last executing test programs: 4m52.854947412s ago: executing program 1 (id=158): r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r0, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10) 4m52.774400774s ago: executing program 1 (id=160): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r1) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r3) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x4, 0x65, 0xbd, 0x7, 0x3, 0x4}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0xe}, {0xffe0, 0xb}, {0xfff3, 0xfff3}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x4008000) ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 4m50.923877481s ago: executing program 1 (id=164): syz_open_dev$ttys(0xc, 0x2, 0x0) dup(0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$unix(0x1, 0x1, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x10000, &(0x7f0000000000)=ANY=[@ANYBLOB="00cdf0b3373e19744a101e8c91407176ad69f47a10954db9dd96888078f300e4fd5ccd1539e0c9462c274ee70479ae4a05d9a547611852"], 0x1, 0x556, &(0x7f0000000840)="$eJzs3d9v0+YawPHHbSNKzlEPOucMoarAS9mkIpXgJBCUceU5b1JDYke2g9orVNEUVaSAKJPWXsEN26T9E9zuj+B+N/tP0C53yWQ7oWmbxPRnEPp+otZv7MevHzuRHzmJbQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGLYFdPMG1J33NayGs6u+F5jxPRefzf2DEYsV8SI/mR6Wi4loy79f3fyxejfvMwlz+ZkOhpMy86/Ll6497+pid78IxI6E1vbO09XO532y3EnMiY17TqB5zSsmp6UwFPlUsm8tVQNVNWp62AlCHVD2b62Qs9XC/YNlS+Xi0rnVryWW6tYdd0befdmwTRL6n6uqS0/8Nxb93OBveTU645bi2OiyVHM3eiN+MAJVaithlLrG512MS3JKCif6b6xRgUV0noqmIVCPl8o5Et3ynfumubUgRHmPnIgYvxvWozXCe69geOZ6NZ/qYsjrrRkWdTAhy0V8cWTxpDpXb36/90tPXK5/fW/V+Uv7U6elbj+X0meXRlW/4fkcnaPLdmWHXkqq9KRjrTl5dgzOtbjwmG3aE20uOJIIJ440hArHqO6Y5SUpSQlMeWRLElVAlFSFUfqoiWQFQkkFB2/o2zxRYsloXjii5IFseWGKMlLWcpSFCVacrIinrTElZpUxIp7WZeNeLsXR+QYBxmv25JPC4p6KowIov7j+E5+Jw4c0cde/R8uc3bZAAAAAACA02DEn74b8WH+5bhVderaHHdaAAAAAADgBMXf/M9Fg/hr/sticPwPAAAAAMDXxojPsTNEJCtXk1bvTCg+BAAAAAAA4CsRf/9/JRpko9ZVMTj+BwAAAADga/NL6jX2/548Z7z/S3w/Y7xpLn9rbFpRnLU5mcw3ub/HsDprzHQ7iQelqe4zW88Z3atffroI5ofuYD0tD+MEEpDf5FoSc20tGa5FU5KrH0ZLyVadus5lpH4vL5Y1MxHq5fDHZxs/Sbz6v7qNGUPWNzrt3OPnnbU4lzfRrG82uxdQPHAdxRG5vIqvtxCfczFwjTPxiRjJcqe73Zn96z+RjJs4xDLfynwSM59NhtnelGSZ09Ey87lha59N1j5/zDV/K9eTmOsL15PBgCwKaVkU+rPo3xbnTzCLYloWxV4Wmd2X4jCvCACMy3pKFTIOFv4j7OXOprq/lYUkZmE23rFOzQ7Yo5tpe3Szv67MJB1+dnU7NyW/Z/bfA2lIjf34Hz9jZGVvVX0XzfBuaFUN6i+MaBNOvtp8IRe3tndubmyuPmk/aT8rFIol87Zp3ilIJl6N7oDaAwAYIP0eO6kRxu2BR9W7Fe+/n35SkJPH8lw6siaL8dkG8S8OBvaa7fsZwmLKUetubF4WU47qsn03eumL7RXDIbHF/Zvtm+9P4bUAAOCszKfU4c+p/4spx917a/mwo+M/DtTyAQ586AAAAA5P+x+MbPiz4ftO81G+XM5b4ZJWvmc/UL5TqWnluKH27SXLrWnV9L3Qs7161HjoVHSgglaz6fmhqnq+anqBsxzf+V11b/0e6Iblho4dNOvaCrSyPTe07FBVnMBWzdYPdSdY0n48c9DUtlN1bCt0PFcFXqt310HdF+hUtBs6VSdquqrpOw3LX1EPvXqroVVFB7bvNEMv6bC3LMeten4j7jaX9Ph+nNsbAIAvwdb2ztPVTqf98hQb415HAACwF1UaAAAAAAAAAAAAAAAAAAAAAIAvX/f3/zJ9FicCjmycF5EjzP76c4L//HeytodPbOpIc9GgcUYN47R6HveeCcBp+ycAAP//4ctJKA==") quotactl$Q_GETNEXTQUOTA(0xffffffff80000900, &(0x7f0000000280)=@filename='./file0/file1\x00', 0xffffffffffffffff, 0x0) bind$netlink(r3, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065cc}, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 4m48.818190392s ago: executing program 1 (id=170): r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r0, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10) 4m48.41497797s ago: executing program 1 (id=172): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x53, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r2, 0x5b02, 0x0) read$char_usb(r1, 0x0, 0x0) syz_usb_disconnect(r0) r3 = landlock_create_ruleset(&(0x7f0000000000)={0x4090, 0x0, 0x3}, 0x18, 0x0) landlock_restrict_self(r3, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) openat$binfmt(0xffffff9c, 0x0, 0x41, 0x1ff) r4 = socket$xdp(0x2c, 0x3, 0x0) mmap$xdp(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x12, r4, 0x100000) unshare(0x2a020480) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r5 = open_tree(0xffffffffffffff9c, 0x0, 0x1901) move_mount(0xffffffffffffffff, 0x0, r5, 0x0, 0x254) landlock_restrict_self(0xffffffffffffffff, 0x0) open(&(0x7f0000000280)='.\x00', 0x20000, 0x43) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x1, 0x0) mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0xc) 4m44.39463319s ago: executing program 1 (id=184): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioprio_set$pid(0x1, 0x0, 0x4004) r2 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x2, 0x5, 0x7, 0x3, 0x1, {0x400000080001, 0xff, 0x20ff, 0x2000000000008, 0xe, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x2000001}}, {0x0, 0x13}}}, 0xa0) sendfile(r2, r2, &(0x7f0000000080), 0x7ffff000) 4m34.671074682s ago: executing program 4 (id=202): socketpair$unix(0x1, 0x3, 0x0, 0x0) accept(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r2 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r2, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10) connect$llc(r2, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x3, 0x2, 0x10, @local}, 0x10) 4m28.285630528s ago: executing program 32 (id=184): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioprio_set$pid(0x1, 0x0, 0x4004) r2 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x2, 0x5, 0x7, 0x3, 0x1, {0x400000080001, 0xff, 0x20ff, 0x2000000000008, 0xe, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x2000001}}, {0x0, 0x13}}}, 0xa0) sendfile(r2, r2, &(0x7f0000000080), 0x7ffff000) 4m25.813490677s ago: executing program 4 (id=219): openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0xfff7fffffffffff5}, 0x18) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000061199800000000009500000000000000f5b795560c8f2bbf994b17431f51f3af3938ccff9d0ac9e67eb3600f04659741cd3494004d3f176e84f5395b02b59a4ffba9fd62f7abba5defd0e028db03db9a770e6f43a326c1b5fd68115957de4c0d8b"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0xa}, 0x94) 4m23.048771951s ago: executing program 4 (id=222): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0xa031, 0xffffffffffffffff, 0xeb92e000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x3, &(0x7f0000000040)=0x14001, 0x4) 4m13.765103195s ago: executing program 4 (id=239): connect$unix(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) add_key(0x0, &(0x7f00000004c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x40000000, 0x0, 0x0}, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000"], 0xb0) 4m13.140630067s ago: executing program 4 (id=243): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x4, 0x65, 0xbd, 0x7, 0x3, 0x4}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0xe}, {0xffe0, 0xb}, {0xfff3, 0xfff3}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 4m9.239665184s ago: executing program 4 (id=248): bind$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x10, 0x803, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x68, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r3, {0xc, 0xfff1}, {}, {0x2, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x38, 0x2, [@TCA_FLOW_EMATCHES={0x34, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8000}}, @TCA_EMATCH_TREE_LIST={0x28, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x7, 0x7, 0x2}, {{0x0, 0x1, 0x0, 0x1}, {0x0, 0x1, 0x1, 0x1}}}}, @TCF_EM_META={0x10, 0x2, 0x0, 0x0, {{0xfffb, 0x4, 0x2}, [@TCA_EM_META_RVALUE={0x4}]}}]}]}]}}]}, 0x68}}, 0x20040054) 3m54.117729743s ago: executing program 33 (id=248): bind$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x10, 0x803, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x68, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r3, {0xc, 0xfff1}, {}, {0x2, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x38, 0x2, [@TCA_FLOW_EMATCHES={0x34, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8000}}, @TCA_EMATCH_TREE_LIST={0x28, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x7, 0x7, 0x2}, {{0x0, 0x1, 0x0, 0x1}, {0x0, 0x1, 0x1, 0x1}}}}, @TCF_EM_META={0x10, 0x2, 0x0, 0x0, {{0xfffb, 0x4, 0x2}, [@TCA_EM_META_RVALUE={0x4}]}}]}]}]}}]}, 0x68}}, 0x20040054) 44.430751272s ago: executing program 0 (id=705): r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000007794608cd0c39007b90000000010902120001fc0000000904"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000002580)={&(0x7f0000000040)=[{0x1050, 0x1801, 0x0, 0x0}, {0x7, 0x4201, 0x0, 0x0}], 0x2}) 41.320447974s ago: executing program 0 (id=717): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000400)={0x2, 0xe21, @private=0xa010100}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000200)="96bc01010000", 0x6}], 0x1}, 0x4004884) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$video(&(0x7f0000000000), 0x81, 0x0) ioctl$VIDIOC_G_FMT(r4, 0xc0d05605, &(0x7f0000000380)={0xd, @sdr}) mkdir(0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) fchmod(0xffffffffffffffff, 0x134) r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0xd5) r6 = openat$cgroup_ro(r5, &(0x7f0000000040)='cpu.stat\x00', 0x0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000008, 0x11, r6, 0x8000000) 40.047016268s ago: executing program 0 (id=720): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000100)=0x188, 0x4) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) setsockopt$SO_J1939_ERRQUEUE(r1, 0x6b, 0x4, &(0x7f0000000080)=0x1, 0x4) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r2, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) 38.99035643s ago: executing program 0 (id=726): r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, 0x100000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x400, &(0x7f0000000340)=ANY=[@ANYRESHEX, @ANYRES64]) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x18, 0x30, 0x4, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f00000000c0)='illinois\x00', 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) 34.328078951s ago: executing program 0 (id=737): ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'syztnl2\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x4, 0x9, 0x6, 0x8, 0x64, @mcast1, @private0, 0x10, 0x8000, 0x379}}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0xd, 0xb, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f00000001c0)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', r0}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) kcmp(r2, r2, 0x2, r4, r3) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x8000000}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x0) sendmsg$NFT_MSG_GETOBJ(r5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0) close(0xffffffffffffffff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 28.610037825s ago: executing program 0 (id=751): socketpair$unix(0x1, 0x3, 0x0, 0x0) accept(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10) r4 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r4, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10) 12.903809725s ago: executing program 34 (id=751): socketpair$unix(0x1, 0x3, 0x0, 0x0) accept(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10) r4 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r4, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10) 11.290898907s ago: executing program 6 (id=787): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000400)={0x2, 0xe21, @private=0xa010100}, 0x10, &(0x7f00000000c0)=[{0x0}, {&(0x7f0000000200)="96bc01010000", 0x6}], 0x2}, 0x4004884) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$video(&(0x7f0000000000), 0x81, 0x0) ioctl$VIDIOC_G_FMT(r4, 0xc0d05605, &(0x7f0000000380)={0xd, @sdr}) mkdir(0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) fchmod(0xffffffffffffffff, 0x134) r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0xd5) r6 = openat$cgroup_ro(r5, &(0x7f0000000040)='cpu.stat\x00', 0x0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000008, 0x11, r6, 0x8000000) 10.287939307s ago: executing program 3 (id=788): dup(0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d300000000000000800040000000000080012000300000008001100ff070000080010000000020008000f"], 0x54}}, 0x0) 9.836865866s ago: executing program 3 (id=789): sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="050000", @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406f0027f0006a7000c006400000008000d000000000073f68ac399765b7ab289a21d254ebf1c30920188d7e0527bff3115"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce0702000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffffffffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 8.07501201s ago: executing program 6 (id=792): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x1, 0x0, 0xb2, 0xc, 0x8, 0x7f}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0x11}, {0x5, 0xb}, {0xb, 0x4}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4000000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 7.910951213s ago: executing program 3 (id=793): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x34, 0x24, 0x400, 0xc0000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0xffff}, {0xa, 0xffe0}, {0x0, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4, 0x8002}}]}, 0x34}}, 0x20004055) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf5", @ANYRES32=0x0, @ANYBLOB="030000000000000028001280"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 5.790771506s ago: executing program 3 (id=798): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, 0x0, 0x4000) r3 = getpid() sched_setaffinity(r3, 0x0, 0x0) pipe2$9p(0x0, 0x80800) r4 = socket$inet_sctp(0x2, 0x1, 0x84) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='wchan\x00') r6 = socket(0x1e, 0x5, 0x0) connect$tipc(r6, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) recvmmsg(r6, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x3}], 0x1, 0x0, 0x0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) pread64(r5, &(0x7f0000000480)=""/209, 0xd1, 0x2) socket$inet_sctp(0x2, 0x5, 0x84) r8 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) write$binfmt_aout(r8, 0x0, 0x0) setsockopt$IP_VS_SO_SET_DELDEST(r4, 0x0, 0x488, &(0x7f0000000280)={{0x84, @empty, 0x4e20, 0x3, 'lblc\x00', 0x1d, 0x2, 0x2a}, {@loopback, 0x4e23, 0x10000, 0xc24, 0x9, 0xfffffffb}}, 0x44) 5.217814377s ago: executing program 6 (id=800): syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x4000) 4.928833252s ago: executing program 6 (id=801): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000400)={0x2, 0xe21, @private=0xa010100}, 0x10, &(0x7f00000000c0)=[{}, {&(0x7f0000000200)="96bc01010000", 0x6}], 0x2}, 0x4004884) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$video(&(0x7f0000000000), 0x81, 0x0) ioctl$VIDIOC_G_FMT(r4, 0xc0d05605, &(0x7f0000000380)={0xd, @sdr}) mkdir(0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) fchmod(0xffffffffffffffff, 0x134) r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0xd5) r6 = openat$cgroup_ro(r5, &(0x7f0000000040)='cpu.stat\x00', 0x0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000008, 0x11, r6, 0x8000000) 4.04303258s ago: executing program 2 (id=805): setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x4e23, 0x2, @mcast1={0xff, 0x7}, 0x3ff}}, {{0xa, 0x4e21, 0xfffffffd, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) 3.882819543s ago: executing program 2 (id=807): dup(0xffffffffffffffff) r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000580), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d300000000000000800040000000000080012000300000008001100ff070000080010000000020008000f"], 0x54}}, 0x0) 3.617375589s ago: executing program 2 (id=808): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x34, 0x24, 0x400, 0xc0000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0xffff}, {0xa, 0xffe0}, {0x0, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4, 0x8002}}]}, 0x34}}, 0x20004055) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf5", @ANYRES32=0x0, @ANYBLOB="030000000000000028001280"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3.616779618s ago: executing program 5 (id=809): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0x1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0) mlock(&(0x7f0000626000/0x5000)=nil, 0x5000) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) listxattr(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=""/4, 0x4) ioctl$UI_END_FF_UPLOAD(0xffffffffffffffff, 0x406855c9, &(0x7f0000000180)={0x0, 0x1, {0x1, 0x40, 0x10, {0x77, 0xc}, {0x0, 0x100}, @period={0x59, 0xffff, 0x4, 0x23, 0xffff, {0x4, 0x5, 0x2, 0x2}, 0x5, &(0x7f00000000c0)=[0x4, 0x58, 0x1, 0x1800, 0x1]}}, {0x56, 0x3, 0x0, {0x7, 0x40}, {0x6, 0x200}, @const={0x153, {0x4b, 0x8, 0x1400, 0x6}}}}) socket(0x2a, 0x2, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x800) socket(0x2, 0x80805, 0x0) 2.425787382s ago: executing program 5 (id=810): syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x4000) 2.336943304s ago: executing program 2 (id=811): sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="05000000", @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406f0027f0006a7000c006400000008000d000000000073f68ac399765b7ab289a21d254ebf1c"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce0702000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 2.321451684s ago: executing program 5 (id=812): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x1, 0x0, 0xb2, 0xc, 0x8, 0x7f}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0x11}, {0x5, 0xb}, {0xb, 0x4}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4000000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 1.898932762s ago: executing program 2 (id=813): r0 = socket$kcm(0xa, 0x2, 0x0) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x4e24, 0x3, 'rr\x00', 0x25, 0x80005, 0x6f}, 0x2c) setresgid(0xffffffffffffffff, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@private=0xa010101, 0x4e20, 0x10000, 0xf8}}, 0x44) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r4 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r4, 0x0) syz_open_procfs(0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 1.357657053s ago: executing program 5 (id=814): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926", 0x20}], 0x2}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0) 1.063245959s ago: executing program 5 (id=815): syz_open_dev$loop(0x0, 0x4000000000000007, 0x20040) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={0x0}, 0x1, 0x0, 0x0, 0x2004c010}, 0x40080c0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x5) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@gettaction={0x14, 0x32, 0x801, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x880e) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000580)}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 821.135534ms ago: executing program 2 (id=816): sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="050000", @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406f0027f0006a7000c006400000008000d000000000073f68ac399765b7ab289a21d254ebf1c30920188d7e0527bff3115"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce0702000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffffffffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 780.062655ms ago: executing program 3 (id=817): dup(0xffffffffffffffff) r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000580), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d300000000000000800040000000000080012000300000008001100ff070000080010000000020008000f"], 0x54}}, 0x0) 679.094636ms ago: executing program 6 (id=818): r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0xe, 0x101301) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, 0x0) ioctl$USBDEVFS_IOCTL(r0, 0x80045505, 0x0) 522.806119ms ago: executing program 3 (id=819): fsopen(0x0, 0x1) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xfffffc}, 0x10) write(r0, &(0x7f0000000000)="1c0000001a005f0214f9f4070009010000000000fe03000100000000", 0x1c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) dup(r1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x48, 0x0, 0x8) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e21, 0x6, @local, 0x3ff}, 0x1c) sched_setattr(0xffffffffffffffff, &(0x7f00000001c0)={0x38, 0x3, 0x20, 0x6, 0x0, 0x4, 0x5, 0x2, 0x2}, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f0000000040)=0xc) ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000640)=0x10) close(r4) 508.99154ms ago: executing program 6 (id=820): socket$netlink(0x10, 0x3, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) connect$packet(r0, &(0x7f0000000240)={0x11, 0x5, 0x0, 0x1, 0x4, 0x6, @broadcast}, 0x14) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=@newlink={0x34, 0x10, 0x503, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20305, 0x7e15}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x48094) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x12) pipe2$watch_queue(0x0, 0x80) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@none, 0xfffffffa}}}, 0xd) socketpair$unix(0x1, 0x2, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge0\x00'}) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={0x0, 0x50}, 0x1, 0xba01}, 0x0) r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000820}, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) 0s ago: executing program 5 (id=821): r0 = fanotify_init(0x200, 0x0) writev(r0, 0x0, 0x0) syz_usb_connect(0x6, 0x2d, &(0x7f0000000040)=ANY=[], 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a48000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000040c00098008"], 0x70}, 0x1, 0x0, 0x0, 0x20000080}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$gtp(0x0, 0xffffffffffffffff) r3 = userfaultfd(0x80001) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f000057c000/0x2000)=nil, 0x2000}, 0x1}) readv(r3, &(0x7f00000002c0)=[{&(0x7f0000000400)=""/224, 0x20}], 0x1000000000000108) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) kernel console output (not intermixed with test programs): alNumber: syz [ 124.924326][ T4610] hpfs: filesystem error: improperly stopped [ 124.943252][ T4611] block device autoloading is deprecated and will be removed. [ 124.973634][ T4610] [ 124.977485][ T4610] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 124.987813][ T4610] hpfs: You really don't want any checks? You are crazy... [ 125.069618][ T4615] loop4: detected capacity change from 0 to 164 [ 125.167066][ T4615] netlink: 12 bytes leftover after parsing attributes in process `syz.4.56'. [ 125.579741][ T4610] hpfs: hpfs_map_sector(): read error [ 125.595051][ T4610] hpfs: code page support is disabled [ 125.632564][ T4610] hpfs: hpfs_map_4sectors(): unaligned read [ 125.655527][ T4610] hpfs: hpfs_map_4sectors(): unaligned read [ 125.702799][ T4610] hpfs: filesystem error: unable to find root dir [ 125.808197][ T4610] hpfs: hpfs_map_4sectors(): unaligned read [ 127.075625][ T4387] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -32 [ 127.093263][ T4387] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 127.104694][ T4387] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 127.122254][ T4387] lan78xx: probe of 4-1:1.0 failed with error -32 [ 128.205226][ T4387] usb 4-1: USB disconnect, device number 2 [ 129.423357][ T4651] lo speed is unknown, defaulting to 1000 [ 129.434655][ T4651] lo speed is unknown, defaulting to 1000 [ 129.445727][ T4651] lo speed is unknown, defaulting to 1000 [ 129.641815][ T4651] infiniband sz1: set active [ 129.647803][ T4651] infiniband sz1: added lo [ 129.696164][ T4651] infiniband sz1: Couldn't open port 1 [ 129.724157][ T3653] lo speed is unknown, defaulting to 1000 [ 129.754565][ T4651] RDS/IB: sz1: added [ 129.759928][ T4651] smc: adding ib device sz1 with port count 1 [ 129.768022][ T4651] smc: ib device sz1 port 1 has pnetid [ 129.866971][ T4651] lo speed is unknown, defaulting to 1000 [ 129.986495][ T4651] lo speed is unknown, defaulting to 1000 [ 130.051773][ T4309] lo speed is unknown, defaulting to 1000 [ 130.172342][ T4651] lo speed is unknown, defaulting to 1000 [ 130.287195][ T4651] lo speed is unknown, defaulting to 1000 [ 130.416642][ T4651] lo speed is unknown, defaulting to 1000 [ 131.703519][ T4674] loop2: detected capacity change from 0 to 128 [ 132.156959][ T4674] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 132.353303][ T4674] hpfs: filesystem error: improperly stopped [ 132.415417][ T4674] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 132.457605][ T4674] hpfs: You really don't want any checks? You are crazy... [ 132.553885][ T4674] hpfs: hpfs_map_sector(): read error [ 132.553921][ T4674] hpfs: code page support is disabled [ 132.554072][ T4674] hpfs: hpfs_map_4sectors(): unaligned read [ 132.554155][ T4674] hpfs: hpfs_map_4sectors(): unaligned read [ 132.554165][ T4674] hpfs: filesystem error: unable to find root dir [ 132.597370][ T4674] hpfs: hpfs_map_4sectors(): unaligned read [ 133.881881][ T4694] loop2: detected capacity change from 0 to 4096 [ 134.836309][ T4702] DRBG: could not allocate CTR cipher TFM handle: ctr(aes) [ 134.846913][ T4703] DRBG: could not allocate CTR cipher TFM handle: ctr(aes) [ 135.906955][ T26] audit: type=1800 audit(1757218399.231:3): pid=4715 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.79" name="file1" dev="loop2" ino=33 res=0 errno=0 [ 137.586639][ T22] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 137.681312][ T22] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 137.774673][ T4748] loop4: detected capacity change from 0 to 128 [ 137.812341][ T4748] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 138.368333][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.376255][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.398095][ T4748] hpfs: filesystem error: improperly stopped [ 138.419955][ T4748] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 138.441443][ T4748] hpfs: You really don't want any checks? You are crazy... [ 138.450740][ T4748] hpfs: hpfs_map_sector(): read error [ 138.458255][ T4748] hpfs: code page support is disabled [ 138.471244][ T4748] hpfs: hpfs_map_4sectors(): unaligned read [ 138.496717][ T4748] hpfs: hpfs_map_4sectors(): unaligned read [ 138.522478][ T4748] hpfs: filesystem error: unable to find root dir [ 138.628689][ T4748] hpfs: hpfs_map_4sectors(): unaligned read [ 139.060999][ T4761] netlink: 'syz.1.91': attribute type 4 has an invalid length. [ 140.032921][ T4744] hid-generic 0000:0000:0000.0001: pid 4744 passed too short report [ 143.574654][ T4784] loop4: detected capacity change from 0 to 4096 [ 143.933933][ T26] audit: type=1800 audit(1757218407.251:4): pid=4784 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.97" name="file1" dev="loop4" ino=33 res=0 errno=0 [ 144.235427][ T4796] overlayfs: missing 'lowerdir' [ 144.377249][ T26] audit: type=1800 audit(1757218407.701:5): pid=4795 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.97" name="file1" dev="loop4" ino=33 res=0 errno=0 [ 144.967765][ T4802] loop4: detected capacity change from 0 to 128 [ 145.048969][ T4802] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 145.741149][ T4809] loop3: detected capacity change from 0 to 512 [ 145.767810][ T4802] hpfs: filesystem error: improperly stopped [ 147.410919][ T4805] sched: RT throttling activated [ 148.475398][ T4815] netlink: 4 bytes leftover after parsing attributes in process `syz.0.105'. [ 149.105124][ T4802] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 149.543060][ T4279] Bluetooth: hci4: command 0x0405 tx timeout [ 149.648501][ T4809] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 149.662608][ T4809] EXT4-fs: failed to create workqueue [ 149.669236][ T4809] EXT4-fs (loop3): mount failed [ 149.743112][ T4802] hpfs: You really don't want any checks? You are crazy... [ 149.910086][ T4802] hpfs: hpfs_map_sector(): read error [ 151.136526][ T4829] random: crng reseeded on system resumption [ 151.798767][ T4802] hpfs: code page support is disabled [ 151.835168][ T4802] hpfs: hpfs_map_4sectors(): unaligned read [ 151.864776][ T4802] hpfs: hpfs_map_4sectors(): unaligned read [ 151.918305][ T4802] hpfs: filesystem error: unable to find root dir [ 154.898976][ T4847] loop4: detected capacity change from 0 to 4096 [ 155.462937][ T4864] overlayfs: overlapping lowerdir path [ 156.087384][ T4868] capability: warning: `syz.0.119' uses deprecated v2 capabilities in a way that may be insecure [ 156.196472][ T26] audit: type=1800 audit(1757218419.521:6): pid=4847 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.113" name="file1" dev="loop4" ino=33 res=0 errno=0 [ 156.308577][ T4871] syz.2.120 sent an empty control message without MSG_MORE. [ 157.901809][ T26] audit: type=1800 audit(1757218421.221:7): pid=4875 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.113" name="file1" dev="loop4" ino=33 res=0 errno=0 [ 162.551245][ T4915] overlayfs: overlapping lowerdir path [ 162.575548][ T4914] loop3: detected capacity change from 0 to 164 [ 165.883365][ T4935] netlink: 'syz.4.139': attribute type 10 has an invalid length. [ 165.962449][ T4935] team0: Port device netdevsim0 added [ 168.919828][ T4968] wlan0 speed is unknown, defaulting to 1000 [ 168.927753][ T4968] wlan0 speed is unknown, defaulting to 1000 [ 168.940155][ T4968] wlan0 speed is unknown, defaulting to 1000 [ 169.178590][ T4968] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 169.228825][ T4968] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 169.484563][ T4968] wlan0 speed is unknown, defaulting to 1000 [ 169.493683][ T4968] wlan0 speed is unknown, defaulting to 1000 [ 169.500896][ T4968] wlan0 speed is unknown, defaulting to 1000 [ 169.508242][ T4968] wlan0 speed is unknown, defaulting to 1000 [ 169.515857][ T4968] wlan0 speed is unknown, defaulting to 1000 [ 170.817204][ T4987] loop4: detected capacity change from 0 to 64 [ 174.319845][ T5011] tipc: Enabling of bearer rejected, failed to enable media [ 176.409439][ T5034] loop1: detected capacity change from 0 to 164 [ 176.650816][ T5038] loop0: detected capacity change from 0 to 64 [ 178.075523][ T5038] loop0: detected capacity change from 64 to 0 [ 180.063602][ T5069] tipc: Enabling of bearer rejected, failed to enable media [ 181.507737][ T5087] netlink: 8 bytes leftover after parsing attributes in process `syz.3.178'. [ 181.790474][ T5092] loop4: detected capacity change from 0 to 164 [ 182.635541][ T5095] tmpfs: Bad value for 'mpol' [ 184.504738][ T5115] tipc: Enabling of bearer rejected, failed to enable media [ 184.609926][ T5117] overlayfs: overlapping lowerdir path [ 187.889863][ T5141] loop4: detected capacity change from 0 to 164 [ 191.209497][ T5163] loop3: detected capacity change from 0 to 64 [ 192.889272][ T5173] tipc: Enabling of bearer rejected, failed to enable media [ 197.895511][ T5217] loop0: detected capacity change from 0 to 164 [ 198.695424][ T4324] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 198.935085][ T4324] usb 3-1: Using ep0 maxpacket: 32 [ 198.955990][ T4324] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 199.012885][ T4324] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 199.205163][ T4324] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 199.807585][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.815006][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.067026][ T4324] usb 3-1: Product: syz [ 200.072353][ T4324] usb 3-1: Manufacturer: syz [ 200.078944][ T4324] usb 3-1: SerialNumber: syz [ 200.087696][ T4324] usb 3-1: config 0 descriptor?? [ 200.096206][ T5215] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 200.337785][ T5232] tipc: Enabling of bearer rejected, failed to enable media [ 200.370307][ T4789] usb 3-1: USB disconnect, device number 2 [ 200.472469][ T4271] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 200.493961][ T4271] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 200.508860][ T4271] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 200.528660][ T4271] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 200.543597][ T4271] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 200.552587][ T4271] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 200.813584][ T5234] lo speed is unknown, defaulting to 1000 [ 201.089785][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.397725][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.606530][ T4279] Bluetooth: hci5: command 0x0409 tx timeout [ 204.319155][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.435479][ T5234] wlan0 speed is unknown, defaulting to 1000 [ 204.574712][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.684995][ T4279] Bluetooth: hci5: command 0x041b tx timeout [ 205.817765][ T5267] loop0: detected capacity change from 0 to 164 [ 206.774980][ T4271] Bluetooth: hci5: command 0x040f tx timeout [ 207.522388][ T5234] chnl_net:caif_netlink_parms(): no params data found [ 208.119006][ T5297] tipc: Enabling of bearer rejected, failed to enable media [ 208.359666][ T5234] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.380747][ T5234] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.418901][ T5234] device bridge_slave_0 entered promiscuous mode [ 208.493768][ T5234] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.553363][ T5234] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.661358][ T5234] device bridge_slave_1 entered promiscuous mode [ 208.868155][ T4271] Bluetooth: hci5: command 0x0419 tx timeout [ 209.853306][ T5234] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 210.052769][ T5234] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 211.083181][ T4271] Bluetooth: hci5: command 0x0405 tx timeout [ 211.676248][ T5335] loop0: detected capacity change from 0 to 164 [ 212.631633][ T5234] team0: Port device team_slave_0 added [ 212.748944][ T5234] team0: Port device team_slave_1 added [ 213.225071][ T5234] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 213.232820][ T5234] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.365132][ T5234] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 213.405776][ T4309] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 213.517736][ T5234] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 213.528139][ T5234] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.591761][ T5234] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 213.643932][ T4309] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 213.672190][ T4309] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 213.720974][ T4309] usb 1-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e [ 213.757055][ T4309] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.779799][ T4309] usb 1-1: Product: syz [ 213.784457][ T4309] usb 1-1: Manufacturer: syz [ 213.797715][ T4309] usb 1-1: SerialNumber: syz [ 213.821498][ T4309] usb 1-1: config 0 descriptor?? [ 213.913958][ T5363] tipc: Enabling of bearer rejected, failed to enable media [ 214.057405][ T5234] device hsr_slave_0 entered promiscuous mode [ 214.094629][ T5234] device hsr_slave_1 entered promiscuous mode [ 214.113001][ T5371] loop3: detected capacity change from 0 to 64 [ 214.172743][ T5234] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 214.380442][ T5234] Cannot create hsr debugfs directory [ 214.992966][ T5377] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 215.004849][ T5377] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 217.518764][ T4271] Bluetooth: hci3: command 0x0406 tx timeout [ 217.645078][ T4267] Bluetooth: hci2: command 0x0406 tx timeout [ 217.645228][ T4271] Bluetooth: hci4: command 0x0406 tx timeout [ 217.651438][ T4267] Bluetooth: hci1: command 0x0406 tx timeout [ 217.981893][ T4309] usb 1-1: USB disconnect, device number 2 [ 218.676329][ T11] device hsr_slave_0 left promiscuous mode [ 218.773664][ T5402] loop2: detected capacity change from 0 to 164 [ 219.463440][ T11] device hsr_slave_1 left promiscuous mode [ 219.521933][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 219.740195][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 219.806166][ T5406] netlink: 12 bytes leftover after parsing attributes in process `syz.0.251'. [ 220.526648][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 220.534290][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 220.684724][ T11] device bridge_slave_1 left promiscuous mode [ 220.708955][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.668260][ T11] device bridge_slave_0 left promiscuous mode [ 222.368592][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.639045][ T5424] loop3: detected capacity change from 0 to 64 [ 223.165626][ T11] device veth1_macvtap left promiscuous mode [ 223.181147][ T11] device veth0_macvtap left promiscuous mode [ 223.228537][ T11] device veth1_vlan left promiscuous mode [ 223.242575][ T11] device veth0_vlan left promiscuous mode [ 227.590797][ T11] team0 (unregistering): Port device team_slave_1 removed [ 227.645716][ T11] team0 (unregistering): Port device team_slave_0 removed [ 228.532369][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 228.628059][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 231.615504][ T11] bond0 (unregistering): Released all slaves [ 231.743143][ T5440] tipc: Started in network mode [ 231.748188][ T5440] tipc: Node identity 4e23696d8b68, cluster identity 4711 [ 231.762951][ T5440] tipc: Enabled bearer , priority 0 [ 232.469281][ T5450] tipc: Resetting bearer [ 232.482664][ T5459] netlink: 4 bytes leftover after parsing attributes in process `syz.3.260'. [ 232.598640][ T5437] tipc: Disabling bearer [ 232.743400][ T5484] loop2: detected capacity change from 0 to 64 [ 233.103645][ T5234] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 234.675377][ T5234] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 234.765294][ T5234] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 234.830544][ T5234] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 235.205009][ T4453] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 235.404302][ T4453] usb 1-1: config 0 has no interfaces? [ 235.450225][ T4453] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 236.380070][ T4453] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.389240][ T4453] usb 1-1: Product: syz [ 236.394444][ T4453] usb 1-1: Manufacturer: syz [ 236.400716][ T4453] usb 1-1: SerialNumber: syz [ 236.690658][ T4453] usb 1-1: config 0 descriptor?? [ 236.949757][ T4453] usb 1-1: USB disconnect, device number 3 [ 238.092663][ T4267] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 238.107016][ T4267] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 238.116621][ T4267] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 238.207005][ T5537] loop2: detected capacity change from 0 to 164 [ 238.777579][ T5538] loop3: detected capacity change from 0 to 512 [ 238.851953][ T4267] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 238.866279][ T4267] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 238.880485][ T4279] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 238.958837][ T5538] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 239.091044][ T5538] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e12c, mo2=0002] [ 239.099346][ T5538] System zones: 1-12 [ 239.107395][ T5538] EXT4-fs (loop3): orphan cleanup on readonly fs [ 239.250823][ T5538] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.276: bg 0: block 361: padding at end of block bitmap is not set [ 239.272271][ T5538] EXT4-fs (loop3): Remounting filesystem read-only [ 239.279063][ T5538] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6165: Corrupt filesystem [ 239.292897][ T5538] EXT4-fs (loop3): Remounting filesystem read-only [ 239.300293][ T5538] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.276: invalid indirect mapped block 12 (level 1) [ 239.318746][ T5538] EXT4-fs (loop3): Remounting filesystem read-only [ 239.325614][ T5538] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.276: invalid indirect mapped block 2 (level 2) [ 239.357701][ T5538] EXT4-fs (loop3): Remounting filesystem read-only [ 239.367197][ T5538] EXT4-fs (loop3): 1 truncate cleaned up [ 239.373939][ T5538] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 239.415818][ T5538] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #2: block 5: comm syz.3.276: lblock 0 mapped to illegal pblock 5 (length 1) [ 239.433967][ T5538] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.276: error -117 reading directory block [ 239.434042][ T4425] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.449094][ T5538] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #2: block 5: comm syz.3.276: lblock 0 mapped to illegal pblock 5 (length 1) [ 239.500441][ T5538] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.276: error -117 reading directory block [ 239.515796][ T5543] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #2: block 5: comm syz.3.276: lblock 0 mapped to illegal pblock 5 (length 1) [ 240.034440][ T5234] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.231795][ T5234] 8021q: adding VLAN 0 to HW filter on device team0 [ 240.430538][ T4788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.448529][ T5543] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.276: error -117 reading directory block [ 240.463643][ T5538] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #2: block 5: comm syz.3.276: lblock 0 mapped to illegal pblock 5 (length 1) [ 240.490630][ T5538] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.276: error -117 reading directory block [ 240.558816][ T4788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 240.601410][ T4788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 240.651860][ T4788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 240.728617][ T4788] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.735971][ T4788] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.825806][ T4788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 240.883721][ T4788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 240.925508][ T4267] Bluetooth: hci0: command 0x0409 tx timeout [ 240.939625][ T4788] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.948303][ T4788] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.037902][ T4788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 241.126402][ T5539] tipc: Enabled bearer , priority 0 [ 241.135572][ T5530] tipc: Resetting bearer [ 241.155109][ T5529] tipc: Disabling bearer [ 241.218337][ T4269] EXT4-fs (loop3): unmounting filesystem. [ 241.328245][ T4425] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.364319][ T4788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 241.393376][ T4788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 242.497536][ T4788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 242.720658][ T4788] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 242.752813][ T4788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 242.770629][ T4788] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 242.813863][ T4788] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 242.982083][ T4425] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.005203][ T4267] Bluetooth: hci0: command 0x041b tx timeout [ 243.019628][ T5528] lo speed is unknown, defaulting to 1000 [ 243.055265][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 243.083401][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 243.210021][ T4425] team0: Port device netdevsim0 removed [ 243.436466][ T4425] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.461949][ T5234] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 243.724531][ T5583] loop3: detected capacity change from 0 to 164 [ 244.416464][ T5234] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 244.461104][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 244.501255][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 244.740541][ T5528] wlan0 speed is unknown, defaulting to 1000 [ 245.085105][ T4267] Bluetooth: hci0: command 0x040f tx timeout [ 245.186186][ T5601] loop2: detected capacity change from 0 to 512 [ 245.222477][ T5601] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 245.319525][ T5601] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e12c, mo2=0002] [ 245.328838][ T5601] System zones: 1-12 [ 245.384474][ T5601] EXT4-fs (loop2): orphan cleanup on readonly fs [ 245.398658][ T5601] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.291: bg 0: block 361: padding at end of block bitmap is not set [ 245.420290][ T5601] EXT4-fs (loop2): Remounting filesystem read-only [ 245.427215][ T5601] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6165: Corrupt filesystem [ 245.441937][ T5601] EXT4-fs (loop2): Remounting filesystem read-only [ 245.449396][ T5601] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.291: invalid indirect mapped block 12 (level 1) [ 245.481264][ T5601] EXT4-fs (loop2): Remounting filesystem read-only [ 245.488355][ T5601] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.291: invalid indirect mapped block 2 (level 2) [ 245.505336][ T5601] EXT4-fs (loop2): Remounting filesystem read-only [ 245.513533][ T5601] EXT4-fs (loop2): 1 truncate cleaned up [ 245.519598][ T5601] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 245.564820][ T5601] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #2: block 5: comm syz.2.291: lblock 0 mapped to illegal pblock 5 (length 1) [ 245.728962][ T5601] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.291: error -117 reading directory block [ 245.745183][ T5603] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #2: block 5: comm syz.2.291: lblock 0 mapped to illegal pblock 5 (length 1) [ 245.763860][ T5603] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.291: error -117 reading directory block [ 245.785011][ T5604] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #2: block 5: comm syz.2.291: lblock 0 mapped to illegal pblock 5 (length 1) [ 245.825420][ T5604] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.291: error -117 reading directory block [ 245.845962][ T5601] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #2: block 5: comm syz.2.291: lblock 0 mapped to illegal pblock 5 (length 1) [ 245.869444][ T5601] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.291: error -117 reading directory block [ 247.345343][ T4267] Bluetooth: hci0: command 0x0419 tx timeout [ 248.068776][ T4275] EXT4-fs (loop2): unmounting filesystem. [ 249.239635][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 249.269708][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 249.666844][ T5234] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 249.945616][ T5528] chnl_net:caif_netlink_parms(): no params data found [ 250.062387][ T5648] loop0: detected capacity change from 0 to 164 [ 250.828634][ T5647] netlink: 24 bytes leftover after parsing attributes in process `syz.0.297'. [ 251.219373][ T5528] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.455671][ T5528] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.465418][ T5528] device bridge_slave_0 entered promiscuous mode [ 251.876509][ T5528] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.883785][ T5528] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.945493][ T5528] device bridge_slave_1 entered promiscuous mode [ 252.160177][ T5528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 252.326099][ T5528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 252.612864][ T5528] team0: Port device team_slave_0 added [ 252.782553][ T5528] team0: Port device team_slave_1 added [ 255.016789][ T5528] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 255.034628][ T5528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 255.338055][ T5528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 255.459247][ T5692] loop3: detected capacity change from 0 to 164 [ 255.608556][ T5528] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 255.635334][ T5692] netlink: 24 bytes leftover after parsing attributes in process `syz.3.309'. [ 255.733328][ T5528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 256.064938][ T5528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 256.275152][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 256.309799][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 256.772944][ T5528] device hsr_slave_0 entered promiscuous mode [ 256.862692][ T5528] device hsr_slave_1 entered promiscuous mode [ 257.208868][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 257.343183][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 257.704997][ T5234] device veth0_vlan entered promiscuous mode [ 257.717402][ T26] audit: type=1326 audit(1757218521.041:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5709 comm="syz.0.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69bfd8ebe9 code=0x7ffc0000 [ 258.543008][ T26] audit: type=1326 audit(1757218521.071:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5709 comm="syz.0.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69bfd8ebe9 code=0x7ffc0000 [ 258.624591][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 258.633399][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 258.641729][ T26] audit: type=1326 audit(1757218521.081:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5709 comm="syz.0.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7f69bfd8ebe9 code=0x7ffc0000 [ 258.666076][ T26] audit: type=1326 audit(1757218521.081:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5709 comm="syz.0.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69bfd8ebe9 code=0x7ffc0000 [ 258.734938][ T26] audit: type=1326 audit(1757218521.271:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5709 comm="syz.0.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69bfd8ebe9 code=0x7ffc0000 [ 258.791544][ T5234] device veth1_vlan entered promiscuous mode [ 258.868787][ T4425] device hsr_slave_0 left promiscuous mode [ 258.885828][ T4425] device hsr_slave_1 left promiscuous mode [ 258.990957][ T4425] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 259.538716][ T4425] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 259.755732][ T4425] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 259.763401][ T4425] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 259.829975][ T4425] device bridge_slave_1 left promiscuous mode [ 259.906998][ T4425] bridge0: port 2(bridge_slave_1) entered disabled state [ 259.970301][ T4425] device bridge_slave_0 left promiscuous mode [ 259.987747][ T4425] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.315642][ T5739] loop2: detected capacity change from 0 to 164 [ 261.410686][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.417268][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.440346][ T5735] netlink: 24 bytes leftover after parsing attributes in process `syz.2.320'. [ 261.785577][ T4425] device veth1_macvtap left promiscuous mode [ 261.792069][ T4425] device veth0_macvtap left promiscuous mode [ 261.876419][ T4425] device veth1_vlan left promiscuous mode [ 261.882754][ T4425] device veth0_vlan left promiscuous mode [ 261.915918][ T4267] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 261.928495][ T4267] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 261.938199][ T4267] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 261.948340][ T4267] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 261.960697][ T4267] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 261.968872][ T4267] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 262.806995][ T5760] 9pnet_virtio: no channels available for device syz [ 264.046693][ T4271] Bluetooth: hci4: command 0x0409 tx timeout [ 265.065681][ T5777] netlink: 20 bytes leftover after parsing attributes in process `syz.3.325'. [ 265.434768][ T4425] team0 (unregistering): Port device team_slave_1 removed [ 265.533204][ T4425] team0 (unregistering): Port device team_slave_0 removed [ 265.619382][ T4425] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 265.685484][ T4425] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 266.135196][ T4267] Bluetooth: hci4: command 0x041b tx timeout [ 266.381731][ T4425] bond0 (unregistering): Released all slaves [ 266.524702][ T5776] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 266.560771][ T5776] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 266.591089][ T5776] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 267.629620][ T5747] lo speed is unknown, defaulting to 1000 [ 268.030673][ T5794] netlink: 96 bytes leftover after parsing attributes in process `syz.2.329'. [ 268.205986][ T4267] Bluetooth: hci4: command 0x040f tx timeout [ 268.806901][ T5747] wlan0 speed is unknown, defaulting to 1000 [ 269.018576][ T5528] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 269.068616][ T5528] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 269.265214][ T5528] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 269.313128][ T5528] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 270.105597][ T5528] 8021q: adding VLAN 0 to HW filter on device bond0 [ 270.163937][ T5747] chnl_net:caif_netlink_parms(): no params data found [ 270.285384][ T4267] Bluetooth: hci4: command 0x0419 tx timeout [ 270.347259][ T5528] 8021q: adding VLAN 0 to HW filter on device team0 [ 271.031340][ T4788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 271.094612][ T4788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 271.229210][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 271.261539][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 271.265173][ T5832] loop2: detected capacity change from 0 to 64 [ 271.488960][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.496323][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 271.505054][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 271.752266][ T5841] 9pnet_virtio: no channels available for device syz [ 272.465389][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 272.513181][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.521042][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 272.625862][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 272.756655][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 272.970662][ T5747] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.978346][ T5747] bridge0: port 1(bridge_slave_0) entered disabled state [ 273.049487][ T5747] device bridge_slave_0 entered promiscuous mode [ 274.142973][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 274.184273][ T5747] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.195022][ T5747] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.206251][ T5747] device bridge_slave_1 entered promiscuous mode [ 275.906821][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 275.928257][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 275.973005][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 275.993614][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 276.185613][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 277.370722][ T5747] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 277.461335][ T5747] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 277.540577][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 277.550938][ T5883] loop3: detected capacity change from 0 to 64 [ 277.577286][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 277.612496][ T5528] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 277.655600][ T5528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 277.689869][ T5747] team0: Port device team_slave_0 added [ 277.702145][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 279.210828][ T5897] 9pnet_virtio: no channels available for device syz [ 279.486031][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 279.657158][ T5901] netlink: 'syz.2.350': attribute type 3 has an invalid length. [ 279.692414][ T5747] team0: Port device team_slave_1 added [ 279.737468][ T5747] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 279.765062][ T5747] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 279.903555][ T5747] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 280.007672][ T5747] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 280.039528][ T5747] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 280.210524][ T5747] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 281.149837][ T5909] device syzkaller0 entered promiscuous mode [ 281.188553][ T5747] device hsr_slave_0 entered promiscuous mode [ 281.216777][ T5747] device hsr_slave_1 entered promiscuous mode [ 281.226114][ T5747] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 281.234028][ T5747] Cannot create hsr debugfs directory [ 281.622967][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 281.639676][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 281.710080][ T5528] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 282.891690][ T5931] loop2: detected capacity change from 0 to 64 [ 286.223447][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 286.292349][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 286.460151][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 286.471490][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 287.294261][ T5528] device veth0_vlan entered promiscuous mode [ 287.356418][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 287.399763][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 287.449216][ T5528] device veth1_vlan entered promiscuous mode [ 288.518793][ T4425] device hsr_slave_0 left promiscuous mode [ 288.534360][ T5981] loop2: detected capacity change from 0 to 64 [ 288.553163][ T4425] device hsr_slave_1 left promiscuous mode [ 288.592118][ T4425] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 288.600389][ T4425] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 288.659917][ T4425] device bridge_slave_1 left promiscuous mode [ 288.698856][ T4425] bridge0: port 2(bridge_slave_1) entered disabled state [ 288.738682][ T4425] device bridge_slave_0 left promiscuous mode [ 288.747573][ T4425] bridge0: port 1(bridge_slave_0) entered disabled state [ 288.820142][ T4425] device veth1_vlan left promiscuous mode [ 288.885014][ T4425] device veth0_vlan left promiscuous mode [ 289.235343][ T5993] Bluetooth: MGMT ver 1.22 [ 289.746066][ T5999] overlayfs: overlapping lowerdir path [ 289.837784][ T6002] loop2: detected capacity change from 0 to 512 [ 289.872341][ T6002] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 290.013431][ T6002] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e12c, mo2=0002] [ 290.022455][ T6002] System zones: 1-12 [ 290.032625][ T6002] EXT4-fs (loop2): orphan cleanup on readonly fs [ 290.051666][ T6002] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.373: bg 0: block 361: padding at end of block bitmap is not set [ 290.072763][ T6002] EXT4-fs (loop2): Remounting filesystem read-only [ 290.079965][ T6002] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6165: Corrupt filesystem [ 290.093501][ T6002] EXT4-fs (loop2): Remounting filesystem read-only [ 290.100243][ T6002] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.373: invalid indirect mapped block 12 (level 1) [ 290.115492][ T6002] EXT4-fs (loop2): Remounting filesystem read-only [ 290.122359][ T6002] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.373: invalid indirect mapped block 2 (level 2) [ 290.141284][ T6002] EXT4-fs (loop2): Remounting filesystem read-only [ 290.148912][ T6002] EXT4-fs (loop2): 1 truncate cleaned up [ 290.154746][ T6002] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 290.190537][ T6002] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #2: block 5: comm syz.2.373: lblock 0 mapped to illegal pblock 5 (length 1) [ 290.212791][ T6002] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.373: error -117 reading directory block [ 290.233819][ T6002] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #2: block 5: comm syz.2.373: lblock 0 mapped to illegal pblock 5 (length 1) [ 290.253346][ T6002] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.373: error -117 reading directory block [ 290.271284][ T6002] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #2: block 5: comm syz.2.373: lblock 0 mapped to illegal pblock 5 (length 1) [ 290.287664][ T6002] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.373: error -117 reading directory block [ 290.304277][ T6002] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #2: block 5: comm syz.2.373: lblock 0 mapped to illegal pblock 5 (length 1) [ 290.325656][ T6002] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.373: error -117 reading directory block [ 293.028629][ T4425] team0 (unregistering): Port device team_slave_1 removed [ 293.150110][ T4275] EXT4-fs (loop2): unmounting filesystem. [ 293.199345][ T4425] team0 (unregistering): Port device team_slave_0 removed [ 293.306078][ T6018] loop2: detected capacity change from 0 to 64 [ 293.345535][ T4425] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 293.486819][ T4425] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 293.907026][ T4271] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 293.935167][ T4271] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 293.944648][ T4271] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 293.953072][ T4271] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 293.961334][ T4271] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 293.970093][ T4271] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 294.678615][ T6037] syz.3.382 uses obsolete (PF_INET,SOCK_PACKET) [ 296.064817][ T4271] Bluetooth: hci5: command 0x0409 tx timeout [ 297.175584][ T4425] bond0 (unregistering): Released all slaves [ 297.424124][ T6025] lo speed is unknown, defaulting to 1000 [ 297.449953][ T5747] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 297.554760][ T6054] loop3: detected capacity change from 0 to 512 [ 297.572519][ T6054] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 297.584671][ T5747] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 297.669478][ T5747] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 297.735279][ T6054] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e12c, mo2=0002] [ 297.744309][ T6054] System zones: 1-12 [ 297.749740][ T6054] EXT4-fs (loop3): orphan cleanup on readonly fs [ 297.764910][ T6054] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.386: bg 0: block 361: padding at end of block bitmap is not set [ 297.786147][ T6054] EXT4-fs (loop3): Remounting filesystem read-only [ 297.792883][ T6054] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6165: Corrupt filesystem [ 297.814616][ T6054] EXT4-fs (loop3): Remounting filesystem read-only [ 297.822325][ T6054] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.386: invalid indirect mapped block 12 (level 1) [ 297.840953][ T6054] EXT4-fs (loop3): Remounting filesystem read-only [ 297.847889][ T6054] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.386: invalid indirect mapped block 2 (level 2) [ 297.863036][ T6054] EXT4-fs (loop3): Remounting filesystem read-only [ 297.870466][ T6054] EXT4-fs (loop3): 1 truncate cleaned up [ 297.876479][ T6054] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 297.890263][ T6054] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #2: block 5: comm syz.3.386: lblock 0 mapped to illegal pblock 5 (length 1) [ 297.909812][ T6054] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.386: error -117 reading directory block [ 297.924284][ T6054] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #2: block 5: comm syz.3.386: lblock 0 mapped to illegal pblock 5 (length 1) [ 297.949632][ T6054] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.386: error -117 reading directory block [ 297.964168][ T6054] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #2: block 5: comm syz.3.386: lblock 0 mapped to illegal pblock 5 (length 1) [ 297.980591][ T6054] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.386: error -117 reading directory block [ 297.995355][ T6054] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #2: block 5: comm syz.3.386: lblock 0 mapped to illegal pblock 5 (length 1) [ 298.012249][ T6054] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.386: error -117 reading directory block [ 298.072435][ T5747] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 298.125215][ T4271] Bluetooth: hci5: command 0x041b tx timeout [ 299.132620][ T4269] EXT4-fs (loop3): unmounting filesystem. [ 299.349320][ T6072] loop3: detected capacity change from 0 to 64 [ 299.377835][ T6025] wlan0 speed is unknown, defaulting to 1000 [ 299.748234][ T5747] 8021q: adding VLAN 0 to HW filter on device bond0 [ 300.135074][ T5747] 8021q: adding VLAN 0 to HW filter on device team0 [ 300.197415][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 300.204963][ T4271] Bluetooth: hci5: command 0x040f tx timeout [ 300.226196][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 300.584033][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 300.704464][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 300.760303][ T5542] bridge0: port 1(bridge_slave_0) entered blocking state [ 300.768306][ T5542] bridge0: port 1(bridge_slave_0) entered forwarding state [ 300.879282][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 300.906877][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 300.945828][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 300.972767][ T5542] bridge0: port 2(bridge_slave_1) entered blocking state [ 300.980315][ T5542] bridge0: port 2(bridge_slave_1) entered forwarding state [ 301.022037][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 301.069068][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 301.091258][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 302.285293][ T4271] Bluetooth: hci5: command 0x0419 tx timeout [ 302.572751][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 302.583779][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 302.594084][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 302.613643][ T5747] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 302.696966][ T5747] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 302.766743][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 302.796811][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 302.823789][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 302.856050][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 302.893804][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 302.925162][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 302.999800][ T6100] overlayfs: overlapping lowerdir path [ 303.350429][ T6025] chnl_net:caif_netlink_parms(): no params data found [ 303.646194][ T6111] netlink: 4 bytes leftover after parsing attributes in process `syz.2.395'. [ 303.739951][ T26] audit: type=1326 audit(1757218567.051:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.3.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 304.611698][ T6112] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 304.719237][ T26] audit: type=1326 audit(1757218567.051:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.3.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 304.747974][ T26] audit: type=1326 audit(1757218567.051:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.3.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 304.796141][ T6025] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.855986][ T6025] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.863226][ T26] audit: type=1326 audit(1757218567.061:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.3.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 304.924744][ T26] audit: type=1326 audit(1757218567.061:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.3.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 305.072765][ T6120] loop2: detected capacity change from 0 to 512 [ 305.144145][ T26] audit: type=1326 audit(1757218567.061:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.3.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 305.176420][ T6120] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 307.207965][ T26] audit: type=1326 audit(1757218567.061:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.3.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 307.893606][ T26] audit: type=1326 audit(1757218567.061:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.3.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 307.965202][ T6120] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e12c, mo2=0002] [ 307.973456][ T6120] System zones: 1-12 [ 307.978551][ T6120] EXT4-fs (loop2): orphan cleanup on readonly fs [ 308.330580][ T6120] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.397: bg 0: block 361: padding at end of block bitmap is not set [ 308.352528][ T6025] device bridge_slave_0 entered promiscuous mode [ 308.361453][ T6120] EXT4-fs (loop2): Remounting filesystem read-only [ 308.368331][ T6120] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6165: Corrupt filesystem [ 309.339837][ T6120] EXT4-fs (loop2): Remounting filesystem read-only [ 309.346466][ T6120] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.397: invalid indirect mapped block 12 (level 1) [ 309.362047][ T26] audit: type=1326 audit(1757218567.061:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.3.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 309.384313][ T6120] EXT4-fs (loop2): Remounting filesystem read-only [ 309.390970][ T6120] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.397: invalid indirect mapped block 2 (level 2) [ 309.424986][ T26] audit: type=1326 audit(1757218567.061:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.3.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 309.449919][ T6120] EXT4-fs (loop2): Remounting filesystem read-only [ 309.457038][ T6120] EXT4-fs (loop2): 1 truncate cleaned up [ 309.462921][ T6120] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 309.596024][ T4275] EXT4-fs (loop2): unmounting filesystem. [ 309.609699][ T6025] bridge0: port 2(bridge_slave_1) entered blocking state [ 309.619671][ T6025] bridge0: port 2(bridge_slave_1) entered disabled state [ 309.645386][ T26] audit: type=1326 audit(1757218567.061:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.3.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 309.672668][ T6025] device bridge_slave_1 entered promiscuous mode [ 309.759427][ T26] audit: type=1326 audit(1757218567.061:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.3.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 309.850654][ T6025] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 309.893904][ T26] audit: type=1326 audit(1757218567.061:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.3.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 310.828418][ T4271] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 310.838532][ T4271] CPU: 1 PID: 4271 Comm: kworker/u5:3 Not tainted syzkaller #0 [ 310.846228][ T4271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 310.856688][ T4271] Workqueue: hci2 hci_rx_work [ 310.861538][ T4271] Call Trace: [ 310.864867][ T4271] [ 310.867940][ T4271] dump_stack_lvl+0x168/0x22e [ 310.872671][ T4271] ? show_regs_print_info+0x12/0x12 [ 310.878016][ T4271] ? load_image+0x3b0/0x3b0 [ 310.882617][ T4271] sysfs_create_dir_ns+0x252/0x280 [ 310.887905][ T4271] ? hci_rx_work+0x3eb/0xd40 [ 310.893003][ T4271] ? sysfs_warn_dup+0xa0/0xa0 [ 310.898196][ T4271] ? do_raw_spin_unlock+0x11d/0x230 [ 310.903459][ T4271] kobject_add_internal+0x6b8/0xc80 [ 310.908838][ T4271] kobject_add+0x152/0x210 [ 310.913489][ T4271] ? kobject_init+0x1d0/0x1d0 [ 310.918393][ T4271] ? klist_children_get+0x50/0x50 [ 310.923583][ T4271] ? get_device_parent+0x121/0x3f0 [ 310.928960][ T4271] device_add+0x483/0xfb0 [ 310.933445][ T4271] ? kmem_cache_free+0xf7/0x290 [ 310.938431][ T4271] hci_conn_add_sysfs+0xd1/0x1e0 [ 310.943466][ T4271] le_conn_complete_evt+0xd1d/0x1320 [ 310.948859][ T4271] ? hci_le_big_info_adv_report_evt+0x310/0x310 [ 310.955514][ T4271] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 310.961286][ T4271] ? skb_pull_data+0xf7/0x200 [ 310.966020][ T4271] hci_le_conn_complete_evt+0x183/0x440 [ 310.971754][ T4271] ? hci_remote_host_features_evt+0x270/0x270 [ 310.978598][ T4271] hci_event_packet+0x791/0x1210 [ 310.983802][ T4271] ? bis_list+0x280/0x280 [ 310.988216][ T4271] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 310.994197][ T4271] ? kcov_remote_start+0x4c7/0x7e0 [ 310.999655][ T4271] ? mt_dump_node+0xb00/0x1930 [ 311.004734][ T4271] ? hci_send_to_monitor+0x9c/0x4a0 [ 311.010010][ T4271] hci_rx_work+0x3eb/0xd40 [ 311.014504][ T4271] ? _raw_spin_unlock+0x40/0x40 [ 311.019436][ T4271] ? process_one_work+0x7a1/0x1160 [ 311.024629][ T4271] process_one_work+0x898/0x1160 [ 311.030119][ T4271] ? worker_detach_from_pool+0x240/0x240 [ 311.035959][ T4271] ? _raw_spin_lock_irq+0xab/0xe0 [ 311.041152][ T4271] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 311.046677][ T4271] ? kthread_data+0x4b/0xc0 [ 311.051238][ T4271] worker_thread+0xaa2/0x1250 [ 311.056913][ T4271] kthread+0x29d/0x330 [ 311.061127][ T4271] ? worker_clr_flags+0x1a0/0x1a0 [ 311.066207][ T4271] ? kthread_blkcg+0xd0/0xd0 [ 311.070862][ T4271] ret_from_fork+0x1f/0x30 [ 311.075347][ T4271] [ 311.084702][ T4271] kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 311.099056][ T4271] Bluetooth: hci2: failed to register connection device [ 311.115987][ T26] audit: type=1326 audit(1757218567.061:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.3.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 311.159012][ T6025] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 311.168935][ T26] audit: type=1326 audit(1757218567.061:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.3.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 311.405393][ T4923] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 311.413608][ T4923] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 311.478919][ T5747] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 311.492614][ T6025] team0: Port device team_slave_0 added [ 311.576390][ T6025] team0: Port device team_slave_1 added [ 311.642576][ T6025] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 311.671776][ T6025] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 311.704905][ T127] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 311.713799][ T6025] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 311.817401][ T6025] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 311.838022][ T6025] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 311.898247][ T6025] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 311.915227][ T127] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 311.942465][ T6164] netlink: 'syz.3.407': attribute type 10 has an invalid length. [ 311.960719][ T127] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 311.961854][ T6164] netlink: 55 bytes leftover after parsing attributes in process `syz.3.407'. [ 311.985003][ T127] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 312.003530][ T127] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 312.012902][ T127] usb 3-1: SerialNumber: syz [ 312.220105][ T6025] device hsr_slave_0 entered promiscuous mode [ 312.262545][ T127] usb 3-1: 0:2 : does not exist [ 312.263483][ T6025] device hsr_slave_1 entered promiscuous mode [ 312.380376][ T6025] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 312.394925][ T6025] Cannot create hsr debugfs directory [ 312.430455][ T127] usb 3-1: USB disconnect, device number 3 [ 312.639664][ T6178] loop0: detected capacity change from 0 to 512 [ 312.710093][ T6178] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 312.768083][ T6178] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e12c, mo2=0002] [ 312.777139][ T6178] System zones: 1-12 [ 312.786477][ T6178] EXT4-fs (loop0): orphan cleanup on readonly fs [ 312.801412][ T6178] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.409: bg 0: block 361: padding at end of block bitmap is not set [ 312.821734][ T6178] EXT4-fs (loop0): Remounting filesystem read-only [ 312.828510][ T6178] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6165: Corrupt filesystem [ 312.847697][ T6178] EXT4-fs (loop0): Remounting filesystem read-only [ 312.854598][ T6178] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.409: invalid indirect mapped block 12 (level 1) [ 312.877184][ T6178] EXT4-fs (loop0): Remounting filesystem read-only [ 312.883959][ T6178] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.409: invalid indirect mapped block 2 (level 2) [ 312.902305][ T6178] EXT4-fs (loop0): Remounting filesystem read-only [ 312.910329][ T6178] EXT4-fs (loop0): 1 truncate cleaned up [ 312.916362][ T6178] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 312.949164][ T6178] EXT4-fs error (device loop0): ext4_map_blocks:635: inode #2: block 5: comm syz.0.409: lblock 0 mapped to illegal pblock 5 (length 1) [ 312.975663][ T6178] EXT4-fs warning (device loop0): dx_probe:823: inode #2: lblock 0: comm syz.0.409: error -117 reading directory block [ 312.994711][ T6178] EXT4-fs error (device loop0): ext4_map_blocks:635: inode #2: block 5: comm syz.0.409: lblock 0 mapped to illegal pblock 5 (length 1) [ 313.015827][ T6178] EXT4-fs warning (device loop0): dx_probe:823: inode #2: lblock 0: comm syz.0.409: error -117 reading directory block [ 313.034687][ T6178] EXT4-fs error (device loop0): ext4_map_blocks:635: inode #2: block 5: comm syz.0.409: lblock 0 mapped to illegal pblock 5 (length 1) [ 313.052892][ T6178] EXT4-fs warning (device loop0): dx_probe:823: inode #2: lblock 0: comm syz.0.409: error -117 reading directory block [ 313.070681][ T6178] EXT4-fs error (device loop0): ext4_map_blocks:635: inode #2: block 5: comm syz.0.409: lblock 0 mapped to illegal pblock 5 (length 1) [ 313.095718][ T6178] EXT4-fs warning (device loop0): dx_probe:823: inode #2: lblock 0: comm syz.0.409: error -117 reading directory block [ 313.880369][ T4923] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 314.153705][ T4923] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 315.068222][ T4258] udevd[4258]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 315.133518][ T5747] device veth0_vlan entered promiscuous mode [ 315.512602][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 315.530741][ T4268] EXT4-fs (loop0): unmounting filesystem. [ 315.545928][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 315.583044][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 315.621820][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 315.668468][ T5747] device veth1_vlan entered promiscuous mode [ 316.920696][ T4267] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 316.931609][ T4267] CPU: 1 PID: 4267 Comm: kworker/u5:2 Not tainted syzkaller #0 [ 316.939382][ T4267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 316.949755][ T4267] Workqueue: hci1 hci_rx_work [ 316.954500][ T4267] Call Trace: [ 316.957824][ T4267] [ 316.960830][ T4267] dump_stack_lvl+0x168/0x22e [ 316.965580][ T4267] ? show_regs_print_info+0x12/0x12 [ 316.971123][ T4267] ? load_image+0x3b0/0x3b0 [ 316.975833][ T4267] sysfs_create_dir_ns+0x252/0x280 [ 316.981119][ T4267] ? hci_rx_work+0x3eb/0xd40 [ 316.986345][ T4267] ? sysfs_warn_dup+0xa0/0xa0 [ 316.991073][ T4267] ? preempt_schedule_thunk+0x16/0x18 [ 316.996785][ T4267] kobject_add_internal+0x6b8/0xc80 [ 317.002516][ T4267] kobject_add+0x152/0x210 [ 317.007092][ T4267] ? kobject_init+0x1d0/0x1d0 [ 317.012260][ T4267] ? klist_children_get+0x50/0x50 [ 317.017353][ T4267] ? get_device_parent+0x121/0x3f0 [ 317.022514][ T4267] device_add+0x483/0xfb0 [ 317.026899][ T4267] ? kmem_cache_free+0xf7/0x290 [ 317.032429][ T4267] hci_conn_add_sysfs+0xd1/0x1e0 [ 317.037605][ T4267] le_conn_complete_evt+0xd1d/0x1320 [ 317.043464][ T4267] ? hci_le_big_info_adv_report_evt+0x310/0x310 [ 317.049923][ T4267] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 317.055619][ T4267] ? skb_pull_data+0xf7/0x200 [ 317.060733][ T4267] hci_le_conn_complete_evt+0x183/0x440 [ 317.067122][ T4267] ? hci_remote_host_features_evt+0x270/0x270 [ 317.073340][ T4267] hci_event_packet+0x791/0x1210 [ 317.078513][ T4267] ? bis_list+0x280/0x280 [ 317.083065][ T4267] ? kcov_remote_start+0x27/0x7e0 [ 317.088137][ T4267] ? hci_send_to_monitor+0x9c/0x4a0 [ 317.093469][ T4267] hci_rx_work+0x3eb/0xd40 [ 317.098131][ T4267] ? process_one_work+0x7a1/0x1160 [ 317.103309][ T4267] process_one_work+0x898/0x1160 [ 317.108520][ T4267] ? worker_detach_from_pool+0x240/0x240 [ 317.114326][ T4267] ? _raw_spin_lock_irq+0xab/0xe0 [ 317.119469][ T4267] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 317.124872][ T4267] ? kthread_data+0x4b/0xc0 [ 317.130245][ T4267] worker_thread+0xaa2/0x1250 [ 317.134994][ T4267] kthread+0x29d/0x330 [ 317.139101][ T4267] ? worker_clr_flags+0x1a0/0x1a0 [ 317.144236][ T4267] ? kthread_blkcg+0xd0/0xd0 [ 317.149212][ T4267] ret_from_fork+0x1f/0x30 [ 317.153677][ T4267] [ 317.158004][ T4267] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 317.171632][ T4267] Bluetooth: hci1: failed to register connection device [ 317.205140][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 317.213631][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 317.245180][ T4267] Bluetooth: hci2: command 0x0406 tx timeout [ 317.295477][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 317.304458][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 317.317207][ T5747] device veth0_macvtap entered promiscuous mode [ 317.355382][ T5747] device veth1_macvtap entered promiscuous mode [ 317.444256][ T5747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 317.488930][ T5747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.499884][ T5747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 317.518495][ T5747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.653140][ T5747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 317.683204][ T5747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.719973][ T5747] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 318.566052][ T5747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 318.585145][ T5747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.597383][ T5747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 318.608851][ T5747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.620409][ T5747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 318.702987][ T5747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.846291][ T5747] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 318.932317][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 318.946577][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 318.957733][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 318.971998][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 318.985435][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 318.998823][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 319.232664][ T5747] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.242895][ T5747] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.254178][ T5747] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.045081][ T5747] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.084595][ T6025] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 321.218811][ T6025] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 321.574320][ T6025] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 322.531553][ T4271] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 322.755674][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.762930][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.894654][ T6025] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 323.325048][ T4271] Bluetooth: hci1: command 0x0406 tx timeout [ 324.373005][ T4425] device hsr_slave_0 left promiscuous mode [ 324.383461][ T4425] device hsr_slave_1 left promiscuous mode [ 324.400274][ T4425] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 324.408475][ T4267] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 324.421088][ T4267] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 324.433263][ T4267] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 324.434227][ T4425] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 324.450951][ T4267] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 324.463440][ T4267] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 324.472468][ T4267] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 324.515681][ T4425] device bridge_slave_1 left promiscuous mode [ 324.534631][ T4425] bridge0: port 2(bridge_slave_1) entered disabled state [ 324.559894][ T4425] device bridge_slave_0 left promiscuous mode [ 324.566751][ T4425] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.599414][ T4425] device veth1_vlan left promiscuous mode [ 324.606203][ T4425] device veth0_vlan left promiscuous mode [ 325.181903][ T4425] team0 (unregistering): Port device team_slave_1 removed [ 325.231487][ T4425] team0 (unregistering): Port device team_slave_0 removed [ 325.280184][ T4425] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 325.333060][ T4425] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 325.821142][ T4425] bond0 (unregistering): Released all slaves [ 325.915935][ T6289] device veth0_to_team entered promiscuous mode [ 326.069397][ T6276] lo speed is unknown, defaulting to 1000 [ 326.328320][ T6025] 8021q: adding VLAN 0 to HW filter on device bond0 [ 326.536520][ T4271] Bluetooth: hci0: command 0x0409 tx timeout [ 326.936990][ T4923] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 327.017077][ T4923] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 327.056668][ T6025] 8021q: adding VLAN 0 to HW filter on device team0 [ 327.103718][ T26] audit: type=1326 audit(1757218590.421:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6308 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 327.170275][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 327.179000][ T6276] wlan0 speed is unknown, defaulting to 1000 [ 327.207832][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 327.231614][ T26] audit: type=1326 audit(1757218590.431:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6308 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 327.270590][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 327.278924][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 327.298266][ T26] audit: type=1326 audit(1757218590.481:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6308 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 327.335882][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 327.384994][ T26] audit: type=1326 audit(1757218590.481:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6308 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 327.414972][ T26] audit: type=1326 audit(1757218590.481:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6308 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 327.419942][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 327.490772][ T26] audit: type=1326 audit(1757218590.481:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6308 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 327.758178][ T26] audit: type=1326 audit(1757218590.481:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6308 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 328.083009][ T26] audit: type=1326 audit(1757218590.481:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6308 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 328.112556][ T26] audit: type=1326 audit(1757218590.481:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6308 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 328.165002][ T26] audit: type=1326 audit(1757218590.481:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6308 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0054b8ebe9 code=0x7ffc0000 [ 328.224389][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 328.329169][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 328.336489][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 328.438536][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 328.605061][ T4271] Bluetooth: hci0: command 0x041b tx timeout [ 328.651185][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 328.847218][ T6331] netlink: 348 bytes leftover after parsing attributes in process `syz.3.443'. [ 328.964683][ T6330] overlayfs: overlapping lowerdir path [ 329.148973][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 329.221361][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 329.270818][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 329.316417][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 329.346487][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 329.507549][ T4425] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.553567][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 329.572947][ T5542] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 329.601693][ T6337] device syzkaller0 entered promiscuous mode [ 329.673846][ T4425] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.716589][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 329.736903][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 329.758900][ T6025] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 329.861488][ T4425] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.999100][ T4425] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.345196][ T4453] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 330.383633][ T6276] chnl_net:caif_netlink_parms(): no params data found [ 330.579883][ T4453] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 330.595024][ T4453] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.603223][ T4453] usb 4-1: Product: syz [ 330.608487][ T4453] usb 4-1: Manufacturer: syz [ 330.613338][ T4453] usb 4-1: SerialNumber: syz [ 330.655063][ T4453] usb 4-1: config 0 descriptor?? [ 330.685500][ T4271] Bluetooth: hci0: command 0x040f tx timeout [ 330.875915][ T6276] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.877484][ T4453] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 330.892506][ T6276] bridge0: port 1(bridge_slave_0) entered disabled state [ 330.910875][ T6276] device bridge_slave_0 entered promiscuous mode [ 330.929944][ T6276] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.937521][ T6276] bridge0: port 2(bridge_slave_1) entered disabled state [ 330.946316][ T6276] device bridge_slave_1 entered promiscuous mode [ 331.048737][ T6276] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 331.062739][ T6276] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 331.130946][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 331.140761][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 331.190486][ T6276] team0: Port device team_slave_0 added [ 331.200662][ T6276] team0: Port device team_slave_1 added [ 331.251673][ T6025] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 331.370365][ T6276] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 331.381096][ T6276] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 331.418475][ T6276] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 331.465877][ T6376] process 'syz.0.451' launched './file0' with NULL argv: empty string added [ 331.483343][ T6276] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 331.508098][ T6276] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 331.582508][ T6276] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 332.296231][ T4453] dvb_usb_rtl28xxu: probe of 4-1:0.0 failed with error -71 [ 332.764975][ T4271] Bluetooth: hci0: command 0x0419 tx timeout [ 332.939427][ T4453] usb 4-1: USB disconnect, device number 3 [ 333.104140][ T6276] device hsr_slave_0 entered promiscuous mode [ 333.136108][ T6276] device hsr_slave_1 entered promiscuous mode [ 333.197688][ T6389] netlink: 4 bytes leftover after parsing attributes in process `syz.3.454'. [ 333.615429][ T6400] netlink: 4 bytes leftover after parsing attributes in process `syz.0.455'. [ 334.472177][ T4425] device hsr_slave_0 left promiscuous mode [ 334.513457][ T4425] device hsr_slave_1 left promiscuous mode [ 334.543815][ T4425] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 334.552487][ T4425] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 334.578263][ T4425] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 334.610051][ T4425] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 335.032070][ T6415] overlayfs: overlapping lowerdir path [ 335.096542][ T4425] device bridge_slave_1 left promiscuous mode [ 335.187967][ T4425] bridge0: port 2(bridge_slave_1) entered disabled state [ 335.330892][ T4425] device bridge_slave_0 left promiscuous mode [ 335.483157][ T4425] bridge0: port 1(bridge_slave_0) entered disabled state [ 335.667754][ T4425] device veth1_macvtap left promiscuous mode [ 335.684474][ T4425] device veth0_macvtap left promiscuous mode [ 335.694339][ T4425] device veth1_vlan left promiscuous mode [ 335.714566][ T4425] device veth0_vlan left promiscuous mode [ 336.730542][ T4425] team0 (unregistering): Port device team_slave_1 removed [ 336.796631][ T4425] team0 (unregistering): Port device team_slave_0 removed [ 337.089378][ T4425] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 337.434356][ T4425] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 339.075894][ T4425] bond0 (unregistering): Released all slaves [ 339.300141][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 339.334527][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 340.309307][ T6450] loop3: detected capacity change from 0 to 64 [ 340.715084][ T4544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 340.841681][ T6458] netlink: 4 bytes leftover after parsing attributes in process `syz.0.466'. [ 341.264440][ T4544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 341.362443][ T6025] device veth0_vlan entered promiscuous mode [ 341.812719][ T4544] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 341.838308][ T4544] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 341.907247][ T6025] device veth1_vlan entered promiscuous mode [ 342.157203][ T6479] 9pnet_virtio: no channels available for device syz [ 343.091484][ T6025] device veth0_macvtap entered promiscuous mode [ 343.136276][ T6025] device veth1_macvtap entered promiscuous mode [ 343.212885][ T6025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 343.330059][ T6025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.427446][ T6025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 343.479135][ T6025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.523095][ T6025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 343.580382][ T6025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.150589][ T6025] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 344.441424][ T6025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 344.534869][ T6025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.574934][ T6025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 344.604902][ T6025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.614791][ T6025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 344.662489][ T6506] netlink: 104 bytes leftover after parsing attributes in process `syz.3.475'. [ 344.684892][ T6025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.713815][ T6025] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 344.748046][ T5205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 344.761490][ T5205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 344.824165][ T5205] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 344.841942][ T5205] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 344.861048][ T5205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 344.871840][ T6508] loop3: detected capacity change from 0 to 64 [ 344.879165][ T5205] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 344.893688][ T5205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 345.037579][ T6025] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 345.064931][ T6025] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 345.073811][ T6025] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 345.101086][ T6025] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 345.126718][ T5205] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 347.187278][ T6523] netlink: 4 bytes leftover after parsing attributes in process `syz.3.479'. [ 347.212624][ T6523] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 347.222845][ T6523] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 347.232911][ T6523] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 347.242387][ T6523] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 347.254623][ T6523] device vxlan0 entered promiscuous mode [ 347.315059][ T6276] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 347.353102][ T6276] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 347.484014][ T6276] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 347.701225][ T6276] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 347.788474][ T6533] 9pnet_virtio: no channels available for device syz [ 348.369449][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 348.564518][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 349.332536][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 349.388186][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 349.414265][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 349.523466][ T5205] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 349.629177][ T6559] loop3: detected capacity change from 0 to 64 [ 349.636692][ T6276] 8021q: adding VLAN 0 to HW filter on device bond0 [ 349.719582][ T5205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 349.740876][ T5205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 349.814185][ T6276] 8021q: adding VLAN 0 to HW filter on device team0 [ 349.879156][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 349.930774][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 349.985098][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 349.992868][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 350.108988][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 350.145769][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 350.241707][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 350.302139][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 350.309404][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 350.756097][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 351.032707][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 351.112514][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 351.136341][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 351.240199][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 351.306102][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 351.356801][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 351.492120][ T6582] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 351.501590][ T6582] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 351.580539][ T6276] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 351.591237][ T6276] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 351.605176][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 351.626531][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 351.808868][ T6588] 9pnet_virtio: no channels available for device syz [ 351.966286][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 352.340795][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 352.418835][ T6593] tmpfs: Unknown parameter 'usrquota' [ 352.475250][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 353.278385][ T6599] loop3: detected capacity change from 0 to 64 [ 354.030472][ T6605] rdma_rxe: rxe_register_device failed with error -23 [ 354.038047][ T6605] rdma_rxe: failed to add lo [ 355.872915][ T6624] device syzkaller0 entered promiscuous mode [ 357.394789][ T4788] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 357.433076][ T4788] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 357.771774][ T6276] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 358.045801][ T6640] loop6: detected capacity change from 0 to 64 [ 358.350369][ T6643] rdma_rxe: already configured on lo [ 359.014391][ T6651] overlayfs: overlapping lowerdir path [ 362.193969][ T6675] syz.3.517 (6675) used greatest stack depth: 18176 bytes left [ 363.193290][ T6690] loop3: detected capacity change from 0 to 64 [ 363.406526][ T4453] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 364.416922][ T4453] usb 7-1: unable to get BOS descriptor or descriptor too short [ 364.498629][ T6695] rdma_rxe: rxe_register_device failed with error -23 [ 364.505577][ T6695] rdma_rxe: failed to add lo [ 364.652698][ T4453] usb 7-1: not running at top speed; connect to a high speed hub [ 364.716920][ T4453] usb 7-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config [ 364.757452][ T4453] usb 7-1: config 5 has 1 interface, different from the descriptor's value: 2 [ 364.933975][ T4453] usb 7-1: New USB device found, idVendor=0582, idProduct=0074, bcdDevice=2a.70 [ 365.921315][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 365.972825][ T4453] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 365.984232][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 366.254521][ T4453] usb 7-1: Product: syz [ 366.307314][ T4453] usb 7-1: Manufacturer: syz [ 366.312036][ T4453] usb 7-1: SerialNumber: syz [ 366.354021][ T6276] device veth0_vlan entered promiscuous mode [ 366.396674][ T4453] usb 7-1: can't set config #5, error -71 [ 367.260387][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 367.288045][ T4453] usb 7-1: USB disconnect, device number 2 [ 367.315992][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 367.366374][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 367.412573][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 367.478429][ T6276] device veth1_vlan entered promiscuous mode [ 367.632412][ T4544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 367.653539][ T4544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 367.713329][ T6276] device veth0_macvtap entered promiscuous mode [ 367.767133][ T6276] device veth1_macvtap entered promiscuous mode [ 367.836899][ T6276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 367.905129][ T4453] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 367.920409][ T6276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.965124][ T6276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 368.018268][ T6276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.061133][ T6276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 368.089186][ T6276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.311988][ T4453] usb 7-1: Using ep0 maxpacket: 16 [ 368.346153][ T6276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 368.358636][ T6276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.372803][ T4453] usb 7-1: config 0 has an invalid interface number: 176 but max is 0 [ 368.397267][ T6276] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 368.405223][ T4453] usb 7-1: config 0 has no interface number 0 [ 368.441662][ T6276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 368.475870][ T4453] usb 7-1: New USB device found, idVendor=1004, idProduct=61aa, bcdDevice=18.b3 [ 368.507545][ T4453] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 368.520233][ T6276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.565495][ T4453] usb 7-1: Product: syz [ 368.576678][ T6276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 368.590824][ T4453] usb 7-1: Manufacturer: syz [ 368.616651][ T6276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.686927][ T6276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 368.804691][ T6276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.904466][ T4453] usb 7-1: SerialNumber: syz [ 369.805075][ T6276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 369.859092][ T6276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 369.898803][ T6276] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 369.935127][ T4544] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 369.949950][ T4544] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 369.960548][ T4544] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 369.974292][ T4544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 370.000846][ T4544] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 370.021077][ T4544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 370.112108][ T6276] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.139902][ T4453] usb 7-1: config 0 descriptor?? [ 370.164219][ T6276] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.175875][ T4453] usb 7-1: bad CDC descriptors [ 370.184348][ T6276] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.214745][ T6276] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.240689][ T6739] loop3: detected capacity change from 0 to 64 [ 370.443817][ T4325] usb 7-1: USB disconnect, device number 3 [ 371.651675][ T5542] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 371.760422][ T5542] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 371.882686][ T4923] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 371.914463][ T4923] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 371.927978][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 371.959821][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 372.345998][ T6760] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 374.350989][ T6776] 9pnet_virtio: no channels available for device syz [ 375.465597][ T26] kauditd_printk_skb: 37 callbacks suppressed [ 375.465613][ T26] audit: type=1326 audit(1757218638.791:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6777 comm="syz.2.543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522df8ebe9 code=0x7ffc0000 [ 375.600833][ T26] audit: type=1326 audit(1757218638.841:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6777 comm="syz.2.543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=67 compat=0 ip=0x7f522df8ebe9 code=0x7ffc0000 [ 375.743370][ T26] audit: type=1326 audit(1757218638.841:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6777 comm="syz.2.543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522df8ebe9 code=0x7ffc0000 [ 375.851803][ T6792] netlink: 12 bytes leftover after parsing attributes in process `syz.5.548'. [ 375.852694][ T26] audit: type=1326 audit(1757218638.841:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6777 comm="syz.2.543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522df8ebe9 code=0x7ffc0000 [ 375.890295][ T6793] loop2: detected capacity change from 0 to 64 [ 376.111222][ T6797] netlink: 4 bytes leftover after parsing attributes in process `syz.6.550'. [ 376.432756][ T6797] team0 (unregistering): Port device team_slave_0 removed [ 377.386295][ T6797] team0 (unregistering): Port device team_slave_1 removed [ 381.265752][ T4345] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 382.001975][ T4345] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 382.042221][ T4345] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 382.154078][ T4345] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 382.211176][ T4345] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.281744][ T6861] device syzkaller0 entered promiscuous mode [ 382.294010][ T6860] loop5: detected capacity change from 0 to 256 [ 382.346631][ T4345] usb 1-1: config 0 descriptor?? [ 382.359281][ T4345] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 382.377323][ T6860] exfat: Deprecated parameter 'namecase' [ 382.383657][ T6860] exfat: Deprecated parameter 'namecase' [ 382.445751][ T4345] dvb-usb: bulk message failed: -22 (3/0) [ 382.560885][ T6831] dvb-usb: bulk message failed: -22 (2/0) [ 382.580056][ T4345] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 382.616748][ T6860] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 382.684039][ T4345] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 382.737271][ T4345] usb 1-1: media controller created [ 382.828862][ T4345] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 382.958938][ T4345] dvb-usb: bulk message failed: -22 (6/0) [ 382.992726][ T4345] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 383.427204][ T4345] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input5 [ 383.443795][ T4345] dvb-usb: schedule remote query interval to 150 msecs. [ 383.450925][ T4345] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 383.473141][ T4345] usb 1-1: USB disconnect, device number 4 [ 383.696650][ T4345] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 384.057155][ T6878] netlink: 4 bytes leftover after parsing attributes in process `syz.0.570'. [ 384.144693][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.157891][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.272221][ T6889] netlink: 16 bytes leftover after parsing attributes in process `syz.2.575'. [ 385.915714][ T6902] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 386.020240][ T6905] sctp: [Deprecated]: syz.6.580 (pid 6905) Use of struct sctp_assoc_value in delayed_ack socket option. [ 386.020240][ T6905] Use struct sctp_sack_info instead [ 386.025258][ T6902] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 386.084786][ T6903] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 388.044936][ T6922] netlink: 4 bytes leftover after parsing attributes in process `syz.6.583'. [ 388.421224][ T6925] device syzkaller0 entered promiscuous mode [ 389.260939][ T26] audit: type=1326 audit(1757218652.491:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6940 comm="syz.3.590" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0054b8ebe9 code=0x0 [ 393.097491][ T6992] overlayfs: overlapping lowerdir path [ 393.282001][ T6988] loop3: detected capacity change from 0 to 2048 [ 393.394661][ T6988] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 393.425037][ T4453] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 393.592766][ T6999] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 393.623636][ T6999] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 160 with error 28 [ 393.634331][ T4453] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 393.639692][ T6999] EXT4-fs (loop3): This should not happen!! Data will be lost [ 393.639692][ T6999] [ 393.676492][ T6999] EXT4-fs (loop3): Total free blocks count 0 [ 393.682895][ T6999] EXT4-fs (loop3): Free/Dirty block details [ 393.712724][ T6999] EXT4-fs (loop3): free_blocks=2415919104 [ 393.749048][ T6999] EXT4-fs (loop3): dirty_blocks=160 [ 393.764910][ T4453] usb 1-1: config 0 interface 0 has no altsetting 0 [ 393.783558][ T6999] EXT4-fs (loop3): Block reservation details [ 393.801312][ T6999] EXT4-fs (loop3): i_reserved_data_blocks=10 [ 393.808452][ T4453] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 393.818954][ T4453] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 393.836890][ T4453] usb 1-1: Product: syz [ 393.841396][ T4453] usb 1-1: Manufacturer: syz [ 393.849747][ T4453] usb 1-1: SerialNumber: syz [ 393.873305][ T4453] usb 1-1: config 0 descriptor?? [ 393.902653][ T5542] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 393.910098][ T7003] sg_read: process 40 (syz.5.607) changed security contexts after opening file descriptor, this is not allowed. [ 393.922319][ T4453] usb 1-1: selecting invalid altsetting 0 [ 394.288156][ T4345] usb 1-1: USB disconnect, device number 5 [ 397.537209][ T7008] tipc: Started in network mode [ 397.543139][ T7008] tipc: Node identity 66e347ca3cb3, cluster identity 4711 [ 397.557902][ T7008] tipc: Enabled bearer , priority 0 [ 397.592870][ T7015] tipc: Resetting bearer [ 397.738512][ T7007] tipc: Disabling bearer [ 397.942724][ T7032] netlink: 4 bytes leftover after parsing attributes in process `syz.6.613'. [ 398.884956][ T7050] loop5: detected capacity change from 0 to 128 [ 399.985907][ T7050] vxfs: WRONG superblock magic 7b3185b5 at 1 [ 400.069459][ T7050] vxfs: unsupported VxFS version (-1232326277) [ 400.189719][ T7056] device syzkaller0 entered promiscuous mode [ 400.367724][ T7065] device team_slave_0 entered promiscuous mode [ 400.374627][ T7065] device team_slave_1 entered promiscuous mode [ 400.535876][ T127] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 400.574093][ T7064] device team_slave_0 left promiscuous mode [ 400.580925][ T7064] device team_slave_1 left promiscuous mode [ 400.864983][ T127] usb 6-1: Using ep0 maxpacket: 32 [ 400.932867][ T127] usb 6-1: unable to get BOS descriptor or descriptor too short [ 401.147458][ T127] usb 6-1: config 1 interface 0 altsetting 144 bulk endpoint 0x82 has invalid maxpacket 64 [ 401.198846][ T127] usb 6-1: config 1 interface 0 altsetting 144 bulk endpoint 0x3 has invalid maxpacket 32 [ 401.308305][ T127] usb 6-1: config 1 interface 0 has no altsetting 0 [ 401.366953][ T127] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 401.405643][ T127] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 401.424408][ T127] usb 6-1: Product: syz [ 401.434617][ T127] usb 6-1: Manufacturer: syz [ 401.455182][ T127] usb 6-1: SerialNumber: syz [ 401.464203][ T7050] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 401.517759][ T7050] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 401.759175][ T127] cdc_ether: probe of 6-1:1.0 failed with error -71 [ 401.809725][ T127] usb 6-1: USB disconnect, device number 2 [ 401.865328][ T7093] loop0: detected capacity change from 0 to 512 [ 401.896143][ T7093] EXT4-fs: inline encryption not supported [ 401.922464][ T7093] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 401.967630][ T7093] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 402.006544][ T7093] EXT4-fs (loop0): 1 truncate cleaned up [ 402.022647][ T7093] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 402.379422][ T4268] EXT4-fs (loop0): unmounting filesystem. [ 404.027980][ T7136] device syzkaller0 entered promiscuous mode [ 405.200325][ T7152] loop3: detected capacity change from 0 to 2048 [ 405.345078][ T4453] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 405.377797][ T7150] loop5: detected capacity change from 0 to 32768 [ 405.377853][ T7152] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 405.552772][ T4453] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 405.586215][ T7152] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 405.615773][ T4453] usb 3-1: config 0 interface 0 has no altsetting 0 [ 405.627054][ T7150] XFS (loop5): Mounting V5 Filesystem [ 405.698271][ T7168] loop6: detected capacity change from 0 to 128 [ 405.721973][ T4453] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 405.788261][ T7152] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 132 with error 28 [ 405.814243][ T4453] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 405.847854][ T7168] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 405.891209][ T4453] usb 3-1: Product: syz [ 405.917784][ T4453] usb 3-1: Manufacturer: syz [ 405.929582][ T7152] EXT4-fs (loop3): This should not happen!! Data will be lost [ 405.929582][ T7152] [ 405.968634][ T4453] usb 3-1: SerialNumber: syz [ 406.021151][ T7152] EXT4-fs (loop3): Total free blocks count 0 [ 406.047976][ T7152] EXT4-fs (loop3): Free/Dirty block details [ 406.054476][ T7152] EXT4-fs (loop3): free_blocks=2415919104 [ 406.060703][ T4453] usb 3-1: config 0 descriptor?? [ 406.067972][ T7152] EXT4-fs (loop3): dirty_blocks=144 [ 406.073251][ T7152] EXT4-fs (loop3): Block reservation details [ 406.083631][ T7152] EXT4-fs (loop3): i_reserved_data_blocks=9 [ 406.098515][ T7150] XFS (loop5): Ending clean mount [ 406.118307][ T7150] XFS (loop5): Quotacheck needed: Please wait. [ 406.162162][ T4453] usb 3-1: selecting invalid altsetting 0 [ 406.249651][ T7150] XFS (loop5): Quotacheck: Done. [ 406.402958][ T4269] EXT4-fs (loop3): unmounting filesystem. [ 406.494081][ T7150] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 406.501616][ T7150] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 406.507957][ T7150] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 406.514095][ T7150] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 406.520330][ T7150] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 406.583834][ T7150] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 406.591192][ T7150] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 406.597247][ T7150] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 406.634053][ T7150] Bluetooth: hci5: Suspend notifier action (1) failed: -4 [ 406.641928][ T7150] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 406.648660][ T7150] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 406.696240][ T7150] Bluetooth: hci0: Suspend notifier action (1) failed: -4 [ 406.748204][ T6276] XFS (loop5): Unmounting Filesystem [ 406.890454][ T7185] loop3: detected capacity change from 0 to 256 [ 406.975971][ T7185] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011d5f, chksum : 0x09863542, utbl_chksum : 0x000cd30d) [ 407.106401][ T26] audit: type=1800 audit(1757218670.411:80): pid=7185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.647" name="file2" dev="loop3" ino=1048606 res=0 errno=0 [ 407.460694][ T7194] loop3: detected capacity change from 0 to 2048 [ 407.524474][ T7194] UDF-fs: warning (device loop3): udf_fill_super: No fileset found [ 408.474958][ T4267] Bluetooth: hci1: command 0x0c1a tx timeout [ 408.614883][ T4267] Bluetooth: hci3: command 0x0c1a tx timeout [ 408.621083][ T4267] Bluetooth: hci2: command 0x0c1a tx timeout [ 408.627549][ T4267] Bluetooth: hci5: command 0x0c1a tx timeout [ 408.684947][ T4271] Bluetooth: hci0: command 0x0c1a tx timeout [ 408.789050][ T7145] snd-usb-audio 3-1:0.0: Runtime PM usage count underflow! [ 408.803872][ T7203] loop6: detected capacity change from 0 to 4096 [ 408.811312][ T7203] ntfs3: Unknown parameter 'nocase' [ 408.887866][ T4258] I/O error, dev loop6, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 408.919508][ T4346] usb 3-1: USB disconnect, device number 4 [ 409.052578][ T7213] device syzkaller0 entered promiscuous mode [ 409.120449][ T7212] loop5: detected capacity change from 0 to 2048 [ 409.176830][ T7212] Dev loop5: RDB in block 1 has bad checksum [ 409.414123][ T7224] loop2: detected capacity change from 0 to 64 [ 409.816009][ T7218] loop0: detected capacity change from 0 to 4096 [ 409.874294][ T7218] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) [ 410.151187][ T26] audit: type=1800 audit(1757218673.471:81): pid=7218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.660" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 410.698847][ T7249] netlink: 96 bytes leftover after parsing attributes in process `syz.6.665'. [ 410.710666][ T4271] Bluetooth: hci2: command 0x0406 tx timeout [ 410.717321][ T4267] Bluetooth: hci5: command 0x0406 tx timeout [ 410.723666][ T4267] Bluetooth: hci3: command 0x0406 tx timeout [ 410.751878][ T7250] overlayfs: overlapping lowerdir path [ 410.795263][ T4279] Bluetooth: hci0: command 0x0406 tx timeout [ 411.883263][ T7269] loop0: detected capacity change from 0 to 512 [ 411.972676][ T7269] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities [ 413.787685][ T7285] device syzkaller0 entered promiscuous mode [ 414.203033][ T7295] netlink: 4 bytes leftover after parsing attributes in process `syz.5.679'. [ 415.278398][ T7304] loop3: detected capacity change from 0 to 4096 [ 415.500288][ T4269] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22. [ 415.510890][ T4269] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 415.593578][ T7313] loop2: detected capacity change from 0 to 4096 [ 415.644964][ T7313] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 415.821666][ T7313] ntfs3: loop2: Failed to load $Extend. [ 416.382334][ T7318] 9pnet_virtio: no channels available for device syz [ 417.974268][ T4271] Bluetooth: hci5: command 0x0406 tx timeout [ 418.233793][ T7343] tmpfs: Unknown parameter 'grpquota' [ 418.785878][ T7361] loop5: detected capacity change from 0 to 2048 [ 418.809346][ T7361] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 418.883342][ T7365] netlink: 4 bytes leftover after parsing attributes in process `syz.0.693'. [ 419.929823][ T7379] loop0: detected capacity change from 0 to 2048 [ 420.050809][ T7379] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 420.390767][ T7382] loop5: detected capacity change from 0 to 4096 [ 422.732704][ T7382] ntfs3: loop5: ino=1e, "file1" attr_set_size [ 422.877318][ T7403] loop6: detected capacity change from 0 to 16 [ 422.940129][ T7403] erofs: (device loop6): mounted with root inode @ nid 36. [ 422.948383][ T4387] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 423.134943][ T4387] usb 1-1: Using ep0 maxpacket: 8 [ 423.179474][ T7411] device syzkaller0 entered promiscuous mode [ 423.196154][ T4387] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 423.389597][ T7415] 9pnet_virtio: no channels available for device syz [ 424.011572][ T4387] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 424.036326][ T4387] pvrusb2: Hardware description: Terratec Grabster AV400 [ 424.043449][ T4387] pvrusb2: ********** [ 424.047802][ T4387] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 424.058997][ T4387] pvrusb2: Important functionality might not be entirely working. [ 424.090206][ T4387] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 424.107025][ T4387] pvrusb2: ********** [ 424.243022][ T2309] pvrusb2: Invalid write control endpoint [ 424.372048][ T7427] netlink: 4 bytes leftover after parsing attributes in process `syz.6.711'. [ 424.465214][ T4345] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 424.748381][ T4387] usb 1-1: USB disconnect, device number 6 [ 424.754568][ T4345] usb 3-1: Using ep0 maxpacket: 32 [ 424.927959][ T4345] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 424.964981][ T4345] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.066029][ T4345] usb 3-1: config 0 descriptor?? [ 425.094907][ T4324] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 425.110539][ T2309] pvrusb2: Invalid write control endpoint [ 425.138955][ T2309] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 425.253505][ T2309] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 425.261942][ T2309] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 425.279347][ T2309] pvrusb2: Device being rendered inoperable [ 425.291884][ T2309] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 425.309402][ T4345] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 425.332023][ T2309] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 425.347831][ T4345] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 425.390439][ T4345] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 425.427327][ T2309] pvrusb2: Attached sub-driver cx25840 [ 425.428708][ T4345] usb 3-1: media controller created [ 425.433707][ T2309] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 425.449872][ T4324] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 425.470537][ T4324] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 425.498136][ T2309] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 425.510653][ T7419] pvrusb2: Attempted to execute control transfer when device not ok [ 425.620119][ T4345] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 425.683785][ T4324] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 425.697210][ T4324] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 425.721678][ T4324] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 425.739697][ T4324] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 425.748481][ T4324] usb 6-1: Manufacturer: syz [ 425.769785][ T4345] az6027: usb out operation failed. (-71) [ 425.815863][ T4345] az6027: usb out operation failed. (-71) [ 425.837910][ T4345] stb0899_attach: Driver disabled by Kconfig [ 425.858164][ T4345] az6027: no front-end attached [ 425.858164][ T4345] [ 425.878689][ T4345] az6027: usb out operation failed. (-71) [ 425.890008][ T4345] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 425.903244][ T4345] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input6 [ 425.949447][ T4324] usb 6-1: config 0 descriptor?? [ 425.953554][ T4345] dvb-usb: schedule remote query interval to 400 msecs. [ 426.569600][ T4345] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 426.698035][ T4345] usb 3-1: USB disconnect, device number 5 [ 426.855256][ T4345] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 426.988835][ T7449] netlink: 4 bytes leftover after parsing attributes in process `syz.0.720'. [ 427.075668][ T4324] appleir 0003:05AC:8243.0002: unknown main item tag 0x0 [ 427.102055][ T4324] appleir 0003:05AC:8243.0002: No inputs registered, leaving [ 427.279699][ T4324] appleir 0003:05AC:8243.0002: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 427.956315][ T4309] usb 6-1: USB disconnect, device number 3 [ 428.258781][ T4324] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 428.418939][ T7483] rdma_rxe: rxe_register_device failed with error -23 [ 428.463394][ T7483] rdma_rxe: failed to add lo [ 428.549177][ T7485] overlayfs: overlapping lowerdir path [ 428.576690][ T4324] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 428.619733][ T4324] usb 4-1: config 0 interface 0 has no altsetting 0 [ 428.693914][ T4324] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 428.775465][ T4324] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 428.783730][ T4324] usb 4-1: Product: syz [ 428.852046][ T4324] usb 4-1: Manufacturer: syz [ 428.882289][ T4324] usb 4-1: SerialNumber: syz [ 428.912619][ T4324] usb 4-1: config 0 descriptor?? [ 428.952885][ T4324] usb 4-1: selecting invalid altsetting 0 [ 431.097545][ T4345] usb 4-1: USB disconnect, device number 4 [ 431.268154][ T7510] loop5: detected capacity change from 0 to 2048 [ 431.309649][ T7510] EXT4-fs: Ignoring removed orlov option [ 431.344023][ T7513] tipc: Enabling of bearer rejected, failed to enable media [ 431.373651][ T7513] device syzkaller0 entered promiscuous mode [ 431.575877][ T7510] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 431.585236][ T7510] ext4 filesystem being mounted at /33/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 432.570765][ T6276] EXT4-fs (loop5): unmounting filesystem. [ 434.375981][ T7533] netlink: 4 bytes leftover after parsing attributes in process `syz.0.737'. [ 434.916371][ T7557] overlayfs: overlapping lowerdir path [ 437.319994][ T7580] rdma_rxe: rxe_register_device failed with error -23 [ 437.328705][ T7580] rdma_rxe: failed to add lo [ 438.336714][ T7587] tipc: Enabling of bearer rejected, failed to enable media [ 438.371483][ T7587] device syzkaller0 entered promiscuous mode [ 438.444989][ T4345] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 439.928263][ T4345] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 440.181265][ T4345] usb 3-1: config 0 interface 0 has no altsetting 0 [ 440.228074][ T4345] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 440.294973][ T4345] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 440.313622][ T4345] usb 3-1: Product: syz [ 440.464872][ T4345] usb 3-1: Manufacturer: syz [ 440.480052][ T4345] usb 3-1: SerialNumber: syz [ 440.501806][ T4345] usb 3-1: config 0 descriptor?? [ 440.569263][ T4345] usb 3-1: selecting invalid altsetting 0 [ 441.225671][ T7618] overlayfs: overlapping lowerdir path [ 442.024019][ T7581] snd-usb-audio 3-1:0.0: Runtime PM usage count underflow! [ 442.092148][ T4325] usb 3-1: USB disconnect, device number 6 [ 443.776458][ T7648] rdma_rxe: rxe_register_device failed with error -23 [ 443.783765][ T7648] rdma_rxe: failed to add lo [ 445.567766][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.576233][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 446.063658][ T7662] netlink: 4 bytes leftover after parsing attributes in process `syz.5.763'. [ 446.727876][ T7663] tipc: Enabling of bearer rejected, failed to enable media [ 446.785324][ T7665] device syzkaller0 entered promiscuous mode [ 447.725147][ T4279] Bluetooth: hci0: command 0x0406 tx timeout [ 449.321603][ T7688] overlayfs: overlapping lowerdir path [ 453.218205][ T7710] netlink: 12 bytes leftover after parsing attributes in process `syz.5.776'. [ 453.279895][ T7710] netlink: 24 bytes leftover after parsing attributes in process `syz.5.776'. [ 453.864322][ T7714] loop6: detected capacity change from 0 to 4096 [ 454.149475][ T7720] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 454.231390][ T7724] loop5: detected capacity change from 0 to 512 [ 454.254617][ T26] audit: type=1800 audit(1757218717.571:82): pid=7714 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.778" name="file1" dev="loop6" ino=15 res=0 errno=0 [ 454.542107][ T7724] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 454.611511][ T7724] ext4 filesystem being mounted at /47/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 454.977774][ T7736] overlayfs: overlapping lowerdir path [ 455.315195][ T26] audit: type=1800 audit(1757218718.631:83): pid=7726 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.778" name="file1" dev="loop6" ino=15 res=0 errno=0 [ 455.511657][ T6276] EXT4-fs (loop5): unmounting filesystem. [ 459.075842][ T4279] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 459.129297][ T4279] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 459.142561][ T4279] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 459.152516][ T4279] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 459.162974][ T4279] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 459.171389][ T4279] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 459.311211][ T4505] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.383267][ T7781] netlink: 48 bytes leftover after parsing attributes in process `syz.3.793'. [ 460.410862][ T7781] netlink: 48 bytes leftover after parsing attributes in process `syz.3.793'. [ 460.538613][ T7807] overlayfs: overlapping lowerdir path [ 460.745540][ T7782] tipc: Started in network mode [ 460.757957][ T7782] tipc: Node identity dac2fddbbba9, cluster identity 4711 [ 460.899113][ T7782] tipc: Enabled bearer , priority 0 [ 461.063176][ T7787] device syzkaller0 entered promiscuous mode [ 461.146914][ T7799] tipc: Resetting bearer [ 461.210371][ T7777] tipc: Resetting bearer [ 461.245147][ T4279] Bluetooth: hci1: command 0x0409 tx timeout [ 461.295494][ T7777] tipc: Disabling bearer [ 461.363654][ T4505] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.385554][ T26] audit: type=1326 audit(1757218724.711:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7811 comm="syz.3.798" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0054b8ebe9 code=0x0 [ 461.455265][ T7817] tipc: Enabling of bearer rejected, failed to enable media [ 461.491978][ T7815] device syzkaller0 entered promiscuous mode [ 461.597989][ T4505] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.655756][ T7776] lo speed is unknown, defaulting to 1000 [ 461.865101][ T7819] nvme_fabrics: missing parameter 'transport=%s' [ 461.879448][ T7819] nvme_fabrics: missing parameter 'nqn=%s' [ 461.914079][ T4505] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.163307][ T7776] wlan0 speed is unknown, defaulting to 1000 [ 462.870818][ T4505] tipc: Left network mode [ 463.253172][ T7776] chnl_net:caif_netlink_parms(): no params data found [ 463.325254][ T4279] Bluetooth: hci1: command 0x041b tx timeout [ 463.695598][ T7859] netlink: 48 bytes leftover after parsing attributes in process `syz.2.808'. [ 463.708812][ T7859] netlink: 48 bytes leftover after parsing attributes in process `syz.2.808'. [ 463.800178][ T7864] overlayfs: overlapping lowerdir path [ 464.919887][ T7868] tipc: Enabled bearer , priority 0 [ 464.935365][ T7877] device syzkaller0 entered promiscuous mode [ 465.094698][ T7868] tipc: Resetting bearer [ 465.199198][ T7867] tipc: Resetting bearer [ 465.313567][ T7867] tipc: Disabling bearer [ 465.389983][ T7776] bridge0: port 1(bridge_slave_0) entered blocking state [ 465.405372][ T4279] Bluetooth: hci1: command 0x040f tx timeout [ 465.413940][ T7776] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.446617][ T7776] device bridge_slave_0 entered promiscuous mode [ 465.544214][ T7776] bridge0: port 2(bridge_slave_1) entered blocking state [ 465.575633][ T7776] bridge0: port 2(bridge_slave_1) entered disabled state [ 465.595363][ T7776] device bridge_slave_1 entered promiscuous mode [ 465.911795][ T7776] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 465.955417][ T7776] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 466.621013][ T7776] team0: Port device team_slave_0 added [ 466.718602][ T7776] team0: Port device team_slave_1 added [ 467.279897][ T4325] wlan0 speed is unknown, defaulting to 1000 [ 467.290862][ T7914] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 467.347093][ T4325] ================================================================== [ 467.356172][ T4325] BUG: KASAN: use-after-free in siw_query_port+0x358/0x450 [ 467.365975][ T4325] Read of size 4 at addr ffff8880296380e0 by task kworker/1:5/4325 [ 467.374873][ T4325] [ 467.377620][ T4325] CPU: 1 PID: 4325 Comm: kworker/1:5 Not tainted syzkaller #0 [ 467.385300][ T4325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 467.396628][ T4325] Workqueue: infiniband ib_cache_event_task [ 467.403457][ T4325] Call Trace: [ 467.407133][ T4325] [ 467.410108][ T4325] dump_stack_lvl+0x168/0x22e [ 467.415058][ T4325] ? __lock_acquire+0x7c50/0x7c50 [ 467.420323][ T4325] ? show_regs_print_info+0x12/0x12 [ 467.425648][ T4325] ? load_image+0x3b0/0x3b0 [ 467.430385][ T4325] ? __virt_addr_valid+0x465/0x540 [ 467.436262][ T4325] ? siw_query_port+0x358/0x450 [ 467.441255][ T4325] print_report+0xa8/0x210 [ 467.446189][ T4325] kasan_report+0x10b/0x140 [ 467.450942][ T4325] ? siw_query_port+0x358/0x450 [ 467.455966][ T4325] siw_query_port+0x358/0x450 [ 467.461009][ T4325] ib_cache_update+0x1bb/0x980 [ 467.465978][ T4325] ? ib_cache_setup_one+0x5d0/0x5d0 [ 467.471684][ T4325] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 467.479156][ T4325] ? read_lock_is_recursive+0x10/0x10 [ 467.485322][ T4325] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 467.491310][ T4325] ? _raw_spin_unlock+0x40/0x40 [ 467.496333][ T4325] ib_cache_event_task+0xd4/0x1c0 [ 467.502520][ T4325] ? process_one_work+0x7a1/0x1160 [ 467.508136][ T4325] process_one_work+0x898/0x1160 [ 467.513574][ T4325] ? worker_detach_from_pool+0x240/0x240 [ 467.519578][ T4325] ? _raw_spin_lock_irq+0xab/0xe0 [ 467.525558][ T4325] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 467.531805][ T4325] ? kthread_data+0x4b/0xc0 [ 467.537208][ T4325] worker_thread+0xaa2/0x1250 [ 467.542027][ T4325] kthread+0x29d/0x330 [ 467.546294][ T4325] ? worker_clr_flags+0x1a0/0x1a0 [ 467.551967][ T4325] ? kthread_blkcg+0xd0/0xd0 [ 467.556942][ T4325] ret_from_fork+0x1f/0x30 [ 467.561881][ T4325] [ 467.565380][ T4325] [ 467.567718][ T4325] The buggy address belongs to the physical page: [ 467.575484][ T4325] page:ffffea0000a58e00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29638 [ 467.588452][ T4325] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 467.596434][ T4325] raw: 00fff00000000000 ffffea000094c408 ffff8880b8f412b0 0000000000000000 [ 467.606271][ T4325] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 467.615240][ T4325] page dumped because: kasan: bad access detected [ 467.622469][ T4325] page_owner tracks the page as freed [ 467.628116][ T4325] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x546dc0(GFP_USER|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO|__GFP_ACCOUNT), pid 4268, tgid 4268 (syz-executor), ts 102745231972, free_ts 467315360061 [ 467.654081][ T4325] post_alloc_hook+0x173/0x1a0 [ 467.659997][ T4325] get_page_from_freelist+0x1a26/0x1ac0 [ 467.665771][ T4325] __alloc_pages+0x1df/0x4e0 [ 467.670701][ T4325] __kmalloc_large_node+0x8c/0x1e0 [ 467.675863][ T4325] __kmalloc_node+0x10e/0x240 [ 467.680760][ T4325] kvmalloc_node+0x6c/0x180 [ 467.685449][ T4325] alloc_netdev_mqs+0x84/0xf00 [ 467.690875][ T4325] ieee80211_if_add+0xc08/0x1590 [ 467.696053][ T4325] ieee80211_register_hw+0x2d46/0x38c0 [ 467.701555][ T4325] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 467.707753][ T4325] hwsim_new_radio_nl+0xafa/0xce0 [ 467.713463][ T4325] genl_family_rcv_msg_doit+0x22e/0x320 [ 467.719239][ T4325] genl_rcv_msg+0x5f2/0x780 [ 467.723963][ T4325] netlink_rcv_skb+0x1de/0x420 [ 467.728765][ T4325] genl_rcv+0x24/0x40 [ 467.732992][ T4325] netlink_unicast+0x74d/0x8d0 [ 467.737984][ T4325] page last free stack trace: [ 467.742936][ T4325] free_unref_page_prepare+0x8b4/0x9a0 [ 467.748632][ T4325] free_unref_page+0x2e/0x3f0 [ 467.753615][ T4325] free_large_kmalloc+0xfd/0x190 [ 467.758713][ T4325] device_release+0x92/0x1c0 [ 467.763521][ T4325] kobject_put+0x21d/0x460 [ 467.768139][ T4325] netdev_run_todo+0xc8f/0xd80 [ 467.773763][ T4325] ieee80211_unregister_hw+0xfc/0x290 [ 467.779341][ T4325] mac80211_hwsim_del_radio+0x270/0x450 [ 467.785362][ T4325] hwsim_exit_net+0x581/0x640 [ 467.790704][ T4325] cleanup_net+0x6f0/0xb80 [ 467.795255][ T4325] process_one_work+0x898/0x1160 [ 467.800839][ T4325] worker_thread+0xaa2/0x1250 [ 467.806035][ T4325] kthread+0x29d/0x330 [ 467.810700][ T4325] ret_from_fork+0x1f/0x30 [ 467.816374][ T4325] [ 467.819854][ T4325] Memory state around the buggy address: [ 467.826152][ T4325] ffff888029637f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 467.834271][ T4325] ffff888029638000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 467.842390][ T4325] >ffff888029638080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 467.850743][ T4325] ^ [ 467.858062][ T4325] ffff888029638100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 467.866721][ T4325] ffff888029638180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 467.874975][ T4325] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 467.897952][ T4279] Bluetooth: hci1: command 0x0419 tx timeout [ 467.958183][ T7914] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 467.981118][ T7914] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 468.127510][ T7914] device bridge_slave_0 left promiscuous mode [ 468.145491][ T7914] bridge0: port 1(bridge_slave_0) entered disabled state [ 469.746650][ T4325] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 469.754199][ T4325] CPU: 1 PID: 4325 Comm: kworker/1:5 Not tainted syzkaller #0 [ 469.761706][ T4325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 469.771894][ T4325] Workqueue: infiniband ib_cache_event_task [ 469.777882][ T4325] Call Trace: [ 469.781219][ T4325] [ 469.784282][ T4325] dump_stack_lvl+0x168/0x22e [ 469.789010][ T4325] ? memcpy+0x3c/0x60 [ 469.793074][ T4325] ? show_regs_print_info+0x12/0x12 [ 469.798411][ T4325] ? load_image+0x3b0/0x3b0 [ 469.803048][ T4325] panic+0x2c9/0x710 [ 469.807091][ T4325] ? bpf_jit_dump+0xd0/0xd0 [ 469.811648][ T4325] ? _raw_spin_unlock_irqrestore+0xf6/0x100 [ 469.817682][ T4325] ? _raw_spin_unlock+0x40/0x40 [ 469.822691][ T4325] ? print_memory_metadata+0x314/0x400 [ 469.828239][ T4325] check_panic_on_warn+0x80/0xa0 [ 469.833258][ T4325] ? siw_query_port+0x358/0x450 [ 469.838244][ T4325] end_report+0x66/0x110 [ 469.843073][ T4325] kasan_report+0x118/0x140 [ 469.847743][ T4325] ? siw_query_port+0x358/0x450 [ 469.852653][ T4325] siw_query_port+0x358/0x450 [ 469.857560][ T4325] ib_cache_update+0x1bb/0x980 [ 469.862384][ T4325] ? ib_cache_setup_one+0x5d0/0x5d0 [ 469.868407][ T4325] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 469.874437][ T4325] ? read_lock_is_recursive+0x10/0x10 [ 469.879837][ T4325] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 469.885849][ T4325] ? _raw_spin_unlock+0x40/0x40 [ 469.891002][ T4325] ib_cache_event_task+0xd4/0x1c0 [ 469.896410][ T4325] ? process_one_work+0x7a1/0x1160 [ 469.901750][ T4325] process_one_work+0x898/0x1160 [ 469.906810][ T4325] ? worker_detach_from_pool+0x240/0x240 [ 469.912491][ T4325] ? _raw_spin_lock_irq+0xab/0xe0 [ 469.917631][ T4325] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 469.923118][ T4325] ? kthread_data+0x4b/0xc0 [ 469.927675][ T4325] worker_thread+0xaa2/0x1250 [ 469.932431][ T4325] kthread+0x29d/0x330 [ 469.936553][ T4325] ? worker_clr_flags+0x1a0/0x1a0 [ 469.941742][ T4325] ? kthread_blkcg+0xd0/0xd0 [ 469.946582][ T4325] ret_from_fork+0x1f/0x30 [ 469.951050][ T4325] [ 469.954402][ T4325] Kernel Offset: disabled [ 469.958796][ T4325] Rebooting in 86400 seconds..