last executing test programs: 25.796917815s ago: executing program 4 (id=513): socket$kcm(0x10, 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x1a3, 0x655c, 0x4, 0x40, 0x7fffffff, 0x7fffffff, 0x80, 0xffffffff, 0x1}}}}]}, 0x58}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {0xe}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x15864}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x11}, 0x4000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 25.406495306s ago: executing program 4 (id=518): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x6}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_QUANTUM={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c) 24.957592306s ago: executing program 4 (id=521): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x8080, &(0x7f00000000c0)={0xa, 0x4e23, 0x9, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x5}, 0x1c) 24.696090951s ago: executing program 4 (id=526): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000fefffe7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000c9be17044171e1d3d7b1efd036d7af273bce36015779c4cef58fa35d17c668a4b63e069efb29797573b8538e31ec24925095a163b9d4e76be2661f2a395e41f7e31a8021e00b00104e0801d4de36e5fdc6c42a7b3ff13f2360a6e231fd223bc33091dd61258a1fda45991fbdce6793c8a4785ee8b60092659b941bbd694dff0f0000000000003a45404b04bf97c4fea679c032b363956cd8bac9626b5db1b07a0bd7cc85e961506a35a04617dc0200379e731d3a8d8feac94a4ee293001f6ce7d5b40bf2a7f9be8173a9639a79fae885d05afe042c0e7821d406c967379e7521292d24d6c8034f2fc7c855a8945e9bce678ee9a015abc9daac8876623db56346916674ceb55f60b493f2f4d736acb2f206fc538450a676d71c01175b8454eb92567e8f8a707b590d7219288e23ee0800000000000010a49fc8f4ff0300000000000000000000cb947d6017ad27714772ad790af252e648ef8c313c604324f5b306000000000000cf327a00000000000000080a70162bba30ad7804fa4140f1a754ffff000000ab744d306619dfb3a37d897662bee00189f43da46a908a235c84cbad335fd1d2f2ef93a6a70c8b8ece0e243eab05a34ab0a7e7e497065e5e282e284f8d5e8852a265d528075214af000000000070d42182d8f3a347d48289a8b29b911ac473c5fa02bb0e24e5b7b238e27263a23c0b865f75331d888c72df1da4b290582f00024227f03204add786a87b23ceb17c25810e769fe2d6a7bd8e504843b66b1a8c7b364bd2194ba9c8f60ac0c9b18d8c1b9e1a736825c91b4dff0000c1c5dcffa295c2930000000000235d84b0193a5ea7c77cdb7de9ce1a59ab4158097b4dd13ebfaf4425c6855530b56a3320d85c8fe85f667998b1a7e589f486c107761108e4e230419fd27b6ad9c10b25c6b6ed84badbb970dcf133279dd355e41de944564bdab99c5c712a9fbc8e9691c775bb94f746505e1e748cf1710d52468b4b1625ce21612ed5e807dfb5f19f3267e5366b2c0b2a0be49ae476263c9407ac6c596bf3cf66204984f5aebf93d1caa220ea6969cea852fe9a7d1eee13f1f48722a69ad9fb850bd093a302b9250245900ad5c8e5f20ddf77ee3d5a168964fad1aa7347d36c502d02b1d96d753ef6fc354fc126070060c65c147651fca62c0a06939f40c90ebc3042e753fe91b5770b24f25c558736dd7e1e9fb214cbb04c5c6ee4c970b320ba6fb6ef4615f4092de54c519f4622e1224153463ea80248a45a95a189958f586d606dcaa9aac656cf95a2d35225cfb0e6f47486d5cbb04a590116d4de92e203e107d68728a189b0d537d2442beab2f8ce7b2dd357200dcd139e47267012fc2a2b6bad79be429d1ddaccbe0139f16ca1b9bc1103000000ed1ece54cfdbe04670bee9b42fe3dc42033997e2e700b6edb2b49b5f2f6001ee0a9e5d1bee199ce9124a5cb479040000000000000049ead5b02d5ea1dcf6cdcf332fe94b3c1932d8d391754774a32c9b7e6ca4023bce2c7281d27a2cb62383ab3a3bb535650fbfb96c89936855eb7a485698f0d20c3eedd6123ef8f218d52ea2c346f80acb8b9a71856d2f2d1a7c6f45ee127b6a1d1ac1e243ed02e49e8aafe835919564af915965a050c37ceff855bd2dec3452c7c38f5dbf1ff1ff00020000000000006a1a029ea6540b40b2f797813af2c7d4ed235c2dc5f1dbbfcc52b2f55fd3f9f100c4891d0cb4c10ed01489bf235c458225"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="02"], 0x10) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@cgroup, 0x2, 0x0, 0x0, &(0x7f0000000280)=[0x0], 0x1, 0x0, &(0x7f00000014c0), 0x0, 0x0}, 0x40) 24.478561373s ago: executing program 4 (id=530): socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) socket$packet(0x11, 0x2, 0x300) r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0xd, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x34}, 'sit0\x00'}}, 0x1e) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x40a40, 0x0) ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f0000000040)=0x2) ioctl$PPPIOCBRIDGECHAN(r2, 0x40047435, &(0x7f0000000200)=0x1) 24.14671476s ago: executing program 4 (id=532): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000c"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) getrlimit(0xa, 0x0) 4.929676368s ago: executing program 3 (id=654): mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x8, 0x2000000000032, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f00000000c0)={0x3, 0x10}, 0x2) 4.71494973s ago: executing program 3 (id=656): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@updpolicy={0xb8, 0x14, 0x1, 0x0, 0x0, {{@in=@multicast2, @in6=@private1}, {}, {0x0, 0x10000}}}, 0xb8}}, 0x0) 4.42588227s ago: executing program 3 (id=659): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 4.232270865s ago: executing program 3 (id=661): openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x20, &(0x7f0000000180)={&(0x7f0000000340)=""/226, 0xe2, 0x0, 0x0}}, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_LBT_MODE(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)={0x14, 0x0, 0x4}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000cc0), r1) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000012c0), r1) sendmsg$NLBL_MGMT_C_VERSION(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000240)={0x24, r2, 0xf03, 0x0, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0xf, 0x1, '\xc5pD7\x92x\\\xd8R\xa4\x1d'}]}, 0x24}}, 0x0) 3.705514914s ago: executing program 3 (id=665): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r2, @ANYBLOB="0a0001000000648a63ffdac0b2ffc742a61a2e86a02393f3de08"], 0x48}}, 0x0) 3.513056069s ago: executing program 2 (id=667): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x4004000) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000100)={'ip6_vti0\x00', &(0x7f0000000140)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x7e, 0x8, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, @loopback={0x0, 0xffff888101827518}, 0x80, 0x8000, 0x5}}) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f0000000200)) syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r1) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)) ioctl$SIOCSIFHWADDR(r4, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"}) socketpair$unix(0x1, 0x2, 0x0, 0x0) r5 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r5, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r6 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r6, 0x10f, 0x87, &(0x7f00000008c0), 0x43) recvmsg(r5, 0x0, 0x101a0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602ab1100000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 3.242752823s ago: executing program 1 (id=669): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e20}, @IFLA_GRE_ENCAP_FLAGS={0x6, 0xf, 0x7}]}}}]}, 0x44}}, 0x0) 3.242486163s ago: executing program 3 (id=670): unshare(0x68040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfffff000) socket$alg(0x26, 0x5, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40201, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000080)={'syzkaller1\x00', @link_local}) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r2 = socket$kcm(0x29, 0x5, 0x0) r3 = socket$inet6(0xa, 0x3, 0xff) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}], 0x1) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x8ef, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) r5 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPCONNADD(r5, 0x400442c8, &(0x7f00000000c0)=ANY=[@ANYRES32=r4]) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, 0x0, 0x0) sendmsg$inet6(r3, &(0x7f0000000000)={&(0x7f00000000c0)={0xa, 0x0, 0x0, @dev}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000100)="daffc38b69363a52fe8000000000000021845a91f64fddcf51f405595faeea41974e5559ea91f7", 0x27}, {&(0x7f00000001c0)='\x00', 0x1}], 0x2}, 0xb00) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x503, 0x0, 0x0, {0x0, 0xcf, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_OFLAGS={0x6, 0x3, 0x9}]}}}]}, 0x40}}, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000009, 0x200000006c832, 0xffffffffffffffff, 0x0) getsockopt$kcm_KCM_RECV_DISABLE(r2, 0x119, 0x1, 0x0, 0x20000007) 3.169094769s ago: executing program 1 (id=671): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 3.04509081s ago: executing program 1 (id=672): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) getsockname$packet(r0, 0x0, &(0x7f0000000000)) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x48c0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f00000005c0)={'syztnl0\x00', &(0x7f0000000880)={'syztnl1\x00', 0x0, 0x29, 0x1, 0xb7, 0x200, 0x1, @private0, @private1, 0x7800, 0x80, 0x2, 0x4}}) 2.774721064s ago: executing program 2 (id=673): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f00000004c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000001c0)=r1, 0x4) sendmsg$kcm(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000300009116144f782db44b904021d08000500142603600e120900210000000401a8001600a400014006000000036010fab94dcf4f0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e012dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5d00040000d6e4edef3d93452a92954b43370e970100"/216, 0xd8}], 0x1}, 0x0) 2.186604899s ago: executing program 1 (id=676): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, &(0x7f0000000380)={0x0, 0x8c}, 0x8) sendmmsg$inet6(r4, &(0x7f0000000480), 0x0, 0x34000811) r5 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r5, 0xffffffffffffffff}, &(0x7f0000000200), &(0x7f00000003c0)='%ps \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r5}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1f, 0x10, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000001}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04230d00c900"], 0x10) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) 1.803679931s ago: executing program 0 (id=677): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)}, 0x0) 1.766132727s ago: executing program 2 (id=678): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.006780333s ago: executing program 1 (id=679): r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r0, 0x0, 0x2) sendmsg$inet(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000fc0)="5c00000012006bab9a3fe3d86e17aa0a046b4877c4aaf68187bae53dca2ba35bda6a876c1d0048007ea608649e7524765f0ef82e3c0000a705259a3651f60a84c9f4d4938037e70e4509c5bb00000000e513aeac9bf2bee150d5fe86", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000e80)={0x0, 0x0, 0x0}, 0x40000002) 1.00650402s ago: executing program 0 (id=680): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000004000)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000040000000000000016"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x5, 0xe, 0x0, &(0x7f0000000000)='\x00'/14, 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 897.823377ms ago: executing program 0 (id=681): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) 789.75213ms ago: executing program 0 (id=682): bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000240)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000180), &(0x7f00000001c0)='%pB \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000280)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000400008500000061000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0x36, 0x0, &(0x7f0000000580)="b9ff1e076003008cb89e08f086dd0f7d78eba0b29cca00cda2d11c47e8700d74f3b7572ec4adebb4e1f97860e2f40e9b3a851b86b70b", 0x0, 0x2, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 670.475826ms ago: executing program 1 (id=683): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0xcc, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xe, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0xa0, 0x2, [@TCA_U32_CLASSID={0x8, 0x1, {0x1, 0x6}}, @TCA_U32_SEL={0x94, 0x5, {0x7, 0xef, 0x8, 0x8, 0x5, 0xc5, 0x7, 0x0, [{0x1000, 0x4, 0x401, 0x6}, {0x8, 0x7, 0x1008, 0x5}, {0xfffffff9, 0x43, 0x7ffd, 0x5}, {0x7fde, 0x40, 0x54, 0x4}, {0x5, 0x2, 0x2, 0x2}, {0x6, 0x4, 0x8, 0x8}, {0x8001, 0x0, 0x0, 0x8001}, {0x1, 0x1800000, 0xa525}]}}]}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x80}, 0x40) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 669.831695ms ago: executing program 2 (id=684): unshare(0x6020400) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000035dd2d17aedc00000000000000000085000000a0000000954838e9563a9e4d07c552dcf1e6f5cfb5b3945f910e74ebafbcfe4cac581c8473c2a47cb232b13104ce3e0fad651fbee86d047637fcea13ad43edfa748b184271729caa3a2a7ed742a24881fa1df134cece0d909d9071258ddca9dbe7bcc9ad34731b7d867dff1c128c6b2ad626e683f719acbd3a3a8813d204e88ef2b18f3da691301cb7"], &(0x7f0000000100)='syzkaller\x00', 0x7fff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000020c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x201}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x301}], {0x14}}, 0x70}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@ipv4_newrule={0x24, 0x20, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, [@FRA_GENERIC_POLICY=@FRA_SUPPRESS_IFGROUP={0x8, 0xd, 0x9}]}, 0x24}}, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000000)=0x20, 0x4) r4 = socket$nl_rdma(0x10, 0x3, 0x14) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SFACILITIES(r5, 0x89e3, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x38, 0x1412, 0x1, 0x70bd28, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x3}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1000000}]}, 0x38}, 0x1, 0x0, 0x0, 0x14}, 0x20000000) setsockopt$sock_attach_bpf(r3, 0x1, 0x34, &(0x7f00000000c0)=r0, 0x4) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_SET_FEATURE(r7, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000200)={0x20, 0x3fa, 0x4, 0x70bd2d, 0x25dfdbfe, {0x1, 0x0, 0x0, 0x1}, ["", "", ""]}, 0x20}}, 0x6088040) r8 = syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r6, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000280)={0x4c, r8, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4084}, 0x20008040) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x20040801) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="01002bbd7000ffdb0000000e0086a924b6f7d6ce7f00696d0000000f0202006e657464657673696d30000008008c0003000000"], 0x3c}, 0x1, 0x0, 0x0, 0x4000841}, 0x20000880) 542.666926ms ago: executing program 0 (id=685): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48) 364.442321ms ago: executing program 2 (id=686): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x13, 0x10, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r4, 0x0, 0x0}, 0x10) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r5}, 0x10) bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r6}, 0x8) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r4, 0x0, 0x0}, 0x10) 47.046817ms ago: executing program 0 (id=687): openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x20, &(0x7f0000000180)={&(0x7f0000000340)=""/226, 0xe2, 0x0, 0x0}}, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_LBT_MODE(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)={0x14, 0x0, 0x4}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000cc0), r3) r4 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000012c0), r3) sendmsg$NLBL_MGMT_C_VERSION(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000240)={0x24, r4, 0xf03, 0x0, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0xf, 0x1, '\xc5pD7\x92x\\\xd8R\xa4\x1d'}]}, 0x24}}, 0x0) 0s ago: executing program 2 (id=688): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f00000004c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000001c0)=r1, 0x4) sendmsg$kcm(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000300009116144f782db44b904021d08000500142603600e120900210000000401a8001600a400014006000000036010fab94dcf4f0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e012dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5d00040000d6e4edef3d93452a92954b43370e970100"/216, 0xd8}], 0x1}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.141' (ED25519) to the list of known hosts. [ 80.814142][ T5821] cgroup: Unknown subsys name 'net' [ 81.001721][ T5821] cgroup: Unknown subsys name 'cpuset' [ 81.010889][ T5821] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.533458][ T5821] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.335323][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.355662][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.363835][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.376394][ T5846] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.385639][ T5846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.394532][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.402387][ T5846] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 85.410639][ T5846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.420210][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.428743][ T5846] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.438336][ T5846] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.447229][ T5846] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.454660][ T5846] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.462748][ T5846] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.471073][ T5846] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.484182][ T55] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.502423][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.527107][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.534685][ T5851] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.536596][ T5849] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.550030][ T5850] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.558961][ T5852] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 85.560446][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.567279][ T5852] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 85.577508][ T5849] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.588588][ T5849] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.597706][ T5852] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 85.602178][ T5142] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.606328][ T5852] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 85.630365][ T5142] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.427150][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 86.537819][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 86.609234][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 86.729729][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 86.847981][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 86.862191][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.869875][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.879499][ T5833] bridge_slave_0: entered allmulticast mode [ 86.887136][ T5833] bridge_slave_0: entered promiscuous mode [ 86.950599][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.959235][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.966666][ T5833] bridge_slave_1: entered allmulticast mode [ 86.973985][ T5833] bridge_slave_1: entered promiscuous mode [ 87.168797][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.176146][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.183794][ T5839] bridge_slave_0: entered allmulticast mode [ 87.192809][ T5839] bridge_slave_0: entered promiscuous mode [ 87.203212][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.211201][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.218801][ T5839] bridge_slave_1: entered allmulticast mode [ 87.227538][ T5839] bridge_slave_1: entered promiscuous mode [ 87.235091][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.252418][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.260101][ T5834] bridge_slave_0: entered allmulticast mode [ 87.274614][ T5834] bridge_slave_0: entered promiscuous mode [ 87.304123][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.423915][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.437334][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.444592][ T5834] bridge_slave_1: entered allmulticast mode [ 87.459233][ T5834] bridge_slave_1: entered promiscuous mode [ 87.497109][ T5142] Bluetooth: hci1: command tx timeout [ 87.552304][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.561822][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.575444][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.584407][ T5838] bridge_slave_0: entered allmulticast mode [ 87.599238][ T5838] bridge_slave_0: entered promiscuous mode [ 87.656478][ T5844] Bluetooth: hci2: command tx timeout [ 87.656469][ T5142] Bluetooth: hci0: command tx timeout [ 87.656784][ T5844] Bluetooth: hci3: command tx timeout [ 87.683957][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.691589][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.699559][ T5831] bridge_slave_0: entered allmulticast mode [ 87.707798][ T5831] bridge_slave_0: entered promiscuous mode [ 87.733244][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.740559][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.747766][ T5844] Bluetooth: hci4: command tx timeout [ 87.754795][ T5838] bridge_slave_1: entered allmulticast mode [ 87.762344][ T5838] bridge_slave_1: entered promiscuous mode [ 87.772408][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.799998][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.807818][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.815215][ T5831] bridge_slave_1: entered allmulticast mode [ 87.823349][ T5831] bridge_slave_1: entered promiscuous mode [ 87.868964][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.882599][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.895700][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.924300][ T5833] team0: Port device team_slave_0 added [ 88.001376][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.012666][ T5833] team0: Port device team_slave_1 added [ 88.042290][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.088945][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.122010][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.135126][ T5834] team0: Port device team_slave_0 added [ 88.144638][ T5839] team0: Port device team_slave_0 added [ 88.185431][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.193642][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.220496][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.250276][ T5834] team0: Port device team_slave_1 added [ 88.259112][ T5839] team0: Port device team_slave_1 added [ 88.292588][ T5831] team0: Port device team_slave_0 added [ 88.299565][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.306719][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.332785][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.417585][ T5831] team0: Port device team_slave_1 added [ 88.424380][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.431625][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.458634][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.485035][ T5838] team0: Port device team_slave_0 added [ 88.493993][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.501112][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.527358][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.540650][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.547908][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.573857][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.615138][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.622401][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.649762][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.677012][ T5838] team0: Port device team_slave_1 added [ 88.707503][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.714479][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.740516][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.853096][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.860325][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.888437][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.904788][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.911805][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.938200][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.950876][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.958314][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.984996][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.047921][ T5834] hsr_slave_0: entered promiscuous mode [ 89.054374][ T5834] hsr_slave_1: entered promiscuous mode [ 89.080395][ T5833] hsr_slave_0: entered promiscuous mode [ 89.087542][ T5833] hsr_slave_1: entered promiscuous mode [ 89.093781][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.101759][ T5833] Cannot create hsr debugfs directory [ 89.223926][ T5839] hsr_slave_0: entered promiscuous mode [ 89.231174][ T5839] hsr_slave_1: entered promiscuous mode [ 89.237642][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.245215][ T5839] Cannot create hsr debugfs directory [ 89.353991][ T5838] hsr_slave_0: entered promiscuous mode [ 89.363338][ T5838] hsr_slave_1: entered promiscuous mode [ 89.369978][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.377814][ T5838] Cannot create hsr debugfs directory [ 89.427144][ T5831] hsr_slave_0: entered promiscuous mode [ 89.433593][ T5831] hsr_slave_1: entered promiscuous mode [ 89.440318][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.447942][ T5831] Cannot create hsr debugfs directory [ 89.575913][ T5844] Bluetooth: hci1: command tx timeout [ 89.736072][ T5844] Bluetooth: hci3: command tx timeout [ 89.741539][ T5844] Bluetooth: hci0: command tx timeout [ 89.747104][ T5852] Bluetooth: hci2: command tx timeout [ 89.821424][ T5844] Bluetooth: hci4: command tx timeout [ 90.135338][ T5833] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 90.158045][ T5833] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 90.182952][ T5833] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 90.203751][ T5833] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 90.263466][ T5839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 90.277776][ T5839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 90.291426][ T5839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 90.304296][ T5839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 90.412767][ T5831] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 90.440120][ T5831] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 90.451818][ T5831] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 90.465039][ T5831] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 90.610429][ T5834] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 90.633280][ T5834] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 90.644945][ T5834] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 90.660711][ T5834] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 90.811946][ T5838] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 90.843675][ T5838] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 90.855509][ T5838] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 90.885032][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.893645][ T5838] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 90.993225][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.007018][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.049927][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.057413][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.099995][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.107187][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.163872][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.190177][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.233470][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.240669][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.298365][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.313527][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.320790][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.340613][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.392573][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.399813][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.444207][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.466183][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.473322][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.504153][ T5833] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 91.585588][ T967] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.592857][ T967] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.609257][ T967] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.616519][ T967] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.657489][ T5844] Bluetooth: hci1: command tx timeout [ 91.732048][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.816280][ T5844] Bluetooth: hci0: command tx timeout [ 91.816645][ T5852] Bluetooth: hci2: command tx timeout [ 91.826786][ T5844] Bluetooth: hci3: command tx timeout [ 91.873864][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.899599][ T5844] Bluetooth: hci4: command tx timeout [ 91.934039][ T2922] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.941205][ T2922] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.000763][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.008030][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.080888][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.225328][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.321616][ T837] cfg80211: failed to load regulatory.db [ 92.414624][ T5833] veth0_vlan: entered promiscuous mode [ 92.529990][ T5833] veth1_vlan: entered promiscuous mode [ 92.544613][ T5839] veth0_vlan: entered promiscuous mode [ 92.574271][ T5839] veth1_vlan: entered promiscuous mode [ 92.595717][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.658166][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.744969][ T5833] veth0_macvtap: entered promiscuous mode [ 92.763782][ T5839] veth0_macvtap: entered promiscuous mode [ 92.790255][ T5839] veth1_macvtap: entered promiscuous mode [ 92.801329][ T5833] veth1_macvtap: entered promiscuous mode [ 92.888706][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.905485][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.927322][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.939266][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.953087][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.003827][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.038378][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.049245][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.061924][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.099160][ T5833] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.108448][ T5833] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.117929][ T5833] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.128295][ T5833] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.141856][ T5831] veth0_vlan: entered promiscuous mode [ 93.151117][ T5839] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.160603][ T5839] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.169852][ T5839] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.180127][ T5839] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.228162][ T5831] veth1_vlan: entered promiscuous mode [ 93.329471][ T5834] veth0_vlan: entered promiscuous mode [ 93.391983][ T5838] veth0_vlan: entered promiscuous mode [ 93.415562][ T5838] veth1_vlan: entered promiscuous mode [ 93.452621][ T5834] veth1_vlan: entered promiscuous mode [ 93.463930][ T5831] veth0_macvtap: entered promiscuous mode [ 93.495604][ T5831] veth1_macvtap: entered promiscuous mode [ 93.518868][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.536557][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.593148][ T5838] veth0_macvtap: entered promiscuous mode [ 93.646587][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.661348][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.669365][ T5838] veth1_macvtap: entered promiscuous mode [ 93.695349][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.710036][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.728785][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.740519][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.751737][ T5844] Bluetooth: hci1: command tx timeout [ 93.761861][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.772857][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.785146][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.820508][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.831808][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.844262][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.855292][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.868543][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.892486][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.903384][ T5844] Bluetooth: hci2: command tx timeout [ 93.905993][ T5844] Bluetooth: hci3: command tx timeout [ 93.911075][ T5852] Bluetooth: hci0: command tx timeout [ 93.918609][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.929919][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.940428][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.951214][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.962186][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.974612][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.986695][ T5852] Bluetooth: hci4: command tx timeout [ 94.035068][ T5834] veth0_macvtap: entered promiscuous mode [ 94.051656][ T5831] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.063238][ T5831] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.074763][ T5831] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.084122][ T5831] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.098527][ T5833] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 94.116460][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.128586][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.139242][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.149832][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.160636][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.171195][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.182582][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.193556][ T5834] veth1_macvtap: entered promiscuous mode [ 94.196793][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.210952][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.238267][ T5838] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.253549][ T5838] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.303363][ T5838] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.317804][ T5838] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.596343][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.608733][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.619786][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.630752][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.641308][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.652902][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.667307][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.846951][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.000122][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.441456][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.461212][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.471145][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.500538][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.512624][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.529595][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.540959][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.551710][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.568950][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.541364][ T5931] capability: warning: `syz.0.1' uses deprecated v2 capabilities in a way that may be insecure [ 96.811337][ T967] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.828903][ T5834] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.850868][ T5931] loop0: detected capacity change from 0 to 1024 [ 96.893475][ T5931] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 96.905926][ T5931] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 96.960810][ T967] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.975490][ T5834] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.984413][ T5931] JBD2: no valid journal superblock found [ 96.990799][ T5931] EXT4-fs (loop0): Could not load journal inode [ 96.993416][ T5834] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.133189][ T5928] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 97.158404][ T5834] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.242618][ T5936] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 97.308029][ T2922] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.323670][ T2922] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.418804][ T967] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.444659][ T967] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.564788][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.582309][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.766297][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.833365][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.950561][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.952832][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.097738][ T5956] Zero length message leads to an empty skb [ 101.153497][ T5955] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2'. [ 101.438074][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.736699][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 101.745045][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 101.755159][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 101.837891][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 101.907942][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 102.042832][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 102.145256][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 102.216562][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 102.247575][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 104.109423][ T5983] IPv6: Can't replace route, no match found [ 105.106078][ T5993] loop1: detected capacity change from 0 to 256 [ 105.113274][ T5993] ======================================================= [ 105.113274][ T5993] WARNING: The mand mount option has been deprecated and [ 105.113274][ T5993] and is ignored by this kernel. Remove the mand [ 105.113274][ T5993] option from the mount to silence this warning. [ 105.113274][ T5993] ======================================================= [ 105.148113][ C0] vkms_vblank_simulate: vblank timer overrun [ 107.125047][ T6005] netlink: 'syz.4.21': attribute type 1 has an invalid length. [ 107.146949][ T6005] netlink: 20 bytes leftover after parsing attributes in process `syz.4.21'. [ 107.546194][ T5993] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 107.686271][ T5993] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 107.845876][ T5993] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 108.111056][ T29] audit: type=1804 audit(1740204667.510:2): pid=6015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.19" name="/newroot/3/file0/bus" dev="loop1" ino=2 res=1 errno=0 [ 108.246286][ T6014] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer. [ 108.264926][ C0] vkms_vblank_simulate: vblank timer overrun [ 109.093546][ T6028] netlink: 8 bytes leftover after parsing attributes in process `syz.1.27'. [ 109.426194][ T6028] fuse: Unknown parameter 'use00000000000000000000' [ 109.744968][ T6032] tmpfs: Unknown parameter '' [ 115.138193][ T6051] loop2: detected capacity change from 0 to 128 [ 115.358380][ T6055] loop3: detected capacity change from 0 to 16 [ 115.412207][ T6055] erofs (device loop3): mounted with root inode @ nid 36. [ 115.441132][ T6051] FAT-fs (loop2): error, clusters badly computed (2 != 0) [ 115.453754][ T29] audit: type=1800 audit(1740204674.800:3): pid=6051 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.35" name="file0" dev="loop2" ino=3 res=0 errno=0 [ 115.517922][ T6051] FAT-fs (loop2): Filesystem has been set read-only [ 115.539574][ T6055] syz.3.37: attempt to access beyond end of device [ 115.539574][ T6055] loop3: rw=0, sector=14546590680, nr_sectors = 16 limit=16 [ 116.179250][ T6059] VFS: could not find a valid V7 on nullb0. [ 116.393988][ T6055] erofs (device loop3): read error -5 @ 43 of nid 36 [ 116.464522][ T6055] erofs (device loop3): readahead error at folio 40 @ nid 36 [ 116.613976][ T6055] erofs (device loop3): readahead error at folio 39 @ nid 36 [ 116.751491][ T6062] netlink: 'syz.1.38': attribute type 9 has an invalid length. [ 117.425477][ T6055] erofs (device loop3): readahead error at folio 38 @ nid 36 [ 117.459654][ T6055] erofs (device loop3): readahead error at folio 34 @ nid 36 [ 117.482523][ T6055] erofs (device loop3): readahead error at folio 32 @ nid 36 [ 117.535653][ T6055] erofs (device loop3): readahead error at folio 30 @ nid 36 [ 117.583492][ T6066] netlink: 28 bytes leftover after parsing attributes in process `syz.0.39'. [ 117.636165][ T6055] erofs (device loop3): readahead error at folio 27 @ nid 36 [ 117.676020][ T6055] erofs (device loop3): readahead error at folio 26 @ nid 36 [ 117.683482][ T6055] erofs (device loop3): readahead error at folio 25 @ nid 36 [ 117.747523][ T6055] erofs (device loop3): readahead error at folio 24 @ nid 36 [ 117.754975][ T6055] erofs (device loop3): readahead error at folio 23 @ nid 36 [ 117.763612][ T6055] erofs (device loop3): readahead error at folio 22 @ nid 36 [ 117.785244][ T6055] erofs (device loop3): readahead error at folio 21 @ nid 36 [ 117.820604][ T6069] batadv1: entered promiscuous mode [ 117.876003][ T6055] erofs (device loop3): readahead error at folio 20 @ nid 36 [ 117.883511][ T6055] erofs (device loop3): readahead error at folio 18 @ nid 36 [ 117.989991][ T6055] erofs (device loop3): readahead error at folio 12 @ nid 36 [ 117.997573][ T6055] erofs (device loop3): readahead error at folio 10 @ nid 36 [ 118.005298][ T6055] erofs (device loop3): readahead error at folio 6 @ nid 36 [ 118.012730][ T6055] erofs (device loop3): readahead error at folio 4 @ nid 36 [ 118.025963][ T6055] erofs (device loop3): invalid logical cluster 0 at nid 36 [ 118.033314][ T6055] erofs (device loop3): readahead error at folio 0 @ nid 36 [ 118.658182][ T6055] syz.3.37: attempt to access beyond end of device [ 118.658182][ T6055] loop3: rw=524288, sector=296, nr_sectors = 16 limit=16 [ 118.678833][ T6055] syz.3.37: attempt to access beyond end of device [ 118.678833][ T6055] loop3: rw=524288, sector=1049264, nr_sectors = 16 limit=16 [ 118.901598][ T6077] netlink: 24 bytes leftover after parsing attributes in process `syz.1.41'. [ 119.386872][ T6055] syz.3.37: attempt to access beyond end of device [ 119.386872][ T6055] loop3: rw=524288, sector=6520, nr_sectors = 16 limit=16 [ 119.550562][ T6055] syz.3.37: attempt to access beyond end of device [ 119.550562][ T6055] loop3: rw=524288, sector=34359736328, nr_sectors = 16 limit=16 [ 119.597161][ T6055] syz.3.37: attempt to access beyond end of device [ 119.597161][ T6055] loop3: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 119.663097][ T6055] syz.3.37: attempt to access beyond end of device [ 119.663097][ T6055] loop3: rw=524288, sector=536576856, nr_sectors = 16 limit=16 [ 119.746189][ T6055] syz.3.37: attempt to access beyond end of device [ 119.746189][ T6055] loop3: rw=524288, sector=13478624032, nr_sectors = 8 limit=16 [ 119.825572][ T6055] syz.3.37: attempt to access beyond end of device [ 119.825572][ T6055] loop3: rw=524288, sector=13716630376, nr_sectors = 8 limit=16 [ 119.914030][ T6055] syz.3.37: attempt to access beyond end of device [ 119.914030][ T6055] loop3: rw=524288, sector=133693448, nr_sectors = 8 limit=16 [ 120.591471][ T6055] erofs (device loop3): readahead error at folio 86 @ nid 36 [ 120.616841][ T6055] erofs (device loop3): readahead error at folio 84 @ nid 36 [ 120.649151][ T6055] erofs (device loop3): readahead error at folio 80 @ nid 36 [ 120.676164][ T6055] erofs (device loop3): readahead error at folio 74 @ nid 36 [ 120.877687][ T6055] erofs (device loop3): readahead error at folio 72 @ nid 36 [ 120.969200][ T6055] erofs (device loop3): readahead error at folio 70 @ nid 36 [ 121.274284][ T6055] erofs (device loop3): bogus lookback distance 1388 @ lcn 62 of nid 36 [ 121.323082][ T6055] erofs (device loop3): readahead error at folio 63 @ nid 36 [ 121.353703][ T6055] erofs (device loop3): bogus lookback distance 1388 @ lcn 62 of nid 36 [ 121.455987][ T6055] erofs (device loop3): readahead error at folio 62 @ nid 36 [ 121.613072][ T6055] erofs (device loop3): readahead error at folio 58 @ nid 36 [ 121.768588][ T6055] erofs (device loop3): readahead error at folio 57 @ nid 36 [ 122.336131][ T6055] erofs (device loop3): readahead error at folio 54 @ nid 36 [ 122.406081][ T6055] erofs (device loop3): readahead error at folio 53 @ nid 36 [ 122.485935][ T6055] erofs (device loop3): readahead error at folio 52 @ nid 36 [ 122.539586][ T6055] erofs (device loop3): readahead error at folio 51 @ nid 36 [ 122.566729][ T6055] erofs (device loop3): bogus lookback distance 363 @ lcn 50 of nid 36 [ 122.581603][ T6055] erofs (device loop3): readahead error at folio 50 @ nid 36 [ 122.602846][ T6055] erofs (device loop3): readahead error at folio 47 @ nid 36 [ 122.631038][ T6055] erofs (device loop3): readahead error at folio 46 @ nid 36 [ 123.474558][ T6055] bio_check_eod: 7 callbacks suppressed [ 123.474577][ T6055] syz.3.37: attempt to access beyond end of device [ 123.474577][ T6055] loop3: rw=524288, sector=14425508768, nr_sectors = 8 limit=16 [ 123.556656][ T6055] syz.3.37: attempt to access beyond end of device [ 123.556656][ T6055] loop3: rw=524288, sector=15353996136, nr_sectors = 8 limit=16 [ 123.590281][ T6055] syz.3.37: attempt to access beyond end of device [ 123.590281][ T6055] loop3: rw=524288, sector=13612835600, nr_sectors = 8 limit=16 [ 123.662370][ T6055] syz.3.37: attempt to access beyond end of device [ 123.662370][ T6055] loop3: rw=524288, sector=14552337248, nr_sectors = 16 limit=16 [ 123.907976][ T6055] syz.3.37: attempt to access beyond end of device [ 123.907976][ T6055] loop3: rw=524288, sector=14546590680, nr_sectors = 16 limit=16 [ 124.218250][ T6055] syz.3.37: attempt to access beyond end of device [ 124.218250][ T6055] loop3: rw=524288, sector=1183600, nr_sectors = 16 limit=16 [ 124.265535][ T6055] syz.3.37: attempt to access beyond end of device [ 124.265535][ T6055] loop3: rw=524288, sector=24, nr_sectors = 16 limit=16 [ 124.326804][ T6055] syz.3.37: attempt to access beyond end of device [ 124.326804][ T6055] loop3: rw=524288, sector=296, nr_sectors = 16 limit=16 [ 124.395935][ T6119] loop2: detected capacity change from 0 to 256 [ 124.422433][ T6055] syz.3.37: attempt to access beyond end of device [ 124.422433][ T6055] loop3: rw=524288, sector=1048976, nr_sectors = 16 limit=16 [ 124.451338][ T6119] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 124.488195][ T6055] syz.3.37: attempt to access beyond end of device [ 124.488195][ T6055] loop3: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 124.637627][ T6124] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 124.780506][ T6124] netlink: 'syz.1.55': attribute type 4 has an invalid length. [ 125.149439][ T5889] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 126.277763][ T5889] usb 5-1: Using ep0 maxpacket: 8 [ 126.368353][ T5889] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 126.403051][ T5889] usb 5-1: config 179 has no interface number 0 [ 126.416976][ T5889] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 64, changing to 10 [ 126.444108][ T5889] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 1029, setting to 1024 [ 126.459859][ T5889] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 126.477702][ T5889] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 126.489787][ T5889] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 126.505272][ T5889] usb 5-1: config 179 interface 65 has no altsetting 0 [ 126.525555][ T5889] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 126.536979][ T5889] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.761683][ T6127] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 127.142382][ T5889] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input5 [ 127.250219][ T6143] netlink: 8 bytes leftover after parsing attributes in process `syz.2.61'. [ 127.933192][ C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 127.974577][ T5889] usb 5-1: USB disconnect, device number 2 [ 128.038632][ T5889] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 129.717609][ T6155] loop2: detected capacity change from 0 to 2048 [ 129.920257][ T6158] veth0_vlan: entered allmulticast mode [ 130.602167][ T5202] loop2: p2 < > p4 [ 130.630877][ T5202] loop2: partition table partially beyond EOD, truncated [ 130.682567][ T5202] loop2: p4 start 16777216 is beyond EOD, truncated [ 131.336680][ T5973] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 131.875886][ T5973] usb 1-1: device descriptor read/64, error -71 [ 131.960828][ T6174] loop4: detected capacity change from 0 to 256 [ 131.970132][ T6174] exfat: Bad value for 'errors' [ 132.334368][ T5973] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 133.178368][ T6178] loop3: detected capacity change from 0 to 128 [ 133.263009][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.279271][ T5973] usb 1-1: device descriptor read/64, error -71 [ 133.279942][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.334038][ T6178] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 133.364420][ T5885] udevd[5885]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 133.376148][ T6178] ext4 filesystem being mounted at /16/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 133.427474][ T5973] usb usb1-port1: attempt power cycle [ 134.674204][ T6189] syz.3.72 (pid 6189) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 134.899798][ T6189] fscrypt (loop3, inode 12): Missing crypto API support for Adiantum (API name: "adiantum(xchacha12,aes)") [ 134.986096][ T5973] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 135.142221][ T6196] vivid-000: ================= START STATUS ================= [ 135.151491][ T6196] vivid-000: Generate PTS: true [ 135.156871][ T6196] vivid-000: Generate SCR: true [ 135.162082][ T6196] tpg source WxH: 640x360 (Y'CbCr) [ 135.167558][ T6196] tpg field: 1 [ 135.171023][ T6196] tpg crop: 640x360@0x0 [ 135.177143][ T6196] tpg compose: 640x360@0x0 [ 135.181728][ T6196] tpg colorspace: 8 [ 135.185617][ T6196] tpg transfer function: 0/0 [ 135.190418][ T6196] tpg Y'CbCr encoding: 0/0 [ 135.195047][ T6196] tpg quantization: 0/0 [ 135.201794][ T6196] tpg RGB range: 0/2 [ 135.206001][ T6196] vivid-000: ================== END STATUS ================== [ 135.684998][ T5973] usb 1-1: device descriptor read/8, error -71 [ 135.688476][ T6198] loop1: detected capacity change from 0 to 256 [ 136.393642][ T6198] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 139.273541][ T5833] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 139.362226][ T6218] loop1: detected capacity change from 0 to 16 [ 140.663893][ T6223] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 140.670707][ T6223] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 140.696837][ T6223] vhci_hcd vhci_hcd.0: Device attached [ 140.876448][ T5890] vhci_hcd: vhci_device speed not set [ 141.137373][ T5962] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 141.233091][ T5890] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 141.368723][ T5962] usb 4-1: Using ep0 maxpacket: 8 [ 141.403930][ T5962] usb 4-1: config 0 has no interfaces? [ 141.444458][ T5962] usb 4-1: New USB device found, idVendor=2040, idProduct=2950, bcdDevice=85.f1 [ 141.468143][ T5962] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.510660][ T5962] usb 4-1: Product: syz [ 141.514973][ T5962] usb 4-1: Manufacturer: syz [ 141.565937][ T5962] usb 4-1: SerialNumber: syz [ 141.829194][ T6237] loop0: detected capacity change from 0 to 128 [ 141.830713][ T5962] usb 4-1: config 0 descriptor?? [ 142.115082][ T6234] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 142.178985][ T5962] usb 4-1: USB disconnect, device number 2 [ 142.246885][ T5890] vhci_hcd: vhci_device speed not set [ 142.265891][ T6225] vhci_hcd: connection reset by peer [ 142.280727][ T5934] vhci_hcd: stop threads [ 142.322934][ T5934] vhci_hcd: release socket [ 142.338374][ T5890] usb 39-1: device descriptor read/64, error -71 [ 142.355128][ T5934] vhci_hcd: disconnect device [ 143.251454][ T5890] vhci_hcd: vhci_device speed not set [ 143.394674][ T6244] loop4: detected capacity change from 0 to 512 [ 143.402001][ T6246] loop3: detected capacity change from 0 to 512 [ 143.442502][ T6246] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 143.445399][ T6244] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 143.455156][ T6246] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.498051][ T6233] loop1: detected capacity change from 0 to 32768 [ 143.638359][ T6244] EXT4-fs (loop4): orphan cleanup on readonly fs [ 143.662343][ T6254] fuse: Unknown parameter 'use00000000000000000000' [ 143.709163][ T6244] Quota error (device loop4): find_block_dqentry: Quota for id 0 referenced but not present [ 143.763017][ T6233] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 143.782286][ T6244] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 144.493665][ T6244] EXT4-fs error (device loop4): ext4_acquire_dquot:6912: comm syz.4.79: Failed to acquire dquot type 1 [ 144.739097][ T6244] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.79: bg 0: block 40: padding at end of block bitmap is not set [ 144.831127][ T6244] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 144.857947][ T5833] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 144.861147][ T6244] EXT4-fs (loop4): 1 truncate cleaned up [ 144.894151][ T5831] ocfs2: Unmounting device (7,1) on (node local) [ 145.483089][ T6244] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 145.814114][ T5834] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.430094][ T6277] netlink: 16 bytes leftover after parsing attributes in process `syz.1.93'. [ 146.448571][ T6277] loop1: detected capacity change from 0 to 512 [ 146.543836][ T6278] .: renamed from veth1_vlan (while UP) [ 147.199647][ T6277] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 147.214090][ T6277] EXT4-fs (loop1): blocks per group (95) and clusters per group (32768) inconsistent [ 147.841505][ T5889] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 148.046744][ T5889] usb 4-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 148.095106][ T6289] loop1: detected capacity change from 0 to 2048 [ 148.119919][ T5889] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 148.161814][ T5889] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 148.169462][ T6294] fuse: Unknown parameter 'use00000000000000000000' [ 148.640908][ T6289] loop1: p2 < > p4 [ 148.787094][ T6289] loop1: partition table partially beyond EOD, truncated [ 148.856397][ T6289] loop1: p4 start 16777216 is beyond EOD, truncated [ 148.914902][ T5889] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 148.928442][ T5889] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 148.945812][ T5889] usb 4-1: SerialNumber: syz [ 148.986299][ T5202] loop1: p2 < > p4 [ 148.990225][ T5202] loop1: partition table partially beyond EOD, truncated [ 149.032243][ T5202] loop1: p4 start 16777216 is beyond EOD, truncated [ 149.112203][ T6300] loop0: detected capacity change from 0 to 512 [ 149.194358][ T5889] cdc_acm 4-1:1.0: ttyACM0: USB ACM device [ 150.177003][ T6311] loop2: detected capacity change from 0 to 512 [ 150.201340][ T5889] usb 4-1: USB disconnect, device number 3 [ 150.220690][ T6311] EXT4-fs (loop2): blocks per group (95) and clusters per group (32768) inconsistent [ 150.499099][ T6300] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 150.512121][ T6300] ext4 filesystem being mounted at /19/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 152.081333][ T5839] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 152.910851][ T6030] udevd[6030]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 154.360111][ T6377] netlink: 830 bytes leftover after parsing attributes in process `syz.3.113'. [ 154.532673][ T6380] mmap: syz.0.108 (6380) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 154.553901][ T6379] loop1: detected capacity change from 0 to 2048 [ 154.644093][ T6382] netlink: 8 bytes leftover after parsing attributes in process `syz.4.112'. [ 156.149162][ T6402] loop0: detected capacity change from 0 to 128 [ 156.257943][ T6392] loop4: detected capacity change from 0 to 4096 [ 157.873237][ T6413] misc userio: The device must be registered before sending interrupts [ 158.916059][ T6427] netlink: 8 bytes leftover after parsing attributes in process `syz.2.129'. [ 159.438250][ T6426] netlink: 16 bytes leftover after parsing attributes in process `syz.1.127'. [ 160.255772][ T23] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 161.478966][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 161.721967][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 161.733352][ T23] usb 2-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00 [ 161.744945][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.757441][ T23] usb 2-1: config 0 descriptor?? [ 163.032516][ T5844] Bluetooth: hci4: command 0x0405 tx timeout [ 163.061101][ T23] usbhid 2-1:0.0: can't add hid device: -71 [ 163.069228][ T23] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 163.102072][ T23] usb 2-1: USB disconnect, device number 2 [ 167.047617][ T6482] netlink: 8 bytes leftover after parsing attributes in process `syz.3.144'. [ 169.610784][ T6493] loop2: detected capacity change from 0 to 2048 [ 169.976186][ T5202] loop2: p2 < > p4 [ 170.733721][ T5202] loop2: partition table partially beyond EOD, truncated [ 170.746282][ T6497] syz.1.146 uses obsolete (PF_INET,SOCK_PACKET) [ 170.758646][ T5202] loop2: p4 start 16777216 is beyond EOD, truncated [ 170.840650][ T6500] netlink: 8 bytes leftover after parsing attributes in process `syz.4.150'. [ 170.938373][ T6501] fuse: Bad value for 'fd' [ 171.318718][ T6030] udevd[6030]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 172.110168][ T6511] netlink: 'syz.2.151': attribute type 1 has an invalid length. [ 174.726950][ T6523] netlink: 8 bytes leftover after parsing attributes in process `syz.2.158'. [ 174.802059][ T6523] fuse: Bad value for 'fd' [ 175.410532][ T6526] netlink: 52 bytes leftover after parsing attributes in process `syz.2.160'. [ 175.419568][ T6526] netlink: 12 bytes leftover after parsing attributes in process `syz.2.160'. [ 175.428907][ T6526] netlink: 40 bytes leftover after parsing attributes in process `syz.2.160'. [ 176.038591][ T6525] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 176.748309][ T6535] loop3: detected capacity change from 0 to 2048 [ 176.868848][ T6535] loop3: p2 < > p4 [ 176.872897][ T6535] loop3: partition table partially beyond EOD, truncated [ 176.887944][ T6535] loop3: p4 start 16777216 is beyond EOD, truncated [ 177.199565][ T6030] udevd[6030]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 177.420167][ T6542] netlink: 8 bytes leftover after parsing attributes in process `syz.2.163'. [ 177.475767][ T6542] fuse: Bad value for 'fd' [ 177.888962][ T6546] loop0: detected capacity change from 0 to 512 [ 179.075121][ T6546] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 179.185581][ T6546] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 179.987124][ T6562] loop1: detected capacity change from 0 to 16 [ 180.725879][ T5911] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 180.907832][ T5911] usb 4-1: Using ep0 maxpacket: 32 [ 180.922069][ T6567] netlink: 8 bytes leftover after parsing attributes in process `syz.4.170'. [ 180.927325][ T5911] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 180.939901][ T5911] usb 4-1: config 0 has no interface number 0 [ 181.006089][ T5911] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 181.035586][ T5911] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.050373][ T5839] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 181.065980][ T5911] usb 4-1: Product: syz [ 181.070320][ T5911] usb 4-1: Manufacturer: syz [ 181.092415][ T5911] usb 4-1: SerialNumber: syz [ 181.198262][ T6567] fuse: Bad value for 'fd' [ 181.200800][ T5911] usb 4-1: config 0 descriptor?? [ 181.423558][ T5911] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 181.496950][ T5911] usb 4-1: selecting invalid altsetting 1 [ 181.515872][ T5911] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 181.519595][ T6570] netlink: 52 bytes leftover after parsing attributes in process `syz.2.173'. [ 181.523337][ T6559] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 181.532178][ T6570] netlink: 12 bytes leftover after parsing attributes in process `syz.2.173'. [ 181.550749][ T6570] netlink: 40 bytes leftover after parsing attributes in process `syz.2.173'. [ 182.006932][ T5911] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 182.193821][ T6569] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 182.216014][ T5911] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 182.245945][ T5911] usb 4-1: media controller created [ 182.300015][ T6579] loop0: detected capacity change from 0 to 128 [ 182.300100][ T6573] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 182.335549][ T5911] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 182.342877][ T6559] loop3: detected capacity change from 0 to 2048 [ 182.436652][ T6559] hpfs: hpfs_map_sector(): read error [ 182.660823][ T6583] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 183.084396][ T6591] loop2: detected capacity change from 0 to 4096 [ 183.181930][ T6591] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 183.195285][ T6591] ntfs3(loop2): Failed to load $Extend (-22). [ 183.201735][ T6591] ntfs3(loop2): Failed to initialize $Extend. [ 183.984348][ T6561] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 184.045889][ T5911] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 184.053498][ T5911] zl10353_read_register: readreg error (reg=127, ret==-71) [ 184.157882][ T5911] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 186.229335][ T6599] netlink: 8 bytes leftover after parsing attributes in process `syz.1.179'. [ 186.437993][ T6599] fuse: Bad value for 'fd' [ 186.869280][ T5911] usb 4-1: USB disconnect, device number 4 [ 187.162515][ T6611] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 188.479465][ T6618] netlink: 52 bytes leftover after parsing attributes in process `syz.0.187'. [ 188.488498][ T6618] netlink: 12 bytes leftover after parsing attributes in process `syz.0.187'. [ 188.497474][ T6618] netlink: 40 bytes leftover after parsing attributes in process `syz.0.187'. [ 188.533533][ T6614] loop2: detected capacity change from 0 to 1024 [ 189.172946][ T6615] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 189.569062][ T6623] netlink: 'syz.2.183': attribute type 4 has an invalid length. [ 192.856708][ T5890] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 193.875868][ T5890] usb 1-1: Using ep0 maxpacket: 8 [ 193.918212][ T5890] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 194.067434][ T29] audit: type=1326 audit(1740204753.470:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6660 comm="syz.2.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd4238d169 code=0x7ffc0000 [ 194.203454][ T5890] usb 1-1: config 0 has no interfaces? [ 194.403361][ T5890] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 194.423104][ T29] audit: type=1326 audit(1740204753.490:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6660 comm="syz.2.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7efd4238d169 code=0x7ffc0000 [ 194.445224][ T5890] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.445252][ T5890] usb 1-1: Product: syz [ 194.445266][ T5890] usb 1-1: Manufacturer: syz [ 194.445278][ T5890] usb 1-1: SerialNumber: syz [ 194.784400][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.813259][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.832466][ T6662] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 194.853971][ T29] audit: type=1326 audit(1740204753.490:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6660 comm="syz.2.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd4238d169 code=0x7ffc0000 [ 194.923876][ T5890] usb 1-1: config 0 descriptor?? [ 198.467910][ T5889] usb 1-1: USB disconnect, device number 6 [ 201.490647][ T6694] loop0: detected capacity change from 0 to 8 [ 201.520724][ T6694] SQUASHFS error: zlib decompression failed, data probably corrupt [ 201.522997][ T6695] loop1: detected capacity change from 0 to 128 [ 201.540125][ T6694] SQUASHFS error: Failed to read block 0x9b: -5 [ 201.561200][ T6694] SQUASHFS error: Unable to read metadata cache entry [99] [ 201.599924][ T6694] SQUASHFS error: Unable to read inode 0x127 [ 201.775828][ T29] audit: type=1800 audit(1740204761.170:7): pid=6695 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.210" name="file0" dev="loop1" ino=6 res=0 errno=0 [ 201.823703][ T6694] bridge0: port 3(ip6gretap0) entered blocking state [ 201.874482][ T6694] bridge0: port 3(ip6gretap0) entered disabled state [ 201.911310][ T6694] ip6gretap0: entered allmulticast mode [ 201.958457][ T6694] ip6gretap0: entered promiscuous mode [ 201.990141][ T6694] bridge0: port 3(ip6gretap0) entered blocking state [ 201.997462][ T6694] bridge0: port 3(ip6gretap0) entered forwarding state [ 203.792342][ T6710] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 203.892898][ T6694] tty tty20: ldisc open failed (-12), clearing slot 19 [ 204.748898][ T6726] loop4: detected capacity change from 0 to 2048 [ 204.838160][ T6726] loop4: p2 < > p4 [ 204.842179][ T6726] loop4: partition table partially beyond EOD, truncated [ 204.856860][ T6726] loop4: p4 start 16777216 is beyond EOD, truncated [ 206.930179][ T6030] udevd[6030]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 207.451582][ T6736] loop0: detected capacity change from 0 to 1024 [ 207.490156][ T6736] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 207.502619][ T6736] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 207.535097][ T6736] JBD2: no valid journal superblock found [ 207.541540][ T6736] EXT4-fs (loop0): Could not load journal inode [ 207.591236][ T6733] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 209.847950][ T6764] loop4: detected capacity change from 0 to 128 [ 210.047987][ T6766] loop3: detected capacity change from 0 to 512 [ 210.155889][ T29] audit: type=1800 audit(1740204769.550:8): pid=6764 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.234" name="file0" dev="loop4" ino=7 res=0 errno=0 [ 210.206289][ T6766] EXT4-fs (loop3): too many log groups per flexible block group [ 210.296165][ T6766] EXT4-fs (loop3): failed to initialize mballoc (-12) [ 210.303186][ T6766] EXT4-fs (loop3): mount failed [ 210.831061][ T6777] process 'syz.0.235' launched '/dev/fd/9' with NULL argv: empty string added [ 210.871524][ T29] audit: type=1326 audit(1740204770.150:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6770 comm="syz.0.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe52318d169 code=0x7ffc0000 [ 211.848065][ T29] audit: type=1326 audit(1740204770.160:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6770 comm="syz.0.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe52318bad0 code=0x7ffc0000 [ 212.287014][ T5850] Bluetooth: hci3: command 0x0406 tx timeout [ 212.325470][ T5850] Bluetooth: hci2: command 0x0406 tx timeout [ 212.337887][ T5840] Bluetooth: hci1: command 0x0406 tx timeout [ 212.356116][ T5840] Bluetooth: hci0: command 0x0406 tx timeout [ 212.362238][ T5840] Bluetooth: hci4: command 0x0405 tx timeout [ 212.380106][ T29] audit: type=1326 audit(1740204770.160:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6770 comm="syz.0.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fe52318e997 code=0x7ffc0000 [ 212.402815][ T29] audit: type=1326 audit(1740204770.160:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6770 comm="syz.0.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe52318d169 code=0x7ffc0000 [ 212.501645][ T29] audit: type=1326 audit(1740204770.160:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6770 comm="syz.0.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fe52318e997 code=0x7ffc0000 [ 212.535217][ T29] audit: type=1326 audit(1740204770.160:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6770 comm="syz.0.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fe52318bdca code=0x7ffc0000 [ 212.565443][ T29] audit: type=1326 audit(1740204770.170:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6770 comm="syz.0.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe52318d169 code=0x7ffc0000 [ 212.858562][ T6785] loop4: detected capacity change from 0 to 40427 [ 212.903594][ T6785] F2FS-fs (loop4): Invalid SB checksum offset: 0 [ 212.910385][ T6785] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 212.926570][ T6785] F2FS-fs (loop4): invalid crc value [ 212.935330][ T29] audit: type=1326 audit(1740204770.170:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6770 comm="syz.0.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe52318d169 code=0x7ffc0000 [ 213.030987][ T6785] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 213.112145][ T29] audit: type=1326 audit(1740204770.170:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6770 comm="syz.0.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe52318d169 code=0x7ffc0000 [ 213.142518][ T6785] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 213.151745][ T6785] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 214.577514][ T5834] bio_check_eod: 1 callbacks suppressed [ 214.577532][ T5834] syz-executor: attempt to access beyond end of device [ 214.577532][ T5834] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 214.628892][ T5834] CPU: 0 UID: 0 PID: 5834 Comm: syz-executor Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 214.628924][ T5834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 214.628937][ T5834] Call Trace: [ 214.628946][ T5834] [ 214.628955][ T5834] dump_stack_lvl+0x241/0x360 [ 214.628987][ T5834] ? __pfx_dump_stack_lvl+0x10/0x10 [ 214.629009][ T5834] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 214.629031][ T5834] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 214.629058][ T5834] ? f2fs_hw_is_readonly+0x3a3/0x470 [ 214.629094][ T5834] f2fs_handle_critical_error+0x38f/0x5a0 [ 214.629135][ T5834] f2fs_write_end_io+0x674/0x9a0 [ 214.629177][ T5834] __submit_merged_bio+0x2a9/0x710 [ 214.629215][ T5834] f2fs_submit_merged_write_cond+0x28a/0x360 [ 214.629262][ T5834] f2fs_write_data_pages+0x2c5e/0x3670 [ 214.629342][ T5834] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 214.629516][ T5834] ? __pfx_lock_release+0x10/0x10 [ 214.629537][ T5834] ? do_raw_spin_lock+0x14f/0x370 [ 214.629576][ T5834] ? do_raw_spin_unlock+0x13c/0x8b0 [ 214.629605][ T5834] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 214.629628][ T5834] do_writepages+0x35f/0x880 [ 214.629670][ T5834] ? __pfx_do_writepages+0x10/0x10 [ 214.629704][ T5834] ? filemap_fdatawrite+0x1e8/0x2a0 [ 214.629722][ T5834] ? do_raw_spin_lock+0x14f/0x370 [ 214.629743][ T5834] ? __pfx_lock_release+0x10/0x10 [ 214.629786][ T5834] ? do_raw_spin_unlock+0x13c/0x8b0 [ 214.629808][ T5834] ? wbc_attach_and_unlock_inode+0x561/0x580 [ 214.629839][ T5834] filemap_fdatawrite+0x1f3/0x2a0 [ 214.629868][ T5834] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 214.629971][ T5834] ? do_raw_spin_unlock+0x13c/0x8b0 [ 214.630009][ T5834] f2fs_sync_dirty_inodes+0x348/0x860 [ 214.630058][ T5834] f2fs_write_checkpoint+0x8af/0x1de0 [ 214.630124][ T5834] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 214.630210][ T5834] ? kill_f2fs_super+0x28e/0x6d0 [ 214.630237][ T5834] kill_f2fs_super+0x2b6/0x6d0 [ 214.630266][ T5834] ? __pfx_kill_f2fs_super+0x10/0x10 [ 214.630296][ T5834] ? shrinker_free+0x2ca/0x3d0 [ 214.630316][ T5834] deactivate_locked_super+0xc4/0x130 [ 214.630340][ T5834] cleanup_mnt+0x41f/0x4b0 [ 214.630361][ T5834] ? lockdep_hardirqs_on+0x99/0x150 [ 214.630387][ T5834] task_work_run+0x24f/0x310 [ 214.630419][ T5834] ? __pfx_task_work_run+0x10/0x10 [ 214.630439][ T5834] ? __x64_sys_umount+0x120/0x170 [ 214.630467][ T5834] ? syscall_exit_to_user_mode+0xa3/0x340 [ 214.630495][ T5834] syscall_exit_to_user_mode+0x13f/0x340 [ 214.630520][ T5834] do_syscall_64+0x100/0x230 [ 214.630543][ T5834] ? clear_bhb_loop+0x45/0xa0 [ 214.630568][ T5834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.630588][ T5834] RIP: 0033:0x7f32c558e497 [ 214.630614][ T5834] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 214.630627][ T5834] RSP: 002b:00007fff70526368 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 214.630645][ T5834] RAX: 0000000000000000 RBX: 00007f32c560e08c RCX: 00007f32c558e497 [ 214.630655][ T5834] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff70526420 [ 214.630664][ T5834] RBP: 00007fff70526420 R08: 0000000000000000 R09: 0000000000000000 [ 214.630673][ T5834] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff705274b0 [ 214.630682][ T5834] R13: 00007f32c560e08c R14: 0000000000034472 R15: 00007fff705274f0 [ 214.630725][ T5834] [ 214.630733][ T5834] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 215.649313][ T6809] loop2: detected capacity change from 0 to 128 [ 216.818378][ T29] kauditd_printk_skb: 19 callbacks suppressed [ 216.818398][ T29] audit: type=1800 audit(1740204776.200:37): pid=6809 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.246" name="file0" dev="loop2" ino=8 res=0 errno=0 [ 217.283048][ T6814] loop1: detected capacity change from 0 to 4096 [ 217.940395][ T6819] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 218.038133][ T29] audit: type=1800 audit(1740204777.430:38): pid=6814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.247" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 219.451692][ T6814] NILFS error (device loop1): nilfs_dotdot: directory #12 missing '.' [ 219.536193][ T6814] Remounting filesystem read-only [ 219.984645][ T5831] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 221.282686][ T6853] loop3: detected capacity change from 0 to 128 [ 221.383756][ T29] audit: type=1800 audit(1740204780.780:39): pid=6853 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.258" name="file0" dev="loop3" ino=9 res=0 errno=0 [ 221.409516][ T6855] loop1: detected capacity change from 0 to 1024 [ 221.419515][ T6855] EXT4-fs: Ignoring removed mblk_io_submit option [ 221.585441][ T6855] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 221.794298][ T6865] syz.3.262: attempt to access beyond end of device [ 221.794298][ T6865] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0 [ 221.838815][ T6865] syz.3.262: attempt to access beyond end of device [ 221.838815][ T6865] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0 [ 221.950972][ T6865] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 222.047855][ T6865] syz.3.262: attempt to access beyond end of device [ 222.047855][ T6865] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0 [ 222.451246][ T6865] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 222.530515][ T5831] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.546375][ T6865] syz.3.262: attempt to access beyond end of device [ 222.546375][ T6865] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0 [ 222.562426][ T6865] syz.3.262: attempt to access beyond end of device [ 222.562426][ T6865] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0 [ 222.577699][ T6865] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 222.606203][ T6865] syz.3.262: attempt to access beyond end of device [ 222.606203][ T6865] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 222.687721][ T6865] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 222.736554][ T6865] syz.3.262: attempt to access beyond end of device [ 222.736554][ T6865] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0 [ 222.787303][ T6865] syz.3.262: attempt to access beyond end of device [ 222.787303][ T6865] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 222.944999][ T6865] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 222.969784][ T6865] syz.3.262: attempt to access beyond end of device [ 222.969784][ T6865] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 223.030120][ T6865] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 223.430082][ T6865] syz.3.262: attempt to access beyond end of device [ 223.430082][ T6865] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 223.466407][ T6865] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 223.616052][ T6865] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 223.640106][ T6886] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 223.773671][ T6891] loop1: detected capacity change from 0 to 128 [ 223.847860][ T6865] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1) [ 223.896669][ T29] audit: type=1800 audit(1740204783.300:40): pid=6891 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.272" name="file0" dev="loop1" ino=10 res=0 errno=0 [ 225.557090][ T6905] capability: warning: `syz.4.275' uses 32-bit capabilities (legacy support in use) [ 226.022197][ T6902] loop4: detected capacity change from 0 to 512 [ 226.212636][ T52] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 226.236509][ T6902] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 226.246733][ T6902] EXT4-fs warning (device loop4): ext4_multi_mount_protect:318: fsck is running on the filesystem [ 226.259594][ T6902] EXT4-fs warning (device loop4): ext4_multi_mount_protect:318: MMP failure info: last update time: 1669132786, last update node: dvyukov-desk.muc.corp.google.com, last update device: loop4 [ 226.546985][ T52] usb 2-1: too many configurations: 23, using maximum allowed: 8 [ 226.581273][ T52] usb 2-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e [ 226.605502][ T52] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=19 [ 226.614508][ T6907] pim6reg1: entered promiscuous mode [ 226.625880][ T52] usb 2-1: SerialNumber: syz [ 226.634968][ T52] usb 2-1: config 0 descriptor?? [ 226.653197][ T52] usb 2-1: bad CDC descriptors [ 226.656359][ T6907] pim6reg1: entered allmulticast mode [ 227.049229][ T6916] 9pnet_virtio: no channels available for device 127.0.0.1 [ 227.727499][ T52] usb 2-1: USB disconnect, device number 3 [ 228.188635][ T6927] .: renamed from veth1_vlan (while UP) [ 229.171560][ T6932] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 229.217490][ T6936] bridge0: entered promiscuous mode [ 229.250246][ T6938] loop3: detected capacity change from 0 to 4096 [ 229.264236][ T6938] EXT4-fs: Ignoring removed orlov option [ 229.272893][ T6936] bridge0: port 4(macsec1) entered blocking state [ 229.284727][ T6938] EXT4-fs: Ignoring removed nomblk_io_submit option [ 229.378085][ T6936] bridge0: port 4(macsec1) entered disabled state [ 229.406588][ T6936] macsec1: entered allmulticast mode [ 229.438919][ T6936] bridge0: entered allmulticast mode [ 229.471264][ T6938] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 229.489577][ T6936] macsec1: left allmulticast mode [ 229.496833][ T6936] bridge0: left allmulticast mode [ 229.510553][ T6936] bridge0: left promiscuous mode [ 229.570910][ T6938] EXT4-fs error (device loop3): ext4_empty_dir:3118: inode #12: block 80: comm syz.3.287: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 230.388857][ T6938] EXT4-fs warning (device loop3): ext4_empty_dir:3120: inode #12: comm syz.3.287: directory missing '..' [ 230.585211][ T6950] loop1: detected capacity change from 0 to 512 [ 230.605374][ T5833] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 230.887293][ T6950] EXT4-fs warning (device loop1): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 230.935947][ T6950] EXT4-fs warning (device loop1): dx_probe:881: Enable large directory feature to access it [ 231.003402][ T6950] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.291: Corrupt directory, running e2fsck is recommended [ 231.115459][ T6965] loop0: detected capacity change from 0 to 512 [ 231.197761][ T6950] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 231.434696][ T6950] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.291: corrupted in-inode xattr: invalid ea_ino [ 233.186441][ T6950] EXT4-fs error (device loop1): ext4_orphan_get:1394: comm syz.1.291: couldn't read orphan inode 15 (err -117) [ 233.230807][ T6950] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 233.340018][ T5831] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.666322][ T6981] Can't find ip_set type hash€ [ 236.258541][ T6995] loop0: detected capacity change from 0 to 16 [ 236.336120][ T6995] erofs (device loop0): mounted with root inode @ nid 36. [ 237.130017][ T7005] loop1: detected capacity change from 0 to 1024 [ 237.818398][ T7005] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 238.140456][ T5831] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 240.893068][ T7039] loop2: detected capacity change from 0 to 2048 [ 241.846731][ T7044] netlink: 40 bytes leftover after parsing attributes in process `syz.0.320'. [ 242.275839][ T5973] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 242.825012][ T5973] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 242.878960][ T5973] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 243.034590][ T5973] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.070137][ T5973] usb 2-1: config 0 descriptor?? [ 243.082385][ T5973] pwc: Askey VC010 type 2 USB webcam detected. [ 243.592220][ T5973] pwc: recv_control_msg error -32 req 02 val 2b00 [ 243.613761][ T5973] pwc: recv_control_msg error -32 req 02 val 2700 [ 243.637258][ T5973] pwc: recv_control_msg error -32 req 02 val 2c00 [ 243.665665][ T5973] pwc: recv_control_msg error -32 req 04 val 1000 [ 243.683716][ T5973] pwc: recv_control_msg error -32 req 04 val 1300 [ 243.810759][ T5973] pwc: recv_control_msg error -32 req 04 val 1400 [ 243.951442][ T5973] pwc: recv_control_msg error -32 req 02 val 2000 [ 243.993143][ T5973] pwc: recv_control_msg error -32 req 02 val 2100 [ 244.227165][ T5973] pwc: recv_control_msg error -32 req 02 val 2500 [ 244.263762][ T5973] pwc: recv_control_msg error -71 req 02 val 2400 [ 245.035962][ T5973] pwc: recv_control_msg error -71 req 02 val 2600 [ 245.045862][ T5973] pwc: recv_control_msg error -71 req 02 val 2900 [ 245.058089][ T5973] pwc: recv_control_msg error -71 req 02 val 2800 [ 245.139936][ T5973] pwc: recv_control_msg error -71 req 04 val 1100 [ 245.172659][ T5973] pwc: recv_control_msg error -71 req 04 val 1200 [ 245.266496][ T5973] pwc: Registered as video103. [ 245.274819][ T5973] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input6 [ 245.375867][ T5973] usb 2-1: USB disconnect, device number 4 [ 245.489765][ T7083] vlan2: entered allmulticast mode [ 245.523727][ T7083] geneve0: entered allmulticast mode [ 245.555420][ T7083] bridge0: port 3(vlan2) entered blocking state [ 245.579126][ T7083] bridge0: port 3(vlan2) entered disabled state [ 245.605535][ T7083] vlan2: entered promiscuous mode [ 245.625025][ T7083] geneve0: entered promiscuous mode [ 245.726067][ T7083] bridge0: port 3(vlan2) entered blocking state [ 245.732935][ T7083] bridge0: port 3(vlan2) entered forwarding state [ 248.421675][ T7115] netlink: 'syz.2.346': attribute type 10 has an invalid length. [ 248.540032][ T7115] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 248.561159][ T7118] loop4: detected capacity change from 0 to 1024 [ 249.655611][ T7138] netlink: 'syz.4.347': attribute type 4 has an invalid length. [ 250.154218][ T7143] loop2: detected capacity change from 0 to 16 [ 250.298541][ T7146] netlink: 12 bytes leftover after parsing attributes in process `syz.1.355'. [ 250.351390][ T7146] netlink: 152 bytes leftover after parsing attributes in process `syz.1.355'. [ 251.801884][ T7178] loop1: detected capacity change from 0 to 16 [ 254.134948][ T7204] vlan2: entered allmulticast mode [ 254.176772][ T7204] geneve0: entered allmulticast mode [ 254.210871][ T7204] bridge0: port 3(vlan2) entered blocking state [ 254.224748][ T7204] bridge0: port 3(vlan2) entered disabled state [ 254.243938][ T7204] vlan2: entered promiscuous mode [ 254.300701][ T7204] geneve0: entered promiscuous mode [ 254.359402][ T7204] bridge0: port 3(vlan2) entered blocking state [ 254.365979][ T7204] bridge0: port 3(vlan2) entered forwarding state [ 254.433858][ T7213] netlink: 8 bytes leftover after parsing attributes in process `syz.0.382'. [ 254.443235][ T7213] netlink: 24 bytes leftover after parsing attributes in process `syz.0.382'. [ 254.603040][ T7213] fuse: Bad value for 'fd' [ 255.448373][ T7226] loop3: detected capacity change from 0 to 16 [ 256.143723][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.151698][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.465358][ T7248] vlan2: entered allmulticast mode [ 256.482880][ T7248] geneve0: entered allmulticast mode [ 256.576569][ T7254] fuse: Bad value for 'fd' [ 257.000956][ T7248] bridge0: port 3(vlan2) entered blocking state [ 257.010678][ T7248] bridge0: port 3(vlan2) entered disabled state [ 257.031319][ T7248] vlan2: entered promiscuous mode [ 257.059069][ T7248] geneve0: entered promiscuous mode [ 257.089730][ T7248] bridge0: port 3(vlan2) entered blocking state [ 257.096241][ T7248] bridge0: port 3(vlan2) entered forwarding state [ 258.197688][ T7278] netlink: 188 bytes leftover after parsing attributes in process `syz.1.409'. [ 258.245979][ T7276] netlink: 12 bytes leftover after parsing attributes in process `syz.4.408'. [ 258.282452][ T7276] netlink: 152 bytes leftover after parsing attributes in process `syz.4.408'. [ 258.978560][ T7290] loop3: detected capacity change from 0 to 2048 [ 259.092328][ T7290] loop3: p2 < > p4 [ 259.096588][ T7290] loop3: partition table partially beyond EOD, truncated [ 259.112220][ T7290] loop3: p4 start 16777216 is beyond EOD, truncated [ 259.251405][ T7294] vlan2: entered allmulticast mode [ 259.281221][ T7294] geneve0: entered allmulticast mode [ 259.283971][ T6030] udevd[6030]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 259.288806][ T7294] bridge0: port 3(vlan2) entered blocking state [ 259.309311][ T7294] bridge0: port 3(vlan2) entered disabled state [ 259.346406][ T7294] vlan2: entered promiscuous mode [ 259.361836][ T7294] geneve0: entered promiscuous mode [ 259.378706][ T7294] bridge0: port 3(vlan2) entered blocking state [ 259.385184][ T7294] bridge0: port 3(vlan2) entered forwarding state [ 259.696186][ T7306] Illegal XDP return value 4294967274 on prog (id 129) dev N/A, expect packet loss! [ 262.569700][ T7353] netlink: 'syz.1.440': attribute type 29 has an invalid length. [ 262.628537][ T7356] netlink: 'syz.1.440': attribute type 29 has an invalid length. [ 264.354017][ T7395] netlink: 202920 bytes leftover after parsing attributes in process `syz.1.458'. [ 264.499297][ T7402] vlan2: entered allmulticast mode [ 264.527394][ T7402] geneve0: entered allmulticast mode [ 264.570828][ T7402] bridge0: port 4(vlan2) entered blocking state [ 264.614608][ T7402] bridge0: port 4(vlan2) entered disabled state [ 264.677124][ T7402] vlan2: entered promiscuous mode [ 264.693299][ T7402] geneve0: entered promiscuous mode [ 264.707616][ T7402] bridge0: port 4(vlan2) entered blocking state [ 264.714148][ T7402] bridge0: port 4(vlan2) entered forwarding state [ 265.837554][ T7412] netlink: 202920 bytes leftover after parsing attributes in process `syz.4.464'. [ 265.890978][ T7410] loop2: detected capacity change from 0 to 4096 [ 265.934586][ T7418] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 266.026639][ T7420] netlink: 60 bytes leftover after parsing attributes in process `syz.0.467'. [ 266.036294][ T29] audit: type=1800 audit(1740204825.440:41): pid=7410 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.463" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 266.072340][ T7419] netlink: 60 bytes leftover after parsing attributes in process `syz.0.467'. [ 266.118841][ T7410] NILFS error (device loop2): nilfs_dotdot: directory #12 missing '.' [ 266.150525][ T7410] Remounting filesystem read-only [ 266.151078][ T7420] netlink: 60 bytes leftover after parsing attributes in process `syz.0.467'. [ 266.416528][ T7410] syz.2.463 (7410) used greatest stack depth: 18648 bytes left [ 266.736257][ T5838] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer [ 267.100139][ T7427] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 267.509714][ T7435] netlink: 'syz.3.473': attribute type 10 has an invalid length. [ 267.687301][ T7435] bridge0: port 3(vlan2) entered disabled state [ 267.693927][ T7435] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.703565][ T7435] bridge0: port 1(bridge_slave_0) entered disabled state [ 269.449584][ T7455] loop1: detected capacity change from 0 to 4096 [ 269.599177][ T7465] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 269.685612][ T29] audit: type=1800 audit(1740204829.080:42): pid=7455 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.482" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 269.703508][ T7455] NILFS error (device loop1): nilfs_dotdot: directory #12 missing '.' [ 269.724885][ T7455] Remounting filesystem read-only [ 269.824162][ T7455] syz.1.482 (7455) used greatest stack depth: 17984 bytes left [ 269.863874][ T5831] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 270.520807][ T7474] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 270.656666][ T7480] loop4: detected capacity change from 0 to 2048 [ 270.728151][ T29] audit: type=1326 audit(1740204830.130:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7485 comm="syz.0.493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe52318d169 code=0x7ffc0000 [ 270.796706][ T29] audit: type=1326 audit(1740204830.150:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7485 comm="syz.0.493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7fe52318d169 code=0x7ffc0000 [ 270.872225][ T29] audit: type=1326 audit(1740204830.150:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7485 comm="syz.0.493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe52318d169 code=0x7ffc0000 [ 270.929438][ T7480] loop4: p2 < > p4 [ 270.933361][ T7480] loop4: partition table partially beyond EOD, truncated [ 270.944282][ T7480] loop4: p4 start 16777216 is beyond EOD, truncated [ 271.389443][ T5202] loop4: p2 < > p4 [ 271.401814][ T29] audit: type=1326 audit(1740204830.150:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7485 comm="syz.0.493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe52318d169 code=0x7ffc0000 [ 271.409609][ T5202] loop4: partition table partially beyond EOD, truncated [ 271.636851][ T5202] loop4: p4 start 16777216 is beyond EOD, truncated [ 271.809507][ T6030] udevd[6030]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 272.152770][ T29] audit: type=1326 audit(1740204831.550:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7512 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd4238d169 code=0x7ffc0000 [ 272.225104][ T29] audit: type=1326 audit(1740204831.550:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7512 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd4238d169 code=0x7ffc0000 [ 272.875858][ T29] audit: type=1326 audit(1740204831.650:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7512 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7efd4238d169 code=0x7ffc0000 [ 272.903780][ T7511] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 272.984894][ T29] audit: type=1326 audit(1740204831.650:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7512 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd4238d169 code=0x7ffc0000 [ 273.055951][ T29] audit: type=1326 audit(1740204831.650:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7512 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd4238d169 code=0x7ffc0000 [ 273.290751][ T6030] udevd[6030]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 273.811933][ T7540] netlink: 'syz.2.514': attribute type 4 has an invalid length. [ 274.007773][ T29] audit: type=1326 audit(1740204833.410:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7544 comm="syz.0.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe52318d169 code=0x7ffc0000 [ 274.183812][ T29] audit: type=1326 audit(1740204833.460:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7544 comm="syz.0.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe52318d169 code=0x7ffc0000 [ 274.265653][ T29] audit: type=1326 audit(1740204833.460:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7544 comm="syz.0.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7fe52318d169 code=0x7ffc0000 [ 274.400586][ T29] audit: type=1326 audit(1740204833.460:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7544 comm="syz.0.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe52318d169 code=0x7ffc0000 [ 277.296640][ T5142] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 277.316108][ T5142] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 277.337968][ T5142] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 277.367676][ T5142] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 277.395584][ T5142] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 277.526265][ T5142] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 279.593757][ T7604] chnl_net:caif_netlink_parms(): no params data found [ 279.656118][ T5142] Bluetooth: hci2: command tx timeout [ 280.818644][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 280.818664][ T29] audit: type=1107 audit(1740204840.210:57): pid=7664 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='Àïï' [ 281.284416][ T7604] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.314501][ T7604] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.334929][ T7604] bridge_slave_0: entered allmulticast mode [ 281.368386][ T7604] bridge_slave_0: entered promiscuous mode [ 281.532950][ T7604] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.603548][ T7604] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.736175][ T5142] Bluetooth: hci2: command tx timeout [ 281.832554][ T7604] bridge_slave_1: entered allmulticast mode [ 281.875469][ T7604] bridge_slave_1: entered promiscuous mode [ 282.282382][ T7604] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 282.391369][ T7604] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 283.305479][ T7604] team0: Port device team_slave_0 added [ 283.372211][ T7604] team0: Port device team_slave_1 added [ 283.815992][ T5142] Bluetooth: hci2: command tx timeout [ 283.946757][ T7604] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 283.953763][ T7604] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 283.980124][ T7604] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 283.993985][ T7604] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 284.001461][ T7604] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 284.030334][ T7604] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 284.290757][ T7604] hsr_slave_0: entered promiscuous mode [ 284.328061][ T7604] hsr_slave_1: entered promiscuous mode [ 284.334647][ T7604] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 284.365769][ T7604] Cannot create hsr debugfs directory [ 284.433700][ T7737] wireguard0: entered promiscuous mode [ 284.455281][ T7737] wireguard0: entered allmulticast mode [ 284.777969][ T29] audit: type=1800 audit(1740204844.160:58): pid=7747 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.591" name="memory.events" dev="tmpfs" ino=638 res=0 errno=0 [ 284.799527][ T29] audit: type=1804 audit(1740204844.180:59): pid=7747 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.591" name="memory.events" dev="tmpfs" ino=638 res=1 errno=0 [ 285.896208][ T5142] Bluetooth: hci2: command tx timeout [ 286.290545][ T7604] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.059611][ T7604] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.227392][ T7604] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.882975][ T7604] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.047902][ T7813] (unnamed net_device) (uninitialized): option lacp_rate: invalid value (54) [ 289.239697][ T7817] loop2: detected capacity change from 0 to 512 [ 289.298890][ T7817] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 289.311672][ T7817] ext4 filesystem being mounted at /140/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 289.713467][ T7827] netlink: 8 bytes leftover after parsing attributes in process `syz.0.622'. [ 289.767437][ T7604] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 289.792253][ T7604] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 289.822448][ T7604] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 289.900477][ T7604] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 290.230198][ T7604] 8021q: adding VLAN 0 to HW filter on device bond0 [ 290.279954][ T7604] 8021q: adding VLAN 0 to HW filter on device team0 [ 290.300745][ T6343] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.308054][ T6343] bridge0: port 1(bridge_slave_0) entered forwarding state [ 290.342494][ T6060] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.349832][ T6060] bridge0: port 2(bridge_slave_1) entered forwarding state [ 291.127870][ T7604] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 291.141712][ T7604] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 291.288755][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 291.531480][ T7848] netlink: 4 bytes leftover after parsing attributes in process `syz.1.630'. [ 291.849888][ T7604] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 292.496579][ T7860] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 293.095579][ T7604] veth0_vlan: entered promiscuous mode [ 293.193046][ T7604] veth1_vlan: entered promiscuous mode [ 293.322594][ T7604] veth0_macvtap: entered promiscuous mode [ 293.361158][ T7604] veth1_macvtap: entered promiscuous mode [ 293.478827][ T7604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.534159][ T7604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.572832][ T7895] netlink: 8 bytes leftover after parsing attributes in process `syz.0.647'. [ 293.582841][ T7604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.604927][ T7604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.644546][ T7604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.660201][ T7604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.691487][ T7604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.740794][ T7604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.800441][ T7604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.843113][ T7604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.885493][ T7897] netlink: 'syz.2.648': attribute type 1 has an invalid length. [ 293.973263][ T7604] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 294.009611][ T7604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.043735][ T7604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.092033][ T7604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.108884][ T7604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.118878][ T7604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.129887][ T7604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.141388][ T7604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.143489][ T7907] netlink: 'syz.2.651': attribute type 9 has an invalid length. [ 294.155596][ T7604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.221673][ T7604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.273118][ T7604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.294985][ T7604] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 294.515560][ T7604] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.575957][ T7604] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.584706][ T7604] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.645896][ T7604] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.662461][ T7919] netlink: 104 bytes leftover after parsing attributes in process `syz.3.656'. [ 294.938452][ T7925] netlink: 12 bytes leftover after parsing attributes in process `syz.1.660'. [ 294.947975][ T7925] netlink: 152 bytes leftover after parsing attributes in process `syz.1.660'. [ 295.116218][ T7930] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 295.389321][ T7929] netlink: 'syz.3.661': attribute type 1 has an invalid length. [ 295.810759][ T7942] bridge0: port 4(batadv1) entered blocking state [ 295.826738][ T7942] bridge0: port 4(batadv1) entered disabled state [ 295.840824][ T7942] batadv1: entered allmulticast mode [ 295.861235][ T7942] batadv1: entered promiscuous mode [ 296.036974][ T7953] netlink: 'syz.2.667': attribute type 10 has an invalid length. [ 296.149110][ T7950] warning: `syz.2.667' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 296.214154][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 296.245334][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 296.339479][ T7953] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 296.380119][ T5945] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 296.389937][ T5945] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 296.899073][ T7964] netlink: 12 bytes leftover after parsing attributes in process `syz.2.673'. [ 296.926636][ T7964] netlink: 152 bytes leftover after parsing attributes in process `syz.2.673'. [ 297.296485][ T7969] netlink: 'syz.0.675': attribute type 1 has an invalid length. [ 298.341955][ T7980] netlink: 60 bytes leftover after parsing attributes in process `syz.1.679'. [ 298.405191][ T7983] netlink: 60 bytes leftover after parsing attributes in process `syz.1.679'. [ 298.481288][ T6343] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 298.515799][ T6343] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 299.402138][ T8018] netlink: 'syz.0.687': attribute type 1 has an invalid length. [ 299.438256][ T7604] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] PREEMPT SMP KASAN PTI [ 299.450896][ T7604] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f] [ 299.459314][ T7604] CPU: 0 UID: 0 PID: 7604 Comm: syz-executor Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 299.469652][ T7604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 299.479733][ T7604] RIP: 0010:klist_remove+0x1e8/0x480 [ 299.485041][ T7604] Code: 3c 06 00 74 08 4c 89 ff e8 d5 88 26 f6 4d 8b 27 49 83 e4 fe 49 8d 7c 24 58 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 05 e8 ad 88 26 f6 4d 8b 6c 24 58 4c 89 e7 e8 d0 39 [ 299.504661][ T7604] RSP: 0018:ffffc9000410f7a0 EFLAGS: 00010202 [ 299.510745][ T7604] RAX: 000000000000000b RBX: ffffffff902456e8 RCX: dffffc0000000000 [ 299.518732][ T7604] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000058 [ 299.526714][ T7604] RBP: ffffc9000410f890 R08: ffffffff90245683 R09: 1ffffffff2048ad0 [ 299.534704][ T7604] R10: dffffc0000000000 R11: fffffbfff2048ad1 R12: 0000000000000000 [ 299.542684][ T7604] R13: ffffffff902456e0 R14: 1ffff1100aef668c R15: ffff8880577b3460 [ 299.550668][ T7604] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 299.559605][ T7604] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 299.566204][ T7604] CR2: 00007f107ab2aba8 CR3: 000000005d014000 CR4: 00000000003526f0 [ 299.574196][ T7604] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 299.582181][ T7604] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 299.590165][ T7604] Call Trace: [ 299.593457][ T7604] [ 299.596390][ T7604] ? __die_body+0x5f/0xb0 [ 299.600732][ T7604] ? die_addr+0xb0/0xe0 [ 299.604984][ T7604] ? exc_general_protection+0x3dd/0x5d0 [ 299.610553][ T7604] ? do_raw_spin_lock+0x14f/0x370 [ 299.615600][ T7604] ? asm_exc_general_protection+0x26/0x30 [ 299.621344][ T7604] ? klist_remove+0x1e8/0x480 [ 299.626023][ T7604] ? __pfx_klist_remove+0x10/0x10 [ 299.631063][ T7604] ? __pfx_kobject_move+0x10/0x10 [ 299.636103][ T7604] ? get_device_parent+0x25d/0x410 [ 299.641218][ T7604] device_move+0x1b4/0x710 [ 299.645626][ T7604] ? kasan_quarantine_put+0xdc/0x230 [ 299.650915][ T7604] hci_conn_del_sysfs+0xb5/0x170 [ 299.655855][ T7604] hci_conn_del+0x8c4/0xc40 [ 299.660359][ T7604] hci_conn_hash_flush+0x258/0x350 [ 299.665472][ T7604] ? __pfx_hci_conn_hash_flush+0x10/0x10 [ 299.671099][ T7604] ? drain_workqueue+0x2d3/0x3a0 [ 299.676041][ T7604] ? hci_discovery_set_state+0x57/0x180 [ 299.681596][ T7604] hci_dev_close_sync+0xa8b/0x1260 [ 299.686708][ T7604] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 299.692246][ T7604] ? rcu_is_watching+0x15/0xb0 [ 299.697011][ T7604] hci_unregister_dev+0x20b/0x510 [ 299.702041][ T7604] vhci_release+0x80/0xd0 [ 299.706366][ T7604] ? __pfx_vhci_release+0x10/0x10 [ 299.711387][ T7604] __fput+0x3e9/0x9f0 [ 299.715363][ T7604] task_work_run+0x24f/0x310 [ 299.719950][ T7604] ? __pfx_task_work_run+0x10/0x10 [ 299.725051][ T7604] ? do_exit+0xa25/0x28e0 [ 299.729377][ T7604] ? do_exit+0xa25/0x28e0 [ 299.733701][ T7604] do_exit+0xa2a/0x28e0 [ 299.737857][ T7604] ? __pfx_do_exit+0x10/0x10 [ 299.742444][ T7604] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 299.748426][ T7604] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 299.754753][ T7604] ? _raw_spin_unlock_irq+0x23/0x50 [ 299.759942][ T7604] ? lockdep_hardirqs_on+0x99/0x150 [ 299.765133][ T7604] do_group_exit+0x207/0x2c0 [ 299.769726][ T7604] __x64_sys_exit_group+0x3f/0x40 [ 299.774745][ T7604] x64_sys_call+0x26c3/0x26d0 [ 299.779413][ T7604] do_syscall_64+0xf3/0x230 [ 299.783911][ T7604] ? clear_bhb_loop+0x45/0xa0 [ 299.788585][ T7604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.794476][ T7604] RIP: 0033:0x7feb62f8d169 [ 299.798883][ T7604] Code: Unable to access opcode bytes at 0x7feb62f8d13f. [ 299.805888][ T7604] RSP: 002b:00007ffd2f031918 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 299.814297][ T7604] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007feb62f8d169 [ 299.822261][ T7604] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 299.830262][ T7604] RBP: 00007feb62fed8d0 R08: 00007ffd2f02f6b7 R09: 0000000000000003 [ 299.838230][ T7604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 299.846193][ T7604] R13: 0000000000000003 R14: 00000000ffffffff R15: 00007ffd2f031ad0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 299.854166][ T7604] [ 299.857179][ T7604] Modules linked in: [ 299.862371][ T7604] ---[ end trace 0000000000000000 ]--- [ 299.913152][ T7604] RIP: 0010:klist_remove+0x1e8/0x480 [ 299.932558][ T7604] Code: 3c 06 00 74 08 4c 89 ff e8 d5 88 26 f6 4d 8b 27 49 83 e4 fe 49 8d 7c 24 58 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 05 e8 ad 88 26 f6 4d 8b 6c 24 58 4c 89 e7 e8 d0 39 [ 300.009549][ T7604] RSP: 0018:ffffc9000410f7a0 EFLAGS: 00010202 [ 300.025753][ T7604] RAX: 000000000000000b RBX: ffffffff902456e8 RCX: dffffc0000000000 [ 300.034655][ T7604] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000058 [ 300.068322][ T7604] RBP: ffffc9000410f890 R08: ffffffff90245683 R09: 1ffffffff2048ad0 [ 300.079607][ T7604] R10: dffffc0000000000 R11: fffffbfff2048ad1 R12: 0000000000000000 [ 300.092145][ T7604] R13: ffffffff902456e0 R14: 1ffff1100aef668c R15: ffff8880577b3460 [ 300.102632][ T7604] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 300.112117][ T7604] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 300.122180][ T7604] CR2: 00007ff02c84f580 CR3: 0000000034c82000 CR4: 00000000003526f0 [ 300.130522][ T7604] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 300.141850][ T7604] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 300.155497][ T7604] Kernel panic - not syncing: Fatal exception [ 300.162320][ T7604] Kernel Offset: disabled [ 300.166635][ T7604] Rebooting in 86400 seconds..