last executing test programs: 29.971040121s ago: executing program 1 (id=885): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000100)={0x0, 0xfffffb06}, 0x8) r2 = socket(0x2, 0x80805, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000200)=@ethtool_channels={0x33}}) r4 = socket$inet6(0xa, 0x3, 0xff) r5 = dup2(r4, r4) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1c) write$RDMA_USER_CM_CMD_BIND_IP(r5, &(0x7f00000000c0)={0x2, 0x28, 0xfa33, {0x0, {0xa, 0x0, 0x0, @local}}}, 0x30) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8982, &(0x7f0000000180)={0x6, 'netpci0\x00', {0x2}, 0x9}) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000340)={0x0, 'veth1_vlan\x00', {}, 0x2}) socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r8 = openat$rdma_cm(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r8, &(0x7f0000000100)={0x14, 0x88, 0xfa00, {r9, 0x30, 0x0, @ib}}, 0x90) write$RDMA_USER_CM_CMD_DESTROY_ID(r5, &(0x7f0000000280)={0x1, 0x10, 0xfa00, {&(0x7f0000000240), r9}}, 0x18) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=@gettfilter={0x6c, 0x2e, 0x8, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0x0, 0x4}, {0x5, 0x8}, {0x0, 0xf}}, [{0x8, 0xb, 0x5}, {0x8}, {0x8, 0xb, 0xc06}, {0x8, 0xb, 0x1}, {0x8}, {0x8, 0xb, 0x3}, {0x8, 0xb, 0x80}, {0x8, 0xb, 0x81}, {0x8, 0xb, 0x3b1}]}, 0x6c}, 0x1, 0x0, 0x0, 0x448d0}, 0x20000000) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000300)=@assoc_value={0x0, 0xae43}, 0x8) socket$nl_route(0x10, 0x3, 0x0) 28.754342674s ago: executing program 1 (id=888): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) write$binfmt_elf64(r1, &(0x7f0000000240)=ANY=[], 0x78) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000100)={0x4}, 0x10) sendto$inet(r1, &(0x7f0000000180)="a7", 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000002c0)={0x0, 0x1}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000040), 0x8) 28.446989215s ago: executing program 1 (id=889): r0 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, 0x0) 28.203783773s ago: executing program 1 (id=890): getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000000), &(0x7f0000000080)=0x10) 28.038958739s ago: executing program 1 (id=891): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0x80015b1b, &(0x7f0000000040)) 24.619265009s ago: executing program 1 (id=899): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000100)={0x0, 0xfffffb06}, 0x8) r2 = socket(0x2, 0x80805, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000200)=@ethtool_channels={0x33}}) r4 = socket$inet6(0xa, 0x3, 0xff) r5 = dup2(r4, r4) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1c) write$RDMA_USER_CM_CMD_BIND_IP(r5, &(0x7f00000000c0)={0x2, 0x28, 0xfa33, {0x0, {0xa, 0x0, 0x0, @local}}}, 0x30) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8982, &(0x7f0000000180)={0x6, 'netpci0\x00', {0x2}, 0x9}) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000340)={0x0, 'veth1_vlan\x00', {}, 0x2}) socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r8 = openat$rdma_cm(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r8, &(0x7f0000000100)={0x14, 0x88, 0xfa00, {r9, 0x30, 0x0, @ib}}, 0x90) write$RDMA_USER_CM_CMD_DESTROY_ID(r5, &(0x7f0000000280)={0x1, 0x10, 0xfa00, {&(0x7f0000000240), r9}}, 0x18) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=@gettfilter={0x6c, 0x2e, 0x8, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0x0, 0x4}, {0x5, 0x8}, {0x0, 0xf}}, [{0x8, 0xb, 0x5}, {0x8}, {0x8, 0xb, 0xc06}, {0x8, 0xb, 0x1}, {0x8}, {0x8, 0xb, 0x3}, {0x8, 0xb, 0x80}, {0x8, 0xb, 0x81}, {0x8, 0xb, 0x3b1}]}, 0x6c}, 0x1, 0x0, 0x0, 0x448d0}, 0x20000000) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000300)=@assoc_value={0x0, 0xae43}, 0x8) socket$nl_route(0x10, 0x3, 0x0) 16.474158254s ago: executing program 3 (id=908): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000480)=@abs, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x9, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r4, &(0x7f0000000a80)={0x0, 0x0, 0x0}, 0x0) recvmsg$kcm(r4, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) recvmsg$kcm(r4, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-generic\x00'}, 0x58) r7 = accept4$alg(r6, 0x0, 0x0, 0x0) sendmmsg$alg(r7, &(0x7f0000004fc0)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000040)='I', 0x7ffff000}, {&(0x7f00000000c0)='U', 0x1}], 0x2}], 0x4924bd8, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r1, 0x80046402, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 13.15180364s ago: executing program 3 (id=913): syz_emit_vhci(0x0, 0x22) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="04040a00000000000054679202ce9eaa48b326b038d97544c8b681bad547412afab3663029531077c8c4fa2f7501610d4eae6214096ae92430cd63486f07b04d9c519ab15a6e842e1352398f95ff35f5115a2c6c50f63336179b5e6b1f774a63506e8cb76bba42c6bee078240ec871a2bcf7dd5691833ac53a02f3614eae3afb9549df1b77ce0baebc9f6306644f6f08bbd3ca3229d272acd3483bf3ae4228f7a2b839594856918b10ca47ad4dc249d99c244aba277d101b5ac305"], 0xd) syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}, {0x0, 0xc8, @any, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}}, 0x14) write$binfmt_script(r0, &(0x7f0000000780), 0x208e24b) ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f00000002c0)={0x0, &(0x7f0000000340)=""/121, 0x79}) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000ac0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0xffffffffffffffe1, 0x0, 0x0, 0x10001, 0xfffffffffffff924]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) listen(0xffffffffffffffff, 0x80080400) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10) getsockopt$inet_int(r2, 0x10d, 0xac, &(0x7f0000000000), &(0x7f0000000200)=0x4) r3 = socket(0x1, 0x2, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000340), 0x0, 0x0) r4 = syz_open_dev$swradio(&(0x7f00000046c0), 0x1, 0x2) readv(r4, &(0x7f0000000380)=[{&(0x7f0000000000)=""/135, 0x87}], 0x300) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_perm_addr={0x33}}) syz_emit_vhci(0x0, 0xffffffffffffffc7) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000f80)={0x2c, &(0x7f0000000e80)=ANY=[], 0x0, 0x0, 0x0, 0x0}) r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r5, 0x5b14, 0x0) 9.779695808s ago: executing program 3 (id=921): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000100)={0x0, 0xfffffb06}, 0x8) r2 = socket(0x2, 0x80805, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000200)=@ethtool_channels={0x33}}) r4 = socket$inet6(0xa, 0x3, 0xff) r5 = dup2(r4, r4) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1c) write$RDMA_USER_CM_CMD_BIND_IP(r5, &(0x7f00000000c0)={0x2, 0x28, 0xfa33, {0x0, {0xa, 0x0, 0x0, @local}}}, 0x30) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8982, &(0x7f0000000180)={0x6, 'netpci0\x00', {0x2}, 0x9}) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000340)={0x0, 'veth1_vlan\x00', {}, 0x2}) socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r8 = openat$rdma_cm(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r8, &(0x7f0000000100)={0x14, 0x88, 0xfa00, {r9, 0x30, 0x0, @ib}}, 0x90) write$RDMA_USER_CM_CMD_DESTROY_ID(r5, &(0x7f0000000280)={0x1, 0x10, 0xfa00, {&(0x7f0000000240), r9}}, 0x18) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=@gettfilter={0x6c, 0x2e, 0x8, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0x0, 0x4}, {0x5, 0x8}, {0x0, 0xf}}, [{0x8, 0xb, 0x5}, {0x8}, {0x8, 0xb, 0xc06}, {0x8, 0xb, 0x1}, {0x8}, {0x8, 0xb, 0x3}, {0x8, 0xb, 0x80}, {0x8, 0xb, 0x81}, {0x8, 0xb, 0x3b1}]}, 0x6c}, 0x1, 0x0, 0x0, 0x448d0}, 0x20000000) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000300)=@assoc_value={0x0, 0xae43}, 0x8) socket$nl_route(0x10, 0x3, 0x0) 8.844615061s ago: executing program 2 (id=923): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000100)={0x0, 0xfffffb06}, 0x8) r2 = socket(0x2, 0x80805, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000200)=@ethtool_channels={0x33}}) r4 = socket$inet6(0xa, 0x3, 0xff) r5 = dup2(r4, r4) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1c) write$RDMA_USER_CM_CMD_BIND_IP(r5, &(0x7f00000000c0)={0x2, 0x28, 0xfa33, {0x0, {0xa, 0x0, 0x0, @local}}}, 0x30) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8982, &(0x7f0000000180)={0x6, 'netpci0\x00', {0x2}, 0x9}) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000340)={0x0, 'veth1_vlan\x00', {}, 0x2}) socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r8 = openat$rdma_cm(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r8, &(0x7f0000000100)={0x14, 0x88, 0xfa00, {r9, 0x30, 0x0, @ib}}, 0x90) write$RDMA_USER_CM_CMD_DESTROY_ID(r5, &(0x7f0000000280)={0x1, 0x10, 0xfa00, {&(0x7f0000000240), r9}}, 0x18) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=@gettfilter={0x6c, 0x2e, 0x8, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0x0, 0x4}, {0x5, 0x8}, {0x0, 0xf}}, [{0x8, 0xb, 0x5}, {0x8}, {0x8, 0xb, 0xc06}, {0x8, 0xb, 0x1}, {0x8}, {0x8, 0xb, 0x3}, {0x8, 0xb, 0x80}, {0x8, 0xb, 0x81}, {0x8, 0xb, 0x3b1}]}, 0x6c}, 0x1, 0x0, 0x0, 0x448d0}, 0x20000000) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000300)=@assoc_value={0x0, 0xae43}, 0x8) socket$nl_route(0x10, 0x3, 0x0) 7.632770504s ago: executing program 0 (id=925): socket$nl_sock_diag(0x10, 0x3, 0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000001140), 0x700, 0x0, 0x0) 6.930254098s ago: executing program 3 (id=928): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='ns\x00') r1 = fanotify_init(0x0, 0x0) readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1) getdents(r0, 0x0, 0x0) 6.901925839s ago: executing program 4 (id=929): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x2, 0x0, 0x55, 0x8c4, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffd, 0x0, 0x4, 0xb}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r6 = fanotify_init(0x200, 0x0) fanotify_mark(r6, 0x1, 0x4800003e, r5, 0x0) r7 = dup2(r6, r5) readv(r7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) open(0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) link(0x0, 0x0) 5.697636671s ago: executing program 2 (id=930): keyctl$restrict_keyring(0x2, 0x0, 0x0, &(0x7f0000000100)='id:cb2\xf7\xc2\xc2De') socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae03, 0x4a) syz_emit_vhci(&(0x7f00000009c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_SET_EXT_ADV_ENABLE={{0x1}}}}, 0x7) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = socket$kcm(0x29, 0x2, 0x0) ioctl$BTRFS_IOC_BALANCE(0xffffffffffffffff, 0x5000940c, 0x0) getresgid(0x0, 0x0, 0x0) r4 = memfd_create(&(0x7f0000000000)='e\xf4E\x88-\x00', 0x0) pwritev(r4, &(0x7f0000000040)=[{&(0x7f0000000480)="db", 0x1}], 0x1, 0x4000001, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r6 = accept4(r5, 0x0, 0x0, 0x0) sendmsg$alg(r6, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x18, 0x117, 0x4, 0x1fc}], 0x18}, 0x0) sendmsg$nl_route_sched_retired(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) recvmmsg(r6, &(0x7f0000000700)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000180)=""/151, 0x97}], 0x1}}], 0x2, 0x0, 0x0) sendfile(r3, r4, 0x0, 0x8000fb00) r7 = socket$inet_tcp(0x2, 0x1, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58) r9 = accept4(r8, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f000000a700)=@deltfilter={0x38, 0x2d, 0x0, 0x0, 0x0, {}, [@filter_kind_options=@f_cgroup={{0xb}, {0x8, 0x2, [@TCA_CGROUP_ACT={0x4}]}}]}, 0x38}}, 0x0) setsockopt$sock_int(r7, 0x1, 0x9, &(0x7f00000000c0)=0x1, 0x4) 5.499400848s ago: executing program 4 (id=931): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f0000000000)=0x8001, 0x4) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}], 0x10) 5.194614879s ago: executing program 4 (id=932): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040400000000"], 0x11) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_signaling={{0xc}, [@l2cap_conn_rsp={{0x3, 0x9, 0x8}, {0xfffc, 0x1, 0x1, 0x6}}]}}, 0x15) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) lstat(&(0x7f0000000000)='./file0\x00', 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x9000, @loopback}], 0x1c) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000880)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x4}}, './file0\x00'}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002b40), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000002c40)={&(0x7f0000002b00)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000002c00)={&(0x7f0000000380)=ANY=[@ANYBLOB="80000000", @ANYRES16=r4, @ANYBLOB="000827df25210000000c009900ff0000004b9d78474f00060008021100000000001c002c80080000004a050000080000000180000008000000000000000500f6000700000024002c80080000000200000008000000070000000800000006000000080000006c7800000a00f500539472c060b8d9c6b771220896e75616ab0813cc6f708ef49f1522b9e5ef7256358044bb3a0ecca074838339e48bbd4d23cb19b7967b786fa919218c7869a2ba3af5662784f58c6c5912903e72a1304a81e5ab0152"], 0x80}, 0x1, 0x0, 0x0, 0x80}, 0x810) r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$int_in(r5, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f00000007c0)) r6 = socket$packet(0x11, 0x3, 0x300) r7 = dup(r6) r8 = fcntl$dupfd(r5, 0x0, r6) ioctl$VHOST_SET_VRING_ADDR(r8, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/251, 0x0}) ioctl$VHOST_NET_SET_BACKEND(r8, 0x4008af30, &(0x7f0000000080)={0x0, r7}) eventfd2(0x8001, 0x0) ioctl$VHOST_SET_VRING_KICK(r8, 0x4008af20, &(0x7f00000000c0)={0x1, r7}) io_uring_setup(0x2026, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f0000000100), 0x0) 4.86865896s ago: executing program 3 (id=933): bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x2, 0x1, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private0}}]}, 0x60}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="020100030c0005000500000000000a00e4ffffff000000000000000000000000ffff00000000000000000000000005000600000000000a00000000000000fc00"/86], 0x60}}, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{0x1, 0xffffffffffffffff}, &(0x7f0000000600), &(0x7f0000000680)}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0x16, &(0x7f0000000780)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x9}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r3}}, @alu={0x7, 0x0, 0x0, 0x8, 0x2, 0x20, 0x1}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='jbd2_handle_stats\x00', r4}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x4, 0x98, &(0x7f00000000c0)=""/152}, 0x90) sendmmsg$alg(r0, &(0x7f00000006c0)=[{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000540)="5d4f7d73b6fe5ba273941bc7d07a687aeb903e19d9995a8ec6fd7a71db202e7ee1947092b6cf2f1f0b1c311d5c31a301db71f5bae2d07df5251a1711c4f5394a6b93d42e7a1126a0560baa3203871ae1a0aad1f3f6e6fc93e3f0e6d721ccd4b30c33d025844414373560aa482ffe2431ce9d2643d44b54c71473be9d5e23ac05960a115984", 0x85}], 0x1, &(0x7f0000000640)=ANY=[@ANYBLOB="68000000000000b458213b7d1f103a001701000002000000530000005cd3938249a62ef565f1f8"], 0x68}], 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) openat$drirender128(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000001100)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x4030582b, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000069128308b7204015a202000000010902120001220000000904000000ff"], 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0xa02000000000000, 0x60, &(0x7f0000000000)={'filter\x00', 0x2, 0x4, 0x400, 0x0, 0x108, 0x0, 0x318, 0x318, 0x318, 0x7fffffe, 0x0, {[{{@uncond, 0xc0, 0x108, 0x71000000, {0x15b}}, @unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@arp={@rand_addr, @empty, 0x0, 0x0, 0x0, 0x0, {@mac=@remote}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'lo\x00', 'ip6tnl0\x00'}, 0xc0, 0x108}, @unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@uncond, 0xc0, 0x108}, @unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0xc0, 0xe8, 0x0, {0x1d000000}}, {0x28}}}}, 0x450) fchmod(r5, 0x0) 4.86028795s ago: executing program 0 (id=934): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = socket$netlink(0x10, 0x3, 0x4) writev(r2, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c560a117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100090c100000000000224e0000", 0x58}], 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000000000014d564b"]) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r7, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0) setsockopt$inet_int(r7, 0x0, 0x7, &(0x7f0000000180)=0x6, 0x4) bind$inet(r7, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x46, &(0x7f00000001c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0xa, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast, {[@timestamp_addr={0x44, 0x14, 0x9, 0x1, 0x0, [{@loopback}, {@remote}]}]}}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x0, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) sendmsg$MPTCP_PM_CMD_SET_FLAGS(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x14, 0x0, 0x200}, 0x14}}, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) write$binfmt_script(r6, &(0x7f0000000100), 0xfecc) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r6, 0xc0709411, &(0x7f0000000400)={{0x0, 0x2, 0x5, 0x2, 0x5, 0x0, 0x53, 0xda, 0x7f8, 0x0, 0x5, 0x3, 0x4, 0x8001, 0x3}, 0x18, [0x0, 0x0, 0x0]}) syz_emit_vhci(&(0x7f0000001800)=@HCI_EVENT_PKT={0x4, @extended_inquiry_info={{0x2f, 0x1}}}, 0x4) ioctl$BTRFS_IOC_TREE_SEARCH(r8, 0xd0009411, &(0x7f0000000680)={{r9, 0x8000000000000001, 0x1c, 0x2, 0x3, 0x9, 0x5, 0x1bdf4309, 0x0, 0x0, 0x7cf1, 0x36}}) syz_emit_ethernet(0x3e, 0x0, 0x0) 3.892530094s ago: executing program 2 (id=935): r0 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x1a, &(0x7f0000000000), &(0x7f0000000080)=0x10) 3.44695652s ago: executing program 2 (id=936): connect$inet(0xffffffffffffffff, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(0xffffffffffffffff, 0x8) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) write$binfmt_elf64(r0, &(0x7f0000000240)=ANY=[], 0x78) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000100)={0x4}, 0x10) sendto$inet(r0, &(0x7f0000000180)="a7", 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000002c0)={0x0, 0x1}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000040), 0x8) 3.255323847s ago: executing program 2 (id=937): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000100)={0x0, 0xfffffb06}, 0x8) r2 = socket(0x0, 0x80805, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000200)=@ethtool_channels={0x33}}) r4 = socket$inet6(0xa, 0x3, 0xff) r5 = dup2(r4, r4) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1c) write$RDMA_USER_CM_CMD_BIND_IP(r5, &(0x7f00000000c0)={0x2, 0x28, 0xfa33, {0x0, {0xa, 0x0, 0x0, @local}}}, 0x30) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8982, &(0x7f0000000180)={0x6, 'netpci0\x00', {0x2}, 0x9}) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000340)={0x0, 'veth1_vlan\x00', {}, 0x2}) socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r8 = openat$rdma_cm(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r8, &(0x7f0000000100)={0x14, 0x88, 0xfa00, {r9, 0x30, 0x0, @ib}}, 0x90) write$RDMA_USER_CM_CMD_DESTROY_ID(r5, &(0x7f0000000280)={0x1, 0x10, 0xfa00, {&(0x7f0000000240), r9}}, 0x18) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=@gettfilter={0x6c, 0x2e, 0x8, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0x0, 0x4}, {0x5, 0x8}, {0x0, 0xf}}, [{0x8, 0xb, 0x5}, {0x8}, {0x8, 0xb, 0xc06}, {0x8, 0xb, 0x1}, {0x8}, {0x8, 0xb, 0x3}, {0x8, 0xb, 0x80}, {0x8, 0xb, 0x81}, {0x8, 0xb, 0x3b1}]}, 0x6c}, 0x1, 0x0, 0x0, 0x448d0}, 0x20000000) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000300)=@assoc_value={0x0, 0xae43}, 0x8) socket$nl_route(0x10, 0x3, 0x0) 3.248798087s ago: executing program 0 (id=938): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f00000002c0)=ANY=[@ANYRES8=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = userfaultfd(0x1) ioctl$UFFDIO_API(r3, 0xc018aa3f, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15) ioctl$TIOCL_GETKMSGREDIRECT(r2, 0x541c, &(0x7f0000000000)) 3.051485374s ago: executing program 3 (id=939): ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdir(&(0x7f0000000840)='./file0\x00', 0x101) open$dir(0x0, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000003c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000380)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x1) link(&(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='./file1\x00') ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000080)={'dummy0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r2}, 0x10) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) r3 = userfaultfd(0x1) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000400)={0xaa, 0x13}) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = dup(r4) write$UHID_INPUT(r5, &(0x7f0000001040)={0xf, {"a2e3ad21ed0d09f91b48090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f3b0063090890e0878f0e1ac6e7049b074a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000095802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 2.8731122s ago: executing program 0 (id=940): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = socket$netlink(0x10, 0x3, 0x4) writev(r2, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c560a117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100090c100000000000224e0000", 0x58}], 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000000000014d564b"]) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r7, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0) setsockopt$inet_int(r7, 0x0, 0x7, &(0x7f0000000180)=0x6, 0x4) bind$inet(r7, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x46, &(0x7f00000001c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0xa, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast, {[@timestamp_addr={0x44, 0x14, 0x9, 0x1, 0x0, [{@loopback}, {@remote}]}]}}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x141842, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) sendmsg$MPTCP_PM_CMD_SET_FLAGS(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) write$binfmt_script(r6, &(0x7f0000000100), 0xfecc) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r6, 0xc0709411, &(0x7f0000000400)={{0x0, 0x2, 0x5, 0x2, 0x5, 0x0, 0x53, 0xda, 0x7f8, 0x0, 0x5, 0x3, 0x4, 0x8001, 0x3}, 0x18, [0x0, 0x0, 0x0]}) syz_emit_vhci(&(0x7f0000001800)=@HCI_EVENT_PKT={0x4, @extended_inquiry_info={{0x2f, 0x1}}}, 0x4) ioctl$BTRFS_IOC_TREE_SEARCH(r8, 0xd0009411, &(0x7f0000000680)={{r9, 0x8000000000000001, 0x1c, 0x2, 0x3, 0x9, 0x5, 0x1bdf4309, 0x0, 0x0, 0x7cf1, 0x36}}) syz_emit_ethernet(0x3e, 0x0, 0x0) 1.658836343s ago: executing program 4 (id=941): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_int(r0, 0x29, 0x1a, 0x0, 0x0) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}], 0x10) 1.390853641s ago: executing program 4 (id=942): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x2, 0x0, 0x55, 0x8c4, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffd, 0x0, 0x4, 0xb}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r6 = fanotify_init(0x200, 0x0) fanotify_mark(r6, 0x1, 0x4800003e, r5, 0x0) r7 = dup2(r6, r5) readv(r7, &(0x7f0000001400)=[{&(0x7f0000000040)=""/81, 0x51}], 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) open(0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) link(0x0, 0x0) 1.334035284s ago: executing program 0 (id=943): socket$nl_sock_diag(0x10, 0x3, 0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="03", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="14"], 0x18}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001140), 0x700, 0x0, 0x0) 139.057106ms ago: executing program 4 (id=944): socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_pidfd_open(0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='io.stat\x00', 0x275a, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r1, 0x4004662b, &(0x7f0000000200)=0x1) 22.75841ms ago: executing program 0 (id=945): socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000000), &(0x7f0000000080)=0x10) 0s ago: executing program 2 (id=946): connect$inet(0xffffffffffffffff, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(0xffffffffffffffff, 0x8) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) write$binfmt_elf64(r0, &(0x7f0000000240)=ANY=[], 0x78) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000100)={0x4}, 0x10) sendto$inet(r0, &(0x7f0000000180)="a7", 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000002c0)={0x0, 0x1}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000040), 0x8) kernel console output (not intermixed with test programs): o resolve './file1': -2 [ 120.756703][ T4552] EXT4-fs error (device loop2): ext4_lookup:1852: inode #19: comm syz.2.283: 'bus' linked to parent dir [ 120.770658][ T4017] bond0 (unregistering): Released all slaves [ 120.795568][ T3880] EXT4-fs (loop2): unmounting filesystem. [ 120.891281][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 120.909886][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 120.935845][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 120.962399][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 120.984416][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 121.005802][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 121.016491][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 121.046507][ T4550] device batadv0 entered promiscuous mode [ 121.069517][ T4550] device veth0 entered promiscuous mode [ 121.104213][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 121.115941][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 121.142980][ T4320] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 121.227660][ T4320] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 121.274827][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 121.297004][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 121.320614][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 121.331674][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 121.337636][ T3596] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 121.362435][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 121.498599][ T4581] loop4: detected capacity change from 0 to 512 [ 121.554901][ T4581] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 121.617431][ T3596] usb 2-1: Using ep0 maxpacket: 8 [ 121.625495][ T4581] ext4 filesystem being mounted at /root/syzkaller.qpM1cP/15/file0 supports timestamps until 2038 (0x7fffffff) [ 121.747645][ T3596] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 121.768275][ T4581] EXT4-fs error (device loop4): ext4_do_update_inode:5210: inode #2: comm syz.4.293: corrupted inode contents [ 121.783150][ T3596] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 121.794419][ T4320] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 121.803760][ T3596] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.829987][ T3596] usb 2-1: config 0 descriptor?? [ 121.838692][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 121.846251][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 121.858004][ T4581] EXT4-fs error (device loop4): ext4_dirty_inode:6072: inode #2: comm syz.4.293: mark_inode_dirty error [ 121.871480][ T3596] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 121.896484][ T4320] device veth0_vlan entered promiscuous mode [ 121.904147][ T4581] EXT4-fs error (device loop4): ext4_do_update_inode:5210: inode #2: comm syz.4.293: corrupted inode contents [ 121.923726][ T3551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 121.934701][ T3551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 121.947684][ T4581] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz.4.293: mark_inode_dirty error [ 121.963551][ T3551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 121.989197][ T3551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 122.000223][ T4581] overlayfs: failed to resolve './file1': -2 [ 122.015506][ T4320] device veth1_vlan entered promiscuous mode [ 122.032472][ T4581] EXT4-fs error (device loop4): ext4_lookup:1852: inode #19: comm syz.4.293: 'bus' linked to parent dir [ 122.063032][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 122.072897][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 122.132339][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 122.143688][ T3903] EXT4-fs (loop4): unmounting filesystem. [ 122.144550][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 122.169508][ T4320] device veth0_macvtap entered promiscuous mode [ 122.208042][ T4320] device veth1_macvtap entered promiscuous mode [ 122.255221][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.317477][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.348910][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.373107][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.389391][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.435197][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.453755][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.487111][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.502210][ T4320] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 122.509987][ T3596] gspca_vc032x: reg_r err -32 [ 122.514791][ T3596] vc032x: probe of 2-1:0.0 failed with error -32 [ 122.535616][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.573824][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.593103][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.614000][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.634271][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.655116][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.692361][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.713881][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.760592][ T4320] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 122.769052][ T3551] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 122.797903][ T3551] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 122.806188][ T3551] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 122.838205][ T3551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 122.867907][ T3551] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 122.882346][ T3551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 122.926117][ T4320] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.958270][ T4320] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.967060][ T4320] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.007277][ T4320] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.220163][ T3616] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.253176][ T3616] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.303471][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 123.323328][ T3630] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.343746][ T3630] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.370085][ T3551] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 123.603172][ T4631] loop2: detected capacity change from 0 to 512 [ 123.703905][ T4631] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 123.748137][ T4631] ext4 filesystem being mounted at /root/syzkaller.TVHLPy/25/file0 supports timestamps until 2038 (0x7fffffff) [ 123.866053][ T4631] EXT4-fs error (device loop2): ext4_do_update_inode:5210: inode #2: comm syz.2.308: corrupted inode contents [ 123.887868][ T4631] EXT4-fs error (device loop2): ext4_dirty_inode:6072: inode #2: comm syz.2.308: mark_inode_dirty error [ 123.918440][ T4631] EXT4-fs error (device loop2): ext4_do_update_inode:5210: inode #2: comm syz.2.308: corrupted inode contents [ 123.957385][ T4631] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz.2.308: mark_inode_dirty error [ 124.044310][ T3880] EXT4-fs (loop2): unmounting filesystem. [ 124.045001][ T27] audit: type=1326 audit(1719782828.162:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4641 comm="syz.0.310" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3401775b99 code=0x0 [ 124.288067][ T3594] usb 2-1: USB disconnect, device number 3 [ 125.632954][ T4681] loop3: detected capacity change from 0 to 512 [ 125.816738][ T4681] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 125.832370][ T4681] ext4 filesystem being mounted at /root/syzkaller.ZRTvIl/3/file0 supports timestamps until 2038 (0x7fffffff) [ 125.877708][ T4681] EXT4-fs error (device loop3): ext4_do_update_inode:5210: inode #2: comm syz.3.321: corrupted inode contents [ 125.959212][ T4681] EXT4-fs error (device loop3): ext4_dirty_inode:6072: inode #2: comm syz.3.321: mark_inode_dirty error [ 125.984349][ T27] audit: type=1326 audit(1719782830.102:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4697 comm="syz.2.326" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f360d775b99 code=0x0 [ 126.036983][ T4681] EXT4-fs error (device loop3): ext4_do_update_inode:5210: inode #2: comm syz.3.321: corrupted inode contents [ 126.075224][ T4681] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.321: mark_inode_dirty error [ 126.440015][ T4320] EXT4-fs (loop3): unmounting filesystem. [ 127.542421][ T4737] loop4: detected capacity change from 0 to 512 [ 127.581412][ T27] audit: type=1326 audit(1719782831.702:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4738 comm="syz.1.342" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb7e6175b99 code=0x0 [ 127.664196][ T4737] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 127.687453][ T4737] ext4 filesystem being mounted at /root/syzkaller.qpM1cP/17/file0 supports timestamps until 2038 (0x7fffffff) [ 127.878537][ T4737] EXT4-fs error (device loop4): ext4_do_update_inode:5210: inode #2: comm syz.4.339: corrupted inode contents [ 127.937630][ T4737] EXT4-fs error (device loop4): ext4_dirty_inode:6072: inode #2: comm syz.4.339: mark_inode_dirty error [ 127.949751][ T4737] EXT4-fs error (device loop4): ext4_do_update_inode:5210: inode #2: comm syz.4.339: corrupted inode contents [ 128.756837][ T4737] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz.4.339: mark_inode_dirty error [ 128.916855][ T3903] EXT4-fs (loop4): unmounting filesystem. [ 129.543863][ T4791] netlink: 4 bytes leftover after parsing attributes in process `syz.0.357'. [ 129.673197][ T27] audit: type=1326 audit(1719782833.792:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4794 comm="syz.4.358" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff130575b99 code=0x0 [ 130.431389][ T3600] kernel write not supported for file /sysvipc/shm (pid: 3600 comm: kworker/1:6) [ 131.432100][ T4840] 9pnet_fd: Insufficient options for proto=fd [ 131.555521][ T27] audit: type=1326 audit(1719782835.672:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4844 comm="syz.2.375" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f360d775b99 code=0x0 [ 131.887386][ T3600] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 132.801660][ T1255] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.808074][ T1255] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.947352][ T3600] usb 1-1: Using ep0 maxpacket: 8 [ 133.073113][ T3600] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice= 2.a2 [ 133.092570][ T3600] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.241648][ T4874] 9pnet_fd: Insufficient options for proto=fd [ 133.439136][ T3600] usb 1-1: Firmware version (0.0) predates our first public release. [ 133.457348][ T3600] usb 1-1: Please update to version 0.2 or newer [ 133.628295][ T27] audit: type=1326 audit(1719782837.752:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4888 comm="syz.2.388" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f360d775b99 code=0x0 [ 133.655821][ T3600] usb 1-1: USB disconnect, device number 6 [ 134.843563][ T4914] 9pnet_fd: Insufficient options for proto=fd [ 135.537471][ T27] audit: type=1326 audit(1719782839.652:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4944 comm="syz.2.406" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f360d775b99 code=0x0 [ 135.812794][ T4955] 9pnet_fd: Insufficient options for proto=fd [ 136.685926][ T4973] process 'syz.0.414' launched './file0' with NULL argv: empty string added [ 136.985765][ T4994] 9pnet_fd: Insufficient options for proto=fd [ 137.127364][ T27] audit: type=1326 audit(1719782841.242:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5002 comm="syz.2.425" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f360d775b99 code=0x0 [ 138.768462][ T27] audit: type=1326 audit(1719782842.892:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5068 comm="syz.3.446" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbbceb75b99 code=0x0 [ 141.115282][ T27] audit: type=1326 audit(1719782845.232:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5115 comm="syz.1.466" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb7e6175b99 code=0x0 [ 141.136862][ C0] vkms_vblank_simulate: vblank timer overrun [ 142.002563][ T5084] loop4: detected capacity change from 0 to 40427 [ 142.051509][ T5084] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 142.097329][ T5084] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 142.121849][ T7] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 142.152652][ T5084] F2FS-fs (loop4): invalid crc value [ 142.178627][ T5136] loop3: detected capacity change from 0 to 64 [ 142.337407][ T5084] F2FS-fs (loop4): Found nat_bits in checkpoint [ 142.426854][ T7] usb 3-1: Using ep0 maxpacket: 8 [ 142.501639][ T5084] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 142.513114][ T5084] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 142.582159][ T7] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice= 2.a2 [ 142.606474][ T5148] loop1: detected capacity change from 0 to 2048 [ 142.607286][ T7] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.686262][ T5148] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 142.829455][ T3871] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 142.855562][ T3871] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 142.856467][ T5158] autofs4:pid:5158:autofs_fill_super: called with bogus options [ 142.957560][ T7] usb 3-1: Firmware version (0.0) predates our first public release. [ 142.981986][ T7] usb 3-1: Please update to version 0.2 or newer [ 143.120359][ T7] usb 3-1: USB disconnect, device number 2 [ 143.157584][ T27] audit: type=1326 audit(1719782847.282:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5167 comm="syz.0.486" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3401775b99 code=0x0 [ 144.542454][ T5192] autofs4:pid:5192:autofs_fill_super: called with bogus options [ 145.881229][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 145.899898][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 145.908349][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 145.917270][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 145.925564][ T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!! [ 145.933877][ T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!! [ 145.942136][ T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!! [ 145.950431][ T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!! [ 145.958687][ T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!! [ 146.957683][ T5235] autofs4:pid:5235:autofs_fill_super: called with bogus options [ 147.540397][ T5253] dccp_close: ABORT with 32 bytes unread [ 149.123270][ T5263] sched: RT throttling activated [ 149.491570][ T27] audit: type=1326 audit(1719782853.592:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5272 comm="syz.4.524" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff130575b99 code=0x0 [ 151.078601][ T5288] syz.2.526[5288] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 151.078723][ T5288] syz.2.526[5288] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 151.094253][ T5288] netlink: 20 bytes leftover after parsing attributes in process `syz.2.526'. [ 151.228273][ T5288] netlink: 20 bytes leftover after parsing attributes in process `syz.2.526'. [ 152.108215][ T27] audit: type=1326 audit(1719782856.232:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5324 comm="syz.1.545" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb7e6175b99 code=0x0 [ 153.812150][ T5353] loop4: detected capacity change from 0 to 128 [ 153.898515][ T5353] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 153.934634][ T5353] ext4 filesystem being mounted at /root/syzkaller.qpM1cP/49/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 154.249092][ T3903] EXT4-fs (loop4): unmounting filesystem. [ 154.599393][ T27] audit: type=1326 audit(1719782858.722:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5368 comm="syz.2.561" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f360d775b99 code=0x0 [ 155.977492][ T5378] loop2: detected capacity change from 0 to 1024 [ 156.110659][ T5378] hfsplus: extend alloc file! (8192,65536,366) [ 156.288566][ T5388] loop2: detected capacity change from 0 to 8 [ 156.506845][ T5378] SQUASHFS error: zlib decompression failed, data probably corrupt [ 156.557496][ T5378] SQUASHFS error: Failed to read block 0x4e8: -5 [ 156.604847][ T27] audit: type=1800 audit(1719782860.712:89): pid=5378 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.563" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 156.863101][ T3597] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 157.157343][ T3597] usb 4-1: Using ep0 maxpacket: 8 [ 157.317711][ T3597] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 157.340995][ T3597] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 157.365293][ T3597] usb 4-1: New USB device found, idVendor=04d8, idProduct=f372, bcdDevice= 0.00 [ 157.375424][ T3597] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.390690][ T3597] usb 4-1: config 0 descriptor?? [ 157.421003][ T27] audit: type=1326 audit(1719782861.542:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5406 comm="syz.1.575" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb7e6175b99 code=0x0 [ 157.707495][ T3596] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 158.017411][ T3596] usb 1-1: Using ep0 maxpacket: 8 [ 158.138238][ T3596] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice= 2.a2 [ 158.172311][ T3596] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.324905][ T3597] hid-led 0003:04D8:F372.0001: unknown main item tag 0x0 [ 158.336771][ T3597] hid-led 0003:04D8:F372.0001: unknown main item tag 0x0 [ 158.344659][ T3597] hid-led 0003:04D8:F372.0001: unknown main item tag 0x0 [ 158.358359][ T3597] hid-led 0003:04D8:F372.0001: unknown main item tag 0x0 [ 158.365768][ T3597] hid-led 0003:04D8:F372.0001: unknown main item tag 0x0 [ 158.375700][ T3597] hid-led 0003:04D8:F372.0001: unknown main item tag 0x0 [ 158.384658][ T3597] hid-led 0003:04D8:F372.0001: unknown main item tag 0x0 [ 158.411032][ T3597] hid-led 0003:04D8:F372.0001: hidraw0: USB HID v0.00 Device [HID 04d8:f372] on usb-dummy_hcd.3-1/input0 [ 158.464139][ T3597] hid-led 0003:04D8:F372.0001: Greynut Luxafor initialized [ 158.597722][ T3597] usb 4-1: USB disconnect, device number 2 [ 158.660005][ T3551] leds luxafor0:blue:led5: Setting an LED's brightness failed (-38) [ 158.668757][ T3596] usb 1-1: Firmware version (0.0) predates our first public release. [ 158.676875][ T3596] usb 1-1: Please update to version 0.2 or newer [ 158.711913][ T3551] leds luxafor0:green:led5: Setting an LED's brightness failed (-38) [ 158.740856][ T3551] leds luxafor0:red:led5: Setting an LED's brightness failed (-38) [ 158.754759][ T3551] leds luxafor0:blue:led4: Setting an LED's brightness failed (-38) [ 158.779122][ T3551] leds luxafor0:green:led4: Setting an LED's brightness failed (-38) [ 158.798218][ T3551] leds luxafor0:red:led4: Setting an LED's brightness failed (-38) [ 158.806874][ T3551] leds luxafor0:blue:led3: Setting an LED's brightness failed (-38) [ 158.815995][ T3551] leds luxafor0:green:led3: Setting an LED's brightness failed (-38) [ 158.827633][ T3596] usb 1-1: USB disconnect, device number 7 [ 158.835012][ T7] leds luxafor0:red:led3: Setting an LED's brightness failed (-38) [ 158.843914][ T7] leds luxafor0:blue:led2: Setting an LED's brightness failed (-38) [ 158.861093][ T3551] leds luxafor0:green:led2: Setting an LED's brightness failed (-38) [ 158.870745][ T3551] leds luxafor0:red:led2: Setting an LED's brightness failed (-38) [ 158.880392][ T7] leds luxafor0:blue:led1: Setting an LED's brightness failed (-38) [ 158.889291][ T7] leds luxafor0:green:led1: Setting an LED's brightness failed (-38) [ 158.901795][ T3551] leds luxafor0:red:led1: Setting an LED's brightness failed (-38) [ 158.910907][ T3551] leds luxafor0:blue:led0: Setting an LED's brightness failed (-38) [ 158.921653][ T3551] leds luxafor0:green:led0: Setting an LED's brightness failed (-38) [ 158.932594][ T3551] leds luxafor0:red:led0: Setting an LED's brightness failed (-38) [ 159.810863][ T5439] loop3: detected capacity change from 0 to 1024 [ 159.936748][ T5439] hfsplus: extend alloc file! (8192,65536,366) [ 160.244722][ T5439] loop3: detected capacity change from 0 to 8 [ 160.320322][ T27] audit: type=1326 audit(1719782864.442:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5451 comm="syz.4.588" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff130575b99 code=0x0 [ 160.372549][ T5439] SQUASHFS error: zlib decompression failed, data probably corrupt [ 160.382516][ T5449] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.400054][ T5439] SQUASHFS error: Failed to read block 0x4e8: -5 [ 160.404025][ T5453] loop2: detected capacity change from 0 to 1764 [ 160.593099][ T27] audit: type=1800 audit(1719782864.712:92): pid=5439 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.582" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 161.492126][ T5449] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.666361][ T5449] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.824077][ T5449] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.064107][ T5449] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.113526][ T5449] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.164043][ T5449] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.229052][ T5449] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.292934][ T27] audit: type=1326 audit(1719782866.412:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5482 comm="syz.2.599" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f360d775b99 code=0x0 [ 162.300227][ T5480] loop3: detected capacity change from 0 to 2048 [ 162.333184][ T5480] NILFS (loop3): unrecognized mount option "¨Þ?-]à=tj-dPÇÂrÏ [ 162.333184][ T5480] þáó=åó†y·‚[ÏfKŸ®!âøëÁvͯØeÆ)J_pK‡ýüíc¥<"Î ƒ;N§÷" [ 162.463969][ T5487] loop4: detected capacity change from 0 to 1764 [ 163.597080][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 163.646153][ T5508] loop4: detected capacity change from 0 to 256 [ 163.852050][ T5519] loop0: detected capacity change from 0 to 1024 [ 163.905978][ T5519] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 163.986328][ T5519] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 164.297340][ T153] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 164.827646][ T153] usb 2-1: New USB device found, idVendor=046d, idProduct=092f, bcdDevice=5a.db [ 164.845948][ T153] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.883792][ T153] usb 2-1: Product: syz [ 164.893620][ T153] usb 2-1: Manufacturer: syz [ 164.916500][ T153] usb 2-1: SerialNumber: syz [ 164.940391][ T153] usb 2-1: config 0 descriptor?? [ 164.998644][ T153] gspca_main: spca561-2.14.0 probing 046d:092f [ 165.240619][ T5525] loop3: detected capacity change from 0 to 32768 [ 165.272248][ T153] spca561: probe of 2-1:0.0 failed with error -22 [ 165.300629][ T5525] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop3 scanned by syz.3.611 (5525) [ 165.325524][ T153] usb 2-1: USB disconnect, device number 4 [ 165.451476][ T5525] BTRFS info (device loop3): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 165.493410][ T5525] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 165.527564][ T5525] BTRFS info (device loop3): using free space tree [ 165.671773][ T5529] loop2: detected capacity change from 0 to 32768 [ 165.747522][ T5525] BTRFS info (device loop3): enabling ssd optimizations [ 165.754941][ T5529] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz.2.612 (5529) [ 165.878075][ T27] audit: type=1326 audit(1719782870.002:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5552 comm="syz.1.615" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb7e6175b99 code=0x0 [ 165.896307][ T5551] loop4: detected capacity change from 0 to 1764 [ 166.847728][ T5559] netlink: 12 bytes leftover after parsing attributes in process `syz.3.611'. [ 167.093205][ T5561] syz.4.616[5561] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 167.093315][ T5561] syz.4.616[5561] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 167.182248][ T3547] EXT4-fs (loop0): unmounting filesystem. [ 167.257464][ T5564] netlink: 12 bytes leftover after parsing attributes in process `syz.2.612'. [ 167.417997][ T5570] loop1: detected capacity change from 0 to 256 [ 167.456358][ T5570] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 167.747439][ T5576] loop1: detected capacity change from 0 to 256 [ 167.809541][ T5576] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 167.835815][ T4320] BTRFS info (device loop3): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 167.868097][ T5578] autofs4:pid:5578:autofs_fill_super: called with bogus options [ 168.089027][ T3597] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 168.347382][ T3597] usb 1-1: Using ep0 maxpacket: 8 [ 168.487585][ T3597] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice= 2.a2 [ 168.517357][ T5585] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 168.627462][ T3597] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.937636][ T3597] usb 1-1: Firmware version (0.0) predates our first public release. [ 168.991680][ T3597] usb 1-1: Please update to version 0.2 or newer [ 169.034223][ T5589] loop1: detected capacity change from 0 to 256 [ 169.042766][ T27] audit: type=1326 audit(1719782873.162:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5592 comm="syz.3.627" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbbceb75b99 code=0x0 [ 169.147427][ T3597] usb 1-1: USB disconnect, device number 8 [ 169.299483][ T5585] usb 5-1: New USB device found, idVendor=046d, idProduct=092f, bcdDevice=5a.db [ 169.318194][ T5585] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.327489][ T5585] usb 5-1: Product: syz [ 169.331894][ T5585] usb 5-1: Manufacturer: syz [ 169.335030][ T5596] loop2: detected capacity change from 0 to 1764 [ 169.336501][ T5585] usb 5-1: SerialNumber: syz [ 169.344354][ T5585] usb 5-1: config 0 descriptor?? [ 170.073895][ T5585] gspca_main: spca561-2.14.0 probing 046d:092f [ 170.197438][ T5585] spca561: probe of 5-1:0.0 failed with error -22 [ 170.224212][ T5585] usb 5-1: USB disconnect, device number 3 [ 170.720962][ T5621] loop4: detected capacity change from 0 to 1024 [ 170.748384][ T5623] autofs4:pid:5623:autofs_fill_super: called with bogus options [ 170.758590][ T5621] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 170.792714][ T5621] EXT4-fs (loop4): The Hurd can't support 64-bit file systems [ 171.369439][ T3597] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 171.402543][ T27] audit: type=1326 audit(1719782875.522:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5638 comm="syz.1.642" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb7e6175b99 code=0x0 [ 171.611932][ T5637] loop4: detected capacity change from 0 to 256 [ 171.856387][ T3597] usb 4-1: Using ep0 maxpacket: 8 [ 172.079517][ T3597] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice= 2.a2 [ 172.115635][ T3597] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.573264][ T3597] usb 4-1: Firmware version (0.0) predates our first public release. [ 172.581807][ T3597] usb 4-1: Please update to version 0.2 or newer [ 172.668001][ T5585] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 172.703848][ T27] audit: type=1800 audit(1719782876.822:97): pid=5655 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.647" name="bus" dev="sda1" ino=1984 res=0 errno=0 [ 172.728358][ T3597] usb 4-1: USB disconnect, device number 3 [ 172.837464][ T5587] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 172.921357][ T5660] autofs4:pid:5660:autofs_fill_super: called with bogus options [ 173.089799][ T5587] usb 2-1: Using ep0 maxpacket: 8 [ 173.147088][ T5669] loop3: detected capacity change from 0 to 1024 [ 173.165851][ T5669] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 173.218250][ T5587] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 6 [ 173.232358][ T5585] usb 3-1: New USB device found, idVendor=046d, idProduct=092f, bcdDevice=5a.db [ 173.242419][ T5585] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.247936][ T5669] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 173.251182][ T5587] usb 2-1: New USB device found, idVendor=0403, idProduct=f0c8, bcdDevice= 2.56 [ 173.269852][ T5585] usb 3-1: Product: syz [ 173.274061][ T5585] usb 3-1: Manufacturer: syz [ 173.279714][ T5585] usb 3-1: SerialNumber: syz [ 173.288272][ T5587] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.301903][ T5585] usb 3-1: config 0 descriptor?? [ 173.311411][ T5587] usb 2-1: config 0 descriptor?? [ 173.357801][ T5585] gspca_main: spca561-2.14.0 probing 046d:092f [ 173.426123][ T27] audit: type=1326 audit(1719782877.542:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5674 comm="syz.4.655" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff130575b99 code=0x0 [ 173.473542][ T3597] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 174.797893][ T5587] usb 2-1: string descriptor 0 read error: -71 [ 174.806100][ T5587] hub 2-1:0.0: bad descriptor, ignoring hub [ 174.813107][ T5587] hub: probe of 2-1:0.0 failed with error -5 [ 174.820552][ T5587] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 174.830156][ T5587] ftdi_sio ttyUSB0: unknown device type: 0x256 [ 174.857640][ T5585] spca561: probe of 3-1:0.0 failed with error -22 [ 174.868685][ T5587] usb 2-1: USB disconnect, device number 5 [ 174.882133][ T4320] EXT4-fs (loop3): unmounting filesystem. [ 174.883962][ T5587] ftdi_sio 2-1:0.0: device disconnected [ 174.895154][ T5585] usb 3-1: USB disconnect, device number 3 [ 174.927432][ T3597] usb 1-1: Using ep0 maxpacket: 8 [ 175.067730][ T3597] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 175.180977][ T3597] usb 1-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 175.205317][ T3597] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 175.239919][ T3597] usb 1-1: SerialNumber: syz [ 175.270942][ T3597] usb 1-1: config 0 descriptor?? [ 176.197698][ T3597] usb 1-1: Found UVC 0.00 device (05ac:8501) [ 176.205233][ T3597] usb 1-1: No valid video chain found. [ 176.218283][ T3597] usb 1-1: USB disconnect, device number 9 [ 176.347457][ T3596] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 176.927116][ T5713] loop4: detected capacity change from 0 to 512 [ 177.022959][ T5713] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 177.046675][ T5713] ext4 filesystem being mounted at /root/syzkaller.qpM1cP/80/file0 supports timestamps until 2038 (0x7fffffff) [ 177.114400][ T5713] EXT4-fs error (device loop4): ext4_do_update_inode:5210: inode #2: comm syz.4.665: corrupted inode contents [ 177.166028][ T5713] EXT4-fs error (device loop4): ext4_dirty_inode:6072: inode #2: comm syz.4.665: mark_inode_dirty error [ 177.207498][ T3596] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 177.234530][ T3596] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 177.244392][ T3596] usb 2-1: too many endpoints for config 1 interface 0 altsetting 9: 74, using maximum allowed: 30 [ 177.269480][ T5713] EXT4-fs error (device loop4): ext4_do_update_inode:5210: inode #2: comm syz.4.665: corrupted inode contents [ 177.297347][ T3596] usb 2-1: config 1 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 74 [ 177.313387][ T27] audit: type=1326 audit(1719782881.432:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5721 comm="syz.3.667" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbbceb75b99 code=0x0 [ 177.318712][ T5713] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz.4.665: mark_inode_dirty error [ 177.355669][ T3596] usb 2-1: config 1 interface 0 has no altsetting 1 [ 177.627769][ T3903] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /root/syzkaller.qpM1cP/80/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 177.862482][ T3903] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /root/syzkaller.qpM1cP/80/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 177.888910][ T3903] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /root/syzkaller.qpM1cP/80/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 177.913803][ T3903] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /root/syzkaller.qpM1cP/80/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 177.937049][ T3903] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /root/syzkaller.qpM1cP/80/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 177.960331][ T3903] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /root/syzkaller.qpM1cP/80/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 178.025672][ T3596] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 178.169456][ T3596] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.640757][ T5734] input: syz1 as /devices/virtual/input/input7 [ 178.663849][ T3596] usb 2-1: Product: syz [ 178.668493][ T3596] usb 2-1: Manufacturer: syz [ 178.673320][ T3596] usb 2-1: SerialNumber: syz [ 178.707379][ T3596] usb 2-1: can't set config #1, error -71 [ 178.714311][ T3596] usb 2-1: USB disconnect, device number 6 [ 180.009628][ T5746] loop3: detected capacity change from 0 to 256 [ 180.166629][ T5760] loop0: detected capacity change from 0 to 512 [ 180.293752][ T5760] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 180.324284][ T5760] ext4 filesystem being mounted at /root/syzkaller.fmbp3w/206/file0 supports timestamps until 2038 (0x7fffffff) [ 180.384024][ T5760] EXT4-fs error (device loop0): ext4_do_update_inode:5210: inode #2: comm syz.0.680: corrupted inode contents [ 180.444752][ T5760] EXT4-fs error (device loop0): ext4_dirty_inode:6072: inode #2: comm syz.0.680: mark_inode_dirty error [ 180.496233][ T5760] EXT4-fs error (device loop0): ext4_do_update_inode:5210: inode #2: comm syz.0.680: corrupted inode contents [ 180.557712][ T5760] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz.0.680: mark_inode_dirty error [ 180.595737][ T5766] syz.2.682 uses obsolete (PF_INET,SOCK_PACKET) [ 180.647115][ T3547] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /root/syzkaller.fmbp3w/206/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 180.686185][ T3547] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /root/syzkaller.fmbp3w/206/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 180.761940][ T3547] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /root/syzkaller.fmbp3w/206/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 180.828321][ T3547] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /root/syzkaller.fmbp3w/206/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 180.904872][ T3547] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /root/syzkaller.fmbp3w/206/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 180.998669][ T3547] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /root/syzkaller.fmbp3w/206/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 181.081477][ T5756] loop1: detected capacity change from 0 to 256 [ 181.137043][ T27] audit: type=1326 audit(1719782885.252:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5770 comm="syz.2.685" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f360d775b99 code=0x0 [ 184.436516][ T5796] loop1: detected capacity change from 0 to 512 [ 184.812028][ T5796] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 184.923012][ T5796] ext4 filesystem being mounted at /root/syzkaller.jpBPu6/92/file0 supports timestamps until 2038 (0x7fffffff) [ 185.028996][ T5804] cgroup2: Unknown parameter 'memory' [ 185.410258][ T5796] EXT4-fs error (device loop1): ext4_do_update_inode:5210: inode #2: comm syz.1.693: corrupted inode contents [ 185.477845][ T5796] EXT4-fs error (device loop1): ext4_dirty_inode:6072: inode #2: comm syz.1.693: mark_inode_dirty error [ 185.498343][ T5796] EXT4-fs error (device loop1): ext4_do_update_inode:5210: inode #2: comm syz.1.693: corrupted inode contents [ 185.528047][ T5796] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #2: comm syz.1.693: mark_inode_dirty error [ 185.666042][ T4020] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /root/syzkaller.jpBPu6/92/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 185.755089][ T4020] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /root/syzkaller.jpBPu6/92/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 185.823691][ T4020] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /root/syzkaller.jpBPu6/92/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 185.889066][ T4020] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /root/syzkaller.jpBPu6/92/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 185.942614][ T4020] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /root/syzkaller.jpBPu6/92/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 186.007389][ T4020] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /root/syzkaller.jpBPu6/92/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 186.782255][ T27] audit: type=1326 audit(1719782890.902:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5809 comm="syz.3.696" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbbceb75b99 code=0x0 [ 188.301727][ T5822] netlink: 32 bytes leftover after parsing attributes in process `syz.2.698'. [ 189.668182][ T3903] EXT4-fs (loop4): unmounting filesystem. [ 189.674757][ T3565] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 189.709318][ T3565] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 189.720581][ T3565] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 189.736815][ T3565] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 189.746321][ T3565] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 189.751252][ T34] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.765448][ T47] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 189.944242][ T34] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.065465][ T34] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.299441][ T34] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.198446][ T47] Bluetooth: hci0: command 0x0406 tx timeout [ 191.652583][ T27] audit: type=1326 audit(1719782895.772:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5849 comm="syz.3.709" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbbceb75b99 code=0x0 [ 191.859188][ T47] Bluetooth: hci4: command tx timeout [ 192.577501][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 192.724132][ T5861] netlink: 'syz.2.711': attribute type 1 has an invalid length. [ 192.858347][ T47] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 192.868438][ T47] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 192.876507][ T47] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 192.885773][ T47] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 192.894916][ T47] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 192.902358][ T47] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 193.192384][ T5870] netlink: 32 bytes leftover after parsing attributes in process `syz.3.712'. [ 193.917324][ T3563] Bluetooth: hci4: command tx timeout [ 194.021612][ T5614] EXT4-fs (loop0): unmounting filesystem. [ 194.307826][ T1255] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.314218][ T1255] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.998620][ T3563] Bluetooth: hci5: command tx timeout [ 195.025712][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.055447][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.106020][ T5831] device bridge_slave_0 entered promiscuous mode [ 195.307118][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.440016][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.475605][ T5831] device bridge_slave_1 entered promiscuous mode [ 196.337304][ T3563] Bluetooth: hci4: command tx timeout [ 196.532994][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 196.558929][ T27] audit: type=1326 audit(1719782900.642:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5901 comm="syz.3.720" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbbceb75b99 code=0x0 [ 196.630913][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 196.873500][ T5831] team0: Port device team_slave_0 added [ 197.203513][ T3563] Bluetooth: hci5: command tx timeout [ 197.551108][ T5831] team0: Port device team_slave_1 added [ 197.619700][ T3559] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 197.629576][ T3559] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 197.638235][ T3559] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 197.647088][ T3559] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 197.655321][ T3559] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 197.663845][ T3559] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 197.834467][ T5245] EXT4-fs (loop1): unmounting filesystem. [ 197.986817][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 197.994010][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.023920][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 198.069571][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 198.083903][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.145586][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 198.227368][ T3595] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 198.276524][ T5862] chnl_net:caif_netlink_parms(): no params data found [ 198.342544][ T34] device batadv0 left promiscuous mode [ 198.356287][ T34] device veth0 left promiscuous mode [ 198.366630][ T34] device hsr_slave_0 left promiscuous mode [ 198.383653][ T34] device hsr_slave_1 left promiscuous mode [ 198.394128][ T34] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 198.406583][ T34] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 198.407392][ T3559] Bluetooth: hci4: command tx timeout [ 198.420829][ T34] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 198.436128][ T34] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 198.450299][ T34] device bridge_slave_1 left promiscuous mode [ 198.467258][ T34] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.476244][ T34] device bridge_slave_0 left promiscuous mode [ 198.492041][ T34] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.497423][ T3595] usb 4-1: Using ep0 maxpacket: 8 [ 198.593521][ T34] device veth1_macvtap left promiscuous mode [ 198.612813][ T34] device veth0_macvtap left promiscuous mode [ 198.620555][ T3595] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice= 2.a2 [ 198.636612][ T34] device veth1_vlan left promiscuous mode [ 198.657145][ T3595] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.677473][ T34] device veth0_vlan left promiscuous mode [ 198.987601][ T3595] usb 4-1: Firmware version (0.0) predates our first public release. [ 198.997066][ T3595] usb 4-1: Please update to version 0.2 or newer [ 199.287423][ T3559] Bluetooth: hci5: command tx timeout [ 199.767451][ T3559] Bluetooth: hci0: command tx timeout [ 199.822606][ T34] team0 (unregistering): Port device team_slave_1 removed [ 199.974079][ T34] team0 (unregistering): Port device team_slave_0 removed [ 200.075937][ T34] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 200.171905][ T27] audit: type=1326 audit(1719782904.282:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5959 comm="syz.3.732" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbbceb75b99 code=0x0 [ 200.214257][ T34] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 201.368024][ T3559] Bluetooth: hci5: command tx timeout [ 201.433475][ T34] bond0 (unregistering): Released all slaves [ 201.542193][ T5831] device hsr_slave_0 entered promiscuous mode [ 201.549319][ T5831] device hsr_slave_1 entered promiscuous mode [ 201.555925][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 201.564026][ T5831] Cannot create hsr debugfs directory [ 201.752534][ T3595] usb 4-1: USB disconnect, device number 4 [ 201.777452][ T3594] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 201.837397][ T3559] Bluetooth: hci0: command tx timeout [ 202.036878][ T5862] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.044367][ T3594] usb 3-1: Using ep0 maxpacket: 8 [ 202.051732][ T5862] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.061248][ T5862] device bridge_slave_0 entered promiscuous mode [ 202.080846][ T5862] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.098036][ T5862] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.156559][ T5862] device bridge_slave_1 entered promiscuous mode [ 202.170609][ T5915] chnl_net:caif_netlink_parms(): no params data found [ 202.185425][ T3594] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice= 2.a2 [ 202.194890][ T3594] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.321733][ T5862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 202.384199][ T5862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 202.527483][ T3594] usb 3-1: Firmware version (0.0) predates our first public release. [ 202.538344][ T3594] usb 3-1: Please update to version 0.2 or newer [ 202.644184][ T5862] team0: Port device team_slave_0 added [ 202.694912][ T5862] team0: Port device team_slave_1 added [ 202.762270][ T3594] usb 3-1: USB disconnect, device number 4 [ 202.831745][ T5999] cgroup2: Unknown parameter 'subj_type' [ 202.872179][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 202.904441][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 203.001899][ T5862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 203.015532][ T5915] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.043301][ T5915] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.054189][ T5915] device bridge_slave_0 entered promiscuous mode [ 203.077699][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 203.097258][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 203.124722][ T5862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 203.157516][ T5915] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.165281][ T5915] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.181479][ T5915] device bridge_slave_1 entered promiscuous mode [ 203.313342][ T5915] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 203.390688][ T5831] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 203.451642][ T5915] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 203.510330][ T5862] device hsr_slave_0 entered promiscuous mode [ 203.628065][ T5862] device hsr_slave_1 entered promiscuous mode [ 203.730220][ T5862] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 203.793679][ T5862] Cannot create hsr debugfs directory [ 203.865984][ T5831] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 203.927464][ T3559] Bluetooth: hci0: command tx timeout [ 204.058974][ T5831] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 204.155013][ T5915] team0: Port device team_slave_0 added [ 204.184831][ T5831] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 204.219283][ T5915] team0: Port device team_slave_1 added [ 204.320665][ T27] audit: type=1326 audit(1719782908.442:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6019 comm="syz.2.742" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f360d775b99 code=0x0 [ 204.385085][ T5915] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 204.397545][ T5915] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 204.449907][ T5915] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 204.501672][ T5915] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 204.518952][ T5915] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 204.653747][ T5915] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 205.611051][ T5915] device hsr_slave_0 entered promiscuous mode [ 205.642642][ T5915] device hsr_slave_1 entered promiscuous mode [ 205.685489][ T5915] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 205.705295][ T5915] Cannot create hsr debugfs directory [ 205.975110][ T6035] syz.2.743 sent an empty control message without MSG_MORE. [ 206.007366][ T3559] Bluetooth: hci0: command tx timeout [ 206.077031][ T5862] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.252261][ T5862] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.327391][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 206.403185][ T5862] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.534123][ T5862] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.657789][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 206.678061][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 206.709652][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 206.743378][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 206.763016][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 206.785197][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.792413][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 206.900393][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 206.911133][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 206.945527][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 206.971341][ T3594] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.978605][ T3594] bridge0: port 2(bridge_slave_1) entered forwarding state [ 206.997084][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 207.031091][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 207.060131][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 207.081025][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 207.099127][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 207.158243][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 207.180765][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 207.202945][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 207.221859][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 207.239448][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 207.259936][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 207.280136][ T5831] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 207.329475][ T34] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.365768][ T5862] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 207.395288][ T5862] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 207.432721][ T34] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.477425][ T5862] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 207.499986][ T5862] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 207.550300][ T34] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.588875][ T6051] loop2: detected capacity change from 0 to 32768 [ 207.616033][ T6051] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.745 (6051) [ 207.656792][ T6051] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 207.674600][ T6051] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 207.697981][ T34] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.716989][ T6051] BTRFS info (device loop2): setting nodatacow, compression disabled [ 207.747496][ T6051] BTRFS warning (device loop2): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 207.787325][ T6051] BTRFS info (device loop2): trying to use backup root at mount time [ 207.826005][ T6051] BTRFS info (device loop2): setting datacow [ 207.849426][ T6051] BTRFS info (device loop2): doing ref verification [ 207.856092][ T6051] BTRFS info (device loop2): enabling ssd optimizations [ 207.909990][ T5862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 207.917805][ T3594] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 207.925412][ T6051] BTRFS info (device loop2): using spread ssd allocation scheme [ 207.950471][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 207.970549][ T6051] BTRFS info (device loop2): turning off barriers [ 207.977582][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 207.991248][ T5862] 8021q: adding VLAN 0 to HW filter on device team0 [ 208.003542][ T6051] BTRFS info (device loop2): not using ssd optimizations [ 208.031681][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 208.040314][ T6051] BTRFS info (device loop2): not using spread ssd allocation scheme [ 208.049826][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 208.058876][ T6051] BTRFS info (device loop2): using free space tree [ 208.073196][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.080356][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.090890][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 208.157654][ T3594] usb 4-1: Using ep0 maxpacket: 8 [ 208.212956][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 208.232269][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 208.257246][ T3628] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.264484][ T3628] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.281345][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 208.290718][ T3594] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice= 2.a2 [ 208.310957][ T3594] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.383439][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 208.400678][ T3880] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 208.708065][ T3594] usb 4-1: Firmware version (0.0) predates our first public release. [ 208.719147][ T3594] usb 4-1: Please update to version 0.2 or newer [ 208.772124][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 208.781457][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 208.789661][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 208.884628][ T3594] usb 4-1: USB disconnect, device number 5 [ 208.963018][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 209.000508][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 209.199700][ T6106] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 209.237887][ T6106] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 209.263031][ T6106] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 209.304439][ T5862] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 209.356336][ T27] audit: type=1326 audit(1719782913.472:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6126 comm="syz.3.750" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbbceb75b99 code=0x0 [ 209.362667][ T5862] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 209.666760][ T6106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 209.681821][ T6106] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 209.691611][ T6106] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 209.700619][ T6106] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 210.440845][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 210.456370][ T3559] Bluetooth: hci3: unexpected event for opcode 0x2060 [ 210.759321][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 210.774233][ T6150] nbd3: detected capacity change from 0 to 12 [ 210.774779][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 210.810530][ T52] block nbd3: Send control failed (result -107) [ 210.817385][ T52] block nbd3: Request send failed, requeueing [ 210.826083][ T3559] block nbd3: Receive control failed (result -32) [ 210.835815][ T52] block nbd3: Dead connection, failed to find a fallback [ 210.843518][ T52] block nbd3: shutting down sockets [ 210.848820][ T52] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 210.861925][ T52] buffer_io_error: 2 callbacks suppressed [ 210.861940][ T52] Buffer I/O error on dev nbd3, logical block 0, async page read [ 210.875925][ T52] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 210.885121][ T52] Buffer I/O error on dev nbd3, logical block 0, async page read [ 210.893579][ T120] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 210.903130][ T120] Buffer I/O error on dev nbd3, logical block 0, async page read [ 210.911877][ T120] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 210.921017][ T120] Buffer I/O error on dev nbd3, logical block 0, async page read [ 210.931314][ T120] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 210.940603][ T120] Buffer I/O error on dev nbd3, logical block 0, async page read [ 210.949602][ T120] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 210.958834][ T120] Buffer I/O error on dev nbd3, logical block 0, async page read [ 210.966829][ T52] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 210.976173][ T52] Buffer I/O error on dev nbd3, logical block 0, async page read [ 210.985836][ T52] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 210.995144][ T52] Buffer I/O error on dev nbd3, logical block 0, async page read [ 211.010483][ T3541] ldm_validate_partition_table(): Disk read failed. [ 211.028047][ T52] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 211.037147][ T52] Buffer I/O error on dev nbd3, logical block 0, async page read [ 211.054529][ T52] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 211.064152][ T52] Buffer I/O error on dev nbd3, logical block 0, async page read [ 211.072590][ T3541] Dev nbd3: unable to read RDB block 0 [ 211.086337][ T3541] nbd3: unable to read partition table [ 211.093776][ T3541] nbd3: partition table beyond EOD, truncated [ 211.104431][ T3541] ldm_validate_partition_table(): Disk read failed. [ 211.120150][ T3541] Dev nbd3: unable to read RDB block 0 [ 211.126519][ T3541] nbd3: unable to read partition table [ 211.133000][ T3541] nbd3: partition table beyond EOD, truncated [ 211.143286][ T6153] ldm_validate_partition_table(): Disk read failed. [ 211.168370][ T6153] Dev nbd3: unable to read RDB block 0 [ 211.190379][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 211.202512][ T6153] nbd3: unable to read partition table [ 211.209961][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 211.210590][ T6153] nbd3: partition table beyond EOD, truncated [ 211.234848][ T5831] device veth0_vlan entered promiscuous mode [ 211.327649][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 211.335694][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 211.354605][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 211.373763][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 211.424168][ T5862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.457889][ T6164] loop3: detected capacity change from 0 to 4096 [ 211.480278][ T6164] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 211.496002][ T5831] device veth1_vlan entered promiscuous mode [ 211.543794][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 211.650043][ T6164] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 211.781951][ T5915] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 212.053983][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 212.074254][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 212.109110][ T5915] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 212.369755][ T5831] device veth0_macvtap entered promiscuous mode [ 212.423181][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 212.515680][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 212.528978][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 212.540220][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 212.551029][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 212.563645][ T5915] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 212.657017][ T5915] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 213.290374][ T5831] device veth1_macvtap entered promiscuous mode [ 213.450584][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 213.468089][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 213.478496][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 213.484326][ T6176] loop3: detected capacity change from 0 to 1024 [ 213.507792][ T5862] device veth0_vlan entered promiscuous mode [ 213.535480][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 213.550093][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.569126][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 213.571736][ T6176] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 213.587071][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.644710][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 213.657477][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.667479][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 213.680408][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.692401][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 213.698421][ T6176] EXT4-fs (loop3): re-mounted. Quota mode: writeback. [ 213.750128][ T5862] device veth1_vlan entered promiscuous mode [ 213.788529][ T27] audit: type=1326 audit(1719782917.912:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6179 comm="syz.2.758" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f360d775b99 code=0x0 [ 213.818754][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 213.828635][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 213.840693][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 213.843710][ T4320] EXT4-fs (loop3): unmounting filesystem. [ 213.854023][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.867978][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 213.880264][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.890639][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 213.905498][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.978310][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 213.998630][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.020333][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 215.391228][ T5862] device veth0_macvtap entered promiscuous mode [ 215.411741][ T5862] device veth1_macvtap entered promiscuous mode [ 215.448948][ T5862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 215.471458][ T5862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.481658][ T5862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 215.492896][ T5862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.502953][ T5862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 215.513805][ T5862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.524022][ T5862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 215.534601][ T5862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.544544][ T5862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 215.989132][ T5862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.072762][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 216.263539][ T5862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 216.317009][ T5862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.365797][ T5862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 216.376901][ T5862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.387505][ T5862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 216.400106][ T5862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.410149][ T5862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 216.421401][ T5862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.431890][ T5862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 216.442805][ T5862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.465025][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 216.473604][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 216.518709][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 216.528790][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 216.543759][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 216.552774][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 216.578302][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 216.605453][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 216.637992][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 216.652342][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 216.666032][ T5915] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.685189][ T5831] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.694490][ T5831] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.703352][ T5831] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.712135][ T5831] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.730966][ T5862] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.743585][ T5862] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.752938][ T5862] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.762013][ T5862] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.789518][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 216.883000][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 216.917967][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 219.730843][ T5915] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.541583][ T3835] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 220.576199][ T3835] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 220.640950][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 220.764514][ T6106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 220.794092][ T6106] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 220.824598][ T6106] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.831846][ T6106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.852558][ T6221] sctp: [Deprecated]: syz.3.768 (pid 6221) Use of struct sctp_assoc_value in delayed_ack socket option. [ 220.852558][ T6221] Use struct sctp_sack_info instead [ 220.858179][ T6106] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 220.973613][ T34] device hsr_slave_0 left promiscuous mode [ 220.987005][ T34] device hsr_slave_1 left promiscuous mode [ 221.014078][ T34] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 221.024115][ T34] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 221.036689][ T34] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 221.051162][ T34] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 221.062349][ T34] device bridge_slave_1 left promiscuous mode [ 221.069261][ T34] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.083586][ T34] device bridge_slave_0 left promiscuous mode [ 221.095781][ T34] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.113847][ T34] device hsr_slave_0 left promiscuous mode [ 221.121058][ T34] device hsr_slave_1 left promiscuous mode [ 221.127557][ T34] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 221.135068][ T34] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 221.143426][ T34] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 221.151071][ T34] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 221.161800][ T34] device bridge_slave_1 left promiscuous mode [ 221.168386][ T34] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.176797][ T34] device bridge_slave_0 left promiscuous mode [ 221.183745][ T34] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.241879][ T34] device veth1_macvtap left promiscuous mode [ 221.248211][ T34] device veth0_macvtap left promiscuous mode [ 221.256382][ T34] device veth1_vlan left promiscuous mode [ 221.262291][ T34] device veth0_vlan left promiscuous mode [ 221.272734][ T34] device veth1_macvtap left promiscuous mode [ 221.289175][ T34] device veth0_macvtap left promiscuous mode [ 221.296184][ T6225] fuse: Bad value for 'fd' [ 221.304185][ T34] device veth1_vlan left promiscuous mode [ 221.310332][ T34] device veth0_vlan left promiscuous mode [ 222.142978][ T34] team0 (unregistering): Port device team_slave_1 removed [ 222.204651][ T27] audit: type=1326 audit(1719782926.322:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6228 comm="syz.2.771" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f360d775b99 code=0x0 [ 222.234344][ T34] team0 (unregistering): Port device team_slave_0 removed [ 222.270816][ T34] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 222.306590][ T34] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 223.172339][ T34] bond0 (unregistering): Released all slaves [ 223.588932][ T34] team0 (unregistering): Port device team_slave_1 removed [ 223.625244][ T34] team0 (unregistering): Port device team_slave_0 removed [ 223.664989][ T34] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 223.708353][ T34] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 224.061551][ T34] bond0 (unregistering): Released all slaves [ 224.164798][ T3835] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.190786][ T3835] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.248310][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 224.258475][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 224.267115][ T3597] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.274346][ T3597] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.302072][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 224.314947][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 224.378749][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 224.406722][ T3835] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.471601][ T3835] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.535007][ T5915] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 224.572595][ T6243] loop0: detected capacity change from 0 to 64 [ 224.577931][ T5915] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 224.653090][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 224.662063][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 224.692930][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 224.704826][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 224.739194][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 224.755300][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 224.778707][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 224.790607][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 224.804881][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 224.836189][ T6248] syz.0.707: attempt to access beyond end of device [ 224.836189][ T6248] loop0: rw=34817, sector=39, nr_sectors = 30 limit=64 [ 224.878836][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.895387][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 224.914177][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 224.945092][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.969159][ T6248] syz.0.707: attempt to access beyond end of device [ 224.969159][ T6248] loop0: rw=34817, sector=72, nr_sectors = 2 limit=64 [ 225.084633][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 225.163012][ T6248] syz.0.707: attempt to access beyond end of device [ 225.163012][ T6248] loop0: rw=34817, sector=76, nr_sectors = 500 limit=64 [ 225.385879][ T6256] netlink: 592 bytes leftover after parsing attributes in process `syz.4.699'. [ 226.930716][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 227.038451][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 227.058951][ T5915] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 227.173883][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 227.203434][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 227.337978][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 227.359425][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 227.402526][ T5915] device veth0_vlan entered promiscuous mode [ 227.427110][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 227.446375][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 227.487580][ T5915] device veth1_vlan entered promiscuous mode [ 227.567324][ T26] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 227.606852][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 227.626716][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 227.676983][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 227.767726][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 227.800227][ T5915] device veth0_macvtap entered promiscuous mode [ 227.817321][ T26] usb 3-1: Using ep0 maxpacket: 8 [ 227.849014][ T5915] device veth1_macvtap entered promiscuous mode [ 227.937508][ T26] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice= 2.a2 [ 227.957593][ T5915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 227.977287][ T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.990870][ T5915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.039010][ T5915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 228.056799][ T27] audit: type=1326 audit(1719782932.172:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6270 comm="syz.4.779" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7048375b99 code=0x0 [ 228.072968][ T5915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.109703][ T5915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 228.125989][ T5915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.137707][ T5915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 228.154301][ T5915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.173259][ T5915] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 228.184891][ T5915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 228.200506][ T5915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.215425][ T5915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 228.230614][ T5915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.243605][ T5915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 228.260526][ T5915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.273295][ T5915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 228.377110][ T5915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.377461][ T26] usb 3-1: Firmware version (0.0) predates our first public release. [ 228.409493][ T5915] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 228.466878][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 228.565507][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 229.231985][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 229.241074][ T26] usb 3-1: Please update to version 0.2 or newer [ 230.186388][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 230.238874][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 230.269115][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 230.274413][ T6293] sctp: [Deprecated]: syz.3.781 (pid 6293) Use of struct sctp_assoc_value in delayed_ack socket option. [ 230.274413][ T6293] Use struct sctp_sack_info instead [ 230.469660][ T5915] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.517629][ T5915] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.526544][ T5915] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.550365][ T26] usb 3-1: USB disconnect, device number 5 [ 230.583682][ T5915] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.124269][ T6296] sctp: [Deprecated]: syz.0.783 (pid 6296) Use of struct sctp_assoc_value in delayed_ack socket option. [ 232.124269][ T6296] Use struct sctp_sack_info instead [ 232.157504][ T3559] Bluetooth: hci1: command 0x0406 tx timeout [ 232.261832][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 232.290192][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 232.321965][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 232.340464][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 232.384100][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 232.455476][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 232.591518][ T6308] sctp: [Deprecated]: syz.4.785 (pid 6308) Use of struct sctp_assoc_value in delayed_ack socket option. [ 232.591518][ T6308] Use struct sctp_sack_info instead [ 233.065127][ T6318] loop1: detected capacity change from 0 to 256 [ 233.393737][ T6318] syz.1.787: attempt to access beyond end of device [ 233.393737][ T6318] loop1: rw=2049, sector=256, nr_sectors = 100 limit=256 [ 233.423417][ T6318] syz.1.787: attempt to access beyond end of device [ 233.423417][ T6318] loop1: rw=2049, sector=264, nr_sectors = 8 limit=256 [ 233.461820][ T6318] syz.1.787: attempt to access beyond end of device [ 233.461820][ T6318] loop1: rw=2049, sector=328, nr_sectors = 24 limit=256 [ 233.503042][ T6318] syz.1.787: attempt to access beyond end of device [ 233.503042][ T6318] loop1: rw=2049, sector=352, nr_sectors = 4 limit=256 [ 233.584496][ T6319] syz.1.787: attempt to access beyond end of device [ 233.584496][ T6319] loop1: rw=1, sector=304, nr_sectors = 4 limit=256 [ 233.651196][ T6318] buffer_io_error: 40 callbacks suppressed [ 233.651370][ T6318] Buffer I/O error on dev loop1, logical block 88, lost async page write [ 233.728064][ T6319] Buffer I/O error on dev loop1, logical block 76, lost async page write [ 233.774488][ T6319] syz.1.787: attempt to access beyond end of device [ 233.774488][ T6319] loop1: rw=1, sector=308, nr_sectors = 4 limit=256 [ 233.838756][ T6319] Buffer I/O error on dev loop1, logical block 77, lost async page write [ 233.898971][ T6319] syz.1.787: attempt to access beyond end of device [ 233.898971][ T6319] loop1: rw=1, sector=312, nr_sectors = 4 limit=256 [ 233.971891][ T6319] Buffer I/O error on dev loop1, logical block 78, lost async page write [ 234.008869][ T6319] syz.1.787: attempt to access beyond end of device [ 234.008869][ T6319] loop1: rw=1, sector=316, nr_sectors = 4 limit=256 [ 234.081662][ T6319] Buffer I/O error on dev loop1, logical block 79, lost async page write [ 234.153912][ T6319] syz.1.787: attempt to access beyond end of device [ 234.153912][ T6319] loop1: rw=1, sector=320, nr_sectors = 4 limit=256 [ 234.180273][ T6319] Buffer I/O error on dev loop1, logical block 80, lost async page write [ 234.189676][ T6319] syz.1.787: attempt to access beyond end of device [ 234.189676][ T6319] loop1: rw=1, sector=324, nr_sectors = 4 limit=256 [ 234.208485][ T6319] Buffer I/O error on dev loop1, logical block 81, lost async page write [ 234.665784][ T6329] netlink: 20 bytes leftover after parsing attributes in process `syz.0.790'. [ 234.675735][ T6329] netlink: 264 bytes leftover after parsing attributes in process `syz.0.790'. [ 234.917615][ T1148] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 235.823304][ T27] audit: type=1326 audit(1719782939.942:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6335 comm="syz.1.794" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0ee4375b99 code=0x0 [ 235.927253][ T1148] usb 4-1: Using ep0 maxpacket: 8 [ 236.103243][ T1148] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice= 2.a2 [ 236.139734][ T3563] Bluetooth: hci3: unexpected event for opcode 0x2039 [ 236.159781][ T1148] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.961259][ T3563] Bluetooth: hci4: unexpected event 0x04 length: 14 > 10 [ 236.968481][ T6342] sctp: [Deprecated]: syz.0.795 (pid 6342) Use of struct sctp_assoc_value in delayed_ack socket option. [ 236.968481][ T6342] Use struct sctp_sack_info instead [ 237.087464][ T1148] usb 4-1: Firmware version (0.0) predates our first public release. [ 237.145108][ T1148] usb 4-1: Please update to version 0.2 or newer [ 237.434726][ T1148] usb 4-1: USB disconnect, device number 6 [ 237.515697][ T6367] sctp: [Deprecated]: syz.1.802 (pid 6367) Use of struct sctp_assoc_value in delayed_ack socket option. [ 237.515697][ T6367] Use struct sctp_sack_info instead [ 238.556916][ T6373] netlink: 20 bytes leftover after parsing attributes in process `syz.0.804'. [ 238.579945][ T6373] netlink: 264 bytes leftover after parsing attributes in process `syz.0.804'. [ 238.824981][ T3563] Bluetooth: hci3: unexpected event 0x04 length: 14 > 10 [ 239.038633][ T3563] Bluetooth: hci4: command tx timeout [ 240.999743][ T47] Bluetooth: hci3: command 0x0406 tx timeout [ 241.602588][ T27] audit: type=1326 audit(1719782945.722:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6397 comm="syz.0.811" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f123ff75b99 code=0x0 [ 241.608712][ T6395] sctp: [Deprecated]: syz.2.809 (pid 6395) Use of struct sctp_assoc_value in delayed_ack socket option. [ 241.608712][ T6395] Use struct sctp_sack_info instead [ 242.737294][ T6103] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 242.766617][ T6410] sctp: [Deprecated]: syz.3.813 (pid 6410) Use of struct sctp_assoc_value in delayed_ack socket option. [ 242.766617][ T6410] Use struct sctp_sack_info instead [ 242.997376][ T6103] usb 2-1: Using ep0 maxpacket: 8 [ 243.117400][ T6103] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice= 2.a2 [ 243.139494][ T6103] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.174774][ T6415] sctp: [Deprecated]: syz.4.815 (pid 6415) Use of struct sctp_assoc_value in delayed_ack socket option. [ 243.174774][ T6415] Use struct sctp_sack_info instead [ 243.587385][ T6103] usb 2-1: Firmware version (0.0) predates our first public release. [ 243.605515][ T6103] usb 2-1: Please update to version 0.2 or newer [ 243.751066][ T6103] usb 2-1: USB disconnect, device number 7 [ 244.214614][ T6422] netlink: 20 bytes leftover after parsing attributes in process `syz.1.818'. [ 244.396637][ T6422] netlink: 264 bytes leftover after parsing attributes in process `syz.1.818'. [ 244.663490][ T3563] Bluetooth: hci0: unexpected event 0x04 length: 14 > 10 [ 246.727329][ T47] Bluetooth: hci0: command tx timeout [ 246.865076][ T27] audit: type=1326 audit(1719782950.982:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6446 comm="syz.1.826" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0ee4375b99 code=0x0 [ 248.054467][ T6437] sctp: [Deprecated]: syz.0.823 (pid 6437) Use of struct sctp_assoc_value in delayed_ack socket option. [ 248.054467][ T6437] Use struct sctp_sack_info instead [ 249.368195][ T47] Bluetooth: hci1: unexpected event 0x04 length: 14 > 10 [ 249.797275][ T26] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 251.490662][ T47] Bluetooth: hci1: command 0x0406 tx timeout [ 251.771865][ T47] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:200' [ 251.781764][ T47] CPU: 0 PID: 47 Comm: kworker/u5:0 Not tainted 6.1.96-syzkaller #0 [ 251.789748][ T47] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 251.799801][ T47] Workqueue: hci1 hci_rx_work [ 251.804511][ T47] Call Trace: [ 251.807786][ T47] [ 251.810713][ T47] dump_stack_lvl+0x1e3/0x2cb [ 251.815455][ T47] ? nf_tcp_handle_invalid+0x642/0x642 [ 251.821085][ T47] ? panic+0x764/0x764 [ 251.825184][ T47] sysfs_create_dir_ns+0x2c6/0x390 [ 251.830337][ T47] ? sysfs_warn_dup+0xa0/0xa0 [ 251.835039][ T47] kobject_add_internal+0x6df/0xd10 [ 251.840274][ T47] kobject_add+0x14e/0x210 [ 251.844731][ T47] ? device_add+0x3c2/0xfd0 [ 251.849246][ T47] ? kobject_init+0x1d0/0x1d0 [ 251.853945][ T47] ? __raw_spin_lock_init+0x41/0x100 [ 251.859257][ T47] ? get_device_parent+0x128/0x400 [ 251.864379][ T47] device_add+0x476/0xfd0 [ 251.868728][ T47] hci_conn_add_sysfs+0xe4/0x1f0 [ 251.873695][ T47] hci_sync_conn_complete_evt+0x723/0xac0 [ 251.879553][ T47] hci_event_packet+0xa9d/0x1510 [ 251.884549][ T47] ? hci_remote_ext_features_evt+0xbf0/0xbf0 [ 251.890877][ T47] ? bis_list+0x290/0x290 [ 251.895223][ T47] ? do_raw_spin_unlock+0x137/0x8a0 [ 251.900434][ T47] ? kcov_remote_start+0x4b5/0x7d0 [ 251.905566][ T47] ? lockdep_hardirqs_on+0x50/0x130 [ 251.910804][ T47] ? hci_send_to_monitor+0x99/0x4d0 [ 251.916028][ T47] hci_rx_work+0x3cd/0xce0 [ 251.920450][ T47] ? do_raw_spin_unlock+0x137/0x8a0 [ 251.925664][ T47] ? process_one_work+0x7a9/0x11d0 [ 251.930781][ T47] process_one_work+0x8a9/0x11d0 [ 251.935743][ T47] ? worker_detach_from_pool+0x260/0x260 [ 251.941392][ T47] ? _raw_spin_lock_irqsave+0x120/0x120 [ 251.946947][ T47] ? kthread_data+0x4e/0xc0 [ 251.951473][ T47] ? wq_worker_running+0x97/0x190 [ 251.956520][ T47] worker_thread+0xa47/0x1200 [ 251.961216][ T47] ? __sched_text_start+0x8/0x8 [ 251.966097][ T47] kthread+0x28d/0x320 [ 251.970167][ T47] ? worker_clr_flags+0x190/0x190 [ 251.975195][ T47] ? kthread_blkcg+0xd0/0xd0 [ 251.979789][ T47] ret_from_fork+0x1f/0x30 [ 251.984233][ T47] [ 251.991233][ T47] kobject_add_internal failed for hci1:200 with -EEXIST, don't try to register things with the same name in the same directory. [ 252.005424][ T47] Bluetooth: hci1: failed to register connection device [ 252.136555][ T47] Bluetooth: hci4: unexpected event 0x04 length: 14 > 10 [ 254.168685][ T3563] Bluetooth: hci1: command 0x0406 tx timeout [ 254.181808][ T47] Bluetooth: hci4: command tx timeout [ 254.455938][ T27] audit: type=1326 audit(1719782958.572:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6501 comm="syz.2.839" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f360d775b99 code=0x0 [ 254.734080][ T6503] sctp: [Deprecated]: syz.1.838 (pid 6503) Use of struct sctp_assoc_value in delayed_ack socket option. [ 254.734080][ T6503] Use struct sctp_sack_info instead [ 254.742120][ T6505] sctp: [Deprecated]: syz.4.837 (pid 6505) Use of struct sctp_assoc_value in delayed_ack socket option. [ 254.742120][ T6505] Use struct sctp_sack_info instead [ 255.681736][ T1255] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.688167][ T1255] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.793595][ T3563] Bluetooth: hci3: unexpected event for opcode 0x2039 [ 256.088423][ T47] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 256.099394][ T47] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 256.110926][ T47] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 256.122209][ T47] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 256.131526][ T47] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 256.140887][ T47] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 256.519919][ T6487] netdevsim netdevsim3: Direct firmware load for ng failed with error -2 [ 256.630759][ T6487] netdevsim netdevsim3: Falling back to sysfs fallback for: ng [ 257.129660][ T6516] chnl_net:caif_netlink_parms(): no params data found [ 257.604199][ T6516] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.621721][ T6516] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.631369][ T6516] device bridge_slave_0 entered promiscuous mode [ 257.680197][ T3836] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.703174][ T6516] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.714110][ T6516] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.727390][ T3563] Bluetooth: hci3: unexpected event 0x04 length: 14 > 10 [ 257.730864][ T6516] device bridge_slave_1 entered promiscuous mode [ 257.788963][ T3836] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.728838][ T47] Bluetooth: hci2: command tx timeout [ 259.757461][ T47] Bluetooth: hci3: command 0x0406 tx timeout [ 259.861590][ T3836] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.932749][ T6516] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 260.120812][ T3836] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.195526][ T27] audit: type=1326 audit(1719782964.312:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6551 comm="syz.2.850" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f360d775b99 code=0x0 [ 260.240945][ T6516] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 260.369839][ T6516] team0: Port device team_slave_0 added [ 260.391691][ T6516] team0: Port device team_slave_1 added [ 261.272493][ T6516] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 261.383542][ T6555] sctp: [Deprecated]: syz.3.849 (pid 6555) Use of struct sctp_assoc_value in delayed_ack socket option. [ 261.383542][ T6555] Use struct sctp_sack_info instead [ 261.430399][ T47] Bluetooth: hci3: unexpected event for opcode 0x2039 [ 261.448844][ T6516] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 261.577301][ T6103] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 261.616393][ T6516] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 261.758627][ T47] Bluetooth: hci2: command tx timeout [ 261.773162][ T6516] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 261.817300][ T6103] usb 2-1: Using ep0 maxpacket: 16 [ 261.823096][ T6516] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 261.966197][ T6516] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 262.037447][ T6103] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 262.581692][ T6103] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 262.719779][ T6516] device hsr_slave_0 entered promiscuous mode [ 262.957564][ T6103] usb 2-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=7a.5a [ 263.873919][ T47] Bluetooth: hci2: command tx timeout [ 263.883226][ T6103] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 263.892427][ T6103] usb 2-1: Product: syz [ 263.896662][ T6103] usb 2-1: Manufacturer: syz [ 263.902930][ T6103] usb 2-1: SerialNumber: syz [ 263.918654][ T6103] usb 2-1: config 0 descriptor?? [ 263.937456][ T6103] usb 2-1: can't set config #0, error -71 [ 263.944598][ T6103] usb 2-1: USB disconnect, device number 9 [ 263.998658][ T6516] device hsr_slave_1 entered promiscuous mode [ 264.050973][ T6516] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 264.104845][ T6516] Cannot create hsr debugfs directory [ 265.185239][ T6607] sctp: [Deprecated]: syz.1.860 (pid 6607) Use of struct sctp_assoc_value in delayed_ack socket option. [ 265.185239][ T6607] Use struct sctp_sack_info instead [ 266.094402][ T47] Bluetooth: hci2: command tx timeout [ 266.259504][ T27] audit: type=1326 audit(1719782970.382:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6615 comm="syz.2.862" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f360d775b99 code=0x0 [ 267.876264][ T6516] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 267.979219][ T6516] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 268.118454][ T3836] device hsr_slave_0 left promiscuous mode [ 268.335779][ T3836] device hsr_slave_1 left promiscuous mode [ 268.634825][ T3836] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 268.660551][ T3836] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 268.675884][ T3836] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 268.684118][ T3836] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 268.722211][ T3836] device bridge_slave_1 left promiscuous mode [ 268.735378][ T3836] bridge0: port 2(bridge_slave_1) entered disabled state [ 268.744964][ T3836] device bridge_slave_0 left promiscuous mode [ 268.782633][ T3836] bridge0: port 1(bridge_slave_0) entered disabled state [ 268.876454][ T3836] device veth1_macvtap left promiscuous mode [ 268.886371][ T3836] device veth0_macvtap left promiscuous mode [ 268.895079][ T3836] device veth1_vlan left promiscuous mode [ 268.905994][ T3836] device veth0_vlan left promiscuous mode [ 269.201358][ T3563] Bluetooth: hci1: unexpected event 0x04 length: 14 > 10 [ 271.277328][ T47] Bluetooth: hci1: command 0x0406 tx timeout [ 272.918117][ T27] audit: type=1326 audit(1719782977.032:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6663 comm="syz.1.872" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0ee4375b99 code=0x0 [ 273.018793][ T6666] sctp: [Deprecated]: syz.4.870 (pid 6666) Use of struct sctp_assoc_value in delayed_ack socket option. [ 273.018793][ T6666] Use struct sctp_sack_info instead [ 273.087300][ T5587] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 273.383620][ T3836] team0 (unregistering): Port device team_slave_1 removed [ 273.407553][ T5587] usb 4-1: Using ep0 maxpacket: 8 [ 273.486355][ T3836] team0 (unregistering): Port device team_slave_0 removed [ 273.530933][ T5587] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice= 2.a2 [ 273.540878][ T5587] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.587014][ T3836] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 273.652669][ T3836] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 273.877326][ T5587] usb 4-1: Firmware version (0.0) predates our first public release. [ 273.903942][ T5587] usb 4-1: Please update to version 0.2 or newer [ 274.252778][ T3836] bond0 (unregistering): Released all slaves [ 274.368010][ T6516] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 274.407999][ T6516] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 274.568986][ T5587] usb 4-1: USB disconnect, device number 7 [ 274.966158][ T6679] sctp: [Deprecated]: syz.1.874 (pid 6679) Use of struct sctp_assoc_value in delayed_ack socket option. [ 274.966158][ T6679] Use struct sctp_sack_info instead [ 274.974088][ T6516] 8021q: adding VLAN 0 to HW filter on device bond0 [ 275.038235][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 275.064263][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 275.118771][ T6516] 8021q: adding VLAN 0 to HW filter on device team0 [ 275.192156][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 275.219613][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 275.406923][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.414206][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 276.554064][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 276.568228][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 276.601742][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 276.619297][ T1148] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.626532][ T1148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 276.641236][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 276.662515][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 276.779045][ T6106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 276.806530][ T6106] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 276.821873][ T6106] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 276.832557][ T6106] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 276.846197][ T6106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 276.856553][ T6106] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 276.876926][ T6516] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 276.901100][ T6516] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 276.915732][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 276.924788][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 276.939692][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 278.427508][ T14] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 279.436564][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 279.444844][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 279.453841][ T14] usb 4-1: Using ep0 maxpacket: 8 [ 279.462638][ T6516] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 279.568884][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 279.577965][ T14] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice= 2.a2 [ 279.587027][ T14] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.612024][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 279.613714][ T27] audit: type=1326 audit(1719782983.732:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6708 comm="syz.4.883" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7048375b99 code=0x0 [ 279.682717][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 279.701776][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 279.734518][ T6516] device veth0_vlan entered promiscuous mode [ 279.742821][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 279.751768][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 279.777725][ T6516] device veth1_vlan entered promiscuous mode [ 279.925611][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 279.934593][ T14] usb 4-1: Firmware version (0.0) predates our first public release. [ 279.948419][ T14] usb 4-1: Please update to version 0.2 or newer [ 279.948654][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 279.969728][ T3563] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:200' [ 279.979840][ T3563] CPU: 1 PID: 3563 Comm: kworker/u5:6 Not tainted 6.1.96-syzkaller #0 [ 279.984394][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 279.988013][ T3563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 279.988060][ T3563] Workqueue: hci3 hci_rx_work [ 279.988089][ T3563] Call Trace: [ 279.988097][ T3563] [ 279.988107][ T3563] dump_stack_lvl+0x1e3/0x2cb [ 280.021525][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 280.021746][ T3563] ? nf_tcp_handle_invalid+0x642/0x642 [ 280.035168][ T3563] ? panic+0x764/0x764 [ 280.039291][ T3563] sysfs_create_dir_ns+0x2c6/0x390 [ 280.040694][ T6516] device veth0_macvtap entered promiscuous mode [ 280.044446][ T3563] ? sysfs_warn_dup+0xa0/0xa0 [ 280.044496][ T3563] kobject_add_internal+0x6df/0xd10 [ 280.060661][ T3563] kobject_add+0x14e/0x210 [ 280.065102][ T3563] ? device_add+0x3c2/0xfd0 [ 280.069619][ T3563] ? kobject_init+0x1d0/0x1d0 [ 280.074347][ T3563] ? __raw_spin_lock_init+0x41/0x100 [ 280.079650][ T3563] ? get_device_parent+0x128/0x400 [ 280.084776][ T3563] device_add+0x476/0xfd0 [ 280.089127][ T3563] hci_conn_add_sysfs+0xe4/0x1f0 [ 280.094112][ T3563] hci_sync_conn_complete_evt+0x723/0xac0 [ 280.099855][ T3563] hci_event_packet+0xa9d/0x1510 [ 280.104810][ T3563] ? hci_remote_ext_features_evt+0xbf0/0xbf0 [ 280.110823][ T3563] ? bis_list+0x290/0x290 [ 280.115165][ T3563] ? do_raw_spin_unlock+0x137/0x8a0 [ 280.120372][ T3563] ? kcov_remote_start+0x4b5/0x7d0 [ 280.125502][ T3563] ? lockdep_hardirqs_on+0x50/0x130 [ 280.130712][ T3563] ? hci_send_to_monitor+0x99/0x4d0 [ 280.135918][ T3563] hci_rx_work+0x3cd/0xce0 [ 280.140382][ T3563] ? do_raw_spin_unlock+0x137/0x8a0 [ 280.145620][ T3563] ? process_one_work+0x7a9/0x11d0 [ 280.150758][ T3563] process_one_work+0x8a9/0x11d0 [ 280.155731][ T3563] ? worker_detach_from_pool+0x260/0x260 [ 280.161385][ T3563] ? _raw_spin_lock_irqsave+0x120/0x120 [ 280.166943][ T3563] ? kthread_data+0x4e/0xc0 [ 280.171471][ T3563] ? wq_worker_running+0x97/0x190 [ 280.176517][ T3563] worker_thread+0xa47/0x1200 [ 280.181212][ T3563] ? __sched_text_start+0x8/0x8 [ 280.186096][ T3563] kthread+0x28d/0x320 [ 280.190170][ T3563] ? worker_clr_flags+0x190/0x190 [ 280.195202][ T3563] ? kthread_blkcg+0xd0/0xd0 [ 280.199889][ T3563] ret_from_fork+0x1f/0x30 [ 280.204358][ T3563] [ 280.219122][ T3563] kobject_add_internal failed for hci3:200 with -EEXIST, don't try to register things with the same name in the same directory. [ 280.241693][ T3563] Bluetooth: hci3: failed to register connection device [ 280.244379][ T6516] device veth1_macvtap entered promiscuous mode [ 280.324263][ T14] usb 4-1: USB disconnect, device number 8 [ 280.437031][ T6516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 280.478325][ T6516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 280.547279][ T6516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 280.558120][ T6516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 280.568040][ T6516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 280.580417][ T6516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 280.590334][ T6516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 280.606775][ T6516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 280.638548][ T6516] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 280.670101][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 280.723992][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 280.751241][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 280.776933][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 280.806695][ T6516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 280.837238][ T6516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 280.872668][ T6516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 280.957652][ T6516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 280.990157][ T6516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 281.044423][ T6516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.065620][ T6516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 281.104272][ T6733] sctp: [Deprecated]: syz.1.885 (pid 6733) Use of struct sctp_assoc_value in delayed_ack socket option. [ 281.104272][ T6733] Use struct sctp_sack_info instead [ 281.160327][ T6516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.204869][ T6516] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 281.217401][ T6732] sctp: [Deprecated]: syz.4.886 (pid 6732) Use of struct sctp_assoc_value in delayed_ack socket option. [ 281.217401][ T6732] Use struct sctp_sack_info instead [ 281.245752][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 281.289885][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 281.342618][ T6516] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.384201][ T6516] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.413139][ T6516] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.473286][ T6516] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.772904][ T5748] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 281.800940][ T5748] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 281.855670][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 281.951989][ T3630] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 281.971129][ T3630] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 282.000934][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 282.008544][ T3563] Bluetooth: hci3: command 0x0406 tx timeout [ 282.527086][ T6717] netdevsim netdevsim2: Direct firmware load for ng failed with error -2 [ 282.563269][ T6717] netdevsim netdevsim2: Falling back to sysfs fallback for: ng [ 282.681326][ T6747] sctp: [Deprecated]: syz.0.892 (pid 6747) Use of struct sctp_assoc_value in delayed_ack socket option. [ 282.681326][ T6747] Use struct sctp_sack_info instead [ 282.709996][ T3597] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 282.997395][ T3597] usb 2-1: Using ep0 maxpacket: 8 [ 283.118379][ T3597] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 283.141074][ T3597] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 283.182472][ T3597] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 283.214636][ T3597] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 283.259946][ T3597] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 283.284677][ T3597] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.608165][ T3597] usb 2-1: GET_CAPABILITIES returned 0 [ 283.619679][ T3597] usbtmc 2-1:16.0: can't read capabilities [ 284.051280][ T3597] usb 2-1: USB disconnect, device number 10 [ 284.118679][ T6755] netlink: 8 bytes leftover after parsing attributes in process `syz.3.894'. [ 284.180610][ T6755] IPv6: ADDRCONF(NETDEV_CHANGE): gre2: link becomes ready [ 284.306696][ T27] audit: type=1326 audit(1719782988.422:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6758 comm="syz.0.895" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faa6f575b99 code=0x0 [ 284.947337][ T6106] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 285.697296][ T6106] usb 5-1: Using ep0 maxpacket: 8 [ 285.897530][ T6106] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice= 2.a2 [ 285.918231][ T6106] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.049601][ T6776] sctp: [Deprecated]: syz.1.899 (pid 6776) Use of struct sctp_assoc_value in delayed_ack socket option. [ 286.049601][ T6776] Use struct sctp_sack_info instead [ 290.452306][ T6106] usb 5-1: Firmware version (0.0) predates our first public release. [ 293.662126][ T6106] usb 5-1: Please update to version 0.2 or newer [ 293.859743][ T6106] usb 5-1: USB disconnect, device number 4 [ 295.403352][ T27] audit: type=1326 audit(1719782999.522:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.3.908" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbbceb75b99 code=0x0 [ 297.480767][ T47] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 298.578910][ T6816] netdevsim netdevsim3: Direct firmware load for ng failed with error -2 [ 298.691359][ T6816] netdevsim netdevsim3: Falling back to sysfs fallback for: ng [ 299.147466][ T1148] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 299.357376][ T47] Bluetooth: hci1: command 0x0406 tx timeout [ 300.247361][ T1148] usb 5-1: Using ep0 maxpacket: 8 [ 300.368016][ T1148] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice= 2.a2 [ 300.387627][ T1148] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.397360][ T3836] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.574392][ T3563] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 300.593689][ T3563] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 300.602385][ T3563] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 300.612426][ T3563] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 300.861142][ T3563] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 300.872701][ T3563] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 301.115752][ T3836] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 301.447425][ T1148] usb 5-1: Firmware version (0.0) predates our first public release. [ 301.455579][ T1148] usb 5-1: Please update to version 0.2 or newer [ 301.867797][ T3836] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.816989][ T6848] sctp: [Deprecated]: syz.3.921 (pid 6848) Use of struct sctp_assoc_value in delayed_ack socket option. [ 302.816989][ T6848] Use struct sctp_sack_info instead [ 302.829009][ T1148] usb 5-1: USB disconnect, device number 5 [ 302.911228][ T3836] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.957310][ T3563] Bluetooth: hci0: command tx timeout [ 303.065212][ T6863] sctp: [Deprecated]: syz.2.923 (pid 6863) Use of struct sctp_assoc_value in delayed_ack socket option. [ 303.065212][ T6863] Use struct sctp_sack_info instead [ 303.648262][ T6840] chnl_net:caif_netlink_parms(): no params data found [ 304.899755][ T3563] Bluetooth: hci3: unexpected event for opcode 0x2039 [ 305.047263][ T3563] Bluetooth: hci0: command tx timeout [ 305.363882][ T3563] Bluetooth: hci4: unexpected event 0x04 length: 14 > 10 [ 305.659129][ T6840] bridge0: port 1(bridge_slave_0) entered blocking state [ 305.689198][ T6840] bridge0: port 1(bridge_slave_0) entered disabled state [ 305.706453][ T6840] device bridge_slave_0 entered promiscuous mode [ 305.729484][ T6840] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.752154][ T6840] bridge0: port 2(bridge_slave_1) entered disabled state [ 305.803700][ T6840] device bridge_slave_1 entered promiscuous mode [ 305.937568][ T6840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 305.977522][ T3600] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 306.049749][ T6840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 306.234366][ T6840] team0: Port device team_slave_0 added [ 306.257334][ T3600] usb 4-1: Using ep0 maxpacket: 8 [ 306.334592][ T6840] team0: Port device team_slave_1 added [ 306.377581][ T3600] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice= 2.a2 [ 306.402243][ T3600] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.533413][ T6840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 306.557302][ T6840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 306.645114][ T6840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 306.757427][ T3600] usb 4-1: Firmware version (0.0) predates our first public release. [ 306.772013][ T3600] usb 4-1: Please update to version 0.2 or newer [ 306.973549][ T6840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 306.990053][ T6840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.017688][ T6840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 307.117314][ T3559] Bluetooth: hci0: command tx timeout [ 307.134177][ T3600] usb 4-1: USB disconnect, device number 9 [ 307.437252][ T3559] Bluetooth: hci4: command tx timeout [ 307.524039][ T6840] device hsr_slave_0 entered promiscuous mode [ 307.632753][ T6840] device hsr_slave_1 entered promiscuous mode [ 307.633248][ T6840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 307.633325][ T6840] Cannot create hsr debugfs directory [ 307.679844][ T3836] device hsr_slave_0 left promiscuous mode [ 307.680302][ T3836] device hsr_slave_1 left promiscuous mode [ 307.680797][ T3836] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 307.680826][ T3836] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 307.681315][ T3836] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 307.681336][ T3836] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 307.681805][ T3836] device bridge_slave_1 left promiscuous mode [ 307.681910][ T3836] bridge0: port 2(bridge_slave_1) entered disabled state [ 307.683157][ T3836] device bridge_slave_0 left promiscuous mode [ 307.683287][ T3836] bridge0: port 1(bridge_slave_0) entered disabled state [ 307.924573][ T3836] device veth1_macvtap left promiscuous mode [ 307.924752][ T3836] device veth0_macvtap left promiscuous mode [ 307.924839][ T3836] device veth1_vlan left promiscuous mode [ 307.924906][ T3836] device veth0_vlan left promiscuous mode [ 309.197418][ T3559] Bluetooth: hci0: command tx timeout [ 310.546785][ T6967] [ 310.549162][ T6967] ====================================================== [ 310.556371][ T6967] WARNING: possible circular locking dependency detected [ 310.563394][ T6967] 6.1.96-syzkaller #0 Not tainted [ 310.568417][ T6967] ------------------------------------------------------ [ 310.575443][ T6967] syz.4.944/6967 is trying to acquire lock: [ 310.581348][ T6967] ffff888012b68400 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: ext4_bmap+0x4b/0x410 [ 310.590959][ T6967] [ 310.590959][ T6967] but task is already holding lock: [ 310.598326][ T6967] ffff88807e8743f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x323/0xc40 [ 310.608967][ T6967] [ 310.608967][ T6967] which lock already depends on the new lock. [ 310.608967][ T6967] [ 310.619372][ T6967] [ 310.619372][ T6967] the existing dependency chain (in reverse order) is: [ 310.628404][ T6967] [ 310.628404][ T6967] -> #4 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: [ 310.637192][ T6967] lock_acquire+0x1f8/0x5a0 [ 310.642240][ T6967] mutex_lock_io_nested+0x134/0xab0 [ 310.647969][ T6967] jbd2_journal_flush+0x29b/0xc40 [ 310.653531][ T6967] ext4_ioctl+0x3986/0x5f60 [ 310.658685][ T6967] __se_sys_ioctl+0xf1/0x160 [ 310.663937][ T6967] do_syscall_64+0x3b/0xb0 [ 310.668914][ T6967] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 310.675342][ T6967] [ 310.675342][ T6967] -> #3 (&journal->j_barrier){+.+.}-{3:3}: [ 310.683356][ T6967] lock_acquire+0x1f8/0x5a0 [ 310.688396][ T6967] __mutex_lock+0x132/0xd80 [ 310.693421][ T6967] jbd2_journal_lock_updates+0x2b0/0x380 [ 310.699577][ T6967] ext4_change_inode_journal_flag+0x1a8/0x6e0 [ 310.706190][ T6967] ext4_fileattr_set+0xe04/0x1770 [ 310.711831][ T6967] vfs_fileattr_set+0x8f3/0xd30 [ 310.717240][ T6967] do_vfs_ioctl+0x1cd1/0x2a90 [ 310.722461][ T6967] __se_sys_ioctl+0x81/0x160 [ 310.727601][ T6967] do_syscall_64+0x3b/0xb0 [ 310.732586][ T6967] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 310.739060][ T6967] [ 310.739060][ T6967] -> #2 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 310.747516][ T6967] lock_acquire+0x1f8/0x5a0 [ 310.752562][ T6967] percpu_down_write+0x50/0x2f0 [ 310.757949][ T6967] ext4_change_inode_journal_flag+0x1a0/0x6e0 [ 310.764550][ T6967] ext4_fileattr_set+0xe04/0x1770 [ 310.770107][ T6967] vfs_fileattr_set+0x8f3/0xd30 [ 310.775493][ T6967] do_vfs_ioctl+0x1cd1/0x2a90 [ 310.780694][ T6967] __se_sys_ioctl+0x81/0x160 [ 310.785819][ T6967] do_syscall_64+0x3b/0xb0 [ 310.790940][ T6967] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 310.797360][ T6967] [ 310.797360][ T6967] -> #1 (mapping.invalidate_lock){++++}-{3:3}: [ 310.805713][ T6967] lock_acquire+0x1f8/0x5a0 [ 310.810758][ T6967] down_write+0x36/0x60 [ 310.815440][ T6967] ext4_setattr+0xec7/0x1a00 [ 310.820559][ T6967] notify_change+0xce3/0xfc0 [ 310.825682][ T6967] do_truncate+0x21c/0x300 [ 310.830624][ T6967] do_sys_ftruncate+0x2e2/0x380 [ 310.836001][ T6967] do_syscall_64+0x3b/0xb0 [ 310.840948][ T6967] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 310.847388][ T6967] [ 310.847388][ T6967] -> #0 (&sb->s_type->i_mutex_key#8){++++}-{3:3}: [ 310.856001][ T6967] validate_chain+0x1661/0x5950 [ 310.861396][ T6967] __lock_acquire+0x125b/0x1f80 [ 310.866779][ T6967] lock_acquire+0x1f8/0x5a0 [ 310.871816][ T6967] down_read+0xad/0xa30 [ 310.876494][ T6967] ext4_bmap+0x4b/0x410 [ 310.881177][ T6967] bmap+0xa1/0xd0 [ 310.885340][ T6967] jbd2_journal_flush+0x5b5/0xc40 [ 310.890984][ T6967] ext4_ioctl+0x3986/0x5f60 [ 310.896014][ T6967] __se_sys_ioctl+0xf1/0x160 [ 310.901142][ T6967] do_syscall_64+0x3b/0xb0 [ 310.906089][ T6967] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 310.912513][ T6967] [ 310.912513][ T6967] other info that might help us debug this: [ 310.912513][ T6967] [ 310.922740][ T6967] Chain exists of: [ 310.922740][ T6967] &sb->s_type->i_mutex_key#8 --> &journal->j_barrier --> &journal->j_checkpoint_mutex [ 310.922740][ T6967] [ 310.938228][ T6967] Possible unsafe locking scenario: [ 310.938228][ T6967] [ 310.945678][ T6967] CPU0 CPU1 [ 310.951040][ T6967] ---- ---- [ 310.956418][ T6967] lock(&journal->j_checkpoint_mutex); [ 310.961992][ T6967] lock(&journal->j_barrier); [ 310.969306][ T6967] lock(&journal->j_checkpoint_mutex); [ 310.977390][ T6967] lock(&sb->s_type->i_mutex_key#8); [ 310.982790][ T6967] [ 310.982790][ T6967] *** DEADLOCK *** [ 310.982790][ T6967] [ 310.990956][ T6967] 2 locks held by syz.4.944/6967: [ 310.995981][ T6967] #0: ffff88807e874170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x2b0/0x380 [ 311.006991][ T6967] #1: ffff88807e8743f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x323/0xc40 [ 311.018084][ T6967] [ 311.018084][ T6967] stack backtrace: [ 311.023970][ T6967] CPU: 1 PID: 6967 Comm: syz.4.944 Not tainted 6.1.96-syzkaller #0 [ 311.031862][ T6967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 311.041927][ T6967] Call Trace: [ 311.045230][ T6967] [ 311.048165][ T6967] dump_stack_lvl+0x1e3/0x2cb [ 311.052859][ T6967] ? nf_tcp_handle_invalid+0x642/0x642 [ 311.058336][ T6967] ? print_circular_bug+0x12b/0x1a0 [ 311.063559][ T6967] check_noncircular+0x2fa/0x3b0 [ 311.068505][ T6967] ? add_chain_block+0x850/0x850 [ 311.073483][ T6967] ? lockdep_lock+0x11f/0x2a0 [ 311.078176][ T6967] ? _find_first_zero_bit+0xd0/0x100 [ 311.083668][ T6967] validate_chain+0x1661/0x5950 [ 311.088547][ T6967] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 311.094546][ T6967] ? reacquire_held_locks+0x660/0x660 [ 311.099969][ T6967] ? do_raw_spin_unlock+0x137/0x8a0 [ 311.105267][ T6967] ? validate_chain+0x112/0x5950 [ 311.110309][ T6967] ? finish_task_switch+0x1ca/0x810 [ 311.115651][ T6967] ? mark_lock+0x9a/0x340 [ 311.120016][ T6967] __lock_acquire+0x125b/0x1f80 [ 311.124898][ T6967] lock_acquire+0x1f8/0x5a0 [ 311.129420][ T6967] ? ext4_bmap+0x4b/0x410 [ 311.133778][ T6967] ? read_lock_is_recursive+0x10/0x10 [ 311.139199][ T6967] ? __might_sleep+0xb0/0xb0 [ 311.143798][ T6967] ? __lock_acquire+0x125b/0x1f80 [ 311.148845][ T6967] down_read+0xad/0xa30 [ 311.153009][ T6967] ? ext4_bmap+0x4b/0x410 [ 311.157352][ T6967] ? bit_waitqueue+0x30/0x30 [ 311.161956][ T6967] ? __down_common+0x8b0/0x8b0 [ 311.166756][ T6967] ? jbd2_journal_flush+0x374/0xc40 [ 311.171971][ T6967] ? __lock_acquire+0x1f80/0x1f80 [ 311.177025][ T6967] ? jbd2_cleanup_journal_tail+0x1a7/0x2c0 [ 311.182861][ T6967] ? ext4_journalled_write_end+0xec0/0xec0 [ 311.188687][ T6967] ext4_bmap+0x4b/0x410 [ 311.192866][ T6967] ? ext4_journalled_write_end+0xec0/0xec0 [ 311.198687][ T6967] bmap+0xa1/0xd0 [ 311.202341][ T6967] jbd2_journal_flush+0x5b5/0xc40 [ 311.207383][ T6967] ? jbd2_journal_lock_updates+0x2b0/0x380 [ 311.213197][ T6967] ? asm_sysvec_call_function_single+0x16/0x20 [ 311.219386][ T6967] ? __bpf_trace_jbd2_shrink_checkpoint_list+0x50/0x50 [ 311.226256][ T6967] ext4_ioctl+0x3986/0x5f60 [ 311.230776][ T6967] ? __sched_text_start+0x8/0x8 [ 311.235642][ T6967] ? ext4_fileattr_set+0x1770/0x1770 [ 311.240935][ T6967] ? preempt_schedule_irq+0x136/0x1c0 [ 311.246318][ T6967] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 311.252310][ T6967] ? print_irqtrace_events+0x210/0x210 [ 311.257779][ T6967] ? do_vfs_ioctl+0x1ab2/0x2a90 [ 311.262727][ T6967] ? asm_sysvec_call_function_single+0x16/0x20 [ 311.268896][ T6967] ? __x64_compat_sys_ioctl+0x80/0x80 [ 311.274269][ T6967] ? asm_sysvec_call_function_single+0x16/0x20 [ 311.280461][ T6967] ? __srcu_read_unlock+0x44/0x60 [ 311.285499][ T6967] ? tomoyo_path_number_perm+0x68a/0x7f0 [ 311.291158][ T6967] ? tomoyo_path_number_perm+0x1f2/0x7f0 [ 311.296794][ T6967] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 311.302290][ T6967] ? __fget_files+0x28/0x4a0 [ 311.306921][ T6967] ? __fget_files+0x28/0x4a0 [ 311.311527][ T6967] ? __fget_files+0x435/0x4a0 [ 311.316222][ T6967] ? __fget_files+0x28/0x4a0 [ 311.320821][ T6967] ? bpf_lsm_file_ioctl+0x5/0x10 [ 311.325770][ T6967] ? security_file_ioctl+0x7d/0xa0 [ 311.330909][ T6967] ? ext4_fileattr_set+0x1770/0x1770 [ 311.336208][ T6967] __se_sys_ioctl+0xf1/0x160 [ 311.340903][ T6967] do_syscall_64+0x3b/0xb0 [ 311.345330][ T6967] ? clear_bhb_loop+0x45/0xa0 [ 311.350018][ T6967] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 311.355918][ T6967] RIP: 0033:0x7f7048375b99 [ 311.360344][ T6967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.379961][ T6967] RSP: 002b:00007f70491b7048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 311.388395][ T6967] RAX: ffffffffffffffda RBX: 00007f7048504078 RCX: 00007f7048375b99 [ 311.396391][ T6967] RDX: 0000000020000200 RSI: 000000004004662b RDI: 0000000000000006 [ 311.404463][ T6967] RBP: 00007f70483f677e R08: 0000000000000000 R09: 0000000000000000 [ 311.412441][ T6967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 311.420412][ T6967] R13: 000000000000006e R14: 00007f7048504078 R15: 00007fffba6d8b08 [ 311.428392][ T6967] [ 311.607902][ T3836] team0 (unregistering): Port device team_slave_1 removed [ 311.646062][ T3836] team0 (unregistering): Port device team_slave_0 removed [ 311.688668][ T3836] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 311.730940][ T3836] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 312.143154][ T3836] bond0 (unregistering): Released all slaves [ 312.817174][ T6840] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 312.839934][ T6840] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 312.859512][ T6840] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 312.879850][ T6840] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 312.984070][ T6840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 313.000799][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 313.011708][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 313.022136][ T6840] 8021q: adding VLAN 0 to HW filter on device team0 [ 313.035053][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 313.045988][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 313.056901][ T3600] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.064124][ T3600] bridge0: port 1(bridge_slave_0) entered forwarding state [ 313.085285][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 313.095402][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 313.104437][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 313.115029][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.122692][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 313.133192][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 313.143409][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 313.165758][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 313.176820][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 313.185460][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 313.195514][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 313.204470][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 313.214281][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 313.226130][ T6840] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 313.240988][ T6840] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 313.251383][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 313.260138][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 313.269042][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 313.454622][ T6840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 313.466178][ T6105] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 313.474448][ T6105] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 313.503678][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 313.512951][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 313.531091][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 313.540471][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 313.552132][ T6840] device veth0_vlan entered promiscuous mode [ 313.559989][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 313.570280][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 313.583066][ T6840] device veth1_vlan entered promiscuous mode [ 313.605446][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 313.615947][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 313.624565][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 313.636044][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 313.647313][ T6840] device veth0_macvtap entered promiscuous mode [ 313.657030][ T6840] device veth1_macvtap entered promiscuous mode [ 313.675144][ T6840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 313.685926][ T6840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.697638][ T6840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 313.709812][ T6840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.720118][ T6840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 313.730934][ T6840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.741367][ T6840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 313.752514][ T6840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.765644][ T6840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 313.775586][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 313.784609][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 313.793014][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 313.802268][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 313.812928][ T6840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 313.825210][ T6840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.835675][ T6840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 313.847236][ T6840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.859551][ T6840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 313.870771][ T6840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.883047][ T6840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 313.893893][ T6840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.907404][ T6840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 313.916241][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 313.928872][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 313.940991][ T6840] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 313.952297][ T6840] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 313.964617][ T6840] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 313.974544][ T6840] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.010247][ T6840] ieee80211 phy29: Selected rate control algorithm 'minstrel_ht' [ 314.038847][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 314.046709][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 314.062683][ T6840] ieee80211 phy30: Selected rate control algorithm 'minstrel_ht' [ 314.071863][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 314.079546][ T3563] Bluetooth: hci4: command 0x0406 tx timeout [ 314.106829][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 314.117282][ T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 314.124861][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 317.118350][ T1255] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.124722][ T1255] ieee802154 phy1 wpan1: encryption failed: -22