last executing test programs: 12.871365714s ago: executing program 2 (id=269): r0 = syz_genetlink_get_family_id$gtp(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$GTP_CMD_DELPDP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, r0, 0x1, 0x50bd28, 0xe, {}, [@GTPA_VERSION={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x44800}, 0x24004000) 12.745131465s ago: executing program 2 (id=270): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000007c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x5c, r1, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x40}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0x1c, 0xa9, @random="c3dc9cb3c5d9d648046b446f6b47cf56cd53ea75c6a6ad00"}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x84}, 0x40080) 12.535040188s ago: executing program 2 (id=272): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) vmsplice(r0, &(0x7f0000000140), 0x1000000000000354, 0x9) 12.38873382s ago: executing program 2 (id=274): symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00') mount$9p_unix(&(0x7f00000000c0)='./file0/file0/..\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x12d7498, 0x0) umount2(&(0x7f0000000340)='./file0\x00', 0x1) 12.288365291s ago: executing program 2 (id=275): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x4, 0x8, 0xb}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000002000085000000b000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 11.913126185s ago: executing program 2 (id=276): mlock(&(0x7f00007fe000/0x800000)=nil, 0x800000) mprotect(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0) mbind(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x8, 0x2) 11.385550681s ago: executing program 32 (id=276): mlock(&(0x7f00007fe000/0x800000)=nil, 0x800000) mprotect(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0) mbind(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x8, 0x2) 3.680582618s ago: executing program 1 (id=325): syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, &(0x7f0000000500)=ANY=[], 0xc, 0xac, &(0x7f0000000100)="$eJzs0jFqwzAUBuBnY7cdu3foDXwHn6BnMB3tzZNLJ9+nlyh07RFygwxZsygYyUP2QAh8H0hPP/8ikP7PP2+xRryvESmlJu2aSPPyNQ7TvLTjMEVEG3+RVWU+Bw+uLs/ZR/4DWz72uatKfzh9f+4rNx+/eT7d7+IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEPV63Wuo+vK8WXbLgEAAP//2Bwh+A==") r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'ip6gre0\x00', &(0x7f0000000000)=@ethtool_gfeatures}) 2.907095827s ago: executing program 1 (id=330): syz_io_uring_setup(0x10278e, &(0x7f0000000000)={0x0, 0x23d2, 0x10, 0x3, 0x210004}, 0x0, 0x0, &(0x7f0000000000)) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x28, 0x1406, 0x1, 0x70bd2b, 0x25dfdbfe}, 0x28}}, 0x20040080) 2.63761645s ago: executing program 1 (id=333): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x1298c2, 0x0) pread64(r0, 0x0, 0x0, 0x100000000000000a) 2.552949271s ago: executing program 3 (id=334): ioctl$SNDRV_PCM_IOCTL_TTSTAMP(0xffffffffffffffff, 0x40044103, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="180800000000000000000000000000008500000023000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000070000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2.357032263s ago: executing program 1 (id=336): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000002280)={0x3, &(0x7f0000000180)=[{0x20, 0x2, 0x81, 0xfffff034}, {0x48}, {0x6, 0xba, 0x2, 0xffff}]}, 0x10) syz_emit_ethernet(0xab, &(0x7f00000003c0)=ANY=[], 0x0) 2.301333204s ago: executing program 3 (id=337): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0xb0, r1, 0xacf5e67dd0b583a1, 0x0, 0x0, {{0x5}, {@val={0x8}, @val={0xc}}}, [@beacon=[@NL80211_ATTR_IE_ASSOC_RESP={0x86, 0x80, [@fast_bss_trans={0x37, 0x52, {0x0, 0x0, "a2f0b889637c033f02ea82730d520b7c", "c2be15535ab7fea1330d7852d0f1517a00b6edc7bdef6b52598be755a7254e8d", "45c6d9a2e095fb5011856d3acefe9f1fcab00ab0de223c8a9c12140822b64532"}}, @dsss={0x3, 0x1, 0x5}, @supported_rates={0x1, 0x2, [{0xc, 0x1}, {0xc, 0x1}]}, @gcr_ga={0xbd, 0x6}, @link_id={0x65, 0x12, {@random='N4@4ED', @device_b, @broadcast}}, @mesh_id={0x72, 0xfffffd7e}, @sec_chan_ofs={0x3e, 0x1}]}]]}, 0xb0}}, 0x0) 2.104797226s ago: executing program 1 (id=338): r0 = mq_open(&(0x7f0000000080)='$@\x00', 0x40, 0xb4, 0x0) fcntl$setlease(r0, 0x400, 0x0) fchmod(r0, 0x9) 2.090093776s ago: executing program 3 (id=339): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000a40)=@ipv6_getaddr={0x18, 0x16, 0x1, 0x70bd2d, 0xffff7ffd, {0xa, 0x1, 0x0, 0xfd}}, 0x18}, 0x1, 0x0, 0x0, 0x40}, 0x0) 2.083714596s ago: executing program 0 (id=340): r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_GET_WPAN_PHY(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="6d932cbd7000fadbdf250100000008000300", @ANYBLOB="080001"], 0x50}, 0x1, 0x0, 0x0, 0x815}, 0x0) 1.889939548s ago: executing program 3 (id=341): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x0, 0x76d, &(0x7f0000000d40)="$eJzs3MtrXGUbAPDnnGaaXvJ9kw8+8LIQoYUWSk+SZtMupHHjrlAouK0hmYSQk0zITNrOWLB1LdRmoyCIuHYpLgSh1D/AnRYU3AuiNS7EzciZXGrTmXRqmo6kvx+cmfc9t+d5Zg5v5kDeE8Bz69XiJYkYioiLEVHeWJ9GxMF261DEjfX91u5fnyqWJFqtS78kxWGx1ipvnSvZeD8a7UPixYi4W4o49e6jcWuN5vxknh/a7I/UF5ZGao3m6bmFydnKbGVxbPzc6Nnx8bOj44+t4YUeaz3+5rnDt795Y3X128/rt14ZOJ3ERLvu2Kitx9M8kfXPpBQT29Yv7kWwPkr6nQAAAD0pfucfiIiB9q/UchxotwAAAID9pDXYAgAAAPa9JPqdAQAAALC3Nv8PYHNu717Ng+3m59cjYrhT/IH2HOKIQ1GKiCNryUMzE5L1w2BXbtyMiDsT26+/T4sr7MYuzz26rf/wHOmDuzw7T8OdYvyZ6DT+pFvjT3QYfwY2n52wS93HvwfxD3QZ/y72GOOrj18qdY1/M+LlgU7xk634SZf4b/UY/9bqe7e7bEqLlxMd//4kD8Xa4fkQEzNzecfHD3x34st2inf/PHlvp/qPdIuf7Fz/Uo/1v73223y3saSIf/LYzt9/p/jFNfH+Rh7Fh3h7473or26LcWzh+693qn86otXx+/9bwE71f9Jj/T9+Nnitx10BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgLY2IoUjSbKudplkWcTQi/h9H0rxaq5+aqa4sThfbIoajlM7M5ZXRiCiv95OiP9ZuP+if2dYfj4j//XB4PehcXsmmqvl0v4sHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgy9GIGIokzSIijYjfy2maZREDPRw7+AzyAwAAAJ6S4X4nAAAAAOw59/8AAACw/+14/1/uvinZg1wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAfevihQvF0lq7f32q6E9faazMV6+cnq7U5rOFlalsqrq8lM1Wq7N5JZuqLjzufHm1ujR2LlaujdQrtfpIrdG8vFBdWaxfnluYnK1crpSeSVUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8qaH2kqRZRKTtdppmWcR/ImI4SsnMXF4ZjYj/RsS9cmmw6I/1O2kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeulqjOT+Z55VljauvRTyyqflF/xPT2H+Nd6LDxfavavR7ZAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoB9qjeb8ZJ5Xlmv9zgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID+Sn9KIqJYTpSPD23fejD5o9x+j4irH1364Npkvb48Vqz/dWt9/cON9Wf6kT8AAAA8F84/yc6b9+mb9/EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC9qjWa85N5XlneXeN8NJqtpMs+/a4RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Z/4KAAD///HYxi8=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x2) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000a80)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.850096129s ago: executing program 0 (id=342): r0 = socket$kcm(0x29, 0x2, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000200)=0xda, 0x4) setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000000)=0x48b, 0x4) 1.77953108s ago: executing program 1 (id=343): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001) r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) 1.627874401s ago: executing program 0 (id=344): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)=0xffff0018) ioctl$SOUND_PCM_READ_CHANNELS(r0, 0x80045006, 0x0) 1.448511724s ago: executing program 3 (id=345): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x10092, &(0x7f0000000080)={[{@nodioread_nolock}]}, 0xff, 0x249, &(0x7f0000000880)="$eJzs3T9oM2UcB/DvXRJr3jfIqy6C+AdERAvldRNcXifhBSlFRFChIuKitEJtcWudXBx0VunkUsTN6ihdiosiOFXtUBdBi4PFQYdIcqnUNuKf1Jz0Ph+43F1yz/2e4+77JBkuCdBYV5JcS9JKMpukk6Q4ucHd1XRltLrZ3V1M+v3HfyyG21XrleN2l5NsJHkoyU5Z5MV2srb99MHPe4/e98Zq5973tp/qTvUgRw4P9h87enf+9Q+vP7j2+Zffzxe5lt4fjuv8FWOeaxfJLf9Fsf+Jol13D/g7Fl794KtB7m9Ncs8w/52UqU7emys37HTywDt/1vatH764fZp9Bc5fv98ZvAdu9IHGKZP0UpRzSarlspybqz7Df926VL60vPLK7AvLq0vP1z1SAedl+L3345mPLp/K/3etKv/AxdVL9p9Y2PpmsHzUqrs3wFTcUc0G+Z99dv3+yD80jvxDc8k/NJf8Q3PJPzTSTOQfGk3+obnkH5pL/qG55B+a62T+AYBm6c+cuSW4GP4sAHDh1T3+AAAAAAAAAAAAAAAAAAAAZ212dxePp2nV/PTt5PCRJO1x9VvD/yNObhw+XvqpGGz2u6JqNpFn7ppwBxN6v+a7r2/6tqbC3Wr22Z011R9ZX0o2Xktytd0+e/0Vo+vv37v5L17vPDdhgX+oOLX+8JPTrX/ar1v11r++l3wyGH+ujht/ytw2nI8ff3qD8zdh/Zd/mXAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATM1vAQAA//8mi2g4") r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, 0x0) 1.347745474s ago: executing program 0 (id=346): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x23) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e24, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x6}, 0x1c) 895.00727ms ago: executing program 3 (id=347): r0 = syz_usb_connect$hid(0x5, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="12011001000000406104724e00000000000109022d0001000000830904000001030001000921fcff0001220b0009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000001c0)={0x2c, &(0x7f0000000800)=ANY=[@ANYBLOB="2001110000001100fe4f"], 0x0, 0x0, 0x0, 0x0}, 0x0) 352.044956ms ago: executing program 0 (id=348): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000440)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f00000000c0)="4b0003000000", 0x6) 0s ago: executing program 0 (id=349): capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180)) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000100)={'veth1_to_bridge\x00'}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.173' (ED25519) to the list of known hosts. [ 75.975959][ T5754] cgroup: Unknown subsys name 'net' [ 76.087352][ T5754] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 77.762150][ T5754] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 79.913356][ T5783] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.913356][ T5785] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.917921][ T5785] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 79.937285][ T5785] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.938973][ T5783] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.952683][ T5787] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 79.977691][ T5788] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.993272][ T5786] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.002232][ T5788] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.010953][ T5788] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 80.018093][ T5786] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.026342][ T5788] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.033638][ T5786] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.034750][ T5785] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.042129][ T5786] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.057230][ T5788] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.066066][ T5788] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.073937][ T5783] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 80.074521][ T5788] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 80.088479][ T5788] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.095864][ T5788] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.105028][ T5788] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.113874][ T5788] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 80.133169][ T5788] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.644705][ T5774] chnl_net:caif_netlink_parms(): no params data found [ 80.729697][ T5776] chnl_net:caif_netlink_parms(): no params data found [ 80.752380][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 80.816685][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 80.889582][ T5774] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.897209][ T5774] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.904792][ T5774] bridge_slave_0: entered allmulticast mode [ 80.912584][ T5774] bridge_slave_0: entered promiscuous mode [ 80.955635][ T5774] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.965082][ T5774] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.973357][ T5774] bridge_slave_1: entered allmulticast mode [ 80.982616][ T5774] bridge_slave_1: entered promiscuous mode [ 81.020706][ T5776] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.028132][ T5776] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.035344][ T5776] bridge_slave_0: entered allmulticast mode [ 81.043376][ T5776] bridge_slave_0: entered promiscuous mode [ 81.082984][ T5776] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.090574][ T5776] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.098030][ T5776] bridge_slave_1: entered allmulticast mode [ 81.105536][ T5776] bridge_slave_1: entered promiscuous mode [ 81.128526][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.135703][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.143463][ T5771] bridge_slave_0: entered allmulticast mode [ 81.151270][ T5771] bridge_slave_0: entered promiscuous mode [ 81.183898][ T5774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.198990][ T5774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.216302][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.223765][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.231352][ T5771] bridge_slave_1: entered allmulticast mode [ 81.238776][ T5771] bridge_slave_1: entered promiscuous mode [ 81.248734][ T5776] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.261386][ T5776] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.349821][ T5774] team0: Port device team_slave_0 added [ 81.356096][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.363898][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.371593][ T5772] bridge_slave_0: entered allmulticast mode [ 81.379815][ T5772] bridge_slave_0: entered promiscuous mode [ 81.399437][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.411646][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.423695][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.431150][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.438869][ T5772] bridge_slave_1: entered allmulticast mode [ 81.445902][ T5772] bridge_slave_1: entered promiscuous mode [ 81.455649][ T5774] team0: Port device team_slave_1 added [ 81.476349][ T5776] team0: Port device team_slave_0 added [ 81.497943][ T5776] team0: Port device team_slave_1 added [ 81.556839][ T5771] team0: Port device team_slave_0 added [ 81.568909][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.599945][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.606933][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.633357][ T5774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.647572][ T5771] team0: Port device team_slave_1 added [ 81.665705][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.685609][ T5776] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.692984][ T5776] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.719824][ T5776] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.732065][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.739321][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.765484][ T5774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.805718][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.812855][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.839232][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.851535][ T5776] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.858943][ T5776] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.885102][ T5776] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.928937][ T5772] team0: Port device team_slave_0 added [ 81.942173][ T5774] hsr_slave_0: entered promiscuous mode [ 81.948887][ T5774] hsr_slave_1: entered promiscuous mode [ 81.957400][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.964403][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.990926][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.014064][ T5772] team0: Port device team_slave_1 added [ 82.084490][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.094288][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.120751][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.133803][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.141467][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.168351][ T5788] Bluetooth: hci3: command tx timeout [ 82.168370][ T5779] Bluetooth: hci1: command tx timeout [ 82.174210][ T5788] Bluetooth: hci0: command tx timeout [ 82.185661][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.213822][ T5771] hsr_slave_0: entered promiscuous mode [ 82.220689][ T5771] hsr_slave_1: entered promiscuous mode [ 82.227641][ T5779] Bluetooth: hci2: command tx timeout [ 82.233705][ T5771] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.241742][ T5771] Cannot create hsr debugfs directory [ 82.253476][ T5776] hsr_slave_0: entered promiscuous mode [ 82.260963][ T5776] hsr_slave_1: entered promiscuous mode [ 82.268189][ T5776] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.276221][ T5776] Cannot create hsr debugfs directory [ 82.480257][ T5772] hsr_slave_0: entered promiscuous mode [ 82.486765][ T5772] hsr_slave_1: entered promiscuous mode [ 82.493625][ T5772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.501534][ T5772] Cannot create hsr debugfs directory [ 82.803855][ T5776] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.822002][ T5776] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.839797][ T5776] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.859307][ T5776] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.932384][ T5771] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 82.944170][ T5771] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 82.970159][ T5771] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 82.982216][ T5771] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 83.113131][ T5774] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 83.126865][ T5774] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 83.139148][ T5774] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 83.151325][ T5774] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 83.251625][ T5772] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 83.264650][ T5772] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 83.276353][ T5772] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 83.289359][ T5772] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 83.311591][ T5776] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.354880][ T5776] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.390868][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.398429][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.416540][ T3453] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.423752][ T3453] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.451707][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.512619][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.563906][ T5774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.589948][ T1129] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.597291][ T1129] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.624190][ T1129] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.631449][ T1129] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.672768][ T5776] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 83.683637][ T5776] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 83.718000][ T5774] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.773051][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.786298][ T1129] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.793603][ T1129] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.856130][ T3556] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.863386][ T3556] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.971174][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.026228][ T3453] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.033509][ T3453] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.136862][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.144165][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.234740][ T5779] Bluetooth: hci1: command tx timeout [ 84.235444][ T5783] Bluetooth: hci3: command tx timeout [ 84.247150][ T5788] Bluetooth: hci0: command tx timeout [ 84.306080][ T5772] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 84.316660][ T5788] Bluetooth: hci2: command tx timeout [ 84.333917][ T5772] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 84.415436][ T5776] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.457941][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.594004][ T5776] veth0_vlan: entered promiscuous mode [ 84.640028][ T5776] veth1_vlan: entered promiscuous mode [ 84.670255][ T5771] veth0_vlan: entered promiscuous mode [ 84.723018][ T5774] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.746198][ T5771] veth1_vlan: entered promiscuous mode [ 84.765707][ T5776] veth0_macvtap: entered promiscuous mode [ 84.806487][ T5776] veth1_macvtap: entered promiscuous mode [ 84.863394][ T5771] veth0_macvtap: entered promiscuous mode [ 84.889826][ T5776] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.903895][ T5771] veth1_macvtap: entered promiscuous mode [ 84.922490][ T5774] veth0_vlan: entered promiscuous mode [ 84.950215][ T5776] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.962110][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.973065][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.984732][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.996860][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.005241][ T5774] veth1_vlan: entered promiscuous mode [ 85.025095][ T5776] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.035919][ T5776] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.045614][ T5776] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.056932][ T5776] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.096318][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.107452][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.119816][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.162531][ T5771] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.171963][ T5771] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.182311][ T5771] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.192870][ T5771] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.291422][ T5774] veth0_macvtap: entered promiscuous mode [ 85.318367][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.326464][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.353815][ T5774] veth1_macvtap: entered promiscuous mode [ 85.442453][ T5772] veth0_vlan: entered promiscuous mode [ 85.459103][ T1137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.469219][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.481325][ T1137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.491129][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.506635][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.519486][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.531816][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.563262][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.574139][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.584375][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.596471][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.609376][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.619798][ T5772] veth1_vlan: entered promiscuous mode [ 85.651849][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.671076][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.725833][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.740240][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.749677][ T5774] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.749872][ T5774] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.749902][ T5774] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.749930][ T5774] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.926480][ T5772] veth0_macvtap: entered promiscuous mode [ 85.959940][ T5772] veth1_macvtap: entered promiscuous mode [ 86.046210][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.066611][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.078191][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.111568][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.131550][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.144490][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.157364][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.181826][ T5841] netlink: 'syz.0.5': attribute type 10 has an invalid length. [ 86.219200][ T3525] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.247275][ T3525] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.282564][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.317080][ T5788] Bluetooth: hci0: command tx timeout [ 86.317520][ T5783] Bluetooth: hci3: command tx timeout [ 86.322694][ T5779] Bluetooth: hci1: command tx timeout [ 86.357407][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.385766][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.402073][ T5783] Bluetooth: hci2: command tx timeout [ 86.412926][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.447182][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.458428][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.474351][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.534828][ T5772] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.545899][ T5772] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.561026][ T5772] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.570855][ T5772] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.594954][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.623142][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.695810][ T5851] syz.0.9[5851]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 86.721133][ T5851] loop0: detected capacity change from 0 to 64 [ 86.920983][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.957967][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.005624][ T5855] loop3: detected capacity change from 0 to 128 [ 87.033028][ T5855] ======================================================= [ 87.033028][ T5855] WARNING: The mand mount option has been deprecated and [ 87.033028][ T5855] and is ignored by this kernel. Remove the mand [ 87.033028][ T5855] option from the mount to silence this warning. [ 87.033028][ T5855] ======================================================= [ 87.112916][ T5855] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 87.133204][ T5857] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 87.166648][ T1137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.181425][ T1137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.196509][ T5855] hpfs: filesystem error: improperly stopped [ 87.225655][ T5855] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 87.236308][ T5855] hpfs: You really don't want any checks? You are crazy... [ 87.253837][ T5859] loop0: detected capacity change from 0 to 1024 [ 87.258903][ T5855] hpfs: hpfs_map_sector(): read error [ 87.279504][ T5859] EXT4-fs: Ignoring removed orlov option [ 87.316175][ T5855] hpfs: code page support is disabled [ 87.355062][ T5855] hpfs: hpfs_map_4sectors(): unaligned read [ 87.365823][ T5855] hpfs: hpfs_map_4sectors(): unaligned read [ 87.406260][ T5859] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.428425][ T5855] hpfs: filesystem error: unable to find root dir [ 87.608596][ T5867] loop1: detected capacity change from 0 to 64 [ 87.751129][ T5776] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.895713][ T5869] loop2: detected capacity change from 0 to 2048 [ 87.936488][ T5869] EXT4-fs: Ignoring removed i_version option [ 88.049369][ T5869] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.068363][ T5869] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 88.389084][ T5783] Bluetooth: hci0: command tx timeout [ 88.389121][ T5779] Bluetooth: hci3: command tx timeout [ 88.401216][ T5788] Bluetooth: hci1: command tx timeout [ 88.468023][ T5788] Bluetooth: hci2: command tx timeout [ 88.528930][ T5774] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.627969][ T5889] netlink: 44 bytes leftover after parsing attributes in process `syz.0.21'. [ 88.978559][ T5897] loop1: detected capacity change from 0 to 2048 [ 89.087805][ T5897] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 89.114038][ T5897] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.167128][ T5897] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.25: bg 0: block 345: padding at end of block bitmap is not set [ 89.193843][ T5897] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 89.406610][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.610845][ T5919] loop3: detected capacity change from 0 to 128 [ 89.653647][ T5924] loop0: detected capacity change from 0 to 64 [ 90.073499][ T5932] loop0: detected capacity change from 0 to 512 [ 90.114471][ T5932] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 90.185988][ T5936] binder: 5933:5936 ioctl 4018620d 0 returned -22 [ 90.197345][ T5936] binder: 5933:5936 ioctl c0306201 200000000300 returned -11 [ 90.264415][ T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 90.498409][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 90.522885][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 90.542991][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 90.583460][ T5947] netlink: 'syz.3.46': attribute type 2 has an invalid length. [ 90.598445][ T9] usb 3-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 90.627296][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.664855][ T9] usb 3-1: config 0 descriptor?? [ 90.882782][ T5951] loop3: detected capacity change from 0 to 4096 [ 91.205518][ T9] steelseries 0003:1038:1410.0001: not enough values in HID_OUTPUT_REPORT 0 field 0 [ 91.426082][ T9] usb 3-1: USB disconnect, device number 2 [ 91.567930][ T5961] hfsplus: bad catalog entry type [ 91.663024][ T59] hfsplus: b-tree write err: -5, ino 25 [ 91.674674][ T59] hfsplus: b-tree write err: -5, ino 4 [ 91.683080][ T59] hfsplus: b-tree write err: -5, ino 2 [ 91.789415][ T5953] set_capacity_and_notify: 1 callbacks suppressed [ 91.789432][ T5953] loop0: detected capacity change from 0 to 32768 [ 91.966339][ T5953] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 92.231677][ T787] cfg80211: failed to load regulatory.db [ 92.378526][ T5953] XFS (loop0): Ending clean mount [ 92.405426][ T5953] XFS (loop0): Quotacheck needed: Please wait. [ 92.515028][ T5953] XFS (loop0): Quotacheck: Done. [ 92.780461][ T5776] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 93.209042][ T6004] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 93.317916][ T6009] syz_tun: refused to change device tx_queue_len [ 93.336019][ T6009] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 93.434637][ T6011] loop2: detected capacity change from 0 to 1024 [ 93.520015][ T6011] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 93.533058][ T6011] ext4 filesystem being mounted at /12/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.559984][ T28] audit: type=1800 audit(1778295667.467:2): pid=6011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.72" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 93.644870][ T5774] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 93.664746][ T6018] netlink: 12 bytes leftover after parsing attributes in process `syz.1.74'. [ 93.926027][ T6023] loop2: detected capacity change from 0 to 4096 [ 93.944973][ T6028] loop1: detected capacity change from 0 to 2048 [ 93.992035][ T6023] ntfs: (device loop2): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 94.030775][ T6023] ntfs: (device loop2): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 94.054792][ T6023] ntfs: (device loop2): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 94.089429][ T6028] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.102868][ T6028] ext4 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 94.115610][ T6023] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 94.129142][ T6023] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 94.144894][ T6023] ntfs: volume version 3.1. [ 94.161498][ T6023] ntfs: (device loop2): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 94.174008][ T6023] ntfs: (device loop2): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 94.196116][ T6033] Zero length message leads to an empty skb [ 94.212407][ T6023] ntfs: (device loop2): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 94.245064][ T6023] ntfs: (device loop2): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 94.267840][ T6028] EXT4-fs (loop1): resizing filesystem from 256 to 0 blocks [ 94.275926][ T6028] EXT4-fs warning (device loop1): ext4_resize_fs:2048: can't shrink FS - resize aborted [ 94.414915][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.883754][ T6050] loop1: detected capacity change from 0 to 1024 [ 94.959120][ T6050] EXT4-fs: Ignoring removed bh option [ 95.025267][ T6050] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.141538][ T6050] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 95.313219][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.331167][ T6066] loop2: detected capacity change from 0 to 2048 [ 95.379533][ T6066] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 95.426402][ T6066] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 96.166769][ T6088] loop2: detected capacity change from 0 to 512 [ 96.255665][ T6088] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.259573][ T6065] loop0: detected capacity change from 0 to 32768 [ 96.357559][ T6088] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 96.427141][ T6065] XFS (loop0): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 96.464039][ T6098] netlink: 60 bytes leftover after parsing attributes in process `syz.1.107'. [ 96.649740][ T6065] XFS (loop0): Ending clean mount [ 96.694887][ T5774] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.718047][ T6108] netlink: 24 bytes leftover after parsing attributes in process `syz.1.110'. [ 96.753904][ T6108] vlan3: entered promiscuous mode [ 96.777679][ T6108] bridge0: entered promiscuous mode [ 96.942287][ T5776] XFS (loop0): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 97.121726][ T6114] loop1: detected capacity change from 0 to 128 [ 97.168719][ T6114] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 97.757312][ T5761] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 97.784250][ T6110] loop3: detected capacity change from 0 to 40427 [ 97.829127][ T6110] F2FS-fs (loop3): invalid crc value [ 97.897153][ T6110] F2FS-fs (loop3): Found nat_bits in checkpoint [ 97.954292][ T5761] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 97.981377][ T5761] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 98.024180][ T5761] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 98.065793][ T5761] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.081527][ T6135] loop2: detected capacity change from 0 to 1024 [ 98.119949][ T5761] usb 1-1: config 0 descriptor?? [ 98.145707][ T6110] F2FS-fs (loop3): Start checkpoint disabled! [ 98.223884][ T6110] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 98.760585][ T5761] hid-led: probe of 0003:27B8:01ED.0002 failed with error -71 [ 98.803539][ T5761] usb 1-1: USB disconnect, device number 2 [ 99.051818][ T6152] netlink: 436 bytes leftover after parsing attributes in process `syz.2.129'. [ 99.078858][ T6152] netlink: 16 bytes leftover after parsing attributes in process `syz.2.129'. [ 99.670464][ T6173] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 99.973621][ T6181] loop3: detected capacity change from 0 to 512 [ 99.991999][ T6181] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 99.992104][ T6181] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 100.088592][ T6181] EXT4-fs error (device loop3): ext4_validate_block_bitmap:430: comm syz.3.143: bg 0: block 104: invalid block bitmap [ 100.095482][ T6181] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 100.099939][ T6181] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.143: invalid indirect mapped block 1 (level 1) [ 100.102787][ T6181] EXT4-fs (loop3): 1 truncate cleaned up [ 100.104259][ T6181] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.265110][ T5771] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.302836][ T6189] loop2: detected capacity change from 0 to 64 [ 101.072250][ T6213] loop2: detected capacity change from 0 to 256 [ 101.098027][ T6213] exfat: Deprecated parameter 'utf8' [ 101.108172][ T6214] loop3: detected capacity change from 0 to 256 [ 101.114422][ T6213] exfat: Deprecated parameter 'namecase' [ 101.180638][ T6213] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36a12e94, utbl_chksum : 0xe619d30d) [ 101.268149][ T6214] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 101.355113][ T6218] loop0: detected capacity change from 0 to 4096 [ 101.405855][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 101.405870][ T28] audit: type=1800 audit(1778295675.307:3): pid=6214 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.159" name="file1" dev="loop3" ino=1048596 res=0 errno=0 [ 101.440027][ T6218] EXT4-fs: inline encryption not supported [ 101.450189][ T6214] exFAT-fs (loop3): error, invalid access to FAT free cluster (entry 0x00000008) [ 101.484798][ T6214] exFAT-fs (loop3): Filesystem has been set read-only [ 101.523453][ T6218] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=e042c018, mo2=0003] [ 101.537319][ T6214] exFAT-fs (loop3): error, failed to bmap (inode : ffff888076f607e0 iblock : 8, err : -5) [ 101.553051][ T6218] System zones: 0-5 [ 101.564905][ T6218] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.578383][ T6214] exFAT-fs (loop3): error, invalid access to FAT free cluster (entry 0x00000008) [ 101.578445][ T6214] exFAT-fs (loop3): error, invalid access to FAT free cluster (entry 0x00000008) [ 101.638260][ T6222] loop1: detected capacity change from 0 to 4096 [ 101.905703][ T6227] netlink: 52 bytes leftover after parsing attributes in process `syz.3.164'. [ 101.989419][ T5776] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.237766][ T6235] ptrace attach of "ci2-linux-6-6-kasan/syz-executor exec"[5774] was attempted by ""[6235] [ 102.909404][ T1188] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 103.101779][ T1188] usb 2-1: Using ep0 maxpacket: 16 [ 103.110071][ T1188] usb 2-1: config 0 has an invalid interface number: 8 but max is 0 [ 103.125312][ T1188] usb 2-1: config 0 has no interface number 0 [ 103.132187][ T1188] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 103.147248][ T1188] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 103.169310][ T1188] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 103.183150][ T1188] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 103.192223][ T1188] usb 2-1: Product: syz [ 103.197109][ T1188] usb 2-1: SerialNumber: syz [ 103.210367][ T1188] usb 2-1: config 0 descriptor?? [ 103.234620][ T1188] cm109 2-1:0.8: invalid payload size 0, expected 4 [ 103.251900][ T1188] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input5 [ 103.326519][ T6233] loop0: detected capacity change from 0 to 131072 [ 103.334198][ T6233] XFS: ikeep mount option is deprecated. [ 103.341287][ T27] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 103.372992][ T6233] XFS (loop0): Mounting V5 Filesystem b93a8937-ccd4-41a2-86c7-66a1570a2846 [ 103.450194][ T6233] XFS (loop0): Torn write (CRC failure) detected at log block 0x40. Truncating head block from 0xc0. [ 103.485384][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 103.489304][ T5834] usb 2-1: USB disconnect, device number 2 [ 103.493352][ C0] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 103.517348][ T5761] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 103.535834][ T5834] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 103.559930][ T27] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 103.590913][ T27] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 103.614481][ T6233] XFS (loop0): Corruption warning: Metadata has LSN (1:192) ahead of current LSN (1:64). Please unmount and run xfs_repair (>= v4.3) to resolve. [ 103.630908][ T6233] XFS (loop0): log mount/recovery failed: error -22 [ 103.647849][ T6233] XFS (loop0): log mount failed [ 103.668873][ T27] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 103.687166][ T27] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 103.695264][ T27] usb 4-1: Manufacturer: syz [ 103.720115][ T5761] usb 3-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 103.733919][ T27] usb 4-1: config 0 descriptor?? [ 103.742254][ T5761] usb 3-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 103.780803][ T5761] usb 3-1: config 0 interface 0 has no altsetting 0 [ 103.797271][ T5761] usb 3-1: New USB device found, idVendor=04f2, idProduct=1236, bcdDevice= 0.00 [ 103.806503][ T5761] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.871861][ T5761] usb 3-1: config 0 descriptor?? [ 103.940127][ T28] audit: type=1326 audit(1778295677.847:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6251 comm="syz.0.172" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0e359cdd9 code=0x7ffc0000 [ 104.011742][ T28] audit: type=1326 audit(1778295677.867:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6251 comm="syz.0.172" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fd0e359cdd9 code=0x7ffc0000 [ 104.044666][ T27] rc_core: IR keymap rc-hauppauge not found [ 104.057031][ T27] Registered IR keymap rc-empty [ 104.072805][ T28] audit: type=1326 audit(1778295677.867:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6251 comm="syz.0.172" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0e359cdd9 code=0x7ffc0000 [ 104.090991][ T27] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 104.138537][ T28] audit: type=1326 audit(1778295677.867:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6251 comm="syz.0.172" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0e359cdd9 code=0x7ffc0000 [ 104.165448][ T27] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input6 [ 104.193682][ T28] audit: type=1326 audit(1778295677.877:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6251 comm="syz.0.172" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fd0e359cdd9 code=0x7ffc0000 [ 104.256087][ T28] audit: type=1326 audit(1778295677.877:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6251 comm="syz.0.172" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fd0e359cdd9 code=0x7ffc0000 [ 104.348655][ T6255] rc rc0: two consecutive events of type space [ 104.362029][ T5761] hid (null): invalid report_count -710626699 [ 104.385178][ T5761] chicony 0003:04F2:1236.0003: unknown main item tag 0x4 [ 104.429204][ T5761] chicony 0003:04F2:1236.0003: ignoring exceeding usage max [ 104.451402][ T5761] chicony 0003:04F2:1236.0003: invalid report_count -710626699 [ 104.464716][ T5761] chicony 0003:04F2:1236.0003: item 0 4 1 9 parsing failed [ 104.489443][ T5761] chicony 0003:04F2:1236.0003: Chicony hid parse failed: -22 [ 104.498337][ T5761] chicony: probe of 0003:04F2:1236.0003 failed with error -22 [ 104.605392][ T5761] usb 4-1: USB disconnect, device number 2 [ 104.649769][ T5834] usb 3-1: USB disconnect, device number 3 [ 104.746307][ T6264] capability: warning: `syz.0.176' uses deprecated v2 capabilities in a way that may be insecure [ 104.837796][ T6266] loop1: detected capacity change from 0 to 512 [ 104.851547][ T6266] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 104.887570][ T6266] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002] [ 104.911686][ T6266] System zones: 1-12 [ 104.916557][ T6269] loop0: detected capacity change from 0 to 64 [ 104.937916][ T6266] EXT4-fs error (device loop1): ext4_iget_extra_inode:4739: inode #15: comm syz.1.177: corrupted in-inode xattr: e_value size too large [ 104.969284][ T6266] EXT4-fs error (device loop1): ext4_orphan_get:1409: comm syz.1.177: couldn't read orphan inode 15 (err -117) [ 104.992857][ T6269] syz.0.178: attempt to access beyond end of device [ 104.992857][ T6269] loop0: rw=2049, sector=268435468, nr_sectors = 2 limit=64 [ 105.008955][ T6269] Buffer I/O error on dev loop0, logical block 134217734, lost async page write [ 105.039937][ T6266] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.260342][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.515634][ T6279] loop0: detected capacity change from 0 to 512 [ 105.554466][ T6278] loop1: detected capacity change from 0 to 512 [ 105.566641][ T6279] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 105.589124][ T6278] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 105.630540][ T6279] EXT4-fs (loop0): warning: maximal mount count reached, running e2fsck is recommended [ 105.639638][ T6281] program syz.3.184 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 105.674360][ T6278] EXT4-fs (loop1): 1 truncate cleaned up [ 105.708819][ T6278] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.728739][ T6279] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.183: inode #15: comm syz.0.183: iget: illegal inode # [ 105.748104][ T6279] EXT4-fs (loop0): Remounting filesystem read-only [ 105.756093][ T6279] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.929512][ T5776] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.976714][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.022874][ T6290] loop0: detected capacity change from 0 to 32768 [ 107.296418][ T6300] loop3: detected capacity change from 0 to 40427 [ 107.338843][ T6300] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x7ffff [ 107.351702][ T6300] F2FS-fs (loop3): invalid crc value [ 107.376168][ T6300] F2FS-fs (loop3): Found nat_bits in checkpoint [ 107.436073][ T6307] loop2: detected capacity change from 0 to 32768 [ 107.541033][ T6300] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 107.706180][ T6300] F2FS-fs (loop3): access invalid blkaddr:2816 [ 107.727117][ T6300] CPU: 0 PID: 6300 Comm: syz.3.192 Not tainted syzkaller #0 [ 107.734491][ T6300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 107.744710][ T6300] Call Trace: [ 107.748060][ T6300] [ 107.751483][ T6300] dump_stack_lvl+0x18c/0x250 [ 107.756284][ T6300] ? show_regs_print_info+0x20/0x20 [ 107.761574][ T6300] ? f2fs_get_next_page_offset+0x690/0x690 [ 107.767430][ T6300] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 107.772940][ T6300] f2fs_map_blocks+0xde5/0x3e60 [ 107.777862][ T6300] ? __might_sleep+0xe0/0xe0 [ 107.782493][ T6300] ? f2fs_get_block_locked+0xe0/0xe0 [ 107.787822][ T6300] ? unwind_get_return_address+0x91/0xc0 [ 107.793509][ T6300] ? down_read_killable+0x340/0x340 [ 107.798747][ T6300] ? stack_trace_save+0xaa/0x100 [ 107.803728][ T6300] ? stack_trace_snprint+0xf0/0xf0 [ 107.808889][ T6300] f2fs_fiemap+0x93d/0x16d0 [ 107.813455][ T6300] ? f2fs_overwrite_io+0x200/0x200 [ 107.818619][ T6300] ? __might_fault+0xaa/0x120 [ 107.823346][ T6300] ? __might_fault+0xaa/0x120 [ 107.828074][ T6300] ? __might_fault+0xc6/0x120 [ 107.832789][ T6300] ? __might_fault+0xaa/0x120 [ 107.837524][ T6300] do_vfs_ioctl+0x1505/0x1cc0 [ 107.842278][ T6300] ? __ia32_compat_sys_ioctl+0x8a0/0x8a0 [ 107.847956][ T6300] ? tomoyo_path_number_perm+0x217/0x620 [ 107.853988][ T6300] ? __lock_acquire+0x7d40/0x7d40 [ 107.859050][ T6300] ? slab_free_freelist_hook+0x130/0x1a0 [ 107.864812][ T6300] ? tomoyo_path_number_perm+0x500/0x620 [ 107.870485][ T6300] ? __kmem_cache_free+0xba/0x1e0 [ 107.875555][ T6300] ? tomoyo_path_number_perm+0x5b4/0x620 [ 107.881232][ T6300] ? tomoyo_path_number_perm+0x217/0x620 [ 107.886904][ T6300] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 107.892436][ T6300] ? __fget_files+0x28/0x4b0 [ 107.897072][ T6300] ? __fget_files+0x28/0x4b0 [ 107.901707][ T6300] ? bpf_lsm_file_ioctl+0x9/0x10 [ 107.906685][ T6300] ? security_file_ioctl+0x80/0xa0 [ 107.911842][ T6300] __se_sys_ioctl+0x83/0x170 [ 107.916478][ T6300] do_syscall_64+0x55/0xa0 [ 107.920926][ T6300] ? clear_bhb_loop+0x40/0x90 [ 107.925681][ T6300] ? clear_bhb_loop+0x40/0x90 [ 107.930415][ T6300] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 107.936356][ T6300] RIP: 0033:0x7f260399cdd9 [ 107.940825][ T6300] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 107.960567][ T6300] RSP: 002b:00007f2604826028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 107.969105][ T6300] RAX: ffffffffffffffda RBX: 00007f2603c15fa0 RCX: 00007f260399cdd9 [ 107.977111][ T6300] RDX: 0000200000000040 RSI: 00000000c020660b RDI: 0000000000000004 [ 107.985122][ T6300] RBP: 00007f2603a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 107.993149][ T6300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 108.001169][ T6300] R13: 00007f2603c16038 R14: 00007f2603c15fa0 R15: 00007ffee50f7598 [ 108.009203][ T6300] [ 108.707182][ T5779] Bluetooth: hci3: command tx timeout [ 109.207066][ T6315] loop0: detected capacity change from 0 to 32768 [ 109.243462][ T6315] [ 109.243462][ T6315] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.243462][ T6315] [ 109.344411][ T6315] [ 109.344411][ T6315] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.344411][ T6315] [ 109.375595][ T6315] [ 109.375595][ T6315] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.375595][ T6315] [ 109.400577][ T6315] [ 109.400577][ T6315] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.400577][ T6315] [ 109.428558][ T6315] [ 109.428558][ T6315] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.428558][ T6315] [ 109.468784][ T112] [ 109.468784][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.468784][ T112] [ 109.606063][ T5776] [ 109.606063][ T5776] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.606063][ T5776] [ 109.634760][ T5776] [ 109.634760][ T5776] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.634760][ T5776] [ 109.682808][ T6317] loop1: detected capacity change from 0 to 40427 [ 109.709072][ T6317] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 109.731017][ T6317] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 109.777332][ T6317] F2FS-fs (loop1): invalid crc value [ 109.822203][ T6317] F2FS-fs (loop1): Found nat_bits in checkpoint [ 110.022287][ T6328] loop0: detected capacity change from 0 to 4096 [ 110.077241][ T6317] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 110.084503][ T6317] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 110.880584][ T6335] loop0: detected capacity change from 0 to 4096 [ 111.058289][ T6336] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 111.303438][ T6331] loop3: detected capacity change from 0 to 32768 [ 111.413863][ T6331] XFS (loop3): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 111.590268][ T6331] XFS (loop3): Ending clean mount [ 111.841298][ T5771] XFS (loop3): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 112.236694][ T6359] bridge0: entered promiscuous mode [ 112.721409][ T5761] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 112.927052][ T5761] usb 1-1: Using ep0 maxpacket: 32 [ 112.939261][ T5761] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 112.954489][ T6361] loop3: detected capacity change from 0 to 40427 [ 112.966019][ T5761] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 112.968065][ T6361] F2FS-fs (loop3): Wrong segment_count / block_count (64 > 16384) [ 112.992805][ T6361] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 113.006137][ T5761] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 113.031527][ T6361] F2FS-fs (loop3): Found nat_bits in checkpoint [ 113.040314][ T5761] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.078957][ T5761] usb 1-1: config 0 descriptor?? [ 113.097527][ T5761] hub 1-1:0.0: USB hub found [ 113.151508][ T6361] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 113.162748][ T6361] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 113.317634][ T5761] hub 1-1:0.0: 26 ports detected [ 113.351177][ T5761] hub 1-1:0.0: insufficient power available to use all downstream ports [ 113.366210][ T5771] syz-executor: attempt to access beyond end of device [ 113.366210][ T5771] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 113.397057][ T5771] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 113.519844][ T5761] hub 1-1:0.0: hub_hub_status failed (err = -71) [ 113.536897][ T5761] hub 1-1:0.0: config failed, can't get hub status (err -71) [ 113.561716][ T5761] usbhid 1-1:0.0: can't add hid device: -71 [ 113.577215][ T5761] usbhid: probe of 1-1:0.0 failed with error -71 [ 113.627346][ T5761] usb 1-1: USB disconnect, device number 3 [ 114.015900][ T6372] loop2: detected capacity change from 0 to 4096 [ 114.044289][ T6372] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 114.188629][ T6372] ntfs: (device loop2): check_mft_mirror(): $MFTMirr location mismatch. Run chkdsk. [ 114.207105][ T6372] ntfs: (device loop2): load_system_files(): $MFTMirr does not match $MFT. Will not be able to remount read-write. Run ntfsfix and/or chkdsk. [ 114.325335][ T6382] vivid-002: disconnect [ 114.335159][ T6372] ntfs: volume version 3.1. [ 114.344960][ T6378] Driver unsupported XDP return value 0 on prog (id 12) dev N/A, expect packet loss! [ 114.357603][ T6379] vivid-002: reconnect [ 114.662615][ T6386] loop3: detected capacity change from 0 to 4096 [ 114.967644][ T6392] loop1: detected capacity change from 0 to 4096 [ 115.044118][ T6392] NILFS (loop1): invalid segment: Checksum error in segment payload [ 115.077666][ T6392] NILFS (loop1): trying rollback from an earlier position [ 115.164135][ T6392] NILFS (loop1): recovery complete [ 115.221286][ T6401] loop0: detected capacity change from 0 to 1764 [ 115.235102][ T6402] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 115.317991][ T5815] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 115.519310][ T5815] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 115.541794][ T5815] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 115.565521][ T5815] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 115.588275][ T5815] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.643627][ T5815] usb 4-1: config 0 descriptor?? [ 116.110344][ T5815] cp2112 0003:10C4:EA90.0004: unbalanced collection at end of report description [ 116.164653][ T5815] cp2112 0003:10C4:EA90.0004: parse failed [ 116.178282][ T5815] cp2112: probe of 0003:10C4:EA90.0004 failed with error -22 [ 116.339643][ T9] usb 4-1: USB disconnect, device number 3 [ 116.450912][ T6435] Bluetooth: MGMT ver 1.22 [ 116.832300][ T6448] loop0: detected capacity change from 0 to 128 [ 116.866430][ T6448] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 116.917835][ T787] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 116.960481][ T28] audit: type=1800 audit(1778295690.867:10): pid=6448 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.250" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=1048597 res=0 errno=0 [ 117.135407][ T787] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.175585][ T787] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 117.186472][ T787] usb 2-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00 [ 117.198190][ T787] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.219343][ T787] usb 2-1: config 0 descriptor?? [ 117.698703][ T787] wacom 0003:056A:030C.0005: hidraw0: USB HID v0.06 Device [HID 056a:030c] on usb-dummy_hcd.1-1/input0 [ 117.939782][ T9] usb 2-1: USB disconnect, device number 3 [ 118.022223][ T6473] fido_id[6473]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 118.548432][ T5779] Bluetooth: hci0: command tx timeout [ 118.878769][ T6485] loop0: detected capacity change from 0 to 40427 [ 118.907852][ T6485] F2FS-fs (loop0): Wrong segment_count / block_count (64 > 16384) [ 118.915801][ T6485] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 118.986622][ T6485] F2FS-fs (loop0): Found nat_bits in checkpoint [ 119.070442][ T6485] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 119.080224][ T6485] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 119.182889][ T5776] syz-executor: attempt to access beyond end of device [ 119.182889][ T5776] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 119.202772][ T5776] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 119.264153][ T59] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.398859][ T59] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.515085][ T59] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.684462][ T59] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.209019][ T6519] loop0: detected capacity change from 0 to 256 [ 120.227645][ T6519] exfat: Deprecated parameter 'utf8' [ 120.233040][ T6519] exfat: Deprecated parameter 'utf8' [ 120.292335][ T6519] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 120.877123][ T5788] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 120.888203][ T5788] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 120.898385][ T5788] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 120.908635][ T5788] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 120.917114][ T1188] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 120.932052][ T5788] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 120.942144][ T6533] loop0: detected capacity change from 0 to 8 [ 120.953825][ T5788] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 121.114629][ T1188] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 121.162724][ T1188] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 121.195592][ T1188] usb 4-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 121.219934][ T6516] loop1: detected capacity change from 0 to 32768 [ 121.227650][ T1188] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 121.227679][ T1188] usb 4-1: Manufacturer: syz [ 121.254423][ T1188] usb 4-1: config 0 descriptor?? [ 121.529539][ T6516] ea_get: invalid extended attribute [ 121.561083][ T6516] ffff888059840c70: 04 00 00 00 .... [ 121.604622][ T6541] ea_get: invalid extended attribute [ 121.653275][ T6541] ffff888059840c70: 04 00 00 00 .... [ 121.718740][ T1188] cougar 0003:060B:700A.0006: item fetching failed at offset 3/5 [ 121.751384][ T1188] cougar 0003:060B:700A.0006: parse failed [ 121.767200][ T1188] cougar: probe of 0003:060B:700A.0006 failed with error -22 [ 122.030503][ T6551] netlink: 20 bytes leftover after parsing attributes in process `syz.1.290'. [ 122.038103][ T5817] usb 4-1: USB disconnect, device number 4 [ 122.215464][ T6555] process 'syz.1.292' launched '/dev/fd/3' with NULL argv: empty string added [ 122.826459][ T6572] bridge: RTM_NEWNEIGH with invalid ether address [ 123.027318][ T5779] Bluetooth: hci2: command tx timeout [ 123.212559][ T6583] loop0: detected capacity change from 0 to 1024 [ 123.281318][ T6583] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 123.295471][ T59] hsr_slave_0: left promiscuous mode [ 123.317927][ T6583] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 123.337131][ T59] hsr_slave_1: left promiscuous mode [ 123.358776][ T6585] loop3: detected capacity change from 0 to 2048 [ 123.389068][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 123.421812][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 123.439924][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 123.457737][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 123.470687][ T6583] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.301: bg 0: block 112: padding at end of block bitmap is not set [ 123.485595][ T6588] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set [ 123.507882][ T59] bridge_slave_1: left allmulticast mode [ 123.513641][ T59] bridge_slave_1: left promiscuous mode [ 123.540971][ T6589] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 123.561045][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.605751][ T59] bridge_slave_0: left allmulticast mode [ 123.611705][ T59] bridge_slave_0: left promiscuous mode [ 123.633797][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.720016][ T5776] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 123.733998][ T59] veth1_macvtap: left promiscuous mode [ 123.762921][ T59] veth0_macvtap: left promiscuous mode [ 123.772202][ T59] veth1_vlan: left promiscuous mode [ 123.789918][ T59] veth0_vlan: left promiscuous mode [ 124.149574][ T6599] usb usb8: usbfs: process 6599 (syz.1.306) did not claim interface 4 before use [ 124.227476][ T5761] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 124.372656][ T6601] xt_socket: unknown flags 0xe4 [ 124.374349][ T6593] loop3: detected capacity change from 0 to 32768 [ 124.414041][ T6593] [ 124.414041][ T6593] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.414041][ T6593] [ 124.427114][ T5761] usb 1-1: Using ep0 maxpacket: 16 [ 124.439481][ T5761] usb 1-1: config 0 has an invalid interface number: 254 but max is 0 [ 124.457374][ T5761] usb 1-1: config 0 has no interface number 0 [ 124.464547][ T5761] usb 1-1: config 0 interface 254 altsetting 255 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 124.504299][ T5761] usb 1-1: config 0 interface 254 altsetting 255 endpoint 0x81 has invalid wMaxPacketSize 0 [ 124.528542][ T6593] [ 124.528542][ T6593] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.528542][ T6593] [ 124.546593][ T5761] usb 1-1: config 0 interface 254 has no altsetting 0 [ 124.554653][ T6593] [ 124.554653][ T6593] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.554653][ T6593] [ 124.568969][ T5761] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 124.580518][ T5761] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.590364][ T6593] [ 124.590364][ T6593] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.590364][ T6593] [ 124.609164][ T6602] [ 124.609164][ T6602] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.609164][ T6602] [ 124.628764][ T5761] usb 1-1: config 0 descriptor?? [ 124.664208][ T6593] [ 124.664208][ T6593] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.664208][ T6593] [ 124.726237][ T6593] [ 124.726237][ T6593] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.726237][ T6593] [ 124.766553][ T6602] [ 124.766553][ T6602] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.766553][ T6602] [ 124.841436][ T113] [ 124.841436][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.841436][ T113] [ 124.981477][ T1129] [ 124.981477][ T1129] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.981477][ T1129] [ 125.008949][ T1129] [ 125.008949][ T1129] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 125.008949][ T1129] [ 125.058694][ T5771] [ 125.058694][ T5771] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 125.058694][ T5771] [ 125.083410][ T5761] corsair 0003:1B1C:1B02.0007: unknown main item tag 0x0 [ 125.091527][ T112] [ 125.091527][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 125.091527][ T112] [ 125.097338][ T5761] corsair 0003:1B1C:1B02.0007: unknown main item tag 0x0 [ 125.111013][ T5779] Bluetooth: hci2: command tx timeout [ 125.116732][ T5761] corsair 0003:1B1C:1B02.0007: unknown main item tag 0x0 [ 125.127300][ T5771] [ 125.127300][ T5771] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 125.127300][ T5771] [ 125.145386][ T5761] corsair 0003:1B1C:1B02.0007: unknown main item tag 0x0 [ 125.145419][ T5761] corsair 0003:1B1C:1B02.0007: unknown main item tag 0x0 [ 125.160578][ T5761] corsair 0003:1B1C:1B02.0007: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.0-1/input254 [ 125.391072][ T5761] usb 1-1: USB disconnect, device number 4 [ 126.144011][ T59] team0 (unregistering): Port device team_slave_1 removed [ 126.226497][ T6617] loop1: detected capacity change from 0 to 32768 [ 126.253169][ T59] team0 (unregistering): Port device team_slave_0 removed [ 126.380197][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 126.560306][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 127.145930][ T59] bond0 (unregistering): Released all slaves [ 127.192094][ T5779] Bluetooth: hci2: command tx timeout [ 127.269871][ T6530] chnl_net:caif_netlink_parms(): no params data found [ 127.530158][ T6646] loop1: detected capacity change from 0 to 65 [ 127.637024][ T6646] BFS-fs: bfs_fill_super(): NOTE: filesystem loop1 was created with 512 inodes, the real maximum is 511, mounting anyway [ 127.723984][ T6530] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.757491][ T6530] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.785311][ T6530] bridge_slave_0: entered allmulticast mode [ 127.804878][ T6530] bridge_slave_0: entered promiscuous mode [ 127.848439][ T6530] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.907202][ T6530] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.914541][ T6530] bridge_slave_1: entered allmulticast mode [ 127.951845][ T6530] bridge_slave_1: entered promiscuous mode [ 128.106592][ T6530] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 128.126355][ T6661] netlink: 8 bytes leftover after parsing attributes in process `syz.0.329'. [ 128.162808][ T6530] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 128.345110][ T6530] team0: Port device team_slave_0 added [ 128.380927][ T6530] team0: Port device team_slave_1 added [ 128.429320][ T6670] ieee802154 phy0 wpan0: encryption failed: -22 [ 128.498482][ T6530] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 128.505648][ T6530] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 128.589792][ T6530] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 128.633295][ T6530] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 128.672680][ T6530] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 128.734645][ T6530] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 128.963186][ T6530] hsr_slave_0: entered promiscuous mode [ 128.982759][ T6530] hsr_slave_1: entered promiscuous mode [ 129.096749][ T6686] netlink: 52 bytes leftover after parsing attributes in process `syz.0.340'. [ 129.277000][ T5779] Bluetooth: hci2: command tx timeout [ 129.369396][ T6695] loop3: detected capacity change from 0 to 2048 [ 129.438519][ T6695] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.459744][ T6695] ext4 filesystem being mounted at /91/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 129.642325][ T5771] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.828562][ T787] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 129.858324][ T6530] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 129.893224][ T6530] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 129.905585][ T6711] loop3: detected capacity change from 0 to 128 [ 129.922192][ T6530] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 129.940175][ T6530] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 129.953425][ T6711] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 130.008585][ T6711] ext4 filesystem being mounted at /92/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 130.057418][ T787] usb 2-1: Using ep0 maxpacket: 8 [ 130.071607][ T787] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 130.088727][ T787] usb 2-1: config 179 has no interface number 0 [ 130.099370][ T787] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 130.111520][ T787] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 130.123099][ T787] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 130.147148][ T787] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 130.171343][ T787] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 130.193169][ T787] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 130.205187][ T787] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.226455][ T5771] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 130.251262][ T6700] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 130.389770][ T6530] 8021q: adding VLAN 0 to HW filter on device bond0 [ 130.425341][ T6530] 8021q: adding VLAN 0 to HW filter on device team0 [ 130.451145][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.458503][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 130.532641][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.539943][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 130.757288][ T5761] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 130.931524][ T6725] Bluetooth: MGMT ver 1.22 [ 130.990582][ T5761] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 131.020562][ T5761] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 131.073262][ T5761] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 131.139947][ T5761] usb 4-1: New USB device found, idVendor=0461, idProduct=4e72, bcdDevice= 0.00 [ 131.179799][ T5761] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.228798][ T5761] usb 4-1: config 0 descriptor?? [ 131.244955][ T6731] capability: warning: `syz.0.349' uses 32-bit capabilities (legacy support in use) [ 131.287747][ T1188] usb 2-1: USB disconnect, device number 4 [ 131.288511][ C1] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 131.302076][ C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 131.311366][ C1] ================================================================== [ 131.319489][ C1] BUG: KASAN: slab-use-after-free in register_lock_class+0x80b/0x8a0 [ 131.327822][ C1] Read of size 1 at addr ffff888076277091 by task kworker/1:3/5761 [ 131.335767][ C1] [ 131.338146][ C1] CPU: 1 PID: 5761 Comm: kworker/1:3 Not tainted syzkaller #0 [ 131.345646][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 131.355742][ C1] Workqueue: usb_hub_wq hub_event [ 131.360815][ C1] Call Trace: [ 131.364130][ C1] [ 131.367005][ C1] dump_stack_lvl+0x18c/0x250 [ 131.371739][ C1] ? __lock_acquire+0x7d40/0x7d40 [ 131.376800][ C1] ? show_regs_print_info+0x20/0x20 [ 131.382126][ C1] ? load_image+0x420/0x420 [ 131.386672][ C1] ? __virt_addr_valid+0x469/0x540 [ 131.392257][ C1] print_report+0xa8/0x210 [ 131.396711][ C1] ? register_lock_class+0x80b/0x8a0 [ 131.402015][ C1] kasan_report+0x117/0x150 [ 131.406561][ C1] ? register_lock_class+0x80b/0x8a0 [ 131.411860][ C1] register_lock_class+0x80b/0x8a0 [ 131.416990][ C1] ? __down_timeout+0x10/0x10 [ 131.421675][ C1] ? is_dynamic_key+0x260/0x260 [ 131.426532][ C1] ? prb_read_valid+0x3d/0x60 [ 131.431222][ C1] __lock_acquire+0x188/0x7d40 [ 131.435997][ C1] ? mark_lock+0x94/0x320 [ 131.440340][ C1] ? __lock_acquire+0x1347/0x7d40 [ 131.445375][ C1] ? mark_lock+0x94/0x320 [ 131.450085][ C1] ? __lock_acquire+0x1347/0x7d40 [ 131.455219][ C1] ? verify_lock_unused+0x140/0x140 [ 131.460453][ C1] lock_acquire+0x19e/0x420 [ 131.464995][ C1] ? __wake_up+0x10b/0x1a0 [ 131.469453][ C1] ? read_lock_is_recursive+0x20/0x20 [ 131.474854][ C1] _raw_spin_lock_irqsave+0xb4/0x100 [ 131.480159][ C1] ? __wake_up+0x10b/0x1a0 [ 131.484587][ C1] ? _raw_spin_lock+0x40/0x40 [ 131.489283][ C1] __wake_up+0x10b/0x1a0 [ 131.493556][ C1] ? __wake_up_bit+0x210/0x210 [ 131.498339][ C1] __usb_hcd_giveback_urb+0x396/0x520 [ 131.503730][ C1] dummy_timer+0x8de/0x3320 [ 131.508255][ C1] ? mark_lock+0x94/0x320 [ 131.512611][ C1] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 131.518606][ C1] ? lock_chain_count+0x20/0x20 [ 131.523473][ C1] ? dummy_free_streams+0x530/0x530 [ 131.528692][ C1] __hrtimer_run_queues+0x520/0xc40 [ 131.533900][ C1] ? ktime_get_update_offsets_now+0x99/0x3f0 [ 131.539893][ C1] ? dummy_free_streams+0x530/0x530 [ 131.545116][ C1] ? hrtimer_interrupt+0x9c0/0x9c0 [ 131.550268][ C1] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 131.556353][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 131.561482][ C1] handle_softirqs+0x280/0x820 [ 131.566256][ C1] ? __irq_exit_rcu+0xd3/0x190 [ 131.571028][ C1] ? do_softirq+0x1a0/0x1a0 [ 131.575555][ C1] __irq_exit_rcu+0xd3/0x190 [ 131.580154][ C1] ? irq_exit_rcu+0x20/0x20 [ 131.584675][ C1] irq_exit_rcu+0x9/0x20 [ 131.588972][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 131.594619][ C1] [ 131.597557][ C1] [ 131.600497][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 131.606548][ C1] RIP: 0010:unwind_get_return_address+0x37/0xc0 [ 131.612799][ C1] Code: 49 be 00 00 00 00 00 fc ff df e8 c4 eb 4b 00 48 89 d8 48 c1 e8 03 42 0f b6 04 30 84 c0 75 6e 8b 2b 31 ff 89 ee e8 59 ef 4b 00 <85> ed 74 4a 48 83 c3 48 49 89 df 49 c1 ef 03 43 80 3c 37 00 74 08 [ 131.632419][ C1] RSP: 0018:ffffc900046ceba0 EFLAGS: 00000297 [ 131.638496][ C1] RAX: ffffffff813b3657 RBX: ffffc900046cebc8 RCX: 0000000000000002 [ 131.646555][ C1] RDX: ffff888025635a00 RSI: 0000000000000001 RDI: 0000000000000000 [ 131.654542][ C1] RBP: 0000000000000001 R08: ffff888025635a00 R09: 0000000000000003 [ 131.662526][ C1] R10: 0000000000000004 R11: 0000000000000002 R12: ffffffff85472e4c [ 131.670503][ C1] R13: 00000000000000b8 R14: dffffc0000000000 R15: ffffc900046cebc8 [ 131.678485][ C1] ? __driver_probe_device+0x18c/0x330 [ 131.683956][ C1] ? unwind_get_return_address+0x37/0xc0 [ 131.689600][ C1] ? stack_trace_save+0x100/0x100 [ 131.694634][ C1] arch_stack_walk+0x11d/0x190 [ 131.699404][ C1] ? driver_probe_device+0x4f/0x420 [ 131.704613][ C1] stack_trace_save+0xaa/0x100 [ 131.709389][ C1] ? stack_trace_snprint+0xf0/0xf0 [ 131.714516][ C1] ? mark_lock+0x94/0x320 [ 131.718872][ C1] kasan_set_track+0x4e/0x70 [ 131.723489][ C1] ? kasan_set_track+0x4e/0x70 [ 131.728271][ C1] ? __kasan_slab_alloc+0x6c/0x80 [ 131.733302][ C1] ? slab_post_alloc_hook+0x6e/0x4b0 [ 131.738600][ C1] ? kmem_cache_alloc+0x11a/0x2d0 [ 131.743646][ C1] ? __kernfs_new_node+0xe5/0x810 [ 131.748709][ C1] ? kernfs_new_node+0x14c/0x260 [ 131.753662][ C1] ? kernfs_create_link+0xa7/0x200 [ 131.758790][ C1] ? sysfs_do_create_link_sd+0x83/0x110 [ 131.764338][ C1] ? bus_add_device+0x277/0x440 [ 131.769204][ C1] ? device_add+0x549/0xc20 [ 131.773737][ C1] ? usb_set_configuration+0x1a79/0x20c0 [ 131.779382][ C1] ? usb_generic_driver_probe+0x8d/0x150 [ 131.785113][ C1] ? usb_probe_device+0x13d/0x270 [ 131.790153][ C1] ? really_probe+0x25b/0xb20 [ 131.794838][ C1] ? __driver_probe_device+0x18c/0x330 [ 131.800319][ C1] __kasan_slab_alloc+0x6c/0x80 [ 131.805180][ C1] slab_post_alloc_hook+0x6e/0x4b0 [ 131.810306][ C1] kmem_cache_alloc+0x11a/0x2d0 [ 131.815167][ C1] ? __kernfs_new_node+0xe5/0x810 [ 131.820208][ C1] __kernfs_new_node+0xe5/0x810 [ 131.825071][ C1] ? kernfs_new_node+0x260/0x260 [ 131.830025][ C1] ? sysfs_do_create_link_sd+0x75/0x110 [ 131.835582][ C1] ? __lock_acquire+0x7d40/0x7d40 [ 131.840617][ C1] kernfs_new_node+0x14c/0x260 [ 131.845401][ C1] kernfs_create_link+0xa7/0x200 [ 131.850358][ C1] sysfs_do_create_link_sd+0x83/0x110 [ 131.855750][ C1] bus_add_device+0x277/0x440 [ 131.860453][ C1] device_add+0x549/0xc20 [ 131.864801][ C1] usb_set_configuration+0x1a79/0x20c0 [ 131.870290][ C1] usb_generic_driver_probe+0x8d/0x150 [ 131.875763][ C1] usb_probe_device+0x13d/0x270 [ 131.880646][ C1] ? usb_register_device_driver+0x230/0x230 [ 131.886557][ C1] really_probe+0x25b/0xb20 [ 131.891074][ C1] ? pm_runtime_barrier+0x14b/0x1c0 [ 131.896299][ C1] __driver_probe_device+0x18c/0x330 [ 131.901628][ C1] driver_probe_device+0x4f/0x420 [ 131.906676][ C1] __device_attach_driver+0x2ca/0x510 [ 131.912059][ C1] bus_for_each_drv+0x252/0x2e0 [ 131.916927][ C1] ? coredump_store+0x90/0x90 [ 131.921612][ C1] ? bus_find_device+0x300/0x300 [ 131.926586][ C1] __device_attach+0x2c2/0x420 [ 131.931381][ C1] ? device_attach+0x20/0x20 [ 131.935976][ C1] ? __kmem_cache_free+0xba/0x1e0 [ 131.941020][ C1] ? do_raw_spin_unlock+0x121/0x230 [ 131.946236][ C1] bus_probe_device+0x180/0x260 [ 131.951104][ C1] device_add+0x85b/0xc20 [ 131.955472][ C1] usb_new_device+0xa3c/0x1660 [ 131.960263][ C1] ? usb_disconnect+0x8a0/0x8a0 [ 131.965135][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 131.970347][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 131.975579][ C1] hub_event+0x29bf/0x49f0 [ 131.980025][ C1] ? hub_post_resume+0x120/0x120 [ 131.985145][ C1] ? read_lock_is_recursive+0x20/0x20 [ 131.990540][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 131.995765][ C1] ? process_scheduled_works+0x96f/0x15d0 [ 132.001517][ C1] ? process_scheduled_works+0x96f/0x15d0 [ 132.007256][ C1] process_scheduled_works+0xa5d/0x15d0 [ 132.012827][ C1] ? worker_attach_to_pool+0x380/0x380 [ 132.018301][ C1] ? assign_work+0x3d2/0x5d0 [ 132.022907][ C1] worker_thread+0xa55/0xfc0 [ 132.027514][ C1] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 132.033503][ C1] ? _raw_spin_unlock+0x40/0x40 [ 132.038419][ C1] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 132.044436][ C1] kthread+0x2fa/0x390 [ 132.048520][ C1] ? pr_cont_work+0x560/0x560 [ 132.053215][ C1] ? kthread_blkcg+0xd0/0xd0 [ 132.057816][ C1] ret_from_fork+0x48/0x80 [ 132.062242][ C1] ? kthread_blkcg+0xd0/0xd0 [ 132.066839][ C1] ret_from_fork_asm+0x11/0x20 [ 132.071619][ C1] [ 132.074644][ C1] [ 132.076970][ C1] Allocated by task 787: [ 132.081248][ C1] kasan_set_track+0x4e/0x70 [ 132.085850][ C1] __kasan_kmalloc+0x8f/0xa0 [ 132.090450][ C1] xpad_probe+0x41c/0x1ec0 [ 132.094876][ C1] usb_probe_interface+0x5c9/0xb20 [ 132.099997][ C1] really_probe+0x25b/0xb20 [ 132.104514][ C1] __driver_probe_device+0x18c/0x330 [ 132.109807][ C1] driver_probe_device+0x4f/0x420 [ 132.114838][ C1] __device_attach_driver+0x2ca/0x510 [ 132.120214][ C1] bus_for_each_drv+0x252/0x2e0 [ 132.125196][ C1] __device_attach+0x2c2/0x420 [ 132.129983][ C1] bus_probe_device+0x180/0x260 [ 132.134866][ C1] device_add+0x85b/0xc20 [ 132.139204][ C1] usb_set_configuration+0x1a79/0x20c0 [ 132.144676][ C1] usb_generic_driver_probe+0x8d/0x150 [ 132.150143][ C1] usb_probe_device+0x13d/0x270 [ 132.155002][ C1] really_probe+0x25b/0xb20 [ 132.159513][ C1] __driver_probe_device+0x18c/0x330 [ 132.164800][ C1] driver_probe_device+0x4f/0x420 [ 132.169839][ C1] __device_attach_driver+0x2ca/0x510 [ 132.175238][ C1] bus_for_each_drv+0x252/0x2e0 [ 132.180139][ C1] __device_attach+0x2c2/0x420 [ 132.184908][ C1] bus_probe_device+0x180/0x260 [ 132.189775][ C1] device_add+0x85b/0xc20 [ 132.194114][ C1] usb_new_device+0xa3c/0x1660 [ 132.198910][ C1] hub_event+0x29bf/0x49f0 [ 132.203382][ C1] process_scheduled_works+0xa5d/0x15d0 [ 132.209031][ C1] worker_thread+0xa55/0xfc0 [ 132.213635][ C1] kthread+0x2fa/0x390 [ 132.217714][ C1] ret_from_fork+0x48/0x80 [ 132.222134][ C1] ret_from_fork_asm+0x11/0x20 [ 132.226908][ C1] [ 132.229237][ C1] Freed by task 1188: [ 132.233216][ C1] kasan_set_track+0x4e/0x70 [ 132.237999][ C1] kasan_save_free_info+0x2e/0x50 [ 132.243053][ C1] ____kasan_slab_free+0x126/0x1e0 [ 132.248271][ C1] slab_free_freelist_hook+0x130/0x1a0 [ 132.253742][ C1] __kmem_cache_free+0xba/0x1e0 [ 132.258724][ C1] xpad_disconnect+0x350/0x480 [ 132.263562][ C1] usb_unbind_interface+0x1f2/0x870 [ 132.268769][ C1] device_release_driver_internal+0x4cb/0x7a0 [ 132.274845][ C1] bus_remove_device+0x342/0x400 [ 132.279793][ C1] device_del+0x522/0x910 [ 132.284134][ C1] usb_disable_device+0x3e9/0x8a0 [ 132.289174][ C1] usb_disconnect+0x34c/0x8a0 [ 132.293948][ C1] hub_event+0x1d0f/0x49f0 [ 132.298366][ C1] process_scheduled_works+0xa5d/0x15d0 [ 132.303917][ C1] worker_thread+0xa55/0xfc0 [ 132.308507][ C1] kthread+0x2fa/0x390 [ 132.312580][ C1] ret_from_fork+0x48/0x80 [ 132.317187][ C1] ret_from_fork_asm+0x11/0x20 [ 132.321977][ C1] [ 132.324313][ C1] The buggy address belongs to the object at ffff888076277000 [ 132.324313][ C1] which belongs to the cache kmalloc-1k of size 1024 [ 132.338390][ C1] The buggy address is located 145 bytes inside of [ 132.338390][ C1] freed 1024-byte region [ffff888076277000, ffff888076277400) [ 132.352373][ C1] [ 132.354806][ C1] The buggy address belongs to the physical page: [ 132.361223][ C1] page:ffffea0001d89c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888076277800 pfn:0x76270 [ 132.372893][ C1] head:ffffea0001d89c00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 132.381840][ C1] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 132.389940][ C1] page_type: 0xffffffff() [ 132.394367][ C1] raw: 00fff00000000840 ffff888017c41dc0 ffffea000170ce10 ffffea0001de2210 [ 132.402954][ C1] raw: ffff888076277800 000000000010000f 00000001ffffffff 0000000000000000 [ 132.411560][ C1] page dumped because: kasan: bad access detected [ 132.418017][ C1] page_owner tracks the page as allocated [ 132.423735][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5433, tgid 5433 (dhcpcd), ts 58006510804, free_ts 30675758379 [ 132.444677][ C1] post_alloc_hook+0x1c1/0x200 [ 132.449477][ C1] get_page_from_freelist+0x1951/0x19e0 [ 132.455393][ C1] __alloc_pages+0x1f0/0x460 [ 132.460009][ C1] alloc_slab_page+0x4f/0x160 [ 132.464713][ C1] new_slab+0x87/0x2d0 [ 132.468794][ C1] ___slab_alloc+0xc5d/0x12f0 [ 132.473520][ C1] __kmem_cache_alloc_node+0x19e/0x250 [ 132.478997][ C1] __kmalloc_node+0xa4/0x230 [ 132.483605][ C1] qdisc_alloc+0x94/0xa50 [ 132.487961][ C1] qdisc_create_dflt+0x63/0x430 [ 132.492817][ C1] dev_activate+0x1d0/0x11a0 [ 132.497412][ C1] __dev_open+0x347/0x430 [ 132.501756][ C1] __dev_change_flags+0x211/0x6a0 [ 132.506826][ C1] dev_change_flags+0x88/0x1a0 [ 132.511646][ C1] devinet_ioctl+0x95c/0x1c40 [ 132.516373][ C1] inet_ioctl+0x42b/0x560 [ 132.520745][ C1] page last free stack trace: [ 132.525438][ C1] free_unref_page_prepare+0x7b2/0x8c0 [ 132.530926][ C1] free_unref_page+0x32/0x2e0 [ 132.535639][ C1] free_contig_range+0xa1/0x150 [ 132.540501][ C1] destroy_args+0x80/0x850 [ 132.544961][ C1] debug_vm_pgtable+0x411/0x440 [ 132.549821][ C1] do_one_initcall+0x242/0x790 [ 132.554595][ C1] do_initcall_level+0x137/0x1f0 [ 132.559598][ C1] do_initcalls+0x69/0xd0 [ 132.563935][ C1] kernel_init_freeable+0x3ed/0x580 [ 132.569145][ C1] kernel_init+0x1d/0x1c0 [ 132.573485][ C1] ret_from_fork+0x48/0x80 [ 132.577911][ C1] ret_from_fork_asm+0x11/0x20 [ 132.582700][ C1] [ 132.585031][ C1] Memory state around the buggy address: [ 132.590682][ C1] ffff888076276f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 132.598763][ C1] ffff888076277000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 132.606925][ C1] >ffff888076277080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 132.614990][ C1] ^ [ 132.619579][ C1] ffff888076277100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 132.627647][ C1] ffff888076277180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 132.635709][ C1] ================================================================== [ 132.643781][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 132.650981][ C1] CPU: 1 PID: 5761 Comm: kworker/1:3 Not tainted syzkaller #0 [ 132.658461][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 132.668549][ C1] Workqueue: usb_hub_wq hub_event [ 132.673596][ C1] Call Trace: [ 132.676883][ C1] [ 132.679856][ C1] dump_stack_lvl+0x18c/0x250 [ 132.684571][ C1] ? show_regs_print_info+0x20/0x20 [ 132.689807][ C1] ? load_image+0x420/0x420 [ 132.694340][ C1] panic+0x2dc/0x730 [ 132.698269][ C1] ? bpf_jit_dump+0xd0/0xd0 [ 132.702794][ C1] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 132.708709][ C1] ? _raw_spin_unlock+0x40/0x40 [ 132.713580][ C1] ? print_memory_metadata+0x314/0x400 [ 132.719074][ C1] ? register_lock_class+0x80b/0x8a0 [ 132.724378][ C1] check_panic_on_warn+0x84/0xa0 [ 132.729347][ C1] ? register_lock_class+0x80b/0x8a0 [ 132.734657][ C1] end_report+0x6f/0x130 [ 132.738923][ C1] kasan_report+0x128/0x150 [ 132.743450][ C1] ? register_lock_class+0x80b/0x8a0 [ 132.748758][ C1] register_lock_class+0x80b/0x8a0 [ 132.753884][ C1] ? __down_timeout+0x10/0x10 [ 132.758597][ C1] ? is_dynamic_key+0x260/0x260 [ 132.763578][ C1] ? prb_read_valid+0x3d/0x60 [ 132.768265][ C1] __lock_acquire+0x188/0x7d40 [ 132.773046][ C1] ? mark_lock+0x94/0x320 [ 132.777384][ C1] ? __lock_acquire+0x1347/0x7d40 [ 132.782416][ C1] ? mark_lock+0x94/0x320 [ 132.786768][ C1] ? __lock_acquire+0x1347/0x7d40 [ 132.791816][ C1] ? verify_lock_unused+0x140/0x140 [ 132.797034][ C1] lock_acquire+0x19e/0x420 [ 132.801547][ C1] ? __wake_up+0x10b/0x1a0 [ 132.805995][ C1] ? read_lock_is_recursive+0x20/0x20 [ 132.811397][ C1] _raw_spin_lock_irqsave+0xb4/0x100 [ 132.816698][ C1] ? __wake_up+0x10b/0x1a0 [ 132.821130][ C1] ? _raw_spin_lock+0x40/0x40 [ 132.825821][ C1] __wake_up+0x10b/0x1a0 [ 132.830073][ C1] ? __wake_up_bit+0x210/0x210 [ 132.834860][ C1] __usb_hcd_giveback_urb+0x396/0x520 [ 132.840250][ C1] dummy_timer+0x8de/0x3320 [ 132.844778][ C1] ? mark_lock+0x94/0x320 [ 132.849119][ C1] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 132.855150][ C1] ? lock_chain_count+0x20/0x20 [ 132.860013][ C1] ? dummy_free_streams+0x530/0x530 [ 132.865432][ C1] __hrtimer_run_queues+0x520/0xc40 [ 132.870673][ C1] ? ktime_get_update_offsets_now+0x99/0x3f0 [ 132.876717][ C1] ? dummy_free_streams+0x530/0x530 [ 132.881969][ C1] ? hrtimer_interrupt+0x9c0/0x9c0 [ 132.887099][ C1] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 132.893183][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 132.898307][ C1] handle_softirqs+0x280/0x820 [ 132.903123][ C1] ? __irq_exit_rcu+0xd3/0x190 [ 132.907910][ C1] ? do_softirq+0x1a0/0x1a0 [ 132.912444][ C1] __irq_exit_rcu+0xd3/0x190 [ 132.917157][ C1] ? irq_exit_rcu+0x20/0x20 [ 132.921730][ C1] irq_exit_rcu+0x9/0x20 [ 132.926102][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 132.931773][ C1] [ 132.934717][ C1] [ 132.937653][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 132.943646][ C1] RIP: 0010:unwind_get_return_address+0x37/0xc0 [ 132.949897][ C1] Code: 49 be 00 00 00 00 00 fc ff df e8 c4 eb 4b 00 48 89 d8 48 c1 e8 03 42 0f b6 04 30 84 c0 75 6e 8b 2b 31 ff 89 ee e8 59 ef 4b 00 <85> ed 74 4a 48 83 c3 48 49 89 df 49 c1 ef 03 43 80 3c 37 00 74 08 [ 132.969530][ C1] RSP: 0018:ffffc900046ceba0 EFLAGS: 00000297 [ 132.975651][ C1] RAX: ffffffff813b3657 RBX: ffffc900046cebc8 RCX: 0000000000000002 [ 132.983673][ C1] RDX: ffff888025635a00 RSI: 0000000000000001 RDI: 0000000000000000 [ 132.991659][ C1] RBP: 0000000000000001 R08: ffff888025635a00 R09: 0000000000000003 [ 132.999637][ C1] R10: 0000000000000004 R11: 0000000000000002 R12: ffffffff85472e4c [ 133.007633][ C1] R13: 00000000000000b8 R14: dffffc0000000000 R15: ffffc900046cebc8 [ 133.015646][ C1] ? __driver_probe_device+0x18c/0x330 [ 133.021276][ C1] ? unwind_get_return_address+0x37/0xc0 [ 133.027013][ C1] ? stack_trace_save+0x100/0x100 [ 133.032056][ C1] arch_stack_walk+0x11d/0x190 [ 133.036856][ C1] ? driver_probe_device+0x4f/0x420 [ 133.042091][ C1] stack_trace_save+0xaa/0x100 [ 133.046881][ C1] ? stack_trace_snprint+0xf0/0xf0 [ 133.052023][ C1] ? mark_lock+0x94/0x320 [ 133.056409][ C1] kasan_set_track+0x4e/0x70 [ 133.061031][ C1] ? kasan_set_track+0x4e/0x70 [ 133.065823][ C1] ? __kasan_slab_alloc+0x6c/0x80 [ 133.070863][ C1] ? slab_post_alloc_hook+0x6e/0x4b0 [ 133.076245][ C1] ? kmem_cache_alloc+0x11a/0x2d0 [ 133.081352][ C1] ? __kernfs_new_node+0xe5/0x810 [ 133.086461][ C1] ? kernfs_new_node+0x14c/0x260 [ 133.091460][ C1] ? kernfs_create_link+0xa7/0x200 [ 133.096621][ C1] ? sysfs_do_create_link_sd+0x83/0x110 [ 133.102213][ C1] ? bus_add_device+0x277/0x440 [ 133.107138][ C1] ? device_add+0x549/0xc20 [ 133.111745][ C1] ? usb_set_configuration+0x1a79/0x20c0 [ 133.117483][ C1] ? usb_generic_driver_probe+0x8d/0x150 [ 133.123154][ C1] ? usb_probe_device+0x13d/0x270 [ 133.128280][ C1] ? really_probe+0x25b/0xb20 [ 133.132991][ C1] ? __driver_probe_device+0x18c/0x330 [ 133.138500][ C1] __kasan_slab_alloc+0x6c/0x80 [ 133.143383][ C1] slab_post_alloc_hook+0x6e/0x4b0 [ 133.148517][ C1] kmem_cache_alloc+0x11a/0x2d0 [ 133.153403][ C1] ? __kernfs_new_node+0xe5/0x810 [ 133.158452][ C1] __kernfs_new_node+0xe5/0x810 [ 133.163351][ C1] ? kernfs_new_node+0x260/0x260 [ 133.168363][ C1] ? sysfs_do_create_link_sd+0x75/0x110 [ 133.173942][ C1] ? __lock_acquire+0x7d40/0x7d40 [ 133.178988][ C1] kernfs_new_node+0x14c/0x260 [ 133.183793][ C1] kernfs_create_link+0xa7/0x200 [ 133.188751][ C1] sysfs_do_create_link_sd+0x83/0x110 [ 133.194135][ C1] bus_add_device+0x277/0x440 [ 133.198839][ C1] device_add+0x549/0xc20 [ 133.203189][ C1] usb_set_configuration+0x1a79/0x20c0 [ 133.208690][ C1] usb_generic_driver_probe+0x8d/0x150 [ 133.214184][ C1] usb_probe_device+0x13d/0x270 [ 133.219057][ C1] ? usb_register_device_driver+0x230/0x230 [ 133.224963][ C1] really_probe+0x25b/0xb20 [ 133.229482][ C1] ? pm_runtime_barrier+0x14b/0x1c0 [ 133.234714][ C1] __driver_probe_device+0x18c/0x330 [ 133.240043][ C1] driver_probe_device+0x4f/0x420 [ 133.245090][ C1] __device_attach_driver+0x2ca/0x510 [ 133.250479][ C1] bus_for_each_drv+0x252/0x2e0 [ 133.255344][ C1] ? coredump_store+0x90/0x90 [ 133.260029][ C1] ? bus_find_device+0x300/0x300 [ 133.264986][ C1] __device_attach+0x2c2/0x420 [ 133.269758][ C1] ? device_attach+0x20/0x20 [ 133.274436][ C1] ? __kmem_cache_free+0xba/0x1e0 [ 133.279489][ C1] ? do_raw_spin_unlock+0x121/0x230 [ 133.284709][ C1] bus_probe_device+0x180/0x260 [ 133.289577][ C1] device_add+0x85b/0xc20 [ 133.293923][ C1] usb_new_device+0xa3c/0x1660 [ 133.298723][ C1] ? usb_disconnect+0x8a0/0x8a0 [ 133.303595][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 133.308846][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 133.314061][ C1] hub_event+0x29bf/0x49f0 [ 133.318505][ C1] ? hub_post_resume+0x120/0x120 [ 133.323457][ C1] ? read_lock_is_recursive+0x20/0x20 [ 133.328847][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 133.334058][ C1] ? process_scheduled_works+0x96f/0x15d0 [ 133.339795][ C1] ? process_scheduled_works+0x96f/0x15d0 [ 133.345529][ C1] process_scheduled_works+0xa5d/0x15d0 [ 133.351098][ C1] ? worker_attach_to_pool+0x380/0x380 [ 133.356571][ C1] ? assign_work+0x3d2/0x5d0 [ 133.361177][ C1] worker_thread+0xa55/0xfc0 [ 133.365802][ C1] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 133.371708][ C1] ? _raw_spin_unlock+0x40/0x40 [ 133.376567][ C1] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 133.382500][ C1] kthread+0x2fa/0x390 [ 133.386621][ C1] ? pr_cont_work+0x560/0x560 [ 133.391313][ C1] ? kthread_blkcg+0xd0/0xd0 [ 133.395910][ C1] ret_from_fork+0x48/0x80 [ 133.400337][ C1] ? kthread_blkcg+0xd0/0xd0 [ 133.404932][ C1] ret_from_fork_asm+0x11/0x20 [ 133.409715][ C1] [ 134.552610][ C1] Shutting down cpus with NMI [ 134.557795][ C1] Kernel Offset: disabled [ 134.562153][ C1] Rebooting in 86400 seconds..