0x48 [ 289.824678][ C0] do_softirq_own_stack+0x20/0x2c [ 289.825499][ C0] __irq_exit_rcu+0x1b0/0x478 [ 289.826208][ C0] irq_exit_rcu+0x14/0x84 [ 289.826915][ C0] el1_interrupt+0x40/0x60 [ 289.827638][ C0] el1h_64_irq_handler+0x18/0x24 [ 289.828423][ C0] el1h_64_irq+0x6c/0x70 [ 289.829123][ C0] finish_lock_switch+0xb4/0x1c0 (P) [ 289.829942][ C0] finish_task_switch+0x120/0x5a4 [ 289.830746][ C0] __schedule+0x13b4/0x2864 [ 289.831422][ C0] preempt_schedule_irq+0x80/0x188 [ 289.832196][ C0] raw_irqentry_exit_cond_resched+0x30/0x44 [ 289.833118][ C0] irqentry_exit+0xd4/0x108 [ 289.833830][ C0] exit_to_kernel_mode+0x10/0x1c [ 289.834570][ C0] el1_interrupt+0x4c/0x60 [ 289.835239][ C0] el1h_64_irq_handler+0x18/0x24 [ 289.835987][ C0] el1h_64_irq+0x6c/0x70 [ 289.836606][ C0] __do_fault+0x260/0x390 (P) [ 289.837321][ C0] handle_mm_fault+0x2abc/0x4d80 [ 289.838066][ C0] __get_user_pages+0x1f4c/0x2d94 [ 289.838885][ C0] populate_vma_page_range+0x258/0x348 [ 289.839782][ C0] __mm_populate+0x208/0x330 [ 289.840496][ C0] vm_mmap_pgoff+0x398/0x45c [ 289.841212][ C0] ksys_mmap_pgoff+0xd0/0x5b8 [ 289.841944][ C0] __arm64_sys_mmap+0xf8/0x110 [ 289.842651][ C0] invoke_syscall+0x98/0x254 [ 289.843315][ C0] el0_svc_common+0x130/0x23c [ 289.844021][ C0] do_el0_svc+0x48/0x58 [ 289.844611][ C0] el0_svc+0x5c/0x254 [ 289.845170][ C0] el0t_64_sync_handler+0x84/0x12c [ 289.845909][ C0] el0t_64_sync+0x198/0x19c [ 289.846673][ C0] irq event stamp: 8679 [ 289.847357][ C0] hardirqs last enabled at (8678): [] irqentry_exit+0xd8/0x108 [ 289.848834][ C0] hardirqs last disabled at (8679): [] el1_brk64+0x20/0x54 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 289.850146][ C0] softirqs last enabled at (5446): [] handle_softirqs+0xaf8/0xc88 [ 289.851569][ C0] softirqs last disabled at (8665): [] __do_softirq+0x14/0x20 [ 289.852932][ C0] ---[ end trace 0000000000000000 ]--- [ 290.465382][T10248] bridge_slave_1: left allmulticast mode [ 290.465417][T10248] bridge_slave_1: left promiscuous mode [ 290.465491][T10248] bridge0: port 2(bridge_slave_1) entered disabled state [ 290.468892][T10248] bridge_slave_0: left allmulticast mode [ 290.468915][T10248] bridge_slave_0: left promiscuous mode [ 290.468986][T10248] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.700979][T10248] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 290.713237][T10248] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 290.753434][T10248] bond0 (unregistering): Released all slaves [ 290.756735][T10248] bond1 (unregistering): Released all slaves [ 290.760065][T10248] bond2 (unregistering): Released all slaves [ 290.763383][T10248] bond3 (unregistering): Released all slaves [ 290.766512][T10248] bond4 (unregistering): Released all slaves [ 290.811344][T10248] bond5 (unregistering): Released all slaves [ 290.871507][T10248] tipc: Left network mode [ 291.210594][T10248] hsr_slave_0: left promiscuous mode [ 291.211891][T10248] hsr_slave_1: left promiscuous mode [ 291.214062][T10248] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 291.215800][T10248] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 291.368505][T10248] team0 (unregistering): Port device team_slave_1 removed [ 291.383562][T10248] team0 (unregistering): Port device team_slave_0 removed