last executing test programs: 4.603371929s ago: executing program 2 (id=316): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='contention_begin\x00', r0}, 0x18) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001100)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x50) r3 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000001240)={r1, r2, 0x5, 0x0, @val=@kprobe_multi=@syms={0x0, 0x0, 0x0, 0x0, 0x40}}, 0x30) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000001080)={r3, r1, 0x4, r1}, 0x7) 4.219398837s ago: executing program 2 (id=318): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4042, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) write$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000040)={'some', 0x20, 0x17e, 0x20, 0x100002}, 0x2f) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc01c64b9, &(0x7f0000000200)={&(0x7f0000000140), &(0x7f0000000180), 0x0, 0x0, 0xcccccccc}) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0xc091}, 0x0) bind$alg(r4, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) r5 = accept4(r4, 0x0, 0x0, 0x800) recvmmsg(r5, &(0x7f0000001080)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000640)=""/85, 0x55}, {0x0}], 0x2}, 0x4}], 0x100000, 0x10022, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000001ac0)={r0, 0x2000, {0x0, 0x0, 0x0, 0x1, 0x140000, 0x0, 0x0, 0x1e, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03748a50ceaac594b1b300000000c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e770a00000000000000930606f9000000000f000000000600"}}) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001c00)={0x8, {"b0476b76ba5d044f65271519727e4ff1ff0d12c0e6bdf3ea1f52e24f60ca698457b32832b83d7e96694c1feb5809bd67002f71e0b97c0d5270c04ffa64f63b2e18ee4b7b572fe2f4d03cad38bcd106ff12f53b443ac6fc81da518f54b9004a44859529c07a2b1b8feddc0180a0f37b13babba1dd0813b7ea56dac4b7ffe9a2ef54221439ecc55223ef2d40f4ba8108c10387ddffbaed25d41e7692bf26ddfa747a666caff49843e38c86cac7323f784a17df6beaa49c3f4a98fb4013f4e573e2ef77b0965d4bfbdf7d5eada69406ca93f422495e00addfca1518085a40f10284ff59388ecf476a12ef1a540163922098d600519ae8cf3ef544344e9d968f341af618503b455f3976b76975270e94d714302382c63de5b7c1fad1fa373b369916cb3b4d583a9ebbaeb262884d25a0e1d9fb141de60df7e64cb38b6f7167991f8fba06bffe2d49133bbb462cd8a9493177eee5f03875b15c7a92c3cd6a3fdfc64f236e14fa05a0e8d3c45f13eecd22e13528c74186dc50e0e2af44177e26bded1161e5533375508dadb83db5126cc810f4e30d4e24ec12c3b99e5220aacf42c58f2960bd43c337dbd318aeeb5c9a6cd5ffd3bf1497bb48ab7bcb32c9c33c9f5b9bc4645b96f23f9e0d826b780030444ffb925f55df587ef5ca5ea74ccd66afc7981da496d6f037efbb0b08f3f5078c60ffb4db18d1b59996bd9b1513442785bf4ece8587b39d8176dc9c735d5ea25133b2053bba227b81faab7220326f8814a9df4eba4ecc6acdd82f70b653b56a18cc9dfa4deb0a112c797ab89a51a103c3a9085d828523370c4d79d9484f4dc910735a2c9b5b85197cd9c073df7a54b40df8e1bf595bab957900c2a1a7dc40e88ed0c55c362ffbb7f88a0725a6ae73b936a639e951faf9c45ae74a2ece2f6f88e425ee41d2c60cb083a2fd6d07381908a7f629e32f89a553cf0794f54b8bdc7bd541d88464a4f80ac0b8b625a803a55de4b05a95fc7f8fc3d6d79858ccb269b7b8b21657654164a9aa29f4e8462377e9d234a41ea69841a4aaa1e5f89f9b074f6f71cb1ffaa450c3160b0e319ec81ad30101db66218b0c69f97c234465dc45849fcfd62d396f2b50ddcc0ed7dd8651431534232ab6d1186d7760770a1fc6c77553a79d0297194f794997ee47781094a76d9dccf632dcbb527b3e68950d9bb534245c7f08ae1d6ef2750292ae28e5e6dcfe2a69737dd7a1e453f3902ae90789e98c212905422099904d3bfb949bde187682a59c01aa8e6a9972a63d6aaef4d4139b10a24e063707f1aba79bd59e3f9709a873dff401d1f356c4be5e449ae0e2633a1fe50ed367fe56b0499957c3b6cabb42256547995ea998f3937d153897d1c83f1ad922d6835bdfa3b986dc6f4bd927a4ca13fbaa99b7b43758e2329d588f40fac718b16cca855468643f3818496b4915fe9a2bdd3e68889fea24bc1dfa6287a801d49a7bb84654147448550d2919e4df3a943a88cf616befea4e7a4fddb7969311c6837f9529966241be1e57ed2d773debc542986d09866905a3f63b6e1820086d52a70f039154e839da7ea852c33bf3722a048f61bbf068519e050b8788370fb130a42e9f5322dfff65b15d588f9e926b70e4530e8b66697cabb1e8514831431fa0eaecb49f9613ed5fd7bc50f897bda36d24d4296e143e2480e325ec09a77c03a07b4f86eb703085313ebeee94ef5b1cde3f6a7efd785772eb4034039f598c07819b769416a223fab824c4ac50086e78042a1ccf47b6c7ede8540cded4bd4c920ce6c2b7493a5634c5e96bb761373623ab473b121d555bfd5a8bc3f5c5418bed83ffd0d6492840550fccc0c35746370396d0190b7b1d2cadcc150877e0d197f692f97cec790c95e3d3959dc7c68aca37306c1bc13ad33848395dba5e3c9ce8090bc0e7e8312091773641be56411921e3d473321c6d8bd10b7d3f5aedd6620bcaa06474bbb298bc77297b8b5dcb9e6b33dbe676460cca825609857724cee245306d07fda287d5fe57c424c27cf9b6cf0f16d2c6a8071bd57c826d7371841cf43dab1b42421ce416d0d3a9c80bc807d2e6761e53f06b3e63c0af1b4548d820118421205f040f4ab35307871e4c7a21ff28082c29e02e89486064661898c0eb1811c70a6124c1f25d62c38794a3e87c312c870db7b60d0df8b57860c94d1a9c561b327fae3a68ce9ff4551e418eb00766f0341c5e796e3cbbbe6b4864928b966110256d5475eb1fd7b2893b60e19e859baaf23c9233a1b064771671ee2d07c151e2e99c37a116a338788052a726a8519b8335e9ff4f71d00ab634543c20ddea1bf57d4f2b797182ff19618b6974d2b69d9f052934d527a1830bf2785842f35eaf32b65b7c9fdd6f0c41756072a59c0cce0b7305740729f1daa14e0092da9d022321b726d658fcef55affa2bbf36ad788f1f423b7dfd328435b4d5df315143d8b8028ba4bea6134a3dc9720c73d5e66b8b8168752eea6b78c75f04efd9677dbe419f13f5e1c9764276a83821b710307d8f85359b34d038ff17de45e8739d4b647fd1a8d794a3273d922af3374f5d3c75b8345b9dfdabb2c0418a358921e0e73d0fe88caab1741b913673e22ff4b59afa0f653a423d9b2bb20cbf07951a349eea18a891b4f4dc6df8e42a6181284f643de5fd2924ae54f672a1920343476c67333e1e8205bf4877b1251a83f417936714edb1c6975ba7969d2fcc2e69024a4669ac2f998116ade1bd84568b8f3f1fccbe95df9ed21db77315b7469f30bfae418415d9cb5aeea627ba6811e30d56d4f4bfe5f794ea4243e3cdfad3ef55199699b8433083b6f72f95effc5f2f613cfcefaf0b94e801ebcb7095a1474ee93142b82c9bf9886617b6bf69d08c83c76cd21d4cce5872d99de8e54bbff915ab923b2d24bb3aa178dd50b44fd0eb880ef33ca51d4bf5f0fbc8ffe18afe4245397f277e4efad955baa10cf56613481253d69c02e7661714b68be0fd64f29bdafbc8b4a0b30bd6709c67fe8e8915d0479b3902b1d0169fb5486b02e966ad5d8a2bcf42ecba59177cd85e17239667f6b045d1f873ce24733ae17e2d8432709062e786a32ac925121f1b0d46c66d4fb9088f4aa0cfe2149f6c2cb5b75d45349bc88fbd47e01ea07e7cd573335aab8d389846566800dd084bc3caa95f7632719c651f2d33be0fb56347c063b3c6e3e75c5e58caeb4c37574859b78c1ed018fbeed788a4305a9ee1c1ef65a0c83a7cd717a8c08ecd4e86370ffffd6d40a89a0b1e8c15a10ad5406e867e49319ad83bfbb925d5e240b4bd44fd751e7510d5ea03a6cab95f37155d1fd69aaea1db4a1f53714eb90e669209cf634f84a50c85bdc51838ebbb545b4387790df67f0122740c2abc910cf83230394172a56c9ffda6675bb8bb39846730a1bf764aeb92407c90a194da880cb8a4efb5b57a8311d864209c7fd226b93582b6b11eec559abfbba653c0569c219d3a2e60555cb739f9d32d564f23c4e98be78aa553610822af426f961df0df2185c61ccaa22b2a6aa6fb3e917bdfb2be9c3ffb8a50821321119c4cf4917db39548abc17bfba267fa50f6af15c560a21055f967f1ca6f656ddb556f9c7e17a771eeef7e80940d1c14ddf2c27647686fd0526460036aeea395fb10abef2be2ea96c9bb380370c08d1568d30eea0f3e6b7cf8f7edc7b36d4d0affd249330707b54ee620f208d885791171eb67a25a80fcc6922e0258c9673b6576564949dfa5bed9a0299bf952aade654de16e22d54fcd391ded6adab94ff621efcd91ef69acf8dfa1b22692ba3e49cd1d3fbed6db1402065ab37e457056877977ebac33ef566f28a19b9acb67a9cc53feb156814e880b3dd5a9119ffdbc5a45c20ea375f2882575b9a28740eebf63f2895d9ffac1ec33cbdcdede98a201424d000df1efd64dd7268cc1b2366ccfb09754822dafdb1821de5e6ebee09608e82e679fafb7a5100172f26998d31d7f27c2b310f0372c3b5e888f8e6efb56074177bf6a2a5bbd9ed070ad5aaf23ce144d1ac86cad110e5916a8a57e1e7fc3d37353f84f2f6d43d92ab8b35040467f3f8b1d23fac021bbac3710edc8e2e26d794db38e48020f63e94d4b4dca3e015537a8e3008274d55f81af931a0faf1a438444b6a0489b93f7b88f81f761eae0f82e60cb0cf2745ca8c9e30d3cc189c1405b1994ed71b00d90ea7a94102916cdc915620c363d04e51eabaaca6c2814a7c1e7aaeec80bdc13135b813e6d0eea83446a5c57ec29695c302c0d8da65b61fe8ada51a36e1aff34d449f9eb70cb94931226121ab121a971c2fc070ca84272d122c1696f52fbd5ed06783abe188dcf133c4d41e10295f6ffda69fa8c5a7c0fec3425a2d60523a60d280b5ce34eac5911268172e772fefba63a6f5c6dafa9e500a5e1355fb614613f8fc1ef5e5466fa19212bcdc349a865f4cee6ea80b11a410bb6e4ad677393973e38621d25ff6c4876ef8a8d2ba651be4a78d2ba9fafadcea8eff9cca3f4ab71a0b84917794e521220dad099ac8aaf32abd162348879e4299e4d46395f9d55267b635e18ca2e2fc96146b96c8a8055130b8d8cb10cc31382df34057bd8637f86e48adc854af408226752a04df8d0362db263e0959f2bd7e8a4d33a8c4b257e19d308280baf40cced1b3cd3a86ee22df0da49d750539eee1104e99a9f8a065e5499c73125a8a8430eda7aee156821a97c237611b50f682a2cccd0969304f0a50ae98800dfb32ee1bcfeab98182c34a51e67fa5bd738c22c44fc1269ce73f464edd2f31296e92e62df51cf55798ae2e3c33c57b09f4ecd13469122095a3563f95f0a04cf58dcea4aed5e8bdda7617863cbc37a97ebadb46d679f7e30014d96d0ac7ce9484368fa5fd19cbc3d139410a2bd7ffacef1bdf76dd1d5f34d2392fcb91c7585fc1ae7d8ba2aa8ded9645d5a5e76e2279b6e0692101137da946dfbd3836476f5dad7fed70115d716dce87b5ad755e5653a709f5aa42265ec9657ed406cc9256af3628c0116b8e1d23306983e9adbc19dec354870c98e2e76566895df933a80c4c36b617db4bbda1a4ca7d6c80a43734471fc92d0bdeacfc125dddd73febd8f7ef84f221d52ae71372cee802d59013a15958e850f8fdf46d8fd3b874633daf3b1f346470456c05722258480959dd6afcffa1f3f2ca033011339c5cb85b7d1c9b5916fb8dc9c2783df64eb5cca5af83a74fe5bb259f93722842eb4ac851e71f3cfd67a39590e7f8e20f018744b9277e6eb46b5f211df5f767ef29dc9a972e14c40ea2d4624f187f301c1116d3a61adeb5c6f7ccc021ac5e18d8b40d7f1f19daf4445c06e72db8701c267c0144c92cddd49af7a87aca5aa05d0e380dd27cc780d2f7db3bef26cc4fd358543e19d73179b879f7bdc702ab405270c93a3ed64153e20b5b663773a2ad4e8e3e1e8eaf39ec80d75d02f74ff94f0e095240a564eeece4fc9bcf19bf2243c700e1dae14a1b0217013977bfa05f681abc37714fe462d0a632044ce52fdaa1c1a806b1eb4370e23ca0247e536165aa9f1c2af8adfea369ee1f4a2c7823a7baef028a1e77501db48db6aa0d7e30969f7197368db02d443803b53b2899315f7e2ba9c5ae952a3866b4ea60f3d669e0a91f7ef640cd938646bf8822fe455f0302fccf87c7fad6daf38fde038fa596b83a9fd5bf675669a6cb2bab44c6617f07950bf34edb93bbcb4174630f275dbda7a0631c4b456e5f80eb6258c1874e77d426743e478917fe44b73dc203baa2cc442b84b5818409abae99d97a28754969bd393df", 0x1000}}, 0xfffffe38) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) 3.50346258s ago: executing program 3 (id=329): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) r2 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000000c0)={0x84, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) socket$kcm(0x10, 0x400000002, 0x0) syz_open_dev$media(&(0x7f0000000000), 0x33ac98ac, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0xd, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 3.391687968s ago: executing program 1 (id=332): socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfe, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xffffffff, 0x11e41e7a, 0x8, 0xa0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x18, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x8000, 0x0, 0x0, 0x20}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0xc1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x14, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$vim2m(&(0x7f0000000340), 0x1, 0x2) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) ptrace$pokeuser(0x6, r3, 0x118, 0x50000089) 2.97154826s ago: executing program 0 (id=337): io_setup(0x4082, &(0x7f0000000380)=0x0) syz_io_uring_setup(0x100293f, &(0x7f0000001400)={0x0, 0x2000004, 0x10, 0xfffffffc, 0x13b}, &(0x7f0000000080), &(0x7f00000014c0)) io_destroy(r0) 2.875742267s ago: executing program 4 (id=339): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", 0xffffffffffffffff}) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x141100, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000140)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00", r4, 0xffffffffffffffff}) ppoll(&(0x7f0000000000)=[{r5}], 0x1, 0x0, 0x0, 0x0) close_range(r1, r5, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) 2.875363996s ago: executing program 2 (id=340): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC, @ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000000c0)) syslog(0x3, &(0x7f0000000700)=""/231, 0xe7) socket$nl_netfilter(0x10, 0x3, 0xc) 2.85714371s ago: executing program 0 (id=341): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3800000012002126000000000006000028001a00e0000001000000000000000000000000fe8000000000000000000000000000000200ff"], 0x38}}, 0x0) 2.844237332s ago: executing program 3 (id=342): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x23, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000000002) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000e00)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r3, &(0x7f0000000480)={0x2, 0x4, @multicast2}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000004c0)='sock_rcvqueue_full\x00', r5}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x8, 0xdd, 0x40}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000142020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000e02800850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f5c4e59f8500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00'}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast2, @in6=@private2, 0x0, 0x0, 0x4e21, 0x400, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x100000000000}, {}, 0x0, 0x0, 0x1, 0x0, 0x3}, {{@in6=@mcast2, 0x0, 0x33}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0xb7, 0xfffffffe}}, 0xe4) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0) 2.775760271s ago: executing program 4 (id=343): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000380)={{0x0, 0x400, 0x4b, 0x9}, 'syz0\x00', 0x11}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000040), 0xfffffffffffffffe, 0x2) ioctl$EVIOCRMFF(r1, 0x40044581, &(0x7f0000000080)=0xbd7e) 2.775656275s ago: executing program 0 (id=344): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_SUBDINFO(r0, 0x80486402, 0x0) 2.020541172s ago: executing program 0 (id=345): r0 = io_uring_setup(0x6cb6, &(0x7f0000000880)={0x0, 0x8cbc, 0x2, 0x20000002, 0x10026c}) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r0, 0xd, &(0x7f0000000140)={0x9, 0x0, 0x0, 0x0}, 0x20) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/3\x00') read$FUSE(r1, &(0x7f00000020c0)={0x2020}, 0x2020) 2.014045192s ago: executing program 1 (id=346): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x8934, &(0x7f0000000140)={'veth1_to_batadv\x00', 0x3}) 1.923898829s ago: executing program 1 (id=347): bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1a, 0x80, 0x2, 0x49d15216, 0x200, 0xffffffffffffffff, 0x81, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x5}, 0x50) 1.923501821s ago: executing program 0 (id=348): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = syz_io_uring_setup(0x88f, 0x0, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000480)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) r13 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x6}}, &(0x7f0000000200)='GPL\x00', 0xe, 0x0, 0x0, 0x0, 0x0, '\x00', r12}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000280)={@map, r13, 0x2f, 0x2034, r13}, 0x20) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8b18, &(0x7f0000000000)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x2c, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x2c}}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}}) io_uring_enter(r3, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0) 1.923309474s ago: executing program 4 (id=349): socket$inet6(0xa, 0x6, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) close(0x3) 1.848888077s ago: executing program 1 (id=350): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000005ec0), 0xffffffffffffffff) r2 = socket$inet6_udp(0xa, 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000005f00)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd0600ffdbdb252100000020000300", @ANYRES32=r3, @ANYBLOB="0600eb00000800000400ec000a00060008021100000100000600f70000ff000008009e"], 0x44}}, 0x28000) 1.813399753s ago: executing program 1 (id=351): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x1) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000080)={&(0x7f00000000c0)=[{0x7fff, 0x5850, 0x2000, &(0x7f0000000780)="e0"}], 0x1}) 1.671832517s ago: executing program 2 (id=352): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f00000002c0)={0x0, 0x1410, 0x10100, 0x3, 0x1, 0x0, r1}, &(0x7f0000000080)=0x0, &(0x7f0000000340)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x54, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1}) socket$inet6_udplite(0xa, 0x2, 0x88) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) futex_waitv(&(0x7f00000001c0)=[{0x6, &(0x7f0000000180)=0x6, 0x2}], 0x1, 0x0, &(0x7f0000000240)={0x77359400}, 0x1) 1.537952968s ago: executing program 4 (id=353): mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0) futex(0x0, 0x85, 0x0, 0x0, 0x0, 0x11000000) 808.664657ms ago: executing program 4 (id=354): r0 = socket$nl_route(0x10, 0x3, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x4e24, 0x1, @local, 0x3}}, [0x6, 0x4, 0x5, 0x6, 0x48000000, 0x7, 0x5, 0xfffffffffffffffa, 0x81, 0x80000000, 0x3, 0x0, 0x8af5, 0x8001, 0xffffffffffffffff]}, &(0x7f0000000040)=0xfc) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r2, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0) 331.767975ms ago: executing program 0 (id=355): prctl$PR_SET_MM(0x41555856, 0xf7354000, &(0x7f0000ffb000/0x3000)=nil) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f00000018c0)={&(0x7f0000001040)={0x2, 0x0, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000340)=[@rdma_dest={0x18, 0x114, 0xc}], 0x18}, 0x4000000) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x503}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MAX_AGE={0x8, 0x3, 0x40a}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r2 = syz_usb_connect$cdc_ncm(0x1, 0x6e, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581", @ANYRES8], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r3, 0x800448d4, &(0x7f0000000000)={0x1, 0x2, '\x00', 0x0, 0xfd}) syz_usb_disconnect(r2) 255.617456ms ago: executing program 3 (id=356): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188) 224.427132ms ago: executing program 3 (id=357): r0 = socket$xdp(0x2c, 0x3, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/59, 0x714000, 0x1000, 0x10, 0x2}, 0x20) 91.634052ms ago: executing program 4 (id=358): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$unix(0x1, 0x2, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x44, r4, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r6) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r7 = socket$kcm(0x10, 0x3, 0x0) sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000128bd7000fddbdf250300000008002c000600000008000600", @ANYRES32=r8, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x2008004}, 0x2048881) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0xf8240, 0x0) r9 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r9, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x30004001) setsockopt$sock_attach_bpf(r9, 0x6, 0xd, &(0x7f0000000000), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r11 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, r10, &(0x7f0000000100)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x2, r10, 0x0) r12 = syz_open_dev$sndctrl(&(0x7f0000000200), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r12, 0x81785501, &(0x7f0000000000)=""/14) r13 = openat$drirender128(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r13, 0xc02064b2, &(0x7f00000000c0)={0x1, 0x10000, 0x9}) 91.422579ms ago: executing program 2 (id=359): syz_emit_vhci(&(0x7f0000000640)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x4}, "7339e79f"}}, 0x7) 88.332799ms ago: executing program 2 (id=360): socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x2, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0xffffffff}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$kcm(0x2, 0x5, 0x0) sendmsg$inet(r3, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x35}}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)="9f", 0x1}], 0x1}, 0x4cbe8) socket$packet(0x11, 0x3, 0x300) syz_open_dev$tty1(0xc, 0x4, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x3a, 0x301, 0x70bd25, 0xfffffffc, {0x6}}, 0x5a}, 0x1, 0x0, 0x0, 0x448d3}, 0x0) 68.112012ms ago: executing program 3 (id=361): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040), 0x2c) ioctl$sock_bt_hci(r0, 0x400448e6, &(0x7f0000000080)="fc") ioctl$sock_bt_hci(r0, 0x400448e6, &(0x7f00000000c0)="2dff2211a76fd47d8841409fcc73b870e0f4e7c5a6fc4b9e728fd1d06f2c14869fd887376194caad011928f0d37a860b54e48add95b4d98b4697976524490f8504d3387a706f53eda49405ebc4bc0b99b651474c2a8a2339f5e181706c016285fb65a96168b82b147b02") 19.669401ms ago: executing program 1 (id=362): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newtaction={0x118, 0x30, 0x1, 0x0, 0x0, {}, [{0x104, 0x1, [@m_bpf={0xd4, 0x3, 0x0, 0x0, {{0x8}, {0x48, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS={0x2c, 0x4, [{0x0, 0x9, 0xa, 0x9}, {0x7, 0x4, 0xd3, 0x41a}, {0x4, 0x4, 0x0, 0x8}, {0x1, 0xb, 0x1, 0x3}, {0x9, 0x10, 0x7f}]}, @TCA_ACT_BPF_OPS={0x4}, @TCA_ACT_BPF_OPS={0xc, 0x4, [{0x5, 0x6, 0xa3, 0x1}]}, @TCA_ACT_BPF_FD={0x8}]}, {0x68, 0x6, "b6cde2e0c14eecdf0d2b4af824d791c4b7cde996e394137324413eac6688097956a521f9661c95219c4dd0fc6fb078d191f942b0c9a4788a4cc62f50177b6879ebbf04b1c44033b5a156d7400745993d8fc1ac853c7fded1d6e5b767b732acf49ff18af2"}, {0xc}, {0xfffffffffffffe7f, 0x8, {0x3, 0x2}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x804}, 0x40000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x1f, &(0x7f0000000240)=0xd) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) socket$netlink(0x10, 0x3, 0x15) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000710000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil) rseq(0x0, 0x0, 0x0, 0x0) r3 = mq_open(&(0x7f0000000000)='batadv_slave_1\xbb', 0x8c2, 0x30, &(0x7f0000000080)={0x3, 0x8, 0x6, 0xc07}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000211000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010698b0bb300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100013813695034f7efb78bd1eff248b4e4719ac65f0706b1235f9e5246482217154188e5b463b1e6c928d1a87eaef6d33b055a96ad522b9dbc1a4ea239f48227c541dbf6590d83580d6f079e02b3d505d51ed4fbb3cb5277b827d161fbdf4810661e67f703b75e0b23f818091585b3007a2bea4c771e2ca28b8c49b730fde13377934deb1771658a4cf22878339485864cfc9b9e8996033e2e0f1a40d6cfa60f80abaa3dfd684c3faf4bce3f570697839e95e47f63cc85c7520b98818fd8c8fec602102bd2c2cbaa22cba2f90675fae8bb2db66edbbb233901fe4e18596cb177924f4f5f712d2e4dbf67c3d5945c943b0a2aa349a30088ba57706ff408d2f577aae8ddea5b80658dc8a4d86fe34276f737a9ffe9529bd4d6d07a0a19588e080e3ec5b8eea311a8b4e2b403b5872ded6a5ab0cc3462c5520b5e08c3b74a3fdc2f8f8ec51c6d22b4befcd6f2378ed3a299d4004118a6f04c5e8fb2a6774d5f825755f706cfb21df97d0b5bc5eb470bff920868279a311aada44e46"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x0) mq_getsetattr(r3, &(0x7f0000000040)={0x0, 0x40, 0x4, 0xffff}, 0x0) mq_timedreceive(r3, &(0x7f0000000100)=""/90, 0x5a, 0x100005, 0x0) r4 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x2002) ioctl$EVIOCGRAB(r4, 0x40044590, &(0x7f0000000080)=0x7) readv(r4, &(0x7f0000000140)=[{&(0x7f0000000700)=""/211, 0xd3}], 0x1) write$evdev(r4, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37) mq_timedsend(r3, 0x0, 0x0, 0x5, 0x0) 0s ago: executing program 3 (id=363): r0 = socket$inet_icmp(0x2, 0x2, 0x1) sendmmsg$inet(r0, &(0x7f0000000340)=[{{&(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000400)='\b\x00\x00\x00(\x00\x00\x00', 0x8}], 0x1}}], 0x1, 0x4044800) recvfrom$inet(r0, 0x0, 0x0, 0x20, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.17' (ED25519) to the list of known hosts. [ 28.258937][ T6563] cgroup: Unknown subsys name 'net' [ 28.388927][ T6563] cgroup: Unknown subsys name 'cpuset' [ 28.391040][ T6563] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 28.587953][ T6563] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 29.855121][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 29.871556][ T6582] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 29.872156][ T6582] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 29.874433][ T6586] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 29.876042][ T6586] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 29.876194][ T6586] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 29.876392][ T6586] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 29.877912][ T6586] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 29.878186][ T6586] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 29.878491][ T6586] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 29.878716][ T6586] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 29.878875][ T6586] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 29.879302][ T6586] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 29.879544][ T6586] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 29.881073][ T6586] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 29.881319][ T6586] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 29.881629][ T6586] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 29.881850][ T6586] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 29.882187][ T6579] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 29.885849][ T6587] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 29.894748][ T6587] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 29.899775][ T6575] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 29.904962][ T6575] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 29.906475][ T6575] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 29.918097][ T6575] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 30.065766][ T6577] chnl_net:caif_netlink_parms(): no params data found [ 30.096723][ T6578] chnl_net:caif_netlink_parms(): no params data found [ 30.136676][ T6573] chnl_net:caif_netlink_parms(): no params data found [ 30.146808][ T6574] chnl_net:caif_netlink_parms(): no params data found [ 30.175306][ T6578] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.176470][ T6578] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.176583][ T6578] bridge_slave_0: entered allmulticast mode [ 30.177098][ T6578] bridge_slave_0: entered promiscuous mode [ 30.178701][ T6577] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.178734][ T6577] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.178792][ T6577] bridge_slave_0: entered allmulticast mode [ 30.179678][ T6577] bridge_slave_0: entered promiscuous mode [ 30.180716][ T6577] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.180795][ T6577] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.180856][ T6577] bridge_slave_1: entered allmulticast mode [ 30.181306][ T6577] bridge_slave_1: entered promiscuous mode [ 30.194300][ T6578] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.194346][ T6578] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.194420][ T6578] bridge_slave_1: entered allmulticast mode [ 30.195042][ T6578] bridge_slave_1: entered promiscuous mode [ 30.215905][ T6577] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.230005][ T6577] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.231883][ T6578] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.258646][ T6578] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.258788][ T6573] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.259029][ T6573] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.259105][ T6573] bridge_slave_0: entered allmulticast mode [ 30.259521][ T6573] bridge_slave_0: entered promiscuous mode [ 30.260348][ T6573] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.260363][ T6573] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.260427][ T6573] bridge_slave_1: entered allmulticast mode [ 30.260824][ T6573] bridge_slave_1: entered promiscuous mode [ 30.284675][ T6573] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.285640][ T6573] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.290529][ T6574] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.290586][ T6574] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.290645][ T6574] bridge_slave_0: entered allmulticast mode [ 30.291079][ T6574] bridge_slave_0: entered promiscuous mode [ 30.292190][ T6574] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.292206][ T6574] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.292255][ T6574] bridge_slave_1: entered allmulticast mode [ 30.292673][ T6574] bridge_slave_1: entered promiscuous mode [ 30.300354][ T6577] team0: Port device team_slave_0 added [ 30.316668][ T6577] team0: Port device team_slave_1 added [ 30.318877][ T6574] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.320104][ T6574] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.324343][ T6578] team0: Port device team_slave_0 added [ 30.325926][ T6573] team0: Port device team_slave_0 added [ 30.335460][ T6578] team0: Port device team_slave_1 added [ 30.337156][ T6573] team0: Port device team_slave_1 added [ 30.337341][ T6584] chnl_net:caif_netlink_parms(): no params data found [ 30.347813][ T6574] team0: Port device team_slave_0 added [ 30.356705][ T6577] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.356907][ T6577] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 30.356926][ T6577] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.359029][ T6574] team0: Port device team_slave_1 added [ 30.359687][ T6577] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.359694][ T6577] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 30.359706][ T6577] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.368939][ T6578] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.368950][ T6578] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 30.368965][ T6578] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.369828][ T6573] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.369838][ T6573] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 30.369846][ T6573] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.385223][ T6578] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.385248][ T6578] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 30.385563][ T6578] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.386100][ T6573] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.386109][ T6573] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 30.386120][ T6573] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.409855][ T6574] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.409885][ T6574] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 30.409901][ T6574] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.419193][ T6574] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.419220][ T6574] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 30.419236][ T6574] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.431670][ T6577] hsr_slave_0: entered promiscuous mode [ 30.433253][ T6577] hsr_slave_1: entered promiscuous mode [ 30.460841][ T6573] hsr_slave_0: entered promiscuous mode [ 30.461176][ T6573] hsr_slave_1: entered promiscuous mode [ 30.461382][ T6573] debugfs: 'hsr0' already exists in 'hsr' [ 30.461425][ T6573] Cannot create hsr debugfs directory [ 30.474211][ T6578] hsr_slave_0: entered promiscuous mode [ 30.474523][ T6578] hsr_slave_1: entered promiscuous mode [ 30.474723][ T6578] debugfs: 'hsr0' already exists in 'hsr' [ 30.474732][ T6578] Cannot create hsr debugfs directory [ 30.476612][ T6574] hsr_slave_0: entered promiscuous mode [ 30.476948][ T6574] hsr_slave_1: entered promiscuous mode [ 30.477126][ T6574] debugfs: 'hsr0' already exists in 'hsr' [ 30.477135][ T6574] Cannot create hsr debugfs directory [ 30.482489][ T6584] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.482602][ T6584] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.482662][ T6584] bridge_slave_0: entered allmulticast mode [ 30.483103][ T6584] bridge_slave_0: entered promiscuous mode [ 30.486187][ T6584] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.486210][ T6584] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.486266][ T6584] bridge_slave_1: entered allmulticast mode [ 30.486696][ T6584] bridge_slave_1: entered promiscuous mode [ 30.525229][ T6584] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.535049][ T6584] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.565180][ T6584] team0: Port device team_slave_0 added [ 30.574709][ T6584] team0: Port device team_slave_1 added [ 30.612134][ T6584] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.613457][ T6584] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 30.617417][ T6584] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.627944][ T6584] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.627971][ T6584] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 30.627989][ T6584] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.659583][ T6584] hsr_slave_0: entered promiscuous mode [ 30.659949][ T6584] hsr_slave_1: entered promiscuous mode [ 30.660162][ T6584] debugfs: 'hsr0' already exists in 'hsr' [ 30.660174][ T6584] Cannot create hsr debugfs directory [ 30.679050][ T6577] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 30.682733][ T6577] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 30.687203][ T6577] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 30.694241][ T6577] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 30.726404][ T6577] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.726448][ T6577] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.726629][ T6577] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.726661][ T6577] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.734147][ T6573] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 30.737321][ T6573] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 30.745179][ T6573] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 30.749549][ T6573] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 30.770808][ T6574] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 30.773244][ T6574] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 30.775687][ T6574] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 30.783262][ T6574] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 30.799435][ T6578] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 30.802305][ T6578] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 30.805116][ T6578] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 30.808198][ T6578] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 30.815557][ T6573] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.815623][ T6573] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.815707][ T6573] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.815733][ T6573] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.853628][ T6574] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.853669][ T6574] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.853747][ T6574] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.853773][ T6574] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.863134][ T6578] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.863211][ T6578] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.863286][ T6578] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.863309][ T6578] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.871051][ T6584] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 30.873720][ T6584] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 30.879391][ T6584] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 30.884012][ T6584] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 30.888753][ T6577] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.902827][ T6577] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.908490][ T1970] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.910347][ T1970] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.912221][ T1970] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.913921][ T1970] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.916699][ T1970] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.918687][ T1970] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.919990][ T1970] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.921943][ T1970] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.940372][ T1106] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.940421][ T1106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.945151][ T1106] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.945214][ T1106] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.971428][ T6577] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 30.972372][ T6577] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.987082][ T6578] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.018358][ T6574] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.020389][ T6584] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.023198][ T6584] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.030356][ T6573] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.034535][ T6573] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.039906][ T1106] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.039974][ T1106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.040822][ T1106] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.040840][ T1106] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.044260][ T6578] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.046727][ T1106] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.046767][ T1106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.052701][ T1106] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.052737][ T1106] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.053620][ T1106] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.053635][ T1106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.075194][ T1970] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.075234][ T1970] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.089401][ T6574] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.116740][ T1970] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.116783][ T1970] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.119658][ T1970] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.119684][ T1970] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.140713][ T6577] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.184662][ T6584] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.205887][ T6577] veth0_vlan: entered promiscuous mode [ 31.208612][ T6577] veth1_vlan: entered promiscuous mode [ 31.232796][ T6577] veth0_macvtap: entered promiscuous mode [ 31.233875][ T6577] veth1_macvtap: entered promiscuous mode [ 31.237108][ T6577] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.255270][ T6577] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.267194][ T6573] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.272484][ T4222] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.274270][ T4222] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.275674][ T4222] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.277045][ T4222] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.305071][ T6574] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.329418][ T6578] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.346189][ T6573] veth0_vlan: entered promiscuous mode [ 31.347334][ T6047] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.348813][ T6047] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.371815][ T6573] veth1_vlan: entered promiscuous mode [ 31.373278][ T6047] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.373440][ T6047] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.402447][ T6578] veth0_vlan: entered promiscuous mode [ 31.406222][ T6584] veth0_vlan: entered promiscuous mode [ 31.408516][ T6574] veth0_vlan: entered promiscuous mode [ 31.413596][ T6577] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 31.415083][ T6584] veth1_vlan: entered promiscuous mode [ 31.422395][ T6578] veth1_vlan: entered promiscuous mode [ 31.433944][ T6574] veth1_vlan: entered promiscuous mode [ 31.481941][ T6573] veth0_macvtap: entered promiscuous mode [ 31.482972][ T6584] veth0_macvtap: entered promiscuous mode [ 31.485285][ T6574] veth0_macvtap: entered promiscuous mode [ 31.491395][ T6573] veth1_macvtap: entered promiscuous mode [ 31.494429][ T6584] veth1_macvtap: entered promiscuous mode [ 31.501326][ T6574] veth1_macvtap: entered promiscuous mode [ 31.508464][ T6578] veth0_macvtap: entered promiscuous mode [ 31.515295][ T6578] veth1_macvtap: entered promiscuous mode [ 31.516886][ T6688] loop2: detected capacity change from 0 to 32768 [ 31.520549][ T6688] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.3 (6688) [ 31.525349][ T6688] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 31.527266][ T6688] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 31.529361][ T6688] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 31.548421][ T6573] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.551859][ T6584] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.561430][ T6574] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.563757][ T6573] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.570098][ T6584] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.573361][ T6578] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.574486][ T6578] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.579374][ T3128] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.579440][ T3128] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.584807][ T6574] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.586921][ T3128] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.595332][ T3128] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.600060][ T3128] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.601445][ T3128] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.601466][ T3128] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.601486][ T3128] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.601501][ T3128] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.601514][ T3128] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.601527][ T3128] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.601540][ T3128] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.601552][ T3128] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.601564][ T3128] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.601577][ T3128] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.601589][ T3128] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.665250][ T6688] BTRFS info (device loop2): rebuilding free space tree [ 31.690642][ T6688] BTRFS info (device loop2): disabling free space tree [ 31.691966][ T6688] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 31.692011][ T6688] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 31.697965][ T6688] BTRFS info (device loop2): setting nodatasum [ 31.699022][ T6688] BTRFS info (device loop2): allowing degraded mounts [ 31.700466][ T6688] BTRFS info (device loop2): turning on async discard [ 31.701957][ T6688] BTRFS info (device loop2): enabling disk space caching [ 31.703307][ T6688] BTRFS info (device loop2): force clearing of disk cache [ 31.703358][ T6688] BTRFS info (device loop2): force zlib compression, level 3 [ 31.706902][ T3895] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.706937][ T3895] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.727179][ T3895] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.727215][ T3895] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.743848][ T3895] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.743878][ T3895] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.756645][ T6047] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.756689][ T6047] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.783670][ T6047] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.783699][ T6047] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.805732][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.805965][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.814215][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.814251][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.830682][ T3895] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.830715][ T3895] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.920064][ T6575] Bluetooth: hci3: command tx timeout [ 31.920583][ T53] Bluetooth: hci1: command tx timeout [ 32.085895][ T6587] Bluetooth: hci0: command tx timeout [ 32.086457][ T6575] Bluetooth: hci2: command tx timeout [ 32.087145][ T6167] Bluetooth: hci4: command tx timeout [ 32.215638][ T6711] loop1: detected capacity change from 0 to 256 [ 32.219885][ T6714] binder: 6713:6714 got transaction to invalid handle, 1 [ 32.221250][ T6714] binder: 6713:6714 cannot find target node [ 32.222308][ T6714] binder: 6713:6714 transaction async to 0:0 failed 1/29201/-22, code 0 size 0-0 line 3232 [ 32.223411][ T6711] exfat: Deprecated parameter 'namecase' [ 32.259076][ T6711] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 32.280240][ T6718] loop4: detected capacity change from 0 to 2048 [ 32.281930][ T6718] ======================================================= [ 32.281930][ T6718] WARNING: The mand mount option has been deprecated and [ 32.281930][ T6718] and is ignored by this kernel. Remove the mand [ 32.281930][ T6718] option from the mount to silence this warning. [ 32.281930][ T6718] ======================================================= [ 32.302218][ T6718] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 32.303775][ T6718] UDF-fs: Scanning with blocksize 512 failed [ 32.306635][ T6718] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 32.316474][ T6577] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 32.341085][ T6718] overlayfs: upper fs needs to support d_type. [ 32.341680][ T6718] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 32.341693][ T6718] overlayfs: failed to set xattr on upper [ 32.341697][ T6718] overlayfs: ...falling back to redirect_dir=nofollow. [ 32.341701][ T6718] overlayfs: ...falling back to index=off. [ 32.341704][ T6718] overlayfs: ...falling back to uuid=null. [ 32.342405][ T6703] binder: undelivered TRANSACTION_ERROR: 29201 [ 32.515998][ T6734] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6'. [ 32.516825][ T6734] loop2: detected capacity change from 0 to 8 [ 32.753362][ T6733] loop0: detected capacity change from 0 to 32768 [ 33.150016][ T6733] (syz.0.9,6733,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 33.179629][ T6733] (syz.0.9,6733,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 33.200717][ T6733] JBD2: Ignoring recovery information on journal [ 33.219753][ T6733] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 33.271557][ T6744] loop1: detected capacity change from 0 to 32768 [ 33.271942][ T6744] btrfs: Unknown parameter 'subj_role' [ 33.297221][ T6744] syz.1.11 uses obsolete (PF_INET,SOCK_PACKET) [ 33.300151][ T6744] netlink: 40 bytes leftover after parsing attributes in process `syz.1.11'. [ 33.340774][ T6578] ocfs2: Unmounting device (7,0) on (node local) [ 33.356380][ T6760] loop4: detected capacity change from 0 to 64 [ 33.414832][ T6767] loop0: detected capacity change from 0 to 512 [ 33.422902][ T6770] loop4: detected capacity change from 0 to 164 [ 33.431558][ T6770] isofs_fill_super: bread failed, dev=loop4, iso_blknum=41, block=82 [ 33.437246][ T6770] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 33.444882][ T6770] fuse: Bad value for 'fd' [ 33.519459][ T6747] loop2: detected capacity change from 0 to 40427 [ 33.555641][ T6773] delete_channel: no stack [ 33.624264][ T6782] fuse: Bad value for 'group_id' [ 33.624318][ T6782] fuse: Bad value for 'group_id' [ 33.637350][ T6780] exfat: Deprecated parameter 'namecase' [ 33.644391][ T6787] sock: sock_timestamping_bind_phc: sock not bind to device [ 33.658995][ T6780] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 33.662441][ T6787] mkiss: ax0: crc mode is auto. [ 33.706527][ T6790] ntfs3(loop1): ino=b, mi_enum_attr [ 33.708089][ T6790] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 33.713838][ T6790] ntfs3(loop1): Failed to load $Extend (-22). [ 33.715319][ T6790] ntfs3(loop1): Failed to initialize $Extend. [ 33.813917][ T6747] jfs: Bad value for 'uid' [ 33.815097][ T6747] jfs: Bad value for 'uid' [ 33.826914][ T6804] netlink: 24 bytes leftover after parsing attributes in process `syz.3.27'. [ 33.826965][ T6804] netlink: 24 bytes leftover after parsing attributes in process `syz.3.27'. [ 33.832047][ T6804] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 33.833274][ T6804] squashfs: Unknown parameter 'subj_type' [ 33.867397][ T6802] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 33.930427][ T13] ntfs3(loop0): ino=9, ntfs3_write_inode failed, -22. [ 33.931177][ T6578] ntfs3(loop0): ino=9, ntfs_sync_fs failed, -22. [ 33.964466][ T6812] IPv6: sit1: Disabled Multicast RS [ 33.964880][ T6812] sit1: entered allmulticast mode [ 33.975491][ T6812] syzkaller0: entered promiscuous mode [ 33.975527][ T6812] syzkaller0: entered allmulticast mode [ 33.998472][ T53] Bluetooth: hci3: command tx timeout [ 34.063067][ T6827] netlink: 'syz.4.33': attribute type 10 has an invalid length. [ 34.082986][ T6823] loop2: [ 34.084283][ T6823] loop2: partition table partially beyond EOD, truncated [ 34.104561][ T6827] veth1_vlan: entered allmulticast mode [ 34.106588][ T6827] team0: Device veth1_vlan failed to register rx_handler [ 34.157673][ T53] Bluetooth: hci4: command tx timeout [ 34.157891][ T6587] Bluetooth: hci0: command tx timeout [ 34.158008][ T6575] Bluetooth: hci2: command tx timeout [ 34.158047][ T6167] Bluetooth: hci1: command tx timeout [ 34.225208][ T6829] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.34 (6829) [ 34.229908][ T6829] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 34.232183][ T6829] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm [ 34.248686][ T6829] BTRFS info (device loop0): enabling ssd optimizations [ 34.250179][ T6829] BTRFS info (device loop0): turning on async discard [ 34.251613][ T6829] BTRFS info (device loop0): enabling free space tree [ 34.272404][ T6824] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 34.272616][ T6824] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 34.276889][ T6829] BTRFS info (device loop0): setting incompat feature flag for SIMPLE_QUOTA (0x10000) [ 34.402189][ T6578] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 34.494314][ T6747] F2FS-fs (loop2): QUOTA feature is enabled, so ignore qf_name [ 34.494363][ T6747] F2FS-fs (loop2): build fault injection rate: 7 [ 34.494392][ T6747] F2FS-fs (loop2): build fault injection type: 0x40004 [ 34.498649][ T6747] F2FS-fs (loop2): invalid crc value [ 34.500245][ T6852] faux_driver vgem: [drm] Unknown color mode 3; guessing buffer size. [ 34.505217][ T6747] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x148/0x4a8 [ 34.507101][ T6747] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x4ec/0x7b0 [ 34.510482][ T6747] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x4ec/0x7b0 [ 34.514191][ T6747] F2FS-fs (loop2): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x17c/0x7b0 [ 34.519389][ T6852] netlink: 4 bytes leftover after parsing attributes in process `syz.0.36'. [ 34.519433][ T6852] netlink: 5 bytes leftover after parsing attributes in process `syz.0.36'. [ 34.519449][ T6852] netlink: 144 bytes leftover after parsing attributes in process `syz.0.36'. [ 34.525868][ T6747] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x148/0x4a8 [ 34.536494][ T6747] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x148/0x4a8 [ 34.546262][ T6747] F2FS-fs (loop2): Bad quota inode 2:255 [ 34.546288][ T6747] F2FS-fs (loop2): Failed to enable quota tracking (type=2, err=-2). Please run fsck to fix. [ 34.547079][ T6747] F2FS-fs (loop2): Cannot turn on quotas: error -2 [ 34.547182][ T6747] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 34.547844][ T6747] F2FS-fs (loop2): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_recover_fsync_data+0x3b0/0x7458 [ 34.549915][ T6747] F2FS-fs (loop2): Mounted with checkpoint version = 1b41e954 [ 34.611652][ T6577] F2FS-fs (loop2): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x420/0x1b50 [ 34.611706][ T6577] F2FS-fs (loop2): invalid blkaddr: 513, type: 10, run fsck to fix. [ 34.611738][ T6577] F2FS-fs (loop2): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x4a8/0x1b50 [ 34.611754][ T6577] F2FS-fs (loop2): invalid blkaddr: 516, type: 10, run fsck to fix. [ 34.628619][ T6577] F2FS-fs (loop2): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x4a8/0x1b50 [ 34.628660][ T6577] F2FS-fs (loop2): invalid blkaddr: 1025, type: 10, run fsck to fix. [ 34.628906][ T6577] F2FS-fs (loop2): invalid blkaddr: 1029, type: 10, run fsck to fix. [ 34.646410][ T6860] ntfs3: Unknown parameter '00000000000000000000000¢f_m€Höé«à *õbsÛb‰*<«YsÒD*™õ¯B½”ÝkÍ• W”ÅÂ…kDÿÿÿÿÿÿ0xffffffffffffffffÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ' [ 34.708914][ T6864] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 34.783247][ T6868] EXT4-fs (loop0): shut down requested (2) [ 34.816024][ T6870] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 34.880122][ T6578] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.898693][ T6878] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 35.012493][ T6884] FAT-fs (loop1): Directory bread(block 64) failed [ 35.017766][ T6884] FAT-fs (loop1): Directory bread(block 65) failed [ 35.018960][ T6884] FAT-fs (loop1): Directory bread(block 66) failed [ 35.020182][ T6884] FAT-fs (loop1): Directory bread(block 67) failed [ 35.021330][ T6884] FAT-fs (loop1): Directory bread(block 68) failed [ 35.022409][ T6884] FAT-fs (loop1): Directory bread(block 69) failed [ 35.023472][ T6884] FAT-fs (loop1): Directory bread(block 70) failed [ 35.024466][ T6884] FAT-fs (loop1): Directory bread(block 71) failed [ 35.025570][ T6884] FAT-fs (loop1): Directory bread(block 72) failed [ 35.026562][ T6884] FAT-fs (loop1): Directory bread(block 73) failed [ 36.078829][ T53] Bluetooth: hci3: command tx timeout [ 36.218814][ T6907] capability: warning: `syz.1.52' uses deprecated v2 capabilities in a way that may be insecure [ 36.238225][ T53] Bluetooth: hci1: command tx timeout [ 36.238475][ T6587] Bluetooth: hci0: command tx timeout [ 36.238530][ T6575] Bluetooth: hci2: command tx timeout [ 36.238850][ T6167] Bluetooth: hci4: command tx timeout [ 36.240641][ T6906] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 36.341469][ T6881] F2FS-fs: heap/no_heap options were deprecated [ 36.343047][ T6881] F2FS-fs (loop4): Invalid segment/section count (31, 65560 x 1) [ 36.345009][ T6577] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 36.348465][ T6881] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 36.348824][ T6881] F2FS-fs (loop4): Image doesn't support compression [ 36.348839][ T6881] F2FS-fs (loop4): build fault injection rate: 5 [ 36.352112][ T6881] F2FS-fs (loop4): invalid crc value [ 36.369263][ T6896] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 36.382829][ T6881] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 36.392935][ T6881] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 36.392984][ T6881] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 36.410333][ T6896] XFS (loop0): Ending clean mount [ 36.523403][ T6908] set_capacity_and_notify: 16 callbacks suppressed [ 36.523447][ T6908] loop1: detected capacity change from 0 to 32768 [ 36.562870][ T6908] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 36.616328][ T6908] XFS (loop1): Ending clean mount [ 36.628073][ T6908] XFS (loop1): Quotacheck needed: Please wait. [ 36.654944][ T6908] XFS (loop1): Quotacheck: Done. [ 36.699537][ T6574] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 36.742476][ T6931] loop2: detected capacity change from 0 to 32768 [ 36.757240][ T6931] OCFS2: ERROR (device loop2): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode 73: bits per cluster 32 [ 36.757283][ T6931] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 36.757290][ T6931] OCFS2: File system is now read-only. [ 36.757296][ T6931] (syz.2.53,6931,1):ocfs2_read_locked_inode:599 ERROR: status = -30 [ 36.757359][ T6931] (syz.2.53,6931,1):_ocfs2_get_system_file_inode:144 ERROR: status = -30 [ 36.758217][ T6931] (syz.2.53,6931,1):ocfs2_init_local_system_inodes:496 ERROR: status=-30, sysfile=8, slot=0 [ 36.758243][ T6931] (syz.2.53,6931,1):ocfs2_init_local_system_inodes:505 ERROR: status = -30 [ 36.758251][ T6931] (syz.2.53,6931,1):ocfs2_mount_volume:1758 ERROR: status = -30 [ 36.769641][ T6931] (syz.2.53,6931,1):ocfs2_fill_super:1177 ERROR: status = -30 [ 36.785823][ T6931] netlink: 'syz.2.53': attribute type 13 has an invalid length. [ 36.788799][ T6931] veth0_macvtap: left promiscuous mode [ 36.827140][ T6931] macvtap0: entered promiscuous mode [ 36.840781][ T6931] macvtap0: refused to change device tx_queue_len [ 37.030466][ T6938] loop4: detected capacity change from 0 to 65536 [ 37.031348][ T6955] loop2: detected capacity change from 0 to 2048 [ 37.031716][ T6955] EXT4-fs: Ignoring removed bh option [ 37.301239][ T6955] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.309441][ T6578] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 37.313377][ T6938] XFS (loop4): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 37.363049][ T6938] XFS (loop4): Ending clean mount [ 37.392151][ T6577] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.500129][ T6584] XFS (loop4): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 37.637146][ T6970] loop3: detected capacity change from 0 to 32768 [ 37.648698][ T6980] loop2: detected capacity change from 0 to 32768 [ 37.650433][ T6970] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.59 (6970) [ 37.654599][ T6970] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 37.656238][ T6970] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm [ 37.656290][ T6970] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 37.674085][ T6980] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 37.714510][ T6980] XFS (loop2): Ending clean mount [ 37.735868][ T6970] BTRFS info (device loop3): rebuilding free space tree [ 37.749885][ T6970] BTRFS info (device loop3): disabling free space tree [ 37.749952][ T6970] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 37.749972][ T6970] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 37.756689][ T6970] BTRFS info (device loop3): enabling ssd optimizations [ 37.760859][ T6970] BTRFS info (device loop3): turning on async discard [ 37.760898][ T6970] BTRFS info (device loop3): enabling disk space caching [ 37.760927][ T6970] BTRFS info (device loop3): force clearing of disk cache [ 37.768930][ T6981] loop0: detected capacity change from 0 to 32768 [ 37.769305][ T6981] xfs: Deprecated parameter 'ikeep' [ 37.769642][ T6981] XFS: ikeep mount option is deprecated. [ 37.792986][ T6577] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 37.826403][ T6981] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 37.834333][ T6573] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 37.846797][ T6985] loop4: detected capacity change from 0 to 32768 [ 37.847392][ T6985] BTRFS info: device /dev/loop4 (7:4) using temp-fsid 1623d817-47d4-467f-8c8a-eaf4cff22c7b [ 37.847425][ T6985] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.65 (6985) [ 37.854459][ T6985] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 37.859142][ T6985] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm [ 37.912307][ T6981] XFS (loop0): Ending clean mount [ 37.914924][ T6981] XFS (loop0): Quotacheck needed: Please wait. [ 37.959959][ T6981] XFS (loop0): Quotacheck: Done. [ 37.987131][ T7039] loop1: detected capacity change from 0 to 1024 [ 37.987668][ T7039] EXT4-fs: Ignoring removed bh option [ 37.988037][ T7039] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 37.991943][ T6985] BTRFS info (device loop4): enabling ssd optimizations [ 37.993122][ T6985] BTRFS info (device loop4): turning on async discard [ 37.993162][ T6985] BTRFS info (device loop4): enabling free space tree [ 38.027801][ T7039] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.041418][ T7039] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 38.088946][ T6578] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 38.125825][ T5375] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 38.157783][ T6167] Bluetooth: hci3: command tx timeout [ 38.162484][ T6584] BTRFS info (device loop4): last unmount of filesystem 1623d817-47d4-467f-8c8a-eaf4cff22c7b [ 38.164730][ T6574] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.236155][ T7056] bridge_slave_0: left allmulticast mode [ 38.236200][ T7056] bridge_slave_0: left promiscuous mode [ 38.236307][ T7056] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.276342][ T7064] netlink: 'syz.0.73': attribute type 10 has an invalid length. [ 38.296586][ T7063] loop1: detected capacity change from 0 to 2048 [ 38.302055][ T7063] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 38.305098][ T7056] bridge_slave_1: left allmulticast mode [ 38.305441][ T7056] bridge_slave_1: left promiscuous mode [ 38.305978][ T7056] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.318502][ T6587] Bluetooth: hci0: command tx timeout [ 38.318549][ T6575] Bluetooth: hci2: command tx timeout [ 38.318716][ T6167] Bluetooth: hci1: command tx timeout [ 38.318746][ T53] Bluetooth: hci4: command tx timeout [ 38.331037][ T7056] bond0: (slave bond_slave_0): Releasing backup interface [ 38.395702][ T7056] bond0: (slave bond_slave_1): Releasing backup interface [ 38.432871][ T7056] team0: Port device team_slave_0 removed [ 38.444846][ T7056] team0: Port device team_slave_1 removed [ 38.450790][ T7056] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 38.450827][ T7056] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 38.467434][ T7056] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 38.467465][ T7056] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 38.470227][ T7056] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 38.484594][ T7064] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.486015][ T7064] team0: Port device bond0 added [ 38.491032][ T7067] netlink: 'syz.2.82': attribute type 1 has an invalid length. [ 38.491341][ T7067] Zero length message leads to an empty skb [ 38.573458][ T6892] hid-generic 0005:16C0:05DF.0001: item fetching failed at offset 0/1 [ 38.575259][ T6892] hid-generic 0005:16C0:05DF.0001: probe with driver hid-generic failed with error -22 [ 38.585453][ T7077] OCFS2: ERROR (device loop4): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode 71: chain list count 64 [ 38.588268][ T7077] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 38.589948][ T7077] OCFS2: File system is now read-only. [ 38.590866][ T7077] (syz.4.76,7077,0):ocfs2_read_locked_inode:599 ERROR: status = -30 [ 38.592245][ T7077] (syz.4.76,7077,0):_ocfs2_get_system_file_inode:144 ERROR: status = -30 [ 38.593838][ T7077] (syz.4.76,7077,0):ocfs2_init_global_system_inodes:465 ERROR: status = -30 [ 38.595180][ T7077] (syz.4.76,7077,0):ocfs2_init_global_system_inodes:467 ERROR: Unable to load system inode 4, possibly corrupt fs? [ 38.595225][ T7077] (syz.4.76,7077,0):ocfs2_init_global_system_inodes:476 ERROR: status = -30 [ 38.598565][ T7077] (syz.4.76,7077,0):ocfs2_initialize_super:2198 ERROR: status = -30 [ 38.599838][ T7077] (syz.4.76,7077,0):ocfs2_fill_super:1177 ERROR: status = -30 [ 38.748376][ T7098] EXT4-fs: Ignoring removed oldalloc option [ 38.748413][ T7098] ext2: Invalid gid '0x00000000ffffffff' [ 38.815386][ T7107] EXT4-fs: Ignoring removed orlov option [ 38.816414][ T7107] EXT4-fs: Ignoring removed nomblk_io_submit option [ 38.817594][ T7096] loop0: p1 p2 p3 p4 [ 38.817594][ T7096] p3: [ 38.817605][ T7096] loop0: partition table partially beyond EOD, truncated [ 38.817694][ T7096] loop0: p1 start 51379968 is beyond EOD, truncated [ 38.817703][ T7096] loop0: p2 start 4293394690 is beyond EOD, truncated [ 38.817710][ T7096] loop0: p3 size 100663552 extends beyond EOD, truncated [ 38.818556][ T7096] loop0: p4 size 50331648 extends beyond EOD, truncated [ 38.820022][ T7096] loop0: p5 start 51379968 is beyond EOD, truncated [ 38.820034][ T7096] loop0: p6 start 4293394690 is beyond EOD, truncated [ 38.820044][ T7096] loop0: p7 size 100663552 extends beyond EOD, truncated [ 38.843272][ T7096] warning: `syz.0.93' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 38.851468][ T7107] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.859410][ T7107] EXT4-fs (loop4): Online resizing not supported with bigalloc [ 38.866551][ T6214] loop0: p1 p2 p3 p4 [ 38.866551][ T6214] p3: [ 38.866575][ T6214] loop0: partition table partially beyond EOD, truncated [ 38.867307][ T6214] loop0: p1 start 51379968 is beyond EOD, truncated [ 38.867319][ T6214] loop0: p2 start 4293394690 is beyond EOD, truncated [ 38.867330][ T6214] loop0: p3 size 100663552 extends beyond EOD, truncated [ 38.880532][ T6214] loop0: p4 size 50331648 extends beyond EOD, truncated [ 38.881972][ T6584] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.884078][ T6214] loop0: p5 start 51379968 is beyond EOD, truncated [ 38.884129][ T6214] loop0: p6 start 4293394690 is beyond EOD, truncated [ 38.884140][ T6214] loop0: p7 size 100663552 extends beyond EOD, truncated [ 38.976424][ T7119] netlink: 16 bytes leftover after parsing attributes in process `syz.1.104'. [ 38.991714][ T7121] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 39.012167][ T7121] EXT4-fs (loop4): failed to open journal device unknown-block(0,0) -6 [ 39.093179][ T7108] (syz.2.99,7108,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 39.093372][ T7108] (syz.2.99,7108,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 39.120261][ T7108] JBD2: Ignoring recovery information on journal [ 39.141329][ T6832] udevd[6832]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 39.145936][ T6830] udevd[6830]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 39.150621][ T7108] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 39.154784][ T6736] udevd[6736]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory [ 39.180657][ T6750] loop4: p1 < > p3 p4 < > [ 39.193038][ T6832] udevd[6832]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 39.216157][ T6750] loop4: p3 start 4284289 is beyond EOD, truncated [ 39.221178][ T6742] udevd[6742]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory [ 39.223974][ T7126] loop4: p1 < > p3 p4 < > [ 39.225985][ T6736] udevd[6736]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 39.231662][ T7126] loop4: p3 start 4284289 is beyond EOD, truncated [ 39.244731][ T7139] EXT4-fs: Ignoring removed nobh option [ 39.255623][ T7139] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 39.292034][ T7139] EXT4-fs (loop1): failed to open journal device unknown-block(0,0) -6 [ 39.312017][ T6577] ocfs2: Unmounting device (7,2) on (node local) [ 39.476978][ T7149] netlink: 'syz.2.113': attribute type 5 has an invalid length. [ 39.687874][ T7153] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 39.717295][ T7153] XFS (loop2): Ending clean mount [ 39.734425][ T6577] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 39.978652][ T6214] loop4: p1 < > p3 p4 < > [ 39.980157][ T6214] loop4: p3 start 4284289 is beyond EOD, truncated [ 40.039873][ T7173] OCFS2: ERROR (device loop2): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode 73: bits per cluster 32 [ 40.039913][ T7173] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 40.041492][ T7173] OCFS2: File system is now read-only. [ 40.041508][ T7173] (syz.2.118,7173,1):ocfs2_read_locked_inode:599 ERROR: status = -30 [ 40.041575][ T7173] (syz.2.118,7173,1):_ocfs2_get_system_file_inode:144 ERROR: status = -30 [ 40.042512][ T7173] (syz.2.118,7173,1):ocfs2_init_local_system_inodes:496 ERROR: status=-30, sysfile=8, slot=0 [ 40.042532][ T7173] (syz.2.118,7173,1):ocfs2_init_local_system_inodes:505 ERROR: status = -30 [ 40.042543][ T7173] (syz.2.118,7173,1):ocfs2_mount_volume:1758 ERROR: status = -30 [ 40.044638][ T7173] (syz.2.118,7173,1):ocfs2_fill_super:1177 ERROR: status = -30 [ 40.069247][ T6832] udevd[6832]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 40.075777][ T6567] udevd[6567]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 40.279073][ T7180] OCFS2: ERROR (device loop4): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode 73: bits per cluster 32 [ 40.279111][ T7180] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 40.279116][ T7180] OCFS2: File system is now read-only. [ 40.279121][ T7180] (syz.4.124,7180,1):ocfs2_read_locked_inode:599 ERROR: status = -30 [ 40.279174][ T7180] (syz.4.124,7180,1):_ocfs2_get_system_file_inode:144 ERROR: status = -30 [ 40.279350][ T7180] (syz.4.124,7180,1):ocfs2_init_local_system_inodes:496 ERROR: status=-30, sysfile=8, slot=0 [ 40.279360][ T7180] (syz.4.124,7180,1):ocfs2_init_local_system_inodes:505 ERROR: status = -30 [ 40.279367][ T7180] (syz.4.124,7180,1):ocfs2_mount_volume:1758 ERROR: status = -30 [ 40.283721][ T7180] (syz.4.124,7180,1):ocfs2_fill_super:1177 ERROR: status = -30 [ 40.298939][ T7186] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 40.313678][ T7157] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0) [ 40.315009][ T7157] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 40.331359][ T7157] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 40.334441][ T7157] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 40.335529][ T7157] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 40.910578][ T7171] F2FS-fs (loop0): invalid crc value [ 40.927614][ T7212] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 40.928883][ T7212] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 40.930671][ T7212] F2FS-fs (loop2): build fault injection rate: 17008 [ 40.930715][ T7212] F2FS-fs (loop2): build fault injection type: 0x6 [ 40.931061][ T7212] F2FS-fs (loop2): invalid crc value [ 40.933866][ T7171] F2FS-fs (loop0): sanity_check_inode: inode (ino=3) is with extra_attr, but extra_attr feature is off [ 40.935621][ T7171] F2FS-fs (loop0): Failed to read root inode [ 40.987340][ T7212] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 40.998674][ T7212] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 40.998710][ T7212] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 41.024759][ T7212] syz.2.136: attempt to access beyond end of device [ 41.024759][ T7212] loop2: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 41.025786][ T7212] syz.2.136: attempt to access beyond end of device [ 41.025786][ T7212] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 41.027184][ T7212] CPU: 1 UID: 0 PID: 7212 Comm: syz.2.136 Not tainted syzkaller #0 PREEMPT [ 41.027206][ T7212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 41.027212][ T7212] Call trace: [ 41.027215][ T7212] show_stack+0x2c/0x3c (C) [ 41.027232][ T7212] __dump_stack+0x30/0x40 [ 41.027242][ T7212] dump_stack_lvl+0xd8/0x12c [ 41.027250][ T7212] dump_stack+0x1c/0x28 [ 41.027256][ T7212] f2fs_handle_critical_error+0x34c/0x4b8 [ 41.027269][ T7212] f2fs_stop_checkpoint+0x5c/0x70 [ 41.027277][ T7212] f2fs_write_end_io+0x770/0xa78 [ 41.027284][ T7212] bio_endio+0x8d4/0x910 [ 41.027294][ T7212] submit_bio_noacct+0xd44/0x186c [ 41.027302][ T7212] submit_bio+0x3b4/0x550 [ 41.027308][ T7212] f2fs_submit_write_bio+0x124/0x324 [ 41.027319][ T7212] __submit_merged_bio+0x224/0x6d4 [ 41.027324][ T7212] __submit_merged_write_cond+0x250/0x4ac [ 41.027334][ T7212] f2fs_write_data_pages+0x1dd4/0x2878 [ 41.027340][ T7212] do_writepages+0x270/0x468 [ 41.027351][ T7212] filemap_fdatawrite+0x14c/0x1f4 [ 41.027361][ T7212] f2fs_sync_dirty_inodes+0x2a0/0x788 [ 41.027370][ T7212] f2fs_write_checkpoint+0x708/0x1c28 [ 41.027378][ T7212] f2fs_issue_checkpoint+0x300/0x494 [ 41.027387][ T7212] f2fs_sync_fs+0x1d8/0x4dc [ 41.027396][ T7212] f2fs_do_sync_file+0x960/0x14d8 [ 41.027403][ T7212] __f2fs_ioctl+0x4188/0x98fc [ 41.027410][ T7212] f2fs_ioctl+0x130/0x208 [ 41.027416][ T7212] __arm64_sys_ioctl+0x14c/0x1c4 [ 41.027423][ T7212] invoke_syscall+0x98/0x254 [ 41.027431][ T7212] el0_svc_common+0xe8/0x23c [ 41.027438][ T7212] do_el0_svc+0x48/0x58 [ 41.027444][ T7212] el0_svc+0x5c/0x26c [ 41.027453][ T7212] el0t_64_sync_handler+0x84/0x12c [ 41.027461][ T7212] el0t_64_sync+0x198/0x19c [ 41.027470][ T7212] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 41.177933][ T7200] F2FS-fs (loop4): Invalid segment/section count (31, 24 x 150994945) [ 41.180724][ T7200] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 41.183272][ T7200] F2FS-fs (loop4): invalid crc value [ 41.199588][ T7200] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 41.212883][ T7200] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 41.212923][ T7200] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 41.345146][ T53] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 41.345183][ T53] Bluetooth: Wrong link type (-22) [ 41.511184][ T7250] ntfs3(loop0): mft corrupted [ 41.512120][ T7250] ntfs3(loop0): mft corrupted [ 41.521652][ T7254] F2FS-fs (loop2): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288) [ 41.521697][ T7254] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 41.522362][ T7254] F2FS-fs (loop2): Image doesn't support compression [ 41.522380][ T7254] F2FS-fs (loop2): build fault injection rate: 690 [ 41.522393][ T7254] F2FS-fs (loop2): build fault injection type: 0x35f7 [ 41.522869][ T7254] F2FS-fs (loop2): invalid crc value [ 41.574428][ T7254] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 41.576246][ T7254] F2FS-fs (loop2): Start checkpoint disabled! [ 41.586297][ T7254] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 41.589943][ T7254] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 41.590286][ T7254] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 41.642946][ T237] kworker/u8:4: attempt to access beyond end of device [ 41.642946][ T237] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 41.643407][ T237] CPU: 1 UID: 0 PID: 237 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT [ 41.643418][ T237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 41.643423][ T237] Workqueue: writeback wb_workfn (flush-7:2) [ 41.643441][ T237] Call trace: [ 41.643443][ T237] show_stack+0x2c/0x3c (C) [ 41.643454][ T237] __dump_stack+0x30/0x40 [ 41.643460][ T237] dump_stack_lvl+0xd8/0x12c [ 41.643465][ T237] dump_stack+0x1c/0x28 [ 41.643470][ T237] f2fs_handle_critical_error+0x34c/0x4b8 [ 41.643479][ T237] f2fs_stop_checkpoint+0x5c/0x70 [ 41.643485][ T237] f2fs_write_end_io+0x770/0xa78 [ 41.643490][ T237] bio_endio+0x8d4/0x910 [ 41.643497][ T237] submit_bio_noacct+0xd44/0x186c [ 41.643502][ T237] submit_bio+0x3b4/0x550 [ 41.643507][ T237] f2fs_submit_write_bio+0x124/0x324 [ 41.643514][ T237] __submit_merged_bio+0x224/0x6d4 [ 41.643519][ T237] __submit_merged_write_cond+0x250/0x4ac [ 41.643526][ T237] f2fs_write_data_pages+0x1dd4/0x2878 [ 41.643530][ T237] do_writepages+0x270/0x468 [ 41.643537][ T237] __writeback_single_inode+0x144/0x16b8 [ 41.643549][ T237] writeback_sb_inodes+0x73c/0x16b4 [ 41.643555][ T237] wb_writeback+0x3b4/0xd70 [ 41.643561][ T237] wb_workfn+0x320/0xdc0 [ 41.643567][ T237] process_one_work+0x7c0/0x1558 [ 41.643574][ T237] worker_thread+0x958/0xed8 [ 41.643580][ T237] kthread+0x5fc/0x75c [ 41.643585][ T237] ret_from_fork+0x10/0x20 [ 41.643834][ T237] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 41.710265][ T7269] vivid-000: disconnect [ 41.744131][ T7268] vivid-000: reconnect [ 41.952612][ T7280] set_capacity_and_notify: 20 callbacks suppressed [ 41.958899][ T7280] loop0: detected capacity change from 0 to 32768 [ 41.998963][ T7280] JBD2: Ignoring recovery information on journal [ 42.002651][ T7281] loop2: detected capacity change from 0 to 32768 [ 42.002939][ T7280] jbd2_journal_bmap: journal block not found at offset 32 on loop0-75 [ 42.003655][ T7280] JBD2: bad block at offset 32 [ 42.008536][ T7280] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 42.014673][ T7280] OCFS2: ERROR (device loop0): int ocfs2_claim_suballoc_bits(struct ocfs2_alloc_context *, handle_t *, u32, u32, struct ocfs2_suballoc_result *): Chain allocator dinode 71 has 16777215 used bits but only 1024 total [ 42.018209][ T7280] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 42.019684][ T7280] OCFS2: File system is now read-only. [ 42.020680][ T7280] (syz.0.159,7280,0):ocfs2_claim_suballoc_bits:2074 ERROR: status = -30 [ 42.021973][ T7280] (syz.0.159,7280,0):__ocfs2_claim_clusters:2449 ERROR: status = -30 [ 42.023170][ T7280] (syz.0.159,7280,0):__ocfs2_claim_clusters:2457 ERROR: status = -30 [ 42.024440][ T7280] (syz.0.159,7280,0):ocfs2_block_group_alloc_contig:438 ERROR: status = -30 [ 42.025745][ T7280] (syz.0.159,7280,0):ocfs2_block_group_alloc:712 ERROR: status = -30 [ 42.027031][ T7280] (syz.0.159,7280,0):ocfs2_block_group_alloc:765 ERROR: status = -30 [ 42.033599][ T7280] (syz.0.159,7280,0):ocfs2_reserve_suballoc_bits:840 ERROR: status = -30 [ 42.035073][ T7280] (syz.0.159,7280,0):ocfs2_reserve_suballoc_bits:857 ERROR: status = -30 [ 42.036361][ T7280] (syz.0.159,7280,0):ocfs2_reserve_new_metadata_blocks:997 ERROR: status = -30 [ 42.038096][ T7280] (syz.0.159,7280,0):ocfs2_reserve_new_metadata_blocks:1020 ERROR: status = -30 [ 42.040009][ T7280] (syz.0.159,7280,0):ocfs2_mknod:354 ERROR: status = -30 [ 42.041240][ T7280] (syz.0.159,7280,0):ocfs2_mknod:506 ERROR: status = -30 [ 42.042430][ T7280] (syz.0.159,7280,0):ocfs2_create:679 ERROR: status = -30 [ 42.060636][ T7281] debugfs: 'B1DE653C5FFC4D88B33B244AAB9EB3E9' already exists in 'ocfs2' [ 42.061044][ T7281] OCFS2: ERROR (device loop2): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode 73: bits per cluster 32 [ 42.061055][ T7281] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 42.061060][ T7281] OCFS2: File system is now read-only. [ 42.061064][ T7281] (syz.2.161,7281,1):ocfs2_read_locked_inode:599 ERROR: status = -30 [ 42.061108][ T7281] (syz.2.161,7281,1):_ocfs2_get_system_file_inode:144 ERROR: status = -30 [ 42.061667][ T7281] (syz.2.161,7281,1):ocfs2_init_local_system_inodes:496 ERROR: status=-30, sysfile=8, slot=0 [ 42.061676][ T7281] (syz.2.161,7281,1):ocfs2_init_local_system_inodes:505 ERROR: status = -30 [ 42.061683][ T7281] (syz.2.161,7281,1):ocfs2_mount_volume:1758 ERROR: status = -30 [ 42.063605][ T7281] (syz.2.161,7281,1):ocfs2_fill_super:1177 ERROR: status = -30 [ 42.064112][ T6578] ocfs2: Unmounting device (7,0) on (node local) [ 42.469119][ T7308] loop2: detected capacity change from 0 to 40427 [ 42.474505][ T7308] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 42.475885][ T7308] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 42.482006][ T7313] loop1: detected capacity change from 0 to 32768 [ 42.490091][ T7308] F2FS-fs (loop2): invalid crc value [ 42.500979][ T7313] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 42.525350][ T7313] XFS (loop1): Ending clean mount [ 42.531134][ T7308] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 42.536195][ T7308] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 42.539512][ T7308] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 42.578203][ T6574] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 42.661518][ T7348] netlink: 12 bytes leftover after parsing attributes in process `syz.1.185'. [ 42.679608][ T7350] random: crng reseeded on system resumption [ 43.023574][ T26] IPVS: starting estimator thread 0... [ 43.112547][ T7368] IPVS: using max 67 ests per chain, 160800 per kthread [ 43.377251][ T7381] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.468136][ T7381] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.559848][ T7381] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.766457][ T7381] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.943927][ T7404] geneve2: entered promiscuous mode [ 43.943978][ T7404] geneve2: entered allmulticast mode [ 45.208369][ T3492] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.229787][ T7381] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.539428][ T7415] PKCS7: Unknown OID: [4] 2.19.50.2018883.1651(bad) [ 45.539445][ T7415] PKCS7: Only support pkcs7_signedData type [ 45.567819][ T7424] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 45.949065][ T7432] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 45.952036][ T7432] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 48.544214][ T7477] netlink: 16318 bytes leftover after parsing attributes in process `syz.1.228'. [ 48.751630][ T7483] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 48.751810][ T7483] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 49.175103][ T7490] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 49.175123][ T7490] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 49.231277][ T7490] vhci_hcd vhci_hcd.0: Device attached [ 49.447635][ T6703] usb 7-1: SetAddress Request (2) to port 0 [ 49.447821][ T6703] usb 7-1: new SuperSpeed USB device number 2 using vhci_hcd [ 49.803410][ T7500] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 49.805608][ T7500] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 49.813049][ T31] audit: type=1326 audit(305.797:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7498 comm="syz.1.235" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb215b9e8 code=0x0 [ 49.822065][ T7500] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 49.823604][ T7500] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 49.915811][ T7504] overlayfs: missing 'lowerdir' [ 49.965929][ T7491] vhci_hcd: connection reset by peer [ 49.968798][ T42] vhci_hcd vhci_hcd.2: stop threads [ 49.970223][ T42] vhci_hcd vhci_hcd.2: release socket [ 49.971979][ T42] vhci_hcd vhci_hcd.2: disconnect device [ 49.995159][ T7495] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 49.999431][ T7495] block device autoloading is deprecated and will be removed. [ 50.516276][ T7514] netlink: 4 bytes leftover after parsing attributes in process `syz.4.241'. [ 52.136084][ T7549] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.193283][ T7549] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.276459][ T7549] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.285428][ T7555] openvswitch: netlink: Flow actions attr not present in new flow. [ 52.354412][ T7560] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 52.355772][ T7558] l2tp_ppp: sess 2/0: no socket in recv [ 52.377427][ T7560] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 52.405825][ T7549] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.467885][ T7564] mmap: syz.0.259 (7564) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 52.500969][ T6047] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.501014][ T6047] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.504238][ T6047] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.506778][ T6047] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.579852][ T7568] Bluetooth: MGMT ver 1.23 [ 52.876482][ T7580] IPVS: ip_vs_add_dest(): server weight less than zero [ 52.932176][ T7585] netlink: 9 bytes leftover after parsing attributes in process `syz.3.268'. [ 52.960718][ T7585] netlink: 9 bytes leftover after parsing attributes in process `syz.3.268'. [ 52.974464][ T7578] : renamed from bond_slave_0 (while UP) [ 53.149039][ T7592] lo speed is unknown, defaulting to 1000 [ 53.149097][ T7592] lo speed is unknown, defaulting to 1000 [ 53.149643][ T7592] lo speed is unknown, defaulting to 1000 [ 53.150680][ T7592] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 53.161196][ T7592] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 53.246855][ T7592] lo speed is unknown, defaulting to 1000 [ 53.247312][ T7592] lo speed is unknown, defaulting to 1000 [ 53.257239][ T7592] lo speed is unknown, defaulting to 1000 [ 53.269077][ T7592] lo speed is unknown, defaulting to 1000 [ 53.269446][ T7592] lo speed is unknown, defaulting to 1000 [ 53.271793][ T7592] lo speed is unknown, defaulting to 1000 [ 53.356141][ T7592] process 'syz.1.270' launched './file0' with NULL argv: empty string added [ 53.592334][ T7629] netlink: 28 bytes leftover after parsing attributes in process `syz.0.282'. [ 53.868443][ T60] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 54.027755][ T60] usb 1-1: Using ep0 maxpacket: 8 [ 54.045899][ T60] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 54.045938][ T60] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 54.046760][ T60] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 54.046783][ T60] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 54.046813][ T60] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 54.046826][ T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.360023][ T60] usb 1-1: GET_CAPABILITIES returned 0 [ 54.360074][ T60] usbtmc 1-1:16.0: can't read capabilities [ 54.484586][ T6703] usb 7-1: device descriptor read/8, error -110 [ 54.620761][ T26] usb 1-1: USB disconnect, device number 2 [ 54.815739][ T31] audit: type=1326 audit(309.789:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7650 comm="syz.1.289" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb215b9e8 code=0x7ffc0000 [ 54.821040][ T31] audit: type=1326 audit(309.789:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7650 comm="syz.1.289" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb215b9e8 code=0x7ffc0000 [ 54.826237][ T31] audit: type=1326 audit(309.789:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7650 comm="syz.1.289" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=40 compat=0 ip=0xffffb215b9e8 code=0x7ffc0000 [ 54.830398][ T31] audit: type=1326 audit(309.789:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7650 comm="syz.1.289" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb215b9e8 code=0x7ffc0000 [ 54.834592][ T31] audit: type=1326 audit(309.789:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7650 comm="syz.1.289" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb215b9e8 code=0x7ffc0000 [ 54.838719][ T31] audit: type=1326 audit(309.799:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7650 comm="syz.1.289" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffffb215a0d0 code=0x7ffc0000 [ 54.842648][ T31] audit: type=1326 audit(309.799:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7650 comm="syz.1.289" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb215b9e8 code=0x7ffc0000 [ 54.846836][ T31] audit: type=1326 audit(309.799:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7650 comm="syz.1.289" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb215b9e8 code=0x7ffc0000 [ 54.851434][ T31] audit: type=1326 audit(309.799:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7650 comm="syz.1.289" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffffb215b9e8 code=0x7ffc0000 [ 54.888989][ T6703] usb usb7-port1: attempt power cycle [ 54.999440][ T31] audit: type=1326 audit(309.989:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7650 comm="syz.1.289" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb215b9e8 code=0x7ffc0000 [ 55.011077][ T31] audit: type=1326 audit(309.989:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7650 comm="syz.1.289" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb215b9e8 code=0x7ffc0000 [ 55.355946][ T7681] netlink: 168 bytes leftover after parsing attributes in process `syz.2.300'. [ 55.463009][ T7662] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 55.487788][ T6703] usb usb7-port1: unable to enumerate USB device [ 56.064778][ T7735] syz_tun: entered allmulticast mode [ 56.135895][ T7739] qnx6: unable to read the first superblock [ 56.234303][ T7743] netlink: 'syz.0.322': attribute type 3 has an invalid length. [ 56.235892][ T7743] netlink: 28 bytes leftover after parsing attributes in process `syz.0.322'. [ 57.295520][ T7781] bridge1: entered promiscuous mode [ 57.296595][ T7781] bridge1: entered allmulticast mode [ 57.443293][ T7793] input: syz0 as /devices/virtual/input/input2 [ 58.409084][ T7811] netlink: 'syz.1.350': attribute type 3 has an invalid length. [ 58.428612][ T7814] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 58.662662][ T7814] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 60.093311][ T7876] bridge1: entered promiscuous mode [ 60.149103][ T7881] mac80211_hwsim hwsim11 syzkaller0: entered promiscuous mode [ 60.149180][ T7881] mac80211_hwsim hwsim11 syzkaller0: entered allmulticast mode [ 60.150163][ T7881] netlink: 'syz.4.358': attribute type 10 has an invalid length. [ 60.260096][ T7881] ================================================================== [ 60.260113][ T7881] BUG: KASAN: slab-out-of-bounds in ieee80211_add_virtual_monitor+0xa24/0xe1c [ 60.260130][ T7881] Read of size 1 at addr ffff0000c66d3d90 by task syz.4.358/7881 [ 60.260137][ T7881] [ 60.260143][ T7881] CPU: 1 UID: 0 PID: 7881 Comm: syz.4.358 Tainted: G L syzkaller #0 PREEMPT [ 60.260152][ T7881] Tainted: [L]=SOFTLOCKUP [ 60.260154][ T7881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 60.260159][ T7881] Call trace: [ 60.260161][ T7881] show_stack+0x2c/0x3c (C) [ 60.260172][ T7881] __dump_stack+0x30/0x40 [ 60.260180][ T7881] dump_stack_lvl+0xd8/0x12c [ 60.260186][ T7881] print_address_description+0xa8/0x238 [ 60.260193][ T7881] print_report+0x68/0x84 [ 60.260199][ T7881] kasan_report+0xb0/0x110 [ 60.260206][ T7881] __asan_report_load1_noabort+0x20/0x2c [ 60.260213][ T7881] ieee80211_add_virtual_monitor+0xa24/0xe1c [ 60.260220][ T7881] ieee80211_do_stop+0x13a4/0x1a84 [ 60.260226][ T7881] ieee80211_stop+0x1ac/0x220 [ 60.260232][ T7881] __dev_close_many+0x3a8/0x704 [ 60.260242][ T7881] __dev_change_flags+0x3d0/0x54c [ 60.260250][ T7881] netif_change_flags+0x80/0x15c [ 60.260257][ T7881] do_setlink+0xa58/0x3658 [ 60.260266][ T7881] rtnl_newlink+0x1104/0x15e8 [ 60.260275][ T7881] rtnetlink_rcv_msg+0x664/0x97c [ 60.260283][ T7881] netlink_rcv_skb+0x220/0x3fc [ 60.260292][ T7881] rtnetlink_rcv+0x28/0x38 [ 60.260301][ T7881] netlink_unicast+0x694/0x8c4 [ 60.260309][ T7881] netlink_sendmsg+0x648/0x930 [ 60.260317][ T7881] ____sys_sendmsg+0x490/0x7c4 [ 60.260324][ T7881] ___sys_sendmsg+0x204/0x278 [ 60.260330][ T7881] __arm64_sys_sendmsg+0x184/0x238 [ 60.260336][ T7881] invoke_syscall+0x98/0x254 [ 60.260343][ T7881] el0_svc_common+0xe8/0x23c [ 60.260350][ T7881] do_el0_svc+0x48/0x58 [ 60.260357][ T7881] el0_svc+0x5c/0x26c [ 60.260365][ T7881] el0t_64_sync_handler+0x84/0x12c [ 60.260372][ T7881] el0t_64_sync+0x198/0x19c [ 60.260379][ T7881] [ 60.260381][ T7881] The buggy address belongs to the physical page: [ 60.260385][ T7881] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff0000c66d3a80 pfn:0x1066d0 [ 60.260391][ T7881] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 60.260395][ T7881] memcg:ffff0000d930b302 [ 60.260398][ T7881] flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff) [ 60.260405][ T7881] page_type: f8(unknown) [ 60.260410][ T7881] raw: 05ffc00000000040 0000000000000000 dead000000000122 0000000000000000 [ 60.260416][ T7881] raw: ffff0000c66d3a80 0000000000000000 00000000f8000000 ffff0000d930b302 [ 60.260421][ T7881] head: 05ffc00000000040 0000000000000000 dead000000000122 0000000000000000 [ 60.260426][ T7881] head: ffff0000c66d3a80 0000000000000000 00000000f8000000 ffff0000d930b302 [ 60.260431][ T7881] head: 05ffc00000000002 fffffdffc319b401 00000000ffffffff 00000000ffffffff [ 60.260436][ T7881] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 60.260440][ T7881] page dumped because: kasan: bad access detected [ 60.260442][ T7881] [ 60.260444][ T7881] Memory state around the buggy address: [ 60.260447][ T7881] ffff0000c66d3c80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 60.260451][ T7881] ffff0000c66d3d00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 60.260455][ T7881] >ffff0000c66d3d80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 60.260458][ T7881] ^ [ 60.260461][ T7881] ffff0000c66d3e00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 60.260465][ T7881] ffff0000c66d3e80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 60.260468][ T7881] ================================================================== [ 60.270824][ T7881] Disabling lock debugging due to kernel taint [ 60.325100][ T7881] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 60.377703][ T6684] usb 1-1: new low-speed USB device number 3 using dummy_hcd [ 60.407361][ T7896] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 60.407381][ T7896] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 60.410085][ T7896] vhci_hcd vhci_hcd.0: Device attached [ 60.529373][ T6684] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 60.531136][ T6684] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 60.532548][ T6684] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 256, setting to 8 [ 60.534196][ T6684] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 60.535671][ T6684] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.539889][ T7876] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 60.541770][ T6684] hub 1-1:1.0: bad descriptor, ignoring hub [ 60.543916][ T6684] hub 1-1:1.0: probe with driver hub failed with error -5 [ 60.545371][ T6684] cdc_wdm 1-1:1.0: skipping garbage [ 60.545380][ T6684] cdc_wdm 1-1:1.0: skipping garbage [ 60.547782][ T6684] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 60.548782][ T6684] cdc_wdm 1-1:1.0: Unknown control protocol [ 60.697624][ T26] usb 5-1: SetAddress Request (2) to port 0 [ 60.697925][ T26] usb 5-1: new SuperSpeed USB device number 2 using vhci_hcd [ 61.127935][ T7898] vhci_hcd: connection reset by peer [ 61.128133][ T2265] vhci_hcd vhci_hcd.1: stop threads [ 61.128151][ T2265] vhci_hcd vhci_hcd.1: release socket [ 61.128204][ T2265] vhci_hcd vhci_hcd.1: disconnect device [ 61.668503][ T7876] cdc_wdm 1-1:1.0: Error autopm - -16 [ 61.668641][ T6686] usb 1-1: USB disconnect, device number 3 [ 64.478687][ T2467] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.478728][ T2467] ieee802154 phy1 wpan1: encryption failed: -22 [ 65.757609][ T26] usb 5-1: device descriptor read/8, error -110 [ 66.168851][ T26] usb usb5-port1: attempt power cycle [ 66.738825][ T26] usb usb5-port1: unable to enumerate USB device [ 69.611747][ T24] cfg80211: failed to load regulatory.db