last executing test programs: 10m40.478923325s ago: executing program 0 (id=122): r0 = syz_open_dev$evdev(&(0x7f0000000380), 0xc, 0x0) ioctl$EVIOCSKEYCODE(r0, 0x40084504, &(0x7f0000000480)=[0x2, 0x6]) 10m40.280708246s ago: executing program 0 (id=125): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000400)={[{@nojournal_checksum}, {@nombcache}, {@barrier}, {@nogrpid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@nodelalloc}, {@usrquota}, {@jqfmt_vfsold}, {@test_dummy_encryption}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@sysvgroups}, {@discard}], [{@smackfsdef={'smackfsdef', 0x3d, 'min_batch_time'}}, {@hash}, {@pcr={'pcr', 0x3d, 0x24}}]}, 0xff, 0x575, &(0x7f00000009c0)="$eJzs3U1rG0cfAPD/ynLenycOhEB7KKE5NCWNHNt9SaGH9Fja0EB7T4WtmGA5CpYcYjfQ5NBceimhUEoDpR+g9x5Dv0A/RaANhBJMe+jFZeXdRLYlW7aVyI5+P1hnRzPy7F+zM5ndWaMABtbJ9Ech4pWI+DaJONqSV4ws8+RKuaUntybTLYnl5c/+SiLJXsvLJ9m/h/NEMeK3ryPOFFZVOZL+qC8szpSr1cpc9uJoY/b6aH1h8ezV2fJ0ZbpybXxi4vw7E+Pvv/fu2kNObm8z1jcv/fPDpw8+Ov/NqaXvf3l07F4SF+JIltcaxw6sOrSTK59u04U1Bcd6UNlukvT7ANiWoayfD0c6BhyNoazXAy+/ryJiuSsx0l05YO9Iuuz/wMsmnwfk1/Y9ug7eMx5/uHIBtD7+Ynb1fqB5bXRoKVl1ZZTkNzJ2KK3j1z/v30u36N19CIBN3b4TEeeKxfXjX9Jy93J7znVRZm0dxj94cR6k85+32s1/Ck/nP9Fm/nO4Td/djs37f+FRD6rpKJ3/fdB2/pstWo3EyFCW+l8zOZxcuVqtpGPb/yPidAzvT9MbreecX3q43Cmvdf6Xbmn9+VwwO45Hxf2r3zNVbpR3FvUzj+9EvNp2/ps8bf+kTfunn8elLus4Ubn/Wqe8zeN/vpZ/jnijbfs/W9FKNl6fHG2eD6P5WbHe33dP/N6p/n7Hn7b/oY3jH0la12vrW6/jpwP/VjrldYx/X16i/fm/L/m8uZ8Xu1luNObGIvYln6x/ffzZe/N0Xj6N//Spjce/duf/wYj4osv47x6/27Hojtq/B4uuafxTW2r/re0Mz5SrDz/+8setx38xuzuRtv/bzbKns/d0M/51e4A7/wQBAAAAAABg9yhExJFICqWn+4VCqbTyfMfxOFSo1uqNM1dqr0czr/n8QyFf6T7a8jzEWPY8bJ4eX5OeiIhjEfHd0MFmujRZq071O3gAAAAAAAAAAAAAAAAAAADYJQ53+Pv/1B9D/T464Lnzld8wuDbt/734pidgV/L/Pwwu/R8Gl/4Pg0v/h8Gl/8Pg0v9hcOn/MLj0fwAAAAAAAAAAAAAAAAAAAAAAAAAAAOipSxcvptvy0pNbk2l66sbC/EztxtmpSn2mNDs/WZqszV0vTddq09VKabI2u9nvq9Zq18fGY/7maKNSb4zWFxYvz9bmrzUuX50tT1cuV4ZfSFQAAAAAAAAAAAAAAAAAAACwt9QXFmfK1Wplzs5g7OzPGr5nv7C4O+LaMzsHI6J/tc93XbjPAxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtPgvAAD//2ysM+A=") r0 = socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0xa02000000000000, 0x60, &(0x7f0000000000)={'filter\x00', 0xb001, 0x4, 0x3a0, 0xe8, 0x1d0, 0xe8, 0x2b8, 0x2b8, 0x2b8, 0x7fffffe, 0x0, {[{{@arp={@private=0xa010100, @empty, 0x0, 0x0, 0xa, 0x0, {}, {@mac=@local}, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 'pimreg\x00', 'veth0_to_bridge\x00'}, 0xc0, 0xe8}, @unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x8, 0x4b8, 0x1}}}, {{@arp={@remote, @empty, 0x0, 0x0, 0x0, 0x3, {@empty, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}}, {@empty, {[0xff]}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_to_team\x00', 'bridge_slave_0\x00'}, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE3={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x3f0) 10m38.051892086s ago: executing program 0 (id=130): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009e173610ef171e7206de010203010902"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000080)={0x40, 0x17, 0x4, "55850d4e"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 10m36.09859037s ago: executing program 0 (id=137): syz_clone3(0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x2f) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in=@loopback, @in=@broadcast, 0x0, 0xfffd, 0x4e22, 0x0, 0x2, 0x0, 0x0, 0x29}, {0x0, 0x80, 0x7fffffffffffffff, 0xfffffffffffffffd, 0x7, 0xa7, 0x7, 0x100}, {0x0, 0x10, 0x0, 0xfffeffffffffffde}, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d2, 0x3c}, 0x0, @in=@local, 0xfffffffd, 0x0, 0x2, 0x4, 0x8, 0x0, 0x1}}, 0xe8) fsetxattr$security_ima(r0, 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB], 0x3, 0x2) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x4, 0x3fa, &(0x7f00000004c0)="$eJzs281rXFUbAPDn3nyUt2nfxFq/2qrTBjGgJk2iQsBNRUVBcKE7FxKaaSlOmtKM2BYXKoKr4saVrlzpH+DGhSDuXQmudC+FIMW1jNyZe5txMhMzyYyjvb8fTHLO3DOc88yZZ+bcc2cCKK1K9ieJOBIRP0fEdKv61waV1r/fb793Prsl0Wi8/lvSbJfVi6bF46byylwakX6UxMku/W5ev/H2aq1WvZrXF+rrVxY2r9946tL66sXqxerl5ZVnzi4trzy7sjywWG/ePvXTxuev/fHJmV+mnr/51gvZeI/kx9rjGJRKVKKR6zz22KA7G7GjbeVkfIQDoS9jEZFN10Qz/6djLLYnbzpe/HCkgwOGKvtsOtT78PsN4C6WxKhHAIxG8UFfnNsP4zz432zrXOsEaGf845HmbSY6zm8HKTvbuvbmx99mtxjSPgQAQLvvsvXPk93WP2nc39bu//m1oZmIuCcijkXEvRFxPCLui2i2fSAiHuyz/0pHfef6J721r8D2KFv/Pdd1/Vus/mJmLK8dbcY/kVy4VKuezZ+TuZg4lNUXd+njx1e++rLXsUrb+i+7Zf0Xa8F8HLfGOzbo1lbrqweJud3WBxEnuq5/kztXApKIeCgiTuyzj2/ONT7rdezv4x+uxhcRj3ed/+2roMnu1ycXmq+HheJVsdOpd6+s9ep/1PFn83949/hnkvbrtZv99/H1zOmtXsf2+/qfTN5olifz+66t1utXFyMmk1d33r+0/diiXrTP4p+b7Z7/x2L7mTiZzWNEPBwRj0TEo/nYT0fEmYiY3SX+l2Zfru4//uHK4l/ra/77L6wvff9Dr/73Nv9PN0tz+T17ef/b6wAP8twBAADAf0Xa/A58ks7fKafp/HzrO/zH43Ba29isP3Fh453La63vys/ERFrsdE237Ycu5nvDRX2po76c7xt/Ova/Zn3+/Eat56YY8I+Y6pH/mV/HRj06YOj8XgvKS/5Decl/KC/5D+Ul/6G85D+Ul/yH8pL/UF7yH8pL/kMpHeR3/QoKCndrYdTvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIPxZwAAAP//jYTnFQ==") creat(&(0x7f0000000040)='./bus\x00', 0x0) truncate(&(0x7f0000000180)='./file0/file0\x00', 0xb8) open$dir(0x0, 0x420000, 0x2) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x8005, 0x0, 0x0, 0x12, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]}) truncate(&(0x7f00000000c0)='./file0/file0\x00', 0x3db1) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) syz_mount_image$ext4(&(0x7f0000000140)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000600)={[{@oldalloc}, {@nobh}, {@noblock_validity}, {@commit}, {@inlinecrypt}, {@data_ordered}, {@grpid}, {@auto_da_alloc}, {@resgid}, {@usrjquota}, {@block_validity}]}, 0xd, 0x5e2, &(0x7f0000001300)="$eJzs3c1vVFUbAPDnTj9oKe/bQt68igtpYgwkSksLGGJcwNaQBj/ixo2VFkQGaGiNFk0oCW5MjBtjTFy5EP8LJbJlpSsXblwZEqKGpYlj7vTe0mnvtPTzVu7vlww995y5OecyfXrOnDnnTgCVNZj+U4vYHxFTSUR/MrdQ1hlZ4eD88x78+dHZ9JFEo/Ha70kkWV7+/CT72Zed3BMRP/6QxL6O5fVOz167OF6vT17NjodnLk0NT89eO3zh0vj5yfOTl0dfGD1x/NjxEyNH1nVd1wvyTt989/3+T8be/Oarv5KRb38ZS+JkvJw9cfF1bJbBGGz+nyTLi/pObHZlJenIfk8Wv8RJZ4kNYk3y168rIp6I/uiIhy9ef3z8SqmNA7ZUI4loABWViH+oqHwckL+3X/o+uFbKqATYDvdPzU8ALI//zvm5wehpzg3sfpDE4mmdJCLWNzPXak9E3L0zdvPcnbGbsUXzcECxuRsR8WRR/CfN+B+Inhhoxn+tJf7TccGZ7Gea/+o66186VSz+YfvMx3/PivEfbeL/rUXx//Y66x98mHyntyX+e9d7SQAAAAAAAFBZt09FxPNFn//XFtb/RMH6n76IOLkJ9Q8uOV7++X/t3iZUAxS4fyripcL1v7V89e9AR5b6T3M9QFdy7kJ98khE/DciDkXXrvR4ZIU6Dn+678t2ZYPZ+r/8kdZ/N1sLmLXjXueu1nMmxmfGN3rdQMT9GxFPFa7/TRb6/6Sg/0//Hkw9Yh37nr11pm3h3GrxD2yVxtcRBwv7/zTqdy2kVrg/x3BzPDCcjwqWe/rDz75rV//q/X8xt5iAjUv7/91t479pIFl8v57ptddxdLaz0a5sveP/7uT15i1nurO8D8ZnZq6ORHQnpzvS3Jb80bW3GR5HeTzk8ZLG/6FnVp7/Kxr/984P3Vskf7TuKc79/+++X9u1Z739P7BxafxPrKn/X3ti9NbA9+3qf7T+/1izrz+U5Zj/g3lf5GHa3ZpfEI6dRUXb3V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBzUImJPJLWhhXStNjQU0RcR/4vdtfqV6Znnzl157/JEWtb8/v9a/k2//fPHSf79/wOLjkeXHB+NiL0R8XlHb/N46OyV+kTZFw8AAAAAAAAAAAAAAAAAAAA7RF+b/f+p3zrKbh2w5TrLbgBQmoL4/6mMdgDbT/8P1SX+obrEP1SX+IfqEv9QXeIfqkv8Q3WJfwAAAAAAeKzsPXD75yQi5l7sbT5S3VlZV6ktA7ZarewGAKVxix+oLkt/oLq8xweSVcp72p602pkrmTq7gZMBAAAAAAAAAAAAoHIO7rf/H6rK/n+oLvv/obry/f8HSm4HsP28xwdilZ38hfv/Vz0LAAAAAAAAAAAAANhM07PXLo7X65NXJd7YGc3YzkSj0bie/hbslPb8yxP5Uvid0p4liXyv3yM8uXe8Xt7fJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoNU/AQAA//+IZSTK") syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./bus\x00', 0x10, &(0x7f0000000000)={[{@grpjquota, 0x4a}, {@grpid}, {@jqfmt_vfsold}, {@noquota}, {@debug}, {@usrjquota, 0x22}, {@nojournal_checksum}, {@errors_remount}], [], 0x2c}, 0x84, 0x4f5, &(0x7f00000006c0)="$eJzs3ElvHMUeAPB/t5fYL/GzXx5bFsBswmKxY2c9cAAEUi6RQCAUJC7GdqIQJ0GxkZLIwgahcET5BMARwSfgFC6I5QLiCuKKkCLkSwIHNKhneiZj99geO56Y2L+fNHZVd3VXVVeVp7pL7QC2rP7sRxKxIyJ+jojeSnRhgv7KrxvzM2N/zs+MJVEqvfJHUk53fX5mrJq0etz2PDKQRqQfJLGnQb5TFy+dHp2cnDifx4emz7w9NHXx0tOnzoyenDg5cXbkyJED+7sPHxo5uC717MnKuvvdc3t3HX39yrGx41fe/PaLrLylfH9X4Yi+VebQVtjSH/0Lr2Wdx1Z59n+7nrpw0r6BBWFVsl6bNVdHefz3RlvcbLzeePH9DS0c0FKlUqm0rbC19l02V6qXJJUDgE0iWXZIdxvwsGlVv+ivz2d3qjNj9ffzCxVnCZvBteeifAeU1ftG/qnsaY80u4fvq9wbtcpdEXF87q+Ps08sep4CANAKV7P5z1OVeUf1U9mTxj116f6brw31RcT/ImJnRPw/n7/cHVFOe29E3Lfg7LMr5t+/KF6c//zYvebKNSGb/z2Tr20tnP+l1SR9bXmsp1z/juTEqcmJffk1GYiObVl8uHjq2oT5qxd++mip/Pvr5n/ZJ8u/OhfMy/F7+6Kp9/jo9Oit1rvq2nvlR3qzxfontZWA7M5gV0TsXsP5s2t26onP9jbcWb3Ey9Z/GeuwzlT6NOLxSvvPxaL6ZzrzUOP1yeHDh0YODnXF5MS+oWqvKPruh8sv5cHCrcTK7d9aWfv/p9b/K78re5LqBe5L6tdrp1afx+VfPlzynmat/b8zebUc7sy3XRidnj4/HNGZzBW3j9w89sJo94L0Wf0HuhqP/50Rf3+SH7cnIrJOfH9EPPD9zbI/FBEPR8Qjy9T/m+cffatR2zdX/9bK6j/e8O9fbeV6Ufs3HciGfjnQdvrrL5fKv7n2P1AODeRbxkeni8v1i6xcwKwfrKU3AwAAwJ3nwYjYEUk6mD+O2xFpOjgYsb32BGVq+skT5945O155R6AvOtLqk67euuehw/mz4SyeHTVSF8/27y8/Ny6VSqXucnxw7Nxkz8ZWHba87UuM/8xvxVdagM1mVetoS73RBtyR1r6OXlrXcgC3n/e1Yesy/mHranr8t/JNOGBDNBr/sxE36uOb8/VfoNH4f225Az4/dtXaIGwO7v9h6zL+Yesqjv90Q8oB3FZreK+/qcDOo8ukSdpbk2kxUH1qmUaDNB0Rkf9Pi76I1Z351zT/5wa3XNS2da1ydxNt2hXrkVd7umKa9jd6Y6m8Xi5e8MrXUBKrbYs1BNLb0/2aC2yr9cMl0qRR62yz1cClW8n02UbDYVFgQ/8sAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArJt/AgAA//9eQsiO") mount(0x0, 0x0, 0x0, 0x2390024, &(0x7f0000000000)) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r4, 0x25, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r4, 0x26, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x52, 0x0, 0x0) writev(r2, 0x0, 0x0) 10m34.806862735s ago: executing program 0 (id=140): r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="401504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000480)={0x0, 0x16, 0xf, "94c161ee5e033a76efc9633e5f795f"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000140)={0x0, 0xf, 0x4, "c7a13997"}, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000680)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x4, "a13b1f21"}, 0x0, 0x0, 0x0, 0x0}) 10m34.079604028s ago: executing program 0 (id=146): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000040000000c"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, 0x0, 0x0) bind$inet6(r0, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, 0x0, 0x0) bind$inet6(r2, 0x0, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(0xffffffffffffffff, 0x1e, 0x0, 0x1) setsockopt$sock_int(r3, 0x1, 0xf, 0x0, 0x0) bind$inet6(r3, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x28011, 0xffffffffffffffff, 0x0) 10m32.979479022s ago: executing program 32 (id=146): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000040000000c"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, 0x0, 0x0) bind$inet6(r0, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, 0x0, 0x0) bind$inet6(r2, 0x0, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(0xffffffffffffffff, 0x1e, 0x0, 0x1) setsockopt$sock_int(r3, 0x1, 0xf, 0x0, 0x0) bind$inet6(r3, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x28011, 0xffffffffffffffff, 0x0) 10.512257225s ago: executing program 2 (id=2480): r0 = inotify_init() syz_io_uring_setup(0x86f, &(0x7f0000000400)={0x0, 0x79ab, 0x400, 0xfffffffe, 0x214}, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x2, 0x300) socket(0x10, 0x3, 0x0) pipe2$9p(&(0x7f00000001c0), 0x80) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x5, 0x4, 0xffffffffffffffdd, 0x400000, 0x0, 0xffffffffffffff1b, 0x3c}, 0x0, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 10.481296146s ago: executing program 1 (id=2481): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r3, 0x0, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, 0x0, 0x4040000) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000040)={0x2000, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r4, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) 8.770956538s ago: executing program 1 (id=2483): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x2) pipe2$9p(&(0x7f0000003500)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x2200055, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 8.672538864s ago: executing program 2 (id=2485): r0 = userfaultfd(0x80801) openat$nullb(0xffffffffffffff9c, 0x0, 0x1c3902, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) socket(0x40000000015, 0x5, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x8ab43, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) 8.494904625s ago: executing program 2 (id=2487): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0) write$dsp(0xffffffffffffffff, &(0x7f00000012c0)="a5", 0x1) r2 = dup2(r1, r1) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61106800000000006113740000000000bfa00000000000000700000008ffffffd503010017740040950000000000000069163a0000000000bf67000000000000350607000fff07201706000020190000160300000ee60060bf050000000000007b65b0ff000000006507f9ff01000000070700004d83dde4c375000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369226066812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20ceddf4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a1f37302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a1a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4c6ea9604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a09d8be0fc5beecf153236c19740be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c7476"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48) 7.756356229s ago: executing program 3 (id=2489): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4004000) recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) close_range(r8, 0xffffffffffffffff, 0x2) dup3(r4, r8, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10c4, 0xea90, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000a00)=@raw={'raw\x00', 0xc08, 0x3, 0x440, 0x310, 0x5002004a, 0xb, 0x310, 0xea13, 0x3a8, 0x3c8, 0x3c8, 0x3a8, 0x3c8, 0x3, 0x0, {[{{@ip={@multicast2, @private=0xa010101, 0xff, 0xffffffff, 'bridge0\x00', 'veth0_macvtap\x00', {}, {0xff}, 0x5c, 0x3, 0x2}, 0x0, 0x2c8, 0x310, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{}, {0x16}, {0x4}, {}, {}, {0x0, 0x0, 0x5e}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x6}, {0x0, 0x0, 0x4}, {}, {0x4, 0x8}, {}, {}, {0x1}, {0x0, 0x0, 0x0, 0x7f}, {0x0, 0x4}, {}, {}, {}, {0xfffc}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {0x0, 0x0, 0x40}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x80}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfd}]}}, @common=@inet=@socket3={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4a0) 7.722083501s ago: executing program 1 (id=2490): socket$nl_route(0x10, 0x3, 0x0) socket$inet6(0xa, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4048019}, 0x20040840) write$P9_RXATTRWALK(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) prlimit64(0x0, 0x6, &(0x7f0000000140)={0x0, 0x4}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02080000040000000100000009000100000000", @ANYRES32, @ANYBLOB='\x00\x00'], 0x48) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) open$dir(&(0x7f0000000640)='./file0\x00', 0x149800, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000000), 0x560c89bb) poll(&(0x7f0000000140), 0x0, 0xa2b) creat(&(0x7f0000000200)='./file0\x00', 0x20) r2 = getpgid(0xffffffffffffffff) getpgrp(r2) sched_setaffinity(r2, 0x8, &(0x7f00000005c0)=0x3) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000500)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0xd82a9180, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) 6.131774185s ago: executing program 2 (id=2491): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @empty}, 0x1c) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$smc(&(0x7f0000000280), r5) getsockname$packet(r5, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14) sendmsg$FOU_CMD_ADD(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x34, r4, 0x209, 0x0, 0x0, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @local}, @FOU_ATTR_IFINDEX={0x8, 0xb, r6}, @FOU_ATTR_PEER_V4={0x8, 0x8, @multicast1}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e20}]}, 0x34}, 0x1, 0x0, 0x0, 0x4008080}, 0x0) 4.412548548s ago: executing program 2 (id=2495): sync() mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000002, 0x4012831, 0xffffffffffffffff, 0x81362000) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) sync() sync() 4.245212897s ago: executing program 3 (id=2497): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000380)=0x40a, 0x4) bind$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x28040041, &(0x7f0000000040)={0x2, 0x24e23, @loopback}, 0x10) sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)="1f", 0x1}], 0x1}, 0x48c0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002140)=""/19, 0x13}, 0x1}], 0x1, 0x2, 0x0) recvmmsg(r0, &(0x7f00000005c0), 0x40000000000026c, 0x0, 0x0) 4.03455579s ago: executing program 3 (id=2499): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) write$uinput_user_dev(r0, &(0x7f0000000ec0)={'syz0\x00', {0x0, 0x0, 0x0, 0x9}, 0x0, [0x0, 0x0, 0x200, 0x0, 0x4, 0x7ff, 0x0, 0x0, 0x0, 0x1, 0x7, 0x0, 0x0, 0xffffffff, 0x5, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x8, 0xb16, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xd, 0x1000, 0x0, 0xf, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe, 0x5795, 0xffffffff, 0xfffffffe, 0x0, 0xff, 0xfffffffd, 0xfffffffd, 0x4ec5, 0xfffffffa, 0x0, 0x80000040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0xffffffff], [0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xddc, 0x0, 0x0, 0xfffffffc, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x2, 0xe, 0x1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0xffffffff, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x7, 0x4], [0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc045, 0x0, 0x16, 0x0, 0x4, 0x0, 0x80, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xfffffffe, 0x0, 0x0, 0xffffffff, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x45c) 3.919075367s ago: executing program 1 (id=2501): r0 = syz_usb_connect(0x3, 0x73, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000396d0940fd101315f9b10102030109026100010000000009040001"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000140)={0x14, &(0x7f0000000000)={0x0, 0x3, 0x77, {0x77, 0x20, "125e4da4b84f5985216e9964c86c42b202e1f125e013c75c3aecf68e40a417e82eb0e4c522b1de82c35e310e8616c86be51261edf4b5e19d154717bb46fd354567a526279c7a65608d5ca12f9ab8635f0644031b510e91abf86d6d78075309a5f8d2499376444cae4116da6193a26d45fdc4ccbefd"}}, &(0x7f0000000100)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000440)={0x44, &(0x7f0000000180)={0x20, 0x37, 0x86, "98eeb0e27197478a941247bc528369663e1649296b625593a7698f9460fe8b2c06061a376997a8a8ab3d7e9c44ac688a1a533137a872a854af97bf48a89421d582550f806c9a83cceceaf8cde24372f0a14d599b1867145dc5fae0a15dc29eb614da7e2faabb79434baadfb4076ca2690f3cc0bd94e3cd5dfa04ec758e795dd9e30fcca9c488"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0xdd}, &(0x7f0000000280)={0x0, 0x8, 0x1, 0x3}, &(0x7f00000002c0)={0x20, 0x80, 0x1c, {0x9, 0x3e7, 0x0, 0x6, 0x5, 0x78a1, 0x9, 0x5, 0x5, 0x627, 0xfb2, 0x4000}}, &(0x7f0000000300)={0x20, 0x85, 0x4, 0x7000}, &(0x7f0000000340)={0x20, 0x83, 0x2, 0x1}, 0x0, &(0x7f00000003c0)={0x20, 0x89, 0x2, 0x1}}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) write$P9_RXATTRCREATE(r1, &(0x7f0000000040)={0x7, 0x21, 0x2}, 0x7) syz_usb_control_io$hid(r0, 0x0, 0x0) 3.750943637s ago: executing program 3 (id=2502): unshare(0x28000600) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, 0x0) 3.647185563s ago: executing program 3 (id=2504): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000008300), 0x2, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x1000430, &(0x7f0000000780)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYBLOB="58e1a192964f91b2b2b082e5b2d36bfb79aa692b33c0fe4f45accc6a979fe95b1d5b4e22a06662895c4d17a476b57a481d5cf05900646a29378be685539c12c562299679a0b283bb57257a03de500c90b4f9c738ba49abcf815137ce1b502040ec2b298001c1061f5d63c5d718cd995f", @ANYRES8=r0, @ANYRES64=r0, @ANYRESDEC=r0]) syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f0000000ec0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x78, 0x0, 0x9, {0x101, 0xb, 0x0, {0x1, 0x0, 0xbdd6, 0x400, 0x10000, 0x5, 0x9d1f, 0x4, 0x8, 0x4000, 0x7, 0x0, 0xffffffffffffffff, 0x7ffffff7, 0xc877}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f00000000c0)={0x0, 0x7732561d5b88ce84}) r1 = socket$alg(0x26, 0x5, 0x0) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f0000000640)=ANY=[@ANYBLOB="736563757216ae2c697479000000000000000000000000000000000000000000000000040000000d"], 0x0) bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000000203010100000001000000000400004a080001000100002a4ad0ddcd010cd9544f4cf7062a1bcbca33"], 0x1c}, 0x1, 0x0, 0x0, 0x48841}, 0x2000c010) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="2c235aa9c5", 0x5) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0) syz_usb_control_io$cdc_ecm(r3, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0xc38, &(0x7f0000000dc0)=ANY=[]) 2.643006423s ago: executing program 4 (id=2505): socket$inet_tcp(0x2, 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f0000000140)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c0d23266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)={0x1}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x3}, {}, {0xeda7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x20000000, 0x3, 0xfffffffffffffffc, 0x0, 0x0, 0x2004cb, 0x3, 0x0, 0xfffffffffffffff8, 0x9, 0xfffffffffffff2a7, 0x2000000000003ff, 0x2], 0x0, 0x200306}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.19224989s ago: executing program 2 (id=2506): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4004000) recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) close_range(r8, 0xffffffffffffffff, 0x2) dup3(r4, r8, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10c4, 0xea90, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000a00)=@raw={'raw\x00', 0xc08, 0x3, 0x440, 0x310, 0x5002004a, 0xb, 0x310, 0xea13, 0x3a8, 0x3c8, 0x3c8, 0x3a8, 0x3c8, 0x3, 0x0, {[{{@ip={@multicast2, @private=0xa010101, 0xff, 0xffffffff, 'bridge0\x00', 'veth0_macvtap\x00', {}, {0xff}, 0x5c, 0x3, 0x2}, 0x0, 0x2c8, 0x310, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{}, {0x16}, {0x4}, {}, {}, {0x0, 0x0, 0x5e}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x6}, {0x0, 0x0, 0x4}, {}, {0x4, 0x8}, {}, {}, {0x1}, {0x0, 0x0, 0x0, 0x7f}, {0x0, 0x4}, {}, {}, {}, {0xfffc}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {0x0, 0x0, 0x40}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x80}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfd}]}}, @common=@inet=@socket3={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4a0) 1.729273966s ago: executing program 4 (id=2507): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000600)="e8700e444d50a969ff67ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026833629f2db4f767d3a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef00020000000000001f94c1568b13756b66f74f46cf801704d2da8b96c34070b233fcc4baeab984c92e289482216d18835dc1e50eadb929231ae328e2ada26ea76a4320040618ad3848360a2dbe4f33a591ea2e226040fe985fbfa5553c3980b916095ea415bc2e39578a343c5488377353936c921b4e215c5b37bb32e370df009f57076f17807befd7162a2f459083ac3d71ad85455dbb27c712018599c6b1dd67", 0x108}], 0x2}], 0x1, 0x20040901) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 1.567188617s ago: executing program 4 (id=2508): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$sock(r1, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000c00)="4fb81379ba", 0x5}], 0x1}, 0x4040088) 1.451716023s ago: executing program 4 (id=2509): socket$nl_route(0x10, 0x3, 0x0) socket$inet6(0xa, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4048019}, 0x20040840) write$P9_RXATTRWALK(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) prlimit64(0x0, 0x6, &(0x7f0000000140)={0x0, 0x4}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02080000040000000100000009000100000000", @ANYRES32, @ANYBLOB='\x00\x00'], 0x48) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) open$dir(&(0x7f0000000640)='./file0\x00', 0x149800, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000000), 0x560c89bb) poll(&(0x7f0000000140), 0x0, 0xa2b) creat(&(0x7f0000000200)='./file0\x00', 0x20) r2 = getpgid(0xffffffffffffffff) getpgrp(r2) sched_setaffinity(r2, 0x8, &(0x7f00000005c0)=0x3) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000500)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0xd82a9180, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) 437.480934ms ago: executing program 1 (id=2510): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000200)={'8255\x00', [0x8, 0xa, 0xffffffff, 0x401, 0x1, 0xcd7, 0xfff, 0x5c952399, 0x6, 0x3ff, 0xfffff000, 0x1600, 0xfffffffe, 0x1, 0x9, 0xe1cb, 0x7bbd, 0x4, 0x3, 0x396, 0x80000089, 0xfffffffe, 0x0, 0xfffffff1, 0xffffeadb, 0x3, 0x3e, 0x1, 0x208, 0x8000003, 0xdffffffa]}) 304.451832ms ago: executing program 4 (id=2511): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) mmap$fb(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x13, r2, 0xd8000) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000600)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 122.894952ms ago: executing program 4 (id=2512): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) keyctl$KEYCTL_PKEY_VERIFY(0x1c, 0x0, 0x0, 0x0, 0x0) keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, &(0x7f0000000080)=' hash=', 0x0) dup(0xffffffffffffffff) r3 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan1\x00'}) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000180)=0x1, 0xffffffffffffffff, 0x0, 0x1, 0x4}}, 0x20) 63.003795ms ago: executing program 3 (id=2513): r0 = socket$kcm(0x2a, 0x2, 0x0) r1 = socket$kcm(0x2a, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000001f80)={&(0x7f0000001d00)=@qipcrtr={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0x80, 0x0}, 0x0) recvmsg(r1, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x40002182) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x8917, 0x0) sendmsg$kcm(r0, &(0x7f0000001540)={&(0x7f0000000040)=@qipcrtr={0x2a, 0x1, 0x4000}, 0x80, 0x0}, 0x0) 0s ago: executing program 1 (id=2514): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0xffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1}, {}, 0x0, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x0, 0x33}, 0x0, @in6=@loopback, 0x0, 0x3, 0x0, 0xb7, 0x0, 0x8000000}}, 0xe8) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) kernel console output (not intermixed with test programs): " dev="loop2" ino=1048594 res=0 errno=0 [ 82.915065][ T5917] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 83.005271][ T5918] loop0: detected capacity change from 0 to 512 [ 83.278611][ T5917] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 83.396695][ T5918] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.16: bg 0: block 393: padding at end of block bitmap is not set [ 83.437069][ T5918] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6653: Corrupt filesystem [ 83.499468][ T5918] EXT4-fs (loop0): 2 truncates cleaned up [ 83.542418][ T5918] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.334435][ T5917] process 'syz.1.18' launched './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 84.610584][ T3471] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 84.736011][ T5923] syz.2.20 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 84.755403][ T5921] Driver unsupported XDP return value 0 on prog (id 2) dev N/A, expect packet loss! [ 85.036226][ T5764] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.264366][ T5932] loop3: detected capacity change from 0 to 256 [ 85.370479][ T5936] Zero length message leads to an empty skb [ 85.378976][ T5936] netlink: 'syz.1.21': attribute type 16 has an invalid length. [ 85.386797][ T5936] netlink: 'syz.1.21': attribute type 17 has an invalid length. [ 85.497302][ T5936] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.517951][ T5936] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.117702][ T5937] tmpfs: Bad value for 'huge' [ 86.260045][ T5932] FAT-fs (loop3): Directory bread(block 64) failed [ 86.266893][ T5932] FAT-fs (loop3): Directory bread(block 65) failed [ 86.276355][ T5932] FAT-fs (loop3): Directory bread(block 66) failed [ 86.289382][ T5932] FAT-fs (loop3): Directory bread(block 67) failed [ 86.296858][ T5932] FAT-fs (loop3): Directory bread(block 68) failed [ 86.697827][ T5932] FAT-fs (loop3): Directory bread(block 69) failed [ 86.792898][ T5944] loop1: detected capacity change from 0 to 512 [ 86.810314][ T5932] FAT-fs (loop3): Directory bread(block 70) failed [ 86.817025][ T5932] FAT-fs (loop3): Directory bread(block 71) failed [ 86.848431][ T5932] FAT-fs (loop3): Directory bread(block 72) failed [ 86.863562][ T5932] FAT-fs (loop3): Directory bread(block 73) failed [ 87.038115][ T5779] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 87.186096][ T5948] netlink: 24 bytes leftover after parsing attributes in process `syz.0.24'. [ 87.322385][ T5946] loop2: detected capacity change from 0 to 4096 [ 87.341973][ T5943] loop1: detected capacity change from 0 to 512 [ 87.789759][ T5943] EXT4-fs: Ignoring removed orlov option [ 87.828124][ T5943] EXT4-fs (loop1): Test dummy encryption mode enabled [ 87.847777][ T5943] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 87.923572][ T5946] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.944075][ T5943] EXT4-fs (loop1): 1 truncate cleaned up [ 87.985179][ T5943] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.031009][ T5946] fs-verity: sha512 using implementation "sha512-avx2" [ 88.417692][ T27] audit: type=1326 audit(1771126248.919:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5942 comm="syz.1.27" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f48ba19bf79 code=0x0 [ 88.477387][ T5946] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.466167][ T5957] loop0: detected capacity change from 0 to 40427 [ 89.492855][ T5957] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 89.523057][ T5957] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 89.591614][ T5957] F2FS-fs (loop0): Found nat_bits in checkpoint [ 89.742317][ T5957] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 89.754204][ T5957] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 89.879954][ T5767] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.223281][ T5764] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 90.243311][ T5764] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 90.264081][ T5764] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 90.288493][ T5764] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 90.309322][ T5764] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 90.317753][ T5764] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 90.325354][ T5764] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 92.318862][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 92.318925][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 92.335758][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 93.138069][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!! [ 93.147382][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 93.156360][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 93.547645][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 93.867837][ T5989] capability: warning: `syz.1.37' uses deprecated v2 capabilities in a way that may be insecure [ 94.326985][ T5989] loop1: detected capacity change from 0 to 512 [ 94.591552][ T5989] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 94.776907][ T5989] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 94.854405][ T5989] ext4 filesystem being mounted at /9/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 95.082393][ T5767] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.423910][ T6003] loop3: detected capacity change from 0 to 16 [ 95.452438][ T6003] erofs: (device loop3): mounted with root inode @ nid 36. [ 96.436755][ T6012] loop3: detected capacity change from 0 to 512 [ 96.939860][ T6015] loop1: detected capacity change from 0 to 512 [ 97.036286][ T6015] EXT4-fs (loop1): bad geometry: first data block 1 is beyond end of filesystem (1) [ 97.362297][ T5997] loop0: detected capacity change from 0 to 40427 [ 97.375514][ T5997] F2FS-fs (loop0): invalid crc value [ 97.403806][ T5997] F2FS-fs (loop0): Found nat_bits in checkpoint [ 97.691030][ T5997] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 98.108917][ T27] audit: type=1326 audit(1771126258.639:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6011 comm="syz.3.41" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1e6bb9bf79 code=0x0 [ 100.378818][ T5764] syz-executor: attempt to access beyond end of device [ 100.378818][ T5764] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 100.429672][ T5764] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 100.513184][ T6032] loop3: detected capacity change from 0 to 1024 [ 100.524589][ T6030] loop1: detected capacity change from 0 to 4096 [ 100.526739][ T6032] EXT4-fs: inline encryption not supported [ 100.548770][ T6032] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 100.623624][ T6030] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.662116][ T6032] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.681092][ T6030] EXT4-fs error (device loop1): ext4_do_update_inode:5248: inode #15: comm syz.1.47: corrupted inode contents [ 100.715751][ T6030] EXT4-fs error (device loop1): ext4_dirty_inode:6124: inode #15: comm syz.1.47: mark_inode_dirty error [ 100.778388][ T6039] EXT4-fs (loop1): shut down requested (1) [ 100.816145][ T6030] EXT4-fs error (device loop1): ext4_do_update_inode:5248: inode #15: comm syz.1.47: corrupted inode contents [ 101.694966][ T5767] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.966487][ T12] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 101.991095][ T12] Quota error (device loop1): write_blk: dquota write failed [ 102.022669][ T6044] loop0: detected capacity change from 0 to 1024 [ 102.042130][ T6044] EXT4-fs: Ignoring removed mblk_io_submit option [ 102.088175][ T12] Quota error (device loop1): free_dqentry: Can't write quota data block 5 [ 102.110864][ T5765] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.144738][ T6044] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.285927][ T5764] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.794129][ T6052] loop1: detected capacity change from 0 to 512 [ 102.808407][ T6052] EXT4-fs: Ignoring removed mblk_io_submit option [ 102.815044][ T6052] EXT4-fs: Ignoring removed mblk_io_submit option [ 102.842303][ T6054] loop0: detected capacity change from 0 to 1024 [ 102.861950][ T6052] EXT4-fs (loop1): Test dummy encryption mode enabled [ 102.871347][ T6052] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 103.149241][ T6054] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 103.162564][ T6052] EXT4-fs (loop1): 1 truncate cleaned up [ 103.174319][ T6054] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 103.200132][ T6052] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.297049][ T6061] loop3: detected capacity change from 0 to 128 [ 103.445484][ T27] audit: type=1800 audit(1771126263.949:6): pid=6061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.55" name="file1" dev="loop3" ino=1048596 res=0 errno=0 [ 110.108744][ T6034] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set [ 110.124490][ T27] audit: type=1800 audit(1771126270.629:7): pid=6054 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.53" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 110.228536][ T5764] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 110.242477][ T5767] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.456342][ T6076] loop0: detected capacity change from 0 to 1024 [ 110.508583][ T6078] loop1: detected capacity change from 0 to 512 [ 110.546472][ T6078] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 110.568837][ T6078] EXT4-fs (loop1): invalid journal inode [ 110.574913][ T6078] EXT4-fs (loop1): can't get journal size [ 110.631331][ T6078] EXT4-fs (loop1): 1 truncate cleaned up [ 110.652373][ T6078] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 110.678046][ T6076] ext4: Unknown parameter 'smackfsdef' [ 110.695595][ T6078] EXT4-fs warning (device loop1): verify_group_input:151: Cannot add at group 1073741833 (only 1 groups) [ 111.579493][ T5767] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.816893][ T6097] loop1: detected capacity change from 0 to 256 [ 111.828639][ T6097] exfat: Deprecated parameter 'namecase' [ 111.883728][ T6097] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x544194fd, utbl_chksum : 0xe619d30d) [ 113.141753][ T6112] loop1: detected capacity change from 0 to 128 [ 113.350576][ T6113] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 113.454152][ T27] audit: type=1800 audit(1771126273.809:8): pid=6112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.66" name="file1" dev="loop1" ino=1048597 res=0 errno=0 [ 114.025379][ T6117] loop3: detected capacity change from 0 to 512 [ 114.087292][ T6117] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 114.157679][ T6117] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 114.243455][ T6117] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a84ee02c, mo2=0002] [ 114.288048][ T6117] System zones: 1-12 [ 114.321111][ T6117] EXT4-fs (loop3): orphan cleanup on readonly fs [ 114.363789][ T6117] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.70: invalid indirect mapped block 2 (level 2) [ 114.444075][ T6117] EXT4-fs (loop3): Remounting filesystem read-only [ 114.478514][ T6117] EXT4-fs (loop3): 1 truncate cleaned up [ 114.495724][ T6117] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: writeback. [ 114.629289][ T6117] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.70: error -117 reading directory block [ 114.683258][ T5765] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 114.862964][ T6121] loop0: detected capacity change from 0 to 512 [ 114.892519][ T6121] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 114.982027][ T6121] EXT4-fs (loop0): 1 truncate cleaned up [ 115.019087][ T6121] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.282631][ T5764] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.503232][ T6142] loop0: detected capacity change from 0 to 1024 [ 115.520799][ T6142] ext4: Unknown parameter 'smackfsdef' [ 116.515839][ T6148] loop3: detected capacity change from 0 to 512 [ 116.571104][ T6148] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 116.602549][ T6148] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 116.648551][ T6148] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a84ee02c, mo2=0002] [ 116.675354][ T6148] System zones: 1-12 [ 116.682037][ T6148] EXT4-fs (loop3): orphan cleanup on readonly fs [ 116.690579][ T6148] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.82: invalid indirect mapped block 2 (level 2) [ 116.707130][ T6148] EXT4-fs (loop3): Remounting filesystem read-only [ 116.719835][ T6148] EXT4-fs (loop3): 1 truncate cleaned up [ 116.736911][ T6148] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: writeback. [ 116.910169][ T6156] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 117.102895][ T6160] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.82: error -117 reading directory block [ 117.425321][ T6146] loop1: detected capacity change from 0 to 40427 [ 117.927877][ T8] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 118.128477][ T5765] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 118.150269][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 118.165471][ T8] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 118.175409][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.242178][ T8] usb 2-1: config 0 descriptor?? [ 118.330981][ T6173] netlink: 24 bytes leftover after parsing attributes in process `syz.2.87'. [ 118.519736][ T968] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 119.027691][ T968] usb 4-1: Using ep0 maxpacket: 16 [ 119.043251][ T968] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 119.070154][ T968] usb 4-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 119.084289][ T968] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.300978][ T968] usb 4-1: Product: syz [ 119.305880][ T968] usb 4-1: Manufacturer: syz [ 119.310712][ T968] usb 4-1: SerialNumber: syz [ 119.319059][ T968] usb 4-1: config 0 descriptor?? [ 119.326288][ T968] hub 4-1:0.0: bad descriptor, ignoring hub [ 119.332735][ T968] hub: probe of 4-1:0.0 failed with error -5 [ 119.344718][ T968] usb 4-1: Quirk or no altest; falling back to MIDI 1.0 [ 119.503186][ T968] snd-usb-audio: probe of 4-1:0.0 failed with error -2 [ 120.090387][ T5906] udevd[5906]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 120.104015][ T8] keytouch 0003:0926:3333.0001: fixing up Keytouch IEC report descriptor [ 120.122647][ T8] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0001/input/input6 [ 120.203765][ T968] usb 4-1: USB disconnect, device number 2 [ 120.307952][ T8] keytouch 0003:0926:3333.0001: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 120.476695][ T968] usb 2-1: USB disconnect, device number 2 [ 120.590811][ T6189] loop0: detected capacity change from 0 to 4096 [ 120.644225][ T6189] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.058546][ T6194] loop3: detected capacity change from 0 to 1024 [ 121.066330][ T6194] ext4: Unknown parameter 'smackfsdef' [ 121.222096][ T5906] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 121.450370][ T6202] overlayfs: failed to clone upperpath [ 122.024018][ T5764] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.856092][ T6213] netlink: 24 bytes leftover after parsing attributes in process `syz.1.100'. [ 123.218711][ T8] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 123.484819][ T6217] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 124.117389][ T6221] binder: 6220:6221 ioctl c018620b 20000001ed80 returned -14 [ 124.174652][ T8] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 124.197703][ T8] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 124.228579][ T8] usb 1-1: config 1 has no interface number 0 [ 124.234969][ T8] usb 1-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 124.278691][ T8] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 124.297699][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.310297][ T8] usb 1-1: Product: syz [ 124.315545][ T8] usb 1-1: Manufacturer: syz [ 124.327548][ T8] usb 1-1: SerialNumber: syz [ 124.349899][ T8] cdc_ncm 1-1:1.1: NCM or ECM functional descriptors missing [ 124.368315][ T6228] netlink: 'syz.2.107': attribute type 4 has an invalid length. [ 124.376702][ T6228] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.107'. [ 124.393560][ T8] cdc_ncm 1-1:1.1: bind() failure [ 124.477989][ T6230] loop3: detected capacity change from 0 to 4096 [ 124.496563][ T6230] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 124.561714][ T5854] usb 1-1: USB disconnect, device number 2 [ 124.992530][ T6236] loop1: detected capacity change from 0 to 512 [ 125.000713][ T6236] EXT4-fs: Ignoring removed oldalloc option [ 125.006971][ T6236] EXT4-fs: Ignoring removed nomblk_io_submit option [ 125.027669][ T6236] EXT4-fs error (device loop1): ext4_expand_extra_isize_ea:2803: inode #11: comm syz.1.110: corrupted xattr block 95: invalid header [ 125.049430][ T6236] EXT4-fs (loop1): Remounting filesystem read-only [ 125.056236][ T6236] EXT4-fs warning (device loop1): ext4_evict_inode:255: couldn't mark inode dirty (err -5) [ 125.070072][ T6236] EXT4-fs (loop1): 1 orphan inode deleted [ 125.077956][ T6236] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 125.088065][ T5765] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.236616][ T6239] loop0: detected capacity change from 0 to 1024 [ 125.248791][ T6239] ext4: Unknown parameter 'smackfsdef' [ 125.265474][ T5767] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.590198][ T6245] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 126.437685][ T6247] netlink: 24 bytes leftover after parsing attributes in process `syz.3.111'. [ 127.396994][ T6250] loop1: detected capacity change from 0 to 256 [ 127.557185][ T6250] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3967cd3a, utbl_chksum : 0xe619d30d) [ 127.627216][ T27] audit: type=1800 audit(1771126288.149:9): pid=6250 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.114" name="file1" dev="loop1" ino=1048599 res=0 errno=0 [ 127.658969][ T6250] syz.1.114: attempt to access beyond end of device [ 127.658969][ T6250] loop1: rw=0, sector=295096, nr_sectors = 8 limit=256 [ 128.105189][ T6276] loop0: detected capacity change from 0 to 1024 [ 128.118900][ T6276] ext4: Unknown parameter 'smackfsdef' [ 128.864854][ T6282] netlink: 24 bytes leftover after parsing attributes in process `syz.1.124'. [ 129.440799][ T5906] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 129.764826][ T6287] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 130.677560][ T5873] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 130.797096][ T6305] loop3: detected capacity change from 0 to 4096 [ 130.831964][ T6305] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.857939][ T5873] usb 1-1: Using ep0 maxpacket: 16 [ 130.865649][ T5873] usb 1-1: config 0 has no interfaces? [ 130.872284][ T5873] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 130.872312][ T5873] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.872330][ T5873] usb 1-1: Product: syz [ 130.872344][ T5873] usb 1-1: Manufacturer: syz [ 130.872357][ T5873] usb 1-1: SerialNumber: syz [ 130.874310][ T5873] r8152-cfgselector 1-1: config 0 descriptor?? [ 130.973411][ T6305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.108793][ T5873] usbip-host 1-1: 1-1 is not in match_busid table... skip! [ 131.314117][ T5838] usb 1-1: USB disconnect, device number 3 [ 131.485761][ T6311] netlink: 24 bytes leftover after parsing attributes in process `syz.3.135'. [ 132.350083][ T6316] loop0: detected capacity change from 0 to 512 [ 132.378950][ T6316] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 132.420721][ T6319] netlink: 8 bytes leftover after parsing attributes in process `syz.3.138'. [ 132.508604][ T6316] loop0: detected capacity change from 512 to 0 [ 132.578357][ T6322] syz.0.137: attempt to access beyond end of device [ 132.578357][ T6322] loop0: rw=524288, sector=10, nr_sectors = 2 limit=0 [ 132.578487][ T6322] syz.0.137: attempt to access beyond end of device [ 132.578487][ T6322] loop0: rw=524288, sector=12, nr_sectors = 2 limit=0 [ 132.578535][ T6322] syz.0.137: attempt to access beyond end of device [ 132.578535][ T6322] loop0: rw=524288, sector=14, nr_sectors = 2 limit=0 [ 132.578584][ T6322] syz.0.137: attempt to access beyond end of device [ 132.578584][ T6322] loop0: rw=524288, sector=18, nr_sectors = 2 limit=0 [ 132.578627][ T6322] syz.0.137: attempt to access beyond end of device [ 132.578627][ T6322] loop0: rw=12288, sector=16, nr_sectors = 2 limit=0 [ 132.578653][ T6322] EXT4-fs error (device loop0): ext4_get_inode_loc:4627: inode #13: block 8: comm syz.0.137: unable to read itable block [ 132.578720][ T6322] syz.0.137: attempt to access beyond end of device [ 132.578720][ T6322] loop0: rw=145409, sector=2, nr_sectors = 2 limit=0 [ 132.578932][ T6322] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 132.578953][ T6322] EXT4-fs (loop0): I/O error while writing superblock [ 132.578968][ T6322] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5920: IO failure [ 132.579014][ T6322] syz.0.137: attempt to access beyond end of device [ 132.579014][ T6322] loop0: rw=145409, sector=2, nr_sectors = 2 limit=0 [ 132.579035][ T6322] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 132.579051][ T6322] EXT4-fs (loop0): I/O error while writing superblock [ 132.579075][ T6322] EXT4-fs error (device loop0): ext4_setattr:5602: inode #13: comm syz.0.137: mark_inode_dirty error [ 132.579122][ T6322] syz.0.137: attempt to access beyond end of device [ 132.579122][ T6322] loop0: rw=145409, sector=2, nr_sectors = 2 limit=0 [ 132.579143][ T6322] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 132.579159][ T6322] EXT4-fs (loop0): I/O error while writing superblock [ 132.579173][ T6322] EXT4-fs error (device loop0) in ext4_setattr:5663: IO failure [ 132.579329][ T6322] syz.0.137: attempt to access beyond end of device [ 132.579329][ T6322] loop0: rw=145409, sector=2, nr_sectors = 2 limit=0 [ 132.579350][ T6322] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 132.579365][ T6322] EXT4-fs (loop0): I/O error while writing superblock [ 132.993729][ T6316] syz.0.137: attempt to access beyond end of device [ 132.993729][ T6316] loop0: rw=12288, sector=26, nr_sectors = 2 limit=0 [ 132.994359][ T6316] EXT4-fs error (device loop0): __ext4_find_entry:1685: inode #2: comm syz.0.137: reading directory lblock 0 [ 132.994773][ T6316] syz.0.137: attempt to access beyond end of device [ 132.994773][ T6316] loop0: rw=145409, sector=2, nr_sectors = 2 limit=0 [ 132.994840][ T6316] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 132.994920][ T6316] EXT4-fs (loop0): I/O error while writing superblock [ 133.023645][ T6316] syz.0.137: attempt to access beyond end of device [ 133.023645][ T6316] loop0: rw=12288, sector=26, nr_sectors = 2 limit=0 [ 133.023772][ T6316] EXT4-fs error (device loop0): __ext4_find_entry:1685: inode #2: comm syz.0.137: reading directory lblock 0 [ 133.024929][ T6316] syz.0.137: attempt to access beyond end of device [ 133.024929][ T6316] loop0: rw=145409, sector=2, nr_sectors = 2 limit=0 [ 133.025002][ T6316] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 133.025298][ T6316] EXT4-fs (loop0): I/O error while writing superblock [ 133.068406][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.068518][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.459009][ T5764] syz-executor: attempt to access beyond end of device [ 133.459009][ T5764] loop0: rw=12288, sector=26, nr_sectors = 2 limit=0 [ 133.459101][ T5764] EXT4-fs warning (device loop0): htree_dirblock_to_tree:1083: inode #2: lblock 0: comm syz-executor: error -5 reading directory block [ 133.459194][ T5764] syz-executor: attempt to access beyond end of device [ 133.459194][ T5764] loop0: rw=524288, sector=12, nr_sectors = 2 limit=0 [ 133.459291][ T5764] syz-executor: attempt to access beyond end of device [ 133.459291][ T5764] loop0: rw=524288, sector=14, nr_sectors = 2 limit=0 [ 133.459334][ T5764] syz-executor: attempt to access beyond end of device [ 133.459334][ T5764] loop0: rw=524288, sector=16, nr_sectors = 2 limit=0 [ 133.459377][ T5764] syz-executor: attempt to access beyond end of device [ 133.459377][ T5764] loop0: rw=524288, sector=18, nr_sectors = 2 limit=0 [ 133.459415][ T5764] syz-executor: attempt to access beyond end of device [ 133.459415][ T5764] loop0: rw=12288, sector=10, nr_sectors = 2 limit=0 [ 133.459439][ T5764] EXT4-fs error (device loop0): ext4_get_inode_loc:4627: inode #2: block 5: comm syz-executor: unable to read itable block [ 133.459540][ T5764] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 133.459558][ T5764] EXT4-fs (loop0): I/O error while writing superblock [ 133.459571][ T5764] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5920: IO failure [ 133.459611][ T5764] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 133.459626][ T5764] EXT4-fs (loop0): I/O error while writing superblock [ 133.459638][ T5764] EXT4-fs error (device loop0): ext4_dirty_inode:6124: inode #2: comm syz-executor: mark_inode_dirty error [ 133.459682][ T5764] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 133.459697][ T5764] EXT4-fs (loop0): I/O error while writing superblock [ 133.539273][ T12] EXT4-fs warning (device loop0): ext4_end_bio:357: I/O error 10 writing to inode 13 starting block 25) [ 133.860798][ T12] Buffer I/O error on device loop0, logical block 25 [ 133.861750][ T12] EXT4-fs error (device loop0): __ext4_get_inode_loc_noinmem:4612: inode #13: block 8: comm kworker/u4:1: unable to read itable block [ 133.861957][ T12] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 134.960087][ T2966] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.149859][ T6342] netlink: 24 bytes leftover after parsing attributes in process `syz.1.145'. [ 135.320148][ T2966] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.434552][ T6347] process '/newroot/43/file0' started with executable stack [ 136.365619][ T2966] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.693976][ T6357] loop1: detected capacity change from 0 to 128 [ 137.963705][ T2966] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.452865][ T5777] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 138.464809][ T5777] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 138.477508][ T5777] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 138.485857][ T5777] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 138.494266][ T5777] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 139.459273][ T5777] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 139.852053][ T6378] netlink: 24 bytes leftover after parsing attributes in process `syz.3.158'. [ 141.481564][ T6365] chnl_net:caif_netlink_parms(): no params data found [ 141.527903][ T5778] Bluetooth: hci3: command tx timeout [ 143.457723][ T6365] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.466148][ T6428] xt_CT: No such helper "pptp" [ 143.495459][ T6365] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.527178][ T6365] bridge_slave_0: entered allmulticast mode [ 143.558533][ T6365] bridge_slave_0: entered promiscuous mode [ 143.579869][ T6365] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.607406][ T6365] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.614706][ T5778] Bluetooth: hci3: command tx timeout [ 143.622929][ T6365] bridge_slave_1: entered allmulticast mode [ 143.651340][ T6365] bridge_slave_1: entered promiscuous mode [ 143.722680][ T6365] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 143.794460][ T6365] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 144.023404][ T6365] team0: Port device team_slave_0 added [ 144.063320][ T6365] team0: Port device team_slave_1 added [ 144.187916][ T6365] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 144.196610][ T6365] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 144.225344][ T6365] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 144.358325][ T6365] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 144.404482][ T6365] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 144.484516][ T6365] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 144.554475][ T2966] hsr_slave_0: left promiscuous mode [ 144.599823][ T2966] hsr_slave_1: left promiscuous mode [ 144.632710][ T2966] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 144.672472][ T2966] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 144.709740][ T2966] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 144.742715][ T2966] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 144.779573][ T2966] bridge_slave_1: left allmulticast mode [ 144.802394][ T2966] bridge_slave_1: left promiscuous mode [ 144.827476][ T2966] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.892484][ T2966] bridge_slave_0: left allmulticast mode [ 144.919962][ T2966] bridge_slave_0: left promiscuous mode [ 144.946630][ T2966] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.086232][ T2966] veth1_macvtap: left promiscuous mode [ 145.106069][ T2966] veth0_macvtap: left promiscuous mode [ 145.136479][ T2966] veth1_vlan: left promiscuous mode [ 145.161640][ T2966] veth0_vlan: left promiscuous mode [ 145.687585][ T5778] Bluetooth: hci3: command tx timeout [ 148.287636][ T5778] Bluetooth: hci3: command tx timeout [ 149.593430][ T6495] xt_hashlimit: size too large, truncated to 1048576 [ 149.644296][ T2966] team0 (unregistering): Port device team_slave_1 removed [ 149.746195][ T2966] team0 (unregistering): Port device team_slave_0 removed [ 149.820603][ T2966] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 149.897154][ T2966] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 150.429162][ T2966] bond0 (unregistering): Released all slaves [ 150.672720][ T6365] hsr_slave_0: entered promiscuous mode [ 150.706730][ T6365] hsr_slave_1: entered promiscuous mode [ 150.719523][ T6365] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 150.727132][ T6365] Cannot create hsr debugfs directory [ 152.175722][ T6365] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 152.240959][ T6365] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 152.301551][ T6365] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 153.297882][ T6365] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 154.849527][ T6365] 8021q: adding VLAN 0 to HW filter on device bond0 [ 154.936493][ T6365] 8021q: adding VLAN 0 to HW filter on device team0 [ 155.313672][ T2966] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.320952][ T2966] bridge0: port 1(bridge_slave_0) entered forwarding state [ 155.799953][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.807154][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.021285][ T6552] fuse: Bad value for 'fd' [ 156.116842][ T6365] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 159.088484][ T6365] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 162.652448][ T6365] veth0_vlan: entered promiscuous mode [ 162.708997][ T6365] veth1_vlan: entered promiscuous mode [ 162.849360][ T6365] veth0_macvtap: entered promiscuous mode [ 162.900869][ T6365] veth1_macvtap: entered promiscuous mode [ 162.982864][ T6365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.034345][ T6365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.075064][ T6365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.121313][ T6365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.156455][ T6365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.210562][ T6365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.279229][ T6365] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 163.360998][ T6365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.434975][ T6365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.497614][ T6365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.557484][ T6365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.579239][ T6629] overlayfs: failed to clone upperpath [ 163.597517][ T6365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.616210][ T6365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.649576][ T6365] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 163.683662][ T6365] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.709881][ T6365] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.723566][ T6365] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.734728][ T6365] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.999749][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.038713][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.145019][ T1006] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.179189][ T1006] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.478828][ T6652] loop4: detected capacity change from 0 to 512 [ 164.622702][ T6652] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 164.666016][ T6652] ext4 filesystem being mounted at /0/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 164.933821][ T6663] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 167.091287][ T6365] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.454718][ T6676] netlink: 24 bytes leftover after parsing attributes in process `syz.1.218'. [ 168.214835][ T6680] loop4: detected capacity change from 0 to 256 [ 168.275919][ T6680] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 168.342154][ T6680] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 168.417928][ T6680] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 172.759589][ T6711] overlayfs: failed to clone upperpath [ 173.852797][ T6725] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 175.079065][ T6738] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 180.320974][ T6777] loop4: detected capacity change from 0 to 4096 [ 180.498013][ T6777] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 181.375669][ T6365] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.137601][ T6813] loop4: detected capacity change from 0 to 512 [ 183.349675][ T6813] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm syz.4.242: bg 0: block 393: padding at end of block bitmap is not set [ 183.399497][ T6813] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6653: Corrupt filesystem [ 183.420863][ T6813] EXT4-fs (loop4): 2 truncates cleaned up [ 183.433035][ T6813] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 185.682916][ T6365] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.137895][ T6838] netlink: 24 bytes leftover after parsing attributes in process `syz.4.246'. [ 188.445566][ T6849] loop4: detected capacity change from 0 to 4096 [ 188.491625][ T6849] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 188.774877][ T6365] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.447785][ T5777] Bluetooth: hci0: command 0x0406 tx timeout [ 192.752132][ T6881] netlink: 24 bytes leftover after parsing attributes in process `syz.1.257'. [ 192.982456][ T6894] loop4: detected capacity change from 0 to 512 [ 193.172418][ T6894] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm syz.4.256: bg 0: block 393: padding at end of block bitmap is not set [ 193.193846][ T6894] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6653: Corrupt filesystem [ 193.207109][ T6894] EXT4-fs (loop4): 2 truncates cleaned up [ 193.221060][ T6894] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 193.298612][ T6903] 9pnet_fd: Insufficient options for proto=fd [ 194.497953][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.504356][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.570084][ T5773] Bluetooth: hci1: command 0x0406 tx timeout [ 196.650588][ T5777] Bluetooth: hci2: command 0x0406 tx timeout [ 196.778795][ T6943] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 200.604558][ T6365] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.022985][ T7013] netlink: 24 bytes leftover after parsing attributes in process `syz.1.276'. [ 202.880386][ T7025] loop4: detected capacity change from 0 to 16 [ 202.982401][ T7025] erofs: (device loop4): mounted with root inode @ nid 36. [ 203.082125][ T7025] erofs: (device loop4): erofs_fill_dentries: bogus dirent @ nid 36 [ 204.501156][ T7036] loop4: detected capacity change from 0 to 512 [ 204.583934][ T7039] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 204.916492][ T7036] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 204.969062][ T7036] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 204.986300][ T7036] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a84ee02c, mo2=0002] [ 205.005642][ T7036] System zones: 1-12 [ 205.015155][ T7036] EXT4-fs (loop4): orphan cleanup on readonly fs [ 205.022925][ T7036] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.283: invalid indirect mapped block 2 (level 2) [ 205.138085][ T7036] EXT4-fs (loop4): Remounting filesystem read-only [ 205.171355][ T7036] EXT4-fs (loop4): 1 truncate cleaned up [ 205.202871][ T7036] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: writeback. [ 208.737554][ T7070] netlink: 24 bytes leftover after parsing attributes in process `syz.1.288'. [ 210.915471][ T6365] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 211.653587][ T7116] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 214.754014][ T7122] netlink: 24 bytes leftover after parsing attributes in process `syz.4.299'. [ 216.084279][ T7161] loop4: detected capacity change from 0 to 4096 [ 216.344655][ T7161] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 216.693278][ T6365] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.776652][ T7175] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 217.572851][ T7180] loop4: detected capacity change from 0 to 1024 [ 217.605797][ T7180] EXT4-fs: inline encryption not supported [ 217.651841][ T7180] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 217.814787][ T7180] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 218.794095][ T6365] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.538257][ T7219] loop4: detected capacity change from 0 to 512 [ 221.601711][ T7219] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 221.645326][ T7219] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 221.768080][ T7219] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a84ee02c, mo2=0002] [ 221.776141][ T7219] System zones: 1-12 [ 221.810722][ T7219] EXT4-fs (loop4): orphan cleanup on readonly fs [ 221.840893][ T7219] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.322: invalid indirect mapped block 2 (level 2) [ 221.907109][ T7219] EXT4-fs (loop4): Remounting filesystem read-only [ 221.921846][ T7219] EXT4-fs (loop4): 1 truncate cleaned up [ 222.086232][ T7219] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: writeback. [ 224.133920][ T7257] EXT4-fs warning (device loop4): dx_probe:823: inode #2: lblock 0: comm syz.4.322: error -117 reading directory block [ 224.256552][ T7259] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 226.884486][ T6365] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 228.499344][ T7303] loop4: detected capacity change from 0 to 512 [ 228.602775][ T7303] EXT4-fs (loop4): bad geometry: first data block 1 is beyond end of filesystem (1) [ 231.014107][ T7322] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 233.112286][ T7329] loop4: detected capacity change from 0 to 40427 [ 233.159324][ T7329] F2FS-fs (loop4): invalid crc value [ 233.170337][ T7329] F2FS-fs (loop4): Found nat_bits in checkpoint [ 234.001755][ T7329] F2FS-fs (loop4): Start checkpoint disabled! [ 234.077854][ T7329] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 234.987617][ T3471] bio_check_eod: 17 callbacks suppressed [ 234.987634][ T3471] kworker/u4:9: attempt to access beyond end of device [ 234.987634][ T3471] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 235.054085][ T3471] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 235.091687][ T3471] kworker/u4:9: attempt to access beyond end of device [ 235.091687][ T3471] loop4: rw=2049, sector=40992, nr_sectors = 8 limit=40427 [ 235.496511][ T3471] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 236.926439][ T7368] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 242.406123][ T7422] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 244.016818][ T7431] loop4: detected capacity change from 0 to 4096 [ 244.108971][ T7431] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 244.293601][ T7431] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 247.085684][ T7455] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 251.364734][ T7488] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 255.948080][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.956292][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.122207][ T7529] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 260.264995][ T7574] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 261.912118][ T7590] overlayfs: failed to resolve './file0': -2 [ 263.287646][ T5778] Bluetooth: hci3: command 0x0406 tx timeout [ 263.385657][ T7611] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 268.357647][ T7643] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 273.016614][ T7673] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 277.230765][ T7709] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 282.996101][ T7756] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 285.237798][ T7805] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 285.681567][ T7815] tipc: Started in network mode [ 285.687253][ T7815] tipc: Node identity 4, cluster identity 4711 [ 285.687789][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 285.693798][ T7815] tipc: Node number set to 4 [ 289.112935][ T7855] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 296.503191][ T7923] netlink: 28 bytes leftover after parsing attributes in process `syz.2.542'. [ 296.519572][ T7923] netlink: 28 bytes leftover after parsing attributes in process `syz.2.542'. [ 296.582183][ T7923] ip6gretap0: entered promiscuous mode [ 296.602489][ T7923] syz_tun: entered promiscuous mode [ 298.111278][ T7942] netlink: 16 bytes leftover after parsing attributes in process `syz.2.547'. [ 298.573525][ T7950] netlink: 60 bytes leftover after parsing attributes in process `syz.2.549'. [ 298.582778][ T7950] netlink: 60 bytes leftover after parsing attributes in process `syz.2.549'. [ 298.596533][ T7950] netlink: 8 bytes leftover after parsing attributes in process `syz.2.549'. [ 298.616153][ T7950] vlan2: entered promiscuous mode [ 298.653751][ T7950] netlink: 60 bytes leftover after parsing attributes in process `syz.2.549'. [ 298.663605][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 299.576279][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 299.986216][ T7957] delete_channel: no stack [ 310.152484][ T8068] netlink: 20 bytes leftover after parsing attributes in process `syz.4.590'. [ 312.946980][ T8095] Option ' ÜÛPu©ª¡´ià ' to dns_resolver key: bad/missing value [ 313.043186][ T8100] netlink: 36 bytes leftover after parsing attributes in process `syz.1.601'. [ 314.143769][ C0] hrtimer: interrupt took 47577 ns [ 318.087046][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.093559][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 320.113999][ T8176] ufs: You didn't specify the type of your ufs filesystem [ 320.113999][ T8176] [ 320.113999][ T8176] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 320.113999][ T8176] [ 320.113999][ T8176] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 320.186661][ T8176] ufs: ufstype=old is supported read-only [ 320.196063][ T8176] syz.4.628: attempt to access beyond end of device [ 320.196063][ T8176] loop9: rw=0, sector=16, nr_sectors = 2 limit=0 [ 321.707336][ T8198] xt_CT: No such helper "pptp" [ 321.768066][ T8208] 9pnet_fd: Insufficient options for proto=fd [ 324.356799][ T8248] netlink: 12 bytes leftover after parsing attributes in process `syz.3.656'. [ 324.473935][ T8252] fuse: Bad value for 'fd' [ 327.502288][ T8274] 9pnet_fd: Insufficient options for proto=fd [ 331.304547][ T8289] syz.4.668 (8289) used greatest stack depth: 17384 bytes left [ 334.072223][ T8308] xt_CT: No such helper "pptp" [ 336.818828][ T5777] Bluetooth: hci0: SCO packet for unknown connection handle 1 [ 337.592345][ T8335] autofs4:pid:8335:autofs_fill_super: called with bogus options [ 339.366879][ T8364] syz.1.691 uses obsolete (PF_INET,SOCK_PACKET) [ 340.475795][ T8378] overlayfs: failed to clone upperpath [ 341.221677][ T8392] fuse: Bad value for 'fd' [ 344.630162][ T8465] fuse: Bad value for 'fd' [ 352.294226][ T8536] fuse: Bad value for 'fd' [ 354.416298][ T8578] Option ' ÜÛPu©ª¡´ià ' to dns_resolver key: bad/missing value [ 355.096144][ T8589] fuse: Bad value for 'fd' [ 356.468857][ T8610] Option ' ÜÛPu©ª¡´ià ' to dns_resolver key: bad/missing value [ 361.031814][ T8649] 9pnet_fd: Insufficient options for proto=fd [ 364.932502][ T8692] fuse: Bad value for 'fd' [ 366.950041][ T8703] Option ' ÜÛPu©ª¡´ià ' to dns_resolver key: bad/missing value [ 367.050888][ T8711] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 367.066489][ T8711] netlink: 44 bytes leftover after parsing attributes in process `syz.3.803'. [ 367.097722][ T8708] netlink: 36 bytes leftover after parsing attributes in process `syz.2.796'. [ 368.928638][ T8740] Option ' ÜÛPu©ª¡´ià ' to dns_resolver key: bad/missing value [ 369.011412][ T8741] netlink: 36 bytes leftover after parsing attributes in process `syz.4.814'. [ 370.030744][ T8754] netlink: 12 bytes leftover after parsing attributes in process `syz.4.817'. [ 370.089268][ T8754] 8021q: adding VLAN 0 to HW filter on device bond1 [ 370.284131][ T8758] bond1: Unable to set up delay as MII monitoring is disabled [ 370.378071][ T8764] trusted_key: syz.2.816 sent an empty control message without MSG_MORE. [ 371.734427][ T27] audit: type=1326 audit(1771126528.313:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8766 comm="syz.3.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e6bb9bf79 code=0x7ffc0000 [ 371.813793][ T27] audit: type=1326 audit(1771126528.313:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8766 comm="syz.3.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e6bb9bf79 code=0x7ffc0000 [ 371.871215][ T27] audit: type=1326 audit(1771126528.351:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8766 comm="syz.3.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1e6bb9bf79 code=0x7ffc0000 [ 371.899771][ T27] audit: type=1326 audit(1771126528.351:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8766 comm="syz.3.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e6bb9bf79 code=0x7ffc0000 [ 371.931817][ T27] audit: type=1326 audit(1771126528.351:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8766 comm="syz.3.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f1e6bb9bf79 code=0x7ffc0000 [ 371.958793][ T27] audit: type=1326 audit(1771126528.351:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8766 comm="syz.3.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e6bb9bf79 code=0x7ffc0000 [ 371.985609][ T27] audit: type=1326 audit(1771126528.351:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8766 comm="syz.3.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1e6bb9bf79 code=0x7ffc0000 [ 372.042449][ T27] audit: type=1326 audit(1771126528.351:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8766 comm="syz.3.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e6bb9bf79 code=0x7ffc0000 [ 372.074741][ T27] audit: type=1326 audit(1771126528.351:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8766 comm="syz.3.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1e6bb9bf79 code=0x7ffc0000 [ 372.154791][ T27] audit: type=1326 audit(1771126528.351:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8766 comm="syz.3.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e6bb9bf79 code=0x7ffc0000 [ 376.009632][ T8820] capability: warning: `syz.1.830' uses 32-bit capabilities (legacy support in use) [ 376.121623][ T8824] fuse: Bad value for 'fd' [ 379.601905][ T8872] vlan0: mtu greater than device maximum [ 383.509816][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.519516][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.580523][ T8923] netlink: 8 bytes leftover after parsing attributes in process `syz.1.875'. [ 385.662424][ T8924] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 412.481442][ T9129] netlink: 'syz.1.937': attribute type 6 has an invalid length. [ 412.527442][ T9129] netlink: 14585 bytes leftover after parsing attributes in process `syz.1.937'. [ 413.366388][ T9135] netlink: 8 bytes leftover after parsing attributes in process `syz.4.940'. [ 422.764755][ T9213] io-wq is not configured for unbound workers [ 427.561187][ T9266] netlink: 'syz.3.981': attribute type 3 has an invalid length. [ 427.960105][ T9280] Option ' ÜÛPu©ª¡´ià ' to dns_resolver key: bad/missing value [ 427.994453][ T9280] netlink: 36 bytes leftover after parsing attributes in process `syz.4.986'. [ 430.414945][ T9314] mmap: syz.1.1000 (9314) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 430.850910][ T9319] Option ' ÜÛPu©ª¡´ià ' to dns_resolver key: bad/missing value [ 430.875945][ T9319] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1002'. [ 434.928175][ T9353] Option ' ÜÛPu©ª¡´ià ' to dns_resolver key: bad/missing value [ 435.260196][ T9359] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1011'. [ 437.780152][ T9392] fuse: Bad value for 'fd' [ 438.699999][ T9401] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1026'. [ 441.112061][ T9436] fuse: Bad value for 'fd' [ 441.662743][ T9433] xt_CT: No such helper "pptp" [ 443.125172][ T9449] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 443.375177][ T9457] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1040'. [ 446.963802][ T9491] xt_CT: No such helper "pptp" [ 449.224713][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 449.231826][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 449.446278][ T9506] geneve2: entered promiscuous mode [ 452.622283][ T9544] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1070'. [ 454.036645][ T9570] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1081'. [ 454.730194][ T9588] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1086'. [ 458.424804][ T9605] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1094'. [ 461.821082][ T9653] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1109'. [ 462.964705][ T8] IPVS: starting estimator thread 0... [ 463.096333][ T9665] IPVS: using max 20 ests per chain, 48000 per kthread [ 463.121354][ T9672] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1119'. [ 463.143222][ T9672] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1119'. [ 463.570161][ T9685] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1124'. [ 464.919974][ T9699] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1125'. [ 472.448184][ T9847] netlink: 4456 bytes leftover after parsing attributes in process `syz.2.1186'. [ 472.756260][ T9855] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1190'. [ 474.433861][ T9882] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1200'. [ 477.110896][ T9907] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1210'. [ 478.579271][ T9930] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1217'. [ 480.131846][ T9947] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1223'. [ 480.560034][ T9958] geneve2: entered promiscuous mode [ 480.935700][ T9967] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1231'. [ 481.064229][ T9974] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1234'. [ 482.254392][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 482.254405][ T27] audit: type=1326 audit(2000000005.004:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9985 comm="syz.3.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e6bb9bf79 code=0x7ffc0000 [ 482.334065][ T27] audit: type=1326 audit(2000000005.032:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9985 comm="syz.3.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1e6bb9bf79 code=0x7ffc0000 [ 482.379951][ T27] audit: type=1326 audit(2000000005.032:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9985 comm="syz.3.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e6bb9bf79 code=0x7ffc0000 [ 482.446397][ T27] audit: type=1326 audit(2000000005.032:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9985 comm="syz.3.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1e6bb9bf79 code=0x7ffc0000 [ 482.531876][ T27] audit: type=1326 audit(2000000005.032:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9985 comm="syz.3.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e6bb9bf79 code=0x7ffc0000 [ 482.586028][ T27] audit: type=1326 audit(2000000005.032:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9985 comm="syz.3.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f1e6bb9bf79 code=0x7ffc0000 [ 482.621901][ T5777] Bluetooth: hci1: unexpected event for opcode 0x0419 [ 482.677350][ T27] audit: type=1326 audit(2000000005.041:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9985 comm="syz.3.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e6bb9bf79 code=0x7ffc0000 [ 482.700385][ T27] audit: type=1326 audit(2000000005.041:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9985 comm="syz.3.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1e6bb9bf79 code=0x7ffc0000 [ 482.723252][ T27] audit: type=1326 audit(2000000005.041:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9985 comm="syz.3.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e6bb9bf79 code=0x7ffc0000 [ 482.746465][ T27] audit: type=1326 audit(2000000005.041:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9985 comm="syz.3.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e6bb9bf79 code=0x7ffc0000 [ 482.876211][T10004] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1246'. [ 483.089797][T10010] geneve2: entered promiscuous mode [ 483.207203][T10015] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1252'. [ 483.298681][T10019] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1254'. [ 483.701849][T10036] warning: `syz.1.1262' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 484.756676][T10040] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1263'. [ 486.440157][T10063] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1271'. [ 486.693418][T10066] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1274'. [ 487.912807][T10079] xt_CT: No such helper "pptp" [ 488.064537][T10087] netlink: 'syz.2.1282': attribute type 83 has an invalid length. [ 488.138650][T10091] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1284'. [ 488.389886][T10105] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1290'. [ 489.396128][T10117] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1294'. [ 490.314534][T10135] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1302'. [ 490.660961][T10139] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1304'. [ 493.031946][T10168] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1314'. [ 495.536408][T10182] fuse: Bad value for 'fd' [ 497.022986][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 497.023004][ T27] audit: type=1326 audit(2000000018.810:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10208 comm="syz.1.1326" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f48ba19bf79 code=0x0 [ 497.147211][T10214] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1317'. [ 497.858755][T10234] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1336'. [ 499.261568][T10267] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1346'. [ 502.111439][T10299] overlayfs: failed to clone upperpath [ 502.173632][T10302] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1358'. [ 504.767371][T10344] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1375'. [ 506.173762][T10379] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1388'. [ 506.260258][T10381] trusted_key: encrypted_key: insufficient parameters specified [ 510.783696][ T5777] Bluetooth: hci1: unexpected event for opcode 0x0c7b [ 511.667569][T10457] fuse: Bad value for 'fd' [ 513.721888][ T9] IPVS: starting estimator thread 0... [ 513.834383][T10470] IPVS: using max 24 ests per chain, 57600 per kthread [ 514.903482][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 514.909863][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 516.468265][T10498] fuse: Bad value for 'fd' [ 518.588130][T10513] IPVS: sync thread started: state = MASTER, mcast_ifn = sit0, syncid = 4, id = 0 [ 519.621240][T10535] fuse: Bad value for 'fd' [ 522.049019][T10547] xt_CT: No such helper "pptp" [ 523.156321][T10561] hsr0: VLAN not yet supported [ 524.256412][T10589] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1462'. [ 524.557155][T10605] sctp: [Deprecated]: syz.1.1468 (pid 10605) Use of int in max_burst socket option deprecated. [ 524.557155][T10605] Use struct sctp_assoc_value instead [ 525.675292][T10619] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1473'. [ 526.070497][T10633] netlink: 'syz.4.1480': attribute type 30 has an invalid length. [ 526.078741][T10633] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1480'. [ 537.198841][T10789] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1530'. [ 538.002809][T10795] netlink: 'syz.3.1532': attribute type 3 has an invalid length. [ 538.563784][T10798] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1533'. [ 540.265153][T10840] 9pnet_fd: Insufficient options for proto=fd [ 542.035915][T10874] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1564'. [ 546.156809][T10931] xt_CT: No such helper "pptp" [ 547.270946][T10960] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1592'. [ 548.706091][T10973] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1596'. [ 550.566082][T11002] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1606'. [ 550.729629][T11014] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1605'. [ 551.413093][T11019] xt_CT: No such helper "pptp" [ 551.633665][T11030] netlink: 'syz.4.1615': attribute type 3 has an invalid length. [ 551.802441][T11034] fuse: Bad value for 'fd' [ 552.646066][T11037] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1617'. [ 552.937410][T11055] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1622'. [ 553.886802][T11062] netlink: 'syz.1.1626': attribute type 1 has an invalid length. [ 553.895008][T11062] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1626'. [ 554.812505][T11072] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1629'. [ 555.039420][T11084] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1637'. [ 555.315967][T11093] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1635'. [ 557.075897][T11108] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1643'. [ 557.103194][T11109] fuse: Bad value for 'fd' [ 558.168558][T11115] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1646'. [ 559.291435][T11130] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1649'. [ 559.918274][T11142] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1654'. [ 560.997404][T11151] fuse: Bad value for 'fd' [ 561.089710][T11156] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1660'. [ 561.384255][T11166] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1662'. [ 562.201753][T11172] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1665'. [ 563.291046][T11185] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1671'. [ 563.937859][T11197] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1674'. [ 564.543212][T11204] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1676'. [ 564.865458][T11215] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1681'. [ 565.017741][T11223] fuse: Bad value for 'fd' [ 565.287169][T11226] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1685'. [ 565.454903][T11234] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1688'. [ 565.968413][T11242] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1692'. [ 566.123550][T11252] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1696'. [ 567.359410][T11277] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1705'. [ 568.110641][T11281] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1706'. [ 569.257836][T11297] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1714'. [ 569.646425][T11311] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1720'. [ 569.749434][T11319] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1723'. [ 570.122930][T11333] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1728'. [ 571.926174][T11343] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1731'. [ 572.151544][ T27] audit: type=1326 audit(2000000089.087:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11350 comm="syz.1.1737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48ba19bf79 code=0x7ffc0000 [ 572.204642][ T27] audit: type=1326 audit(2000000089.087:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11350 comm="syz.1.1737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48ba19bf79 code=0x7ffc0000 [ 572.280568][ T27] audit: type=1326 audit(2000000089.096:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11350 comm="syz.1.1737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48ba19bf79 code=0x7ffc0000 [ 572.326221][ T27] audit: type=1326 audit(2000000089.096:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11350 comm="syz.1.1737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48ba19bf79 code=0x7ffc0000 [ 572.382727][ T27] audit: type=1326 audit(2000000089.096:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11350 comm="syz.1.1737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f48ba19bf79 code=0x7ffc0000 [ 572.416469][ T27] audit: type=1326 audit(2000000089.096:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11350 comm="syz.1.1737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48ba19bf79 code=0x7ffc0000 [ 572.441719][ T27] audit: type=1326 audit(2000000089.096:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11350 comm="syz.1.1737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48ba19bf79 code=0x7ffc0000 [ 572.468021][ T27] audit: type=1326 audit(2000000089.096:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11350 comm="syz.1.1737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48ba19bf79 code=0x7ffc0000 [ 572.494980][ T27] audit: type=1326 audit(2000000089.096:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11350 comm="syz.1.1737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48ba19bf79 code=0x7ffc0000 [ 572.535043][ T27] audit: type=1326 audit(2000000089.096:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11350 comm="syz.1.1737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f48ba19bf79 code=0x7ffc0000 [ 572.858908][T11362] 9pnet_fd: Insufficient options for proto=fd [ 572.876075][T11366] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1732'. [ 572.977787][T11369] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1743'. [ 574.067990][T11391] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1752'. [ 574.229028][T11396] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1754'. [ 574.369705][T11400] tipc: Started in network mode [ 574.385617][T11400] tipc: Node identity 80000001, cluster identity 4711 [ 574.403355][T11400] tipc: Node number set to 2147483649 [ 574.414384][T11400] tipc: Cannot configure node identity twice [ 579.766379][T11491] netlink: 'syz.2.1794': attribute type 2 has an invalid length. [ 581.610008][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 581.616991][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 581.931913][T11515] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1800'. [ 582.145600][ T5777] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 582.155662][ T5777] CPU: 0 PID: 5777 Comm: kworker/u5:5 Not tainted syzkaller #0 [ 582.163233][ T5777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 582.173312][ T5777] Workqueue: hci3 hci_rx_work [ 582.178036][ T5777] Call Trace: [ 582.181336][ T5777] [ 582.184277][ T5777] dump_stack_lvl+0x18c/0x250 [ 582.189002][ T5777] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 582.194745][ T5777] ? show_regs_print_info+0x20/0x20 [ 582.200050][ T5777] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 582.205795][ T5777] sysfs_create_dir_ns+0x26e/0x2a0 [ 582.211001][ T5777] ? sysfs_warn_dup+0xa0/0xa0 [ 582.215749][ T5777] ? do_raw_spin_unlock+0x121/0x230 [ 582.221039][ T5777] kobject_add_internal+0x61c/0xcc0 [ 582.226317][ T5777] kobject_add+0x164/0x240 [ 582.230798][ T5777] ? kobject_init+0x1e0/0x1e0 [ 582.235570][ T5777] ? _raw_spin_unlock+0x3a/0x40 [ 582.240477][ T5777] ? get_device_parent+0x366/0x390 [ 582.245683][ T5777] device_add+0x408/0xc20 [ 582.250097][ T5777] hci_conn_add_sysfs+0xd5/0x1e0 [ 582.255120][ T5777] le_conn_complete_evt+0xf5d/0x1540 [ 582.260523][ T5777] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 582.266890][ T5777] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 582.272597][ T5777] ? lockdep_hardirqs_on+0x98/0x150 [ 582.277871][ T5777] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 582.283582][ T5777] hci_le_enh_conn_complete_evt+0x189/0x460 [ 582.289608][ T5777] ? hci_remote_host_features_evt+0x150/0x150 [ 582.295749][ T5777] hci_event_packet+0x7ba/0x1270 [ 582.300817][ T5777] ? bis_list+0x290/0x290 [ 582.305255][ T5777] ? kcov_remote_start+0x2b/0x7e0 [ 582.310385][ T5777] ? hci_send_to_monitor+0xd7/0x4f0 [ 582.315714][ T5777] hci_rx_work+0x43a/0xd60 [ 582.320242][ T5777] ? process_scheduled_works+0x96f/0x15d0 [ 582.326063][ T5777] process_scheduled_works+0xa5d/0x15d0 [ 582.331728][ T5777] ? assign_work+0x430/0x430 [ 582.336424][ T5777] ? assign_work+0x3d0/0x430 [ 582.341112][ T5777] worker_thread+0xa55/0xfc0 [ 582.345803][ T5777] kthread+0x2fa/0x390 [ 582.349946][ T5777] ? pr_cont_work+0x560/0x560 [ 582.354701][ T5777] ? kthread_blkcg+0xd0/0xd0 [ 582.359358][ T5777] ret_from_fork+0x48/0x80 [ 582.363850][ T5777] ? kthread_blkcg+0xd0/0xd0 [ 582.368522][ T5777] ret_from_fork_asm+0x11/0x20 [ 582.373418][ T5777] [ 582.385524][ T5777] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 582.400050][ T5777] Bluetooth: hci3: failed to register connection device [ 582.762737][T11529] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1807'. [ 582.772824][T11529] netlink: 'syz.2.1807': attribute type 18 has an invalid length. [ 582.785954][T11529] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1807'. [ 583.142195][T11542] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1812'. [ 584.569985][T11572] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1823'. [ 584.622878][T11576] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1826'. [ 584.937665][T11591] netlink: 'syz.3.1833': attribute type 2 has an invalid length. [ 585.112380][T11598] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1836'. [ 585.480629][T11616] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1843'. [ 585.563943][T11620] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1845'. [ 586.027099][T11639] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1854'. [ 587.338346][T11665] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1865'. [ 593.580427][T11769] fuse: Bad value for 'fd' [ 602.580307][T11884] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1937'. [ 605.883737][T11914] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1952'. [ 606.233136][T11920] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1954'. [ 608.135285][T11949] kAFS: unable to lookup cell '.' [ 608.614767][T11965] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1966'. [ 609.044992][T11968] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1970'. [ 610.085234][T11980] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1974'. [ 611.005164][ T27] kauditd_printk_skb: 9 callbacks suppressed [ 611.005177][ T27] audit: type=1326 audit(2000000125.437:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11983 comm="syz.4.1976" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa54a79bf79 code=0x0 [ 611.524055][T11999] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1981'. [ 611.557483][T12001] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1983'. [ 613.631721][T12026] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1992'. [ 614.876676][T12043] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1998'. [ 616.710800][T12064] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2006'. [ 616.898666][T12075] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2009'. [ 617.106131][ T5778] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260 [ 618.752703][T12097] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2018'. [ 618.845230][T12100] netlink: 'syz.4.2022': attribute type 1 has an invalid length. [ 621.635682][T12127] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2031'. [ 621.680271][T12129] netlink: 'syz.3.2032': attribute type 1 has an invalid length. [ 624.394145][T12156] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2040'. [ 624.565779][T12162] netlink: 'syz.2.2042': attribute type 1 has an invalid length. [ 624.725879][T12169] xt_TPROXY: Can be used only with -p tcp or -p udp [ 628.110273][T12193] fuse: Bad value for 'fd' [ 628.349989][T12196] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2052'. [ 631.141265][T12220] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2058'. [ 631.158179][T12220] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2058'. [ 633.357141][T12237] netlink: 232 bytes leftover after parsing attributes in process `syz.4.2056'. [ 634.778245][T12256] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2072'. [ 638.922080][T12291] overlayfs: failed to clone lowerpath [ 638.961060][T12291] overlayfs: failed to clone lowerpath [ 639.176281][T12295] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2082'. [ 641.159891][ T27] audit: type=1326 audit(2000000153.639:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12305 comm="syz.1.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48ba19bf79 code=0x7ffc0000 [ 641.206532][ T27] audit: type=1326 audit(2000000153.667:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12305 comm="syz.1.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f48ba19bf79 code=0x7ffc0000 [ 641.214021][T12306] xt_CT: No such helper "pptp" [ 641.230263][ T27] audit: type=1326 audit(2000000153.667:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12305 comm="syz.1.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48ba19bf79 code=0x7ffc0000 [ 641.266709][ T27] audit: type=1326 audit(2000000153.667:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12305 comm="syz.1.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48ba19bf79 code=0x7ffc0000 [ 641.357193][ T27] audit: type=1326 audit(2000000153.667:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12305 comm="syz.1.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=424 compat=0 ip=0x7f48ba19bf79 code=0x7ffc0000 [ 641.406097][ T27] audit: type=1326 audit(2000000153.667:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12305 comm="syz.1.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48ba19bf79 code=0x7ffc0000 [ 642.670457][T12328] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2092'. [ 643.812167][T12335] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2093'. [ 643.828701][T12335] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2093'. [ 646.260743][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 646.267728][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 647.376188][T12385] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2107'. [ 647.392822][T12385] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2107'. [ 652.661268][T12429] overlay: Unknown parameter '/' [ 657.300328][T12496] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2144'. [ 671.257738][T12662] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2200'. [ 673.091912][ C0] af_packet: tpacket_rcv: packet too big, clamped from 40 to 4294967272. macoff=96 [ 679.103514][T12755] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 679.118204][T12755] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 679.130252][T12755] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 679.138422][T12755] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 679.148480][T12755] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 679.156132][T12755] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 679.279485][T12765] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2223'. [ 679.504524][T12754] chnl_net:caif_netlink_parms(): no params data found [ 679.666063][T12754] bridge0: port 1(bridge_slave_0) entered blocking state [ 679.688106][T12754] bridge0: port 1(bridge_slave_0) entered disabled state [ 679.695660][T12754] bridge_slave_0: entered allmulticast mode [ 679.704002][T12754] bridge_slave_0: entered promiscuous mode [ 679.714584][T12754] bridge0: port 2(bridge_slave_1) entered blocking state [ 679.723181][T12754] bridge0: port 2(bridge_slave_1) entered disabled state [ 679.730915][T12754] bridge_slave_1: entered allmulticast mode [ 679.738661][T12754] bridge_slave_1: entered promiscuous mode [ 679.879597][T12754] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 679.944048][T12754] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 680.267741][T12754] team0: Port device team_slave_0 added [ 680.281499][T12785] 9pnet_fd: Insufficient options for proto=fd [ 680.282315][T12754] team0: Port device team_slave_1 added [ 680.409359][T12754] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 680.416661][T12754] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 680.446452][T12754] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 680.542918][T12754] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 680.550120][T12754] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 681.515215][ T5778] Bluetooth: hci4: command tx timeout [ 681.624074][T12754] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 681.739559][T12754] hsr_slave_0: entered promiscuous mode [ 681.751858][T12754] hsr_slave_1: entered promiscuous mode [ 681.766858][T12754] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 681.782189][T12754] Cannot create hsr debugfs directory [ 681.899999][ T49] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 682.032621][ T49] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 682.217914][ T49] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 682.237857][T12809] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2236'. [ 682.306353][ T49] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 683.428994][ T49] tipc: Left network mode [ 683.698740][ T5778] Bluetooth: hci4: command tx timeout [ 684.901508][T12857] autofs4:pid:12857:autofs_fill_super: called with bogus options [ 684.941409][T12754] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 684.976342][T12861] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2248'. [ 684.992195][T12754] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 685.009792][T12754] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 685.175729][T12754] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 685.474417][T12754] 8021q: adding VLAN 0 to HW filter on device bond0 [ 685.507700][T12754] 8021q: adding VLAN 0 to HW filter on device team0 [ 685.551350][ T4308] bridge0: port 1(bridge_slave_0) entered blocking state [ 685.558616][ T4308] bridge0: port 1(bridge_slave_0) entered forwarding state [ 685.572853][ T4308] bridge0: port 2(bridge_slave_1) entered blocking state [ 685.580063][ T4308] bridge0: port 2(bridge_slave_1) entered forwarding state [ 685.774598][ T49] hsr_slave_0: left promiscuous mode [ 685.814545][ T49] hsr_slave_1: left promiscuous mode [ 685.829144][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 685.856633][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 685.889266][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 685.896863][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 685.925652][ T5778] Bluetooth: hci4: command tx timeout [ 685.953705][ T49] bridge_slave_1: left allmulticast mode [ 685.959444][ T49] bridge_slave_1: left promiscuous mode [ 685.966182][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 685.993157][ T49] bridge_slave_0: left allmulticast mode [ 686.016970][ T49] bridge_slave_0: left promiscuous mode [ 686.022823][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 686.071033][ T49] veth1_macvtap: left promiscuous mode [ 686.076721][ T49] veth0_macvtap: left promiscuous mode [ 686.087645][ T49] veth1_vlan: left promiscuous mode [ 686.109361][ T49] veth0_vlan: left promiscuous mode [ 688.144793][ T5778] Bluetooth: hci4: command tx timeout [ 688.869255][ T49] team0 (unregistering): Port device team_slave_1 removed [ 688.942926][ T49] team0 (unregistering): Port device team_slave_0 removed [ 689.033505][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 689.106032][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 690.421970][ T49] bond0 (unregistering): Released all slaves [ 692.514013][T12754] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 692.566440][T12754] veth0_vlan: entered promiscuous mode [ 692.585223][T12754] veth1_vlan: entered promiscuous mode [ 692.669552][T12754] veth0_macvtap: entered promiscuous mode [ 692.687116][ T49] IPVS: stop unused estimator thread 0... [ 692.700156][T12754] veth1_macvtap: entered promiscuous mode [ 692.734593][T12754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 692.748217][T12754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.759071][T12754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 692.771150][T12754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.781991][T12754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 692.793052][T12754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.804933][T12754] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 692.819374][T12754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 692.830395][T12754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.840500][T12754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 692.869692][T12754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.879596][T12754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 692.916919][T12754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.945703][T12754] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 692.966978][T12754] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 692.987184][T12754] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 692.995944][T12754] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 693.038394][T12754] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 693.363056][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 693.379961][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 693.541065][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 693.592206][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 694.674805][ T27] audit: type=1800 audit(2000000203.645:66): pid=12974 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2219" name="file1" dev="overlay" ino=25 res=0 errno=0 [ 701.615480][T13051] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2305'. [ 702.621021][ T5778] block nbd3: Receive control failed (result -32) [ 702.634356][T13048] block nbd3: shutting down sockets [ 703.150389][T13060] loop3: detected capacity change from 0 to 512 [ 704.191143][T13060] EXT4-fs (loop3): bad geometry: first data block 1 is beyond end of filesystem (1) [ 706.560370][T13080] nftables ruleset with unbound chain [ 706.986157][T13094] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2317'. [ 707.003219][T13093] loop2: detected capacity change from 0 to 7 [ 707.024718][T13093] loop2: [ 707.031713][T13093] loop2: partition table partially beyond EOD, truncated [ 707.258220][T12755] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 707.271849][T12755] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 707.282749][T12755] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 707.294143][T12755] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 707.304070][T12755] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 707.311640][T12755] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 707.813308][T13098] chnl_net:caif_netlink_parms(): no params data found [ 707.923590][T13098] bridge0: port 1(bridge_slave_0) entered blocking state [ 707.930846][T13098] bridge0: port 1(bridge_slave_0) entered disabled state [ 707.938556][T13098] bridge_slave_0: entered allmulticast mode [ 708.012108][T13098] bridge_slave_0: entered promiscuous mode [ 709.019156][T13098] bridge0: port 2(bridge_slave_1) entered blocking state [ 709.026645][T13098] bridge0: port 2(bridge_slave_1) entered disabled state [ 709.037510][T13098] bridge_slave_1: entered allmulticast mode [ 709.047542][T13098] bridge_slave_1: entered promiscuous mode [ 709.085446][T13098] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 709.137368][T13098] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 709.235468][T13098] team0: Port device team_slave_0 added [ 709.245143][T13098] team0: Port device team_slave_1 added [ 709.390865][ T4308] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 709.433862][T13098] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 709.448559][T13098] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 709.477207][T13098] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 709.529576][ T4308] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 709.531166][T12755] Bluetooth: hci1: command tx timeout [ 709.562809][T13098] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 709.578970][T13098] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 709.707218][T13098] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 709.841416][T13098] hsr_slave_0: entered promiscuous mode [ 709.848302][T13098] hsr_slave_1: entered promiscuous mode [ 709.854640][T13098] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 709.868625][T13098] Cannot create hsr debugfs directory [ 710.034805][ T4308] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 710.866762][ T4308] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 711.040714][T13143] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2332'. [ 712.154172][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 712.162986][T12755] Bluetooth: hci1: command tx timeout [ 712.169168][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 713.488265][T13180] gretap0: entered promiscuous mode [ 713.534516][ T5838] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 713.623291][T13098] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 713.702152][T13098] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 713.716519][T13098] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 713.725905][T13098] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 713.731162][ T5838] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 713.768637][ T5838] usb 4-1: New USB device found, idVendor=056a, idProduct=0018, bcdDevice= 0.00 [ 713.821451][ T5838] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 713.879402][ T5838] usb 4-1: config 0 descriptor?? [ 714.114189][T13200] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2343'. [ 714.315556][T12755] Bluetooth: hci1: command tx timeout [ 714.353507][T13177] Bluetooth: MGMT ver 1.22 [ 714.365765][T13098] 8021q: adding VLAN 0 to HW filter on device bond0 [ 714.409442][T13098] 8021q: adding VLAN 0 to HW filter on device team0 [ 714.430480][ T5838] wacom 0003:056A:0018.0002: unbalanced collection at end of report description [ 714.457144][ T5838] wacom 0003:056A:0018.0002: parse failed [ 714.476033][ T5838] wacom: probe of 0003:056A:0018.0002 failed with error -22 [ 714.487498][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 714.494634][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 714.581511][ T4308] hsr_slave_0: left promiscuous mode [ 714.596301][ T4308] hsr_slave_1: left promiscuous mode [ 714.608229][ T4308] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 714.622579][ T4308] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 714.644156][ T5838] usb 4-1: USB disconnect, device number 3 [ 714.674875][ T4308] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 714.717237][ T4308] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 714.740736][ T4308] bridge_slave_1: left allmulticast mode [ 714.760699][ T4308] bridge_slave_1: left promiscuous mode [ 714.782986][ T4308] bridge0: port 2(bridge_slave_1) entered disabled state [ 714.822246][ T4308] bridge_slave_0: left allmulticast mode [ 714.837171][ T4308] bridge_slave_0: left promiscuous mode [ 715.656743][ T4308] bridge0: port 1(bridge_slave_0) entered disabled state [ 715.899575][ T4308] veth1_macvtap: left promiscuous mode [ 715.905176][ T4308] veth0_macvtap: left promiscuous mode [ 715.912462][ T4308] veth1_vlan: left promiscuous mode [ 715.917833][ T4308] veth0_vlan: left promiscuous mode [ 715.999739][T13218] 9pnet_fd: Insufficient options for proto=fd [ 716.560159][T12755] Bluetooth: hci1: command tx timeout [ 716.854221][T13222] binder: 13221:13222 ioctl c0306201 2000000003c0 returned -14 [ 719.088274][ T4308] team0 (unregistering): Port device team_slave_1 removed [ 719.244392][ T4308] team0 (unregistering): Port device team_slave_0 removed [ 719.343531][ T4308] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 719.455479][ T4308] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 719.975375][T13259] block nbd3: shutting down sockets [ 720.086458][ T4308] bond0 (unregistering): Released all slaves [ 720.956000][ T3471] bridge0: port 2(bridge_slave_1) entered blocking state [ 720.963120][ T3471] bridge0: port 2(bridge_slave_1) entered forwarding state [ 721.058767][T13275] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2365'. [ 721.432841][T13098] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 721.620525][T13098] veth0_vlan: entered promiscuous mode [ 721.635037][T13098] veth1_vlan: entered promiscuous mode [ 722.660835][ T4308] IPVS: stop unused estimator thread 0... [ 722.694038][T13098] veth0_macvtap: entered promiscuous mode [ 722.725446][T13098] veth1_macvtap: entered promiscuous mode [ 722.766147][T13098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.777402][T13098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.789896][T13098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.803729][T13098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.813657][T13098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.827205][T13098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.839480][T13098] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 722.850650][T13098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 722.874080][T13098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.885301][T13098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 722.907421][T13098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.929160][T13098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 722.947086][T13098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.976171][T13098] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 723.005078][T13303] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2375'. [ 723.037251][T13098] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.048760][T13098] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.078974][T13098] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.127780][T13098] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.806944][ T2966] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 723.822810][ T2966] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 724.926338][ T991] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 724.958026][ T991] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 725.910424][T12708] syz_tun (unregistering): left promiscuous mode [ 726.108079][ T27] audit: type=1800 audit(2000000233.082:67): pid=13314 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2316" name="/" dev="fuse" ino=4 res=0 errno=0 [ 726.181151][ T5778] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 726.213195][ T5778] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 726.224390][ T5778] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 726.240548][ T5778] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 726.255577][ T5778] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 726.265342][ T5778] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 726.326212][ T4308] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 726.413687][T13328] xfs: Unknown parameter 'nÞÃý•–Áy' [ 726.472329][ T4308] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 726.490938][T13332] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2383'. [ 726.527260][T13332] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2383'. [ 726.600617][ T4308] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 726.658348][T13332] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2383'. [ 726.836296][ T4308] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 727.994395][ T4308] ip6gretap0 (unregistering): left promiscuous mode [ 728.514669][ T5778] Bluetooth: hci0: command tx timeout [ 729.082428][T13319] chnl_net:caif_netlink_parms(): no params data found [ 729.272664][ T5854] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 729.337291][T13319] bridge0: port 1(bridge_slave_0) entered blocking state [ 729.355591][T13319] bridge0: port 1(bridge_slave_0) entered disabled state [ 729.384651][T13319] bridge_slave_0: entered allmulticast mode [ 729.396613][T13319] bridge_slave_0: entered promiscuous mode [ 729.452127][T13319] bridge0: port 2(bridge_slave_1) entered blocking state [ 729.464165][T13319] bridge0: port 2(bridge_slave_1) entered disabled state [ 729.473045][T13319] bridge_slave_1: entered allmulticast mode [ 729.483301][T13319] bridge_slave_1: entered promiscuous mode [ 729.520306][ T5854] usb 4-1: config 0 has an invalid interface number: 111 but max is 0 [ 729.558282][ T5854] usb 4-1: config 0 has no interface number 0 [ 729.575892][ T5854] usb 4-1: New USB device found, idVendor=05a9, idProduct=8065, bcdDevice=41.96 [ 729.607715][ T5854] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 729.635164][ T5854] usb 4-1: config 0 descriptor?? [ 729.652326][ T5854] gspca_main: ov534_9-2.14.0 probing 05a9:8065 [ 729.771234][T13319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 729.795989][T13319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 729.840535][T13319] team0: Port device team_slave_0 added [ 729.852110][T13319] team0: Port device team_slave_1 added [ 729.995892][T13319] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 730.004506][T13319] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 730.033272][T13400] Unsupported ieee802154 address type: 0 [ 730.040551][T13319] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 730.054406][T13319] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 730.061465][T13319] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 730.089172][T13319] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 730.256231][T13319] hsr_slave_0: entered promiscuous mode [ 730.263457][T13319] hsr_slave_1: entered promiscuous mode [ 730.272178][T13319] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 730.282973][T13319] Cannot create hsr debugfs directory [ 730.420409][ T4308] hsr_slave_0: left promiscuous mode [ 730.427787][ T4308] hsr_slave_1: left promiscuous mode [ 730.434070][ T4308] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 730.444243][ T4308] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 730.454321][ T4308] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 731.217233][ T5854] gspca_ov534_9: reg_w failed -110 [ 731.227400][ T5778] Bluetooth: hci0: command tx timeout [ 731.257665][ T4308] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 731.290806][ T4308] bridge_slave_1: left allmulticast mode [ 731.301187][ T4308] bridge_slave_1: left promiscuous mode [ 731.317617][ T4308] bridge0: port 2(bridge_slave_1) entered disabled state [ 731.343047][ T4308] bridge_slave_0: left allmulticast mode [ 731.355859][ T4308] bridge_slave_0: left promiscuous mode [ 731.376694][ T4308] bridge0: port 1(bridge_slave_0) entered disabled state [ 731.465837][ T4308] veth1_macvtap: left promiscuous mode [ 731.471460][ T4308] veth0_macvtap: left promiscuous mode [ 731.477571][ T4308] veth1_vlan: left promiscuous mode [ 732.789073][ T5854] gspca_ov534_9: Unknown sensor 0000 [ 732.789236][ T5854] ov534_9: probe of 4-1:0.111 failed with error -22 [ 732.863062][ T5854] usb 4-1: USB disconnect, device number 4 [ 733.386973][ T5778] Bluetooth: hci0: command tx timeout [ 734.710935][ T4308] team0 (unregistering): Port device team_slave_1 removed [ 734.825939][ T4308] team0 (unregistering): Port device team_slave_0 removed [ 734.901830][ T4308] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 734.978284][ T4308] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 735.564899][ T4308] bond0 (unregistering): Released all slaves [ 735.611738][ T5778] Bluetooth: hci0: command tx timeout [ 735.693878][T13444] Bluetooth: MGMT ver 1.22 [ 735.698548][T13444] Bluetooth: hci0: invalid length 0, exp 2 for type 6 [ 735.727321][T13417] netlink: 'syz.3.2406': attribute type 2 has an invalid length. [ 736.470891][T13467] xt_NFQUEUE: number of queues (8) out of range (got 65537) [ 737.484703][T13470] 8021q: adding VLAN 0 to HW filter on device bond0 [ 737.497085][T13470] bond0: (slave rose0): Enslaving as an active interface with an up link [ 738.129086][T13319] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 738.168291][T13319] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 738.211312][T13319] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 738.254509][T13319] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 738.637909][T13319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 738.695195][T13319] 8021q: adding VLAN 0 to HW filter on device team0 [ 738.717204][ T2966] bridge0: port 1(bridge_slave_0) entered blocking state [ 738.724428][ T2966] bridge0: port 1(bridge_slave_0) entered forwarding state [ 738.764125][ T2966] bridge0: port 2(bridge_slave_1) entered blocking state [ 738.771357][ T2966] bridge0: port 2(bridge_slave_1) entered forwarding state [ 738.822989][T13319] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 738.857606][T13319] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 739.209199][T13319] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 739.328690][T13319] veth0_vlan: entered promiscuous mode [ 739.368200][T13319] veth1_vlan: entered promiscuous mode [ 739.634459][T13319] veth0_macvtap: entered promiscuous mode [ 739.772996][T13319] veth1_macvtap: entered promiscuous mode [ 740.172212][T13319] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 740.205175][T13319] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.233275][T13319] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 740.261237][T13319] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.479633][T13319] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 740.490358][T13319] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.983382][T13319] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 741.498154][T13319] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 741.498208][T13319] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 741.498219][T13319] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 741.498230][T13319] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 741.498240][T13319] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 741.498251][T13319] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 741.499638][T13319] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 741.517128][T13319] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 741.517163][T13319] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 741.517187][T13319] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 741.517211][T13319] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 741.925598][ T4308] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 741.925652][ T4308] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 742.678767][ T4308] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 742.678788][ T4308] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 743.671377][ T5854] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 743.920112][ T5854] usb 3-1: config index 0 descriptor too short (expected 39, got 27) [ 743.930862][ T5854] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 743.960232][ T5854] usb 3-1: config 0 interface 0 altsetting 251 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 743.986448][ T5854] usb 3-1: config 0 interface 0 has no altsetting 0 [ 744.012233][ T5854] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 744.027439][ T5854] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 744.046059][ T5854] usb 3-1: Product: syz [ 744.053883][ T5854] usb 3-1: Manufacturer: syz [ 744.064714][ T5854] usb 3-1: SerialNumber: syz [ 744.083689][ T5854] usb 3-1: config 0 descriptor?? [ 744.097606][ T5854] hub 3-1:0.0: bad descriptor, ignoring hub [ 744.109929][ T5854] hub: probe of 3-1:0.0 failed with error -5 [ 744.191468][ T5854] snd-usb-audio: probe of 3-1:0.0 failed with error -22 [ 744.252140][T13348] udevd[13348]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 746.839115][T13625] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 746.852670][T13625] Error parsing options; rc = [-22] [ 748.314198][T12899] usb 3-1: USB disconnect, device number 3 [ 748.521847][T13675] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 749.872540][T13688] loop1: detected capacity change from 0 to 512 [ 750.056799][T13688] EXT4-fs (loop1): bad geometry: first data block 1 is beyond end of filesystem (1) [ 751.251588][ T5830] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 751.465057][ T5830] usb 2-1: Using ep0 maxpacket: 16 [ 751.497245][ T5830] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 751.512867][ T5830] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 751.524691][ T5830] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 751.547610][ T5830] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 751.582126][ T5830] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 751.600933][ T5830] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 751.613176][ T5830] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 751.631215][ T5830] usb 2-1: Manufacturer: syz [ 751.640481][ T5830] usb 2-1: config 0 descriptor?? [ 751.956734][ T5830] rc_core: IR keymap rc-hauppauge not found [ 751.962805][ T5830] Registered IR keymap rc-empty [ 751.968190][ T5830] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 751.999458][ T5830] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 752.037189][ T5830] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 752.128477][ T5830] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input7 [ 752.194811][ T5830] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 752.236938][ T5830] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 752.278442][ T5830] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 752.310674][ T5830] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 752.342962][ T5830] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 752.376576][ T5830] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 752.417344][ T5830] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 752.451859][ T5830] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 752.518556][ T5830] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 752.555895][ T5830] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 752.609822][ T5830] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 752.619032][ T5830] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 752.659739][ T5830] usb 2-1: USB disconnect, device number 3 [ 753.445808][T13727] loop3: detected capacity change from 0 to 512 [ 753.487503][T13727] EXT4-fs (loop3): bad geometry: first data block 1 is beyond end of filesystem (1) [ 756.619112][T13729] xt_CT: No such helper "pptp" [ 756.723739][T13737] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2475'. [ 756.993582][T13747] overlay: ./bus is not a directory [ 760.324080][T13749] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 762.010622][T13790] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2488'. [ 762.019677][T13790] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2488'. [ 762.829439][T13789] xt_CT: No such helper "pptp" [ 763.105087][T13801] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2491'. [ 765.461308][T10968] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 765.721622][T10968] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 765.744824][T10968] usb 2-1: config 0 interface 0 has no altsetting 0 [ 765.765582][T10968] usb 2-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=b1.f9 [ 765.777545][T10968] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 765.790471][T10968] usb 2-1: Product: syz [ 765.794509][ T42] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 765.794651][T10968] usb 2-1: Manufacturer: syz [ 765.808708][T10968] usb 2-1: SerialNumber: syz [ 765.820890][T10968] usb 2-1: config 0 descriptor?? [ 765.850029][T10968] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state. [ 765.912528][T10968] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 765.941723][T10968] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0) [ 765.961732][T10968] usb 2-1: media controller created [ 766.004628][ T42] usb 4-1: Using ep0 maxpacket: 16 [ 766.017895][ T42] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 766.035437][T10968] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 766.039385][ T42] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 766.073203][ T42] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 766.089163][ T42] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 766.137417][ T42] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 766.165795][ T42] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 766.179124][ T42] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 766.187911][ T42] usb 4-1: Manufacturer: syz [ 766.207423][T10968] DVB: Unable to find symbol tda10046_attach() [ 766.213657][T10968] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0' [ 766.249888][T10968] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected. [ 766.379811][ T42] usb 4-1: config 0 descriptor?? [ 766.725594][T13855] xt_CT: No such helper "pptp" [ 766.732950][ T42] rc_core: IR keymap rc-hauppauge not found [ 766.738913][ T42] Registered IR keymap rc-empty [ 766.762699][ T42] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 766.817099][ T42] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 766.885338][ T42] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 766.920373][ T42] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input9 [ 766.969646][ T42] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 767.006521][ C1] rc rc0: IR event FIFO is full! [ 767.011536][ C1] rc rc0: IR event FIFO is full! [ 767.016512][ C1] rc rc0: IR event FIFO is full! [ 767.021469][ C1] rc rc0: IR event FIFO is full! [ 767.026485][ C1] rc rc0: IR event FIFO is full! [ 767.031443][ C1] rc rc0: IR event FIFO is full! [ 767.041057][ C1] rc rc0: IR event FIFO is full! [ 767.046056][ C1] rc rc0: IR event FIFO is full! [ 767.051018][ C1] rc rc0: IR event FIFO is full! [ 767.055974][ C1] rc rc0: IR event FIFO is full! [ 767.060933][ C1] rc rc0: IR event FIFO is full! [ 767.073019][ C1] rc rc0: IR event FIFO is full! [ 767.078032][ C1] rc rc0: IR event FIFO is full! [ 767.082997][ C1] rc rc0: IR event FIFO is full! [ 767.087958][ C1] rc rc0: IR event FIFO is full! [ 767.092917][ C1] rc rc0: IR event FIFO is full! [ 767.098624][ C1] rc rc0: IR event FIFO is full! [ 767.103601][ C1] rc rc0: IR event FIFO is full! [ 767.108565][ C1] rc rc0: IR event FIFO is full! [ 767.115964][ C1] rc rc0: IR event FIFO is full! [ 767.120968][ C1] rc rc0: IR event FIFO is full! [ 767.125936][ C1] rc rc0: IR event FIFO is full! [ 767.130903][ C1] rc rc0: IR event FIFO is full! [ 767.135860][ C1] rc rc0: IR event FIFO is full! [ 767.140829][ C1] rc rc0: IR event FIFO is full! [ 767.148226][ C1] rc rc0: IR event FIFO is full! [ 767.153214][ C1] rc rc0: IR event FIFO is full! [ 767.158419][ C1] rc rc0: IR event FIFO is full! [ 767.163393][ C1] rc rc0: IR event FIFO is full! [ 767.168360][ C1] rc rc0: IR event FIFO is full! [ 767.173335][ C1] rc rc0: IR event FIFO is full! [ 767.178299][ C1] rc rc0: IR event FIFO is full! [ 767.183256][ C1] rc rc0: IR event FIFO is full! [ 767.188221][ C1] rc rc0: IR event FIFO is full! [ 767.193853][ C1] rc rc0: IR event FIFO is full! [ 767.198821][ C1] rc rc0: IR event FIFO is full! [ 767.203774][ C1] rc rc0: IR event FIFO is full! [ 767.208722][ C1] rc rc0: IR event FIFO is full! [ 767.213647][ C1] rc rc0: IR event FIFO is full! [ 767.219857][T10968] dvb_usb_m920x: probe of 2-1:0.0 failed with error -71 [ 767.221355][ C1] rc rc0: IR event FIFO is full! [ 767.231885][ C1] rc rc0: IR event FIFO is full! [ 767.232337][T10968] usb 2-1: USB disconnect, device number 4 [ 767.236821][ C1] rc rc0: IR event FIFO is full! [ 767.236836][ C1] rc rc0: IR event FIFO is full! [ 767.236847][ C1] rc rc0: IR event FIFO is full! [ 767.236858][ C1] rc rc0: IR event FIFO is full! [ 767.236877][ C1] rc rc0: IR event FIFO is full! [ 767.267270][ C1] rc rc0: IR event FIFO is full! [ 767.272205][ C1] rc rc0: IR event FIFO is full! [ 767.277135][ C1] rc rc0: IR event FIFO is full! [ 767.282062][ C1] rc rc0: IR event FIFO is full! [ 767.288808][ C1] rc rc0: IR event FIFO is full! [ 767.293798][ C1] rc rc0: IR event FIFO is full! [ 767.298764][ C1] rc rc0: IR event FIFO is full! [ 767.303728][ C1] rc rc0: IR event FIFO is full! [ 767.308695][ C1] rc rc0: IR event FIFO is full! [ 767.314200][T13867] rc rc0: two consecutive events of type pulse [ 767.343608][ T42] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 767.395982][ T42] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 767.449554][ T42] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 767.522225][ T42] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 767.576834][ T42] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 767.619107][ T42] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 767.671425][ T42] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 767.725533][ T42] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 767.768062][ T42] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 767.817274][ T42] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 767.830174][ T42] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 767.864254][ T42] usb 4-1: USB disconnect, device number 5 [ 767.945500][T13870] comedi comedi3: 8255: I/O port conflict (0x8,4) [ 767.996790][T13870] comedi comedi3: 8255: I/O port conflict (0xa,4) [ 768.020995][T13870] comedi comedi3: 8255: I/O port conflict (0xffffffffffffffff,4) [ 768.046021][T13870] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 768.052580][T13870] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 768.067290][T13870] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 768.084736][T13870] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 768.096775][T13870] comedi comedi3: 8255: I/O port conflict (0xfffffffffffff000,4) [ 768.120854][T13870] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4) [ 768.128654][T13870] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 768.158311][T13870] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 768.166569][T13870] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 768.173172][T13870] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 768.183270][T13870] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4) [ 768.192643][T13870] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4) [ 768.315708][ T41] ------------[ cut here ]------------ [ 768.321695][ T41] WARNING: CPU: 0 PID: 41 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 768.332763][ T41] Modules linked in: [ 768.336741][ T41] CPU: 0 PID: 41 Comm: kworker/u4:2 Not tainted syzkaller #0 [ 768.344138][ T41] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 768.354458][ T41] Workqueue: phy17 ieee80211_csa_finalize_work [ 768.356889][ T11] ------------[ cut here ]------------ [ 768.360908][ T41] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 768.366404][ T11] WARNING: CPU: 1 PID: 11 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 768.366434][ T11] Modules linked in: [ 768.366450][ T11] CPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted syzkaller #0 [ 768.366466][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 768.373823][ T41] Code: 48 89 df e8 8a 05 d8 f7 e9 dc fc ff ff e8 90 dc 7f f7 eb 24 e8 89 dc 7f f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 78 dc 7f f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 6a dc 7f f7 48 8b 7c 24 08 4c 8b 7c [ 768.373843][ T41] RSP: 0018:ffffc90000b1f9c0 EFLAGS: 00010293 [ 768.373864][ T41] RAX: ffffffff8a07332e RBX: 0000000000000001 RCX: ffff88801d269e00 [ 768.373879][ T41] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 768.373891][ T41] RBP: dffffc0000000000 R08: ffff888067abd5af R09: 1ffff1100cf57ab5 [ 768.373905][ T41] R10: dffffc0000000000 R11: ffffed100cf57ab6 R12: 0000000000000001 [ 768.373919][ T41] R13: ffff888067abe5d9 R14: ffff8880580fac70 R15: ffff8880580face8 [ 768.373934][ T41] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 768.373950][ T41] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 768.373964][ T41] CR2: 0000200000000540 CR3: 000000006c75b000 CR4: 00000000003506f0 [ 768.373981][ T41] Call Trace: [ 768.373991][ T41] [ 768.374016][ T41] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 768.374044][ T41] ieee80211_csa_finalize+0x5a6/0xf20 [ 768.374064][ T41] ? mutex_lock_nested+0x20/0x20 [ 768.374090][ T41] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 768.374110][ T41] ? ieee80211_csa_finalize_work+0x140/0x140 [ 768.374132][ T41] ? read_lock_is_recursive+0x20/0x20 [ 768.374162][ T41] ieee80211_csa_finalize_work+0xf6/0x140 [ 768.374185][ T41] ? process_scheduled_works+0x96f/0x15d0 [ 768.374207][ T41] process_scheduled_works+0xa5d/0x15d0 [ 768.374256][ T41] ? assign_work+0x430/0x430 [ 768.374281][ T41] ? assign_work+0x3d0/0x430 [ 768.374309][ T41] worker_thread+0xa55/0xfc0 [ 768.374355][ T41] kthread+0x2fa/0x390 [ 768.385292][ T11] Workqueue: phy18 ieee80211_csa_finalize_work [ 768.389278][ T41] ? pr_cont_work+0x560/0x560 [ 768.396590][ T11] [ 768.396600][ T11] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 768.406671][ T41] ? kthread_blkcg+0xd0/0xd0 [ 768.406692][ T41] ret_from_fork+0x48/0x80 [ 768.406714][ T41] ? kthread_blkcg+0xd0/0xd0 [ 768.406733][ T41] ret_from_fork_asm+0x11/0x20 [ 768.406780][ T41] [ 768.406791][ T41] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 768.406801][ T41] CPU: 0 PID: 41 Comm: kworker/u4:2 Not tainted syzkaller #0 [ 768.406817][ T41] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 768.406827][ T41] Workqueue: phy17 ieee80211_csa_finalize_work [ 768.406847][ T41] Call Trace: [ 768.406854][ T41] [ 768.406861][ T41] dump_stack_lvl+0x18c/0x250 [ 768.406887][ T41] ? show_regs_print_info+0x20/0x20 [ 768.406910][ T41] ? load_image+0x400/0x400 [ 768.406941][ T41] panic+0x2dc/0x730 [ 768.406962][ T41] ? bpf_jit_dump+0xd0/0xd0 [ 768.406989][ T41] ? ret_from_fork_asm+0x11/0x20 [ 768.407015][ T41] __warn+0x2e0/0x470 [ 768.407029][ T41] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 768.407050][ T41] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 768.407067][ T41] report_bug+0x2be/0x4f0 [ 768.407089][ T41] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 768.407106][ T41] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 768.407124][ T41] ? ieee80211_vif_use_reserved_switch+0x10ea/0x28f0 [ 768.407142][ T41] handle_bug+0xcf/0x120 [ 768.407163][ T41] exc_invalid_op+0x1a/0x50 [ 768.407185][ T41] asm_exc_invalid_op+0x1a/0x20 [ 768.407202][ T41] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 768.407220][ T41] Code: 48 89 df e8 8a 05 d8 f7 e9 dc fc ff ff e8 90 dc 7f f7 eb 24 e8 89 dc 7f f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 78 dc 7f f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 6a dc 7f f7 48 8b 7c 24 08 4c 8b 7c [ 768.407234][ T41] RSP: 0018:ffffc90000b1f9c0 EFLAGS: 00010293 [ 768.407248][ T41] RAX: ffffffff8a07332e RBX: 0000000000000001 RCX: ffff88801d269e00 [ 768.407260][ T41] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 768.407269][ T41] RBP: dffffc0000000000 R08: ffff888067abd5af R09: 1ffff1100cf57ab5 [ 768.407281][ T41] R10: dffffc0000000000 R11: ffffed100cf57ab6 R12: 0000000000000001 [ 768.407292][ T41] R13: ffff888067abe5d9 R14: ffff8880580fac70 R15: ffff8880580face8 [ 768.407311][ T41] ? ieee80211_vif_use_reserved_switch+0xcee/0x28f0 [ 768.407349][ T41] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 768.407372][ T41] ieee80211_csa_finalize+0x5a6/0xf20 [ 768.407390][ T41] ? mutex_lock_nested+0x20/0x20 [ 768.407414][ T41] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 768.407432][ T41] ? ieee80211_csa_finalize_work+0x140/0x140 [ 768.407451][ T41] ? read_lock_is_recursive+0x20/0x20 [ 768.407477][ T41] ieee80211_csa_finalize_work+0xf6/0x140 [ 768.407496][ T41] ? process_scheduled_works+0x96f/0x15d0 [ 768.407516][ T41] process_scheduled_works+0xa5d/0x15d0 [ 768.407563][ T41] ? assign_work+0x430/0x430 [ 768.407588][ T41] ? assign_work+0x3d0/0x430 [ 768.407613][ T41] worker_thread+0xa55/0xfc0 [ 768.407658][ T41] kthread+0x2fa/0x390 [ 768.407672][ T41] ? pr_cont_work+0x560/0x560 [ 768.407692][ T41] ? kthread_blkcg+0xd0/0xd0 [ 768.407707][ T41] ret_from_fork+0x48/0x80 [ 768.407724][ T41] ? kthread_blkcg+0xd0/0xd0 [ 768.407740][ T41] ret_from_fork_asm+0x11/0x20 [ 768.407780][ T41] [ 768.426894][ T41] Kernel Offset: disabled