last executing test programs: 15.172376068s ago: executing program 0 (id=2118): bpf$BPF_PROG_QUERY(0x10, &(0x7f0000003340)={@cgroup, 0x15, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 15.090059599s ago: executing program 0 (id=2120): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x30, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_USERDATA={0x4}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x58}, 0x1, 0x0, 0x0, 0x840}, 0x0) 14.936271381s ago: executing program 0 (id=2122): syz_open_dev$midi(0x0, 0xffffffffffffffff, 0x85082) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000003c0)=@abs, 0x6e) socket$nl_audit(0x10, 0x3, 0x9) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xb, &(0x7f0000000640)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000ff118f160000007b8af8ff00000000bfa2070000000000e9000000f8ffffffb703"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet(0x2, 0x6, 0x0) connect$inet(r3, &(0x7f0000000300), 0x10) getsockopt$IPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000440)={'mangle\x00', 0x0, [0xcb, 0x5f9, 0xf673d5d, 0x68019440, 0x1]}, &(0x7f00000004c0)=0x54) socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xffffffff}, 0x1c) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) bind$l2tp(0xffffffffffffffff, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r4, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}}, 0x0) 10.353747649s ago: executing program 0 (id=2146): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@gettaction={0x54, 0x32, 0x200, 0x70bd29, 0x25dfdbff, {}, [@action_gd=@TCA_ACT_TAB={0x4}, @action_gd=@TCA_ACT_TAB={0x4}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_gd=@TCA_ACT_TAB={0x4}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x1f, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xc82}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x2}]}, 0x54}, 0x1, 0x0, 0x0, 0x804}, 0x4080) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000500)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) futex(0x0, 0xc, 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x854}, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000027c0)={0x11, 0x4, 0x0, &(0x7f0000000a00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r3}, 0x18) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) ioprio_set$pid(0x2, 0x0, 0x0) landlock_create_ruleset(0x0, 0x0, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0) sendfile(r4, r4, 0x0, 0x40008) 9.794995446s ago: executing program 1 (id=2151): bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8) r3 = accept(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r3, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0xfcdc}], 0x1, &(0x7f0000000480)=[@op={0x18}], 0x1d}], 0x1, 0x0) recvmsg(r3, &(0x7f000000b680)={0x0, 0x10400004, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x4}, {&(0x7f000000b500)=""/153, 0xfb59}], 0x2}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) r4 = accept4$x25(0xffffffffffffffff, &(0x7f0000000000)={0x9, @remote}, &(0x7f0000000040)=0x12, 0x400) ioctl$sock_x25_SIOCDELRT(r4, 0x890c, &(0x7f0000000200)={@null, 0x1, 'bond_slave_0\x00'}) r5 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x0) mkdirat(r6, &(0x7f0000000080)='./file1\x00', 0x4) 8.215634536s ago: executing program 1 (id=2156): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000001200), 0x40a01, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) readlinkat(r1, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000b40)='./file1\x00', 0x0, 0x100, 0x12345}) r3 = syz_io_uring_setup(0x823, &(0x7f0000000480)={0x0, 0x0, 0x100, 0x20003, 0x34d}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffff9, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000200)=[{0x9, 0x0, 0x0, 0x6}]}, 0x8) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r3, 0x47bc, 0x0, 0x21, 0x0, 0x0) 7.09847356s ago: executing program 1 (id=2161): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendmmsg$inet(r1, &(0x7f0000004540), 0x0, 0x240080e4) r2 = getpid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f00000002c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x6) r6 = memfd_create(&(0x7f0000000540)='\xdd#\x00\xe6Z\x00\xafq%\xa5\x83\xa6#\r\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\xf9\xff\xff\xff\x00\x17?$^\xe1Ob\xe1Y\x03\x00\x00\x00\x00\x00\x00\x00\xce\xe5\x19THP\xf4O\xe2\x9f\xd9\xae\xcf>/\xdc\xaa<\x96\xedE>{\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0\xb04\xb7T5\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\x03\x8a\xc40\xbe\xe3\x93A\x15\xec\xdb\xaa\xdc\n\xcbC\x15\xfcp\x11\xdai\f{\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\x82t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9\x87\xb6^r\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9w\xd2\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T[\xb7\xa4\xb0\bk&\xede\x8b\xc2\xb2\xcd\xef\xcf\x0fE\xc5\x86]\xc0]}\xdd^\xf6&\x16>c\x9d\x9c\xc9\x01\x04\x00\x00\xe9h\xbd\x10p\x8f\x14\x1f2\"\x1b;\xfda\x19\x8bo^\x96\x9a~Q\xce\x95\x02\xb8e\xbbG\xb0V[\xfe\x80\x94$y\x8a\\@\xa9^\x95!IJ\xcf\xf7\xafoX/qG\x97ITp\x01\xae\f\"n;%\xecT\xf6\xb6\xbf;\xde\xec\xb4z\xaa\xd9%\xa5;wy~\xcb\x9a\xd7\r\xe2\xcd\xf0C\x16\xbf0\x89\xb4\xf5\x86\xf3\x99\x9bq\xd3\x15\xe1:\x86\xe4\x14\x805K\xcf\xf6\xda\xd1A>\xf4r>\xfdyAH\x0f\x00'/426, 0x0) fsetxattr$security_capability(r6, &(0x7f0000000000), 0x0, 0x0, 0x0) openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r7 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) mmap$IORING_OFF_SQ_RING(&(0x7f0000adc000/0x1000)=nil, 0x1000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$PAGEMAP_SCAN(r7, 0xc0606610, &(0x7f0000000500)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x8, 0x48, 0x7b, 0x33}) 4.498112063s ago: executing program 2 (id=2179): syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="02c9001a001600050017011200"], 0x1f) 4.456156873s ago: executing program 2 (id=2170): r0 = dup(0xffffffffffffffff) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x137) r1 = io_uring_setup(0xf08, &(0x7f000000c480)={0x0, 0xeb9e, 0x400, 0x20001, 0x3}) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000540)=[{0x0}], 0x1) r2 = io_uring_setup(0x4a92, &(0x7f00000003c0)={0x0, 0x1e28, 0x40, 0x40, 0x89, 0x0, r1}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) io_uring_register$IORING_REGISTER_FILES(r2, 0x1e, &(0x7f0000000000)=[r1], 0x1) 4.381543385s ago: executing program 3 (id=2171): socket$netlink(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) ptrace$getregset(0x4204, 0x0, 0x1, &(0x7f0000000080)={0x0}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000ec0)='cgroup.max.depth\x00', 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000100)=ANY=[@ANYBLOB='-7'], 0x9) timer_create(0x3, 0x0, 0x0) open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000001c0)={&(0x7f00000002c0)={0x2c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98f}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0) 4.365724585s ago: executing program 1 (id=2172): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x7fffffff}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}]}, 0x58}}, 0x0) 3.374538048s ago: executing program 2 (id=2174): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x27, &(0x7f00000001c0)=0x1, 0x4) 3.285601508s ago: executing program 1 (id=2175): syz_io_uring_setup(0x18de, &(0x7f00000035c0)={0x0, 0xf74e, 0x10, 0x0, 0x3c4}, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$packet(0x11, 0x2, 0x300) socket(0x10, 0x803, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet6_sctp(0xa, 0x801, 0x84) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x8000000004) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/firmware/fdt', 0x0, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='@\x00\x00', @ANYRES16=r1, @ANYBLOB="1fe8ffff0000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="21003300d0800000080211000000080211000001505050505050000000000000", @ANYRES8=r0], 0x40}}, 0x0) 3.128741371s ago: executing program 4 (id=2177): r0 = syz_open_dev$loop(&(0x7f0000000180), 0x7, 0x2480) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000140)={0x2, 0x2, 0x781, 0x5f, 0x3ff, 0xe1aa0}) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x591) 2.793761185s ago: executing program 2 (id=2178): r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$alg(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8) r4 = accept(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r4, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0xfcdc}], 0x1, &(0x7f0000000480)=[@op={0x18}], 0x1d}], 0x1, 0x0) recvmsg(r4, &(0x7f000000b680)={0x0, 0x10400004, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x4}, {&(0x7f000000b500)=""/153, 0xfb59}], 0x2}, 0x0) sendmsg$nl_generic(r0, 0x0, 0x0) r5 = accept4$x25(0xffffffffffffffff, &(0x7f0000000000)={0x9, @remote}, &(0x7f0000000040)=0x12, 0x400) ioctl$sock_x25_SIOCDELRT(r5, 0x890c, &(0x7f0000000200)={@null, 0x1, 'bond_slave_0\x00'}) r6 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) r7 = fsmount(r6, 0x0, 0x0) mkdirat(r7, &(0x7f0000000080)='./file1\x00', 0x4) 2.314463251s ago: executing program 3 (id=2180): sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="380000000309000028bd7000fbdbdf250900020073797a31000000000800410073697700140033007465616d300000000000000000000000b55dac19e5498dc125"], 0x38}, 0x1, 0x0, 0x0, 0x4040}, 0x40080c0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r2 = socket$inet(0xa, 0x801, 0x84) connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r2, 0x8) r3 = accept4(r2, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000380)=@sack_info={0x0, 0x5, 0x80000000}, &(0x7f0000000300)=0xc) 2.265864021s ago: executing program 4 (id=2181): sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{0x0}], 0x1}], 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x52) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0xde02}) close(0xffffffffffffffff) preadv(r2, &(0x7f0000000400)=[{&(0x7f0000000440)=""/257, 0x101}], 0x1, 0x20001, 0xc) write$sndseq(r1, &(0x7f0000001380)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x4}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time={0xffff, 0xa5}, {}, {0x2}, @connect={{0x2, 0x3}, {0x3}}}, {0x0, 0x0, 0x0, 0x0, @time={0x2, 0x2}, {0x0, 0x8}, {}, @control}, {0x0, 0x0, 0x1, 0x0, @time, {}, {}, @connect={{}, {0x0, 0x5}}}], 0x68) 2.177655772s ago: executing program 1 (id=2182): r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000800)=[{{&(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000040)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @broadcast}}}], 0x20}}, {{&(0x7f00000000c0)={0x2, 0x4e21, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000100)=[@ip_retopts={{0x1c, 0x0, 0x7, {[@lsrr={0x83, 0xb, 0x4, [@local, @broadcast]}]}}}], 0x20}}], 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='pagemap\x00') ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'geneve1\x00'}) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_tables_names\x00') mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}}) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000003c0)={'wlan1\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$qrtr(0x2a, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8914, &(0x7f0000000000)={'wlan1\x00'}) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x24, r9, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0) r11 = geteuid() setfsuid(r11) sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010000000000000000000800000008000300", @ANYRES32=r4], 0x1c}, 0x1, 0x0, 0x0, 0x24000040}, 0x0) 1.507888671s ago: executing program 3 (id=2183): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}, {0x5, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x6, 0x2}}}}]}, 0x79}}, 0x800) r3 = socket$inet_sctp(0x2, 0x1, 0x84) socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_DELDEST(r3, 0x0, 0x488, &(0x7f0000000280)={{0x84, @empty, 0x4e20, 0x3, 'lblc\x00', 0x1d, 0x2, 0x2a}, {@loopback, 0x4e23, 0x10000, 0xc24, 0x9, 0xfffffffb}}, 0x44) 1.480438161s ago: executing program 2 (id=2184): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000340)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000180)={r1}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000480)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000080)={r2, 0x3, r0, 0x5}) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x400452c8, 0x0) 1.480088501s ago: executing program 4 (id=2185): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x1003fc, 0x0, 0x32}, 0x9c) sendto$inet6(r0, &(0x7f0000847fff), 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback, 0x2}}, 0x0, 0xfc00, 0x0, 0x3, 0x49}, 0x9c) 1.449269212s ago: executing program 4 (id=2186): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) set_mempolicy(0x2002, &(0x7f0000000040)=0x10001, 0x89) connect$unix(0xffffffffffffffff, 0x0, 0x0) shmget$private(0x0, 0x1000, 0x78000a42, &(0x7f0000ff2000/0x1000)=nil) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETRULE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="2c000000190a0102ff070000000000000040001a0900020073797a32000000000900010073797a3000000000"], 0x2c}}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="aaaa38dbf9a9c5aad594aa0175d831baff80002800664943f6f1cdaf48144aaff1195285bb89a89aa82c8901240b65b486d431baf4cf25ec9f4332bbd66ed8b466617a66d7856fa052f32900c29d2fcc226ce6f2e11228a6f31fa58e71506d37325f73264b91560badfa7d6759d0bbe97606a429113ad12783c0aec558fec2dba84995689e55969a1ffab153f212ba18032276844372f727073fed48c400aa1b77b22d53a638f3ad9e49a897b38fa72d36db24ddc2340724766285e5ceaea7a79dc04b8de5e5b7ce5c186e5630a204f03727e35106136b6e25044ba53b8c6455a92b8f17bd58f96d50f872e70189d4fc54687102d72ab00a19e069a7c5d055fc0c1d543f00185e05861102fae86c349d739388309a4393c40005acd8bda838058fe9c23328f5c6e8c6a3d496027d8b98113015941919365049245f550ef13daf61fc3a7d3d1150f67bc55345945c2fda99a52dc3862eece498288b44f7e92af3c075cbe4d24050ca8454dac839c3ea1cf008", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02ffff90780000"], 0x0) syz_emit_ethernet(0x7e, &(0x7f0000000440)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @generic={{0x14, 0x4, 0x2, 0x5, 0x2f, 0x67, 0x0, 0x40, 0x2e, 0x0, @private=0xa010101, @loopback}, "579fbaf464db53c9042597b7050b2351d75e9cf82a36108fa860a40be5dc7e57"}}}}, 0x0) r5 = syz_open_dev$I2C(0x0, 0x0, 0x101000) ioctl$I2C_RDWR(r5, 0x707, &(0x7f0000000400)={&(0x7f0000000540)=[{0x0, 0xec01, 0x0, 0x0}], 0x1}) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r6 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCSIG(r6, 0x40045436, 0x800000000200014) r7 = gettid() process_vm_writev(r7, 0x0, 0x0, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000240)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) 1.390449272s ago: executing program 3 (id=2187): prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{0x0, 0x0, &(0x7f00000004c0)}], 0x1, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) pselect6(0x40, &(0x7f0000000480)={0x9, 0x3, 0x1, 0x2, 0x9, 0x3, 0x5, 0x80000000}, 0x0, 0x0, 0x0, 0x0) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000480), 0x2}, 0x22) openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0) 1.145877045s ago: executing program 0 (id=2188): r0 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$6lowpan_enable(r0, &(0x7f0000000100)='0', 0x1) 468.304124ms ago: executing program 4 (id=2189): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x3e, &(0x7f0000000240)={@local, @link_local, @val={@void, {0x8100, 0x0, 0x0, 0x4}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0xfffc, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x2, 0x0, 0x0, 0x0, {[@mptcp=@ack={0x1e, 0x4, 0xb}]}}}}}}}, 0x0) 299.568256ms ago: executing program 0 (id=2190): socket$netlink(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) ptrace$getregset(0x4204, 0x0, 0x1, &(0x7f0000000080)={0x0}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000ec0)='cgroup.max.depth\x00', 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000100)=ANY=[@ANYBLOB='-7'], 0x9) timer_create(0x3, 0x0, 0x0) open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000001c0)={&(0x7f00000002c0)={0x2c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98f}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0) 297.947176ms ago: executing program 4 (id=2191): socket$nl_route(0x10, 0x3, 0x0) socket(0x28, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) writev(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @ib_path={0x0, 0xffffffffffffffff, 0x1, 0x1, 0xffffffc2}}, 0x20) socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) 201.508187ms ago: executing program 2 (id=2192): r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x200) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0}, 0x18) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r6 = accept4(r5, 0x0, 0x0, 0x0) sendmmsg$alg(r6, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x38, 0x2, 0x6, 0x401, 0x0, 0x0, {0x2, 0x0, 0x6}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x4000000) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x0, 0x0, 0xffffffff, 0x0, 0x54}, 0x9c) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r0, 0xc0305602, &(0x7f0000000040)={0x0, 0x664d, 0x1, 0x1}) 196.272507ms ago: executing program 3 (id=2193): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0xb0, 0x65, 0x2, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x8}, {0x0, 0x9}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x6, 0x22}}, @filter_kind_options=@f_route={{0xa}, {0x6c, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_TO={0x8, 0x2, 0xca}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_ACT={0x50, 0x6, [@m_vlan={0x4c, 0x5e, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x319, 0x8, 0x2, 0x5b, 0x8}, 0x1}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}]}]}}]}, 0xb0}, 0x1, 0x0, 0x0, 0x81}, 0x0) r0 = socket(0x10, 0x803, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x3a1}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 0s ago: executing program 3 (id=2194): r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$alg(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8) r4 = accept(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r4, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0xfcdc}], 0x1, &(0x7f0000000480)=[@op={0x18}], 0x1d}], 0x1, 0x0) recvmsg(r4, &(0x7f000000b680)={0x0, 0x10400004, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x4}, {&(0x7f000000b500)=""/153, 0xfb59}], 0x2}, 0x0) sendmsg$nl_generic(r0, 0x0, 0x0) r5 = accept4$x25(0xffffffffffffffff, &(0x7f0000000000)={0x9, @remote}, &(0x7f0000000040)=0x12, 0x400) ioctl$sock_x25_SIOCDELRT(r5, 0x890c, &(0x7f0000000200)={@null, 0x1, 'bond_slave_0\x00'}) r6 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) r7 = fsmount(r6, 0x0, 0x0) mkdirat(r7, &(0x7f0000000080)='./file1\x00', 0x4) kernel console output (not intermixed with test programs): 14167][ T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.616671][ T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 40.619742][ T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.623849][ T4299] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.626584][ T4299] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.629782][ T4299] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.632104][ T4299] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.636785][ T4306] device veth0_macvtap entered promiscuous mode [ 40.643751][ T4303] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.646016][ T4303] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.648338][ T4303] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.651429][ T4303] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.659273][ T4316] Bluetooth: hci0: command 0x041b tx timeout [ 40.676741][ T4306] device veth1_macvtap entered promiscuous mode [ 40.724854][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 40.727622][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 40.731351][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 40.733857][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.739115][ T47] Bluetooth: hci1: command 0x041b tx timeout [ 40.740247][ T4308] device veth0_vlan entered promiscuous mode [ 40.759657][ T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.761702][ T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.764222][ T1614] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.766470][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 40.769650][ T1614] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.769788][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.774538][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 40.777211][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.780871][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.784033][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 40.814789][ T4309] device veth0_vlan entered promiscuous mode [ 40.818080][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 40.820884][ T4316] Bluetooth: hci2: command 0x041b tx timeout [ 40.823258][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.826067][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.830041][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.832548][ T47] Bluetooth: hci4: command 0x041b tx timeout [ 40.834117][ T47] Bluetooth: hci3: command 0x041b tx timeout [ 40.842019][ T4308] device veth1_vlan entered promiscuous mode [ 40.854903][ T4306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 40.857554][ T4306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 40.863488][ T4306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 40.866081][ T4306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 40.873757][ T4306] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.897842][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 40.900886][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.910899][ T4309] device veth1_vlan entered promiscuous mode [ 40.922277][ T4306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 40.925078][ T4306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 40.927629][ T4306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 40.931148][ T4306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 40.943935][ T4306] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.955917][ T4306] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.958002][ T4306] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.962468][ T4306] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.964672][ T4306] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.098729][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.102117][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.125721][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 41.128585][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.136204][ T4309] device veth0_macvtap entered promiscuous mode [ 41.683819][ T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.686233][ T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.878054][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.884442][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.895567][ T4309] device veth1_macvtap entered promiscuous mode [ 41.917561][ T4309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 41.921259][ T4309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.923758][ T4309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 41.926205][ T4309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.928503][ T4309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 41.941735][ T4309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.947211][ T4309] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.956023][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 41.960982][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 41.967368][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 41.974784][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 41.994418][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.997574][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.010709][ T4309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.012834][ T4387] loop2: detected capacity change from 0 to 4096 [ 42.013574][ T4309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.013605][ T4309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.013617][ T4309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.013629][ T4309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.013639][ T4309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.014639][ T4309] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 42.059691][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 42.062159][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.065268][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 42.067801][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.079193][ T4356] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 42.084784][ T4356] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 42.089705][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 42.113644][ T4309] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.129054][ T4309] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.143994][ T4309] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.146361][ T4309] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.150883][ T4308] device veth0_macvtap entered promiscuous mode [ 42.298248][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 42.303527][ T4308] device veth1_macvtap entered promiscuous mode [ 42.310365][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 42.328652][ T4308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 42.333647][ T4308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.336101][ T4308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 42.338975][ T4308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.446874][ T4389] process 'syz.2.6' launched '/dev/fd/6' with NULL argv: empty string added [ 42.661246][ T4308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 42.739863][ T4316] Bluetooth: hci0: command 0x040f tx timeout [ 42.794733][ T4308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 43.070293][ T4308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 43.072840][ T4308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 43.076649][ T4308] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 43.089023][ T4316] Bluetooth: hci1: command 0x040f tx timeout [ 43.137984][ T47] Bluetooth: hci3: command 0x040f tx timeout [ 43.139949][ T47] Bluetooth: hci4: command 0x040f tx timeout [ 43.141492][ T47] Bluetooth: hci2: command 0x040f tx timeout [ 43.182472][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 43.185041][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 43.187417][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 43.219620][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.222267][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.226603][ T4308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 43.239988][ T4308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 43.259014][ T4308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 43.261546][ T4308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 43.264075][ T4308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 43.285561][ T4308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 43.288325][ T4308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 43.296671][ T4308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 43.301753][ T4308] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 43.306760][ T4308] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.314815][ T4308] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.316975][ T4308] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.319453][ T4308] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.367312][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.378107][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.235129][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.237352][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.302505][ T1614] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 44.327811][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.334050][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.348215][ T1614] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 44.362033][ T1614] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.364250][ T1614] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.367242][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 44.389761][ T4408] cgroup: No subsys list or none specified [ 44.424210][ T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.426419][ T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.444906][ T1614] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 45.582166][ T4426] loop4: detected capacity change from 0 to 256 [ 46.556871][ T4316] Bluetooth: hci0: command 0x0419 tx timeout [ 46.558678][ T4316] Bluetooth: hci1: command 0x0419 tx timeout [ 46.560778][ T4316] Bluetooth: hci2: command 0x0419 tx timeout [ 46.562733][ T4316] Bluetooth: hci4: command 0x0419 tx timeout [ 46.564575][ T4316] Bluetooth: hci3: command 0x0419 tx timeout [ 47.148933][ T27] audit: type=1326 audit(47.110:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4403 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffad35b728 code=0x7fc00000 [ 47.228162][ T47] Bluetooth: Unknown BR/EDR signaling command 0xae [ 47.231434][ T47] Bluetooth: Wrong link type (-22) [ 47.300271][ T4293] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 47.617856][ T4442] sctp: [Deprecated]: syz.3.18 (pid 4442) Use of struct sctp_assoc_value in delayed_ack socket option. [ 47.617856][ T4442] Use struct sctp_sack_info instead [ 47.712561][ T4437] Zero length message leads to an empty skb [ 47.722093][ T4445] block device autoloading is deprecated and will be removed. [ 47.737849][ T4437] loop1: detected capacity change from 0 to 4096 [ 47.781559][ T4437] NILFS (loop1): corrupt root inode [ 47.782749][ T4447] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 49.129750][ T4462] capability: warning: `syz.3.23' uses deprecated v2 capabilities in a way that may be insecure [ 50.332795][ T47] Bluetooth: Wrong link type (-71) [ 50.716344][ T4481] loop4: detected capacity change from 0 to 256 [ 50.737135][ T4481] ======================================================= [ 50.737135][ T4481] WARNING: The mand mount option has been deprecated and [ 50.737135][ T4481] and is ignored by this kernel. Remove the mand [ 50.737135][ T4481] option from the mount to silence this warning. [ 50.737135][ T4481] ======================================================= [ 51.525862][ T4484] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 51.847108][ T4431] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 51.928081][ T4462] loop3: detected capacity change from 0 to 32768 [ 51.937306][ T4486] loop0: detected capacity change from 0 to 64 [ 51.958309][ T4462] XFS: ikeep mount option is deprecated. [ 51.963489][ T4462] XFS: noikeep mount option is deprecated. [ 52.051097][ T4471] loop2: detected capacity change from 0 to 32768 [ 52.068352][ T4462] XFS (loop3): Mounting V5 Filesystem [ 52.105620][ T4462] XFS (loop3): AIL initialisation failed: error -12 [ 52.159159][ T4462] XFS (loop3): log mount failed [ 52.174191][ T4471] XFS (loop2): Mounting V5 Filesystem [ 52.257578][ T4471] XFS (loop2): Ending clean mount [ 52.273104][ T4471] XFS (loop2): Quotacheck needed: Please wait. [ 52.334710][ T4471] XFS (loop2): Quotacheck: Done. [ 52.374574][ T4303] XFS (loop2): Unmounting Filesystem [ 52.433503][ T4512] team0: No ports can be present during mode change [ 52.437496][ T4512] netlink: 4 bytes leftover after parsing attributes in process `syz.0.35'. [ 52.576613][ T4492] loop1: detected capacity change from 0 to 32768 [ 52.664141][ T4492] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 53.706647][ T4299] ocfs2: Unmounting device (7,1) on (node local) [ 53.726480][ T47] Bluetooth: hci0: command 0x0c1a tx timeout [ 53.883721][ T4536] loop4: detected capacity change from 0 to 64 [ 53.884360][ T4534] loop1: detected capacity change from 0 to 512 [ 53.894835][ T4534] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 53.923560][ T4534] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 53.971658][ T4534] EXT4-fs (loop1): 1 truncate cleaned up [ 53.979514][ T4534] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 54.015415][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 54.019498][ T4512] team0 (unregistering): Port device team_slave_0 removed [ 54.060617][ T4512] team0 (unregistering): Port device team_slave_1 removed [ 54.200989][ T4550] binder: 4549:4550 Release 1 refcount change on invalid ref 0 ret -22 [ 54.473890][ T4544] loop1: detected capacity change from 0 to 32768 [ 54.482391][ T4544] XFS: ikeep mount option is deprecated. [ 54.485046][ T4544] XFS: noikeep mount option is deprecated. [ 54.508294][ T4544] XFS (loop1): Mounting V5 Filesystem [ 55.423789][ T4544] XFS (loop1): Ending clean mount [ 55.439488][ T4544] XFS (loop1): Quotacheck needed: Please wait. [ 55.483935][ T4544] XFS (loop1): Quotacheck: Done. [ 55.546644][ T4582] loop4: detected capacity change from 0 to 64 [ 55.697260][ T4299] XFS (loop1): Unmounting Filesystem [ 55.749259][ T4586] loop3: detected capacity change from 0 to 1024 [ 55.817041][ T4586] syz.3.60: attempt to access beyond end of device [ 55.817041][ T4586] loop3: rw=0, sector=201326592, nr_sectors = 2 limit=1024 [ 55.832189][ T4586] Buffer I/O error on dev loop3, logical block 100663296, async page read [ 55.834746][ T4586] hfsplus: unable to mark blocks free: error -5 [ 55.836285][ T4586] hfsplus: can't free extent [ 56.015218][ T4594] netlink: 24 bytes leftover after parsing attributes in process `syz.4.64'. [ 57.163780][ T4611] loop2: detected capacity change from 0 to 512 [ 57.478366][ T4611] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 57.997968][ T4623] overlayfs: './file2' not a directory [ 58.887703][ T4629] loop0: detected capacity change from 0 to 64 [ 59.057094][ T4303] EXT4-fs (loop2): unmounting filesystem. [ 59.080305][ T4603] loop4: detected capacity change from 0 to 40427 [ 59.160924][ T4603] F2FS-fs (loop4): Found nat_bits in checkpoint [ 59.289207][ T4603] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 59.337353][ T4603] syz.4.68: attempt to access beyond end of device [ 59.337353][ T4603] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 59.373111][ T4643] loop2: detected capacity change from 0 to 4096 [ 59.402705][ T4643] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 59.436558][ T4643] ntfs3: loop2: Failed to load $Extend. [ 59.546968][ T4631] loop1: detected capacity change from 0 to 32768 [ 59.554597][ T4631] XFS: ikeep mount option is deprecated. [ 59.558456][ T4631] XFS: noikeep mount option is deprecated. [ 59.621379][ T4653] netlink: 24 bytes leftover after parsing attributes in process `syz.2.81'. [ 59.702482][ T4631] XFS (loop1): Mounting V5 Filesystem [ 59.794421][ T4631] XFS (loop1): Ending clean mount [ 59.818690][ T4631] XFS (loop1): Quotacheck needed: Please wait. [ 59.852676][ T4631] XFS (loop1): Quotacheck: Done. [ 60.898885][ C0] sched: RT throttling activated [ 61.153086][ T4299] XFS (loop1): Unmounting Filesystem [ 61.719283][ T4682] loop2: detected capacity change from 0 to 64 [ 62.141854][ T4685] loop3: detected capacity change from 0 to 512 [ 62.271848][ T4685] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 62.731539][ T4693] overlayfs: './file2' not a directory [ 63.388743][ T4306] EXT4-fs (loop3): unmounting filesystem. [ 64.313118][ T4721] loop1: detected capacity change from 0 to 64 [ 64.518555][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.523432][ T2060] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.903849][ T4725] loop2: detected capacity change from 0 to 64 [ 64.986354][ T4725] overlayfs: unrecognized mount option "ˆ¼bnë› " or missing value [ 65.605456][ T4704] loop0: detected capacity change from 0 to 32768 [ 65.607675][ T4704] XFS: ikeep mount option is deprecated. [ 65.619881][ T4704] XFS: attr2 mount option is deprecated. [ 65.827053][ T4704] XFS (loop0): Mounting V5 Filesystem [ 66.413046][ T4712] loop3: detected capacity change from 0 to 32768 [ 66.415456][ T4712] XFS: ikeep mount option is deprecated. [ 66.417025][ T4712] XFS: noikeep mount option is deprecated. [ 66.900880][ T47] Bluetooth: Unknown BR/EDR signaling command 0xae [ 66.902479][ T47] Bluetooth: Wrong link type (-22) [ 66.942357][ T4704] XFS (loop0): Ending clean mount [ 66.944767][ T4704] XFS (loop0): Quotacheck needed: Please wait. [ 66.971659][ T4704] XFS (loop0): Quotacheck: Done. [ 67.036949][ T4308] XFS (loop0): Unmounting Filesystem [ 67.347778][ T4763] loop3: detected capacity change from 0 to 256 [ 68.104397][ T4767] loop2: detected capacity change from 0 to 64 [ 68.416262][ T4760] loop4: detected capacity change from 0 to 32768 [ 68.436438][ T4770] loop3: detected capacity change from 0 to 64 [ 69.011415][ T4316] Bluetooth: Unknown BR/EDR signaling command 0xae [ 69.013076][ T4316] Bluetooth: Wrong link type (-22) [ 69.161352][ T47] Bluetooth: hci4: Malformed Event: 0x02 [ 69.235382][ T4789] loop0: detected capacity change from 0 to 512 [ 69.798859][ T7] cfg80211: failed to load regulatory.db [ 70.460352][ T4791] netlink: 4 bytes leftover after parsing attributes in process `syz.4.116'. [ 70.627530][ T4803] loop0: detected capacity change from 0 to 64 [ 70.676611][ T4802] loop3: detected capacity change from 0 to 512 [ 70.724050][ T4802] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 70.751729][ T4802] EXT4-fs (loop3): 1 truncate cleaned up [ 70.753414][ T4802] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 70.790121][ T4780] loop1: detected capacity change from 0 to 32768 [ 70.792619][ T4780] XFS: ikeep mount option is deprecated. [ 70.794068][ T4780] XFS: noikeep mount option is deprecated. [ 70.881200][ T4780] XFS (loop1): Mounting V5 Filesystem [ 70.896502][ T4306] EXT4-fs (loop3): unmounting filesystem. [ 70.965954][ T4780] XFS (loop1): Ending clean mount [ 70.970307][ T4780] XFS (loop1): Quotacheck needed: Please wait. [ 71.012079][ T4780] XFS (loop1): Quotacheck: Done. [ 71.033682][ T4824] loop3: detected capacity change from 0 to 64 [ 71.238940][ T4827] loop0: detected capacity change from 0 to 64 [ 71.273050][ T4299] XFS (loop1): Unmounting Filesystem [ 72.216590][ T4839] loop3: detected capacity change from 0 to 64 [ 73.269763][ T4842] netlink: 4 bytes leftover after parsing attributes in process `syz.0.137'. [ 73.351324][ T4845] loop2: detected capacity change from 0 to 512 [ 73.375508][ T4845] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 73.424561][ T4845] EXT4-fs (loop2): 1 truncate cleaned up [ 73.432713][ T4845] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 73.614468][ T4303] EXT4-fs (loop2): unmounting filesystem. [ 73.739738][ T47] Bluetooth: Unknown BR/EDR signaling command 0xae [ 73.741416][ T47] Bluetooth: Wrong link type (-22) [ 74.647224][ T4861] loop1: detected capacity change from 0 to 64 [ 74.693206][ T4862] loop2: detected capacity change from 0 to 64 [ 75.348711][ T4872] loop1: detected capacity change from 0 to 64 [ 75.744982][ T4852] loop3: detected capacity change from 0 to 32768 [ 75.747240][ T4852] XFS: ikeep mount option is deprecated. [ 75.748611][ T4852] XFS: noikeep mount option is deprecated. [ 75.782727][ T4852] XFS (loop3): Mounting V5 Filesystem [ 75.904385][ T4852] XFS (loop3): Ending clean mount [ 75.914978][ T4852] XFS (loop3): Quotacheck needed: Please wait. [ 75.923851][ T4888] loop0: detected capacity change from 0 to 512 [ 75.940816][ T4852] XFS (loop3): Quotacheck: Done. [ 75.942955][ T4888] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 76.044585][ T4888] EXT4-fs (loop0): 1 truncate cleaned up [ 76.046335][ T4888] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 76.205426][ T4896] loop1: detected capacity change from 0 to 1024 [ 76.297447][ T4308] EXT4-fs (loop0): unmounting filesystem. [ 76.301071][ T4306] XFS (loop3): Unmounting Filesystem [ 76.397205][ T4898] xt_CT: You must specify a L4 protocol and not use inversions on it [ 77.038320][ T4902] loop1: detected capacity change from 0 to 64 [ 77.063442][ T4904] loop2: detected capacity change from 0 to 64 [ 77.228610][ T4910] loop2: detected capacity change from 0 to 64 [ 78.002922][ T4917] syz.1.162 uses obsolete (PF_INET,SOCK_PACKET) [ 79.053244][ T4932] loop4: detected capacity change from 0 to 512 [ 79.061773][ T4932] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 79.091810][ T4932] EXT4-fs (loop4): 1 truncate cleaned up [ 79.093218][ T4932] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 79.151573][ T4309] EXT4-fs (loop4): unmounting filesystem. [ 80.459651][ T4954] libceph: resolve '. [ 80.459651][ T4954] #)|.زf͹Dza×ïÅ2sˆoÖw¿úÕ?£'Ê%ÐKAq‰f»CÖê¨Âz¿e­Sb3L)Hyúo¤¶ÿÿÿÿÿÿÿ÷ǤÜYšM¤¨ìó¤h‡E$ [ 80.459651][ T4954] ' (ret=-3): failed [ 81.502781][ T4982] loop2: detected capacity change from 0 to 512 [ 81.515840][ T4982] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 81.547016][ T4982] EXT4-fs (loop2): 1 truncate cleaned up [ 81.548529][ T4982] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 81.592805][ T4949] loop1: detected capacity change from 0 to 40427 [ 81.661867][ T4949] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 81.663910][ T4949] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 81.677524][ T4303] EXT4-fs (loop2): unmounting filesystem. [ 81.715156][ T4949] F2FS-fs (loop1): Found nat_bits in checkpoint [ 81.826169][ T4949] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 81.827911][ T4949] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 83.916040][ T5027] loop1: detected capacity change from 0 to 512 [ 84.100712][ T5027] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 84.457581][ T5027] EXT4-fs (loop1): 1 truncate cleaned up [ 84.583484][ T5027] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 84.926503][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 85.006604][ T5047] loop1: detected capacity change from 0 to 512 [ 85.179842][ T5047] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 85.418548][ T5057] overlayfs: './file2' not a directory [ 85.932178][ T5021] loop4: detected capacity change from 0 to 32768 [ 85.979313][ T5021] ocfs2: Slot 0 on device (7,4) was already allocated to this node! [ 86.002427][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 86.021693][ T5021] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 86.954162][ T4309] ocfs2: Unmounting device (7,4) on (node local) [ 87.103968][ T5080] loop3: detected capacity change from 0 to 512 [ 87.106677][ T5080] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 87.114905][ T5080] EXT4-fs (loop3): 1 truncate cleaned up [ 87.116310][ T5080] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 87.259638][ T4306] EXT4-fs (loop3): unmounting filesystem. [ 87.400629][ T5094] loop1: detected capacity change from 0 to 512 [ 87.562929][ T5094] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 88.294500][ T5102] overlayfs: './file2' not a directory [ 88.519220][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 88.558240][ T5106] loop3: detected capacity change from 0 to 4096 [ 89.547126][ T5084] loop4: detected capacity change from 0 to 40427 [ 89.573308][ T5084] F2FS-fs (loop4): Unrecognized mount option "barrier" or missing value [ 89.677492][ T5122] loop1: detected capacity change from 0 to 512 [ 89.691952][ T5122] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 89.703866][ T4431] I/O error, dev loop4, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 89.708311][ T5122] EXT4-fs (loop1): 1 truncate cleaned up [ 89.717859][ T5122] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 89.765940][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 91.174546][ T5140] loop1: detected capacity change from 0 to 512 [ 91.260813][ T5140] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 91.305041][ T5134] loop2: detected capacity change from 0 to 32768 [ 91.307332][ T5134] XFS: noikeep mount option is deprecated. [ 91.464504][ T5134] XFS (loop2): DAX unsupported by block device. Turning off DAX. [ 91.466882][ T5134] XFS (loop2): Mounting V5 Filesystem [ 91.505663][ T5154] overlayfs: './file2' not a directory [ 91.558094][ T5134] XFS (loop2): Ending clean mount [ 91.569494][ T5134] XFS (loop2): Quotacheck needed: Please wait. [ 91.603968][ T5134] XFS (loop2): Quotacheck: Done. [ 91.680581][ T4303] XFS (loop2): Unmounting Filesystem [ 92.115756][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 93.386182][ T5171] loop1: detected capacity change from 0 to 2048 [ 93.480336][ T5177] loop2: detected capacity change from 0 to 512 [ 93.536517][ T5177] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 95.431774][ T5177] EXT4-fs (loop2): 1 truncate cleaned up [ 95.433398][ T5177] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 95.439575][ T5171] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 95.646391][ T4303] EXT4-fs (loop2): unmounting filesystem. [ 95.672726][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 95.907694][ T5203] loop1: detected capacity change from 0 to 512 [ 95.935717][ T5203] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 96.483713][ T5211] overlayfs: './file2' not a directory [ 96.826411][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 97.657814][ T5196] loop2: detected capacity change from 0 to 40427 [ 97.668751][ T5196] F2FS-fs (loop2): Found nat_bits in checkpoint [ 97.710109][ T5196] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 97.872887][ T4303] syz-executor: attempt to access beyond end of device [ 97.872887][ T4303] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 97.891726][ T4303] syz-executor: attempt to access beyond end of device [ 97.891726][ T4303] loop2: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 99.003541][ T5245] loop3: detected capacity change from 0 to 512 [ 99.399376][ T5245] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 99.707991][ T5245] overlayfs: './file2' not a directory [ 99.886727][ T5234] loop4: detected capacity change from 0 to 32768 [ 99.908609][ T5234] XFS: ikeep mount option is deprecated. [ 99.949064][ T5234] XFS: noikeep mount option is deprecated. [ 99.951443][ T4306] EXT4-fs (loop3): unmounting filesystem. [ 99.995419][ T5234] XFS (loop4): Mounting V5 Filesystem [ 100.046978][ T5258] loop1: detected capacity change from 0 to 256 [ 100.054822][ T5267] loop3: detected capacity change from 0 to 64 [ 100.113795][ T5258] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 100.146804][ T5234] XFS (loop4): Ending clean mount [ 100.150674][ T5234] XFS (loop4): Quotacheck needed: Please wait. [ 100.178110][ T5234] XFS (loop4): Quotacheck: Done. [ 100.213386][ T4309] XFS (loop4): Unmounting Filesystem [ 101.426300][ T5271] loop2: detected capacity change from 0 to 40427 [ 101.533277][ T5271] F2FS-fs (loop2): Found nat_bits in checkpoint [ 101.620609][ T5271] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 101.695544][ T4303] syz-executor: attempt to access beyond end of device [ 101.695544][ T4303] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 101.711282][ T4303] syz-executor: attempt to access beyond end of device [ 101.711282][ T4303] loop2: rw=2049, sector=45136, nr_sectors = 8 limit=40427 [ 103.002033][ T5304] loop1: detected capacity change from 0 to 64 [ 103.341748][ T5312] loop2: detected capacity change from 0 to 512 [ 103.428097][ T5312] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 103.600925][ T5312] overlayfs: './file2' not a directory [ 104.421970][ T4303] EXT4-fs (loop2): unmounting filesystem. [ 105.572843][ T5342] loop4: detected capacity change from 0 to 64 [ 105.990513][ T5362] loop1: detected capacity change from 0 to 1024 [ 106.792455][ T9] hfsplus: b-tree write err: -5, ino 8 [ 106.891338][ T5372] loop2: detected capacity change from 0 to 64 [ 106.916126][ T5377] loop4: detected capacity change from 0 to 512 [ 106.956427][ T5377] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 106.991094][ T5377] EXT4-fs (loop4): 1 truncate cleaned up [ 106.992716][ T5377] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 107.125550][ T4309] EXT4-fs (loop4): unmounting filesystem. [ 108.827809][ T5415] loop2: detected capacity change from 0 to 512 [ 108.830513][ T5415] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 108.835834][ T5415] EXT4-fs (loop2): 1 truncate cleaned up [ 108.837539][ T5415] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 108.886019][ T4303] EXT4-fs (loop2): unmounting filesystem. [ 108.954200][ T5413] loop3: detected capacity change from 0 to 4096 [ 109.025600][ T5421] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 109.217586][ T5405] loop1: detected capacity change from 0 to 40427 [ 109.390256][ T5405] F2FS-fs (loop1): Found nat_bits in checkpoint [ 110.191816][ T5434] loop3: detected capacity change from 0 to 512 [ 110.204163][ T5405] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 110.217145][ T5434] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #13: comm syz.3.331: attempt to clear invalid blocks 2 len 1 [ 110.230990][ T5434] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 216 vs 220 free clusters [ 110.231436][ T5405] syz.1.321: attempt to access beyond end of device [ 110.231436][ T5405] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 110.249438][ T5434] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.331: invalid indirect mapped block 1819239214 (level 0) [ 110.293607][ T5434] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.331: invalid indirect mapped block 1819239214 (level 1) [ 110.367028][ T5434] EXT4-fs (loop3): 1 truncate cleaned up [ 110.397800][ T5434] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 110.626826][ T4306] EXT4-fs (loop3): unmounting filesystem. [ 111.287313][ T5446] loop2: detected capacity change from 0 to 512 [ 111.353524][ T5446] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 111.365433][ T5449] loop4: detected capacity change from 0 to 512 [ 111.398186][ T5449] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 111.403008][ T5446] overlayfs: './file2' not a directory [ 111.545325][ T5449] EXT4-fs (loop4): 1 truncate cleaned up [ 111.547078][ T5449] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 111.571597][ T4309] EXT4-fs (loop4): unmounting filesystem. [ 112.823610][ T4303] EXT4-fs (loop2): unmounting filesystem. [ 114.154047][ T5467] loop1: detected capacity change from 0 to 32768 [ 114.175320][ T5467] XFS: ikeep mount option is deprecated. [ 114.176776][ T5467] XFS: noikeep mount option is deprecated. [ 114.377500][ T5467] XFS (loop1): Mounting V5 Filesystem [ 114.496714][ T5467] XFS (loop1): Ending clean mount [ 114.499958][ T5467] XFS (loop1): Quotacheck needed: Please wait. [ 114.557526][ T5467] XFS (loop1): Quotacheck: Done. [ 114.825490][ T4299] XFS (loop1): Unmounting Filesystem [ 115.174901][ T5479] loop4: detected capacity change from 0 to 40427 [ 115.206369][ T5479] F2FS-fs (loop4): Found nat_bits in checkpoint [ 115.229800][ T5479] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 115.245273][ T5479] syz.4.344: attempt to access beyond end of device [ 115.245273][ T5479] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 115.986730][ T5507] loop1: detected capacity change from 0 to 32768 [ 116.012758][ T5507] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.348 (5507) [ 116.061658][ T5507] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 116.067462][ T5507] BTRFS info (device loop1): using crc32c (crc32c-generic) checksum algorithm [ 116.074054][ T5507] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 116.082644][ T5507] BTRFS info (device loop1): use zstd compression, level 3 [ 116.087972][ T5507] BTRFS info (device loop1): using free space tree [ 116.357702][ T5509] loop4: detected capacity change from 0 to 40427 [ 116.405265][ T5509] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 116.407262][ T5509] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 116.416434][ T5509] F2FS-fs (loop4): Unrecognized mount option "age_extent_cache" or missing value [ 116.564912][ T5507] BTRFS info (device loop1): enabling ssd optimizations [ 117.526805][ T5542] loop3: detected capacity change from 0 to 4096 [ 117.834208][ T4299] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 118.427661][ T5557] loop3: detected capacity change from 0 to 512 [ 118.653039][ T5557] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 119.380295][ T5557] overlayfs: './file2' not a directory [ 119.603896][ T4306] EXT4-fs (loop3): unmounting filesystem. [ 122.566903][ T5599] loop4: detected capacity change from 0 to 64 [ 122.576190][ T5599] overlayfs: unrecognized mount option "ˆ¼bnë› " or missing value [ 122.760657][ T5608] loop2: detected capacity change from 0 to 64 [ 124.867721][ T5636] loop1: detected capacity change from 0 to 64 [ 124.875645][ T5636] overlayfs: unrecognized mount option "ˆ¼bnë› " or missing value [ 124.977555][ T5641] loop4: detected capacity change from 0 to 64 [ 126.069266][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 126.070803][ T2060] ieee802154 phy1 wpan1: encryption failed: -22 [ 129.087749][ T5683] loop2: detected capacity change from 0 to 32768 [ 129.127925][ T5683] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.409 (5683) [ 129.142845][ T5683] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 129.148554][ T5683] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 129.151866][ T5683] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 129.220531][ T5683] BTRFS info (device loop2): use zstd compression, level 3 [ 129.222329][ T5683] BTRFS info (device loop2): using free space tree [ 129.276971][ T5695] loop4: detected capacity change from 0 to 64 [ 129.291001][ T5695] overlayfs: unrecognized mount option "ˆ¼bnë› " or missing value [ 129.306371][ T5687] loop1: detected capacity change from 0 to 32768 [ 129.308566][ T5687] XFS: ikeep mount option is deprecated. [ 129.319702][ T5687] XFS: noikeep mount option is deprecated. [ 129.437854][ T5687] XFS (loop1): Mounting V5 Filesystem [ 130.408300][ T5687] XFS (loop1): Ending clean mount [ 130.411972][ T5687] XFS (loop1): Quotacheck needed: Please wait. [ 130.440759][ T5683] BTRFS info (device loop2): enabling ssd optimizations [ 130.455420][ T5687] XFS (loop1): Quotacheck: Done. [ 130.552151][ T4299] XFS (loop1): Unmounting Filesystem [ 130.597094][ T4303] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 135.063025][ T5771] loop2: detected capacity change from 0 to 2048 [ 135.159438][ T5771] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 135.837032][ T5769] loop3: detected capacity change from 0 to 32768 [ 135.857189][ T5769] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.429 (5769) [ 136.215872][ T4303] EXT4-fs (loop2): unmounting filesystem. [ 136.688754][ T5769] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 136.727569][ T5769] BTRFS info (device loop3): using crc32c (crc32c-generic) checksum algorithm [ 136.736995][ T5769] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 136.759632][ T5769] BTRFS info (device loop3): use zstd compression, level 3 [ 136.761569][ T5769] BTRFS info (device loop3): using free space tree [ 139.330221][ T5769] BTRFS error (device loop3): open_ctree failed: -12 [ 142.146313][ T5863] loop3: detected capacity change from 0 to 64 [ 145.574280][ T5910] netlink: 32 bytes leftover after parsing attributes in process `syz.3.473'. [ 147.678680][ T5909] loop2: detected capacity change from 0 to 32768 [ 147.712326][ T5909] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.472 (5909) [ 147.732120][ T5909] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 147.734831][ T5909] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 147.737071][ T5909] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 147.880579][ T5909] BTRFS info (device loop2): use zstd compression, level 3 [ 147.903568][ T5909] BTRFS info (device loop2): using free space tree [ 148.626792][ T5950] loop4: detected capacity change from 0 to 64 [ 148.630500][ T5909] BTRFS error (device loop2): open_ctree failed: -12 [ 148.784920][ T5960] netlink: 32 bytes leftover after parsing attributes in process `syz.2.485'. [ 151.483253][ T5992] loop2: detected capacity change from 0 to 64 [ 151.676578][ T5996] netlink: 32 bytes leftover after parsing attributes in process `syz.1.498'. [ 151.950102][ T6004] loop1: detected capacity change from 0 to 64 [ 153.084298][ T5989] loop4: detected capacity change from 0 to 32768 [ 153.132508][ T5989] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.495 (5989) [ 153.152299][ T5989] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 153.180907][ T5989] BTRFS info (device loop4): using crc32c (crc32c-generic) checksum algorithm [ 153.183559][ T5989] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 153.194557][ T5989] BTRFS info (device loop4): use zstd compression, level 3 [ 153.196862][ T5989] BTRFS info (device loop4): using free space tree [ 153.296095][ T6003] loop2: detected capacity change from 0 to 40427 [ 153.374129][ T5989] BTRFS info (device loop4): enabling ssd optimizations [ 153.388825][ T6003] F2FS-fs (loop2): Found nat_bits in checkpoint [ 153.460899][ T6003] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 153.485597][ T4309] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 153.619114][ T6003] syz.2.500: attempt to access beyond end of device [ 153.619114][ T6003] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 153.682773][ T6013] loop1: detected capacity change from 0 to 32768 [ 153.709469][ T6013] XFS: ikeep mount option is deprecated. [ 153.710829][ T6013] XFS: noikeep mount option is deprecated. [ 153.812726][ T6013] XFS (loop1): Mounting V5 Filesystem [ 153.935734][ T6013] XFS (loop1): Ending clean mount [ 153.939744][ T6013] XFS (loop1): Quotacheck needed: Please wait. [ 153.976465][ T6013] XFS (loop1): Quotacheck: Done. [ 154.086486][ T4299] XFS (loop1): Unmounting Filesystem [ 154.466946][ T6046] loop4: detected capacity change from 0 to 32768 [ 154.506551][ T6046] [ 154.506551][ T6046] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.506551][ T6046] [ 154.535332][ T6046] [ 154.535332][ T6046] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.535332][ T6046] [ 154.538091][ T6046] [ 154.538091][ T6046] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.538091][ T6046] [ 154.559072][ T6046] [ 154.559072][ T6046] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.559072][ T6046] [ 154.561732][ T6046] [ 154.561732][ T6046] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.561732][ T6046] [ 154.582609][ T93] [ 154.582609][ T93] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.582609][ T93] [ 154.598469][ T6046] jfs_create: dtSearch returned -5 [ 154.668214][ T4309] [ 154.668214][ T4309] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.668214][ T4309] [ 154.686476][ T4309] [ 154.686476][ T4309] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.686476][ T4309] [ 154.756627][ T6062] loop3: detected capacity change from 0 to 64 [ 155.015104][ T6071] netlink: 32 bytes leftover after parsing attributes in process `syz.3.513'. [ 155.913487][ T6078] loop3: detected capacity change from 0 to 512 [ 156.040158][ T6078] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 156.078818][ T6078] overlayfs: './file2' not a directory [ 156.257390][ T6074] loop1: detected capacity change from 0 to 32768 [ 156.278366][ T6074] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.516 (6074) [ 156.597459][ T6074] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 156.613421][ T6074] BTRFS info (device loop1): using crc32c (crc32c-generic) checksum algorithm [ 156.615746][ T6074] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 156.618057][ T6074] BTRFS info (device loop1): use zstd compression, level 3 [ 156.646394][ T6074] BTRFS info (device loop1): using free space tree [ 156.658089][ T4306] EXT4-fs (loop3): unmounting filesystem. [ 156.800999][ T6080] loop2: detected capacity change from 0 to 32768 [ 156.803213][ T6080] XFS: ikeep mount option is deprecated. [ 156.805137][ T6080] XFS: noikeep mount option is deprecated. [ 156.837310][ T6113] loop3: detected capacity change from 0 to 64 [ 156.880087][ T6080] XFS (loop2): Mounting V5 Filesystem [ 156.934812][ T6074] BTRFS info (device loop1): enabling ssd optimizations [ 156.966209][ T6080] XFS (loop2): Ending clean mount [ 157.040907][ T6080] XFS (loop2): Quotacheck needed: Please wait. [ 157.063494][ T6080] XFS (loop2): Quotacheck: Done. [ 157.114399][ T4303] XFS (loop2): Unmounting Filesystem [ 157.198799][ T4299] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 157.951908][ T6133] loop3: detected capacity change from 0 to 256 [ 157.954048][ T6133] exfat: Unknown parameter '0xffffffffffffffffÿ' [ 158.583967][ T6137] ceph: No mds server is up or the cluster is laggy [ 158.620953][ T5825] libceph: connect (1)[c::]:6789 error -101 [ 158.658492][ T5825] libceph: mon0 (1)[c::]:6789 connect error [ 158.769399][ T4316] Bluetooth: hci0: command 0x0406 tx timeout [ 158.771536][ T47] Bluetooth: hci1: command 0x0406 tx timeout [ 159.001265][ T5825] libceph: connect (1)[c::]:6789 error -101 [ 159.002942][ T5825] libceph: mon0 (1)[c::]:6789 connect error [ 159.222011][ T6144] loop4: detected capacity change from 0 to 2048 [ 159.225455][ T6148] netlink: 24 bytes leftover after parsing attributes in process `syz.2.527'. [ 159.321105][ T6152] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 160.237262][ T6158] loop1: detected capacity change from 0 to 512 [ 160.271016][ T6158] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 160.304161][ T6158] overlayfs: './file2' not a directory [ 160.341478][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 160.667899][ T6171] loop1: detected capacity change from 0 to 64 [ 160.967858][ T6177] netlink: 24 bytes leftover after parsing attributes in process `syz.4.542'. [ 161.458619][ T6180] ceph: No mds server is up or the cluster is laggy [ 161.523946][ T7] libceph: connect (1)[c::]:6789 error -101 [ 161.542861][ T7] libceph: mon0 (1)[c::]:6789 connect error [ 162.147919][ T6191] loop4: detected capacity change from 0 to 256 [ 162.161984][ T6189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.545'. [ 162.164560][ T6189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.545'. [ 162.171193][ T6191] exfat: Unknown parameter '0xffffffffffffffffÿ' [ 162.285871][ T6194] loop1: detected capacity change from 0 to 512 [ 162.319043][ T6194] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 162.335834][ T6194] overlayfs: './file2' not a directory [ 162.406785][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 162.910235][ T6189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.545'. [ 162.923336][ T6189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.545'. [ 163.200763][ T6189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.545'. [ 163.270115][ T6189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.545'. [ 163.272476][ T6189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.545'. [ 163.274821][ T6189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.545'. [ 163.322181][ T6206] loop3: detected capacity change from 0 to 64 [ 163.939330][ T4316] Bluetooth: hci2: command 0x0406 tx timeout [ 163.941787][ T4316] Bluetooth: hci4: command 0x0406 tx timeout [ 163.944831][ T4316] Bluetooth: hci3: command 0x0406 tx timeout [ 164.254576][ T6213] __nla_validate_parse: 28 callbacks suppressed [ 164.254590][ T6213] netlink: 24 bytes leftover after parsing attributes in process `syz.2.553'. [ 164.438655][ T6222] loop2: detected capacity change from 0 to 64 [ 165.286230][ T6230] loop1: detected capacity change from 0 to 512 [ 165.540093][ T6238] loop4: detected capacity change from 0 to 64 [ 165.640569][ T6230] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 166.621326][ T6230] overlayfs: './file2' not a directory [ 166.780062][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 167.057325][ T6260] loop3: detected capacity change from 0 to 4096 [ 167.093910][ T6265] netlink: 'syz.4.573': attribute type 10 has an invalid length. [ 167.095932][ T6265] team0: Device ip6gretap0 is up. Set it down before adding it as a team port [ 167.121189][ T6265] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check. [ 167.125621][ T6264] loop2: detected capacity change from 0 to 512 [ 167.167487][ T4500] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 167.465077][ T6277] loop4: detected capacity change from 0 to 512 [ 167.633083][ T6277] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 168.261984][ T6282] netlink: 4 bytes leftover after parsing attributes in process `syz.3.579'. [ 168.270424][ T6277] overlayfs: './file2' not a directory [ 168.307915][ T6282] device erspan0 entered promiscuous mode [ 168.320326][ T6282] device macvtap1 entered promiscuous mode [ 168.329812][ T6287] netlink: 4 bytes leftover after parsing attributes in process `syz.3.579'. [ 168.339547][ T6287] device erspan0 left promiscuous mode [ 168.733479][ T4309] EXT4-fs (loop4): unmounting filesystem. [ 169.546980][ T6308] loop4: detected capacity change from 0 to 64 [ 170.916856][ T6328] loop3: detected capacity change from 0 to 512 [ 171.158639][ T6332] netlink: 20 bytes leftover after parsing attributes in process `syz.2.596'. [ 172.146052][ T6325] loop4: detected capacity change from 0 to 32768 [ 172.153854][ T6328] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 172.176343][ T6325] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.593 (6325) [ 172.341102][ T6328] overlayfs: './file2' not a directory [ 172.572955][ T6325] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 172.577462][ T6325] BTRFS info (device loop4): using crc32c (crc32c-generic) checksum algorithm [ 172.591854][ T6325] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 172.607440][ T6325] BTRFS info (device loop4): use zstd compression, level 3 [ 172.609485][ T6325] BTRFS info (device loop4): using free space tree [ 172.710945][ T4306] EXT4-fs (loop3): unmounting filesystem. [ 173.220157][ T6325] BTRFS error (device loop4): open_ctree failed: -12 [ 173.556129][ T6372] loop1: detected capacity change from 0 to 64 [ 175.060042][ T6387] netlink: 20 bytes leftover after parsing attributes in process `syz.3.608'. [ 175.155138][ T6392] loop2: detected capacity change from 0 to 2048 [ 175.309282][ T6392] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 175.355343][ T6403] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 175.357118][ T6392] syz.2.610: attempt to access beyond end of device [ 175.357118][ T6392] loop2: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 176.498176][ T6416] loop3: detected capacity change from 0 to 64 [ 176.739870][ T6398] loop1: detected capacity change from 0 to 32768 [ 176.757661][ T6398] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.612 (6398) [ 176.781018][ T6398] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 176.984272][ T6398] BTRFS info (device loop1): using crc32c (crc32c-generic) checksum algorithm [ 177.024604][ T6398] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 177.055488][ T6398] BTRFS info (device loop1): use zstd compression, level 3 [ 177.125746][ T6398] BTRFS info (device loop1): using free space tree [ 177.596808][ T6439] loop3: detected capacity change from 0 to 512 [ 177.649149][ T6398] BTRFS info (device loop1): enabling ssd optimizations [ 177.696779][ T6439] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 177.746495][ T6439] overlayfs: './file2' not a directory [ 177.855180][ T4299] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 178.048194][ T4306] EXT4-fs (loop3): unmounting filesystem. [ 178.150637][ T6457] netlink: 20 bytes leftover after parsing attributes in process `syz.1.623'. [ 178.186887][ T6459] loop2: detected capacity change from 0 to 256 [ 178.199909][ T6459] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 179.637150][ T6470] loop4: detected capacity change from 0 to 64 [ 179.675010][ T6474] loop2: detected capacity change from 0 to 2048 [ 179.886604][ T6474] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 180.495848][ T6480] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 180.496069][ T6474] syz.2.629: attempt to access beyond end of device [ 180.496069][ T6474] loop2: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 181.377440][ T6493] loop2: detected capacity change from 0 to 512 [ 181.396982][ T6492] netlink: 20 bytes leftover after parsing attributes in process `syz.0.637'. [ 181.507953][ T6493] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 181.541528][ T6493] overlayfs: './file2' not a directory [ 181.917170][ T6483] loop1: detected capacity change from 0 to 262144 [ 181.957022][ T6483] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop1 scanned by syz.1.634 (6483) [ 181.963580][ T4303] EXT4-fs (loop2): unmounting filesystem. [ 181.965325][ T6483] BTRFS info (device loop1): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53 [ 181.968069][ T6483] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 181.971011][ T6483] BTRFS info (device loop1): using free space tree [ 182.335890][ T6483] BTRFS info (device loop1): enabling ssd optimizations [ 183.069377][ T4299] BTRFS info (device loop1): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53 [ 184.137345][ T6536] loop2: detected capacity change from 0 to 64 [ 184.496259][ T6542] netlink: 20 bytes leftover after parsing attributes in process `syz.3.649'. [ 184.723500][ T6552] loop3: detected capacity change from 0 to 256 [ 184.803675][ T6552] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 186.033259][ T6551] loop2: detected capacity change from 0 to 32768 [ 186.069055][ T6551] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 scanned by syz.2.650 (6551) [ 186.102013][ T6551] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 186.104548][ T6551] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 186.106965][ T6551] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 186.122025][ T6551] BTRFS info (device loop2): use zstd compression, level 3 [ 186.123886][ T6551] BTRFS info (device loop2): using free space tree [ 186.921771][ T6551] BTRFS info (device loop2): enabling ssd optimizations [ 187.227110][ T4303] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 187.241903][ T6596] loop3: detected capacity change from 0 to 64 [ 187.267336][ T6598] loop4: detected capacity change from 0 to 512 [ 187.295886][ T6598] EXT4-fs (loop4): orphan cleanup on readonly fs [ 187.349078][ T6598] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.661: casefold flag without casefold feature [ 187.365266][ T6598] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.661: couldn't read orphan inode 15 (err -117) [ 187.372678][ T6598] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 187.380122][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.382064][ T2060] ieee802154 phy1 wpan1: encryption failed: -22 [ 188.100319][ T6605] loop1: detected capacity change from 0 to 2048 [ 188.126159][ T6605] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 188.199245][ T6605] syz.1.662: attempt to access beyond end of device [ 188.199245][ T6605] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 188.203285][ T6612] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 188.456347][ T4309] EXT4-fs (loop4): unmounting filesystem. [ 188.700334][ T6624] loop3: detected capacity change from 0 to 64 [ 188.724729][ T47] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 188.728067][ T47] CPU: 0 PID: 47 Comm: kworker/u5:0 Not tainted 6.1.135-syzkaller #0 [ 188.730163][ T47] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 188.732689][ T47] Workqueue: hci2 hci_rx_work [ 188.733885][ T47] Call trace: [ 188.734727][ T47] dump_backtrace+0x1c8/0x1f4 [ 188.735997][ T47] show_stack+0x2c/0x3c [ 188.737134][ T47] __dump_stack+0x30/0x40 [ 188.738254][ T47] dump_stack_lvl+0xf8/0x160 [ 188.739404][ T47] dump_stack+0x1c/0x5c [ 188.740539][ T47] sysfs_create_dir_ns+0x22c/0x24c [ 188.741871][ T47] kobject_add_internal+0x5a8/0xb30 [ 188.743230][ T47] kobject_add+0x134/0x1f8 [ 188.744441][ T47] device_add+0x3f0/0xf94 [ 188.745636][ T47] hci_conn_add_sysfs+0xbc/0x1cc [ 188.746910][ T47] le_conn_complete_evt+0xa24/0xf8c [ 188.748317][ T47] hci_le_conn_complete_evt+0x114/0x3f8 [ 188.749807][ T47] hci_le_meta_evt+0x2c0/0x4a4 [ 188.751048][ T47] hci_event_packet+0x6ac/0xf08 [ 188.752293][ T47] hci_rx_work+0x324/0xaa0 [ 188.753423][ T47] process_one_work+0x7f4/0x13a8 [ 188.754646][ T47] worker_thread+0x8c8/0xfbc [ 188.755797][ T47] kthread+0x250/0x2d8 [ 188.756837][ T47] ret_from_fork+0x10/0x20 [ 188.772380][ T47] kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 188.776888][ T47] Bluetooth: hci2: failed to register connection device [ 189.682500][ T6624] hfs: unable to load codepage "macgžeek" [ 189.684261][ T6624] hfs: unable to parse mount options [ 190.216525][ T6645] loop2: detected capacity change from 0 to 64 [ 190.422372][ T6649] loop2: detected capacity change from 0 to 256 [ 190.424522][ T6649] exfat: Unknown parameter '0xffffffffffffffffÿ' [ 190.490270][ T4431] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 190.851600][ T6647] loop4: detected capacity change from 0 to 32768 [ 190.859010][ T6647] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.675 (6647) [ 190.874677][ T6647] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 190.877274][ T6647] BTRFS info (device loop4): using crc32c (crc32c-generic) checksum algorithm [ 190.888736][ T6647] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 190.892637][ T6647] BTRFS info (device loop4): use zstd compression, level 3 [ 190.894453][ T6647] BTRFS info (device loop4): using free space tree [ 191.392027][ T6647] BTRFS info (device loop4): enabling ssd optimizations [ 191.930127][ T4309] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 192.153724][ T6695] loop2: detected capacity change from 0 to 64 [ 192.315321][ T6702] loop1: detected capacity change from 0 to 2048 [ 192.318714][ T6702] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 192.358184][ T6706] loop3: detected capacity change from 0 to 256 [ 192.365629][ T6707] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 192.370086][ T6702] syz.1.688: attempt to access beyond end of device [ 192.370086][ T6702] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 192.374664][ T6706] exfat: Unknown parameter '0xffffffffffffffffÿ' [ 194.825575][ T6738] loop1: detected capacity change from 0 to 4096 [ 194.909133][ T47] Bluetooth: hci2: command 0x0406 tx timeout [ 194.931753][ T6743] loop2: detected capacity change from 0 to 64 [ 195.164346][ T6725] loop3: detected capacity change from 0 to 32768 [ 195.168406][ T6750] loop4: detected capacity change from 0 to 256 [ 195.178109][ T6751] loop1: detected capacity change from 0 to 256 [ 195.187369][ T6725] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.693 (6725) [ 195.204376][ T6751] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 195.217799][ T6725] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 195.239783][ T6725] BTRFS info (device loop3): using crc32c (crc32c-generic) checksum algorithm [ 195.245671][ T6725] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 195.394128][ T6725] BTRFS info (device loop3): use zstd compression, level 3 [ 195.398428][ T6725] BTRFS info (device loop3): using free space tree [ 196.260715][ T6725] BTRFS error (device loop3): open_ctree failed: -12 [ 196.338662][ T4807] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by udevd (4807) [ 197.091842][ T6747] device vlan0 entered promiscuous mode [ 198.463132][ T6807] loop4: detected capacity change from 0 to 64 [ 199.865795][ T6819] loop2: detected capacity change from 0 to 32768 [ 199.910546][ T6819] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 199.913181][ T6819] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 199.939169][ T6819] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 199.941665][ T6819] BTRFS info (device loop2): use zstd compression, level 3 [ 199.943584][ T6819] BTRFS info (device loop2): using free space tree [ 200.043550][ T6851] loop1: detected capacity change from 0 to 64 [ 200.198217][ T6819] BTRFS info (device loop2): enabling ssd optimizations [ 201.026333][ T6867] loop1: detected capacity change from 0 to 256 [ 201.029654][ T4303] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 201.086950][ T6867] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 201.826717][ T6884] loop2: detected capacity change from 0 to 512 [ 201.906700][ T6884] EXT4-fs (loop2): orphan cleanup on readonly fs [ 201.908534][ T6884] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.732: casefold flag without casefold feature [ 201.950846][ T6884] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.732: couldn't read orphan inode 15 (err -117) [ 201.960994][ T6893] loop1: detected capacity change from 0 to 64 [ 201.963801][ T6884] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 202.843297][ T4303] EXT4-fs (loop2): unmounting filesystem. [ 203.135540][ T6910] loop1: detected capacity change from 0 to 256 [ 205.986476][ T6931] loop4: detected capacity change from 0 to 16 [ 206.016888][ T6931] erofs: (device loop4): mounted with root inode @ nid 36. [ 206.277265][ T6938] loop1: detected capacity change from 0 to 512 [ 206.365873][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 86 @ nid 36 [ 206.368764][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 84 @ nid 36 [ 206.371802][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 80 @ nid 36 [ 206.376031][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 74 @ nid 36 [ 206.378617][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 72 @ nid 36 [ 206.381156][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 70 @ nid 36 [ 206.383879][ T6939] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 206.386248][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 63 @ nid 36 [ 206.388703][ T6939] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 206.391113][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 62 @ nid 36 [ 206.395111][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 58 @ nid 36 [ 206.397500][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 57 @ nid 36 [ 206.400251][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 54 @ nid 36 [ 206.402556][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 53 @ nid 36 [ 206.404908][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 52 @ nid 36 [ 206.407206][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 51 @ nid 36 [ 206.409471][ T6939] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 206.411758][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 50 @ nid 36 [ 206.414226][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 47 @ nid 36 [ 206.416491][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 46 @ nid 36 [ 206.419838][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 40 @ nid 36 [ 206.422108][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 39 @ nid 36 [ 206.424554][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 38 @ nid 36 [ 206.427242][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 34 @ nid 36 [ 206.429842][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 32 @ nid 36 [ 206.432405][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 30 @ nid 36 [ 206.434966][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 27 @ nid 36 [ 206.437184][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 26 @ nid 36 [ 206.439561][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 25 @ nid 36 [ 206.442111][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 24 @ nid 36 [ 206.444397][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 23 @ nid 36 [ 206.446782][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 22 @ nid 36 [ 206.449351][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 21 @ nid 36 [ 206.451681][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 20 @ nid 36 [ 206.454172][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 18 @ nid 36 [ 206.457034][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 12 @ nid 36 [ 206.460135][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 10 @ nid 36 [ 206.463090][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 6 @ nid 36 [ 206.465524][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 4 @ nid 36 [ 206.468541][ T6939] erofs: (device loop4): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36 [ 206.470974][ T6939] erofs: (device loop4): z_erofs_readahead: readahead error at page 0 @ nid 36 [ 206.473678][ T6939] syz.4.750: attempt to access beyond end of device [ 206.473678][ T6939] loop4: rw=524288, sector=1049264, nr_sectors = 16 limit=16 [ 206.477529][ T6939] syz.4.750: attempt to access beyond end of device [ 206.477529][ T6939] loop4: rw=524288, sector=6520, nr_sectors = 16 limit=16 [ 206.481490][ T6939] syz.4.750: attempt to access beyond end of device [ 206.481490][ T6939] loop4: rw=524288, sector=34359736328, nr_sectors = 16 limit=16 [ 206.485385][ T6939] syz.4.750: attempt to access beyond end of device [ 206.485385][ T6939] loop4: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 206.488924][ T6939] syz.4.750: attempt to access beyond end of device [ 206.488924][ T6939] loop4: rw=524288, sector=536576856, nr_sectors = 16 limit=16 [ 206.492855][ T6939] syz.4.750: attempt to access beyond end of device [ 206.492855][ T6939] loop4: rw=524288, sector=13478624032, nr_sectors = 8 limit=16 [ 206.496659][ T6939] syz.4.750: attempt to access beyond end of device [ 206.496659][ T6939] loop4: rw=524288, sector=13716630376, nr_sectors = 8 limit=16 [ 206.500455][ T6939] syz.4.750: attempt to access beyond end of device [ 206.500455][ T6939] loop4: rw=524288, sector=133693448, nr_sectors = 8 limit=16 [ 206.504190][ T6939] syz.4.750: attempt to access beyond end of device [ 206.504190][ T6939] loop4: rw=524288, sector=790384, nr_sectors = 16 limit=16 [ 206.508036][ T6939] syz.4.750: attempt to access beyond end of device [ 206.508036][ T6939] loop4: rw=524288, sector=72, nr_sectors = 16 limit=16 [ 207.048043][ T6938] EXT4-fs (loop1): orphan cleanup on readonly fs [ 207.056188][ T6938] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.753: casefold flag without casefold feature [ 207.085182][ T6938] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.753: couldn't read orphan inode 15 (err -117) [ 207.088694][ T6938] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 207.813763][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 209.993573][ T6968] loop1: detected capacity change from 0 to 32768 [ 210.071891][ T6968] XFS (loop1): Mounting V5 Filesystem [ 210.187076][ T6995] loop4: detected capacity change from 0 to 512 [ 210.215753][ T6995] EXT4-fs (loop4): orphan cleanup on readonly fs [ 210.217954][ T6995] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.768: casefold flag without casefold feature [ 210.220203][ T6968] XFS (loop1): Ending clean mount [ 210.224968][ T6995] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.768: couldn't read orphan inode 15 (err -117) [ 210.228321][ T6995] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 210.230020][ T6968] XFS (loop1): Quotacheck needed: Please wait. [ 211.769254][ T6968] XFS (loop1): Quotacheck: Done. [ 211.855839][ T4309] EXT4-fs (loop4): unmounting filesystem. [ 211.929288][ T4299] XFS (loop1): Unmounting Filesystem [ 212.621832][ T7031] device syzkaller1 entered promiscuous mode [ 214.797729][ T7029] loop2: detected capacity change from 0 to 32768 [ 214.815253][ T7029] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.780 (7029) [ 214.844669][ T7029] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 214.854867][ T7029] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 214.862676][ T7029] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 214.873007][ T7029] BTRFS info (device loop2): use zstd compression, level 3 [ 214.873034][ T7030] loop4: detected capacity change from 0 to 32768 [ 214.877146][ T7029] BTRFS info (device loop2): using free space tree [ 215.013104][ T7030] XFS (loop4): Mounting V5 Filesystem [ 215.228329][ T7030] XFS (loop4): Ending clean mount [ 216.163908][ T7029] BTRFS error (device loop2): open_ctree failed: -12 [ 217.497583][ T4309] XFS (loop4): Unmounting Filesystem [ 217.514512][ T7101] netlink: 64 bytes leftover after parsing attributes in process `syz.2.795'. [ 220.512621][ T7114] loop1: detected capacity change from 0 to 32768 [ 220.526343][ T7114] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.800 (7114) [ 220.694813][ T7114] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 220.698057][ T7114] BTRFS info (device loop1): using crc32c (crc32c-generic) checksum algorithm [ 220.712626][ T7114] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 220.719230][ T7114] BTRFS info (device loop1): use zstd compression, level 3 [ 220.721073][ T7114] BTRFS info (device loop1): using free space tree [ 221.622908][ T7136] loop4: detected capacity change from 0 to 32768 [ 221.645946][ T7136] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.804 (7136) [ 221.664990][ T7136] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 221.667959][ T7136] BTRFS info (device loop4): using sha256 (sha256-ce) checksum algorithm [ 221.699111][ T7136] BTRFS info (device loop4): force clearing of disk cache [ 221.701139][ T7136] BTRFS info (device loop4): enabling auto defrag [ 221.702800][ T7136] BTRFS info (device loop4): max_inline at 0 [ 221.704371][ T7136] BTRFS info (device loop4): enabling disk space caching [ 221.706156][ T7136] BTRFS info (device loop4): disk space caching is enabled [ 221.892605][ T7114] BTRFS error (device loop1): open_ctree failed: -12 [ 222.109073][ T7136] BTRFS info (device loop4): enabling ssd optimizations [ 222.122805][ T7136] BTRFS info (device loop4): rebuilding free space tree [ 222.213757][ T7171] loop2: detected capacity change from 0 to 32768 [ 222.346024][ T7136] BTRFS info (device loop4): disabling free space tree [ 222.348093][ T7136] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 222.370068][ T7136] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 222.419793][ T7171] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode. [ 222.434497][ T11] (kworker/u4:1,11,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=16, inode=66, rec_len=491, name_len=2 [ 222.573714][ T4303] ocfs2: Unmounting device (7,2) on (node local) [ 222.846289][ T5579] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 222.872087][ T4309] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 225.332003][ T7215] loop2: detected capacity change from 0 to 32768 [ 225.335547][ T7215] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.820 (7215) [ 225.354799][ T7215] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 225.357372][ T7215] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 225.360793][ T7215] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 225.378037][ T7215] BTRFS info (device loop2): use zstd compression, level 3 [ 225.380120][ T7215] BTRFS info (device loop2): using free space tree [ 225.408501][ T7235] loop4: detected capacity change from 0 to 2048 [ 225.416082][ T7235] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 225.513365][ T7235] bio_check_eod: 12 callbacks suppressed [ 225.513379][ T7235] syz.4.828: attempt to access beyond end of device [ 225.513379][ T7235] loop4: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 225.520282][ T7242] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 226.352097][ T7215] BTRFS info (device loop2): enabling ssd optimizations [ 226.529342][ T4303] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 228.520107][ T4459] kernel write not supported for file /dsp (pid: 4459 comm: kworker/1:9) [ 228.742316][ T7303] loop1: detected capacity change from 0 to 256 [ 228.751789][ T7303] exfat: Unknown parameter '0xffffffffffffffffÿ' [ 229.008248][ T7300] loop2: detected capacity change from 0 to 32768 [ 229.018460][ T7300] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.845 (7300) [ 229.133810][ T7300] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 229.138003][ T7300] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 229.148282][ T7300] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 229.195351][ T7300] BTRFS info (device loop2): use zstd compression, level 3 [ 229.197465][ T7300] BTRFS info (device loop2): using free space tree [ 229.508804][ T7300] BTRFS info (device loop2): enabling ssd optimizations [ 229.605654][ T7341] loop4: detected capacity change from 0 to 512 [ 229.711700][ T7341] EXT4-fs (loop4): orphan cleanup on readonly fs [ 229.715757][ T7341] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.854: casefold flag without casefold feature [ 229.729940][ T7341] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.854: couldn't read orphan inode 15 (err -117) [ 229.761318][ T7341] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 229.778401][ T4303] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 230.995733][ T4309] EXT4-fs (loop4): unmounting filesystem. [ 232.627129][ T7377] loop2: detected capacity change from 0 to 32768 [ 232.636216][ T7377] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.867 (7377) [ 232.749878][ T7377] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 232.753785][ T7377] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 232.756276][ T7377] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 232.765934][ T7377] BTRFS info (device loop2): use zstd compression, level 3 [ 232.768115][ T7377] BTRFS info (device loop2): using free space tree [ 232.794714][ T7377] BTRFS info (device loop2): enabling ssd optimizations [ 233.618670][ T4303] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 234.162495][ T7416] 9pnet_virtio: no channels available for device syz [ 237.451094][ T7439] loop2: detected capacity change from 0 to 512 [ 237.504192][ T7439] EXT4-fs (loop2): orphan cleanup on readonly fs [ 237.512708][ T7439] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.881: casefold flag without casefold feature [ 237.516493][ T7439] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.881: couldn't read orphan inode 15 (err -117) [ 237.521929][ T7439] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 238.431694][ T4303] EXT4-fs (loop2): unmounting filesystem. [ 238.484884][ T7449] loop4: detected capacity change from 0 to 8 [ 239.687712][ T7453] loop1: detected capacity change from 0 to 32768 [ 239.710052][ T7453] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.884 (7453) [ 239.729972][ T7453] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 239.732366][ T7453] BTRFS info (device loop1): using crc32c (crc32c-generic) checksum algorithm [ 239.743410][ T7453] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 239.748399][ T7453] BTRFS info (device loop1): use zstd compression, level 3 [ 239.756054][ T7453] BTRFS info (device loop1): using free space tree [ 240.107693][ T7453] BTRFS info (device loop1): enabling ssd optimizations [ 241.204146][ T4299] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 242.162134][ T7507] loop2: detected capacity change from 0 to 32768 [ 242.172932][ T7507] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.899 (7507) [ 242.202594][ T7507] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 242.205554][ T7507] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 242.207878][ T7507] BTRFS info (device loop2): setting nodatacow, compression disabled [ 242.259518][ T7507] BTRFS info (device loop2): max_inline at 0 [ 242.261138][ T7507] BTRFS info (device loop2): enabling disk space caching [ 242.262863][ T7507] BTRFS info (device loop2): turning off barriers [ 242.264479][ T7507] BTRFS info (device loop2): turning on flush-on-commit [ 242.269651][ T7507] BTRFS info (device loop2): doing ref verification [ 242.271346][ T7507] BTRFS info (device loop2): force clearing of disk cache [ 242.273154][ T7507] BTRFS info (device loop2): enabling ssd optimizations [ 242.274808][ T7507] BTRFS info (device loop2): turning on sync discard [ 242.318264][ T7507] BTRFS info (device loop2): disk space caching is enabled [ 242.645931][ T7507] BTRFS info (device loop2): rebuilding free space tree [ 242.699771][ T7507] BTRFS info (device loop2): disabling free space tree [ 242.710140][ T7507] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 242.723167][ T7507] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 242.838182][ T4303] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 243.336913][ T7564] loop4: detected capacity change from 0 to 1024 [ 243.417014][ T7560] loop2: detected capacity change from 0 to 32768 [ 243.505936][ T7560] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.911 (7560) [ 243.516997][ T5061] hfsplus: b-tree write err: -5, ino 3 [ 243.592194][ T7560] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 243.597915][ T7560] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 243.609556][ T7560] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 243.622926][ T7560] BTRFS info (device loop2): use zstd compression, level 3 [ 243.637986][ T7560] BTRFS info (device loop2): using free space tree [ 245.224532][ T7560] BTRFS info (device loop2): enabling ssd optimizations [ 245.506791][ T4303] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 248.556978][ T7657] usb usb1: usbfs: process 7657 (syz.2.940) did not claim interface 0 before use [ 248.626240][ T7639] loop4: detected capacity change from 0 to 32768 [ 248.647752][ T4431] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by udevd (4431) [ 248.666381][ T7639] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 248.670308][ T7639] BTRFS info (device loop4): using crc32c (crc32c-generic) checksum algorithm [ 248.675914][ T7639] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 248.683746][ T7639] BTRFS info (device loop4): use zstd compression, level 3 [ 248.687939][ T7639] BTRFS info (device loop4): using free space tree [ 248.829793][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 248.833133][ T2060] ieee802154 phy1 wpan1: encryption failed: -22 [ 248.900155][ T7639] BTRFS info (device loop4): enabling ssd optimizations [ 249.088689][ T4309] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 252.391919][ T7713] loop2: detected capacity change from 0 to 2048 [ 252.410258][ T7713] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 252.555183][ T7713] syz.2.955: attempt to access beyond end of device [ 252.555183][ T7713] loop2: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 252.565690][ T7725] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 253.255351][ T7734] loop1: detected capacity change from 0 to 8 [ 253.766051][ T7723] loop4: detected capacity change from 0 to 32768 [ 253.796072][ T7723] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.957 (7723) [ 253.931690][ T7723] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 253.961356][ T7723] BTRFS info (device loop4): using crc32c (crc32c-generic) checksum algorithm [ 253.985423][ T7723] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 254.010413][ T7723] BTRFS info (device loop4): use zstd compression, level 3 [ 254.037350][ T7723] BTRFS info (device loop4): using free space tree [ 254.333304][ T7766] loop1: detected capacity change from 0 to 512 [ 254.335420][ T7723] BTRFS info (device loop4): enabling ssd optimizations [ 254.506308][ T7773] overlayfs: unrecognized mount option "ˆ¼bnë› " or missing value [ 254.555519][ T4309] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 254.718017][ T7766] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 254.992633][ T7766] overlayfs: './file2' not a directory [ 255.481220][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 255.683652][ T7784] loop1: detected capacity change from 0 to 512 [ 255.734239][ T7784] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 257.707598][ T7812] loop2: detected capacity change from 0 to 64 [ 258.366398][ T7811] overlayfs: unrecognized mount option "ˆ¼bnë› " or missing value [ 258.977804][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 259.668063][ T7826] loop4: detected capacity change from 0 to 2048 [ 259.714129][ T7826] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 260.140301][ T7844] loop2: detected capacity change from 0 to 64 [ 260.155560][ T7844] overlayfs: unrecognized mount option "ˆ¼bnë› " or missing value [ 260.377537][ T7849] netlink: 8 bytes leftover after parsing attributes in process `syz.4.996'. [ 260.955650][ T7853] loop4: detected capacity change from 0 to 512 [ 261.476608][ T7853] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 262.076433][ T7870] loop1: detected capacity change from 0 to 8 [ 262.476217][ T7880] overlayfs: './file2' not a directory [ 262.479489][ T7879] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1007'. [ 262.751646][ T7872] loop2: detected capacity change from 0 to 32768 [ 263.130661][ T7889] loop2: detected capacity change from 0 to 64 [ 263.150087][ T7889] overlayfs: unrecognized mount option "ˆ¼bnë› " or missing value [ 265.068663][ T7906] loop1: detected capacity change from 0 to 256 [ 265.332027][ T7906] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 266.731586][ T7930] loop1: detected capacity change from 0 to 64 [ 266.744868][ T7930] overlayfs: unrecognized mount option "ˆ¼bnë› " or missing value [ 267.433612][ T4309] EXT4-fs (loop4): unmounting filesystem. [ 268.631040][ T7950] loop4: detected capacity change from 0 to 8 [ 269.876251][ T7962] loop1: detected capacity change from 0 to 256 [ 269.919165][ T7962] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 269.931763][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 269.989496][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 270.051364][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 270.056499][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 270.291446][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 270.450731][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 270.634972][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 271.156645][ T7980] loop4: detected capacity change from 0 to 64 [ 271.463443][ T7980] overlayfs: unrecognized mount option "ˆ¼bnë› " or missing value [ 272.023234][ T7992] loop4: detected capacity change from 0 to 8 [ 272.817942][ T7992] overlayfs: failed to resolve './file1': -2 [ 273.041758][ T8002] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1044'. [ 273.075913][ T8006] loop4: detected capacity change from 0 to 256 [ 273.097371][ T8006] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 274.435157][ T8026] loop4: detected capacity change from 0 to 64 [ 274.503632][ T8026] overlayfs: unrecognized mount option "ˆ¼bnë› " or missing value [ 274.606292][ T8031] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1053'. [ 274.781466][ T8038] loop1: detected capacity change from 0 to 8 [ 274.803039][ T8038] overlayfs: failed to resolve './file1': -2 [ 276.408258][ T8068] overlayfs: unrecognized mount option "ˆ¼bnë› " or missing value [ 276.629877][ T8044] loop1: detected capacity change from 0 to 32768 [ 276.671915][ T8044] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.1057 (8044) [ 276.695783][ T8044] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 276.698364][ T8044] BTRFS info (device loop1): using crc32c (crc32c-generic) checksum algorithm [ 276.714068][ T8044] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 276.726148][ T8072] device syzkaller1 entered promiscuous mode [ 276.727003][ T8044] BTRFS info (device loop1): use zstd compression, level 3 [ 276.741849][ T8044] BTRFS info (device loop1): using free space tree [ 276.849103][ T8044] BTRFS info (device loop1): enabling ssd optimizations [ 276.978374][ T8094] overlayfs: failed to resolve './file1': -2 [ 277.018626][ T4299] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 278.231606][ T8122] overlayfs: failed to clone upperpath [ 279.227126][ T8123] lo speed is unknown, defaulting to 1000 [ 279.231524][ T8123] lo speed is unknown, defaulting to 1000 [ 279.234522][ T8123] lo speed is unknown, defaulting to 1000 [ 279.270576][ T8123] infiniband syz0: set active [ 279.272064][ T8123] infiniband syz0: added lo [ 280.237092][ T4346] lo speed is unknown, defaulting to 1000 [ 280.274867][ T8123] RDS/IB: syz0: added [ 280.276681][ T8123] smc: adding ib device syz0 with port count 1 [ 280.278492][ T8123] smc: ib device syz0 port 1 has pnetid [ 280.283636][ T8123] lo speed is unknown, defaulting to 1000 [ 280.295257][ T4346] lo speed is unknown, defaulting to 1000 [ 280.331407][ T8131] overlayfs: failed to clone upperpath [ 280.368072][ T8123] lo speed is unknown, defaulting to 1000 [ 280.403304][ T8123] lo speed is unknown, defaulting to 1000 [ 280.437780][ T8123] lo speed is unknown, defaulting to 1000 [ 280.472473][ T8123] lo speed is unknown, defaulting to 1000 [ 280.645780][ T8136] overlayfs: unrecognized mount option "ˆ¼bnë› " or missing value [ 282.250726][ T8166] overlayfs: failed to clone upperpath [ 283.650334][ T8180] overlayfs: unrecognized mount option "ˆ¼bnë› " or missing value [ 285.807096][ T8209] overlayfs: failed to clone upperpath [ 286.871120][ T8217] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 286.897298][ T8217] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 286.923941][ T8217] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 286.959357][ T8217] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 286.977614][ T8217] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 286.988764][ T8217] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 287.439084][ T8227] overlayfs: unrecognized mount option "ˆ¼bnë› " or missing value [ 287.838100][ T8217] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 289.797261][ T8263] overlayfs: failed to clone upperpath [ 290.728276][ T8271] loop1: detected capacity change from 0 to 64 [ 290.916315][ T8271] overlayfs: filesystem on './file1' not supported [ 291.632345][ T8277] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 291.648404][ T8277] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 291.666894][ T8277] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 291.680919][ T8277] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 291.749064][ T8277] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 291.752635][ T8277] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 291.804349][ T8277] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 291.806498][ T8285] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1125'. [ 294.006166][ T8312] loop1: detected capacity change from 0 to 512 [ 294.088491][ T8312] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 294.190079][ T8325] overlayfs: failed to resolve './file1': -2 [ 294.792018][ T8328] overlayfs: './file2' not a directory [ 295.589170][ T8326] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 295.597920][ T8326] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 295.604367][ T8326] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 295.606599][ T8326] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 295.608544][ T8326] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 295.651386][ T8326] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 295.660287][ T8326] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 295.764052][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 296.749145][ T8360] loop1: detected capacity change from 0 to 512 [ 296.886443][ T8360] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 296.938778][ T8360] overlayfs: './file2' not a directory [ 296.969822][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 297.227402][ T8384] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1151'. [ 297.409679][ T8385] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 297.422699][ T8385] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 297.426521][ T8385] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 297.435437][ T8385] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 297.441946][ T8385] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 297.447438][ T8385] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 297.455993][ T8385] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 298.587813][ T8415] cgroup: Name too long [ 298.883749][ T8396] bridge0: port 3(vlan2) entered blocking state [ 298.885631][ T8396] bridge0: port 3(vlan2) entered disabled state [ 298.892990][ T8396] device vlan2 entered promiscuous mode [ 298.907856][ T8396] device bond0 entered promiscuous mode [ 298.913557][ T8396] device bond_slave_0 entered promiscuous mode [ 298.917640][ T8396] device bond_slave_1 entered promiscuous mode [ 298.922511][ T8396] bridge0: port 3(vlan2) entered blocking state [ 298.925554][ T8396] bridge0: port 3(vlan2) entered forwarding state [ 302.068501][ T8455] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1178'. [ 303.553301][ T8482] loop1: detected capacity change from 0 to 256 [ 303.591578][ T8482] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 309.743703][ T8565] device syzkaller1 entered promiscuous mode [ 310.009261][ T8573] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 310.020810][ T8573] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 310.025690][ T8573] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 310.027809][ T8573] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 310.081814][ T8573] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 310.083790][ T8573] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 310.085799][ T8573] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 310.128338][ T8576] loop1: detected capacity change from 0 to 512 [ 310.226970][ T8576] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 310.262945][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 310.264534][ T2060] ieee802154 phy1 wpan1: encryption failed: -22 [ 310.413426][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 314.477723][ T8655] loop1: detected capacity change from 0 to 64 [ 314.532101][ T8655] overlayfs: unrecognized mount option "ˆ¼bnë› " or missing value [ 316.687171][ T8671] device syzkaller1 entered promiscuous mode [ 317.590184][ T8694] overlayfs: unrecognized mount option "ˆ¼bnë› " or missing value [ 318.661124][ T8709] loop1: detected capacity change from 0 to 512 [ 318.734888][ T8709] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 318.845536][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 319.205216][ T8728] device syzkaller1 entered promiscuous mode [ 320.290656][ T8740] overlayfs: unrecognized mount option "ˆ¼bnë› " or missing value [ 322.399262][ T8760] loop1: detected capacity change from 0 to 4096 [ 322.517175][ T8760] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512) [ 322.726843][ T8770] overlayfs: unrecognized mount option "ˆ¼bnë› " or missing value [ 325.789246][ T8805] loop1: detected capacity change from 0 to 256 [ 325.838558][ T8805] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 325.886847][ T8809] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1292'. [ 325.891066][ T8809] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0' [ 326.589324][ T8817] overlayfs: failed to clone upperpath [ 329.137607][ T8842] loop1: detected capacity change from 0 to 40427 [ 329.142992][ T8842] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 329.145116][ T8842] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 329.157412][ T8842] F2FS-fs (loop1): invalid crc value [ 329.221186][ T8842] F2FS-fs (loop1): Found nat_bits in checkpoint [ 329.240032][ T8842] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 329.241832][ T8842] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 329.428610][ T8854] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1303'. [ 329.470459][ T8845] Soft offlining pfn 0x1360cf at process virtual address 0x20ffe000 [ 329.477016][ T8845] Soft offlining pfn 0x1360ce at process virtual address 0x20fff000 [ 331.779435][ T8881] overlayfs: failed to clone upperpath [ 332.909153][ T8888] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1314'. [ 333.477193][ T8910] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1320'. [ 340.910536][ T9008] loop1: detected capacity change from 0 to 256 [ 340.922451][ T9008] exfat: Unknown parameter '0xffffffffffffffffÿ' [ 340.997809][ T8985] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 341.364503][ T9022] loop1: detected capacity change from 0 to 64 [ 344.265609][ T9062] overlayfs: missing 'lowerdir' [ 345.049415][ T9067] netlink: 'syz.3.1366': attribute type 10 has an invalid length. [ 345.098504][ T9067] 8021q: adding VLAN 0 to HW filter on device bond0 [ 345.129082][ T9067] team0: Port device bond0 added [ 345.408222][ T9078] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1370'. [ 346.933190][ T9108] overlayfs: missing 'lowerdir' [ 348.320234][ T9128] loop1: detected capacity change from 0 to 256 [ 348.349036][ T9128] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 350.822731][ T9153] overlayfs: missing 'lowerdir' [ 351.689035][ T9159] loop1: detected capacity change from 0 to 2048 [ 351.692166][ T9159] EXT4-fs: Ignoring removed mblk_io_submit option [ 352.367617][ T9159] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 352.506291][ T9159] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 352.509187][ T9159] overlayfs: fs on './file0/../file0' does not support file handles, falling back to index=off,nfs_export=off. [ 352.512087][ T9159] overlayfs: fs on './file0/../file0' does not support file handles, falling back to xino=off. [ 352.622499][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 353.884217][ T9189] lo speed is unknown, defaulting to 1000 [ 353.996844][ T9198] loop1: detected capacity change from 0 to 64 [ 354.054866][ T9198] overlayfs: unrecognized mount option "tCt´" or missing value [ 355.479077][ T9221] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1413'. [ 356.589984][ T9226] overlayfs: failed to clone upperpath [ 357.869069][ T9237] overlayfs: unrecognized mount option "tCt´" or missing value [ 359.382997][ T9260] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1426'. [ 361.587839][ T9293] overlayfs: unrecognized mount option "tCt´" or missing value [ 362.665344][ T9300] loop1: detected capacity change from 0 to 256 [ 362.710589][ T9305] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 362.713714][ T9305] infiniband syz0: set active [ 362.716556][ T9305] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 362.747187][ T9300] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 362.794339][ T9305] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 362.825297][ T9305] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 362.882939][ T9305] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 362.897946][ T9305] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 362.902030][ T9305] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 362.904149][ T4348] lo speed is unknown, defaulting to 1000 [ 363.104716][ T9315] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1440'. [ 365.060760][ T9333] overlayfs: failed to clone upperpath [ 366.002145][ T9342] overlayfs: unrecognized mount option "âøÖ%CùÖ~ø0üE €"°ˆ¼bnë› " or missing value [ 368.887139][ T9360] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 368.902719][ T9360] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 368.915972][ T9360] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 368.927722][ T9361] loop1: detected capacity change from 0 to 512 [ 368.941370][ T9360] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 368.946951][ T9360] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 369.003819][ T9360] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 369.026058][ T9360] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 369.028609][ T9361] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 369.342696][ T9370] overlayfs: './file2' not a directory [ 371.257688][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 371.576490][ T9389] overlayfs: unrecognized mount option "âøÖ%CùÖ~ø0üE €"°ˆ¼bnë› " or missing value [ 372.272484][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 372.274216][ T2060] ieee802154 phy1 wpan1: encryption failed: -22 [ 372.419637][ T4356] Bluetooth: hci5: Frame reassembly failed (-84) [ 374.420589][ T4316] Bluetooth: hci5: command 0x1003 tx timeout [ 374.422721][ T47] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 374.835225][ T9430] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 374.837720][ T9430] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 374.840208][ T9430] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 374.842261][ T9430] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 375.658395][ T9437] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1476'. [ 375.861314][ T9443] binder: 9442:9443 IncRefs 0 refcount change on invalid ref 3 ret -22 [ 377.462290][ T9471] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1488'. [ 377.804771][ T9484] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 377.806886][ T9484] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 377.809096][ T9484] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 377.811233][ T9484] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 382.000652][ T9521] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1501'. [ 390.461921][ T9605] loop1: detected capacity change from 0 to 512 [ 390.588937][ T9607] Soft offlining pfn 0x122b16 at process virtual address 0x20ffe000 [ 390.611075][ T9607] Soft offlining pfn 0x122b17 at process virtual address 0x20fff000 [ 390.616002][ T9605] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 390.624370][ T9605] overlayfs: './file2' not a directory [ 391.211832][ T9615] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1529'. [ 391.571973][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 391.595215][ T4316] Bluetooth: Unexpected continuation frame (len 16) [ 391.638034][ T9621] overlayfs: failed to clone upperpath [ 394.037284][ T9640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 394.044268][ T9640] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 402.880227][ T9727] loop1: detected capacity change from 0 to 512 [ 404.229676][ T9727] EXT4-fs warning (device loop1): ext4_multi_mount_protect:404: Unable to create kmmpd thread for loop1. [ 404.624967][ T9749] Driver unsupported XDP return value 0 on prog (id 91) dev N/A, expect packet loss! [ 408.750794][ T9798] loop1: detected capacity change from 0 to 512 [ 408.864816][ T9798] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 409.560885][ T9819] overlayfs: './file2' not a directory [ 409.771567][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 412.605630][ T9868] netlink: 63 bytes leftover after parsing attributes in process `syz.3.1612'. [ 414.386893][ T9887] overlayfs: failed to clone upperpath [ 419.667187][ T9933] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 419.740562][ T9935] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 422.129731][ T9953] Soft offlining pfn 0x136556 at process virtual address 0x20ffe000 [ 422.134252][ T9953] Soft offlining pfn 0x136557 at process virtual address 0x20fff000 [ 424.838519][T10004] netlink: 'syz.3.1654': attribute type 4 has an invalid length. [ 426.178519][T10027] Soft offlining pfn 0x138f13 at process virtual address 0x20ffe000 [ 426.210983][T10027] Soft offlining pfn 0x141756 at process virtual address 0x20fff000 [ 427.054336][T10042] device syzkaller1 entered promiscuous mode [ 427.904515][T10067] Soft offlining pfn 0x136964 at process virtual address 0x20ffe000 [ 427.908397][T10067] Soft offlining pfn 0x136965 at process virtual address 0x20fff000 [ 431.477750][T10102] Soft offlining pfn 0x1410a7 at process virtual address 0x20ffe000 [ 431.507531][T10102] Soft offlining pfn 0x1410a4 at process virtual address 0x20fff000 [ 431.537217][T10108] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1685'. [ 431.704952][T10115] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 431.717562][T10115] infiniband syz0: set active [ 431.721078][T10115] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 431.723190][T10115] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 431.725191][T10115] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 431.737824][T10115] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 431.742325][T10115] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 431.745498][T10115] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 431.760954][T10115] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 431.779603][T10115] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 431.822644][T10115] device bridge_slave_0 left promiscuous mode [ 431.841168][T10115] bridge0: port 1(bridge_slave_0) entered disabled state [ 431.902124][T10115] device bridge_slave_1 left promiscuous mode [ 431.903922][T10115] bridge0: port 2(bridge_slave_1) entered disabled state [ 431.954807][T10115] bond0: (slave bond_slave_0): Releasing backup interface [ 432.009783][T10115] device bond_slave_0 left promiscuous mode [ 432.048185][T10115] bond0: (slave bond_slave_1): Releasing backup interface [ 432.092407][T10115] device bond_slave_1 left promiscuous mode [ 432.132060][T10115] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 432.152144][T10115] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 432.179848][T10115] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 432.194850][T10115] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 432.256309][T10115] device vlan2 left promiscuous mode [ 432.275038][T10115] device bond0 left promiscuous mode [ 432.285226][T10115] bridge0: port 3(vlan2) entered disabled state [ 432.333046][ T5823] lo speed is unknown, defaulting to 1000 [ 433.143057][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 433.144884][ T2060] ieee802154 phy1 wpan1: encryption failed: -22 [ 434.306471][T10161] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1702'. [ 435.775295][T10170] netlink: 'syz.0.1706': attribute type 4 has an invalid length. [ 435.795442][T10170] infiniband syz0: set down [ 435.799823][ T4459] lo speed is unknown, defaulting to 1000 [ 435.801997][ T4459] lo speed is unknown, defaulting to 1000 [ 436.187657][T10195] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1714'. [ 437.786032][T10202] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1715'. [ 438.239200][T10205] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1715'. [ 440.735566][T10238] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1727'. [ 440.751415][T10234] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1726'. [ 440.908149][T10231] libceph: resolve '. [ 440.908149][T10231] #)|.زf͹Dza×ïÅ2sˆoÖw¿úÕ?£'Ê%ÐKAq‰f»CÖê¨Âz¿e­Sb3L)Hyúo¤¶ÿÿÿÿÿÿÿ÷ǤÜYšM¤¨ìó¤h‡E$ [ 440.908149][T10231] ' (ret=-3): failed [ 443.553706][T10273] overlayfs: failed to clone upperpath [ 443.666093][T10277] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1739'. [ 447.883794][T10314] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1751'. [ 452.173310][T10366] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1762'. [ 457.398230][T10431] loop1: detected capacity change from 0 to 512 [ 459.087473][T10431] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 462.021755][ T4299] EXT4-fs (loop1): unmounting filesystem. [ 463.200217][T10484] device syzkaller1 entered promiscuous mode [ 463.855264][T10494] netlink: 'syz.4.1796': attribute type 10 has an invalid length. [ 464.772500][T10494] team0: Port device wlan1 added [ 466.260268][T10528] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 466.266259][T10528] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 466.268627][T10528] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 466.312245][T10528] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 466.314323][T10528] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 466.316243][T10528] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 466.318228][T10528] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 469.817814][T10570] loop1: detected capacity change from 0 to 2048 [ 469.834405][T10570] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 469.882987][T10570] syz.1.1815: attempt to access beyond end of device [ 469.882987][T10570] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 469.886718][T10571] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 472.495840][T10598] overlayfs: failed to clone upperpath [ 474.820599][T10611] device veth0_to_team entered promiscuous mode [ 475.151988][T10619] tipc: Started in network mode [ 475.153662][T10619] tipc: Node identity ac1414aa, cluster identity 4711 [ 475.163637][T10619] tipc: Enabled bearer , priority 10 [ 476.403395][ T4459] tipc: Node number set to 2886997162 [ 478.666943][T10646] block device autoloading is deprecated and will be removed. [ 479.219621][T10659] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1839'. [ 479.221850][T10659] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1839'. [ 485.062995][T10684] loop1: detected capacity change from 0 to 2048 [ 485.086997][T10684] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 485.109457][T10684] syz.1.1844: attempt to access beyond end of device [ 485.109457][T10684] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 485.115015][T10689] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 485.897251][T10701] lo speed is unknown, defaulting to 1000 [ 488.555502][ T27] audit: type=1326 audit(488.520:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10700 comm="syz.4.1853" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9835b728 code=0x0 [ 492.787511][T10784] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1873'. [ 493.145528][T10801] loop1: detected capacity change from 0 to 2048 [ 493.881771][T10801] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 493.970749][T10806] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 493.970963][T10801] syz.1.1879: attempt to access beyond end of device [ 493.970963][T10801] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 494.819937][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 494.824747][ T2060] ieee802154 phy1 wpan1: encryption failed: -22 [ 497.617700][T10856] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1888'. [ 497.798568][T10860] loop1: detected capacity change from 0 to 2048 [ 498.557018][T10860] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 498.636069][T10871] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 498.638228][T10860] syz.1.1892: attempt to access beyond end of device [ 498.638228][T10860] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 499.930579][T10884] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1893'. [ 499.932907][T10884] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1893'. [ 499.935431][T10884] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1893'. [ 499.937542][T10884] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1893'. [ 502.140843][T10911] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1903'. [ 502.358266][T10921] virtio-fs: tag not found [ 504.691649][T10945] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap1: link becomes ready [ 505.349531][ T4316] Bluetooth: hci4: unknown advertising packet type: 0x70 [ 505.352783][ T5765] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap1: link becomes ready [ 505.747880][T10959] netlink: 'syz.2.1919': attribute type 10 has an invalid length. [ 505.898077][T10959] team0: Port device wlan1 added [ 506.123945][T10947] loop1: detected capacity change from 0 to 32768 [ 506.136778][T10947] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.1914 (10947) [ 506.257223][T10947] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 506.264847][T10947] BTRFS info (device loop1): using crc32c (crc32c-generic) checksum algorithm [ 506.267357][T10947] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 506.271635][T10947] BTRFS info (device loop1): use zstd compression, level 3 [ 506.273543][T10947] BTRFS info (device loop1): using free space tree [ 506.291268][ T27] audit: type=1326 audit(506.250:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10973 comm="syz.3.1925" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=172 compat=0 ip=0xffffad35320c code=0x7ffc0000 [ 506.306949][ T27] audit: type=1326 audit(506.260:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10973 comm="syz.3.1925" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffae1ab81c code=0x7ffc0000 [ 506.805572][ T27] audit: type=1326 audit(506.260:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10973 comm="syz.3.1925" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=172 compat=0 ip=0xffffad35320c code=0x7ffc0000 [ 506.999389][ T27] audit: type=1326 audit(506.260:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10973 comm="syz.3.1925" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffae1ab81c code=0x7ffc0000 [ 507.004637][ T27] audit: type=1326 audit(506.260:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10973 comm="syz.3.1925" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffad35b728 code=0x7ffc0000 [ 507.071787][ T27] audit: type=1326 audit(506.380:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10973 comm="syz.3.1925" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=172 compat=0 ip=0xffffad35320c code=0x7ffc0000 [ 507.077343][ T27] audit: type=1326 audit(506.930:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10973 comm="syz.3.1925" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffae1ab81c code=0x7ffc0000 [ 507.083553][ T27] audit: type=1326 audit(506.930:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10973 comm="syz.3.1925" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=172 compat=0 ip=0xffffad35320c code=0x7ffc0000 [ 507.093477][ T27] audit: type=1326 audit(506.930:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10973 comm="syz.3.1925" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffae1ab81c code=0x7ffc0000 [ 507.110562][ T27] audit: type=1326 audit(506.930:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10973 comm="syz.3.1925" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffad35b728 code=0x7ffc0000 [ 507.151591][T10947] BTRFS info (device loop1): enabling ssd optimizations [ 507.269362][ T4299] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 507.736010][T11014] netlink: 'syz.3.1933': attribute type 10 has an invalid length. [ 508.211757][T11017] mmap: syz.2.1932 (11017) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 508.537141][T11014] team0: Port device wlan1 added [ 510.123073][ T4316] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 510.125417][ T4316] Bluetooth: hci3: Injecting HCI hardware error event [ 510.128991][ T4316] Bluetooth: hci3: hardware error 0x00 [ 511.303052][T11052] netlink: 'syz.4.1945': attribute type 10 has an invalid length. [ 513.383740][ T4316] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 513.665695][T11088] netlink: 'syz.2.1958': attribute type 10 has an invalid length. [ 515.549682][T11115] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1967'. [ 515.847083][T11131] netlink: 'syz.1.1971': attribute type 10 has an invalid length. [ 516.669876][T11131] team0: Port device wlan1 added [ 517.245946][T11145] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1977'. [ 517.453688][T11160] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1980'. [ 517.859109][ T4316] Bluetooth: hci4: command 0x0405 tx timeout [ 518.138734][T11181] loop1: detected capacity change from 0 to 2048 [ 518.155648][T11181] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 518.199273][T11181] syz.1.1988: attempt to access beyond end of device [ 518.199273][T11181] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 518.204520][T11184] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 520.175075][T11188] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1990'. [ 520.443942][T11202] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1991'. [ 520.467633][T11204] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1992'. [ 522.209486][T11237] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2002'. [ 522.969418][T11238] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2002'. [ 523.305746][T11244] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2005'. [ 523.352857][T11246] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2006'. [ 523.702314][T11252] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2009'. [ 525.616687][T11286] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2018'. [ 525.925940][T11291] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2020'. [ 526.823521][T11297] netlink: 'syz.1.2022': attribute type 72 has an invalid length. [ 526.825967][T11297] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2022'. [ 527.957346][T11326] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2031'. [ 529.981725][T11348] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2036'. [ 530.220086][T11354] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2039'. [ 530.266382][T11355] netlink: 'syz.1.2038': attribute type 72 has an invalid length. [ 530.268498][T11355] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2038'. [ 531.245044][T11367] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2042'. [ 532.231299][T11392] netlink: 'syz.2.2053': attribute type 72 has an invalid length. [ 532.238616][T11392] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2053'. [ 532.776386][T11402] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2055'. [ 534.072838][T11410] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2057'. [ 534.075608][T11410] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2057'. [ 537.144992][T11448] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2069'. [ 537.177986][T11451] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2068'. [ 538.326233][T11473] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2077'. [ 538.328499][T11473] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2077'. [ 540.856160][T11519] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2088'. [ 540.858623][T11519] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2088'. [ 540.861024][T11519] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2088'. [ 540.863229][T11519] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2088'. [ 542.622742][T11520] device veth0_to_team entered promiscuous mode [ 545.330179][T11557] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2101'. [ 545.332666][T11557] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2101'. [ 545.335035][T11557] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2101'. [ 545.337391][T11557] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2101'. [ 546.348711][T11574] binder: 11574:11573 cannot find target node [ 546.353840][T11574] binder: 11573:11574 transaction call to 0:0 failed 1/29189/-22, size 0-0 line 3054 [ 546.360987][ T6044] binder: undelivered TRANSACTION_ERROR: 29189 [ 547.829653][T11596] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2116'. [ 547.832069][T11596] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2116'. [ 547.834241][T11596] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2116'. [ 547.836518][T11596] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2116'. [ 556.090261][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 556.095001][ T2060] ieee802154 phy1 wpan1: encryption failed: -22 [ 559.218817][ T47] Bluetooth: Wrong link type (-22) [ 564.197400][T11802] [ 564.198046][T11802] ====================================================== [ 564.199874][T11802] WARNING: possible circular locking dependency detected [ 564.201687][T11802] 6.1.135-syzkaller #0 Not tainted [ 564.202979][T11802] ------------------------------------------------------ [ 564.204786][T11802] syz.1.2182/11802 is trying to acquire lock: [ 564.206383][T11802] ffff0000ce7a4d00 (team->team_lock_key#2){+.+.}-{3:3}, at: team_del_slave+0x30/0x180 [ 564.208859][T11802] [ 564.208859][T11802] but task is already holding lock: [ 564.210829][T11802] ffff0000d90d07c8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: nl80211_del_interface+0xfc/0x120 [ 564.213405][T11802] [ 564.213405][T11802] which lock already depends on the new lock. [ 564.213405][T11802] [ 564.216283][T11802] [ 564.216283][T11802] the existing dependency chain (in reverse order) is: [ 564.218711][T11802] [ 564.218711][T11802] -> #1 (&rdev->wiphy.mtx){+.+.}-{3:3}: [ 564.220803][T11802] __mutex_lock_common+0x190/0x1f38 [ 564.222397][T11802] mutex_lock_nested+0x38/0x44 [ 564.223820][T11802] ieee80211_open+0x13c/0x1e0 [ 564.225159][T11802] __dev_open+0x2f8/0x4d0 [ 564.226524][T11802] dev_open+0xa8/0x218 [ 564.227749][T11802] team_add_slave+0x7ac/0x1ee8 [ 564.229076][T11802] do_setlink+0xb78/0x32c4 [ 564.230502][T11802] rtnl_newlink+0x12d0/0x1a1c [ 564.231897][T11802] rtnetlink_rcv_msg+0x734/0xce4 [ 564.233430][T11802] netlink_rcv_skb+0x208/0x3c4 [ 564.234864][T11802] rtnetlink_rcv+0x28/0x38 [ 564.236090][T11802] netlink_unicast+0x600/0x818 [ 564.237463][T11802] netlink_sendmsg+0x6e8/0x9b0 [ 564.238873][T11802] ____sys_sendmsg+0x5b8/0x918 [ 564.240326][T11802] __sys_sendmsg+0x25c/0x320 [ 564.241549][T11802] __arm64_sys_sendmsg+0x80/0x94 [ 564.242976][T11802] invoke_syscall+0x98/0x2bc [ 564.244243][T11802] el0_svc_common+0x138/0x258 [ 564.245574][T11802] do_el0_svc+0x58/0x13c [ 564.246820][T11802] el0_svc+0x58/0x138 [ 564.247990][T11802] el0t_64_sync_handler+0x84/0xf0 [ 564.249371][T11802] el0t_64_sync+0x18c/0x190 [ 564.250721][T11802] [ 564.250721][T11802] -> #0 (team->team_lock_key#2){+.+.}-{3:3}: [ 564.252839][T11802] __lock_acquire+0x293c/0x6544 [ 564.254294][T11802] lock_acquire+0x20c/0x644 [ 564.255584][T11802] __mutex_lock_common+0x190/0x1f38 [ 564.257077][T11802] mutex_lock_nested+0x38/0x44 [ 564.258496][T11802] team_del_slave+0x30/0x180 [ 564.259945][T11802] team_device_event+0x278/0x94c [ 564.261390][T11802] raw_notifier_call_chain+0xd4/0x164 [ 564.262894][T11802] unregister_netdevice_many+0xe2c/0x1740 [ 564.264543][T11802] unregister_netdevice_queue+0x2ac/0x2f8 [ 564.266105][T11802] _cfg80211_unregister_wdev+0x164/0x6d4 [ 564.267751][T11802] cfg80211_unregister_wdev+0x24/0x34 [ 564.269320][T11802] ieee80211_if_remove+0x1a4/0x2a8 [ 564.270791][T11802] ieee80211_del_iface+0x20/0x34 [ 564.272186][T11802] cfg80211_remove_virtual_intf+0x248/0x4ac [ 564.273832][T11802] nl80211_del_interface+0x108/0x120 [ 564.275134][T11802] genl_family_rcv_msg_doit+0x1f8/0x2f4 [ 564.276719][T11802] genl_rcv_msg+0x444/0x62c [ 564.278091][T11802] netlink_rcv_skb+0x208/0x3c4 [ 564.279485][T11802] genl_rcv+0x38/0x50 [ 564.280607][T11802] netlink_unicast+0x600/0x818 [ 564.281976][T11802] netlink_sendmsg+0x6e8/0x9b0 [ 564.283371][T11802] ____sys_sendmsg+0x5b8/0x918 [ 564.284701][T11802] __sys_sendmsg+0x25c/0x320 [ 564.285996][T11802] __arm64_sys_sendmsg+0x80/0x94 [ 564.287331][T11802] invoke_syscall+0x98/0x2bc [ 564.288677][T11802] el0_svc_common+0x138/0x258 [ 564.290087][T11802] do_el0_svc+0x58/0x13c [ 564.291296][T11802] el0_svc+0x58/0x138 [ 564.292461][T11802] el0t_64_sync_handler+0x84/0xf0 [ 564.293911][T11802] el0t_64_sync+0x18c/0x190 [ 564.295192][T11802] [ 564.295192][T11802] other info that might help us debug this: [ 564.295192][T11802] [ 564.297972][T11802] Possible unsafe locking scenario: [ 564.297972][T11802] [ 564.299907][T11802] CPU0 CPU1 [ 564.301319][T11802] ---- ---- [ 564.302714][T11802] lock(&rdev->wiphy.mtx); [ 564.303853][T11802] lock(team->team_lock_key#2); [ 564.305841][T11802] lock(&rdev->wiphy.mtx); [ 564.307599][T11802] lock(team->team_lock_key#2); [ 564.308934][T11802] [ 564.308934][T11802] *** DEADLOCK *** [ 564.308934][T11802] [ 564.310934][T11802] 3 locks held by syz.1.2182/11802: [ 564.312284][T11802] #0: ffff8000177333f0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x28/0x50 [ 564.314489][T11802] #1: ffff8000176d7748 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x20/0x2c [ 564.316875][T11802] #2: ffff0000d90d07c8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: nl80211_del_interface+0xfc/0x120 [ 564.319582][T11802] [ 564.319582][T11802] stack backtrace: [ 564.321077][T11802] CPU: 1 PID: 11802 Comm: syz.1.2182 Not tainted 6.1.135-syzkaller #0 [ 564.323139][T11802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 564.325704][T11802] Call trace: [ 564.326574][T11802] dump_backtrace+0x1c8/0x1f4 [ 564.327710][T11802] show_stack+0x2c/0x3c [ 564.328776][T11802] __dump_stack+0x30/0x40 [ 564.329887][T11802] dump_stack_lvl+0xf8/0x160 [ 564.331097][T11802] dump_stack+0x1c/0x5c [ 564.332169][T11802] print_circular_bug+0x148/0x1b0 [ 564.333592][T11802] check_noncircular+0x240/0x2d4 [ 564.334880][T11802] __lock_acquire+0x293c/0x6544 [ 564.336093][T11802] lock_acquire+0x20c/0x644 [ 564.337232][T11802] __mutex_lock_common+0x190/0x1f38 [ 564.338631][T11802] mutex_lock_nested+0x38/0x44 [ 564.339932][T11802] team_del_slave+0x30/0x180 [ 564.341134][T11802] team_device_event+0x278/0x94c [ 564.342471][T11802] raw_notifier_call_chain+0xd4/0x164 [ 564.343885][T11802] unregister_netdevice_many+0xe2c/0x1740 [ 564.345460][T11802] unregister_netdevice_queue+0x2ac/0x2f8 [ 564.347015][T11802] _cfg80211_unregister_wdev+0x164/0x6d4 [ 564.348695][T11802] cfg80211_unregister_wdev+0x24/0x34 [ 564.350103][T11802] ieee80211_if_remove+0x1a4/0x2a8 [ 564.351408][T11802] ieee80211_del_iface+0x20/0x34 [ 564.352703][T11802] cfg80211_remove_virtual_intf+0x248/0x4ac [ 564.354259][T11802] nl80211_del_interface+0x108/0x120 [ 564.355675][T11802] genl_family_rcv_msg_doit+0x1f8/0x2f4 [ 564.357060][T11802] genl_rcv_msg+0x444/0x62c [ 564.358204][T11802] netlink_rcv_skb+0x208/0x3c4 [ 564.359455][T11802] genl_rcv+0x38/0x50 [ 564.360521][T11802] netlink_unicast+0x600/0x818 [ 564.361724][T11802] netlink_sendmsg+0x6e8/0x9b0 [ 564.362934][T11802] ____sys_sendmsg+0x5b8/0x918 [ 564.364236][T11802] __sys_sendmsg+0x25c/0x320 [ 564.365372][T11802] __arm64_sys_sendmsg+0x80/0x94 [ 564.366687][T11802] invoke_syscall+0x98/0x2bc [ 564.367847][T11802] el0_svc_common+0x138/0x258 [ 564.369127][T11802] do_el0_svc+0x58/0x13c [ 564.370198][T11802] el0_svc+0x58/0x138 [ 564.371262][T11802] el0t_64_sync_handler+0x84/0xf0 [ 564.372579][T11802] el0t_64_sync+0x18c/0x190 [ 564.882607][T11802] team0: Port device wlan1 removed