last executing test programs: 32.065511274s ago: executing program 0 (id=759): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000011008188e6b62aa73772cc9f1ba1f848390000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) socket$kcm(0x2b, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x2, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r1, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000500)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) 31.757363264s ago: executing program 0 (id=763): r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$inet(r0, &(0x7f00000010c0)={&(0x7f0000000380)={0x2, 0x4e21, @rand_addr=0x64010100}, 0x10, &(0x7f0000000d00)=[{&(0x7f00000003c0)="7a90e4c3", 0x4}], 0x1}, 0x10) 30.792993967s ago: executing program 0 (id=778): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="0200000002"], 0x10) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)=ANY=[@ANYRES32=r2, @ANYRES32, @ANYBLOB="02"], 0x10) 30.641558695s ago: executing program 0 (id=780): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000002c0)={0x0, 0xfd, 0x14}, 0xc) 30.309752966s ago: executing program 0 (id=786): r0 = socket$kcm(0x10, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x10, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x179, 0x11, 0x100000}]}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001a00910c07a551559a257aac81"], 0xfe33) 14.045099847s ago: executing program 0 (id=786): r0 = socket$kcm(0x10, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x10, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x179, 0x11, 0x100000}]}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001a00910c07a551559a257aac81"], 0xfe33) 3.08971073s ago: executing program 4 (id=1028): r0 = socket(0x10, 0x80002, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000080)=0x0) syz_open_procfs$namespace(r1, &(0x7f0000000140)='ns/cgroup\x00') syz_open_procfs$namespace(0x0, &(0x7f0000002180)='ns/ipc\x00') r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000390400"/20, @ANYRES32=0x0, @ANYRES16=r2, @ANYBLOB="19f5448bfa5abd1cad0f32d969170ffc9a9a8d1f5503559376cc9e0a0e308cd8958ca4b9ae91f1b0895a366da59294e311c8f6f6e4d408ea64d6b986cf2b6b31bf337e81c533eeb2e1c2d7de6fa25d4dc7a96fb837cba0cf9c09522e5eb976fe50948f59822e68f69da5f23cf24a06fab4b251c0d98c98817006fd7133a18fcc119af77f97f88f3f", @ANYRES16=r0], 0x48}}, 0x4000080) r3 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet6_udplite(0xa, 0x2, 0x88) socket$pptp(0x18, 0x1, 0x2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bind$llc(r4, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r5, &(0x7f0000000000), 0xffffff6a) sendfile(r4, r5, 0x0, 0xffffffff000) accept(r4, 0x0, 0x0) 2.274613986s ago: executing program 3 (id=1034): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x24, 0x3c, 0x107, 0xfffffffc, 0x0, {0x4, 0x7c}, [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @generic]}]}, 0x24}}, 0xc000) 2.163229739s ago: executing program 3 (id=1035): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1}, 0x400c800) 2.077625944s ago: executing program 3 (id=1036): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x10, &(0x7f0000000000), 0x4) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000716f00000000000033"], 0xfc}}, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) sendto$inet6(r0, 0x0, 0x3, 0x4004851, 0x0, 0x9ba26bef) 2.077377601s ago: executing program 2 (id=1037): r0 = socket(0x10, 0x803, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@getchain={0x24, 0x24, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0x0, 0xfff1}}}, 0x24}}, 0x0) 1.962594505s ago: executing program 3 (id=1039): socket(0x1, 0x80802, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r1], 0x48}}, 0x0) r2 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r4 = syz_genetlink_get_family_id$team(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000900)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010600000000000000000100000008000100", @ANYRES32=r3], 0x64}}, 0x0) 1.874415067s ago: executing program 2 (id=1040): r0 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r0, &(0x7f0000000000), 0x10) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000180)={0x5, 0xfffffffe}, 0x8) close(r0) 1.830462169s ago: executing program 1 (id=1041): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) bind$inet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}}, 0x808) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) bind$netlink(r3, &(0x7f0000000400)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r6 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r6, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r7, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000600)={0x44, 0x0, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x8001, 0x79}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'veth1_to_bond\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xa}]}, 0x44}}, 0x0) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="08002600ad1600004000330010000000080211000000080211000000080211000001000000000000010001002d1a40000b0000000000000000040003000b0000000600500000000304006c"], 0x68}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r9, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 1.818200438s ago: executing program 4 (id=1042): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000680)={0x16c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x150, 0x33, @reassoc_resp={{{0x0, 0x0, 0x8}, {}, @broadcast, @device_a, @random="f7ab87594b3f"}, 0x0, 0x0, @random, @val, @void, [{0xdd, 0x6, "8b7668a21729"}, {0xdd, 0x66, "d8a062cc132f8c370fffcfbf6c255947985b88cb9f22e02d96f87d9c0a6796487053adb1a2d1f8ed33d6ef7faf4ba99f81c72edefbc742d2d897c0fb6eb2289c22b03871ec6ddb7398d4b5509078903c634145233d8a7a9a2fc09946ff1a847d43452a17ee7a"}, {0xdd, 0xb2, "95e79490e4be3bd5f39a64947fd4f137cfd9c5eca413775fff8b403d1c6824961df673862737c366f53984496ea72bc7f78d843ce303b67336957356a02e1c5bdcbd4acf120d5d44f07910bdee6eabe82f6c76ecc7c98d5a107f6eab471672d7179671906048fe7622486b35f02bac5c2f9f0c923711e82767b10da5a68b7e74d5ed8477aa43553caa8a6a5244b329c5ea5d533697643fd5f3fa33ac9b1eac2c7f88c0d5c6c9594a701e79960dd7d5ab4df3"}, {0xdd, 0x6, "85251095238f"}]}}]}, 0x16c}}, 0x0) 1.645031196s ago: executing program 2 (id=1043): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f00000007c0)=""/197, 0xc5}, {&(0x7f0000004300)=""/4103, 0x1007}, {&(0x7f0000000a00)=""/74, 0x4a}], 0x3}, 0x40000020) recvmsg$kcm(r0, &(0x7f0000000180)={0x0, 0xffffffffffffff40, 0x0}, 0x40000122) 1.493831987s ago: executing program 3 (id=1044): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00'}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) write$cgroup_int(r0, &(0x7f0000000000), 0xffffff6a) ioctl$FS_IOC_RESVSP(r0, 0x4030582a, &(0x7f0000000300)={0x1100, 0x0, 0x7f, 0x2a40}) 1.493629318s ago: executing program 4 (id=1045): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x24, 0x3c, 0x107, 0xfffffffc, 0x0, {0x4, 0x7c}, [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @generic]}]}, 0x24}}, 0xc000) 1.34182497s ago: executing program 4 (id=1046): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x16, 0x1b, &(0x7f0000000500)=@ringbuf={{}, {}, {}, [@ringbuf_query, @printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 1.329982909s ago: executing program 1 (id=1047): r0 = socket$inet6(0xa, 0x80002, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1f}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x4}]}, @NFT_MSG_NEWSETELEM={0x2c, 0xe, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xb8}}, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r2}, 0x10) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xfe1b) syz_open_procfs$namespace(0x0, &(0x7f0000000000)) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000c40), 0x12) sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x3c, 0x3e9, 0x400, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x2, 0x0, 0x3, 0xd, 0x6, 0x8, 0x0, 0x10, 0x2a}, ["", "", "", "", "", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8010) socket$kcm(0x10, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r5 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) r6 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r6, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) sendmmsg$inet(r6, &(0x7f0000000f00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x900}}], 0x2, 0x24000004) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r7], 0x20}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r8 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(r8, 0x0, 0x0, 0x0, 0x0) close(0x3) 1.041788419s ago: executing program 4 (id=1048): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000140)=[{0x0}], 0x1}, 0x0) 884.16612ms ago: executing program 4 (id=1049): r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00'}, 0x10) bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r0}, 0x8) close(0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r4}, 0x38) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r4}, 0x38) ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8955, &(0x7f00000004c0)={{0x2, 0x0, @broadcast}, {0x306, @random="9f444415c302"}, 0xffffff7d, {0x2, 0x0, @empty}}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x0) sendmsg$nl_route_sched(r3, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x1000000, {0x0, 0x0, 0x3, r5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x62, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0x4040}]}, 0x3c}}, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x43, &(0x7f0000000140)=0xffff0001, 0x4) 778.885571ms ago: executing program 1 (id=1050): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) syz_emit_ethernet(0x0, 0x0, 0x0) syz_emit_ethernet(0x57, &(0x7f00000000c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x21, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x11}, {"8ce9823ea0de8f3f8a27b573ab"}}}}}}}, 0x0) 697.785823ms ago: executing program 2 (id=1051): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 618.91498ms ago: executing program 3 (id=1052): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bind$llc(r0, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r1, 0x0, 0xffffffff000) accept(r0, 0x0, 0x0) 576.808618ms ago: executing program 2 (id=1053): bind$inet6(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r0, 0x84, 0x80, &(0x7f00000002c0)="1a00000019000000", 0x8) socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet6_tcp(0xa, 0x1, 0x0) 416.347316ms ago: executing program 1 (id=1054): socket(0x1, 0x80802, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r1], 0x48}}, 0x0) r2 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r4 = syz_genetlink_get_family_id$team(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000900)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010600000000000000000100000008000100", @ANYRES32=r3], 0x64}}, 0x0) 415.874051ms ago: executing program 2 (id=1055): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$unix(0x1, 0x1, 0x0) connect$unix(r2, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(0xffffffffffffffff, 0x0, 0x0) unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r3, &(0x7f0000000440), 0x10) listen(r3, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f0000000000), 0x10) close(r4) 45.731115ms ago: executing program 1 (id=1056): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_perm_addr={0x33}}) 0s ago: executing program 1 (id=1057): syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000009c0), 0xfffffffffffffffc, 0xadb0, r1}, 0x38) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000780)='sys_enter\x00', r2}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) sendmsg$TIPC_CMD_SET_LINK_TOL(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYBLOB="00032dbd7000fcdbdf25010000000000000007410000004c00180000000373797a3100"/63], 0x68}, 0x1, 0x0, 0x0, 0x40}, 0x66000010) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$igmp(0x2, 0x3, 0x2) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_opts(r5, 0x0, 0x4, &(0x7f0000000040)="e3052a20e3991b03ae9fab14fad049e36162b7925f20e170e95c97af0532", 0x1e) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0x0, '.\x00'}}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r4, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x0, 0x0, 0x0, [0x3, 0xb, 0x200000000000007, 0x8, 0x4, 0x8000000000000000], 0x0, &(0x7f0000000500)=[{}, {}, {}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_buf(r7, 0x0, 0x29, &(0x7f0000000000)=""/145, &(0x7f0000695ffc)=0x24b) sendmsg$IPSET_CMD_LIST(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, 0x7, 0x6, 0x201, 0x0, 0x0, {0x1}, [@IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40c8}, 0x8801) kernel console output (not intermixed with test programs): descriptor?? [ 334.990095][ T29] audit: type=1804 audit(1729226495.164:60): pid=8183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.537" name="/newroot/45/bus/bus" dev="loop0" ino=9289 res=1 errno=0 [ 336.301830][ T8203] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 336.387835][ T5330] usb 2-1: USB disconnect, device number 26 [ 336.422675][ T7389] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 336.432486][ T5292] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 336.590180][ T5292] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 336.605543][ T5292] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 336.677797][ T5292] usb 1-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 336.704958][ T5292] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 336.741857][ T5292] usb 1-1: config 0 descriptor?? [ 336.787484][ T8217] mkiss: ax0: crc mode is auto. [ 336.795472][ T5292] usb 1-1: can't set config #0, error -71 [ 336.803707][ T5292] usb 1-1: USB disconnect, device number 21 [ 336.846779][ T6996] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 337.651594][ T5321] usbhid 4-1:0.0: can't add hid device: -71 [ 337.658495][ T5321] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 337.681723][ T5321] usb 4-1: USB disconnect, device number 26 [ 337.705558][ T9] usb 3-1: USB disconnect, device number 17 [ 337.885119][ T8232] loop0: detected capacity change from 0 to 256 [ 338.066119][ T8238] loop3: detected capacity change from 0 to 24 [ 338.072791][ T8238] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 338.127004][ T8238] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 339.335890][ T5289] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 339.658341][ T5289] usb 3-1: Using ep0 maxpacket: 16 [ 339.676350][ T5289] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 339.701887][ T5289] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.709793][ T8255] loop1: detected capacity change from 0 to 512 [ 339.718383][ T5289] usb 3-1: Product: syz [ 339.722574][ T5289] usb 3-1: Manufacturer: syz [ 339.725774][ T8255] EXT4-fs (loop1): Cannot use DAX on a filesystem that may contain inline data [ 339.727163][ T5289] usb 3-1: SerialNumber: syz [ 339.746229][ T5289] usb 3-1: config 0 descriptor?? [ 339.918821][ T47] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 340.088389][ T47] usb 4-1: Using ep0 maxpacket: 16 [ 340.099871][ T47] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 340.114131][ T47] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 340.128134][ T47] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 340.137674][ T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 340.155819][ T47] usb 4-1: config 0 descriptor?? [ 340.173673][ T8259] netlink: 264 bytes leftover after parsing attributes in process `syz.0.550'. [ 340.194304][ T8259] kAFS: No cell specified [ 340.198455][ T9] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 340.380442][ T9] usb 2-1: config 0 interface 0 has no altsetting 0 [ 340.390921][ T9] usb 2-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 340.400627][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 340.418963][ T9] usb 2-1: config 0 descriptor?? [ 341.258641][ T9] video4linux radio32: keene_cmd_main failed (-110) [ 341.265360][ T9] radio-keene 2-1:0.0: V4L2 device registered as radio32 [ 341.420523][ T5330] usb 3-1: USB disconnect, device number 18 [ 341.570015][ T8254] loop3: detected capacity change from 0 to 8192 [ 341.618447][ T5321] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 341.629432][ T8254] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 341.644302][ T8254] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 341.800563][ T5321] usb 1-1: config 0 interface 0 has no altsetting 0 [ 341.807608][ T5321] usb 1-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 341.824525][ T5321] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.861557][ T5321] usb 1-1: config 0 descriptor?? [ 341.893882][ T47] usbhid 4-1:0.0: can't add hid device: -71 [ 341.915070][ T47] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 341.946010][ T47] usb 4-1: USB disconnect, device number 27 [ 342.618527][ T5321] video4linux radio33: keene_cmd_main failed (-110) [ 342.626366][ T8270] loop4: detected capacity change from 0 to 32768 [ 342.633187][ T5321] radio-keene 1-1:0.0: V4L2 device registered as radio33 [ 342.684541][ T8270] JBD2: Ignoring recovery information on journal [ 342.705784][ T8273] loop2: detected capacity change from 0 to 32768 [ 342.815923][ T8273] JBD2: Ignoring recovery information on journal [ 342.839700][ T8270] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 342.931118][ T8273] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 343.204908][ T7005] ocfs2: Unmounting device (7,2) on (node local) [ 343.235471][ T8284] xt_CT: You must specify a L4 protocol and not use inversions on it [ 343.347463][ T8286] loop3: detected capacity change from 0 to 2048 [ 343.406241][ T8286] NILFS: invalid option "cp=0": invalid checkpoint number 0 [ 343.697636][ T5257] usb 2-1: USB disconnect, device number 27 [ 343.984441][ T7389] ocfs2: Unmounting device (7,4) on (node local) [ 344.149731][ T8290] loop3: detected capacity change from 0 to 32768 [ 344.160588][ T8290] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.559 (8290) [ 344.180949][ T8290] BTRFS info (device loop3 state S): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 344.202711][ T8290] BTRFS info (device loop3 state S): using blake2b (blake2b-256-generic) checksum algorithm [ 344.263552][ T8290] BTRFS info (device loop3 state S): using free-space-tree [ 344.275274][ T8295] loop2: detected capacity change from 0 to 1024 [ 344.282406][ T8295] EXT4-fs: Ignoring removed mblk_io_submit option [ 344.363862][ T8295] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 344.378379][ T5257] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 344.509129][ T8295] loop2: detected capacity change from 1024 to 64 [ 344.549612][ T5257] usb 2-1: Using ep0 maxpacket: 8 [ 344.608719][ T7001] BTRFS info (device loop3 state CS): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 344.651210][ T5257] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 344.678891][ T5257] usb 2-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=e2.d0 [ 344.688040][ T5257] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 344.698365][ T5257] usb 2-1: Product: syz [ 344.702552][ T5257] usb 2-1: Manufacturer: syz [ 344.718754][ T5257] usb 2-1: SerialNumber: syz [ 344.743657][ T5257] usb 2-1: config 0 descriptor?? [ 345.024496][ T8294] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 345.053155][ T47] usb 1-1: USB disconnect, device number 22 [ 345.070438][ T8294] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 345.114784][ T5257] usb 2-1: probing VID:PID(0424:012C) [ 345.150893][ T8341] loop4: detected capacity change from 0 to 16 [ 345.183359][ T8333] loop3: detected capacity change from 0 to 512 [ 345.193837][ T8341] erofs: Unknown parameter '' [ 345.206302][ T7005] EXT4-fs warning (device loop2): ext4_empty_dir:3090: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 345.208993][ T5257] usb 2-1: vub300 testing UNKNOWN EndPoint(0) 05 [ 345.253160][ T8333] EXT4-fs warning (device loop3): ext4_init_metadata_csum:4580: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 345.279478][ T5257] usb 2-1: vub300 ignoring EndPoint(0) 05 [ 345.285489][ T5257] usb 2-1: Could not find two sets of bulk-in/out endpoint pairs [ 345.304349][ T7005] EXT4-fs warning (device loop2): ext4_empty_dir:3090: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 345.318986][ T8333] EXT4-fs (loop3): VFS: Found ext4 filesystem with unknown checksum algorithm. [ 345.344514][ T5257] vub300 2-1:0.0: probe with driver vub300 failed with error -22 [ 345.353025][ T7005] EXT4-fs warning (device loop2): ext4_empty_dir:3090: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 345.389600][ T7005] EXT4-fs warning (device loop2): ext4_empty_dir:3090: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 345.406901][ T7005] EXT4-fs warning (device loop2): ext4_empty_dir:3090: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 345.484437][ T5257] usb 2-1: USB disconnect, device number 28 [ 345.513751][ T7005] EXT4-fs warning (device loop2): ext4_empty_dir:3090: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 345.516313][ T8347] loop3: detected capacity change from 0 to 8 [ 345.527888][ T7005] EXT4-fs warning (device loop2): ext4_empty_dir:3090: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 345.610850][ T7005] EXT4-fs warning (device loop2): ext4_empty_dir:3090: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 345.627455][ T7005] EXT4-fs warning (device loop2): ext4_empty_dir:3090: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 345.674118][ T8347] SQUASHFS error: lzo decompression failed, data probably corrupt [ 345.842149][ T8347] SQUASHFS error: Failed to read block 0x28d: -5 [ 345.923560][ T8347] SQUASHFS error: Unable to read metadata cache entry [28b] [ 346.022404][ T8347] SQUASHFS error: Unable to read inode 0x11f [ 346.227627][ T7005] EXT4-fs warning (device loop2): ext4_empty_dir:3090: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 346.399404][ T8354] afs: Unknown parameter 'fÌaYëÙ`êdÁÐÂAÌ}Þõlock' [ 346.562926][ T8361] netlink: 12 bytes leftover after parsing attributes in process `syz.4.572'. [ 346.567038][ T8362] netlink: 12 bytes leftover after parsing attributes in process `syz.3.573'. [ 347.801570][ T8359] Illegal XDP return value 4294967262 on prog (id 89) dev N/A, expect packet loss! [ 348.234172][ T8369] loop0: detected capacity change from 0 to 512 [ 348.424291][ T5330] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 348.436840][ T8369] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 348.449944][ T8369] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 348.560883][ T8369] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 348.577143][ T8369] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2863: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 348.592270][ T8369] EXT4-fs (loop0): 1 truncate cleaned up [ 348.599450][ T8369] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 348.619393][ T7005] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 348.700944][ T62] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.724660][ T8306] kmmpd-loop2: attempt to access beyond end of device [ 348.724660][ T8306] loop2: rw=14337, sector=128, nr_sectors = 2 limit=64 [ 348.739533][ T5330] usb 2-1: Using ep0 maxpacket: 8 [ 348.745998][ T8306] Buffer I/O error on dev loop2, logical block 64, lost sync page write [ 348.757964][ T5330] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 348.767525][ T5330] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 348.775953][ T5330] usb 2-1: Product: syz [ 348.780479][ T5330] usb 2-1: Manufacturer: syz [ 348.785093][ T5330] usb 2-1: SerialNumber: syz [ 348.792343][ T5330] usb 2-1: config 0 descriptor?? [ 349.028454][ T5330] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 349.083630][ T62] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.118655][ T5257] usb 5-1: new full-speed USB device number 23 using dummy_hcd [ 349.208182][ T8389] loop3: detected capacity change from 0 to 4096 [ 349.255484][ T8389] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 349.270609][ T62] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.295925][ T5257] usb 5-1: New USB device found, idVendor=0fe9, idProduct=db51, bcdDevice=79.b0 [ 349.305439][ T5257] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.324745][ T5257] usb 5-1: config 0 descriptor?? [ 349.347778][ T5257] dvb-usb: found a 'DViCO FusionHDTV DVB-T Dual USB' in warm state. [ 349.356346][ T5257] dvb-usb: bulk message failed: -22 (2/0) [ 349.382055][ T5257] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 349.401643][ T5257] dvb-usb: DViCO FusionHDTV DVB-T Dual USB error while loading driver (-19) [ 349.423532][ T5257] dvb_usb_cxusb 5-1:0.0: probe with driver dvb_usb_cxusb failed with error -22 [ 349.473502][ T62] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.573006][ T5252] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 349.582597][ T5252] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 349.592962][ T5252] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 349.643579][ T5252] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 349.655007][ T5252] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 349.665106][ T5252] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 349.877586][ T62] bridge_slave_1: left allmulticast mode [ 349.901294][ T62] bridge_slave_1: left promiscuous mode [ 349.939397][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 349.983977][ T62] bridge_slave_0: left allmulticast mode [ 350.007653][ T62] bridge_slave_0: left promiscuous mode [ 350.033141][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 350.104722][ T8405] trusted_key: encrypted_key: insufficient parameters specified [ 350.108469][ T8403] loop3: detected capacity change from 0 to 24 [ 350.155874][ T8403] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 350.235923][ T8403] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 350.800484][ T5252] Bluetooth: hci0: command 0x0405 tx timeout [ 350.814607][ T6996] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 351.199010][ T5330] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110 [ 351.544387][ T6839] Bluetooth: hci2: Frame reassembly failed (-84) [ 352.185910][ T5252] Bluetooth: hci1: command tx timeout [ 352.513871][ T5330] usb 5-1: USB disconnect, device number 23 [ 352.574154][ T5292] usb 2-1: USB disconnect, device number 29 [ 352.714676][ T8420] loop1: detected capacity change from 0 to 256 [ 352.787392][ T8420] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 352.808099][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 352.831259][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 352.849197][ T62] bond0 (unregistering): Released all slaves [ 353.542969][ T5240] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 353.856586][ T8422] loop4: detected capacity change from 0 to 32768 [ 353.924263][ T8422] JBD2: Ignoring recovery information on journal [ 354.033248][ T8422] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 354.067457][ T8392] chnl_net:caif_netlink_parms(): no params data found [ 354.143684][ T8448] netlink: 8 bytes leftover after parsing attributes in process `syz.3.586'. [ 354.184909][ T8448] loop3: detected capacity change from 0 to 512 [ 354.192118][ T8448] EXT4-fs: Ignoring removed mblk_io_submit option [ 354.238415][ T5240] Bluetooth: hci1: command tx timeout [ 354.288927][ T8448] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2 [ 354.298397][ T8448] EXT4-fs (loop3): 1 truncate cleaned up [ 354.304967][ T8448] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 354.402374][ T8447] loop1: detected capacity change from 0 to 2048 [ 354.469397][ T8447] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 354.522365][ T8422] syzkaller0: entered promiscuous mode [ 354.541018][ T8422] syzkaller0: entered allmulticast mode [ 354.605481][ T8447] UDF-fs: error (device loop1): udf_read_inode: (ino 1345) failed ident=258 [ 354.735141][ T8438] UDF-fs: error (device loop1): udf_read_inode: (ino 1345) failed ident=258 [ 354.754674][ T7001] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 355.218476][ T5330] usb 4-1: new low-speed USB device number 28 using dummy_hcd [ 355.397044][ T5330] usb 4-1: config index 0 descriptor too short (expected 6427, got 27) [ 355.405654][ T5330] usb 4-1: config 0 has an invalid interface number: 21 but max is 0 [ 355.422871][ T5330] usb 4-1: config 0 has no interface number 0 [ 355.434575][ T5330] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt [ 355.453276][ T5330] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 355.465166][ T5330] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 355.478381][ T5292] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 355.495178][ T5330] usb 4-1: config 0 descriptor?? [ 355.503705][ T8474] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 355.640501][ T5292] usb 1-1: config 0 has an invalid interface number: 143 but max is 0 [ 355.649134][ T5292] usb 1-1: config 0 has no interface number 0 [ 355.655301][ T5292] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=aa.e9 [ 355.664856][ T5292] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 355.686174][ T5292] usb 1-1: config 0 descriptor?? [ 356.142177][ T5330] usb 4-1: USB disconnect, device number 28 [ 356.368611][ T5240] Bluetooth: hci1: command tx timeout [ 357.195839][ T8494] loop3: detected capacity change from 0 to 128 [ 357.203977][ T8494] vfat: Unknown parameter '18446744073709551615' [ 357.596078][ T8496] fuse: Unknown parameter 'group_id00000000000000000000' [ 357.651403][ T29] audit: type=1326 audit(1729226517.764:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39d5f7dff9 code=0x7ffc0000 [ 357.778118][ T29] audit: type=1326 audit(1729226517.764:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39d5f7dff9 code=0x7ffc0000 [ 357.933542][ T29] audit: type=1326 audit(1729226517.764:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f39d5f7dff9 code=0x7ffc0000 [ 358.158531][ T29] audit: type=1326 audit(1729226517.764:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39d5f7dff9 code=0x7ffc0000 [ 358.214245][ T29] audit: type=1326 audit(1729226517.764:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39d5f7dff9 code=0x7ffc0000 [ 358.294081][ T29] audit: type=1326 audit(1729226517.764:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f39d5f7dff9 code=0x7ffc0000 [ 358.379192][ T29] audit: type=1326 audit(1729226517.764:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39d5f7dff9 code=0x7ffc0000 [ 358.382546][ T8498] loop3: detected capacity change from 0 to 256 [ 358.401567][ T29] audit: type=1326 audit(1729226517.764:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39d5f7dff9 code=0x7ffc0000 [ 358.401603][ T29] audit: type=1326 audit(1729226517.764:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f39d5f7dff9 code=0x7ffc0000 [ 358.401664][ T29] audit: type=1326 audit(1729226517.774:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39d5f7dff9 code=0x7ffc0000 [ 358.485316][ T8498] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 358.486422][ T5240] Bluetooth: hci1: command tx timeout [ 358.932479][ T8502] 9pnet: Unknown protocol version 9 [ 359.942623][ T8504] loop3: detected capacity change from 0 to 32768 [ 359.967371][ T8504] debugfs: Directory '03E7AA51A951448EB9EB6DD609435E20' with parent 'ocfs2' already present! [ 360.002697][ T8504] JBD2: Ignoring recovery information on journal [ 360.065424][ T8504] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 360.149508][ T8392] bridge0: port 1(bridge_slave_0) entered blocking state [ 360.156705][ T8392] bridge0: port 1(bridge_slave_0) entered disabled state [ 360.168390][ T8392] bridge_slave_0: entered allmulticast mode [ 360.184768][ T8392] bridge_slave_0: entered promiscuous mode [ 360.198879][ T5292] usb 1-1: string descriptor 0 read error: -71 [ 360.211045][ T8392] bridge0: port 2(bridge_slave_1) entered blocking state [ 360.281340][ T8392] bridge0: port 2(bridge_slave_1) entered disabled state [ 360.308505][ T5292] ath6kl: Failed to submit usb control message: -71 [ 360.333803][ T5292] ath6kl: unable to send the bmi data to the device: -71 [ 360.334734][ T8392] bridge_slave_1: entered allmulticast mode [ 360.342601][ T5292] ath6kl: Unable to send get target info: -71 [ 360.347719][ T8392] bridge_slave_1: entered promiscuous mode [ 360.362002][ T5292] ath6kl: Failed to init ath6kl core: -71 [ 360.368036][ T5292] ath6kl_usb 1-1:0.143: probe with driver ath6kl_usb failed with error -71 [ 360.407666][ T5292] usb 1-1: USB disconnect, device number 23 [ 360.415958][ T62] hsr_slave_0: left promiscuous mode [ 360.431012][ T7389] ocfs2: Unmounting device (7,4) on (node local) [ 360.471107][ T62] hsr_slave_1: left promiscuous mode [ 360.525985][ T7001] ocfs2: Unmounting device (7,3) on (node local) [ 360.634212][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 360.662871][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 360.751750][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 360.792047][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 360.880428][ T62] veth1_macvtap: left promiscuous mode [ 360.894906][ T8525] netlink: 8 bytes leftover after parsing attributes in process `syz.4.599'. [ 360.904530][ T7196] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 360.907652][ T62] veth0_macvtap: left promiscuous mode [ 360.955886][ T62] veth1_vlan: left promiscuous mode [ 360.957278][ T8521] loop4: detected capacity change from 0 to 512 [ 360.968367][ T8521] EXT4-fs: Ignoring removed mblk_io_submit option [ 360.975822][ T62] veth0_vlan: left promiscuous mode [ 361.015393][ T8521] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -2 [ 361.024645][ T8521] EXT4-fs (loop4): 1 truncate cleaned up [ 361.036350][ T8521] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 361.078400][ T7196] usb 2-1: Using ep0 maxpacket: 32 [ 361.101277][ T8536] syz.3.605[8536] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 361.101369][ T8536] syz.3.605[8536] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 361.114003][ T8536] syz.3.605[8536] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 361.203585][ T7196] usb 2-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 361.240637][ T5292] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 361.263569][ T7196] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.279600][ T7196] usb 2-1: config 0 descriptor?? [ 361.321134][ T7196] gspca_main: sunplus-2.14.0 probing 041e:400b [ 362.239168][ T5292] usb 1-1: Using ep0 maxpacket: 16 [ 362.246209][ T5292] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7 [ 362.278452][ T5292] usb 1-1: New USB device found, idVendor=0d46, idProduct=0081, bcdDevice=19.82 [ 362.287562][ T5292] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.298305][ T5292] usb 1-1: Product: syz [ 362.308318][ T5292] usb 1-1: Manufacturer: syz [ 362.316216][ T5292] usb 1-1: SerialNumber: syz [ 362.326456][ T5292] usb 1-1: config 0 descriptor?? [ 362.335617][ T5292] kobil_sct 1-1:0.0: KOBIL USB smart card terminal converter detected [ 362.348857][ T5292] usb 1-1: KOBIL USB smart card terminal converter now attached to ttyUSB0 [ 362.552232][ T62] team0 (unregistering): Port device team_slave_1 removed [ 362.578423][ T8] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 362.598618][ T62] team0 (unregistering): Port device team_slave_0 removed [ 362.738434][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 362.755667][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 362.771908][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 362.783254][ T8] usb 4-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00 [ 362.808345][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.827828][ T8] usb 4-1: config 0 descriptor?? [ 363.038541][ T8534] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 363.237739][ T7196] gspca_sunplus: reg_w_riv err -71 [ 363.246754][ T7196] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 363.279173][ T7196] usb 2-1: USB disconnect, device number 30 [ 363.341354][ T8] hid-led 0003:1294:1320.0007: hidraw0: USB HID v0.00 Device [HID 1294:1320] on usb-dummy_hcd.3-1/input0 [ 363.446319][ T8] hid-led 0003:1294:1320.0007: Riso Kagaku Webmail Notifier initialized [ 363.493109][ T8542] loop3: detected capacity change from 0 to 256 [ 363.547753][ T8542] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 363.652442][ T8542] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 363.675191][ T8542] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 363.722940][ T8392] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 363.755659][ T7389] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 363.769683][ T8392] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 363.892285][ T8392] team0: Port device team_slave_0 added [ 363.912207][ T8392] team0: Port device team_slave_1 added [ 364.026858][ T8392] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 364.035919][ T8555] netlink: 68 bytes leftover after parsing attributes in process `syz.1.608'. [ 364.050436][ T8392] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 364.050571][ T5289] usb 4-1: USB disconnect, device number 29 [ 364.076353][ C1] vkms_vblank_simulate: vblank timer overrun [ 364.124706][ T5257] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38) [ 364.150233][ T5257] leds riso_kagaku0:green: Setting an LED's brightness failed (-38) [ 364.159633][ T5257] leds riso_kagaku0:red: Setting an LED's brightness failed (-38) [ 364.170244][ T8392] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 364.184737][ T8392] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 364.191927][ T8392] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 364.218101][ T8392] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 364.305070][ T8392] hsr_slave_0: entered promiscuous mode [ 364.324590][ T8392] hsr_slave_1: entered promiscuous mode [ 364.344594][ T8563] cgroup: Unknown subsys name 'cpuset' [ 364.352600][ T8392] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 364.372476][ T8392] Cannot create hsr debugfs directory [ 364.672547][ T7196] usb 1-1: USB disconnect, device number 24 [ 364.683332][ T7196] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0 [ 364.717989][ T7196] kobil_sct 1-1:0.0: device disconnected [ 364.789244][ T5289] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 364.948934][ T5289] usb 5-1: Using ep0 maxpacket: 16 [ 364.966701][ T5289] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 364.986425][ T5289] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 365.065849][ T5289] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 365.117919][ T5244] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 365.143176][ T5244] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 365.145979][ T8582] loop3: detected capacity change from 0 to 2048 [ 365.150966][ T5289] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 365.166867][ T5289] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.175293][ T5244] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 365.186620][ T5289] usb 5-1: config 0 descriptor?? [ 365.199019][ T5244] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 365.217114][ T5244] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 365.227214][ T5244] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 365.235686][ T8585] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 365.306842][ T8582] NILFS error (device loop3): nilfs_check_folio: bad entry in directory #2: unaligned directory entry - offset=32, inode=15564440312192434187, rec_len=11150, name_len=126 [ 365.373238][ T8582] Remounting filesystem read-only [ 365.421165][ T62] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.597864][ T5289] koneplus 0003:1E7D:2E22.0008: unknown main item tag 0x0 [ 365.635597][ T5289] koneplus 0003:1E7D:2E22.0008: hidraw0: USB HID v0.00 Device [HID 1e7d:2e22] on usb-dummy_hcd.4-1/input0 [ 365.806720][ T62] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.850372][ T5289] koneplus 0003:1E7D:2E22.0008: couldn't init struct koneplus_device [ 365.878315][ T5289] koneplus 0003:1E7D:2E22.0008: couldn't install mouse [ 365.895409][ T5289] koneplus 0003:1E7D:2E22.0008: probe with driver koneplus failed with error -5 [ 366.056679][ T7196] usb 5-1: USB disconnect, device number 24 [ 366.134142][ T62] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.332768][ T62] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.722467][ T62] bridge_slave_1: left allmulticast mode [ 366.728180][ T62] bridge_slave_1: left promiscuous mode [ 366.744660][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 366.790721][ T62] bridge_slave_0: left allmulticast mode [ 366.806633][ T62] bridge_slave_0: left promiscuous mode [ 366.812484][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 366.827122][ T8612] loop4: detected capacity change from 0 to 2048 [ 366.919741][ T8612] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 366.938638][ T8617] loop3: detected capacity change from 0 to 128 [ 366.941845][ T8581] loop0: detected capacity change from 0 to 40427 [ 366.964357][ T8612] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 367.005698][ T8617] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 367.040169][ T8617] ext4 filesystem being mounted at /75/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 367.054339][ T8581] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x1fffff [ 367.102343][ T8581] F2FS-fs (loop0): invalid crc value [ 367.240779][ T7001] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 367.262254][ T8612] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 367.373366][ T5240] Bluetooth: hci2: command tx timeout [ 367.401845][ T8581] F2FS-fs (loop0): Found nat_bits in checkpoint [ 367.562370][ T8581] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 367.615118][ T8578] F2FS-fs (loop0): inject no more block in inc_valid_block_count of f2fs_map_blocks+0x1257/0x4f10 [ 367.714297][ T8578] F2FS-fs (loop0): inject inconsistent blkaddr in f2fs_truncate_data_blocks_range of f2fs_do_truncate_blocks+0x6e3/0x1180 [ 367.817242][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 367.827894][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 367.838548][ T62] bond0 (unregistering): Released all slaves [ 367.863232][ T8392] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 367.906847][ T8392] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 367.946623][ T8579] chnl_net:caif_netlink_parms(): no params data found [ 367.976591][ T8392] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 367.987448][ T8392] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 368.068033][ T6996] syz-executor: attempt to access beyond end of device [ 368.068033][ T6996] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 368.094066][ T6996] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 368.277243][ T62] hsr_slave_0: left promiscuous mode [ 368.309435][ T62] hsr_slave_1: left promiscuous mode [ 368.358815][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 368.366228][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 368.407933][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 368.425645][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 368.463217][ T62] veth1_macvtap: left promiscuous mode [ 368.469398][ T62] veth0_macvtap: left promiscuous mode [ 368.475331][ T62] veth1_vlan: left promiscuous mode [ 368.484209][ T62] veth0_vlan: left promiscuous mode [ 368.894857][ T62] team0 (unregistering): Port device team_slave_1 removed [ 368.941915][ T62] team0 (unregistering): Port device team_slave_0 removed [ 369.367486][ T8579] bridge0: port 1(bridge_slave_0) entered blocking state [ 369.376978][ T8579] bridge0: port 1(bridge_slave_0) entered disabled state [ 369.386040][ T8579] bridge_slave_0: entered allmulticast mode [ 369.393184][ T8579] bridge_slave_0: entered promiscuous mode [ 369.409954][ T8579] bridge0: port 2(bridge_slave_1) entered blocking state [ 369.417039][ T8579] bridge0: port 2(bridge_slave_1) entered disabled state [ 369.424789][ T8579] bridge_slave_1: entered allmulticast mode [ 369.439308][ T8579] bridge_slave_1: entered promiscuous mode [ 369.448645][ T5244] Bluetooth: hci2: command tx timeout [ 369.503833][ T8579] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 369.525001][ T8579] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 369.611768][ T8579] team0: Port device team_slave_0 added [ 369.627084][ T8579] team0: Port device team_slave_1 added [ 369.647315][ T8392] 8021q: adding VLAN 0 to HW filter on device bond0 [ 369.703943][ T8579] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 369.716006][ T8579] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 369.751673][ T8579] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 369.780484][ T8392] 8021q: adding VLAN 0 to HW filter on device team0 [ 369.790809][ T8579] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 369.797771][ T8579] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 369.834767][ T8579] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 369.873722][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 369.880869][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 369.925531][ T5935] bridge0: port 2(bridge_slave_1) entered blocking state [ 369.932628][ T5935] bridge0: port 2(bridge_slave_1) entered forwarding state [ 369.989152][ T8579] hsr_slave_0: entered promiscuous mode [ 369.995597][ T8579] hsr_slave_1: entered promiscuous mode [ 370.012247][ T8579] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 370.020230][ T8579] Cannot create hsr debugfs directory [ 370.384680][ T8392] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 370.526706][ T8392] veth0_vlan: entered promiscuous mode [ 370.547201][ T8392] veth1_vlan: entered promiscuous mode [ 370.558567][ T5244] Bluetooth: hci7: command 0x0406 tx timeout [ 370.643296][ T8579] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 370.656934][ T8579] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 370.682396][ T8392] veth0_macvtap: entered promiscuous mode [ 370.698974][ T8579] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 370.712652][ T8392] veth1_macvtap: entered promiscuous mode [ 370.719889][ T8579] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 370.753896][ T8392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 370.765735][ T8392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.776568][ T8392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 370.787378][ T8392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.797525][ T8392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 370.809712][ T8392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.825287][ T8392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 370.837260][ T8392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.849931][ T8392] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 370.875203][ T8392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 370.887761][ T8392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.897875][ T8392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 370.908628][ T8392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.925187][ T8392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 370.937608][ T8392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.954228][ T8392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 370.965659][ T8392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.982708][ T8392] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 371.004543][ T8392] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.013794][ T8392] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.022931][ T8392] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.040587][ T8392] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.176525][ T5935] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 371.184355][ T8579] 8021q: adding VLAN 0 to HW filter on device bond0 [ 371.199522][ T5935] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 371.202577][ T8579] 8021q: adding VLAN 0 to HW filter on device team0 [ 371.225282][ T5935] bridge0: port 1(bridge_slave_0) entered blocking state [ 371.232417][ T5935] bridge0: port 1(bridge_slave_0) entered forwarding state [ 371.251881][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 371.259007][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 371.284049][ T1117] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 371.299251][ T1117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 371.406272][ T8704] loop2: detected capacity change from 0 to 512 [ 371.455018][ T8704] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 371.468906][ T8704] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 371.518492][ T5240] Bluetooth: hci2: command tx timeout [ 371.531270][ T8579] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 371.567979][ T8579] veth0_vlan: entered promiscuous mode [ 371.577879][ T8579] veth1_vlan: entered promiscuous mode [ 371.603771][ T8579] veth0_macvtap: entered promiscuous mode [ 371.613201][ T8579] veth1_macvtap: entered promiscuous mode [ 371.627998][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 371.638780][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.651014][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 371.661511][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.672013][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 371.682780][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.692724][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 371.703189][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.713105][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 371.723660][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.733590][ T5321] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 371.742029][ T8579] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 371.763068][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 371.773673][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.783970][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 371.795305][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.805177][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 371.815778][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.826118][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 371.836881][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.847550][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 371.859539][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.872471][ T8579] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 371.886536][ T8579] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.895406][ T8579] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.904339][ T8579] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.913387][ T8579] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.923319][ T5321] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 371.932305][ T5321] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 371.948478][ T5321] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 371.984222][ T5321] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 372.013022][ T5321] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 372.025093][ T5935] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 372.028180][ T5321] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 372.038329][ T5935] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 372.054949][ T5321] usb 3-1: Product: syz [ 372.068445][ T5321] usb 3-1: Manufacturer: syz [ 372.076889][ T5935] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 372.083046][ T5321] cdc_wdm 3-1:1.0: skipping garbage [ 372.095859][ T5321] cdc_wdm 3-1:1.0: skipping garbage [ 372.100133][ T5935] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 372.109512][ T5321] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 372.116610][ T5321] cdc_wdm 3-1:1.0: Unknown control protocol [ 372.291960][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 372.298713][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 372.305087][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 372.311709][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 372.318204][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 372.324861][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 372.331389][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 372.338013][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 372.344295][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 372.350895][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 372.357221][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 372.363825][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 372.370973][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 372.377608][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 372.388157][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 372.394775][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 372.400838][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 372.409669][ T5292] usb 3-1: USB disconnect, device number 19 [ 372.460841][ T8714] netlink: 8 bytes leftover after parsing attributes in process `syz.1.616'. [ 372.481990][ T8714] loop1: detected capacity change from 0 to 512 [ 372.489079][ T8714] EXT4-fs: Ignoring removed mblk_io_submit option [ 372.498029][ T8714] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 372.507107][ T8714] EXT4-fs (loop1): 1 truncate cleaned up [ 372.513691][ T8714] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 372.615009][ T8579] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 372.898446][ T5292] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 373.054962][ T5292] usb 3-1: New USB device found, idVendor=8086, idProduct=0630, bcdDevice=83.b4 [ 373.064085][ T5292] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.075975][ T5292] usb 3-1: Product: syz [ 373.080209][ T5292] usb 3-1: Manufacturer: syz [ 373.085449][ T5292] usb 3-1: SerialNumber: syz [ 373.092848][ T5292] usb 3-1: config 0 descriptor?? [ 373.100879][ T5292] gspca_main: spca500-2.14.0 probing 8086:0630 [ 373.599441][ T5240] Bluetooth: hci2: command tx timeout [ 373.810938][ T5257] usb 3-1: USB disconnect, device number 20 [ 373.841187][ T8392] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 378.723115][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.729502][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 391.038314][ T5244] Bluetooth: hci5: command 0x0406 tx timeout [ 397.847685][ T8731] FAULT_INJECTION: forcing a failure. [ 397.847685][ T8731] name failslab, interval 1, probability 0, space 0, times 0 [ 397.973091][ T8731] CPU: 0 UID: 0 PID: 8731 Comm: syz.4.626 Not tainted 6.12.0-rc3-next-20241016-syzkaller #0 [ 397.983236][ T8731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 397.993308][ T8731] Call Trace: [ 397.996596][ T8731] [ 397.999536][ T8731] dump_stack_lvl+0x241/0x360 [ 398.004236][ T8731] ? __pfx_dump_stack_lvl+0x10/0x10 [ 398.009450][ T8731] ? __pfx__printk+0x10/0x10 [ 398.014061][ T8731] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 398.020060][ T8731] ? __pfx___might_resched+0x10/0x10 [ 398.025375][ T8731] should_fail_ex+0x3b0/0x4e0 [ 398.030080][ T8731] should_failslab+0xac/0x100 [ 398.034779][ T8731] kmem_cache_alloc_node_noprof+0x77/0x380 [ 398.040607][ T8731] ? __alloc_skb+0x1c3/0x440 [ 398.045218][ T8731] __alloc_skb+0x1c3/0x440 [ 398.049658][ T8731] ? __pfx___alloc_skb+0x10/0x10 [ 398.054620][ T8731] ? netlink_ack_tlv_len+0x6e/0x200 [ 398.059848][ T8731] netlink_ack+0x13f/0xa30 [ 398.064278][ T8731] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 398.069774][ T8731] netlink_rcv_skb+0x262/0x430 [ 398.074560][ T8731] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 398.080040][ T8731] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 398.085387][ T8731] ? netlink_deliver_tap+0x2e/0x1b0 [ 398.090604][ T8731] netlink_unicast+0x7f6/0x990 [ 398.095392][ T8731] ? __pfx_netlink_unicast+0x10/0x10 [ 398.100705][ T8731] ? __virt_addr_valid+0x183/0x530 [ 398.105831][ T8731] ? __check_object_size+0x48e/0x900 [ 398.111130][ T8731] netlink_sendmsg+0x8e4/0xcb0 [ 398.115903][ T8731] ? __pfx_netlink_sendmsg+0x10/0x10 [ 398.121201][ T8731] ? aa_sock_msg_perm+0x91/0x160 [ 398.126135][ T8731] ? __pfx_netlink_sendmsg+0x10/0x10 [ 398.131416][ T8731] __sock_sendmsg+0x221/0x270 [ 398.136092][ T8731] ____sys_sendmsg+0x52a/0x7e0 [ 398.140861][ T8731] ? __pfx_____sys_sendmsg+0x10/0x10 [ 398.146139][ T8731] ? __fget_files+0x28/0x430 [ 398.150729][ T8731] ? __fget_files+0x28/0x430 [ 398.155329][ T8731] __sys_sendmsg+0x292/0x380 [ 398.159920][ T8731] ? __pfx___sys_sendmsg+0x10/0x10 [ 398.165041][ T8731] ? __pfx_vfs_write+0x10/0x10 [ 398.169815][ T8731] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 398.176172][ T8731] ? do_syscall_64+0x100/0x230 [ 398.180941][ T8731] ? do_syscall_64+0xb6/0x230 [ 398.185616][ T8731] do_syscall_64+0xf3/0x230 [ 398.190112][ T8731] ? clear_bhb_loop+0x35/0x90 [ 398.194783][ T8731] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.200669][ T8731] RIP: 0033:0x7f6ea0d7dff9 [ 398.205090][ T8731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 398.224690][ T8731] RSP: 002b:00007f6ea1c4c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 398.233103][ T8731] RAX: ffffffffffffffda RBX: 00007f6ea0f35f80 RCX: 00007f6ea0d7dff9 [ 398.241070][ T8731] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004 [ 398.249036][ T8731] RBP: 00007f6ea1c4c090 R08: 0000000000000000 R09: 0000000000000000 [ 398.256998][ T8731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 398.264962][ T8731] R13: 0000000000000000 R14: 00007f6ea0f35f80 R15: 00007ffe2fc3fbd8 [ 398.272953][ T8731] [ 398.338854][ T8736] syz.0.622[8736] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 398.339270][ T8736] syz.0.622[8736] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 398.351060][ T8736] syz.0.622[8736] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 399.511967][ T5321] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 400.062341][ T8744] syz.0.627[8744] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 400.062429][ T8744] syz.0.627[8744] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 400.073909][ T8744] syz.0.627[8744] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 400.348296][ T5321] usb 3-1: device descriptor read/64, error -71 [ 400.466685][ T8748] netlink: 'syz.1.629': attribute type 5 has an invalid length. [ 400.608674][ T5321] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 400.768490][ T5321] usb 3-1: device descriptor read/64, error -71 [ 400.913015][ T5321] usb usb3-port1: attempt power cycle [ 401.267971][ T8757] loop2: detected capacity change from 0 to 32768 [ 401.275954][ T8757] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.632 (8757) [ 401.323050][ T8757] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 401.333280][ T8757] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 401.342037][ T8757] BTRFS info (device loop2): using free-space-tree [ 401.694201][ T5244] Bluetooth: hci0: command 0x0405 tx timeout [ 401.762172][ T8755] loop4: detected capacity change from 0 to 32768 [ 401.846264][ T8755] JBD2: Ignoring recovery information on journal [ 401.904931][ T8755] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 402.028414][ T5292] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 402.102990][ T7389] ocfs2: Unmounting device (7,4) on (node local) [ 402.188518][ T5292] usb 1-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config [ 402.901461][ T8795] loop1: detected capacity change from 0 to 16 [ 402.917953][ T8795] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 402.964825][ T5292] usb 1-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 403.036147][ T5292] usb 1-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 403.047265][ T5292] usb 1-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 403.056041][ T5292] usb 1-1: Manufacturer: syz [ 403.064589][ T8797] loop4: detected capacity change from 0 to 64 [ 403.072343][ T5292] usb 1-1: SerialNumber: syz [ 403.179143][ T8797] hfs: Unknown parameter 'dir_umcsk' [ 403.184515][ T8392] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 403.231612][ T8799] loop1: detected capacity change from 0 to 8 [ 403.238869][ T8799] squashfs: Unknown parameter ' ¥Zš1è½L‰£ÄÎKûA·Ò–08ö©‡¨(*|*JÃyIúA#åxÚ–°“'ðÄa°¿ÂÌX£èÃZ"ÞòÅsEb v¼] [ 403.238869][ T8799] 쎛æÃEêÆ`˜mÜgGf¢\m' [ 403.405607][ T5292] usbhid 1-1:36.0: couldn't find an input interrupt endpoint [ 403.456372][ T5292] usb 1-1: USB disconnect, device number 25 [ 403.856783][ T8801] loop1: detected capacity change from 0 to 40427 [ 404.104088][ T8797] loop4: detected capacity change from 0 to 32768 [ 404.239051][ T8806] loop2: detected capacity change from 0 to 40427 [ 404.245899][ T8797] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.636 (8797) [ 404.298372][ T8801] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 404.307599][ T8806] F2FS-fs (loop2): invalid crc value [ 404.323791][ T8806] F2FS-fs (loop2): Found nat_bits in checkpoint [ 404.442404][ T8797] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 404.442634][ T8801] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 404.461666][ T8806] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 404.553832][ T8797] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 404.587146][ T8801] F2FS-fs (loop1): invalid crc value [ 404.610699][ T8797] BTRFS info (device loop4): using free-space-tree [ 404.736196][ T8801] F2FS-fs (loop1): Found nat_bits in checkpoint [ 405.248513][ T8801] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 405.280123][ T8801] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 405.410929][ T8392] syz-executor: attempt to access beyond end of device [ 405.410929][ T8392] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 405.442861][ T8392] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 405.929648][ T8838] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 407.038679][ T5257] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 407.128838][ T8843] syz.3.644[8843] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 407.128959][ T8843] syz.3.644[8843] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 407.140417][ T8843] syz.3.644[8843] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 407.201833][ T5257] usb 5-1: Using ep0 maxpacket: 8 [ 407.416924][ T5257] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 407.428302][ T5257] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 407.439347][ T5257] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 407.449535][ T5257] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 407.462564][ T5257] usb 5-1: New USB device found, idVendor=2179, idProduct=0077, bcdDevice= 0.00 [ 407.471673][ T5257] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 407.490534][ T5257] usb 5-1: config 0 descriptor?? [ 407.558406][ T5292] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 407.718508][ T5292] usb 1-1: Using ep0 maxpacket: 8 [ 407.748722][ T5292] usb 1-1: unable to get BOS descriptor or descriptor too short [ 407.778169][ T5292] usb 1-1: config 8 has an invalid interface number: 255 but max is 0 [ 407.810310][ T5292] usb 1-1: config 8 has no interface number 0 [ 407.838929][ T5292] usb 1-1: config 8 interface 255 has no altsetting 0 [ 407.873687][ T5292] usb 1-1: New USB device found, idVendor=0423, idProduct=000c, bcdDevice=2e.bf [ 407.881616][ T8854] loop2: detected capacity change from 0 to 32768 [ 407.883335][ T5292] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 407.890034][ T8854] (syz.2.647,8854,1):ocfs2_parse_options:1448 ERROR: Unrecognized mount option "noace" or missing value [ 407.909331][ T8854] (syz.2.647,8854,1):ocfs2_fill_super:1178 ERROR: status = -22 [ 407.969554][ T5292] usb 1-1: Product: syz [ 407.973754][ T5292] usb 1-1: Manufacturer: syz [ 408.074634][ T5257] usbhid 5-1:0.0: can't add hid device: -71 [ 408.080806][ T5257] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 408.085104][ T7389] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 408.090654][ T5257] usb 5-1: USB disconnect, device number 25 [ 408.104460][ T5292] usb 1-1: SerialNumber: syz [ 408.883010][ T5292] catc 1-1:8.255: Can't set altsetting 1. [ 408.888957][ T5292] catc 1-1:8.255: probe with driver catc failed with error -5 [ 408.909467][ T8862] netlink: 'syz.1.649': attribute type 10 has an invalid length. [ 408.917321][ T8862] netlink: 40 bytes leftover after parsing attributes in process `syz.1.649'. [ 408.941063][ T5292] usb 1-1: USB disconnect, device number 26 [ 408.993231][ T8865] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 409.000045][ T8865] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 409.192510][ T8871] loop2: detected capacity change from 0 to 24 [ 409.198090][ T8862] team0: Port device geneve0 added [ 409.249795][ T8865] vhci_hcd vhci_hcd.0: Device attached [ 409.267038][ T8871] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 409.408558][ T5292] vhci_hcd: vhci_device speed not set [ 409.426951][ T8871] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 409.543751][ T5292] usb 11-1: new full-speed USB device number 2 using vhci_hcd [ 409.613243][ T8866] vhci_hcd: connection reset by peer [ 409.649516][ T5935] vhci_hcd: stop threads [ 409.654808][ T5935] vhci_hcd: release socket [ 409.662083][ T5935] vhci_hcd: disconnect device [ 409.722703][ T8876] loop0: detected capacity change from 0 to 512 [ 409.758574][ T7196] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 409.819140][ T8876] EXT4-fs error (device loop0): ext4_orphan_get:1414: comm syz.0.651: bad orphan inode 4 [ 409.855918][ T8876] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 409.968359][ T7196] usb 5-1: Using ep0 maxpacket: 16 [ 409.975227][ T7196] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7 [ 410.090509][ T7196] usb 5-1: New USB device found, idVendor=0d46, idProduct=0081, bcdDevice=19.82 [ 410.101902][ T7196] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 410.691748][ T7196] usb 5-1: Product: syz [ 410.695965][ T7196] usb 5-1: Manufacturer: syz [ 410.700659][ T7196] usb 5-1: SerialNumber: syz [ 410.707572][ T7196] usb 5-1: config 0 descriptor?? [ 410.715009][ T7196] kobil_sct 5-1:0.0: KOBIL USB smart card terminal converter detected [ 410.723841][ T29] kauditd_printk_skb: 43 callbacks suppressed [ 410.723855][ T29] audit: type=1326 audit(1729226570.914:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8877 comm="syz.2.652" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbe6d97dff9 code=0x0 [ 410.739464][ T6996] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 410.798604][ T8862] syz.1.649 (8862) used greatest stack depth: 17904 bytes left [ 410.856312][ T7196] usb 5-1: KOBIL USB smart card terminal converter now attached to ttyUSB0 [ 410.873241][ T8886] loop3: detected capacity change from 0 to 1024 [ 410.892600][ T8886] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 410.939694][ T8888] netlink: 12 bytes leftover after parsing attributes in process `syz.0.654'. [ 410.955151][ T8886] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 412.490897][ T8898] netlink: 'syz.0.657': attribute type 4 has an invalid length. [ 412.732749][ T8902] loop1: detected capacity change from 0 to 512 [ 412.739908][ T8902] ext2: Unknown parameter 'uid<00000000000000000000' [ 412.751086][ T8903] netlink: 'syz.0.657': attribute type 17 has an invalid length. [ 412.832913][ T7001] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 413.646248][ T8918] syz.2.663[8918] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 413.646343][ T8918] syz.2.663[8918] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 413.657921][ T8918] syz.2.663[8918] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 413.660821][ T8920] loop0: detected capacity change from 0 to 64 [ 413.789084][ T8920] hfs: Unknown parameter 'dir_umcsk' [ 413.968029][ T7196] usb 5-1: USB disconnect, device number 26 [ 413.998775][ T7196] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0 [ 414.045764][ T7196] kobil_sct 5-1:0.0: device disconnected [ 414.236423][ T8926] syz.3.664[8926] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 414.236509][ T8926] syz.3.664[8926] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 414.318426][ T8926] syz.3.664[8926] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 414.335716][ T8929] loop4: detected capacity change from 0 to 512 [ 414.409201][ T8929] EXT4-fs: Ignoring removed mblk_io_submit option [ 414.430670][ T8929] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 414.454927][ T8929] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002] [ 414.473974][ T8929] System zones: 1-12 [ 414.523817][ T8929] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.665: corrupted in-inode xattr: e_value size too large [ 414.557281][ T8929] EXT4-fs error (device loop4): ext4_orphan_get:1393: comm syz.4.665: couldn't read orphan inode 15 (err -117) [ 414.651103][ T8929] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 414.757289][ T8933] loop2: detected capacity change from 0 to 512 [ 414.798489][ T8929] netlink: 4 bytes leftover after parsing attributes in process `syz.4.665'. [ 415.072807][ T8933] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 415.390275][ T8919] loop1: detected capacity change from 0 to 32768 [ 415.413588][ T8919] XFS: attr2 mount option is deprecated. [ 415.466213][ T8920] loop0: detected capacity change from 0 to 32768 [ 415.480134][ T8920] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.662 (8920) [ 415.569066][ T8933] EXT4-fs (loop2): 1 truncate cleaned up [ 415.593365][ T8933] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 415.633039][ T8920] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 415.668596][ T5292] vhci_hcd: vhci_device speed not set [ 415.668744][ T8920] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 415.675027][ T7389] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 415.807187][ T8920] BTRFS info (device loop0): using free-space-tree [ 415.971026][ T8945] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 16: block 33:freeing already freed block (bit 32); block bitmap corrupt. [ 415.992622][ T8944] veth1_macvtap: left promiscuous mode [ 416.001968][ T8944] macsec0: entered promiscuous mode [ 416.052841][ T8919] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 416.056302][ T8946] veth1_macvtap: entered promiscuous mode [ 416.069694][ T8946] macsec0: left promiscuous mode [ 416.074798][ T8946] macsec0: entered allmulticast mode [ 416.081157][ T8946] veth1_macvtap: entered allmulticast mode [ 416.094544][ T8946] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 416.402436][ T8392] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 416.475803][ T8919] XFS (loop1): Ending clean mount [ 416.556160][ T8972] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 416.565121][ T8919] XFS (loop1): Quotacheck needed: Please wait. [ 416.709090][ T8919] XFS (loop1): Quotacheck: Done. [ 416.797501][ T8579] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 416.874598][ T8978] loop2: detected capacity change from 0 to 1024 [ 416.938665][ T7196] usb 4-1: new full-speed USB device number 30 using dummy_hcd [ 417.016640][ T8981] loop4: detected capacity change from 0 to 128 [ 417.146191][ T7196] usb 4-1: New USB device found, idVendor=0fe9, idProduct=db51, bcdDevice=79.b0 [ 417.183081][ T7196] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 417.189427][ T6996] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 417.200386][ T4079] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 417.255307][ T8981] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 417.280311][ T7196] usb 4-1: config 0 descriptor?? [ 417.311900][ T7196] dvb-usb: found a 'DViCO FusionHDTV DVB-T Dual USB' in warm state. [ 417.338702][ T8981] ext4 filesystem being mounted at /39/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 417.370375][ C0] vkms_vblank_simulate: vblank timer overrun [ 417.381599][ T7196] dvb-usb: bulk message failed: -22 (2/0) [ 417.413332][ T7196] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 417.467409][ T7196] dvb-usb: DViCO FusionHDTV DVB-T Dual USB error while loading driver (-19) [ 417.529986][ T7196] dvb_usb_cxusb 4-1:0.0: probe with driver dvb_usb_cxusb failed with error -22 [ 417.570307][ T7196] usb 4-1: USB disconnect, device number 30 [ 417.664048][ T8989] syz.1.676[8989] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 417.664148][ T8989] syz.1.676[8989] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 417.676009][ T8989] syz.1.676[8989] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 417.693397][ T7389] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 418.271825][ T8490] hfsplus: b-tree write err: -5, ino 4 [ 419.364004][ T5292] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 419.505115][ T9005] loop3: detected capacity change from 0 to 24 [ 419.528736][ T9005] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 419.568520][ T5292] usb 5-1: Using ep0 maxpacket: 32 [ 419.603774][ T9010] loop1: detected capacity change from 0 to 256 [ 419.620796][ T5292] usb 5-1: New USB device found, idVendor=093a, idProduct=2476, bcdDevice=7a.f3 [ 419.636965][ T9010] exfat: Deprecated parameter 'namecase' [ 419.640247][ T5292] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 419.682186][ T9005] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 419.741069][ T5292] usb 5-1: Product: syz [ 419.745344][ T5292] usb 5-1: Manufacturer: syz [ 419.794016][ T5292] usb 5-1: SerialNumber: syz [ 419.808700][ T9010] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d) [ 419.842905][ T5292] usb 5-1: config 0 descriptor?? [ 419.952255][ T9012] loop2: detected capacity change from 0 to 32768 [ 419.968020][ T9012] XFS: attr2 mount option is deprecated. [ 420.014527][ T9012] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 420.200612][ T9010] (unnamed net_device) (uninitialized): option packets_per_slave: invalid value (82796) [ 420.218714][ T9010] (unnamed net_device) (uninitialized): option packets_per_slave: allowed values 0 - 65535 [ 420.828825][ T9026] delete_channel: no stack [ 420.860685][ T9012] XFS (loop2): Ending clean mount [ 420.891511][ T9012] XFS (loop2): Quotacheck needed: Please wait. [ 421.143393][ T5292] gspca_main: pac207-2.14.0 probing 093a:2476 [ 421.175588][ T9007] delete_channel: no stack [ 421.232622][ T5292] gspca_pac207: Failed to read a register (index 0x0000, error -71) [ 421.259206][ T9012] XFS (loop2): Quotacheck: Done. [ 421.277755][ T5292] usb 5-1: USB disconnect, device number 27 [ 421.323482][ T9036] loop3: detected capacity change from 0 to 1024 [ 421.855618][ T29] audit: type=1800 audit(1729226581.944:115): pid=9012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.683" name="bus" dev="loop2" ino=1067 res=0 errno=0 [ 422.117461][ T9041] loop0: detected capacity change from 0 to 512 [ 422.129093][ T9041] EXT4-fs: Ignoring removed mblk_io_submit option [ 422.187088][ T8392] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 422.229847][ T9041] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.691: corrupted in-inode xattr: invalid ea_ino [ 422.303817][ T9041] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz.0.691: couldn't read orphan inode 15 (err -117) [ 422.366846][ T9041] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 423.101785][ T744] hfsplus: b-tree write err: -5, ino 4 [ 423.709996][ T7196] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 423.878383][ T7196] usb 4-1: Using ep0 maxpacket: 32 [ 423.905190][ T7196] usb 4-1: config 0 has an invalid interface number: 126 but max is 0 [ 423.929048][ T7196] usb 4-1: config 0 has no interface number 0 [ 423.955707][ T7196] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023 [ 423.958699][ T5289] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 424.020569][ T7196] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8 [ 424.054297][ T7196] usb 4-1: config 0 interface 126 has no altsetting 0 [ 424.082646][ T7196] usb 4-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c [ 424.096390][ T7196] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 424.108612][ T5257] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 424.127672][ T7196] usb 4-1: Product: syz [ 424.139800][ T5289] usb 2-1: Using ep0 maxpacket: 16 [ 424.145803][ T7196] usb 4-1: Manufacturer: syz [ 424.152338][ T7196] usb 4-1: SerialNumber: syz [ 424.165996][ T7196] usb 4-1: config 0 descriptor?? [ 424.167515][ T5289] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 424.195560][ T9064] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 424.199219][ T5289] usb 2-1: config 1 has an invalid descriptor of length 232, skipping remainder of the config [ 424.203773][ T9064] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 424.221701][ T5289] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 424.250206][ T5289] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 424.260254][ T5257] usb 3-1: Using ep0 maxpacket: 32 [ 424.266950][ T5257] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 424.297879][ T5289] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 424.318637][ T5289] usb 2-1: Product: syz [ 424.323997][ T5257] usb 3-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 424.334905][ T5257] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 424.354648][ T5289] usb 2-1: Manufacturer: syz [ 424.368772][ T5257] usb 3-1: Product: syz [ 424.373016][ T5257] usb 3-1: Manufacturer: syz [ 424.377701][ T5289] usb 2-1: SerialNumber: syz [ 424.404566][ T5257] usb 3-1: SerialNumber: syz [ 424.424459][ T5257] usb 3-1: config 0 descriptor?? [ 424.440435][ T5257] usb 3-1: bad CDC descriptors [ 424.459273][ T5257] usb 3-1: unsupported MDLM descriptors [ 424.694551][ T5292] usb 3-1: USB disconnect, device number 24 [ 424.911045][ T9072] loop4: detected capacity change from 0 to 32768 [ 424.919187][ T9072] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.700 (9072) [ 424.939111][ T9072] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 424.949384][ T9072] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 424.958148][ T9072] BTRFS info (device loop4): using free-space-tree [ 426.392371][ T7389] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 426.502562][ T6996] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 426.597055][ T5289] usb 2-1: 0:2 : does not exist [ 426.724439][ T5289] usb 2-1: USB disconnect, device number 31 [ 426.820594][ T8774] udevd[8774]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 426.947173][ T9101] syz.2.701[9101] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 426.947272][ T9101] syz.2.701[9101] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 426.958904][ T9101] syz.2.701[9101] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 427.158330][ T5289] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 427.182091][ T5321] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 427.359731][ T5321] usb 1-1: Using ep0 maxpacket: 32 [ 427.372032][ T5289] usb 2-1: Using ep0 maxpacket: 32 [ 427.400794][ T5321] usb 1-1: New USB device found, idVendor=093a, idProduct=2476, bcdDevice=7a.f3 [ 427.410096][ T5321] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 427.418109][ T5321] usb 1-1: Product: syz [ 427.422416][ T5321] usb 1-1: Manufacturer: syz [ 427.427063][ T5321] usb 1-1: SerialNumber: syz [ 427.434179][ T5321] usb 1-1: config 0 descriptor?? [ 427.440525][ T5289] usb 2-1: New USB device found, idVendor=093a, idProduct=2476, bcdDevice=7a.f3 [ 427.449838][ T5289] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 427.458522][ T5289] usb 2-1: Product: syz [ 427.462704][ T5289] usb 2-1: Manufacturer: syz [ 427.467320][ T5289] usb 2-1: SerialNumber: syz [ 427.486583][ T5289] usb 2-1: config 0 descriptor?? [ 427.874060][ T5321] gspca_main: pac207-2.14.0 probing 093a:2476 [ 427.881132][ T5321] gspca_pac207: Failed to read a register (index 0x0000, error -71) [ 427.901104][ T5321] usb 1-1: USB disconnect, device number 27 [ 427.927143][ T5289] gspca_main: pac207-2.14.0 probing 093a:2476 [ 427.937128][ T5289] gspca_pac207: Failed to read a register (index 0x0000, error -71) [ 427.976050][ T5289] usb 2-1: USB disconnect, device number 32 [ 428.384580][ T9112] nbd4: detected capacity change from 0 to 12 [ 428.400912][ T9115] block nbd4: NBD_DISCONNECT [ 428.413374][ T9115] block nbd4: Send disconnect failed -89 [ 428.436428][ T8774] block nbd4: Send control failed (result -89) [ 428.451392][ T8774] block nbd4: Request send failed, requeueing [ 428.512603][ T8774] block nbd4: Disconnected due to user request. [ 428.574103][ T41] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 428.588353][ T41] Buffer I/O error on dev nbd4, logical block 0, async page read [ 428.603881][ T8774] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 428.637225][ T9119] loop1: detected capacity change from 0 to 1024 [ 428.643885][ T8774] Buffer I/O error on dev nbd4, logical block 0, async page read [ 428.678904][ T8774] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 428.707836][ T8774] Buffer I/O error on dev nbd4, logical block 0, async page read [ 428.728502][ T8774] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 428.741921][ T8774] Buffer I/O error on dev nbd4, logical block 0, async page read [ 428.760549][ T8774] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 428.790579][ T8774] Buffer I/O error on dev nbd4, logical block 0, async page read [ 428.815529][ T8774] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 428.824793][ T8774] Buffer I/O error on dev nbd4, logical block 0, async page read [ 428.850052][ T8774] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 428.860056][ T8774] Buffer I/O error on dev nbd4, logical block 0, async page read [ 428.885510][ T8774] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 428.901931][ T8774] Buffer I/O error on dev nbd4, logical block 0, async page read [ 428.926679][ T8774] ldm_validate_partition_table(): Disk read failed. [ 428.938340][ T5330] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 428.948350][ T8774] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 428.957943][ T8774] Buffer I/O error on dev nbd4, logical block 0, async page read [ 428.986459][ T8774] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 428.997325][ T8774] Buffer I/O error on dev nbd4, logical block 0, async page read [ 429.006337][ T8774] Dev nbd4: unable to read RDB block 0 [ 429.021124][ T8774] nbd4: unable to read partition table [ 429.035472][ T8774] nbd4: partition table beyond EOD, truncated [ 429.056703][ T8774] ldm_validate_partition_table(): Disk read failed. [ 429.064101][ T8774] Dev nbd4: unable to read RDB block 0 [ 429.078793][ T8774] nbd4: unable to read partition table [ 429.094206][ T8774] nbd4: partition table beyond EOD, truncated [ 429.108428][ T5330] usb 1-1: Using ep0 maxpacket: 16 [ 429.120025][ T5330] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7 [ 429.145942][ T5330] usb 1-1: New USB device found, idVendor=0d46, idProduct=0081, bcdDevice=19.82 [ 429.165389][ T5330] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 429.185636][ T5330] usb 1-1: Product: syz [ 429.190731][ T5330] usb 1-1: Manufacturer: syz [ 429.195377][ T5330] usb 1-1: SerialNumber: syz [ 429.221746][ T5330] usb 1-1: config 0 descriptor?? [ 429.234786][ T5330] kobil_sct 1-1:0.0: KOBIL USB smart card terminal converter detected [ 429.245294][ T5330] usb 1-1: KOBIL USB smart card terminal converter now attached to ttyUSB0 [ 429.844357][ T7196] ir_usb 4-1:0.126: IR Dongle converter detected [ 429.851809][ T744] hfsplus: b-tree write err: -5, ino 4 [ 429.852023][ T7196] usb 4-1: IRDA class descriptor not found, device not bound [ 430.628319][ T5321] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 430.792846][ T5321] usb 2-1: Using ep0 maxpacket: 16 [ 430.821358][ T5321] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7 [ 430.834195][ T5321] usb 2-1: New USB device found, idVendor=0d46, idProduct=0081, bcdDevice=19.82 [ 430.845046][ T5321] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 430.853865][ T5321] usb 2-1: Product: syz [ 430.858059][ T5321] usb 2-1: Manufacturer: syz [ 430.863397][ T5321] usb 2-1: SerialNumber: syz [ 430.884408][ T5321] usb 2-1: config 0 descriptor?? [ 430.894397][ T5321] kobil_sct 2-1:0.0: KOBIL USB smart card terminal converter detected [ 430.919336][ T5321] usb 2-1: KOBIL USB smart card terminal converter now attached to ttyUSB1 [ 431.201842][ T5292] usb 4-1: USB disconnect, device number 31 [ 431.628751][ T7196] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 431.657416][ T9140] loop3: detected capacity change from 0 to 1024 [ 431.680440][ T9140] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 431.936603][ T9140] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 431.991491][ T7196] usb 3-1: Using ep0 maxpacket: 8 [ 432.067913][ T7196] usb 3-1: unable to get BOS descriptor or descriptor too short [ 432.138474][ T7196] usb 3-1: config 8 has an invalid interface number: 255 but max is 0 [ 432.158478][ T7196] usb 3-1: config 8 has no interface number 0 [ 432.168167][ T7196] usb 3-1: config 8 interface 255 has no altsetting 0 [ 432.221750][ T9137] netlink: 'syz.4.712': attribute type 298 has an invalid length. [ 432.287136][ T5330] usb 1-1: USB disconnect, device number 28 [ 432.303046][ T7196] usb 3-1: New USB device found, idVendor=0423, idProduct=000c, bcdDevice=2e.bf [ 432.321339][ T5330] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0 [ 432.336346][ T7196] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 432.518656][ T5330] kobil_sct 1-1:0.0: device disconnected [ 432.538567][ T7196] usb 3-1: Product: syz [ 432.777759][ T7196] usb 3-1: Manufacturer: syz [ 432.785557][ T7196] usb 3-1: SerialNumber: syz [ 433.082739][ C0] raw-gadget.2 gadget.2: ignoring, device is not running [ 433.100723][ C0] raw-gadget.2 gadget.2: ignoring, device is not running [ 433.111099][ C0] raw-gadget.2 gadget.2: ignoring, device is not running [ 433.143028][ T7001] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 433.157930][ T7196] catc 3-1:8.255: Can't set altsetting 1. [ 433.176354][ T7196] catc 3-1:8.255: probe with driver catc failed with error -5 [ 433.222439][ T7196] usb 3-1: USB disconnect, device number 25 [ 433.280149][ T9] usb 2-1: USB disconnect, device number 33 [ 433.296668][ T9] kobil ttyUSB1: KOBIL USB smart card terminal converter now disconnected from ttyUSB1 [ 433.316550][ T9] kobil_sct 2-1:0.0: device disconnected [ 433.710921][ T9155] loop0: detected capacity change from 0 to 24 [ 433.739778][ T9155] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 433.740889][ T9153] loop3: detected capacity change from 0 to 512 [ 433.831206][ T9155] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 433.951154][ T9153] EXT4-fs (loop3): blocks per group (71) and clusters per group (20800) inconsistent [ 434.228388][ T7196] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 434.236357][ T5330] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 434.408070][ T5330] usb 4-1: config 0 has an invalid interface number: 156 but max is 1 [ 434.430413][ T7196] usb 3-1: Using ep0 maxpacket: 32 [ 434.461499][ T7196] usb 3-1: New USB device found, idVendor=093a, idProduct=2476, bcdDevice=7a.f3 [ 434.474981][ T5330] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 434.573185][ T7196] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.803197][ T5330] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 434.831506][ T7196] usb 3-1: Product: syz [ 434.843432][ T9165] loop1: detected capacity change from 0 to 1024 [ 434.852463][ T5330] usb 4-1: config 0 has no interface number 0 [ 434.858708][ T7196] usb 3-1: Manufacturer: syz [ 434.908530][ T7196] usb 3-1: SerialNumber: syz [ 434.914320][ T5330] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 434.949393][ T7196] usb 3-1: config 0 descriptor?? [ 434.962732][ T5330] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 434.980790][ T5330] usb 4-1: config 0 interface 156 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 434.996017][ T5330] usb 4-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 435.009055][ T5330] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=21 [ 435.031584][ T5330] usb 4-1: SerialNumber: syz [ 435.041300][ T5330] usb 4-1: config 0 descriptor?? [ 435.053793][ T5330] gspca_main: spca561-2.14.0 probing abcd:cdee [ 435.270486][ T5330] spca561 4-1:0.156: probe with driver spca561 failed with error -22 [ 435.299634][ T5330] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 435.306669][ T5330] usb 4-1: MIDIStreaming interface descriptor not found [ 435.390594][ T5330] usb 4-1: USB disconnect, device number 32 [ 435.416851][ C0] raw-gadget.0 gadget.2: ignoring, device is not running [ 435.440439][ T7196] gspca_main: pac207-2.14.0 probing 093a:2476 [ 435.450093][ T7196] gspca_pac207: Failed to read a register (index 0x0000, error -71) [ 435.486573][ T7196] usb 3-1: USB disconnect, device number 26 [ 435.527219][ T9174] macsec1: entered allmulticast mode [ 435.540321][ T8728] udevd[8728]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.156/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 435.978566][ T9180] syz.0.719[9180] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 435.978658][ T9180] syz.0.719[9180] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 435.990040][ T9180] syz.0.719[9180] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 436.226156][ T744] hfsplus: b-tree write err: -5, ino 4 [ 436.408734][ T9192] netlink: 'syz.1.726': attribute type 10 has an invalid length. [ 436.432897][ T9192] netlink: 40 bytes leftover after parsing attributes in process `syz.1.726'. [ 437.625389][ T9187] veth1_macvtap: left allmulticast mode [ 437.631216][ T9187] veth1_macvtap: left promiscuous mode [ 437.641716][ T9187] macsec0: entered promiscuous mode [ 437.796293][ T9192] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 437.802839][ T9192] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 437.879242][ T9201] vhci_hcd: connection closed [ 437.879341][ T9192] vhci_hcd vhci_hcd.0: Device attached [ 437.907494][ T53] vhci_hcd: stop threads [ 437.911906][ T5330] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 437.947609][ T53] vhci_hcd: release socket [ 437.964877][ T53] vhci_hcd: disconnect device [ 438.011189][ T9186] loop4: detected capacity change from 0 to 32768 [ 438.052345][ T9186] JBD2: Ignoring recovery information on journal [ 438.078635][ T5330] usb 1-1: Using ep0 maxpacket: 8 [ 438.085577][ T5330] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 15 [ 438.094950][ T5330] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 438.111673][ T5330] usb 1-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8 [ 438.120939][ T5330] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 438.129042][ T5330] usb 1-1: Product: syz [ 438.133453][ T5330] usb 1-1: Manufacturer: syz [ 438.138061][ T5330] usb 1-1: SerialNumber: syz [ 438.143890][ T5330] usb 1-1: config 0 descriptor?? [ 438.151719][ T5330] powermate 1-1:0.0: probe with driver powermate failed with error -22 [ 438.324331][ T9186] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 439.192943][ T7389] ocfs2: Unmounting device (7,4) on (node local) [ 439.991080][ T9224] netlink: 8 bytes leftover after parsing attributes in process `syz.1.734'. [ 440.079850][ T9222] loop1: detected capacity change from 0 to 512 [ 440.086865][ T9222] EXT4-fs: Ignoring removed mblk_io_submit option [ 440.162305][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.386357][ T9202] loop0: detected capacity change from 0 to 64 [ 440.456182][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.566213][ T9234] netlink: 8 bytes leftover after parsing attributes in process `syz.3.736'. [ 440.686708][ T9236] loop3: detected capacity change from 0 to 512 [ 440.695912][ T9236] EXT4-fs: Ignoring removed mblk_io_submit option [ 440.824134][ T9222] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 440.846895][ T9222] EXT4-fs (loop1): 1 truncate cleaned up [ 440.857957][ T9222] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 440.917323][ T9236] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2 [ 440.930791][ T9236] EXT4-fs (loop3): 1 truncate cleaned up [ 440.940713][ T9236] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 441.279122][ T8579] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 441.481350][ T7001] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 441.649157][ T9243] loop1: detected capacity change from 0 to 1024 [ 442.653474][ T6839] hfsplus: b-tree write err: -5, ino 4 [ 442.681173][ T5330] usb 1-1: USB disconnect, device number 29 [ 443.070341][ T9269] syz.3.738[9269] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 443.070451][ T9269] syz.3.738[9269] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 443.082010][ T9269] syz.3.738[9269] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 443.893962][ T9289] netlink: 'syz.1.754': attribute type 10 has an invalid length. [ 443.983471][ T9289] macvlan0: entered allmulticast mode [ 443.999099][ T9289] veth1_vlan: entered allmulticast mode [ 444.040051][ T9289] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 444.155724][ T9300] netlink: 'syz.0.759': attribute type 10 has an invalid length. [ 444.269920][ T9298] netlink: 61959 bytes leftover after parsing attributes in process `syz.3.758'. [ 444.476051][ T9308] netlink: 'syz.3.762': attribute type 10 has an invalid length. [ 444.512867][ T9308] bridge0: port 2(bridge_slave_1) entered disabled state [ 444.520594][ T9308] bridge0: port 1(bridge_slave_0) entered disabled state [ 444.618306][ T9308] bridge0: port 2(bridge_slave_1) entered blocking state [ 444.625816][ T9308] bridge0: port 2(bridge_slave_1) entered forwarding state [ 444.634872][ T9308] bridge0: port 1(bridge_slave_0) entered blocking state [ 444.642057][ T9308] bridge0: port 1(bridge_slave_0) entered forwarding state [ 444.740420][ T9308] team0: Port device bridge0 added [ 444.958282][ T9323] netlink: 'syz.2.770': attribute type 29 has an invalid length. [ 444.990030][ T9323] netlink: 'syz.2.770': attribute type 29 has an invalid length. [ 445.010977][ T9323] netlink: 'syz.2.770': attribute type 29 has an invalid length. [ 445.036017][ T9323] netlink: 'syz.2.770': attribute type 29 has an invalid length. [ 445.317231][ T9335] netlink: 'syz.2.775': attribute type 10 has an invalid length. [ 445.353186][ T9335] team0: Device hsr_slave_0 failed to register rx_handler [ 445.695447][ T9347] netlink: 'syz.3.781': attribute type 21 has an invalid length. [ 445.704051][ T9347] netlink: 148 bytes leftover after parsing attributes in process `syz.3.781'. [ 445.895020][ T9354] warning: `syz.3.784' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 445.974663][ T8490] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.171735][ T8490] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.284412][ T9368] netlink: 'syz.3.793': attribute type 29 has an invalid length. [ 446.489220][ T5244] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 446.501177][ T5244] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 446.510651][ T5244] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 446.528849][ T5244] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 446.536640][ T5244] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 446.544178][ T5244] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 447.190568][ T8490] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 447.344426][ T8490] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 447.756797][ T9375] chnl_net:caif_netlink_parms(): no params data found [ 447.825132][ T8490] bridge_slave_1: left allmulticast mode [ 447.850878][ T8490] bridge_slave_1: left promiscuous mode [ 447.866150][ T8490] bridge0: port 2(bridge_slave_1) entered disabled state [ 447.898491][ T8490] bridge_slave_0: left allmulticast mode [ 447.904323][ T8490] bridge_slave_0: left promiscuous mode [ 447.920420][ T8490] bridge0: port 1(bridge_slave_0) entered disabled state [ 448.493123][ T8490] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 448.507701][ T8490] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 448.527368][ T8490] bond0 (unregistering): Released all slaves [ 448.638434][ T5240] Bluetooth: hci3: command tx timeout [ 448.769298][ T8490] tipc: Left network mode [ 448.869861][ T9375] bridge0: port 1(bridge_slave_0) entered blocking state [ 448.876985][ T9375] bridge0: port 1(bridge_slave_0) entered disabled state [ 448.918069][ T9375] bridge_slave_0: entered allmulticast mode [ 448.936973][ T9375] bridge_slave_0: entered promiscuous mode [ 449.080462][ T9375] bridge0: port 2(bridge_slave_1) entered blocking state [ 449.087603][ T9375] bridge0: port 2(bridge_slave_1) entered disabled state [ 449.103970][ T9375] bridge_slave_1: entered allmulticast mode [ 449.115350][ T9375] bridge_slave_1: entered promiscuous mode [ 449.183514][ T9450] validate_nla: 9 callbacks suppressed [ 449.183530][ T9450] netlink: 'syz.1.822': attribute type 29 has an invalid length. [ 450.718438][ T5240] Bluetooth: hci3: command tx timeout [ 451.823354][ T9452] netlink: 'syz.1.822': attribute type 29 has an invalid length. [ 451.836672][ T9375] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 451.984829][ T9482] syzkaller0: entered promiscuous mode [ 452.009624][ T9482] syzkaller0: entered allmulticast mode [ 452.214884][ T9375] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 452.256045][ T8490] hsr_slave_0: left promiscuous mode [ 452.264581][ T8490] hsr_slave_1: left promiscuous mode [ 452.276757][ T8490] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 452.298402][ T8490] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 452.306932][ T8490] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 452.322647][ T8490] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 452.351604][ T8490] veth1_macvtap: left promiscuous mode [ 452.357188][ T8490] veth0_macvtap: left promiscuous mode [ 452.362963][ T8490] veth1_vlan: left promiscuous mode [ 452.368671][ T8490] veth0_vlan: left promiscuous mode [ 452.801879][ T5240] Bluetooth: hci3: command tx timeout [ 452.864923][ T8490] team0 (unregistering): Port device team_slave_1 removed [ 452.922964][ T8490] team0 (unregistering): Port device team_slave_0 removed [ 454.888419][ T5240] Bluetooth: hci3: command tx timeout [ 455.377631][ T9500] netlink: 'syz.2.831': attribute type 1 has an invalid length. [ 455.628419][ T9523] openvswitch: netlink: Message has 5 unknown bytes. [ 455.673199][ T9375] team0: Port device team_slave_0 added [ 455.685866][ T9375] team0: Port device team_slave_1 added [ 455.835235][ T9375] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 455.851709][ T9375] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 455.904002][ T9537] netlink: 72 bytes leftover after parsing attributes in process `syz.4.842'. [ 455.946762][ T9375] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 455.981070][ T9375] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 456.003298][ T9375] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 456.077935][ T9375] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 456.089776][ T9533] netlink: 4 bytes leftover after parsing attributes in process `syz.4.842'. [ 456.310749][ T9548] netlink: 36 bytes leftover after parsing attributes in process `syz.4.845'. [ 456.344030][ T9375] hsr_slave_0: entered promiscuous mode [ 456.367948][ T9375] hsr_slave_1: entered promiscuous mode [ 456.396832][ T9375] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 456.425175][ T9375] Cannot create hsr debugfs directory [ 456.669877][ T9557] netlink: 'syz.4.848': attribute type 12 has an invalid length. [ 457.029323][ T9574] netlink: 'syz.4.853': attribute type 29 has an invalid length. [ 457.066317][ T9578] netlink: 'syz.4.853': attribute type 29 has an invalid length. [ 457.097919][ T9574] netlink: 'syz.4.853': attribute type 29 has an invalid length. [ 457.565127][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 457.588791][ T9606] netlink: 8 bytes leftover after parsing attributes in process `syz.3.864'. [ 457.597594][ T9606] netlink: 8 bytes leftover after parsing attributes in process `syz.3.864'. [ 457.952025][ T9610] netlink: 40 bytes leftover after parsing attributes in process `syz.4.865'. [ 458.071091][ T9610] netlink: 44 bytes leftover after parsing attributes in process `syz.4.865'. [ 458.294324][ T9375] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 458.321660][ T9375] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 458.356173][ T9375] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 458.402129][ T9375] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 458.640797][ T9375] 8021q: adding VLAN 0 to HW filter on device bond0 [ 458.658461][ T9375] 8021q: adding VLAN 0 to HW filter on device team0 [ 458.693958][ T4079] bridge0: port 1(bridge_slave_0) entered blocking state [ 458.701162][ T4079] bridge0: port 1(bridge_slave_0) entered forwarding state [ 458.725999][ T4079] bridge0: port 2(bridge_slave_1) entered blocking state [ 458.733203][ T4079] bridge0: port 2(bridge_slave_1) entered forwarding state [ 459.207564][ T9375] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 459.271500][ T9375] veth0_vlan: entered promiscuous mode [ 459.330943][ T9375] veth1_vlan: entered promiscuous mode [ 459.440960][ T9375] veth0_macvtap: entered promiscuous mode [ 459.483178][ T9375] veth1_macvtap: entered promiscuous mode [ 459.529106][ T9375] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 459.562296][ T9375] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 459.593013][ T9375] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 459.623955][ T9375] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 459.654239][ T9375] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 459.678447][ T9375] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 459.707635][ T9375] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 459.743971][ T9375] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 459.754661][ T9375] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 459.765258][ T9375] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 459.776350][ T9375] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 459.786781][ T9375] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 459.797294][ T9375] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 459.807170][ T9375] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 459.818077][ T9375] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 459.828378][ T9375] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 459.838937][ T9375] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 459.848797][ T9375] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 459.859298][ T9375] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 459.869210][ T9375] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 459.879694][ T9375] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 459.890560][ T9375] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 460.090296][ T9375] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.099526][ T9375] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.134809][ T9375] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.161882][ T9375] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.426149][ T4079] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 460.451032][ T4079] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 460.551486][ T6839] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 460.572049][ T6839] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 460.877191][ T9739] bridge_slave_0: left allmulticast mode [ 460.926693][ T9739] bridge_slave_0: left promiscuous mode [ 460.982756][ T9739] bridge0: port 1(bridge_slave_0) entered disabled state [ 461.144439][ T9739] bridge_slave_1: left allmulticast mode [ 461.179563][ T9739] bridge_slave_1: left promiscuous mode [ 461.208694][ T9739] bridge0: port 2(bridge_slave_1) entered disabled state [ 461.237025][ T9739] bond0: (slave bond_slave_0): Releasing backup interface [ 461.347451][ T9739] bond0: (slave bond_slave_1): Releasing backup interface [ 461.417916][ T9739] team0: Port device team_slave_0 removed [ 461.466150][ T9739] team0: Port device team_slave_1 removed [ 461.474186][ T9739] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 461.488649][ T9739] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 461.497975][ T9739] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 461.515734][ T9739] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 461.616347][ T9748] wg2: entered promiscuous mode [ 461.627611][ T9748] team0: Refused to change device type [ 461.719813][ T9756] netlink: 'syz.1.904': attribute type 10 has an invalid length. [ 461.754195][ T9756] team0: Failed to send options change via netlink (err -105) [ 461.774567][ T9756] team0: Port device netdevsim0 added [ 461.788819][ T9774] netlink: 'syz.1.904': attribute type 10 has an invalid length. [ 461.806635][ T9774] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 461.847009][ T9774] team0: Failed to send options change via netlink (err -105) [ 461.903427][ T9774] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 461.922272][ T9774] team0: Port device netdevsim0 removed [ 461.935917][ T9774] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 462.356899][ T1117] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.549910][ T1117] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.723378][ T9820] netlink: 'syz.3.918': attribute type 1 has an invalid length. [ 462.781207][ T9820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 462.806343][ T9820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.826943][ T9820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 462.899085][ T9820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.037081][ T9820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 463.069121][ T9820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.116111][ T9820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 463.137814][ T9820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.169120][ T5244] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 463.189173][ T5244] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 463.214555][ T5244] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 463.246763][ T5244] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 463.313414][ T5244] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 463.336300][ T5244] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 463.453121][ T1117] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.564103][ T9845] bridge1: entered promiscuous mode [ 463.674533][ T1117] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.910552][ T9865] netlink: 8 bytes leftover after parsing attributes in process `syz.2.926'. [ 463.966160][ T9869] smc: net device ip6_vti0 applied user defined pnetid SYZ0 [ 464.109251][ T9871] bridge_slave_0: left allmulticast mode [ 464.114938][ T9871] bridge_slave_0: left promiscuous mode [ 464.150480][ T9871] bridge0: port 1(bridge_slave_0) entered disabled state [ 464.236183][ T9871] bridge_slave_1: left allmulticast mode [ 464.263101][ T9871] bridge_slave_1: left promiscuous mode [ 464.282059][ T9871] bridge0: port 2(bridge_slave_1) entered disabled state [ 464.327856][ T9871] bond0: (slave bond_slave_0): Releasing backup interface [ 464.345036][ T9871] bond0: (slave bond_slave_1): Releasing backup interface [ 464.374283][ T9871] team0: Port device team_slave_0 removed [ 464.395793][ T9871] team0: Port device team_slave_1 removed [ 464.403405][ T9871] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 464.413114][ T9871] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 464.435809][ T9871] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 464.444876][ T9871] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 464.485969][ T1117] bridge_slave_1: left allmulticast mode [ 464.503822][ T1117] bridge_slave_1: left promiscuous mode [ 464.524911][ T1117] bridge0: port 2(bridge_slave_1) entered disabled state [ 464.550340][ T1117] bridge_slave_0: left allmulticast mode [ 464.556383][ T1117] bridge_slave_0: left promiscuous mode [ 464.564676][ T1117] bridge0: port 1(bridge_slave_0) entered disabled state [ 464.957916][ T1117] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 464.971668][ T1117] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 464.982294][ T1117] bond0 (unregistering): Released all slaves [ 465.018295][ T9892] netlink: 8 bytes leftover after parsing attributes in process `syz.3.935'. [ 465.327875][ T9899] team0: Mode changed to "broadcast" [ 465.405601][ T9904] netlink: 'syz.3.940': attribute type 10 has an invalid length. [ 465.421870][ T9904] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 465.508140][ T9839] chnl_net:caif_netlink_parms(): no params data found [ 465.518687][ T5240] Bluetooth: hci3: command tx timeout [ 465.607065][ T1117] hsr_slave_0: left promiscuous mode [ 465.642410][ T1117] hsr_slave_1: left promiscuous mode [ 465.653832][ T1117] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 465.677631][ T1117] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 465.707396][ T1117] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 465.724220][ T1117] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 465.800094][ T1117] veth1_macvtap: left promiscuous mode [ 465.808040][ T1117] veth0_macvtap: left promiscuous mode [ 465.814310][ T1117] veth1_vlan: left promiscuous mode [ 465.819924][ T1117] veth0_vlan: left promiscuous mode [ 466.776310][ T1117] team0 (unregistering): Port device team_slave_1 removed [ 466.832047][ T1117] team0 (unregistering): Port device team_slave_0 removed [ 467.497469][ T9947] lo: entered allmulticast mode [ 467.521530][ T9947] tunl0: entered allmulticast mode [ 467.535718][ T9947] gre0: entered allmulticast mode [ 467.562200][ T9947] gretap0: entered allmulticast mode [ 467.576187][ T9947] erspan0: entered allmulticast mode [ 467.595509][ T9947] ip_vti0: entered allmulticast mode [ 467.608508][ T5240] Bluetooth: hci3: command tx timeout [ 467.615616][ T9947] ip6_vti0: entered allmulticast mode [ 467.633732][ T9947] sit0: entered allmulticast mode [ 467.647975][ T9947] ip6tnl0: entered allmulticast mode [ 467.673011][ T9947] ip6gre0: entered allmulticast mode [ 467.694167][ T9947] syz_tun: entered allmulticast mode [ 467.714218][ T9947] ip6gretap0: entered allmulticast mode [ 467.727967][ T9947] bridge0: port 2(bridge_slave_1) entered disabled state [ 467.735726][ T9947] bridge0: port 1(bridge_slave_0) entered disabled state [ 467.752410][ T9947] bridge0: entered allmulticast mode [ 467.766536][ T9947] vcan0: entered allmulticast mode [ 467.785006][ T9947] bond0: entered allmulticast mode [ 467.794618][ T9947] bond_slave_0: entered allmulticast mode [ 467.803423][ T9947] bond_slave_1: entered allmulticast mode [ 467.815543][ T9947] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 467.837876][ T9947] team0: entered allmulticast mode [ 467.845881][ T9947] team_slave_0: entered allmulticast mode [ 467.856933][ T9947] team_slave_1: entered allmulticast mode [ 467.866812][ T9947] geneve0: entered allmulticast mode [ 467.881953][ T9947] dummy0: entered allmulticast mode [ 467.892668][ T9947] nlmon0: entered allmulticast mode [ 467.900328][ T9947] caif0: entered allmulticast mode [ 467.907550][ T9947] batadv0: entered allmulticast mode [ 467.916227][ T9947] vxcan0: entered allmulticast mode [ 467.926560][ T9947] vxcan1: entered allmulticast mode [ 467.944146][ T9947] veth0: entered allmulticast mode [ 467.955616][ T9947] veth1: entered allmulticast mode [ 467.981448][ T9947] wg0: entered allmulticast mode [ 467.998022][ T9947] wg1: entered allmulticast mode [ 468.006279][ T9947] wg2: entered allmulticast mode [ 468.018552][ T9947] veth0_to_bridge: entered allmulticast mode [ 468.027804][ T9947] veth1_to_bridge: entered allmulticast mode [ 468.043033][ T9947] veth0_to_bond: entered allmulticast mode [ 468.054999][ T9947] veth1_to_bond: entered allmulticast mode [ 468.064347][ T9947] veth0_to_team: entered allmulticast mode [ 468.075462][ T9947] veth1_to_team: entered allmulticast mode [ 468.086620][ T9947] veth0_to_batadv: entered allmulticast mode [ 468.094599][ T9947] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 468.103184][ T9947] batadv_slave_0: entered allmulticast mode [ 468.116115][ T9947] veth1_to_batadv: entered allmulticast mode [ 468.124382][ T9947] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 468.132782][ T9947] batadv_slave_1: entered allmulticast mode [ 468.141691][ T9947] xfrm0: entered allmulticast mode [ 468.152208][ T9947] veth0_to_hsr: entered allmulticast mode [ 468.161836][ T9947] hsr_slave_0: entered allmulticast mode [ 468.173277][ T9947] veth1_to_hsr: entered allmulticast mode [ 468.182287][ T9947] hsr_slave_1: entered allmulticast mode [ 468.191041][ T9947] hsr0: entered allmulticast mode [ 468.200099][ T9947] veth1_virt_wifi: entered allmulticast mode [ 468.207855][ T9947] veth0_virt_wifi: entered allmulticast mode [ 468.216347][ T9947] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 468.226313][ T9947] veth0_vlan: entered allmulticast mode [ 468.240218][ T9947] vlan0: entered allmulticast mode [ 468.245417][ T9947] vlan1: entered allmulticast mode [ 468.253598][ T9947] macvlan1: entered allmulticast mode [ 468.261233][ T9947] ipvlan0: entered allmulticast mode [ 468.266599][ T9947] ipvlan1: entered allmulticast mode [ 468.277338][ T9947] veth1_macvtap: entered allmulticast mode [ 468.285251][ T9947] veth0_macvtap: entered allmulticast mode [ 468.296086][ T9947] macvtap0: entered allmulticast mode [ 468.304189][ T9947] macsec0: entered allmulticast mode [ 468.312353][ T9947] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 468.322964][ T9947] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 468.332898][ T9947] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 468.342045][ T9947] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 468.351306][ T9947] geneve1: entered allmulticast mode [ 468.361724][ T9947] netdevsim netdevsim1 netdevsim1: entered allmulticast mode [ 468.371006][ T9947] netdevsim netdevsim1 netdevsim2: entered allmulticast mode [ 468.381846][ T9947] netdevsim netdevsim1 netdevsim3: entered allmulticast mode [ 468.405663][ T9947] mac80211_hwsim hwsim27 wlan0: entered allmulticast mode [ 468.420971][ T9947] mac80211_hwsim hwsim28 wlan1: entered allmulticast mode [ 468.432379][ T9957] netlink: 'syz.3.957': attribute type 10 has an invalid length. [ 468.681459][ T9839] bridge0: port 1(bridge_slave_0) entered blocking state [ 468.694082][ T9839] bridge0: port 1(bridge_slave_0) entered disabled state [ 468.715093][ T9839] bridge_slave_0: entered allmulticast mode [ 468.722383][ T9839] bridge_slave_0: entered promiscuous mode [ 468.754586][ T9839] bridge0: port 2(bridge_slave_1) entered blocking state [ 468.779968][ T9839] bridge0: port 2(bridge_slave_1) entered disabled state [ 468.793667][ T9839] bridge_slave_1: entered allmulticast mode [ 468.801449][ T9839] bridge_slave_1: entered promiscuous mode [ 468.814199][ T9978] netlink: 24 bytes leftover after parsing attributes in process `syz.3.964'. [ 468.975804][ T9984] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 469.020873][ T9839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 469.049044][ T9839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 469.279610][ T9839] team0: Port device team_slave_0 added [ 469.285878][ T9997] netlink: 'syz.1.971': attribute type 10 has an invalid length. [ 469.334307][ T9997] bond0: (slave macvlan0): Releasing backup interface [ 469.354668][ T9839] team0: Port device team_slave_1 added [ 469.469722][ T9839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 469.495127][ T9839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 469.542105][ T9839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 469.574272][ T9839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 469.596936][ T9839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 469.667374][ T9839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 469.685816][ T5240] Bluetooth: hci3: command tx timeout [ 469.741488][ T5330] IPVS: starting estimator thread 0... [ 469.858468][T10023] IPVS: using max 18 ests per chain, 43200 per kthread [ 470.011520][ T9839] hsr_slave_0: entered promiscuous mode [ 470.026687][ T9839] hsr_slave_1: entered promiscuous mode [ 470.198480][ T9839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 470.207137][ T9839] Cannot create hsr debugfs directory [ 470.413416][T10042] netlink: 'syz.4.984': attribute type 10 has an invalid length. [ 471.582557][T10107] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1007'. [ 471.706678][T10099] netlink: 'syz.1.1003': attribute type 12 has an invalid length. [ 471.769741][ T5244] Bluetooth: hci3: command tx timeout [ 471.911791][T10105] netlink: 'syz.4.1005': attribute type 10 has an invalid length. [ 471.972462][T10105] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 472.134940][T10117] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1011'. [ 472.769090][T10145] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 472.801180][ T9839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 472.823086][ T9839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 472.910468][ T9839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 472.925646][T10152] Bluetooth: hci0: Opcode 0x0401 failed: -22 [ 472.942616][ T9839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 472.958896][ T5244] Bluetooth: hci1: command 0x0406 tx timeout [ 472.961269][T10144] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 472.995785][T10156] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1027'. [ 473.209308][T10164] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1028'. [ 473.256574][ T9839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 473.321421][ T9839] 8021q: adding VLAN 0 to HW filter on device team0 [ 473.346126][ T8490] bridge0: port 1(bridge_slave_0) entered blocking state [ 473.353342][ T8490] bridge0: port 1(bridge_slave_0) entered forwarding state [ 473.391299][ T8490] bridge0: port 2(bridge_slave_1) entered blocking state [ 473.398496][ T8490] bridge0: port 2(bridge_slave_1) entered forwarding state [ 473.895555][ T9839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 474.040599][ T9839] veth0_vlan: entered promiscuous mode [ 474.083232][ T9839] veth1_vlan: entered promiscuous mode [ 474.149595][ T9839] veth0_macvtap: entered promiscuous mode [ 474.249118][ T9839] veth1_macvtap: entered promiscuous mode [ 474.315094][ T9839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 474.336878][ T9839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 474.390913][ T9839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 474.417908][ T9839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 474.436167][ T9839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 474.447274][ T9839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 474.457787][ T9839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 474.468093][ T9839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 474.479137][ T9839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 474.492217][ T9839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 474.523190][T10210] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1039'. [ 474.591100][ T9839] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 474.606025][ T9839] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 474.626330][ T9839] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 474.646615][ T9839] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 474.958535][ T5240] Bluetooth: hci0: command tx timeout [ 474.975808][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 474.998488][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 475.036362][ T8490] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 475.044914][ T8490] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 475.679410][T10265] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1049'. [ 475.923841][T10278] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1054'. [ 476.984377][ T1117] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.840239][ T1117] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 478.050245][ T1117] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 478.354964][ T1117] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 478.788390][ T1117] bridge_slave_1: left allmulticast mode [ 478.794078][ T1117] bridge_slave_1: left promiscuous mode [ 478.868581][ T1117] bridge0: port 2(bridge_slave_1) entered disabled state [ 478.949529][ T1117] bridge_slave_0: left allmulticast mode [ 478.955195][ T1117] bridge_slave_0: left promiscuous mode [ 479.038627][ T1117] bridge0: port 1(bridge_slave_0) entered disabled state [ 488.518430][ T5244] Bluetooth: hci2: command 0x0406 tx timeout [ 500.738880][ T1117] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 500.838673][ T1117] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 500.935400][ T1117] bond0 (unregistering): Released all slaves [ 501.603620][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.610016][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 505.878465][ T1117] hsr_slave_0: left promiscuous mode [ 505.938863][ T1117] hsr_slave_1: left promiscuous mode [ 506.038511][ T1117] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 506.045930][ T1117] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 506.149004][ T1117] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 506.156419][ T1117] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 506.435327][ T1117] veth1_macvtap: left promiscuous mode [ 506.558293][ T1117] veth0_macvtap: left promiscuous mode [ 506.588520][ T1117] veth1_vlan: left promiscuous mode [ 506.593825][ T1117] veth0_vlan: left promiscuous mode [ 508.565796][ T5257] page_pool_release_retry() stalled pool shutdown: id 63, 1 inflight 60 sec [ 518.481087][ T1117] team0 (unregistering): Port device team_slave_1 removed [ 519.165836][ T1117] team0 (unregistering): Port device team_slave_0 removed [ 562.980007][T10295] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 563.039711][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.046074][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 565.228275][T10295] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 565.236751][T10295] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 599.810108][ T8774] ================================================================== [ 599.818230][ T8774] BUG: KASAN: slab-use-after-free in bpf_trace_run2+0xfa/0x540 [ 599.825794][ T8774] Read of size 8 at addr ffff888020fdf318 by task udevd/8774 [ 599.833170][ T8774] [ 599.835505][ T8774] CPU: 1 UID: 0 PID: 8774 Comm: udevd Not tainted 6.12.0-rc3-next-20241016-syzkaller #0 [ 599.845240][ T8774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 599.855303][ T8774] Call Trace: [ 599.858588][ T8774] [ 599.861528][ T8774] dump_stack_lvl+0x241/0x360 [ 599.866215][ T8774] ? __pfx_dump_stack_lvl+0x10/0x10 [ 599.871426][ T8774] ? __pfx__printk+0x10/0x10 [ 599.876034][ T8774] ? _printk+0xd5/0x120 [ 599.880203][ T8774] ? __virt_addr_valid+0x183/0x530 [ 599.885307][ T8774] ? __virt_addr_valid+0x183/0x530 [ 599.890406][ T8774] print_report+0x169/0x550 [ 599.894902][ T8774] ? __virt_addr_valid+0x183/0x530 [ 599.900005][ T8774] ? __virt_addr_valid+0x183/0x530 [ 599.905105][ T8774] ? __virt_addr_valid+0x45f/0x530 [ 599.910208][ T8774] ? __phys_addr+0xba/0x170 [ 599.914725][ T8774] ? bpf_trace_run2+0xfa/0x540 [ 599.919479][ T8774] kasan_report+0x143/0x180 [ 599.923977][ T8774] ? bpf_trace_run2+0xfa/0x540 [ 599.928760][ T8774] bpf_trace_run2+0xfa/0x540 [ 599.933340][ T8774] ? __pfx_lock_release+0x10/0x10 [ 599.938352][ T8774] ? __pfx_bpf_trace_run2+0x10/0x10 [ 599.943540][ T8774] ? __might_fault+0xc6/0x120 [ 599.948210][ T8774] ? trace_sys_enter+0x9d/0x150 [ 599.953055][ T8774] __bpf_trace_sys_enter+0x38/0x60 [ 599.958158][ T8774] trace_sys_enter+0xd9/0x150 [ 599.962822][ T8774] syscall_trace_enter+0xf8/0x150 [ 599.967833][ T8774] do_syscall_64+0xcc/0x230 [ 599.972322][ T8774] ? clear_bhb_loop+0x35/0x90 [ 599.976986][ T8774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.982866][ T8774] RIP: 0033:0x7f33ebb16b6a [ 599.987269][ T8774] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [ 600.006863][ T8774] RSP: 002b:00007ffff2b8a3b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 600.015271][ T8774] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f33ebb16b6a [ 600.023234][ T8774] RDX: 0000000000000080 RSI: 00007ffff2b8a4a8 RDI: 0000000000000003 [ 600.031191][ T8774] RBP: 00007ffff2b8a3f8 R08: 0000000000000007 R09: dcb123dbe44b8f7e [ 600.039152][ T8774] R10: 00000000ffffffff R11: 0000000000000246 R12: 000055ad3e87a5e0 [ 600.047120][ T8774] R13: 00007ffff2b8a3f8 R14: 0000000000000001 R15: 000055ad3e85b910 [ 600.055117][ T8774] [ 600.058124][ T8774] [ 600.060449][ T8774] Allocated by task 10293: [ 600.064843][ T8774] kasan_save_track+0x3f/0x80 [ 600.069511][ T8774] __kasan_kmalloc+0x98/0xb0 [ 600.074087][ T8774] __kmalloc_cache_noprof+0x243/0x390 [ 600.079449][ T8774] bpf_raw_tp_link_attach+0x2a0/0x6e0 [ 600.084811][ T8774] bpf_raw_tracepoint_open+0x177/0x1f0 [ 600.090258][ T8774] __sys_bpf+0x3c0/0x810 [ 600.094491][ T8774] __x64_sys_bpf+0x7c/0x90 [ 600.098893][ T8774] do_syscall_64+0xf3/0x230 [ 600.103382][ T8774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.109273][ T8774] [ 600.111587][ T8774] Freed by task 16: [ 600.115378][ T8774] kasan_save_track+0x3f/0x80 [ 600.120047][ T8774] kasan_save_free_info+0x40/0x50 [ 600.125071][ T8774] __kasan_slab_free+0x59/0x70 [ 600.129828][ T8774] kfree+0x1a0/0x460 [ 600.133714][ T8774] rcu_core+0xaaa/0x17a0 [ 600.137948][ T8774] handle_softirqs+0x2c5/0x980 [ 600.142698][ T8774] run_ksoftirqd+0xca/0x130 [ 600.147227][ T8774] smpboot_thread_fn+0x544/0xa30 [ 600.152180][ T8774] kthread+0x2f0/0x390 [ 600.156262][ T8774] ret_from_fork+0x4b/0x80 [ 600.160666][ T8774] ret_from_fork_asm+0x1a/0x30 [ 600.165436][ T8774] [ 600.167751][ T8774] Last potentially related work creation: [ 600.173450][ T8774] kasan_save_stack+0x3f/0x60 [ 600.178116][ T8774] __kasan_record_aux_stack+0xac/0xc0 [ 600.183492][ T8774] call_rcu+0x167/0xa70 [ 600.187673][ T8774] bpf_link_release+0x78/0x90 [ 600.192347][ T8774] __fput+0x23c/0xa50 [ 600.196312][ T8774] task_work_run+0x24f/0x310 [ 600.200889][ T8774] get_signal+0x15e8/0x1740 [ 600.205382][ T8774] arch_do_signal_or_restart+0x96/0x860 [ 600.210932][ T8774] syscall_exit_to_user_mode+0xc9/0x370 [ 600.216472][ T8774] do_syscall_64+0x100/0x230 [ 600.221051][ T8774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.226930][ T8774] [ 600.229242][ T8774] The buggy address belongs to the object at ffff888020fdf300 [ 600.229242][ T8774] which belongs to the cache kmalloc-128 of size 128 [ 600.243288][ T8774] The buggy address is located 24 bytes inside of [ 600.243288][ T8774] freed 128-byte region [ffff888020fdf300, ffff888020fdf380) [ 600.257008][ T8774] [ 600.259317][ T8774] The buggy address belongs to the physical page: [ 600.265721][ T8774] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888020fdfa00 pfn:0x20fdf [ 600.275771][ T8774] flags: 0xfff00000000200(workingset|node=0|zone=1|lastcpupid=0x7ff) [ 600.283825][ T8774] page_type: f5(slab) [ 600.287792][ T8774] raw: 00fff00000000200 ffff88801ac41a00 ffffea0001094410 ffffea00009302d0 [ 600.296363][ T8774] raw: ffff888020fdfa00 000000000010000b 00000001f5000000 0000000000000000 [ 600.304930][ T8774] page dumped because: kasan: bad access detected [ 600.311362][ T8774] page_owner tracks the page as allocated [ 600.317062][ T8774] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4692, tgid 4692 (udevd), ts 74077008461, free_ts 72896209264 [ 600.335721][ T8774] post_alloc_hook+0x1f3/0x230 [ 600.340484][ T8774] get_page_from_freelist+0x3123/0x3270 [ 600.346016][ T8774] __alloc_pages_noprof+0x292/0x710 [ 600.351201][ T8774] alloc_pages_mpol_noprof+0x3e8/0x680 [ 600.356649][ T8774] alloc_slab_page+0x6a/0x120 [ 600.361312][ T8774] allocate_slab+0x5a/0x2f0 [ 600.365806][ T8774] ___slab_alloc+0xcd1/0x14b0 [ 600.370470][ T8774] __slab_alloc+0x58/0xa0 [ 600.374794][ T8774] __kmalloc_cache_noprof+0x27b/0x390 [ 600.380159][ T8774] kernfs_fop_open+0x826/0xd10 [ 600.384914][ T8774] do_dentry_open+0xbe1/0x1b70 [ 600.389677][ T8774] vfs_open+0x3e/0x330 [ 600.393738][ T8774] path_openat+0x2c84/0x3590 [ 600.398315][ T8774] do_filp_open+0x235/0x490 [ 600.402806][ T8774] do_sys_openat2+0x13e/0x1d0 [ 600.407482][ T8774] __x64_sys_openat+0x247/0x2a0 [ 600.412322][ T8774] page last free pid 5470 tgid 5468 stack trace: [ 600.418645][ T8774] free_unref_folios+0xf12/0x18d0 [ 600.423659][ T8774] folios_put_refs+0x76c/0x860 [ 600.428419][ T8774] free_pages_and_swap_cache+0x5c8/0x690 [ 600.434041][ T8774] tlb_flush_mmu+0x3a3/0x680 [ 600.438662][ T8774] tlb_finish_mmu+0xd4/0x200 [ 600.443249][ T8774] exit_mmap+0x496/0xc40 [ 600.447477][ T8774] __mmput+0x115/0x390 [ 600.451539][ T8774] exit_mm+0x220/0x310 [ 600.455618][ T8774] do_exit+0x9b2/0x28e0 [ 600.459761][ T8774] do_group_exit+0x207/0x2c0 [ 600.464346][ T8774] get_signal+0x16a3/0x1740 [ 600.468840][ T8774] arch_do_signal_or_restart+0x96/0x860 [ 600.474376][ T8774] syscall_exit_to_user_mode+0xc9/0x370 [ 600.479912][ T8774] do_syscall_64+0x100/0x230 [ 600.484509][ T8774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.490390][ T8774] [ 600.492706][ T8774] Memory state around the buggy address: [ 600.498345][ T8774] ffff888020fdf200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 600.506399][ T8774] ffff888020fdf280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 600.514456][ T8774] >ffff888020fdf300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 600.522503][ T8774] ^ [ 600.527360][ T8774] ffff888020fdf380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 600.535409][ T8774] ffff888020fdf400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 600.543454][ T8774] ================================================================== [ 600.552059][ T8774] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 600.559257][ T8774] CPU: 1 UID: 0 PID: 8774 Comm: udevd Not tainted 6.12.0-rc3-next-20241016-syzkaller #0 [ 600.568963][ T8774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 600.579007][ T8774] Call Trace: [ 600.582282][ T8774] [ 600.585227][ T8774] dump_stack_lvl+0x241/0x360 [ 600.589897][ T8774] ? __pfx_dump_stack_lvl+0x10/0x10 [ 600.595103][ T8774] ? __pfx__printk+0x10/0x10 [ 600.599694][ T8774] ? vscnprintf+0x5d/0x90 [ 600.604020][ T8774] panic+0x349/0x880 [ 600.607906][ T8774] ? check_panic_on_warn+0x21/0xb0 [ 600.613005][ T8774] ? __pfx_panic+0x10/0x10 [ 600.617416][ T8774] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 600.623307][ T8774] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 600.629192][ T8774] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 600.635516][ T8774] ? print_report+0x502/0x550 [ 600.640183][ T8774] check_panic_on_warn+0x86/0xb0 [ 600.645111][ T8774] ? bpf_trace_run2+0xfa/0x540 [ 600.649865][ T8774] end_report+0x77/0x160 [ 600.654119][ T8774] kasan_report+0x154/0x180 [ 600.658643][ T8774] ? bpf_trace_run2+0xfa/0x540 [ 600.663408][ T8774] bpf_trace_run2+0xfa/0x540 [ 600.667987][ T8774] ? __pfx_lock_release+0x10/0x10 [ 600.672998][ T8774] ? __pfx_bpf_trace_run2+0x10/0x10 [ 600.678187][ T8774] ? __might_fault+0xc6/0x120 [ 600.682847][ T8774] ? trace_sys_enter+0x9d/0x150 [ 600.687687][ T8774] __bpf_trace_sys_enter+0x38/0x60 [ 600.692783][ T8774] trace_sys_enter+0xd9/0x150 [ 600.697470][ T8774] syscall_trace_enter+0xf8/0x150 [ 600.702481][ T8774] do_syscall_64+0xcc/0x230 [ 600.706969][ T8774] ? clear_bhb_loop+0x35/0x90 [ 600.711632][ T8774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.717558][ T8774] RIP: 0033:0x7f33ebb16b6a [ 600.721973][ T8774] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [ 600.741567][ T8774] RSP: 002b:00007ffff2b8a3b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 600.749978][ T8774] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f33ebb16b6a [ 600.757936][ T8774] RDX: 0000000000000080 RSI: 00007ffff2b8a4a8 RDI: 0000000000000003 [ 600.765893][ T8774] RBP: 00007ffff2b8a3f8 R08: 0000000000000007 R09: dcb123dbe44b8f7e [ 600.773852][ T8774] R10: 00000000ffffffff R11: 0000000000000246 R12: 000055ad3e87a5e0 [ 600.781811][ T8774] R13: 00007ffff2b8a3f8 R14: 0000000000000001 R15: 000055ad3e85b910 [ 600.789774][ T8774] [ 600.793023][ T8774] Kernel Offset: disabled [ 600.797339][ T8774] Rebooting in 86400 seconds..