last executing test programs: 30.600702153s ago: executing program 0 (id=1345): syz_emit_ethernet(0x1f, &(0x7f0000000000)={@link_local, @empty, @void, {@llc_tr={0x11, {@snap={0x0, 0x0, "e3", "4cc4ac", 0x0, "82a0a673c5a17ee15e"}}}}}, 0x0) 29.779066641s ago: executing program 0 (id=1347): r0 = socket$inet6(0xa, 0x2, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000000)=0x10000, 0x4) sendto$inet6(r0, &(0x7f0000000040)="800037bbd79ba1ce", 0x8, 0x0, &(0x7f0000001100)={0xa, 0x0, 0x0, @loopback}, 0x1c) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 29.602685875s ago: executing program 3 (id=1350): syz_mount_image$ext4(&(0x7f0000001080)='ext4\x00', &(0x7f0000000480)='./bus\x00', 0x0, &(0x7f0000000080), 0x1, 0x438, &(0x7f00000004c0)="$eJzs3M1vFOUfAPDvTF/gB/wsKr4h6CoIVbS1RasmhqQ3D40e9OC1aUtDLK3SmgghBhIPXk30D9C7/AlGTXw5eTJc1ehBSRoDPXAwZs3M7rTbdrcv2HZM9/NJZnmemWd5nplvvrO7T59MAG2rkr0kEQci4seI6KlVlzeo1P5ZuHl5LNuSqFZf/zPJ2926eXmsaFq8b3/2kkb0phHpB0k83KTf2YuX3hqdmpq4UK/3z51/u3/24qVnzp0fnZyYnJgeOD0wNPTC8y8ODmzZub7yw8Jvn3W+ujcipm+fGdyXjfdA/VjjeWyVSlSWX8sGJ7a6s5Ld11BOOtdvX211YdhRHRGRhasrz/+e6Iil4PXEdz+XOjhgW1Uze1oevlIFdrEkyh4BUI7igz77/VtsO/Xdg/LND9d+AN6qz+0sLMa/M9Ja4Z0T33y17Pf9VqpExJsjrx3NttimeRgAAACAdvblcEQ83Wz+L437F1t15+UHIuLBiHgoIg5H5Ot6jkTE0Yh4JCIeLdYTbcLK9qvnf9Ibd3hqbMD8cMTLDWu7FhriX3ewo177f1aJruTsuamJZyPirojoja49Wb31Kq2WC332FoVi/i/bsv6LucD6OG50rvj79Pjo3OgdnzDLzF+NONzZLP7J4kqgLIKPRcTjG/kPv81X1E0euvbX4q6XPrz3eqvmlXXjz3aqfhpxsmn+L+Vtsvb6zP78ftBf3BVW+/6Toc9b9S/+5cryf9/a8T+YNK7Xnd18H18f+uWnVsfWj3/z+3938kY+wO76vvdG5+YuDER0JyOr9w9ufsy7VXE9iuuVxb/3WPPP/3vq78ku6LGIOB4RT9TXLp/MP/sjnoyIpyLi1Bp9Xpn89e9Wx+R/ubL4j28q/zdf+OPqR8db9b+x/H8uH0xvfY/vf+vbaIDKHicAAAAAAAAAWyPNn4GXpH2L5TTt66s9w+9Q7EunZmbnTp2deXd6vPasvIPRlRYrvXoa1oMO5OWl+uCK+umIuDsiPu74X17vG5uZGi/75KHN7W+R/5nfO8oeHbDtNvC8VmCXkv/QvuQ/tC/5D+1L/kP7kv/QvuQ/tC/5D+1rZf6/f33kzO0vjlwraTjATukqewBASf7Nc/0UFBR2a6HsOxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAf8M/AQAA//9Egc84") syz_emit_ethernet(0x42, &(0x7f0000000580)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x8, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0x3, 0xd2}, @timestamp={0x44, 0x8, 0x5, 0x2, 0x0, [0x0]}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) 29.575980967s ago: executing program 0 (id=1352): mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}}) read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9}}, 0x50) read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r3, r0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r4, 0x80086601, 0x0) 29.331256778s ago: executing program 0 (id=1353): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000380), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000280)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) 29.167391741s ago: executing program 3 (id=1355): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000700)={0x3c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x20, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x1c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_VHT={0x14}]}]}]}, 0x3c}}, 0x0) 29.146150272s ago: executing program 0 (id=1356): openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) flock(0xffffffffffffffff, 0x0) ioctl$USBDEVFS_GET_CAPABILITIES(0xffffffffffffffff, 0x8004551a, 0x0) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)='./file0/file0\x00', 0x4) syz_io_uring_complete(0x0) socket$can_raw(0x1d, 0x3, 0x1) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01030000000000000000010000000c000600000000000000000008000100000000005c1d2561baea8f000a7af261"], 0x28}}, 0x0) 28.926669501s ago: executing program 3 (id=1359): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001800)={&(0x7f00000017c0)='kfree\x00', r0}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x0) unshare(0x22020600) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x1018e58, &(0x7f00000003c0)={[{@noblock_validity}, {@i_version}, {@resuid}, {@noload}, {@dioread_lock}, {@bh}, {}, {@bsdgroups}]}, 0x6, 0x641, &(0x7f0000000d80)="$eJzs3c9rXFsdAPDvvZPkJWl86RMRX1AMuHgPpGlSi1U3tnVhFwULdiHioqFJauj0B0kKthZMwIWCgojbIt34D7iX7t2JoO5cC1WkYkFL53Hv3Gknk/mVJjOT5H4+MJlzzz3JOd+5c3LPvTPn3gBKaz77kUZ8GPH6RhIx27RuJuor54tyL/79+Gb2SKJW++6/kkiKvEb5pHg+VSxMRsSfLkd8urK33s2Hj24vV2t1P4k4u3Xn/tnNh4/OrN9ZvrV6a/Xu0rmvnb+w+PWl80tNDX13p4rnK1e/8/lf/vSHX137c/VMEhfj+viPV6IljsMyH/PxugixOX8sIi5kiTavy3FzAkIotUrxfhyPiM/GbFTypbrZWP/FSBsHDFStElHrLulVADiudG8oq8Y4oHFs399x8PUBj0qG5/ml+gHQ3vjHilMOk/mx0fSLpOnIqH5u4/Qh1J/V8erx5JNXj+eexK7zEC/fbJ2xQ6ink+2diPhcu/iTvG2n80iz+NNdx/pJRCxGxETRvm8doA1JU3oQ52G62U/8zdshjYiLxXOWf/kd6289rTXs+AEop2eXih35drb0dv+XjT0a459oM/6ZOfhHMrlR7/86j/8a+/vJfNyTtozDsjHLtfZ/crw14+8/v/LrTvXXx39zTxqPrP7GWHAYnu9EzLXE/7Ms2GL8k8WftNn+WZEbF/ur49t/+eeVTutGHX/tacRHbY9/3o5Ks1SXzyfPrq1XVxfrP9vW8Yc//uB3nepvH/97A4i0vWz7T3eIv2n7p62/l70m99v/yZ3WjN9fe3qnU/0zPbd/+o+JpH68OVHk/Ghna2tjKWIiuVoUKfKXt7Y2znWPt17mZS1/XqrH//GX2vf/Xe//lqimGv8y+3D/e7dfdFr3Lu//pg+TX9f6bEMnWfwrvbf/nv6f5f2qzzr++/0HX+i0rlv8UwcJDAAAAAAAAEoozT+DTdKFN+k0XVioz5f9TEyn1XubW19eu/fg7krEx/n3IcfTSJP8KyOz9eVkbb26ulR8H7axfK5l+SsR8UFE/KYylS8v3LxXXRl18AAAAAAAAAAAAAAAAAAAAHBEnCrm/zfuU/2fSn3+P1ASvW8wt+f+D8AJMcgbTAJHW97/u+3i3x9eW4Dhsv+H8tL/obz0fygv/R/KS/+H8tL/obz0fygv/R8AAAAATqQPvvjsb0lEbH9jKn9kJop1yUhbBgza+L5KVwbWDmD49Ggorzcf/bvCD5ROX+P//xUXBxx8c4ARaHuuLx8c1Lp3/mc9zhLuHLxtAAAAAAAAAAAAAEDdRx92nv+/v7nBwHFj2h+U1wHm/7t0ABxzLv0P5eUYH+h1rc/JTit6zf8HAAAAAAAAAAAAAA7NTP5I0oViLvBMpOnCQsSnIuJ0jCdr69XVxYh4PyL+Whl/L1teGnWjAQAAAAAAAAAAAAAAAAAA4ITZfPjo9nK1urrRnPj/npyTnWjcBbV34VofZbomvhn7/K1Ihv+yTEXEyDfKwBJjTTlJxHa25Y9EwzY242g0I0+M+B8TAAAAAAAAAAAAAAAAAACUUNPc4/bmfjvkFgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA8L29/3+PxMp0/Rf6Krw7MeoYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDj6ZMAAAD//23TPDU=") r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') setns(r2, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 27.175544164s ago: executing program 3 (id=1366): syz_mount_image$ext4(&(0x7f0000001080)='ext4\x00', &(0x7f0000000480)='./bus\x00', 0x0, &(0x7f0000000080), 0x1, 0x438, &(0x7f00000004c0)="$eJzs3M1vFOUfAPDvTF/gB/wsKr4h6CoIVbS1RasmhqQ3D40e9OC1aUtDLK3SmgghBhIPXk30D9C7/AlGTXw5eTJc1ehBSRoDPXAwZs3M7rTbdrcv2HZM9/NJZnmemWd5nplvvrO7T59MAG2rkr0kEQci4seI6KlVlzeo1P5ZuHl5LNuSqFZf/zPJ2926eXmsaFq8b3/2kkb0phHpB0k83KTf2YuX3hqdmpq4UK/3z51/u3/24qVnzp0fnZyYnJgeOD0wNPTC8y8ODmzZub7yw8Jvn3W+ujcipm+fGdyXjfdA/VjjeWyVSlSWX8sGJ7a6s5Ld11BOOtdvX211YdhRHRGRhasrz/+e6Iil4PXEdz+XOjhgW1Uze1oevlIFdrEkyh4BUI7igz77/VtsO/Xdg/LND9d+AN6qz+0sLMa/M9Ja4Z0T33y17Pf9VqpExJsjrx3NttimeRgAAACAdvblcEQ83Wz+L437F1t15+UHIuLBiHgoIg5H5Ot6jkTE0Yh4JCIeLdYTbcLK9qvnf9Ibd3hqbMD8cMTLDWu7FhriX3ewo177f1aJruTsuamJZyPirojoja49Wb31Kq2WC332FoVi/i/bsv6LucD6OG50rvj79Pjo3OgdnzDLzF+NONzZLP7J4kqgLIKPRcTjG/kPv81X1E0euvbX4q6XPrz3eqvmlXXjz3aqfhpxsmn+L+Vtsvb6zP78ftBf3BVW+/6Toc9b9S/+5cryf9/a8T+YNK7Xnd18H18f+uWnVsfWj3/z+3938kY+wO76vvdG5+YuDER0JyOr9w9ufsy7VXE9iuuVxb/3WPPP/3vq78ku6LGIOB4RT9TXLp/MP/sjnoyIpyLi1Bp9Xpn89e9Wx+R/ubL4j28q/zdf+OPqR8db9b+x/H8uH0xvfY/vf+vbaIDKHicAAAAAAAAAWyPNn4GXpH2L5TTt66s9w+9Q7EunZmbnTp2deXd6vPasvIPRlRYrvXoa1oMO5OWl+uCK+umIuDsiPu74X17vG5uZGi/75KHN7W+R/5nfO8oeHbDtNvC8VmCXkv/QvuQ/tC/5D+1L/kP7kv/QvuQ/tC/5D+1rZf6/f33kzO0vjlwraTjATukqewBASf7Nc/0UFBR2a6HsOxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAf8M/AQAA//9Egc84") syz_emit_ethernet(0x42, &(0x7f0000000580)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x8, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0x3, 0xd2}, @timestamp={0x44, 0x8, 0x5, 0x2, 0x0, [0x0]}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) 26.889912137s ago: executing program 3 (id=1367): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000380), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000280)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) 26.802148434s ago: executing program 3 (id=1368): futex(0xfffffffffffffffd, 0xd, 0x0, &(0x7f0000000040), 0x0, 0x0) 25.281286979s ago: executing program 2 (id=1375): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x10000, 0x6}, 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) 25.233239093s ago: executing program 2 (id=1376): epoll_create1(0x0) r0 = dup(0xffffffffffffffff) syz_emit_ethernet(0x227, &(0x7f0000000100)=ANY=[@ANYBLOB="614bd4eaa01baaaaaaaaaabb8100000086dd6c8e9e19018000000000060000000000000000cf33eb28d5fbf500000000aaff2094e1f0fc9e85ae1c00000000010167"], 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$AUTOFS_IOC_FAIL(r1, 0xae03, 0xb6) socket$unix(0x1, 0x5, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mmap(&(0x7f000000c000/0x4000)=nil, 0x4000, 0xa, 0x31, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000048000/0x1000)=nil, 0x1000, 0x6, 0x31, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x4, 0xb, 0x4, 0x0, &(0x7f0000048000), 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = dup(r2) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0) ioctl$TCSETSF2(r2, 0x402c542d, &(0x7f0000000000)={0x0, 0x9, 0x0, 0x0, 0x0, "4b17e675bb3208c27ff338260a943c6acab1a8", 0x0, 0x1}) write$UHID_INPUT(r3, &(0x7f0000001040)={0xfc, {"a2e3ad09ed1a09f91b5d090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f38306d090890e0879b0a0ac6e70a9b3348959b509a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d07640936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) gettid() timer_create(0x0, &(0x7f0000000040)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{}, {0x0, 0x989680}}, 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) 25.071359886s ago: executing program 2 (id=1377): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000280)) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) 25.02590142s ago: executing program 2 (id=1378): syz_mount_image$ext4(&(0x7f0000001080)='ext4\x00', &(0x7f0000000480)='./bus\x00', 0x0, &(0x7f0000000080), 0x1, 0x438, &(0x7f00000004c0)="$eJzs3M1vFOUfAPDvTF/gB/wsKr4h6CoIVbS1RasmhqQ3D40e9OC1aUtDLK3SmgghBhIPXk30D9C7/AlGTXw5eTJc1ehBSRoDPXAwZs3M7rTbdrcv2HZM9/NJZnmemWd5nplvvrO7T59MAG2rkr0kEQci4seI6KlVlzeo1P5ZuHl5LNuSqFZf/zPJ2926eXmsaFq8b3/2kkb0phHpB0k83KTf2YuX3hqdmpq4UK/3z51/u3/24qVnzp0fnZyYnJgeOD0wNPTC8y8ODmzZub7yw8Jvn3W+ujcipm+fGdyXjfdA/VjjeWyVSlSWX8sGJ7a6s5Ld11BOOtdvX211YdhRHRGRhasrz/+e6Iil4PXEdz+XOjhgW1Uze1oevlIFdrEkyh4BUI7igz77/VtsO/Xdg/LND9d+AN6qz+0sLMa/M9Ja4Z0T33y17Pf9VqpExJsjrx3NttimeRgAAACAdvblcEQ83Wz+L437F1t15+UHIuLBiHgoIg5H5Ot6jkTE0Yh4JCIeLdYTbcLK9qvnf9Ibd3hqbMD8cMTLDWu7FhriX3ewo177f1aJruTsuamJZyPirojoja49Wb31Kq2WC332FoVi/i/bsv6LucD6OG50rvj79Pjo3OgdnzDLzF+NONzZLP7J4kqgLIKPRcTjG/kPv81X1E0euvbX4q6XPrz3eqvmlXXjz3aqfhpxsmn+L+Vtsvb6zP78ftBf3BVW+/6Toc9b9S/+5cryf9/a8T+YNK7Xnd18H18f+uWnVsfWj3/z+3938kY+wO76vvdG5+YuDER0JyOr9w9ufsy7VXE9iuuVxb/3WPPP/3vq78ku6LGIOB4RT9TXLp/MP/sjnoyIpyLi1Bp9Xpn89e9Wx+R/ubL4j28q/zdf+OPqR8db9b+x/H8uH0xvfY/vf+vbaIDKHicAAAAAAAAAWyPNn4GXpH2L5TTt66s9w+9Q7EunZmbnTp2deXd6vPasvIPRlRYrvXoa1oMO5OWl+uCK+umIuDsiPu74X17vG5uZGi/75KHN7W+R/5nfO8oeHbDtNvC8VmCXkv/QvuQ/tC/5D+1L/kP7kv/QvuQ/tC/5D+1rZf6/f33kzO0vjlwraTjATukqewBASf7Nc/0UFBR2a6HsOxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAf8M/AQAA//9Egc84") syz_emit_ethernet(0x42, &(0x7f0000000580)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x8, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0x3, 0xd2}, @timestamp={0x44, 0x8, 0x5, 0x2, 0x0, [0x0]}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) 24.90846418s ago: executing program 2 (id=1379): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000380), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000280)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) 24.831600376s ago: executing program 2 (id=1380): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0xe) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1, 0xffffffffffffffff}, 0x4) unshare(0x4040600) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_SET_PROPBIT(r3, 0xc00c55ca, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0x10, &(0x7f0000000740)=@framed={{}, [@snprintf={{0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x8, 0xfe00}, {0x7, 0x0, 0x8}, {}, {0x5}, {0x7, 0x0, 0x0, 0x0}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0xa4}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000440)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0001}]}) rt_sigpending(0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) setpriority(0x2, 0x0, 0xffffffffffffffcd) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000001cc0), 0x1000) 5.11545687s ago: executing program 1 (id=1441): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0xce) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@ipv4_newroute={0x34, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_SPORT={0x6, 0x1c, 0x4e20}, @RTA_DPORT={0x6, 0x1d, 0x4e20}, @RTA_IP_PROTO={0x5, 0x1b, 0x1}]}, 0x34}}, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000840)=0x2) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000200)) utimensat(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{}, {0x77359400}}, 0x100) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000f300080000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000380)='rcu_utilization\x00', r4}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100), 0x4) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0xffffffffffffff34, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80e00040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x4c, &(0x7f0000000100)={&(0x7f0000000200)=@ipv6_newroute={0x3c, 0x18, 0xff0f, 0x0, 0x0, {}, [@RTA_MULTIPATH={0xc, 0x9, {0x8}}, @RTA_GATEWAY={0x14, 0x5, @dev}]}, 0x3c}}, 0x0) 4.128409161s ago: executing program 1 (id=1443): r0 = syz_open_procfs(0x0, &(0x7f0000001180)='net/dev_snmp6\x00') getdents64(r0, &(0x7f0000000100)=""/4014, 0xfae) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r4, &(0x7f0000000180)={0x1a, 0x0, 0x80, 0x0, 0x0, 0x0, @multicast}, 0x10) sendmmsg(r4, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = socket$inet6(0xa, 0x3, 0xff) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000000), 0x4) r6 = dup2(r5, r5) write$tun(r6, &(0x7f00000002c0)=ANY=[], 0x46) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) io_setup(0x9, &(0x7f0000003080)=0x0) io_submit(r7, 0x1, &(0x7f0000002b00)=[&(0x7f0000001940)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) r8 = eventfd(0x0) dup3(r8, r6, 0x0) 2.92059807s ago: executing program 4 (id=1445): syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f00000006c0)=@v1={0x0, @aes256, 0x8, @desc3}) 2.919129511s ago: executing program 1 (id=1446): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, &(0x7f0000000040)=""/247, 0x26, 0xf7, 0x1}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000020000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x11, &(0x7f00000004c0), 0x10}, 0x90) 2.786583441s ago: executing program 1 (id=1447): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000001080)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000080)={r1}, 0x0) r2 = socket$inet6(0xa, 0x805, 0x0) getsockopt$bt_hci(r2, 0x84, 0x7d, &(0x7f0000000080)=""/4076, &(0x7f0000000040)=0xfec) 2.710038398s ago: executing program 4 (id=1448): r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x4, @local, 'bridge_slave_1\x00'}}, 0x1e) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x4, @local, 'team_slave_1\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(r1, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x4, @local, 'bridge_slave_1\x00'}}) ioctl$PPPOEIOCDFWD(r1, 0xb101, 0x0) 2.645632993s ago: executing program 1 (id=1449): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)={0x3c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_PKT_RATE_LOW={0x8, 0xd, 0xffffffff}, @ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_RX_USECS_LOW={0x8}]}, 0x3c}}, 0x0) 2.567347569s ago: executing program 4 (id=1450): r0 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x2015}) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x0, 0x0) setresuid(0x0, 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x40c5, 0x0) open$dir(&(0x7f0000000100)='./file0\x00', 0x100000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = semget$private(0x0, 0x0, 0x54d) semtimedop(r2, &(0x7f0000000240)=[{0x3, 0x40, 0x1800}, {0x0, 0x3, 0x1800}], 0x2, &(0x7f0000000280)={0x0, 0x989680}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0) r4 = socket$inet6(0xa, 0x80002, 0x0) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x6, [@var={0x4, 0x0, 0x0, 0xe, 0x4}, @func_proto={0x0, 0x0, 0x0, 0xd, 0x4}, @ptr={0x0, 0x0, 0x0, 0x10, 0x4}, @func={0x4, 0x0, 0x0, 0x8, 0x3}]}, {0x0, [0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x52}, 0x20) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000080)={0x2, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r5, 0x0, 0x3}, 0x48) sendto$inet6(r4, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f0000001240)=ANY=[@ANYBLOB="8500000061000000350000000000002085000000070000009500000000000000f4670880271e3503200ffa95b2c8c037c5a142c9a8d76287066c51adde96fcc309926fa3b4b87b3e0cc7444a2391511c97fabd5f9810e81ee0b737136ea6f7be39cd34d5ae35de38dde54704d25c79949c00a7c09cc28d7673294f42a5f0a8761b30d64b741a226de7bad76402320e13822c45c0f8612c10b1f3c075ff1ebb755a2dd5760903000000000000006c6386d7ec7209d031f40f3012e9576e51a7f578602f5807785b92e544fc46c744aeeee4418d6af3e4195cc03710212436a4ff3274cac948d85cec074c6949e1298901ebb39522f6649dd76d067a82f5fe47fe5f17f99ab1e394ab800f4104dbffff0000000000005c6d1d224b64be6c4d7f47ef21eb7e46f9aa4a9779f8555eaea768c1f2c221c410ef4b253d110ee282ab94de93d928cf95846be6277c04b4c5324812696aa89e393c941d9541c86238d0703394a90231ccca9c3499c9a4cd3cd8a4f8070000000b1b2d2747c45b0c52087b84960ba0e3c4c00322de328c10752a42dca52fb98c1452b6518a6ef7297f7b2744419a2f238f173d0cd46daf2fcb5500f53e7309ecc07d8d3c76e65760ff000000b78863e629b3b200000000000000000000000000008b0000000a449c810d3174c87ee545867a3126af7a8b20744ea9875b9cba735b9594aa904e5a4bb2c3dfa8ea63e3e7000860000000004a2147c1128c697d9966b3c9f0e9443a2d89cd008bd64fc6e625247510bc24e20ad88d4fe6a3ae2f7967546c4aae83352106057ab9cd4b3442a5d10451b95e22f30a85f5681ca3000000000000000000000396e7b6e1aa007018f6d93e79fce95d405b809238cca421c82c96f10dfa978bee51f581d124216e8bd9b1855f77138e438bdc037861f07f98c068be4c6155ec27365410866059475714844a3ea4cbe37e0000000000ef6dc4dd63bb928ff58b3bd2a600089d172a884dcdb8b9f9050297815a371deec595838e38068b5e438cbcd585a8cf37c496a8d2dab79d4242a353917ebdf2dc7926d80260898d4e1ca5e3a833f8f65429845bc3c3092af2bc4ee7263d3cbd9cab24eafd961a2d0c7bbfca952411727622a613a15166d6ac3c75c7e6158bfbb32f187d18f977117101076bad4167d5559ac12ff1c14fab5ccf7117a25a25933bfe309a040034b0cc8f69074670efc8101b89477d23823605dfa8e5945c71a0225b50d18a010ecf3c349cbac4d5191c3d78726b9ab4bff5e05027ca5b338a62e955e514da8ca2846919b7b56c192bb43f7032e485cc664921b7f9133bdbc2ba3cd845997b0dd103c784a53ad0243624566e0dacfe4029ffbe59e7e7751b3a9e619107bde39bfa81791ff0e4577055528aef46891c3c49afda8137d03cf6893db7b0f1fe95f8a096159869db71853b6bb5c08ce5fc61353f1e659d7ac53f54a7e2c94cba21994930a423ac7f84ed873a76b0dda0a4b4c5f87eef3164a0c03bc2a7f08290ddf300b298de3fd9167fb8b9c2f26e27f97cf5e90586ea50b85eb5b420eebe171893782b8326148ef5f5174e7ea5dd7f1caa699e4a241291c2f43e9edbf44c0ffb8ee32a18b6e8f0b61836146e2eab9a767800c2c91190c96cf88466adf775b4cf517dc5e39be99c4ab471f381c3915203cd2f27466c8943a80ba03150699c787696de272affa4e4940e59d8b7c69f804d6d3fa7543176a4df033532e5053d72521d097dda0c7a70bd1278c61513c1b87b01d9a9ec4d5ef793096dab53d3224f245fd5d87984d58dc09d11ba0094ba8c39942be41f362e29bba1cdcf8068a4d8d67d2d6d79aa2d089bc4d475097d7523860ec41dab4fa4b0cfe674c163ad419753bd73882336d42036a179bb33162b31f2a58436ea88fba598fad987a60b1847cc63a77c2bb30477ecbeaaa590cde56be4102d0365987eed64bdf01bbd"], &(0x7f0000000140)='GPL\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x51, 0x10, 0x0, 0xfffffc1a}, 0x15) 1.967432768s ago: executing program 4 (id=1451): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0xce) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@ipv4_newroute={0x34, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_SPORT={0x6, 0x1c, 0x4e20}, @RTA_DPORT={0x6, 0x1d, 0x4e20}, @RTA_IP_PROTO={0x5, 0x1b, 0x1}]}, 0x34}}, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000840)=0x2) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000200)) utimensat(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{}, {0x77359400}}, 0x100) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000f300080000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000380)='rcu_utilization\x00', r4}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100), 0x4) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0xffffffffffffff34, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80e00040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x4c, &(0x7f0000000100)={&(0x7f0000000200)=@ipv6_newroute={0x3c, 0x18, 0xff0f, 0x0, 0x0, {}, [@RTA_MULTIPATH={0xc, 0x9, {0x8}}, @RTA_GATEWAY={0x14, 0x5, @dev}]}, 0x3c}}, 0x0) 1.119420188s ago: executing program 1 (id=1452): memfd_create(&(0x7f0000000000)='\xfb\"a&\x8fe\x11\x8c\xd64\xf9 \x00\x00\x00\x00\x00\x12\x1a\'<\xf5\xbeV\x12\xaal\xfa\xf0o\xd8\xb1,\xbd>M\xe3\x98?\xd9\x96\xab\xc7\x06\xfd\x9b\xab\xc8\x1e\x89]\x13bZ\x8d /#k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\xa1\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xdeL\x1d\x98Zq\xcc%\x98\xb0Yc\xec\xb7\xb5m(9\xde\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1jOB\xdas\xe3\xb47}%)\xb9\xbf{\xce\x94^\xec\xdf\xbcW\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x842kgA]\x1e\x88\xecif\xee]\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1d2\xb8\x80Z\xf7\x06\xbe\xc9[L\xc5\xc9\xb5\xd6{\xee\xce\x17\x89\xa6r\xc5j\xec\x1b\xaa\x996\x149@\xb1\xf6Q\x8fXeT\'0.\x85\xa2\xc8\xb3c\t\xe8:\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xf4@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\xacH\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLY\x94\x93\xebT\x15\x817\x9d#\xea\xd2\xa8\xfb^\x8c\x87#\x10', 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r0, 0x8028c003, 0x0) 1.054308493s ago: executing program 4 (id=1453): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)={0x3c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CQM={0x20, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0x4}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}, @NL80211_ATTR_CQM_TXE_INTVL={0x8}, @NL80211_ATTR_CQM_TXE_RATE={0x8}]}]}, 0x3c}}, 0x0) 899.806946ms ago: executing program 4 (id=1454): r0 = syz_open_procfs(0x0, &(0x7f0000001180)='net/dev_snmp6\x00') getdents64(r0, &(0x7f0000000100)=""/4014, 0xfae) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r4, &(0x7f0000000180)={0x1a, 0x0, 0x80, 0x0, 0x0, 0x0, @multicast}, 0x10) sendmmsg(r4, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = socket$inet6(0xa, 0x3, 0xff) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000000), 0x4) r6 = dup2(r5, r5) write$tun(r6, &(0x7f00000002c0)=ANY=[], 0x46) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) io_setup(0x9, &(0x7f0000003080)=0x0) io_submit(r7, 0x1, &(0x7f0000002b00)=[&(0x7f0000001940)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) r8 = eventfd(0x0) dup3(r8, r6, 0x0) 0s ago: executing program 0 (id=1393): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000240)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x7, 0x0, &(0x7f0000000900)="e02742e8680d85", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) open(0x0, 0x60142, 0x0) mq_open(&(0x7f0000000940)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\x00\x00\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = getpgid(0xffffffffffffffff) sched_setaffinity(r1, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) io_submit(0x0, 0x0, 0x0) mlock2(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x3) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r3, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, 0x0, 0x0) syz_clone3(&(0x7f0000000480)={0x20000000, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0), {}, &(0x7f0000000400)=""/55, 0x37, &(0x7f0000000d00)=""/4096, &(0x7f0000000440)=[0xffffffffffffffff, r1, r1], 0x3}, 0x58) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007f9, &(0x7f0000e68000)={0x2, 0x4e20, @multicast2}, 0x10) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={@map=0x1, 0xffffffffffffffff, 0x1b}, 0x20) socket$nl_netfilter(0x10, 0x3, 0xc) kernel console output (not intermixed with test programs): han_get:1401: comm syz.4.805: couldn't read orphan inode 15 (err -117) [ 174.281283][ T6085] netlink: 'syz.2.807': attribute type 29 has an invalid length. [ 174.375248][ T6077] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 174.406132][ T6085] netlink: 'syz.2.807': attribute type 29 has an invalid length. [ 174.467465][ T6088] netlink: 12 bytes leftover after parsing attributes in process `syz.3.809'. [ 174.497138][ T6088] netlink: 'syz.3.809': attribute type 7 has an invalid length. [ 174.555960][ T6088] device vxlan0 entered promiscuous mode [ 174.586698][ T4378] EXT4-fs (loop4): unmounting filesystem. [ 175.074312][ T6112] loop0: detected capacity change from 0 to 2048 [ 175.098314][ T6112] EXT4-fs (loop0): unsupported descriptor size 2 [ 175.153897][ T6121] netlink: 'syz.1.820': attribute type 3 has an invalid length. [ 175.266899][ T6112] loop0: detected capacity change from 0 to 256 [ 175.288144][ T6125] loop2: detected capacity change from 0 to 1024 [ 175.413696][ T9] hfsplus: b-tree write err: -5, ino 4 [ 175.650686][ T3561] Bluetooth: hci2: command 0x0406 tx timeout [ 175.743981][ T6156] netlink: 'syz.0.833': attribute type 3 has an invalid length. [ 175.819996][ T6163] netlink: 12 bytes leftover after parsing attributes in process `syz.3.834'. [ 175.834036][ T6163] netlink: 'syz.3.834': attribute type 7 has an invalid length. [ 175.941891][ T6168] loop2: detected capacity change from 0 to 1024 [ 176.028889][ T6170] loop0: detected capacity change from 0 to 2048 [ 176.037286][ T3847] hfsplus: b-tree write err: -5, ino 4 [ 176.079978][ T6170] EXT4-fs (loop0): unsupported descriptor size 2 [ 176.151302][ T6170] loop0: detected capacity change from 0 to 256 [ 176.849448][ T6187] netlink: 'syz.4.846': attribute type 3 has an invalid length. [ 177.272088][ T6202] loop4: detected capacity change from 0 to 1024 [ 177.365673][ T56] hfsplus: b-tree write err: -5, ino 4 [ 177.445316][ T6212] loop4: detected capacity change from 0 to 164 [ 177.576085][ T6218] loop4: detected capacity change from 0 to 256 [ 177.639974][ T6210] loop0: detected capacity change from 0 to 4096 [ 177.661277][ T6210] ntfs3: loop0: ino=3, Correct links count -> 2. [ 178.061097][ T6231] sp0: Synchronizing with TNC [ 179.065824][ T6246] netlink: 'syz.3.867': attribute type 29 has an invalid length. [ 179.073959][ T6246] netlink: 'syz.3.867': attribute type 29 has an invalid length. [ 179.190465][ T6251] loop1: detected capacity change from 0 to 164 [ 179.255668][ T3785] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 179.299278][ T6254] loop1: detected capacity change from 0 to 512 [ 179.313606][ T6254] EXT4-fs: Ignoring removed mblk_io_submit option [ 179.337135][ T6254] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 179.361552][ T6254] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c118, mo2=0002] [ 179.369946][ T6254] System zones: 1-12 [ 179.384183][ T6254] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz.1.870: corrupted in-inode xattr [ 179.396978][ T6254] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz.1.870: couldn't read orphan inode 15 (err -117) [ 179.409275][ T6254] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 179.450794][ T4548] EXT4-fs (loop1): unmounting filesystem. [ 179.532944][ T6262] loop4: detected capacity change from 0 to 256 [ 179.660682][ T3785] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 179.691493][ T3785] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 179.704942][ T3785] usb 1-1: New USB device found, idVendor=056a, idProduct=00dd, bcdDevice= 0.00 [ 179.725096][ T3785] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.748511][ T6271] loop4: detected capacity change from 0 to 512 [ 179.755951][ T3785] usb 1-1: config 0 descriptor?? [ 179.788654][ T6271] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 179.802611][ T3785] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 179.836823][ T6273] validate_nla: 1 callbacks suppressed [ 179.836837][ T6273] netlink: 'syz.3.879': attribute type 29 has an invalid length. [ 179.855627][ T6271] EXT4-fs (loop4): 1 truncate cleaned up [ 179.861817][ T6273] netlink: 'syz.3.879': attribute type 29 has an invalid length. [ 179.869627][ T6271] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 179.895869][ T6275] netlink: 'syz.3.879': attribute type 29 has an invalid length. [ 179.929512][ T6271] EXT4-fs warning (device loop4): __ext4fs_dirhash:270: inode #2: comm syz.4.878: Siphash requires key [ 179.957533][ T6271] EXT4-fs warning (device loop4): dx_probe:844: inode #2: comm syz.4.878: Hash code is SIPHASH, but hash not in dirent [ 179.982637][ T6271] EXT4-fs warning (device loop4): dx_probe:965: inode #2: comm syz.4.878: Corrupt directory, running e2fsck is recommended [ 180.048145][ T6278] loop1: detected capacity change from 0 to 164 [ 180.088207][ T4378] EXT4-fs (loop4): unmounting filesystem. [ 180.239923][ T3785] usb 1-1: USB disconnect, device number 2 [ 180.256251][ T6286] loop3: detected capacity change from 0 to 512 [ 180.350074][ T6286] EXT4-fs: Ignoring removed mblk_io_submit option [ 180.363831][ T6286] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 180.377831][ T6286] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c118, mo2=0002] [ 180.388180][ T6286] System zones: 1-12 [ 180.428306][ T6286] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #15: comm syz.3.884: corrupted in-inode xattr [ 180.445010][ T6286] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.884: couldn't read orphan inode 15 (err -117) [ 180.457905][ T6286] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 180.544198][ T6298] loop4: detected capacity change from 0 to 4096 [ 180.553404][ T6298] ntfs3: loop4: ino=3, Correct links count -> 2. [ 180.579402][ T3546] EXT4-fs (loop3): unmounting filesystem. [ 180.679778][ T6304] dccp_close: ABORT with 1 bytes unread [ 180.759170][ T6307] loop1: detected capacity change from 0 to 512 [ 180.790263][ T6309] loop3: detected capacity change from 0 to 164 [ 180.815262][ T6307] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 180.898647][ T6307] EXT4-fs (loop1): 1 truncate cleaned up [ 180.904979][ T6307] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 180.947950][ T6307] EXT4-fs warning (device loop1): __ext4fs_dirhash:270: inode #2: comm syz.1.893: Siphash requires key [ 180.976946][ T6307] EXT4-fs warning (device loop1): dx_probe:844: inode #2: comm syz.1.893: Hash code is SIPHASH, but hash not in dirent [ 181.038382][ T6307] EXT4-fs warning (device loop1): dx_probe:965: inode #2: comm syz.1.893: Corrupt directory, running e2fsck is recommended [ 181.107390][ T6320] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 181.126181][ T4548] EXT4-fs (loop1): unmounting filesystem. [ 181.256430][ T6331] loop1: detected capacity change from 0 to 512 [ 181.300939][ T6331] EXT4-fs: Ignoring removed mblk_io_submit option [ 181.370708][ T6331] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 181.472560][ T6331] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c118, mo2=0002] [ 181.474922][ T6337] loop4: detected capacity change from 0 to 24 [ 181.497935][ T6331] System zones: 1-12 [ 181.530289][ T6341] loop0: detected capacity change from 0 to 164 [ 181.535874][ T6331] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz.1.902: corrupted in-inode xattr [ 181.578913][ T6331] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz.1.902: couldn't read orphan inode 15 (err -117) [ 181.627025][ T6331] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 181.758557][ T4548] EXT4-fs (loop1): unmounting filesystem. [ 181.856652][ T6356] loop1: detected capacity change from 0 to 512 [ 181.874169][ T6356] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 181.928478][ T6356] EXT4-fs (loop1): 1 truncate cleaned up [ 181.943314][ T6356] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 182.004208][ T6356] EXT4-fs warning (device loop1): __ext4fs_dirhash:270: inode #2: comm syz.1.913: Siphash requires key [ 182.017930][ T6356] EXT4-fs warning (device loop1): dx_probe:844: inode #2: comm syz.1.913: Hash code is SIPHASH, but hash not in dirent [ 182.030848][ T6356] EXT4-fs warning (device loop1): dx_probe:965: inode #2: comm syz.1.913: Corrupt directory, running e2fsck is recommended [ 182.672462][ T4548] EXT4-fs (loop1): unmounting filesystem. [ 182.985558][ T6376] loop4: detected capacity change from 0 to 256 [ 183.000930][ T6376] exfat: Deprecated parameter 'utf8' [ 183.006331][ T6376] exfat: Deprecated parameter 'utf8' [ 183.014447][ T6379] loop0: detected capacity change from 0 to 24 [ 183.033832][ T6376] exfat: Deprecated parameter 'utf8' [ 183.086082][ T6376] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x18acca35, utbl_chksum : 0xe619d30d) [ 183.404757][ T6396] loop4: detected capacity change from 0 to 512 [ 183.422312][ T6396] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 183.481104][ T6396] EXT4-fs (loop4): 1 truncate cleaned up [ 183.510660][ T6396] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 183.608560][ T6396] EXT4-fs warning (device loop4): __ext4fs_dirhash:270: inode #2: comm syz.4.928: Siphash requires key [ 183.683393][ T6396] EXT4-fs warning (device loop4): dx_probe:844: inode #2: comm syz.4.928: Hash code is SIPHASH, but hash not in dirent [ 183.697208][ T6396] EXT4-fs warning (device loop4): dx_probe:965: inode #2: comm syz.4.928: Corrupt directory, running e2fsck is recommended [ 183.767761][ T4378] EXT4-fs (loop4): unmounting filesystem. [ 184.456656][ T6421] loop3: detected capacity change from 0 to 1024 [ 184.469010][ T6421] EXT4-fs: Ignoring removed orlov option [ 184.481822][ T6421] EXT4-fs: Ignoring removed nomblk_io_submit option [ 184.527878][ T6423] loop0: detected capacity change from 0 to 512 [ 184.535329][ T22] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 184.550070][ T6423] EXT4-fs: Ignoring removed bh option [ 184.579198][ T6427] loop1: detected capacity change from 0 to 256 [ 184.596563][ T6421] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 184.728941][ T3546] EXT4-fs (loop3): unmounting filesystem. [ 184.778863][ T6430] loop0: detected capacity change from 0 to 512 [ 184.812756][ T6430] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 184.868365][ T6430] EXT4-fs (loop0): 1 truncate cleaned up [ 184.874936][ T6430] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 184.928465][ T6430] EXT4-fs warning (device loop0): __ext4fs_dirhash:270: inode #2: comm syz.0.942: Siphash requires key [ 184.930858][ T22] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 184.976533][ T6430] EXT4-fs warning (device loop0): dx_probe:844: inode #2: comm syz.0.942: Hash code is SIPHASH, but hash not in dirent [ 185.004195][ T6430] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz.0.942: Corrupt directory, running e2fsck is recommended [ 185.014833][ T22] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 185.058411][ T22] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 185.068365][ T22] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 185.088773][ T4875] EXT4-fs (loop0): unmounting filesystem. [ 185.201016][ T22] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 185.210096][ T22] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 185.252033][ T22] usb 5-1: Product: syz [ 185.257433][ T22] usb 5-1: Manufacturer: syz [ 185.317408][ T22] cdc_wdm 5-1:1.0: skipping garbage [ 185.328075][ T22] cdc_wdm 5-1:1.0: skipping garbage [ 185.350995][ T22] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 185.356920][ T22] cdc_wdm 5-1:1.0: Unknown control protocol [ 185.454190][ T6454] loop2: detected capacity change from 0 to 512 [ 185.507882][ T6454] EXT4-fs: Ignoring removed bh option [ 185.671656][ T22] usb 5-1: USB disconnect, device number 6 [ 185.680569][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 185.687190][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 185.689833][ T6462] loop2: detected capacity change from 0 to 24 [ 185.693264][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 185.781629][ T6466] loop0: detected capacity change from 0 to 512 [ 185.803327][ T6466] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 185.835311][ T6466] EXT4-fs (loop0): 1 truncate cleaned up [ 185.843595][ T6466] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 185.870909][ T6466] EXT4-fs warning (device loop0): __ext4fs_dirhash:270: inode #2: comm syz.0.958: Siphash requires key [ 185.935822][ T6466] EXT4-fs warning (device loop0): dx_probe:844: inode #2: comm syz.0.958: Hash code is SIPHASH, but hash not in dirent [ 186.000361][ T6466] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz.0.958: Corrupt directory, running e2fsck is recommended [ 186.104678][ T4875] EXT4-fs (loop0): unmounting filesystem. [ 186.358026][ T6458] loop3: detected capacity change from 0 to 32768 [ 186.365398][ T6458] XFS: attr2 mount option is deprecated. [ 186.374556][ T6458] XFS: ikeep mount option is deprecated. [ 186.380302][ T6458] XFS: noikeep mount option is deprecated. [ 186.440117][ T6458] XFS (loop3): Mounting V5 Filesystem [ 186.562098][ T6458] XFS (loop3): Ending clean mount [ 186.576901][ T6458] XFS (loop3): Quotacheck needed: Please wait. [ 186.619440][ T6495] netlink: 4 bytes leftover after parsing attributes in process `syz.0.964'. [ 186.625159][ T6494] loop4: detected capacity change from 0 to 256 [ 186.705796][ T6458] XFS (loop3): Quotacheck: Done. [ 186.715387][ T6494] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 186.893849][ T3546] XFS (loop3): Unmounting Filesystem [ 186.974971][ T6504] loop1: detected capacity change from 0 to 512 [ 186.996728][ T6504] EXT4-fs: Ignoring removed bh option [ 187.596555][ T6522] loop3: detected capacity change from 0 to 512 [ 187.723689][ T6522] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 187.753712][ T6522] ext4 filesystem being mounted at /255/file1 supports timestamps until 2038 (0x7fffffff) [ 187.866173][ T6522] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #2: comm syz.3.977: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 187.963951][ T6522] EXT4-fs (loop3): Remounting filesystem read-only [ 188.129540][ T6533] loop0: detected capacity change from 0 to 256 [ 188.187542][ T3546] EXT4-fs (loop3): unmounting filesystem. [ 188.228749][ T6533] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 188.365175][ T6535] loop1: detected capacity change from 0 to 1024 [ 188.421257][ T6535] EXT4-fs: Ignoring removed orlov option [ 188.433777][ T6535] EXT4-fs: Ignoring removed nomblk_io_submit option [ 188.446217][ T6535] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a80ec018, mo2=0002] [ 188.455507][ T6535] System zones: 0-1, 3-36 [ 188.505078][ T6535] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 188.559506][ T6543] loop0: detected capacity change from 0 to 512 [ 188.614672][ T6543] EXT4-fs: Ignoring removed nobh option [ 188.685855][ T6543] fscrypt (loop0, inode 2): Error -61 getting encryption context [ 188.714815][ T6543] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -61 [ 188.724022][ T6543] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #13: comm syz.0.984: casefold flag without casefold feature [ 188.737177][ T6543] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #13: comm syz.0.984: unexpected EA_INODE flag [ 188.750136][ T4548] EXT4-fs (loop1): unmounting filesystem. [ 188.754042][ T6543] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz.0.984: couldn't read orphan inode 13 (err -117) [ 188.779083][ T6543] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 188.812424][ T6543] EXT4-fs: Ignoring removed orlov option [ 188.819852][ T6543] EXT4-fs error (device loop0): __ext4_remount:6425: comm syz.0.984: Abort forced by user [ 188.842863][ T6543] EXT4-fs (loop0): Remounting filesystem read-only [ 188.860672][ T6543] EXT4-fs (loop0): re-mounted. Quota mode: none. [ 188.906057][ T4875] EXT4-fs (loop0): unmounting filesystem. [ 189.026274][ T6566] loop0: detected capacity change from 0 to 256 [ 189.045370][ T6566] exfat: Deprecated parameter 'utf8' [ 189.073184][ T6570] loop2: detected capacity change from 0 to 256 [ 189.080739][ T6566] exfat: Deprecated parameter 'utf8' [ 189.101814][ T6566] exfat: Deprecated parameter 'utf8' [ 189.113462][ T6570] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 189.147250][ T6566] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x18acca35, utbl_chksum : 0xe619d30d) [ 189.338433][ T6579] netlink: 4 bytes leftover after parsing attributes in process `syz.1.996'. [ 189.398694][ T6579] netlink: 'syz.1.996': attribute type 15 has an invalid length. [ 189.417484][ T6579] netlink: 'syz.1.996': attribute type 18 has an invalid length. [ 189.603371][ T6586] loop4: detected capacity change from 0 to 1024 [ 189.667192][ T6586] EXT4-fs: Ignoring removed orlov option [ 189.697289][ T6586] EXT4-fs: Ignoring removed nomblk_io_submit option [ 189.747080][ T6586] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a80ec018, mo2=0002] [ 189.760753][ T6586] System zones: 0-1, 3-36 [ 189.761061][ T6592] loop2: detected capacity change from 0 to 512 [ 189.785348][ T6586] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 189.789156][ T6592] EXT4-fs: Ignoring removed nobh option [ 189.932207][ T6592] fscrypt (loop2, inode 2): Error -61 getting encryption context [ 189.940037][ T6592] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -61 [ 189.991615][ T6592] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #13: comm syz.2.1004: casefold flag without casefold feature [ 189.992516][ T6578] loop0: detected capacity change from 0 to 32768 [ 190.059192][ T6592] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #13: comm syz.2.1004: unexpected EA_INODE flag [ 190.078743][ T6578] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz.0.999 (6578) [ 190.098574][ T4378] EXT4-fs (loop4): unmounting filesystem. [ 190.109131][ T6592] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.1004: couldn't read orphan inode 13 (err -117) [ 190.127872][ T6601] loop1: detected capacity change from 0 to 1024 [ 190.140409][ T6592] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 190.162714][ T6578] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 190.191026][ T6601] EXT4-fs (loop1): invalid inodes per group: 458784 [ 190.191026][ T6601] [ 190.208795][ T6578] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 190.266766][ T6578] BTRFS info (device loop0): using free space tree [ 190.292517][ T6592] EXT4-fs: Ignoring removed orlov option [ 190.300308][ T6604] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1008'. [ 190.327477][ T3562] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 190.349916][ T6592] EXT4-fs error (device loop2): __ext4_remount:6425: comm syz.2.1004: Abort forced by user [ 190.350489][ T6604] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1008'. [ 190.381051][ T6604] netlink: 'syz.4.1008': attribute type 6 has an invalid length. [ 190.383501][ T6592] EXT4-fs (loop2): Remounting filesystem read-only [ 190.412509][ T6592] EXT4-fs (loop2): re-mounted. Quota mode: none. [ 190.516895][ T4552] EXT4-fs (loop2): unmounting filesystem. [ 190.562959][ T6615] loop1: detected capacity change from 0 to 256 [ 190.602077][ T6615] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 190.632051][ T6578] BTRFS info (device loop0): enabling ssd optimizations [ 191.089504][ T4875] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 191.588949][ T6645] loop2: detected capacity change from 0 to 512 [ 191.649903][ T6645] EXT4-fs: Ignoring removed nobh option [ 191.751839][ T6645] fscrypt (loop2, inode 2): Error -61 getting encryption context [ 191.759641][ T6645] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -61 [ 191.808726][ T6645] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #13: comm syz.2.1021: casefold flag without casefold feature [ 191.851120][ T6645] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #13: comm syz.2.1021: unexpected EA_INODE flag [ 191.877251][ T6645] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.1021: couldn't read orphan inode 13 (err -117) [ 191.889936][ T6645] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 192.028725][ T6645] EXT4-fs: Ignoring removed orlov option [ 192.065525][ T6645] EXT4-fs error (device loop2): __ext4_remount:6425: comm syz.2.1021: Abort forced by user [ 192.086122][ T6645] EXT4-fs (loop2): Remounting filesystem read-only [ 192.104946][ T6645] EXT4-fs (loop2): re-mounted. Quota mode: none. [ 192.149961][ T4552] EXT4-fs (loop2): unmounting filesystem. [ 192.689336][ T6688] loop2: detected capacity change from 0 to 512 [ 192.718672][ T6688] EXT4-fs: Ignoring removed nobh option [ 192.755941][ T6688] fscrypt (loop2, inode 2): Error -61 getting encryption context [ 192.776216][ T6688] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -61 [ 192.796572][ T6688] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #13: comm syz.2.1040: casefold flag without casefold feature [ 192.835910][ T6688] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #13: comm syz.2.1040: unexpected EA_INODE flag [ 192.866577][ T6688] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.1040: couldn't read orphan inode 13 (err -117) [ 192.890990][ T6688] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 193.017360][ T6688] EXT4-fs: Ignoring removed orlov option [ 193.034634][ T6688] EXT4-fs error (device loop2): __ext4_remount:6425: comm syz.2.1040: Abort forced by user [ 193.066383][ T6688] EXT4-fs (loop2): Remounting filesystem read-only [ 193.081115][ T6688] EXT4-fs (loop2): re-mounted. Quota mode: none. [ 193.132952][ T4552] EXT4-fs (loop2): unmounting filesystem. [ 193.232072][ T6695] loop2: detected capacity change from 0 to 1024 [ 193.260032][ T6695] EXT4-fs (loop2): invalid inodes per group: 458784 [ 193.260032][ T6695] [ 193.449409][ T6699] loop2: detected capacity change from 0 to 1024 [ 193.458626][ T6699] EXT4-fs: Ignoring removed orlov option [ 193.487818][ T6699] EXT4-fs: Ignoring removed nomblk_io_submit option [ 193.519916][ T6699] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a80ec018, mo2=0002] [ 193.577369][ T6699] System zones: 0-1, 3-36 [ 193.598118][ T6699] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 193.766205][ T4552] EXT4-fs (loop2): unmounting filesystem. [ 193.958570][ T6720] loop2: detected capacity change from 0 to 512 [ 193.979230][ T6720] EXT4-fs: Ignoring removed nobh option [ 194.028677][ T6720] fscrypt (loop2, inode 2): Error -61 getting encryption context [ 194.060309][ T6720] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -61 [ 194.061198][ T1243] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.082530][ T6720] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #13: comm syz.2.1052: casefold flag without casefold feature [ 194.095732][ T6720] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #13: comm syz.2.1052: unexpected EA_INODE flag [ 194.100603][ T1243] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.107547][ T6720] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.1052: couldn't read orphan inode 13 (err -117) [ 194.129352][ T6720] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 194.150039][ T6727] loop4: detected capacity change from 0 to 1024 [ 194.159447][ T6727] EXT4-fs (loop4): invalid inodes per group: 458784 [ 194.159447][ T6727] [ 194.208331][ T3536] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 194.221445][ T6720] EXT4-fs: Ignoring removed orlov option [ 194.227205][ T6720] EXT4-fs error (device loop2): __ext4_remount:6425: comm syz.2.1052: Abort forced by user [ 194.286115][ T6720] EXT4-fs (loop2): Remounting filesystem read-only [ 194.303840][ T6720] EXT4-fs (loop2): re-mounted. Quota mode: none. [ 194.356445][ T4552] EXT4-fs (loop2): unmounting filesystem. [ 194.687529][ T6743] MPI: mpi too large (181568 bits) [ 195.427896][ T6769] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1070'. [ 195.439686][ T6769] netlink: 'syz.3.1070': attribute type 15 has an invalid length. [ 195.450075][ T6769] netlink: 'syz.3.1070': attribute type 18 has an invalid length. [ 195.615649][ T6776] loop2: detected capacity change from 0 to 64 [ 195.708767][ T6775] loop3: detected capacity change from 0 to 4096 [ 195.753301][ T6775] ntfs3: loop3: Different NTFS' sector size (2048) and media sector size (512) [ 195.807215][ T6775] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 195.941591][ T3546] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22. [ 197.213140][ T6805] nfs: Unknown parameter '00000000000000000000' [ 197.230504][ T26] audit: type=1326 audit(1721049150.173:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6794 comm="syz.2.1080" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8a30575bd9 code=0x0 [ 197.297059][ T6803] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1083'. [ 197.556110][ T6806] loop3: detected capacity change from 0 to 512 [ 197.861973][ T6804] loop4: detected capacity change from 0 to 4096 [ 197.920764][ T6804] ntfs3: loop4: Different NTFS' sector size (2048) and media sector size (512) [ 197.956162][ T6804] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 198.132819][ T4378] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22. [ 198.779551][ T6839] loop4: detected capacity change from 0 to 512 [ 199.273294][ T6843] loop7: detected capacity change from 0 to 16384 [ 199.487037][ T26] audit: type=1326 audit(1721049152.433:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6850 comm="syz.3.1101" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efc7a975bd9 code=0x0 [ 199.828006][ T6872] loop7: detected capacity change from 0 to 16384 [ 200.990328][ T6915] loop4: detected capacity change from 0 to 64 [ 201.208212][ T6926] loop3: detected capacity change from 0 to 16 [ 201.230167][ T6926] erofs: (device loop3): mounted with root inode @ nid 36. [ 201.249729][ T6926] erofs: (device loop3): erofs_map_blocks_flatmode: inline data cross block boundary @ nid 46 [ 201.663206][ T6924] loop4: detected capacity change from 0 to 40427 [ 201.691475][ T6924] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(262146) root(3) [ 201.699853][ T6924] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 201.716536][ T6924] F2FS-fs (loop4): Found nat_bits in checkpoint [ 201.774308][ T6924] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 201.781526][ T6924] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 201.919004][ T6938] loop2: detected capacity change from 0 to 512 [ 201.966295][ T6938] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 201.976700][ T6938] ext4 filesystem being mounted at /138/file0 supports timestamps until 2038 (0x7fffffff) [ 202.164303][ T26] audit: type=1804 audit(1721049155.023:9): pid=6944 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1134" name="/newroot/180/file2/bus" dev="loop4" ino=10 res=1 errno=0 [ 202.374440][ T4552] EXT4-fs (loop2): unmounting filesystem. [ 202.442018][ T26] audit: type=1804 audit(1721049155.033:10): pid=6944 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1134" name="/newroot/180/file2/bus" dev="loop4" ino=10 res=1 errno=0 [ 202.557881][ T4378] syz-executor: attempt to access beyond end of device [ 202.557881][ T4378] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 203.050774][ T6956] loop3: detected capacity change from 0 to 512 [ 203.140689][ T6956] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 203.179252][ T3552] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 203.188476][ T3552] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 203.196562][ T3552] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 203.226958][ T3552] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 203.236629][ T3552] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 203.244951][ T3552] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 203.283252][ T6956] EXT4-fs (loop3): 1 orphan inode deleted [ 203.283558][ T3561] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 203.288981][ T6956] EXT4-fs (loop3): 1 truncate cleaned up [ 203.289004][ T6956] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 203.321702][ T3553] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 203.329813][ T3553] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 203.338957][ T3553] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 203.351619][ T3553] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 203.359526][ T3553] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 203.500813][ T6962] loop2: detected capacity change from 0 to 512 [ 203.522152][ T6956] EXT4-fs (loop3): unmounting filesystem. [ 203.884961][ T6969] loop4: detected capacity change from 0 to 64 [ 203.988040][ T6972] trusted_key: encrypted_key: keyword 'ne#default' not recognized [ 204.202872][ T6959] chnl_net:caif_netlink_parms(): no params data found [ 204.226738][ T6964] chnl_net:caif_netlink_parms(): no params data found [ 204.443472][ T6959] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.450895][ T6959] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.459036][ T6959] device bridge_slave_0 entered promiscuous mode [ 204.475681][ T6959] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.483041][ T6959] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.491460][ T6959] device bridge_slave_1 entered promiscuous mode [ 204.521228][ T6964] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.528311][ T6964] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.536767][ T6964] device bridge_slave_0 entered promiscuous mode [ 204.577246][ T6964] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.589647][ T6964] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.603763][ T6964] device bridge_slave_1 entered promiscuous mode [ 204.667323][ T6959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 204.718466][ T6964] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 204.739500][ T6959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 204.759115][ T6964] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 204.868271][ T6980] loop4: detected capacity change from 0 to 40427 [ 204.877493][ T6980] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(262146) root(3) [ 204.910196][ T6980] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 204.928682][ T6959] team0: Port device team_slave_0 added [ 204.955228][ T6964] team0: Port device team_slave_0 added [ 204.958949][ T6994] loop7: detected capacity change from 0 to 16384 [ 204.968802][ T6964] team0: Port device team_slave_1 added [ 204.978681][ T6959] team0: Port device team_slave_1 added [ 204.993913][ T6980] F2FS-fs (loop4): Found nat_bits in checkpoint [ 205.049205][ T6964] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 205.063317][ T6964] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 205.092222][ T6964] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 205.104518][ T6980] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 205.129976][ T6980] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 205.132595][ T6959] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 205.176415][ T6959] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 205.275210][ T6959] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 205.295315][ T6964] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 205.307634][ T6964] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 205.361224][ T3553] Bluetooth: hci1: command tx timeout [ 205.362738][ T6964] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 205.385271][ T6959] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 205.402747][ T6959] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 205.430999][ T3553] Bluetooth: hci3: command tx timeout [ 205.536568][ T26] audit: type=1804 audit(1721049158.473:11): pid=7004 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1151" name="/newroot/183/file2/bus" dev="loop4" ino=10 res=1 errno=0 [ 205.974817][ T6959] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 205.993258][ T26] audit: type=1804 audit(1721049158.473:12): pid=7004 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1151" name="/newroot/183/file2/bus" dev="loop4" ino=10 res=1 errno=0 [ 206.066801][ T6959] device hsr_slave_0 entered promiscuous mode [ 206.080030][ T6959] device hsr_slave_1 entered promiscuous mode [ 206.107776][ T6959] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 206.118089][ T6959] Cannot create hsr debugfs directory [ 206.127419][ T4378] syz-executor: attempt to access beyond end of device [ 206.127419][ T4378] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 206.200234][ T6964] device hsr_slave_0 entered promiscuous mode [ 206.214939][ T6964] device hsr_slave_1 entered promiscuous mode [ 206.245104][ T6964] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 206.254500][ T6964] Cannot create hsr debugfs directory [ 206.270363][ T7012] loop3: detected capacity change from 0 to 512 [ 206.279559][ T7012] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 206.328363][ T26] audit: type=1326 audit(1721049159.273:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7013 comm="syz.2.1158" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8a30575bd9 code=0x0 [ 206.430940][ T7012] EXT4-fs (loop3): 1 orphan inode deleted [ 206.436852][ T7012] EXT4-fs (loop3): 1 truncate cleaned up [ 206.485865][ T7012] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 206.602925][ T7012] EXT4-fs (loop3): unmounting filesystem. [ 206.809160][ T6959] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.002069][ T6959] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.093333][ T7027] loop4: detected capacity change from 0 to 4096 [ 207.121320][ T7027] ntfs3: loop4: Different NTFS' sector size (2048) and media sector size (512) [ 207.137016][ T7026] loop3: detected capacity change from 0 to 4096 [ 207.158883][ T6959] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.181377][ T7027] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 207.204869][ T7026] ntfs: volume version 3.1. [ 207.340137][ T6959] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.344020][ T4378] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22. [ 207.357246][ T7031] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1162'. [ 207.375404][ T7026] ntfs: (device loop3): ntfs_nlstoucs(): Name using character set utf8 contains characters that cannot be converted to Unicode. [ 207.410645][ T3552] Bluetooth: hci1: command tx timeout [ 207.420127][ T7026] ntfs: (device loop3): ntfs_lookup(): Failed to convert name to Unicode. [ 207.455879][ T7033] loop7: detected capacity change from 0 to 16384 [ 207.480361][ T7035] loop2: detected capacity change from 0 to 64 [ 207.484898][ T7026] overlayfs: failed to resolve './file2': -2 [ 207.570794][ T3552] Bluetooth: hci3: command tx timeout [ 207.694688][ T6964] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.818190][ T7042] loop4: detected capacity change from 0 to 2048 [ 207.833348][ T6964] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.846711][ T7042] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities [ 207.897655][ T7042] loop4: detected capacity change from 0 to 512 [ 207.941937][ T7042] EXT4-fs: Mount option(s) incompatible with ext2 [ 207.988943][ T26] audit: type=1326 audit(1721049160.933:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7047 comm="syz.2.1171" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8a30575bd9 code=0x0 [ 208.025712][ T3536] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 208.035142][ T6964] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.087621][ T7042] loop4: detected capacity change from 0 to 2048 [ 208.096520][ T7052] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1172'. [ 208.151372][ T7042] Alternate GPT is invalid, using primary GPT. [ 208.158467][ T7042] loop4: p2 p3 p7 [ 208.190930][ T6964] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.264705][ T7042] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.273090][ T7042] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.339447][ T7056] loop3: detected capacity change from 0 to 4096 [ 208.423980][ T7056] ntfs: volume version 3.1. [ 208.501337][ T7056] ntfs: (device loop3): ntfs_nlstoucs(): Name using character set utf8 contains characters that cannot be converted to Unicode. [ 208.526668][ T6959] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 208.536284][ T7056] ntfs: (device loop3): ntfs_lookup(): Failed to convert name to Unicode. [ 208.551274][ T6959] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 208.563296][ T7056] overlayfs: failed to resolve './file2': -2 [ 208.578336][ T6959] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 208.623295][ T6959] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 208.724023][ T7066] loop3: detected capacity change from 0 to 64 [ 208.746081][ T6964] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 208.782066][ T6964] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 208.824981][ T7068] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1176'. [ 208.852324][ T6964] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 208.892844][ T6964] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 208.947889][ T6959] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.992664][ T3589] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.000456][ T3589] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.016997][ T6959] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.047087][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.057801][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.067033][ T3647] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.074176][ T3647] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.126318][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 209.136002][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.144844][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.153760][ T3594] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.160879][ T3594] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.168496][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 209.181544][ T7081] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.190422][ T7081] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.236283][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.248456][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 209.269143][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 209.277978][ T7082] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.285095][ T7082] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.292497][ T7082] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.300776][ T3589] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 209.300952][ T7082] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.319543][ T7082] device bridge0 entered promiscuous mode [ 209.355316][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 209.363939][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 209.374007][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 209.398746][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 209.407936][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 209.429695][ T6959] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 209.461108][ T7085] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1182'. [ 209.490904][ T3552] Bluetooth: hci1: command tx timeout [ 209.497851][ T6959] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 209.517787][ T6964] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.526390][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 209.535583][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 209.571443][ T3589] usb 5-1: Using ep0 maxpacket: 16 [ 209.580504][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.588518][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.652115][ T3553] Bluetooth: hci3: command tx timeout [ 209.654647][ T7092] loop3: detected capacity change from 0 to 2048 [ 209.667557][ T6964] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.678586][ T7092] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 209.699225][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.703117][ T7095] trusted_key: encrypted_key: keyword 'ne#default' not recognized [ 209.708268][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.741426][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.748524][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.769532][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 209.803555][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.812687][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.837517][ T153] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.844492][ T7092] loop3: detected capacity change from 0 to 512 [ 209.844655][ T153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.858839][ T3589] usb 5-1: New USB device found, idVendor=0582, idProduct=00e6, bcdDevice=4e.06 [ 209.870837][ T3589] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.887979][ T3589] usb 5-1: Product: syz [ 209.896397][ T3589] usb 5-1: Manufacturer: syz [ 209.901456][ T3589] usb 5-1: SerialNumber: syz [ 209.906465][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 209.910384][ T7092] EXT4-fs: Mount option(s) incompatible with ext2 [ 209.923347][ T3589] usb 5-1: config 0 descriptor?? [ 209.955606][ T6959] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.966300][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.976216][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 209.989488][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.014665][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.071738][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.090488][ T7092] loop3: detected capacity change from 0 to 2048 [ 210.097716][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.102191][ T3536] udevd[3536]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 210.122271][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.135428][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 210.147868][ T7092] Alternate GPT is invalid, using primary GPT. [ 210.161037][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 210.182135][ T6964] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 210.190091][ T7092] loop3: p2 p3 p7 [ 210.228657][ T6964] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 210.237337][ T3002] Alternate GPT is invalid, using primary GPT. [ 210.250841][ T3002] loop3: p2 p3 p7 [ 210.266266][ T3589] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 210.282498][ T3589] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 210.318305][ T3589] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 210.337112][ T3589] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 210.365824][ T3589] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 210.408151][ T7092] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.415610][ T7092] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.636181][ T6959] device veth0_vlan entered promiscuous mode [ 210.667559][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 210.691124][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 210.699740][ T7107] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1187'. [ 210.724200][ T6959] device veth1_vlan entered promiscuous mode [ 210.750330][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 210.771243][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 210.779044][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 210.859721][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 210.871503][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 210.900984][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 210.933296][ T7077] device dummy0 entered promiscuous mode [ 210.940034][ T7077] device dummy0 left promiscuous mode [ 210.954975][ T6959] device veth0_macvtap entered promiscuous mode [ 210.993721][ T3589] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 211.005447][ T3589] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 211.044975][ T3589] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 211.179916][ T6964] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.191046][ T936] usb 5-1: USB disconnect, device number 7 [ 211.197731][ T6959] device veth1_macvtap entered promiscuous mode [ 211.227289][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.238467][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.388641][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.478950][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.532747][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.614349][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.641878][ T3553] Bluetooth: hci1: command tx timeout [ 211.700039][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.730814][ T3552] Bluetooth: hci3: command tx timeout [ 211.758751][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.844658][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.880643][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.906886][ T6959] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 211.948696][ T6964] device veth0_vlan entered promiscuous mode [ 211.969951][ T6964] device veth1_vlan entered promiscuous mode [ 211.991594][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 211.999663][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 212.010245][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 212.019044][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 212.027749][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 212.036549][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 212.044856][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 212.053486][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 212.071829][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 212.079816][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 212.119577][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.131862][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.142171][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.165836][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.175957][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.187004][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.230740][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.244263][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.278658][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.294872][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.316228][ T6959] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 212.345392][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 212.354592][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 212.378060][ T6959] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.396108][ T6959] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.416250][ T6959] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.429535][ T6959] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.503657][ T6964] device veth0_macvtap entered promiscuous mode [ 212.529825][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 212.542740][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 212.568902][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 212.585749][ T7139] loop2: detected capacity change from 0 to 2048 [ 212.587019][ T6964] device veth1_macvtap entered promiscuous mode [ 212.610192][ T6964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.621661][ T6964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.632989][ T6964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.639117][ T7139] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 212.654221][ T6964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.674240][ T6964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.685193][ T6964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.695863][ T6964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.706435][ T6964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.708991][ T7139] loop2: detected capacity change from 0 to 512 [ 212.716318][ T6964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.716336][ T6964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.716354][ T6964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.716367][ T6964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.717830][ T6964] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 212.788477][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 212.798931][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 212.807962][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 212.812647][ T7139] EXT4-fs: Mount option(s) incompatible with ext2 [ 212.829201][ T6964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.844837][ T6964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.855395][ T6964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.865991][ T6964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.876207][ T6964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.889149][ T6964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.899279][ T6964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.909961][ T6964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.920103][ T6964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.931279][ T41] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 212.939502][ T6964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.958340][ T6964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.969909][ T6964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.975358][ T7142] loop4: detected capacity change from 0 to 512 [ 212.982128][ T6964] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 212.999829][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 213.019911][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 213.045559][ T7142] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 213.078448][ T6964] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.130764][ T6964] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.139508][ T7139] loop2: detected capacity change from 0 to 2048 [ 213.147049][ T6964] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.164064][ T7142] EXT4-fs (loop4): 1 orphan inode deleted [ 213.181309][ T6964] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.190225][ T7142] EXT4-fs (loop4): 1 truncate cleaned up [ 213.226656][ T7142] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 213.244460][ T7139] Alternate GPT is invalid, using primary GPT. [ 213.281681][ T7139] loop2: p2 p3 p7 [ 213.312637][ T41] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 213.325670][ T3675] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.354616][ T3675] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.386844][ T41] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 213.422618][ T7142] EXT4-fs (loop4): unmounting filesystem. [ 213.426299][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 213.469103][ T41] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 213.488711][ T7139] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.496085][ T7139] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.662884][ T7139] device bridge0 left promiscuous mode [ 213.700902][ T41] usb 4-1: New USB device found, idVendor=045e, idProduct=0446, bcdDevice=d4.30 [ 213.711517][ T41] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.724155][ T3847] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.731559][ T41] usb 4-1: Product: syz [ 213.736466][ T41] usb 4-1: Manufacturer: syz [ 213.751772][ T41] usb 4-1: SerialNumber: syz [ 213.757898][ T3643] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.776622][ T41] usb 4-1: config 0 descriptor?? [ 213.791740][ T3847] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.802721][ T3643] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.855991][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 213.870979][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 213.890305][ T3847] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.920238][ T3847] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.982605][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 214.103025][ T7154] program syz.0.1139 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 214.141317][ T7154] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 214.370342][ T7168] input: syz1 as /devices/virtual/input/input5 [ 214.566946][ T7173] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1207'. [ 214.600883][ T936] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 214.960621][ T936] usb 1-1: Using ep0 maxpacket: 16 [ 215.027554][ T7187] random: crng reseeded on system resumption [ 215.703890][ T153] usb 4-1: USB disconnect, device number 7 [ 215.710801][ T7189] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 215.755110][ T7192] loop2: detected capacity change from 0 to 2048 [ 215.767671][ T7192] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 215.782722][ T7189] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.789884][ T7189] bridge0: port 2(bridge_slave_1) entered listening state [ 215.797221][ T7189] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.804359][ T7189] bridge0: port 1(bridge_slave_0) entered listening state [ 215.828242][ T7189] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 215.871129][ T7189] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 215.919076][ T7189] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 215.931374][ T7192] loop2: detected capacity change from 0 to 512 [ 215.962167][ T7192] EXT4-fs: Mount option(s) incompatible with ext2 [ 215.981101][ T936] usb 1-1: New USB device found, idVendor=0582, idProduct=00e6, bcdDevice=4e.06 [ 215.996513][ T936] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.022779][ T7201] input: syz1 as /devices/virtual/input/input6 [ 216.029037][ T936] usb 1-1: Product: syz [ 216.039145][ T936] usb 1-1: Manufacturer: syz [ 216.050605][ T936] usb 1-1: SerialNumber: syz [ 216.070717][ T936] usb 1-1: config 0 descriptor?? [ 216.183627][ T7192] loop2: detected capacity change from 0 to 2048 [ 216.215107][ T3562] udevd[3562]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 216.277029][ T7192] Alternate GPT is invalid, using primary GPT. [ 216.292505][ T7192] loop2: p2 p3 p7 [ 216.497766][ T3002] Alternate GPT is invalid, using primary GPT. [ 216.534756][ T3002] loop2: p2 p3 p7 [ 216.603885][ T7215] 9pnet_fd: p9_fd_create_tcp (7215): problem connecting socket to 127.0.0.1 [ 216.640913][ T3553] Bluetooth: hci0: command 0x0406 tx timeout [ 217.755933][ T7199] loop1: detected capacity change from 0 to 40427 [ 217.867278][ T7164] device dummy0 entered promiscuous mode [ 217.874306][ T7164] device dummy0 left promiscuous mode [ 218.004594][ T7234] random: crng reseeded on system resumption [ 218.600792][ T7199] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(262146) root(3) [ 218.631316][ T7199] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 219.759560][ T7199] F2FS-fs (loop1): Failed to start F2FS issue_checkpoint_thread (-12) [ 219.833934][ T7244] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 219.871676][ T3651] usb 1-1: USB disconnect, device number 3 [ 219.904646][ T7244] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 220.011722][ T7244] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 220.109905][ T7251] program syz.2.1232 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 220.160786][ T7251] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 220.506822][ T7273] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.514067][ T7273] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.539771][ T3553] Bluetooth: hci4: unexpected event for opcode 0x0c26 [ 220.549177][ T26] audit: type=1326 audit(1721049173.493:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm="syz.0.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ea175bd9 code=0x7ffc0000 [ 220.627089][ T26] audit: type=1326 audit(1721049173.523:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm="syz.0.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f99ea175bd9 code=0x7ffc0000 [ 220.629058][ T7273] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.656434][ T7273] bridge0: port 2(bridge_slave_1) entered listening state [ 220.656511][ T26] audit: type=1326 audit(1721049173.523:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ea175bd9 code=0x7ffc0000 [ 220.663715][ T7273] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.694515][ T7273] bridge0: port 1(bridge_slave_0) entered listening state [ 220.786975][ T26] audit: type=1326 audit(1721049173.523:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ea175bd9 code=0x7ffc0000 [ 220.811484][ T26] audit: type=1326 audit(1721049173.523:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f99ea174610 code=0x7ffc0000 [ 220.837948][ T7273] device bridge0 entered promiscuous mode [ 220.847236][ T26] audit: type=1326 audit(1721049173.523:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f99ea174610 code=0x7ffc0000 [ 220.985249][ T7290] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.992434][ T7290] bridge0: port 2(bridge_slave_1) entered listening state [ 220.999753][ T7290] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.003213][ T26] audit: type=1326 audit(1721049173.523:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ea175bd9 code=0x7ffc0000 [ 221.006868][ T7290] bridge0: port 1(bridge_slave_0) entered listening state [ 221.038134][ T26] audit: type=1326 audit(1721049173.523:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ea175bd9 code=0x7ffc0000 [ 221.072331][ T7290] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 221.080226][ T7290] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 221.131701][ T7294] program syz.0.1247 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 221.140952][ T7290] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 221.172046][ T7294] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 221.282413][ T7259] loop1: detected capacity change from 0 to 32768 [ 221.399241][ T7307] tun0: tun_chr_ioctl cmd 1074812118 [ 221.417353][ T7312] loop2: detected capacity change from 0 to 2048 [ 221.418544][ T7259] XFS (loop1): Mounting V5 Filesystem [ 221.478739][ T7312] loop2: p2 < > [ 221.535785][ T3553] Bluetooth: hci0: unexpected event for opcode 0x0c26 [ 221.551672][ T7259] XFS (loop1): Ending clean mount [ 221.562789][ T3002] loop2: p2 < > [ 221.573804][ T7323] loop0: detected capacity change from 0 to 8 [ 221.622081][ T7259] XFS (loop1): Quotacheck needed: Please wait. [ 221.674966][ T3562] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 221.685069][ T7259] XFS (loop1): Quotacheck: Done. [ 221.693609][ T7328] xt_hashlimit: max too large, truncated to 1048576 [ 221.714184][ T7328] xt_CT: You must specify a L4 protocol and not use inversions on it [ 221.777871][ T7330] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.785093][ T7330] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.869750][ T3562] udevd[3562]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 221.889546][ T6964] XFS (loop1): Unmounting Filesystem [ 221.906834][ T7334] program syz.3.1262 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 221.907479][ T7330] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.923204][ T7330] bridge0: port 2(bridge_slave_1) entered listening state [ 221.930575][ T7330] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.937688][ T7330] bridge0: port 1(bridge_slave_0) entered listening state [ 221.945449][ T7334] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 222.008967][ T7330] device bridge0 entered promiscuous mode [ 222.192859][ T7343] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.200020][ T7343] bridge0: port 2(bridge_slave_1) entered listening state [ 222.207384][ T7343] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.214656][ T7343] bridge0: port 1(bridge_slave_0) entered listening state [ 222.260600][ T41] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 222.303748][ T7348] loop2: detected capacity change from 0 to 1024 [ 222.312114][ T7343] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 222.320024][ T7348] EXT4-fs: Ignoring removed i_version option [ 222.326654][ T7348] EXT4-fs: Ignoring removed bh option [ 222.332678][ T7343] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 222.354843][ T7343] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 222.378174][ T7348] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #3: block 69: comm syz.2.1268: lblock 8 mapped to illegal pblock 69 (length 1) [ 222.419596][ T7348] Quota error (device loop2): write_blk: dquota write failed [ 222.430880][ T7348] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #3: block 68: comm syz.2.1268: lblock 7 mapped to illegal pblock 68 (length 1) [ 222.512806][ T7348] Quota error (device loop2): write_blk: dquota write failed [ 222.552027][ T7348] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #3: block 67: comm syz.2.1268: lblock 6 mapped to illegal pblock 67 (length 1) [ 222.592667][ T7348] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #3: block 48: comm syz.2.1268: lblock 0 mapped to illegal pblock 48 (length 1) [ 222.615625][ T7348] EXT4-fs error (device loop2): ext4_acquire_dquot:6777: comm syz.2.1268: Failed to acquire dquot type 0 [ 222.638442][ T7348] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5868: Corrupt filesystem [ 222.699585][ T7348] EXT4-fs error (device loop2): ext4_evict_inode:279: inode #11: comm syz.2.1268: mark_inode_dirty error [ 222.772068][ T41] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 222.884858][ T41] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 222.943265][ T7348] EXT4-fs warning (device loop2): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 223.074162][ T7348] EXT4-fs (loop2): 1 orphan inode deleted [ 223.256835][ T41] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 223.279843][ T7348] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 223.313564][ T56] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #3: block 1: comm kworker/u4:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 223.366031][ T41] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.433458][ T56] EXT4-fs error (device loop2): ext4_release_dquot:6800: comm kworker/u4:4: Failed to release dquot type 0 [ 223.455515][ T41] usb 5-1: Product: syz [ 223.459703][ T41] usb 5-1: Manufacturer: 抡֨顼쐼⃉ꝫ㧨㙘ܓ슪ꀡ⚃⶟墔蓼༣鴾Ꚑ儧홳ڋ쪗 [ 223.528918][ T41] usb 5-1: SerialNumber: syz [ 223.559756][ T7348] EXT4-fs (loop2): unmounting filesystem. [ 223.592987][ T7348] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5868: Corrupt filesystem [ 223.618353][ T7348] EXT4-fs error (device loop2): ext4_quota_off:7066: inode #3: comm syz.2.1268: mark_inode_dirty error [ 223.772966][ T7381] loop1: detected capacity change from 0 to 16 [ 223.804947][ T7381] erofs: (device loop1): mounted with root inode @ nid 36. [ 223.826606][ T7385] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.830347][ T7381] erofs: (device loop1): erofs_map_blocks_flatmode: inline data cross block boundary @ nid 46 [ 223.833813][ T7385] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.861227][ T7385] device bridge0 left promiscuous mode [ 223.870815][ T41] usb 5-1: 0:2 : does not exist [ 223.897633][ T41] usb 5-1: USB disconnect, device number 8 [ 223.942612][ T7385] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.949751][ T7385] bridge0: port 2(bridge_slave_1) entered listening state [ 223.957086][ T7385] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.964215][ T7385] bridge0: port 1(bridge_slave_0) entered listening state [ 224.034014][ T7385] device bridge0 entered promiscuous mode [ 224.095998][ T7394] sctp: [Deprecated]: syz.3.1282 (pid 7394) Use of struct sctp_assoc_value in delayed_ack socket option. [ 224.095998][ T7394] Use struct sctp_sack_info instead [ 224.199500][ T3536] udevd[3536]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 225.141004][ T3553] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 225.149647][ T3553] Bluetooth: hci4: Injecting HCI hardware error event [ 225.158692][ T3553] Bluetooth: hci4: hardware error 0x00 [ 225.329872][ T7419] loop4: detected capacity change from 0 to 16 [ 225.382241][ T7419] erofs: (device loop4): mounted with root inode @ nid 36. [ 225.407513][ T7416] loop3: detected capacity change from 0 to 1024 [ 225.426724][ T7419] erofs: (device loop4): erofs_map_blocks_flatmode: inline data cross block boundary @ nid 46 [ 225.452091][ T7416] EXT4-fs: Ignoring removed i_version option [ 225.480658][ T7416] EXT4-fs: Ignoring removed bh option [ 225.535463][ T7416] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #3: block 69: comm syz.3.1290: lblock 8 mapped to illegal pblock 69 (length 1) [ 225.571983][ T3552] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 225.582058][ T3552] Bluetooth: hci0: Injecting HCI hardware error event [ 225.590378][ T3561] Bluetooth: hci0: hardware error 0x00 [ 225.621113][ T7416] __quota_error: 23 callbacks suppressed [ 225.621127][ T7416] Quota error (device loop3): write_blk: dquota write failed [ 225.699220][ T7416] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #3: block 68: comm syz.3.1290: lblock 7 mapped to illegal pblock 68 (length 1) [ 225.769829][ T7416] Quota error (device loop3): write_blk: dquota write failed [ 225.788266][ T7416] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #3: block 67: comm syz.3.1290: lblock 6 mapped to illegal pblock 67 (length 1) [ 225.809675][ T7416] Quota error (device loop3): write_blk: dquota write failed [ 225.872345][ T7444] xt_hashlimit: max too large, truncated to 1048576 [ 225.885929][ T7416] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 225.912712][ T7444] xt_CT: You must specify a L4 protocol and not use inversions on it [ 225.929770][ T7416] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #3: block 48: comm syz.3.1290: lblock 0 mapped to illegal pblock 48 (length 1) [ 225.950782][ T26] audit: type=1326 audit(1721049178.893:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7446 comm="syz.1.1304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25b7975bd9 code=0x7ffc0000 [ 225.957550][ T7416] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 225.972920][ C0] vkms_vblank_simulate: vblank timer overrun [ 225.990696][ T7416] EXT4-fs error (device loop3): ext4_acquire_dquot:6777: comm syz.3.1290: Failed to acquire dquot type 0 [ 226.010993][ T26] audit: type=1326 audit(1721049178.893:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7446 comm="syz.1.1304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25b7975bd9 code=0x7ffc0000 [ 226.042071][ T7416] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5868: Corrupt filesystem [ 226.090433][ T7416] EXT4-fs error (device loop3): ext4_evict_inode:279: inode #11: comm syz.3.1290: mark_inode_dirty error [ 226.108440][ T26] audit: type=1326 audit(1721049178.963:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7446 comm="syz.1.1304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f25b7975bd9 code=0x7ffc0000 [ 226.158976][ T7416] EXT4-fs warning (device loop3): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 226.189826][ T7416] EXT4-fs (loop3): 1 orphan inode deleted [ 226.196104][ T26] audit: type=1326 audit(1721049178.963:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7446 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25b7975bd9 code=0x7ffc0000 [ 226.219844][ C0] vkms_vblank_simulate: vblank timer overrun [ 226.236966][ T3643] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #3: block 1: comm kworker/u4:7: lblock 1 mapped to illegal pblock 1 (length 1) [ 226.256852][ T7416] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 226.286709][ T3643] Quota error (device loop3): remove_tree: Can't read quota data block 1 [ 226.340700][ T3643] EXT4-fs error (device loop3): ext4_release_dquot:6800: comm kworker/u4:7: Failed to release dquot type 0 [ 226.437278][ T7416] EXT4-fs (loop3): unmounting filesystem. [ 226.481222][ T7416] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5868: Corrupt filesystem [ 226.502095][ T7416] EXT4-fs error (device loop3): ext4_quota_off:7066: inode #3: comm syz.3.1290: mark_inode_dirty error [ 226.523309][ T7433] loop2: detected capacity change from 0 to 32768 [ 226.614955][ T7433] XFS (loop2): Mounting V5 Filesystem [ 226.671595][ T7481] Bluetooth: MGMT ver 1.22 [ 226.729205][ T7433] XFS (loop2): Ending clean mount [ 226.828395][ T7485] xt_hashlimit: max too large, truncated to 1048576 [ 226.835687][ T4552] XFS (loop2): Unmounting Filesystem [ 226.841754][ T7488] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1318'. [ 226.845074][ T7485] xt_CT: You must specify a L4 protocol and not use inversions on it [ 227.060802][ T41] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 227.342613][ T3553] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 227.405270][ T7514] loop1: detected capacity change from 0 to 1024 [ 227.414363][ T7514] EXT4-fs: Ignoring removed i_version option [ 227.420611][ T7514] EXT4-fs: Ignoring removed bh option [ 227.433483][ T41] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 227.448808][ T7514] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #3: block 69: comm syz.1.1328: lblock 8 mapped to illegal pblock 69 (length 1) [ 227.457060][ T41] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 227.468767][ T7514] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #3: block 68: comm syz.1.1328: lblock 7 mapped to illegal pblock 68 (length 1) [ 227.489519][ T7514] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #3: block 67: comm syz.1.1328: lblock 6 mapped to illegal pblock 67 (length 1) [ 227.514060][ T7514] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #3: block 48: comm syz.1.1328: lblock 0 mapped to illegal pblock 48 (length 1) [ 227.537613][ T7514] EXT4-fs error (device loop1): ext4_acquire_dquot:6777: comm syz.1.1328: Failed to acquire dquot type 0 [ 227.564684][ T7514] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5868: Corrupt filesystem [ 227.570608][ T41] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 227.577258][ T7514] EXT4-fs error (device loop1): ext4_evict_inode:279: inode #11: comm syz.1.1328: mark_inode_dirty error [ 227.601579][ T7514] EXT4-fs warning (device loop1): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 227.626573][ T7514] EXT4-fs (loop1): 1 orphan inode deleted [ 227.633357][ T7514] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 227.649567][ T3618] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #3: block 1: comm kworker/u4:6: lblock 1 mapped to illegal pblock 1 (length 1) [ 227.722498][ T7531] ALSA: seq fatal error: cannot create timer (-22) [ 227.729648][ T3618] EXT4-fs error (device loop1): ext4_release_dquot:6800: comm kworker/u4:6: Failed to release dquot type 0 [ 227.730700][ T3561] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 227.780875][ T41] usb 5-1: New USB device found, idVendor=045e, idProduct=0446, bcdDevice=d4.30 [ 227.790979][ T7514] EXT4-fs (loop1): unmounting filesystem. [ 227.797289][ T41] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.805814][ T41] usb 5-1: Product: syz [ 227.810085][ T41] usb 5-1: Manufacturer: syz [ 227.814888][ T7514] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5868: Corrupt filesystem [ 227.824831][ T41] usb 5-1: SerialNumber: syz [ 227.831154][ T41] usb 5-1: config 0 descriptor?? [ 227.836387][ T7514] EXT4-fs error (device loop1): ext4_quota_off:7066: inode #3: comm syz.1.1328: mark_inode_dirty error [ 227.960268][ T7533] loop3: detected capacity change from 0 to 1024 [ 227.976727][ T7533] EXT4-fs: Ignoring removed bh option [ 228.013056][ T7533] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 228.114920][ T7544] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1339'. [ 228.120205][ T3546] EXT4-fs (loop3): unmounting filesystem. [ 229.330735][ T3561] Bluetooth: hci2: command 0x0406 tx timeout [ 229.476799][ T7572] loop3: detected capacity change from 0 to 512 [ 229.499730][ T7572] EXT4-fs error (device loop3): __ext4_fill_super:5399: inode #2: comm syz.3.1350: casefold flag without casefold feature [ 229.509777][ T7574] loop2: detected capacity change from 0 to 1024 [ 229.521937][ T7572] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 229.551365][ T7574] EXT4-fs: Ignoring removed bh option [ 229.566531][ T7572] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 229.666663][ T3595] usb 5-1: USB disconnect, device number 9 [ 229.684758][ T7574] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 229.850725][ T3546] EXT4-fs (loop3): unmounting filesystem. [ 229.935212][ T4552] EXT4-fs (loop2): unmounting filesystem. [ 230.934692][ T7601] loop3: detected capacity change from 0 to 1024 [ 230.982487][ T7601] EXT4-fs: Ignoring removed i_version option [ 231.029466][ T7595] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa [ 231.105919][ T7601] EXT4-fs: Ignoring removed bh option [ 231.192869][ T7601] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #3: block 69: comm syz.3.1359: lblock 8 mapped to illegal pblock 69 (length 1) [ 231.222230][ T7601] __quota_error: 19 callbacks suppressed [ 231.222245][ T7601] Quota error (device loop3): write_blk: dquota write failed [ 231.275127][ T7601] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #3: block 68: comm syz.3.1359: lblock 7 mapped to illegal pblock 68 (length 1) [ 231.334078][ T7601] Quota error (device loop3): write_blk: dquota write failed [ 231.359698][ T7601] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #3: block 67: comm syz.3.1359: lblock 6 mapped to illegal pblock 67 (length 1) [ 231.401826][ T7601] Quota error (device loop3): write_blk: dquota write failed [ 231.468472][ T7601] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 231.479085][ T7601] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #3: block 48: comm syz.3.1359: lblock 0 mapped to illegal pblock 48 (length 1) [ 231.503067][ T7601] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 231.518651][ T7601] EXT4-fs error (device loop3): ext4_acquire_dquot:6777: comm syz.3.1359: Failed to acquire dquot type 0 [ 231.537559][ T7601] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5868: Corrupt filesystem [ 231.547238][ T7601] EXT4-fs error (device loop3): ext4_evict_inode:279: inode #11: comm syz.3.1359: mark_inode_dirty error [ 231.567505][ T7601] EXT4-fs warning (device loop3): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 231.579213][ T7601] EXT4-fs (loop3): 1 orphan inode deleted [ 231.591541][ T3643] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #3: block 1: comm kworker/u4:7: lblock 1 mapped to illegal pblock 1 (length 1) [ 231.614927][ T7601] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 231.626866][ T3643] Quota error (device loop3): remove_tree: Can't read quota data block 1 [ 231.645672][ T3643] EXT4-fs error (device loop3): ext4_release_dquot:6800: comm kworker/u4:7: Failed to release dquot type 0 [ 231.711084][ T7601] EXT4-fs (loop3): unmounting filesystem. [ 231.718056][ T7601] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5868: Corrupt filesystem [ 231.734610][ T7601] EXT4-fs error (device loop3): ext4_quota_off:7066: inode #3: comm syz.3.1359: mark_inode_dirty error [ 231.860713][ T3646] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 231.905507][ T7617] loop3: detected capacity change from 0 to 512 [ 231.948773][ T7617] EXT4-fs error (device loop3): __ext4_fill_super:5399: inode #2: comm syz.3.1366: casefold flag without casefold feature [ 232.004251][ T7610] loop2: detected capacity change from 0 to 32768 [ 232.041814][ T7617] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 232.052802][ T7617] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 232.105260][ T7610] XFS (loop2): Mounting V5 Filesystem [ 232.140358][ T3546] EXT4-fs (loop3): unmounting filesystem. [ 232.198257][ T7610] XFS (loop2): Ending clean mount [ 232.255106][ T4552] XFS (loop2): Unmounting Filesystem [ 232.263382][ T3646] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 232.273251][ T3646] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 232.291199][ T3646] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 232.423500][ T7630] loop2: detected capacity change from 0 to 1024 [ 232.439510][ T7630] EXT4-fs: Ignoring removed bh option [ 232.453170][ T7630] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 232.476903][ T26] audit: type=1800 audit(1721049185.423:59): pid=7630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1369" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 232.497504][ T3646] usb 5-1: New USB device found, idVendor=045e, idProduct=0446, bcdDevice=d4.30 [ 232.506650][ T3646] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.513736][ T26] audit: type=1800 audit(1721049185.423:60): pid=7630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1369" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 232.514936][ T3646] usb 5-1: Product: syz [ 232.539467][ T3646] usb 5-1: Manufacturer: syz [ 232.543931][ T26] audit: type=1800 audit(1721049185.423:61): pid=7630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1369" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 232.544819][ T3646] usb 5-1: SerialNumber: syz [ 232.576655][ T3646] usb 5-1: config 0 descriptor?? [ 232.581871][ T4552] EXT4-fs (loop2): unmounting filesystem. [ 232.629563][ T7634] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1370'. [ 232.736056][ T7638] loop2: detected capacity change from 0 to 128 [ 232.744061][ T7638] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 233.639827][ T7641] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa [ 233.984008][ T7652] ALSA: seq fatal error: cannot create timer (-22) [ 234.032635][ T7654] loop2: detected capacity change from 0 to 512 [ 234.044317][ T7654] EXT4-fs error (device loop2): __ext4_fill_super:5399: inode #2: comm syz.2.1378: casefold flag without casefold feature [ 234.058055][ T7654] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 234.076880][ T7654] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 234.119647][ T4552] EXT4-fs (loop2): unmounting filesystem. [ 234.487234][ T153] usb 5-1: USB disconnect, device number 10 [ 234.536345][ T7660] loop4: detected capacity change from 0 to 1024 [ 234.543518][ T7660] EXT4-fs: Ignoring removed bh option [ 234.555689][ T7660] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 234.570035][ T26] audit: type=1800 audit(1721049187.513:62): pid=7660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1381" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 234.612010][ T4378] EXT4-fs (loop4): unmounting filesystem. [ 234.658079][ T7664] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1382'. [ 234.766092][ T7668] loop4: detected capacity change from 0 to 512 [ 234.795606][ T7668] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 234.804818][ T7668] ext4 filesystem being mounted at /231/bus supports timestamps until 2038 (0x7fffffff) [ 234.870723][ T4378] EXT4-fs (loop4): unmounting filesystem. [ 235.740613][ T7673] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa [ 236.407870][ C0] bridge0: port 1(bridge_slave_0) entered learning state [ 236.415890][ C0] bridge0: port 2(bridge_slave_1) entered learning state [ 236.927135][ T7685] tun0: tun_chr_ioctl cmd 1074812118 [ 237.273726][ T7689] random: crng reseeded on system resumption [ 237.993458][ C1] bridge0: port 1(bridge_slave_0) entered learning state [ 238.000652][ C1] bridge0: port 2(bridge_slave_1) entered learning state [ 238.290615][ T3595] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 238.530645][ T3595] usb 5-1: Using ep0 maxpacket: 16 [ 238.650724][ T3595] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 238.660898][ T3595] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 238.669825][ T3595] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 238.679231][ T3595] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.688687][ T3595] usb 5-1: config 0 descriptor?? [ 239.324445][ T3561] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 239.334753][ T3561] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 239.342716][ T3561] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 239.352102][ T3561] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 239.359792][ T3561] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 239.367275][ T3561] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 239.477317][ T7695] chnl_net:caif_netlink_parms(): no params data found [ 239.502388][ C1] bridge0: port 1(bridge_slave_0) entered learning state [ 239.509515][ C1] bridge0: port 2(bridge_slave_1) entered learning state [ 239.548333][ T3643] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.587603][ T7695] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.595259][ T7695] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.603078][ T7695] device bridge_slave_0 entered promiscuous mode [ 239.610977][ T7695] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.618277][ T7695] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.626578][ T7695] device bridge_slave_1 entered promiscuous mode [ 239.653378][ T3643] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.671579][ T7695] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 239.683274][ T7695] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 239.728738][ T7695] team0: Port device team_slave_0 added [ 239.750187][ T3643] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.764836][ T7695] team0: Port device team_slave_1 added [ 239.781892][ T7695] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 239.788835][ T7695] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.816031][ T7695] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 239.828511][ T7695] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 239.835708][ T7695] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.861710][ T7695] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 239.889039][ T3643] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.918042][ T7695] device hsr_slave_0 entered promiscuous mode [ 239.925785][ T7695] device hsr_slave_1 entered promiscuous mode [ 239.932851][ T7695] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 239.940412][ T7695] Cannot create hsr debugfs directory [ 240.547042][ T3553] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 240.559578][ T3553] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 240.568295][ T3553] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 240.576291][ T3553] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 240.587309][ T3553] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 240.594769][ T3553] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 240.901283][ T7712] chnl_net:caif_netlink_parms(): no params data found [ 241.049270][ T3595] usb 5-1: USB disconnect, device number 11 [ 241.145003][ T7712] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.152273][ T7712] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.160453][ T7712] device bridge_slave_0 entered promiscuous mode [ 241.178260][ T7712] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.212656][ T7712] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.234544][ T7712] device bridge_slave_1 entered promiscuous mode [ 241.243601][ T7695] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 241.263881][ T7695] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 241.299918][ T7695] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 241.321725][ T7712] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 241.335967][ T7695] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 241.407188][ T7738] 9pnet_fd: p9_fd_create_tcp (7738): problem connecting socket to 127.0.0.1 [ 241.425020][ T3553] Bluetooth: hci3: command tx timeout [ 241.637344][ T7712] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 242.176953][ T7712] team0: Port device team_slave_0 added [ 242.187494][ T7712] team0: Port device team_slave_1 added [ 242.196850][ T3643] device hsr_slave_0 left promiscuous mode [ 242.203903][ T3643] device hsr_slave_1 left promiscuous mode [ 242.215444][ T3643] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 242.220893][ T7744] loop4: detected capacity change from 0 to 1024 [ 242.228421][ T3643] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 242.229750][ T7744] EXT4-fs: Ignoring removed bh option [ 242.249896][ T3643] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 242.257875][ T3643] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 242.262708][ T7744] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 242.284571][ T3643] device bridge_slave_1 left promiscuous mode [ 242.292589][ T3643] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.302531][ T3643] device bridge_slave_0 left promiscuous mode [ 242.308972][ T3643] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.309421][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 242.309433][ T26] audit: type=1800 audit(1721049195.253:65): pid=7744 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1395" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 242.352380][ T26] audit: type=1800 audit(1721049195.273:66): pid=7744 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1395" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 242.373653][ T26] audit: type=1800 audit(1721049195.273:67): pid=7744 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1395" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 242.402221][ T3643] device veth1_macvtap left promiscuous mode [ 242.408256][ T3643] device veth0_macvtap left promiscuous mode [ 242.414580][ T3643] device veth1_vlan left promiscuous mode [ 242.420426][ T3643] device veth0_vlan left promiscuous mode [ 242.432978][ T4378] EXT4-fs (loop4): unmounting filesystem. [ 242.691153][ T3553] Bluetooth: hci1: command tx timeout [ 242.778991][ T3561] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 242.789212][ T3561] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 242.798483][ T3561] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 242.816975][ T3561] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 242.825433][ T3561] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 242.833803][ T3561] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 243.415775][ T3643] team0 (unregistering): Port device team_slave_1 removed [ 243.481257][ T3643] team0 (unregistering): Port device team_slave_0 removed [ 243.500764][ T3561] Bluetooth: hci3: command tx timeout [ 243.514400][ T3643] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 243.548022][ T3643] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 243.984813][ T3643] bond0 (unregistering): Released all slaves [ 244.184688][ T7712] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 244.193492][ T7712] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 244.220394][ T7712] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 244.266059][ T7712] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 244.295714][ T7712] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 244.361756][ T7712] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 244.398379][ T7695] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.582538][ T7712] device hsr_slave_0 entered promiscuous mode [ 244.593609][ T3553] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 244.605807][ T3553] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 244.616678][ T3553] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 244.629458][ T3553] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 244.637185][ T7712] device hsr_slave_1 entered promiscuous mode [ 244.644984][ T7712] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 244.651551][ T3553] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 244.653526][ T7712] Cannot create hsr debugfs directory [ 244.660402][ T3553] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 244.672391][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 244.680210][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 244.709806][ T7695] 8021q: adding VLAN 0 to HW filter on device team0 [ 244.781024][ T3553] Bluetooth: hci1: command tx timeout [ 244.790266][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 244.817909][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 244.826737][ T3647] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.833872][ T3647] bridge0: port 1(bridge_slave_0) entered forwarding state [ 244.850786][ T3553] Bluetooth: hci5: command tx timeout [ 244.851538][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 244.889009][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 244.898409][ T3647] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.905555][ T3647] bridge0: port 2(bridge_slave_1) entered forwarding state [ 244.914161][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 244.924036][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 245.347507][ T7712] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.522185][ T7712] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.537136][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 245.572100][ T3553] Bluetooth: hci3: command tx timeout [ 245.583731][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 245.603684][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 245.621693][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 245.639078][ T7695] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 245.670589][ T7695] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 245.712538][ T7712] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.862441][ T7712] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.876999][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 245.996330][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 246.643264][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 246.651826][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 246.662980][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 246.671469][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 246.688563][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 246.775253][ T3553] Bluetooth: hci2: command tx timeout [ 246.845544][ T7797] netlink: 193500 bytes leftover after parsing attributes in process `syz.4.1410'. [ 246.860819][ T3553] Bluetooth: hci1: command tx timeout [ 246.928758][ T7754] chnl_net:caif_netlink_parms(): no params data found [ 246.940837][ T3553] Bluetooth: hci5: command tx timeout [ 246.949005][ T7797] netlink: 6332 bytes leftover after parsing attributes in process `syz.4.1410'. [ 247.206345][ T7712] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 247.253526][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 247.264806][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 247.280858][ T7778] chnl_net:caif_netlink_parms(): no params data found [ 247.290818][ T7712] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 247.314795][ T7695] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 247.322891][ T7754] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.329968][ T7754] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.352364][ T7754] device bridge_slave_0 entered promiscuous mode [ 247.371201][ T7712] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 247.392203][ T7754] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.431375][ T7754] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.439631][ T7754] device bridge_slave_1 entered promiscuous mode [ 247.520701][ T7712] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 247.564730][ T7754] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 247.668129][ T3553] Bluetooth: hci3: command tx timeout [ 247.695777][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 247.711270][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 247.749027][ T7754] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 248.628253][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 248.650317][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 248.659501][ T7778] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.668523][ T7778] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.677265][ T7778] device bridge_slave_0 entered promiscuous mode [ 248.686153][ T7778] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.693909][ T7778] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.702407][ T7778] device bridge_slave_1 entered promiscuous mode [ 248.741140][ T7712] 8021q: adding VLAN 0 to HW filter on device bond0 [ 248.753166][ T7754] team0: Port device team_slave_0 added [ 248.762918][ T7754] team0: Port device team_slave_1 added [ 248.768798][ T7695] device veth0_vlan entered promiscuous mode [ 248.787941][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 248.809855][ T7828] netlink: 193500 bytes leftover after parsing attributes in process `syz.4.1418'. [ 248.810277][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 248.850637][ T3553] Bluetooth: hci2: command tx timeout [ 248.866266][ T7754] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 248.873275][ T7754] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 248.901249][ T7754] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 248.913657][ T7828] netlink: 6332 bytes leftover after parsing attributes in process `syz.4.1418'. [ 248.940835][ T3553] Bluetooth: hci1: command tx timeout [ 248.953076][ T7778] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 248.965766][ T7778] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 248.985692][ T7754] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 248.993089][ T7754] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 249.021360][ T3553] Bluetooth: hci5: command tx timeout [ 249.027348][ T7754] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 249.047599][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 249.055530][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 249.066618][ T7695] device veth1_vlan entered promiscuous mode [ 249.103067][ T7712] 8021q: adding VLAN 0 to HW filter on device team0 [ 249.199158][ T7695] device veth0_macvtap entered promiscuous mode [ 249.208193][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 249.217836][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 249.226594][ T3331] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.233709][ T3331] bridge0: port 1(bridge_slave_0) entered forwarding state [ 249.241466][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 249.249793][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 249.264687][ T7778] team0: Port device team_slave_0 added [ 249.287721][ T7754] device hsr_slave_0 entered promiscuous mode [ 249.294794][ T7754] device hsr_slave_1 entered promiscuous mode [ 249.301517][ T7754] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 249.309079][ T7754] Cannot create hsr debugfs directory [ 249.316773][ T7695] device veth1_macvtap entered promiscuous mode [ 249.344975][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 249.356726][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 249.369993][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 249.381566][ T7778] team0: Port device team_slave_1 added [ 249.467624][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 249.506050][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 249.527611][ T3646] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.534761][ T3646] bridge0: port 2(bridge_slave_1) entered forwarding state [ 249.551050][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 249.596781][ T7778] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 249.616273][ T7778] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 249.645116][ T7778] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 249.659662][ T7778] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 249.676324][ T7778] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 249.713660][ T7778] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 249.741810][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 249.751246][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 249.760342][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 249.769522][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 249.789179][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 249.809205][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 249.819928][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 249.828696][ T7839] loop4: detected capacity change from 0 to 32768 [ 249.840999][ T7712] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 249.862334][ T7839] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.1423 (7839) [ 249.863790][ T7712] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 249.895844][ T7839] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 249.910877][ T7839] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 249.931838][ T3643] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.942940][ T7839] BTRFS info (device loop4): setting nodatacow, compression disabled [ 249.955108][ T7839] BTRFS info (device loop4): enabling auto defrag [ 249.965026][ T7839] BTRFS info (device loop4): max_inline at 0 [ 249.971685][ T7839] BTRFS info (device loop4): using free space tree [ 249.994435][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 250.002966][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 250.015880][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 250.027909][ T7695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 250.051694][ T7695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.073672][ T7695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 250.095774][ T7695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.108135][ T7695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 250.118834][ T7695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.129886][ T7695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 250.140881][ T7695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.151201][ T7695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 250.161758][ T7695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.171710][ T7695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 250.182243][ T7695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.204304][ T7695] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 250.317980][ T3643] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.349077][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 250.358378][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 250.389118][ T7695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 250.400746][ T7695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.410688][ T7695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 250.432583][ T7695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.454217][ T4378] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 250.456472][ T7695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 250.485473][ T7695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.505866][ T7695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 250.520817][ T7695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.536871][ T7695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 250.562745][ T7695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.572816][ T7695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 250.583754][ T7695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.596584][ T7695] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 250.654204][ T7778] device hsr_slave_0 entered promiscuous mode [ 250.671485][ T7778] device hsr_slave_1 entered promiscuous mode [ 250.679089][ T7778] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 250.687349][ T7778] Cannot create hsr debugfs directory [ 250.733971][ T3643] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.762429][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 250.775356][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 250.797919][ T7695] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.837515][ T7695] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.846675][ T7695] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.856110][ T7695] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.891806][ T3643] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.930931][ T3553] Bluetooth: hci2: command tx timeout [ 251.000968][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 251.008427][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 251.022020][ T7712] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 251.053364][ T7870] netlink: 193500 bytes leftover after parsing attributes in process `syz.4.1426'. [ 251.090882][ T7870] netlink: 6332 bytes leftover after parsing attributes in process `syz.4.1426'. [ 251.101501][ T3553] Bluetooth: hci5: command tx timeout [ 251.219605][ T3778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 251.229797][ T3778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 251.291730][ T3675] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 251.299799][ T3675] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 251.382911][ T7754] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.399980][ T3781] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 251.419517][ T7874] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1428'. [ 251.527542][ T7754] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.545059][ T3781] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 251.554147][ T3781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 251.564707][ T7712] device veth0_vlan entered promiscuous mode [ 251.581841][ T3781] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 251.589681][ T3781] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 251.615112][ T3675] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 251.638192][ T3675] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 251.648841][ T7754] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.659182][ C0] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.659224][ C0] bridge0: topology change detected, propagating [ 251.659497][ C0] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.659511][ C0] bridge0: topology change detected, propagating [ 251.708635][ T7712] device veth1_vlan entered promiscuous mode [ 251.718885][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 251.727734][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 251.736106][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 251.994467][ T7754] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.041175][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 252.049187][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 252.078314][ T3331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 252.245579][ T7712] device veth0_macvtap entered promiscuous mode [ 252.268896][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 252.407868][ T7712] device veth1_macvtap entered promiscuous mode [ 252.690200][ T7905] netlink: 193500 bytes leftover after parsing attributes in process `syz.4.1434'. [ 252.703657][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 252.728146][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.739226][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 252.750011][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.760113][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 252.771674][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.781917][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 252.792393][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.807225][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 252.817788][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.828410][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 252.839280][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.849246][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 252.859734][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.871536][ T7712] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 252.885752][ T7905] netlink: 6332 bytes leftover after parsing attributes in process `syz.4.1434'. [ 253.032406][ T3553] Bluetooth: hci2: command tx timeout [ 253.038238][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 253.068349][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 253.164503][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 253.200556][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 253.278023][ T7920] 9pnet_fd: p9_fd_create_tcp (7920): problem connecting socket to 127.0.0.1 [ 253.321147][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 253.430854][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 253.527628][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 253.570834][ C1] bridge0: port 2(bridge_slave_1) entered forwarding state [ 253.578094][ C1] bridge0: topology change detected, propagating [ 253.584710][ C1] bridge0: port 1(bridge_slave_0) entered forwarding state [ 253.591931][ C1] bridge0: topology change detected, propagating [ 253.639276][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 253.702181][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 253.757265][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 253.792463][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 253.803664][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 253.813840][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 253.831090][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 253.851193][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 253.900301][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 253.912628][ T7712] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 254.049686][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 254.062608][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 254.125685][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 254.214239][ T7712] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.359421][ T7712] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.448985][ T7712] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.564801][ T7712] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.850657][ C1] bridge0: port 2(bridge_slave_1) entered forwarding state [ 254.853796][ T7754] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 254.857886][ C1] bridge0: topology change detected, propagating [ 254.871120][ C1] bridge0: port 1(bridge_slave_0) entered forwarding state [ 254.878319][ C1] bridge0: topology change detected, propagating [ 254.983193][ T7754] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 255.064875][ T7754] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 255.075021][ T7754] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 255.182610][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 255.945367][ T1243] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.951937][ T1243] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.157890][ T7957] loop4: detected capacity change from 0 to 128 [ 256.231544][ T7957] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 256.259639][ T7957] ext4 filesystem being mounted at /281/mnt supports timestamps until 2038 (0x7fffffff) [ 256.294380][ T7957] fscrypt (loop4, inode 12): Unsupported encryption flags (0x08) [ 256.324133][ T4378] EXT4-fs (loop4): unmounting filesystem. [ 257.884974][ T3615] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 257.939871][ T3615] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 258.037226][ T3781] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 258.077678][ T3819] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 258.093508][ T7754] 8021q: adding VLAN 0 to HW filter on device bond0 [ 258.126748][ T3819] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 258.209144][ T7754] 8021q: adding VLAN 0 to HW filter on device team0 [ 258.249429][ T7778] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 258.283170][ T7778] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 258.292753][ T7778] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 258.302198][ T7778] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 258.352472][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 258.360361][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 258.368545][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 258.420750][ T3785] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 258.835810][ T3618] wlan0: Trigger new scan to find an IBSS to join [ 258.940676][ T3785] usb 2-1: Using ep0 maxpacket: 8 [ 258.977882][ T3618] ------------[ cut here ]------------ [ 258.983700][ T3618] no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0xffffffff with flags 0x20 [ 258.994904][ T3618] WARNING: CPU: 0 PID: 3618 at net/mac80211/rate.c:385 __rate_control_send_low+0x653/0x890 [ 259.004978][ T3618] Modules linked in: [ 259.008885][ T3618] CPU: 0 PID: 3618 Comm: kworker/u4:6 Not tainted 6.1.99-syzkaller #0 [ 259.017080][ T3618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 259.027190][ T3618] Workqueue: events_unbound cfg80211_wiphy_work [ 259.033502][ T3618] RIP: 0010:__rate_control_send_low+0x653/0x890 [ 259.039764][ T3618] Code: 48 8b 14 24 0f 85 db 01 00 00 8b 0a 48 c7 c7 20 0f fd 8b 48 8b 74 24 10 44 89 f2 44 8b 44 24 1c 44 8b 4c 24 0c e8 1d ea 47 f7 <0f> 0b e9 79 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c e3 f9 ff [ 259.059424][ T3618] RSP: 0018:ffffc9000411f3a0 EFLAGS: 00010246 [ 259.065537][ T3618] RAX: 61368b25b3be9f00 RBX: 000000000000000c RCX: ffff88807d063b80 [ 259.073578][ T3618] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 259.081638][ T3618] RBP: ffff8880769e38e8 R08: ffffffff8152936e R09: fffff52000823dd5 [ 259.089627][ T3618] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000800 [ 259.097703][ T3618] R13: 000000000000000c R14: 00000000ffffffff R15: dffffc0000000000 [ 259.105744][ T3618] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 259.114753][ T3618] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 259.121454][ T3618] CR2: 00007fb7826d0000 CR3: 000000001ea8f000 CR4: 00000000003506f0 [ 259.129506][ T3618] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 259.137549][ T3618] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 259.145577][ T3618] Call Trace: [ 259.148874][ T3618] [ 259.151870][ T3618] ? __warn+0x15a/0x520 [ 259.156107][ T3618] ? __rate_control_send_low+0x653/0x890 [ 259.161878][ T3618] ? report_bug+0x2af/0x500 [ 259.166419][ T3618] ? __rate_control_send_low+0x653/0x890 [ 259.172234][ T3618] ? handle_bug+0x3d/0x70 [ 259.176639][ T3618] ? exc_invalid_op+0x16/0x40 [ 259.181391][ T3618] ? asm_exc_invalid_op+0x16/0x20 [ 259.186490][ T3618] ? __warn_printk+0x28e/0x350 [ 259.191370][ T3618] ? __rate_control_send_low+0x653/0x890 [ 259.197125][ T3618] rate_control_send_low+0x1a8/0x770 [ 259.202546][ T3618] rate_control_get_rate+0x20a/0x5d0 [ 259.207943][ T3618] ieee80211_tx_h_rate_ctrl+0xc62/0x19e0 [ 259.213708][ T3618] ? ieee80211_tx_h_select_key+0x16a0/0x16a0 [ 259.219787][ T3618] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 259.225552][ T3618] ? ieee80211_queue_skb+0xd0/0x2300 [ 259.230907][ T3618] invoke_tx_handlers_late+0xb2/0x1910 [ 259.236449][ T3618] ? ieee80211_tx_h_select_key+0x1177/0x16a0 [ 259.242555][ T3618] ? invoke_tx_handlers_early+0xa0d/0x1d30 [ 259.248498][ T3618] ieee80211_tx+0x2df/0x460 [ 259.253133][ T3618] ? ieee80211_skb_resize+0x640/0x640 [ 259.258562][ T3618] ? ieee80211_xmit+0x307/0x3e0 [ 259.263510][ T3618] ? __ieee80211_tx_skb_tid_band+0x49a/0x610 [ 259.269512][ T3618] __ieee80211_tx_skb_tid_band+0x4de/0x610 [ 259.275404][ T3618] ? ieee80211_scan_state_send_probe+0x4b6/0x920 [ 259.281861][ T3618] ieee80211_scan_state_send_probe+0x575/0x920 [ 259.288107][ T3618] ieee80211_scan_work+0x612/0x1d70 [ 259.293419][ T3618] ? rcu_is_watching+0x11/0xb0 [ 259.298208][ T3618] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 259.303926][ T3618] ? ieee80211_can_scan+0x200/0x200 [ 259.309179][ T3618] cfg80211_wiphy_work+0x21a/0x250 [ 259.314371][ T3618] ? process_one_work+0x7a9/0x11d0 [ 259.319536][ T3618] process_one_work+0x8a9/0x11d0 [ 259.324578][ T3618] ? worker_detach_from_pool+0x260/0x260 [ 259.330291][ T3618] ? _raw_spin_lock_irqsave+0x120/0x120 [ 259.335929][ T3618] ? kthread_data+0x4e/0xc0 [ 259.340482][ T3618] ? wq_worker_running+0x97/0x190 [ 259.345578][ T3618] worker_thread+0xa47/0x1200 [ 259.350290][ T3618] kthread+0x28d/0x320 [ 259.354450][ T3618] ? worker_clr_flags+0x190/0x190 [ 259.359511][ T3618] ? kthread_blkcg+0xd0/0xd0 [ 259.364202][ T3618] ret_from_fork+0x1f/0x30 [ 259.368757][ T3618] [ 259.371891][ T3618] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 259.379162][ T3618] CPU: 0 PID: 3618 Comm: kworker/u4:6 Not tainted 6.1.99-syzkaller #0 [ 259.387291][ T3618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 259.397324][ T3618] Workqueue: events_unbound cfg80211_wiphy_work [ 259.403555][ T3618] Call Trace: [ 259.406819][ T3618] [ 259.409742][ T3618] dump_stack_lvl+0x1e3/0x2cb [ 259.414405][ T3618] ? nf_tcp_handle_invalid+0x642/0x642 [ 259.419850][ T3618] ? panic+0x764/0x764 [ 259.423900][ T3618] ? 0xffffffffa0000950 [ 259.428039][ T3618] ? vscnprintf+0x59/0x80 [ 259.432379][ T3618] panic+0x318/0x764 [ 259.436284][ T3618] ? __warn+0x169/0x520 [ 259.440441][ T3618] ? memcpy_page_flushcache+0xfc/0xfc [ 259.445815][ T3618] ? ret_from_fork+0x1f/0x30 [ 259.450391][ T3618] __warn+0x348/0x520 [ 259.454353][ T3618] ? __rate_control_send_low+0x653/0x890 [ 259.459970][ T3618] report_bug+0x2af/0x500 [ 259.464298][ T3618] ? __rate_control_send_low+0x653/0x890 [ 259.469946][ T3618] handle_bug+0x3d/0x70 [ 259.474095][ T3618] exc_invalid_op+0x16/0x40 [ 259.478577][ T3618] asm_exc_invalid_op+0x16/0x20 [ 259.483423][ T3618] RIP: 0010:__rate_control_send_low+0x653/0x890 [ 259.489669][ T3618] Code: 48 8b 14 24 0f 85 db 01 00 00 8b 0a 48 c7 c7 20 0f fd 8b 48 8b 74 24 10 44 89 f2 44 8b 44 24 1c 44 8b 4c 24 0c e8 1d ea 47 f7 <0f> 0b e9 79 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c e3 f9 ff [ 259.509271][ T3618] RSP: 0018:ffffc9000411f3a0 EFLAGS: 00010246 [ 259.515319][ T3618] RAX: 61368b25b3be9f00 RBX: 000000000000000c RCX: ffff88807d063b80 [ 259.523277][ T3618] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 259.531251][ T3618] RBP: ffff8880769e38e8 R08: ffffffff8152936e R09: fffff52000823dd5 [ 259.539226][ T3618] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000800 [ 259.547199][ T3618] R13: 000000000000000c R14: 00000000ffffffff R15: dffffc0000000000 [ 259.555171][ T3618] ? __warn_printk+0x28e/0x350 [ 259.559933][ T3618] rate_control_send_low+0x1a8/0x770 [ 259.565222][ T3618] rate_control_get_rate+0x20a/0x5d0 [ 259.570522][ T3618] ieee80211_tx_h_rate_ctrl+0xc62/0x19e0 [ 259.576163][ T3618] ? ieee80211_tx_h_select_key+0x16a0/0x16a0 [ 259.582147][ T3618] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 259.587789][ T3618] ? ieee80211_queue_skb+0xd0/0x2300 [ 259.593075][ T3618] invoke_tx_handlers_late+0xb2/0x1910 [ 259.598529][ T3618] ? ieee80211_tx_h_select_key+0x1177/0x16a0 [ 259.604515][ T3618] ? invoke_tx_handlers_early+0xa0d/0x1d30 [ 259.610309][ T3618] ieee80211_tx+0x2df/0x460 [ 259.614796][ T3618] ? ieee80211_skb_resize+0x640/0x640 [ 259.620159][ T3618] ? ieee80211_xmit+0x307/0x3e0 [ 259.625007][ T3618] ? __ieee80211_tx_skb_tid_band+0x49a/0x610 [ 259.630993][ T3618] __ieee80211_tx_skb_tid_band+0x4de/0x610 [ 259.636816][ T3618] ? ieee80211_scan_state_send_probe+0x4b6/0x920 [ 259.643147][ T3618] ieee80211_scan_state_send_probe+0x575/0x920 [ 259.649293][ T3618] ieee80211_scan_work+0x612/0x1d70 [ 259.654481][ T3618] ? rcu_is_watching+0x11/0xb0 [ 259.659227][ T3618] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 259.664849][ T3618] ? ieee80211_can_scan+0x200/0x200 [ 259.670052][ T3618] cfg80211_wiphy_work+0x21a/0x250 [ 259.675151][ T3618] ? process_one_work+0x7a9/0x11d0 [ 259.680240][ T3618] process_one_work+0x8a9/0x11d0 [ 259.685184][ T3618] ? worker_detach_from_pool+0x260/0x260 [ 259.690826][ T3618] ? _raw_spin_lock_irqsave+0x120/0x120 [ 259.696362][ T3618] ? kthread_data+0x4e/0xc0 [ 259.700879][ T3618] ? wq_worker_running+0x97/0x190 [ 259.705924][ T3618] worker_thread+0xa47/0x1200 [ 259.710600][ T3618] kthread+0x28d/0x320 [ 259.714645][ T3618] ? worker_clr_flags+0x190/0x190 [ 259.719649][ T3618] ? kthread_blkcg+0xd0/0xd0 [ 259.724223][ T3618] ret_from_fork+0x1f/0x30 [ 259.728631][ T3618] [ 259.731848][ T3618] Kernel Offset: disabled [ 259.736256][ T3618] Rebooting in 86400 seconds..