last executing test programs: 8.691326103s ago: executing program 3 (id=178): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000540)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x82, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x10, 0x3, 0x0, 0x0, {[@sack_perm={0x4, 0x2}]}}}}}}}, 0x0) 8.426787698s ago: executing program 3 (id=181): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000001040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) write$tun(r0, &(0x7f0000000140)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x8016, 0x1400, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x1400, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @loopback}}}}, 0xfdef) 8.161126712s ago: executing program 3 (id=183): r0 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000000)="fc00", 0x2) splice(r1, 0x0, r0, 0x0, 0x1100002000f336, 0x5) 7.980372036s ago: executing program 3 (id=185): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000140)='./file2\x00', 0x1008400, &(0x7f0000000080)=ANY=[], 0x85, 0x686, &(0x7f0000001240)="$eJzs3ctvXFcdB/DvnYwnmVBSt03aFFVK1EiAiEjsWCmYTQNCKIsKVWXB2kqcxMokLY6L3ApR8952kT+gLLJjgZDYR5QNG9h162UlBJuuzGrQvXNnPPFznNfY6ecTXd9z59xzzu/85j5mPLEmwJfW5bNp3k+Ry2ffWi63V+/NdFbvzdzql5McTtJImkOtup8ml9Jb8mqSoq4othvn7sLsO599sfp5b6tZL9X+jZ3ajWalXnI6yaF6/bj6u7Jbf0d2664YzLBM2Jl+4mDcJsqzufKfu71HfvaP5wY1Q9pbtd71yAcOgKJ339xkMjlan+jl64DeXbF3zz7QVsYdAAAAADwFz69lLcs5Nu44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CCpv/+/qJdGv3w6Rf39/0WrfqzUGnO4m53a2+73n1QcAAAAAAAAAPAUnVrLWpZzrL/dLarP/F+vNo5XP7+S93Mn81nMuSxnLktZymKmk0wOddRanltaWpwetOz/z4DNLS9s2fLCLoEertftxzFrAAAAAAAAAHjm/DqX1z//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/aBIDvVW1XK8X55Mo5nkSJJWud9K8q9++SC7P+4AAAAA4BF0R9zv+bWsZTnHBu2K6j3/y9X7/iN5P7ezlIUspZP5XK1+F9B7199YvTfTWb03c6tcNvf7/f/uKdyqx/R+97D1yCerPdq5loXqkXO5kndTFFfTqFqWTvbj2TquX5UxFW/2TIwY2dV6Xc7843q9yUd7mux29vjLlMkqIxODjEzVsZXZeGHnTOzx2dk40nQag2CPbxhpwyQeyPmbI453tF6X8/n9djkfi42ZuDB09L28c86Tb/z1Tz+90bl988a1O2f3z5RGc6he964r7c2ZmBnKxCvPciY2maoycWKwfTk/yk9yNqfzdhazkJ9nLkuZz+n8sCrN1cdzMXTKb5OpSw9svb1bJK36CO09WQ/GlF1ier1qeywL+XHezdXM543q34VM5zu5mIuZHXqGT4xwpW1sc9Z3v7pl8Ge+WRfaSf5QryvXmxt2LVZ2y8TjVeb1haG8Dl9zJ6u64UfWs/TiHu5H/Sz9eedQml+rC+UYv6nX+8PGTEwPZeKlnTPxx+qycqdz++bijbn3RhvuxY/rQnke/W5f3SXK4+XF8smqth48Osq6l+q6iWpZz1er/sSl166xqe7EoK53pq5se6a26tdwm3u6UNW9smXdTFV3cqhu4+utzuD10LPw4Q/AM+vot4622v9u/7P9Sfu37Rvtt4784PB3D7/WysTfJ77XnDr09cZrxV/ySX65/v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4eHc++PDmXKczv7ih0O12P9qm6iAX+l9n9hQHffW5ZFxTbiXZH5n/X7fbrR8p9kM8Oxe6pcPpPmTzvyUZbedmkq2qTj1E8EUeaxLGfGECnrjzS7feO3/ngw+/vXBr7vr89fnbsxcvzk7NXnxj5vy1hc78VO/nuKMEnoT1m/6IDbr75+s2AQAAAAAAAAAA4MvqUf9UIJO7/4XJ9qMfeZpTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6oy2fTvJ8i01Pnpsrt1XsznXLpl9f3bCZpJCl+kRSfJpfSWzI51F2x3Th3F2bf+eyL1c/X+2r292/s1G40K/WS00kO1evH1d+VR+6vGMywTNiZfuJg3P4fAAD//1RuAhY=") mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) r0 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount(0x0, &(0x7f0000000040)='./file0/../file0\x00', 0x0, 0x31486c, 0x0) fsync(r0) 7.730871511s ago: executing program 1 (id=187): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000) ioctl$EVIOCGMASK(r1, 0x5b01, 0x0) 7.610285273s ago: executing program 3 (id=188): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000840)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r2, 0xc1004111, &(0x7f00000003c0)={0x5, [0x7, 0x4f, 0x1000000], [{0x6, 0x5, 0x0, 0x1, 0x1}, {0xe, 0xb, 0x1, 0x1}, {0x9, 0x0, 0x1, 0x1}, {0x9b6c, 0x7, 0x0, 0x1, 0x1}, {0x5, 0x6, 0x1, 0x0, 0x0, 0x1}, {0x4625, 0xfffffffd, 0x0, 0x1}, {0x4, 0x2, 0x0, 0x1}, {0x9, 0x0, 0x0, 0x1}, {0x6, 0x8, 0x1, 0x0, 0x1}, {0x5, 0x3, 0x1, 0x1, 0x0, 0x1}, {0x5, 0x1}, {0x4, 0xfffffff7, 0x1}]}) 7.107116463s ago: executing program 3 (id=191): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0xa, 0x42, 0x40, 0xc0, 0x1, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000080), 0x1003, r1}, 0x38) 6.381719037s ago: executing program 32 (id=191): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0xa, 0x42, 0x40, 0xc0, 0x1, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000080), 0x1003, r1}, 0x38) 5.529680683s ago: executing program 1 (id=196): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0x7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000010000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000080000850000008600000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000200)={r3, r1, 0x25, 0x0, @val=@perf_event={0x7}}, 0x18) syz_emit_ethernet(0x11, &(0x7f0000001480)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}, @void, {@llc={0x4, {@llc={0xdc, 0x0, "85"}}}}}, 0x0) 5.18971665s ago: executing program 1 (id=197): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x0, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000000000007112370000000000950000000000000089e2d90aa1795cc26efb1dacf01150510936875c66d6a7d6eb12d4cdbc5c0ce0d29df91940d8ca08008e7aa5b3c9a10909d6e18b263131bf965f55746df5189a2e23905ae4dc5340e0eb74eb523d5b77a763cccb768b4453c8b1b1dd0a71983b5c2cfe11f3d30228772b0b798ebaf5abde2ce3ec34f8c6f13ee1f181ac563ba7a7edc9be94452da6d7eb67ae3243cb393245efd0dd21de9553cbd1a8516282de458c44d1ddae97af584de743d44ed18d20dd3b2c42cf1e8b27788dfc562367d46197198cd19fda89a6feca6c738b1d4b2522"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f010400000009058303"], 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000080)=0xb309) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f0000000040)={0x50, 0x9, 0x0, {0x6, 0x4}, {0x1ff, 0x4003}, @period={0x58, 0x1000, 0x8, 0x6, 0xff, {0x1, 0x0, 0x100, 0x101}, 0x0, 0x0}}) 5.13911083s ago: executing program 2 (id=198): socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000850000002a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) setsockopt$packet_int(r0, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) 4.905657135s ago: executing program 2 (id=199): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0), 0xfc, 0x574, &(0x7f0000000e40)="$eJzs3c9rHFUcAPDvbJI2/aFJoRT1IIEerNRumsQfFTzUk4gWC3qvS7INJZtuyW5KEwu2B3vxIkUQsSB69+6x+A/4VxS0UKQEPXiJzGY2XZPZNNlumm3384Fp35uZzZvvvvm+fbOzywbQt8bSfwoRL0fEN0nESMu2wcg2jq3tt/Lw+nS6JLG6+ulfSSTZuub+Sfb/oazyUkT89lXEycLmdmtLy3OlSqW8kNXH6/NXxmtLy6cuzZdmy7Ply5NTU2fempp89523uxbr6+f/+f6Tux+e+fr4yne/3D9yO4mzcTjb1hrHE7jRWhmLsew5GYqzG3ac6EJjvSTZ6wOgIwNZng9FOgaMxECW9blWR57moQG77Ms0rYE+lch/6FPNeUDz2r5L18HPjAfvr10AbY5/cO29kRhuXBsdXEn+d2WUXu+OdqH9tI1f/7xzO12i3fsQ+7vQEMAGN25GxOnBwc3jX5KNf507vY19NrbRb68/sJfupvOfN/LmP4X1+U/kzH8O5eRuJx6f/4X7XWimrXT+917u/Hf9ptXoQFZ7oTHnG0ouXqqU07HtxYg4EUP70/pERHyQfxPk88LKvdV27bfO/9Ilbb85F8yO4/7ghvnfTKleevLI1zy4GfFK7vw3We//JKf/0+fj/DbbOFa+82q7bY+Pf3et/hTxWm7/P+rMZOv7k+ON82G8eVZs9vetY7+3a3+v40/7/+DW8Y8mrfdraztv48fhf8vttnV6/u9LPmuU92XrrpXq9YWJiH3Jx5vXTz56bLPe3D+N/8Txrce/vPP/QJrY24z/1tFbrbsO7yz+3ZXGP7Oj/t954d5HX/zQrv3t9f+bjdKJbM12xr/tHuCTPHcAAAAAAADQawoRcTiSQnG9XCgUi2uf7zgaBwuVaq1+8mJ18fJMNL4rOxpDhead7pGWz0NMZJ+HbdYnN9SnIuJIRHw7cKBRL05XKzN7HTwAAAAAAAAAAAAAAAAAAAD0iEMRw3nf/0/9MZD/mDargWfRFj/5DTzn2ud/tqUbv/QE9CSv/9C/5D/0L/kP/Uv+Q/+S/9C/5D/0L/kP/Wsn+f/zuV08EAAAAAAAAAAAAAAAAAAAAAAAAAAAAHg+nD93Ll1WVx5en07rM1eXFueqV0/NlGtzxfnF6eJ0deFKcbZana2Ui9PV+cf9vUq1emViMhavjdfLtfp4bWn5wnx18XL9wqX50mz5QnnoqUQFAAAAAAAAAAAAAAAAAAAAz5ba0vJcqVIpLygodFQY7I3D6MFCoTcOo8PCXo9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDIfwEAAP//wGE62g==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x17c) pwritev2(r0, &(0x7f0000000280)=[{&(0x7f0000000080)="ff", 0x1}], 0x1, 0xe7b, 0x0, 0x0) r1 = open(&(0x7f0000000080)='./file1\x00', 0x20042, 0x144) r2 = open(&(0x7f0000000000)='./file2\x00', 0x6840, 0x120) copy_file_range(r2, 0x0, r1, 0x0, 0x3df1, 0x0) 4.360982286s ago: executing program 2 (id=201): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x20000000, '\x00', 0x0, 0x0}, 0x50) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x8}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x7}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r0}, {}, {0x46, 0x0, 0x0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x5, 0x0, 0xb, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={r2, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000001200)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, 0x8, 0x0, 0x0}}, 0x10) 3.11431323s ago: executing program 2 (id=204): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000495"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='rseq_update\x00', r0}, 0x18) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='rseq_update\x00', r1}, 0x18) rseq(&(0x7f0000000080), 0x20, 0x0, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000203c13085c0a27bd276e0102038109022400010000d000090499000253773700090583104000c00305090503"], 0x0) 2.54818228s ago: executing program 1 (id=206): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r2}, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r1) sendmsg$NFC_CMD_GET_SE(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000011c0)={0x14, r3, 0x5953a6d8b15e6715, 0x70bd2c}, 0x14}}, 0x0) 2.305615105s ago: executing program 1 (id=207): gettid() r0 = socket$tipc(0x1e, 0x2, 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) sendmsg$tipc(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10, 0x0}, 0x40855) 2.07914248s ago: executing program 1 (id=209): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x18) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'macsec0\x00', 0x400}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000002c0)={'veth0\x00', 0xe00}) 1.176147797s ago: executing program 0 (id=211): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x400, 0x0, 0x2d2}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x8, 0x4007, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x47ba, 0x39000000, 0x0, 0x0, 0x0) 1.112246628s ago: executing program 0 (id=212): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002040)={0x18, 0x3, &(0x7f00000011c0)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001b"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x26}, 0x94) write$bt_hci(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00000002"], 0x8) 996.760121ms ago: executing program 0 (id=213): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0xd4) r1 = dup2(r0, r0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x5, 0x2, 0x236}}]}}, 0x0, 0x32, 0x0, 0x1, 0x7}, 0x28) mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x200000a, 0x1, 0x8}) 833.042643ms ago: executing program 0 (id=214): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_int(r0, 0x0, 0x33, &(0x7f0000000040)=0x80000003, 0x4) listen(r0, 0x3) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_int(r1, 0x0, 0x33, &(0x7f0000000040)=0x80000003, 0x4) connect$inet(r1, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) 766.002685ms ago: executing program 2 (id=215): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @loopback}, 0x4}}, 0x2e) syz_emit_ethernet(0x4c, &(0x7f0000000140)={@link_local, @random="dce65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "30b00afe4e70"}}}}}}}, 0x0) recvmmsg(r1, &(0x7f0000000340)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)=""/249, 0xf9}], 0x1}, 0x8}], 0x1, 0x1, 0x0) 667.165617ms ago: executing program 0 (id=216): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f0000000200)='m', 0x1) r1 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x2000) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100)) r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_DELAY(r2, 0x80084121, &(0x7f0000000080)) 614.776208ms ago: executing program 2 (id=217): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40890}, 0x24008004) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140100001400210200000000fcdbdf25031100800c0002"], 0x114}], 0x1}, 0x4040054) 0s ago: executing program 0 (id=218): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000003000000000000000000000095"], &(0x7f00000001c0)='syzkaller\x00'}, 0x94) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x10) syz_emit_ethernet(0x6e, &(0x7f0000002300)={@local, @random="ed8ab37f4c80", @val={@val={0x88a8, 0x1, 0x0, 0x1}, {0x8100, 0x7, 0x0, 0x2}}, {@mpls_uc={0x8847, {[], @ipv4=@gre={{0x5, 0x4, 0x1, 0x5, 0x58, 0x66, 0x0, 0x2, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x20}, @initdev={0xac, 0x1e, 0x1, 0x0}}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x2}, {0x1, 0x0, 0x1, 0x1}, {0x0, 0x0, 0x1}, {0x8, 0x88be, 0x2, {{0x9, 0x1, 0x7, 0x3, 0x1, 0x1, 0x2, 0x6}, 0x1, {0x5}}}, {0x8, 0x22eb, 0x2, {{0x8, 0x2, 0xe, 0x2, 0x0, 0x1, 0x3}, 0x2, {0xde9, 0x80, 0x1, 0x4, 0x0, 0x0, 0x0, 0x1}}}, {0x8, 0x6558, 0x1}}}}}}}, 0x0) syz_extract_tcp_res(0x0, 0x0, 0x800) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.209' (ED25519) to the list of known hosts. [ 74.509395][ T5775] cgroup: Unknown subsys name 'net' [ 74.646882][ T5775] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 76.284260][ T5775] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 78.274975][ T5789] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 78.294631][ T5794] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 78.312148][ T5794] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 78.319680][ T5789] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.320348][ T5794] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 78.328136][ T5796] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 78.335707][ T5794] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 78.350468][ T5796] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.351413][ T5794] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 78.358869][ T5796] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.365761][ T5794] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 78.372905][ T5796] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 78.392897][ T5796] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.400792][ T5796] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 78.410176][ T5796] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 78.422330][ T5796] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 78.431075][ T5796] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 78.434317][ T5791] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 78.439516][ T5796] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.457083][ T5791] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 78.467978][ T5791] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 78.477935][ T5791] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 78.493709][ T5791] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 78.514612][ T5791] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 78.967227][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 78.984423][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 79.037404][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 79.116595][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 79.235296][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.242563][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.250105][ T5788] bridge_slave_0: entered allmulticast mode [ 79.257012][ T5788] bridge_slave_0: entered promiscuous mode [ 79.281798][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.288940][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.296196][ T5792] bridge_slave_0: entered allmulticast mode [ 79.303190][ T5792] bridge_slave_0: entered promiscuous mode [ 79.311387][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.318525][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.325888][ T5792] bridge_slave_1: entered allmulticast mode [ 79.333918][ T5792] bridge_slave_1: entered promiscuous mode [ 79.343816][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.351069][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.358205][ T5788] bridge_slave_1: entered allmulticast mode [ 79.365552][ T5788] bridge_slave_1: entered promiscuous mode [ 79.382890][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.390183][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.397312][ T5786] bridge_slave_0: entered allmulticast mode [ 79.404691][ T5786] bridge_slave_0: entered promiscuous mode [ 79.442881][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.450308][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.457832][ T5786] bridge_slave_1: entered allmulticast mode [ 79.465723][ T5786] bridge_slave_1: entered promiscuous mode [ 79.493146][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.505124][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.540499][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.551977][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.622739][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.633758][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.641038][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.648195][ T5785] bridge_slave_0: entered allmulticast mode [ 79.655393][ T5785] bridge_slave_0: entered promiscuous mode [ 79.676444][ T5788] team0: Port device team_slave_0 added [ 79.685275][ T5792] team0: Port device team_slave_0 added [ 79.693716][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.703490][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.710826][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.718030][ T5785] bridge_slave_1: entered allmulticast mode [ 79.725875][ T5785] bridge_slave_1: entered promiscuous mode [ 79.745229][ T5788] team0: Port device team_slave_1 added [ 79.753668][ T5792] team0: Port device team_slave_1 added [ 79.809402][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.818529][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.845325][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.899145][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.913076][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.924103][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.932054][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.958712][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.993938][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.001066][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.027494][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.043121][ T5786] team0: Port device team_slave_0 added [ 80.083985][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.091322][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.117285][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.135273][ T5786] team0: Port device team_slave_1 added [ 80.171676][ T5788] hsr_slave_0: entered promiscuous mode [ 80.178042][ T5788] hsr_slave_1: entered promiscuous mode [ 80.215108][ T5785] team0: Port device team_slave_0 added [ 80.224814][ T5785] team0: Port device team_slave_1 added [ 80.236880][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.244266][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.270449][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.283059][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.290075][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.316216][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.398699][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.405868][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.432565][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.443343][ T5791] Bluetooth: hci2: command tx timeout [ 80.466128][ T5792] hsr_slave_0: entered promiscuous mode [ 80.472864][ T5792] hsr_slave_1: entered promiscuous mode [ 80.479645][ T5792] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.487563][ T5792] Cannot create hsr debugfs directory [ 80.504868][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.512180][ T5791] Bluetooth: hci0: command tx timeout [ 80.512201][ T5104] Bluetooth: hci1: command tx timeout [ 80.514714][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.549518][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.577634][ T5786] hsr_slave_0: entered promiscuous mode [ 80.584020][ T5786] hsr_slave_1: entered promiscuous mode [ 80.590005][ T5791] Bluetooth: hci3: command tx timeout [ 80.595835][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.603674][ T5786] Cannot create hsr debugfs directory [ 80.765657][ T5785] hsr_slave_0: entered promiscuous mode [ 80.772358][ T5785] hsr_slave_1: entered promiscuous mode [ 80.778591][ T5785] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.787134][ T5785] Cannot create hsr debugfs directory [ 81.028202][ T5788] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 81.063410][ T5788] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 81.078713][ T5788] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 81.091118][ T5788] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 81.172187][ T5792] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 81.185217][ T5792] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 81.213451][ T5792] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 81.239184][ T5792] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 81.283067][ T5786] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 81.311146][ T5786] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 81.323445][ T5786] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 81.333982][ T5786] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 81.416330][ T5785] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 81.437938][ T5785] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 81.449342][ T5785] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 81.459525][ T5785] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 81.532241][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.572255][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.627217][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.644695][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.652145][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.672836][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.692885][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.700063][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.751838][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.761364][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.768498][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.779407][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.786668][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.876358][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.927063][ T1129] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.934279][ T1129] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.955322][ T5788] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 81.997402][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.062446][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.069602][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.225813][ T5786] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 82.283316][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.316312][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.323527][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.376748][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.384247][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.529807][ T5791] Bluetooth: hci2: command tx timeout [ 82.590734][ T5791] Bluetooth: hci0: command tx timeout [ 82.592001][ T5104] Bluetooth: hci1: command tx timeout [ 82.612044][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.668488][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.675659][ T5104] Bluetooth: hci3: command tx timeout [ 82.828157][ T5788] veth0_vlan: entered promiscuous mode [ 82.852972][ T5792] veth0_vlan: entered promiscuous mode [ 82.888469][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.896227][ T5792] veth1_vlan: entered promiscuous mode [ 82.906413][ T5788] veth1_vlan: entered promiscuous mode [ 83.003112][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.017517][ T5792] veth0_macvtap: entered promiscuous mode [ 83.028444][ T5792] veth1_macvtap: entered promiscuous mode [ 83.069010][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.088363][ T5788] veth0_macvtap: entered promiscuous mode [ 83.110429][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.122096][ T5792] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.132055][ T5792] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.142601][ T5792] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.151487][ T5792] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.167558][ T5786] veth0_vlan: entered promiscuous mode [ 83.176415][ T5788] veth1_macvtap: entered promiscuous mode [ 83.227163][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.239080][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.252394][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.262533][ T5786] veth1_vlan: entered promiscuous mode [ 83.280200][ T5785] veth0_vlan: entered promiscuous mode [ 83.286455][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.298847][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.310855][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.356842][ T5788] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.366259][ T5788] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.376327][ T5788] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.385512][ T5788] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.403101][ T5785] veth1_vlan: entered promiscuous mode [ 83.450968][ T2969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.465103][ T2969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.510492][ T5786] veth0_macvtap: entered promiscuous mode [ 83.532262][ T1129] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.544994][ T1129] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.567701][ T5786] veth1_macvtap: entered promiscuous mode [ 83.588045][ T5785] veth0_macvtap: entered promiscuous mode [ 83.608281][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.619375][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.631773][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.643932][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.656281][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.684561][ T5785] veth1_macvtap: entered promiscuous mode [ 83.705510][ T2969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.713410][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.713458][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.713470][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.713484][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.715105][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.779143][ T2969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.829203][ T5786] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.856339][ T5786] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.867782][ T5786] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.877427][ T5786] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.893972][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.906748][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.918140][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.929152][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.939176][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.952131][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.964785][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.006955][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.019215][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.039851][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.052282][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.064095][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.075187][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.087230][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.109879][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.115159][ T5785] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.117874][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.136013][ T5785] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.146734][ T5785] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.155485][ T5785] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.183498][ T5881] block nbd2: NBD_DISCONNECT [ 84.189043][ T5881] block nbd2: Send disconnect failed -107 [ 84.199468][ T5880] block nbd2: Disconnected due to user request. [ 84.216767][ T5880] block nbd2: shutting down sockets [ 84.362189][ T1129] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.399007][ T1129] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.452884][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.480755][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.518737][ T1129] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.550288][ T1129] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.569631][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.590127][ T5104] Bluetooth: hci2: command tx timeout [ 84.612104][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.670080][ T5104] Bluetooth: hci1: command tx timeout [ 84.670314][ T5791] Bluetooth: hci0: command tx timeout [ 84.750555][ T5791] Bluetooth: hci3: command tx timeout [ 84.982085][ T5895] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 85.108080][ T5900] syz.2.11[5900]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 85.157557][ T5900] loop2: detected capacity change from 0 to 2048 [ 85.187732][ T5900] NILFS (loop2): invalid segment: Magic number mismatch [ 85.214528][ T5900] NILFS (loop2): trying rollback from an earlier position [ 85.249943][ T5834] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 85.252008][ T5900] NILFS (loop2): recovery complete [ 85.272937][ T5904] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 85.438402][ T5906] process 'syz.0.13' launched './file0' with NULL argv: empty string added [ 85.495704][ T5834] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 85.525882][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 85.549787][ T5834] usb 4-1: Product: syz [ 85.564924][ T5834] usb 4-1: Manufacturer: syz [ 85.569569][ T5834] usb 4-1: SerialNumber: syz [ 85.616338][ T5834] usb 4-1: config 0 descriptor?? [ 85.643881][ T5834] gspca_main: sq930x-2.14.0 probing 2770:930c [ 85.780488][ T5913] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16'. [ 85.798512][ T5913] netlink: 'syz.0.16': attribute type 30 has an invalid length. [ 85.824477][ T5913] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 85.833914][ T5913] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 85.842743][ T5913] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 85.851563][ T5913] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 85.910253][ T5913] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16'. [ 85.919485][ T5913] netlink: 'syz.0.16': attribute type 30 has an invalid length. [ 85.993525][ T5913] Zero length message leads to an empty skb [ 86.585796][ T5924] loop0: detected capacity change from 0 to 32768 [ 86.594515][ T5924] ======================================================= [ 86.594515][ T5924] WARNING: The mand mount option has been deprecated and [ 86.594515][ T5924] and is ignored by this kernel. Remove the mand [ 86.594515][ T5924] option from the mount to silence this warning. [ 86.594515][ T5924] ======================================================= [ 86.672840][ T5791] Bluetooth: hci2: command tx timeout [ 86.685768][ T5924] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 86.706745][ T5924] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 86.751282][ T5791] Bluetooth: hci1: command tx timeout [ 86.751335][ T5104] Bluetooth: hci0: command tx timeout [ 86.773473][ T1187] cfg80211: failed to load regulatory.db [ 86.820300][ T5854] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 86.830743][ T5104] Bluetooth: hci3: command tx timeout [ 86.950341][ T5834] gspca_sq930x: reg_w 0105 0c00 failed -71 [ 86.972982][ T5924] syz.0.21 (5924) used greatest stack depth: 18928 bytes left [ 87.034202][ T5854] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 87.045159][ T5854] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 87.045617][ T5785] ocfs2: Unmounting device (7,0) on (node local) [ 87.060083][ T5854] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 87.076754][ T5854] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 87.085285][ T5854] usb 3-1: SerialNumber: syz [ 87.090741][ T1187] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 87.200207][ T5834] gspca_sq930x: Sensor ov9630 not yet treated [ 87.212643][ T5834] sq930x: probe of 4-1:0.0 failed with error -22 [ 87.241848][ T5834] usb 4-1: USB disconnect, device number 2 [ 87.279890][ T1187] usb 2-1: Using ep0 maxpacket: 16 [ 87.294481][ T1187] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 87.322646][ T1187] usb 2-1: config 0 interface 0 has no altsetting 0 [ 87.329299][ T1187] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 87.344143][ T5854] usb 3-1: 0:2 : does not exist [ 87.359837][ T1187] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.379643][ T1187] usb 2-1: config 0 descriptor?? [ 87.418957][ T5854] usb 3-1: USB disconnect, device number 2 [ 87.492041][ T5801] udevd[5801]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 87.891134][ T1187] nzxt-smart2 0003:1E71:2009.0001: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.1-1/input0 [ 88.159969][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 88.346055][ T5953] loop2: detected capacity change from 0 to 4096 [ 88.398180][ T0] NOHZ tick-stop error: local softirq work is pending, handler #51!!! [ 88.407387][ T0] NOHZ tick-stop error: local softirq work is pending, handler #50!!! [ 88.416039][ T1187] usb 2-1: USB disconnect, device number 2 [ 88.423381][ T0] NOHZ tick-stop error: local softirq work is pending, handler #50!!! [ 88.477668][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 88.679990][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 88.690092][ T27] audit: type=1800 audit(1756835668.518:2): pid=5953 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.29" name="file1" dev="loop2" ino=33 res=0 errno=0 [ 90.126111][ T5965] loop3: detected capacity change from 0 to 32768 [ 90.226078][ T5968] loop2: detected capacity change from 0 to 32768 [ 90.236700][ T5968] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.36 (5968) [ 90.281884][ T5968] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 90.325297][ T5965] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 90.343326][ T5968] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 90.407034][ T5968] BTRFS info (device loop2): enabling auto defrag [ 90.442195][ T5968] BTRFS info (device loop2): doing ref verification [ 90.464532][ T5968] BTRFS info (device loop2): use no compression [ 90.489163][ T5968] BTRFS info (device loop2): force clearing of disk cache [ 90.509135][ T5968] BTRFS info (device loop2): max_inline at 57 [ 90.525534][ T5968] BTRFS info (device loop2): disabling free space tree [ 90.691651][ T5968] BTRFS info (device loop2): enabling ssd optimizations [ 90.719153][ T5968] BTRFS info (device loop2): auto enabling async discard [ 90.764985][ T5968] BTRFS info (device loop2): rebuilding free space tree [ 90.837198][ T27] audit: type=1800 audit(1756835670.678:3): pid=5965 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.34" name="file1" dev="loop3" ino=17058 res=0 errno=0 [ 90.950684][ T6000] netlink: 8 bytes leftover after parsing attributes in process `syz.1.41'. [ 91.007635][ T5968] BTRFS info (device loop2): disabling free space tree [ 91.036084][ T5968] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 91.069894][ T5968] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 91.296270][ T5786] ocfs2: Unmounting device (7,3) on (node local) [ 91.352291][ T5968] BTRFS error (device loop2): target device ߍVg͟;ɓ3'gL=z#;g׵]yKoLOI%cY2ݦte]!]߱Kr#L"";\?}yiPYWZV[᪼XcIt@w is invalid! [ 91.481340][ T5792] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 91.538414][ T6010] netlink: 68 bytes leftover after parsing attributes in process `syz.1.45'. [ 92.304640][ T6028] loop0: detected capacity change from 0 to 128 [ 92.564445][ T6032] Illegal XDP return value 4294967294 on prog (id 11) dev N/A, expect packet loss! [ 92.603927][ T6016] loop1: detected capacity change from 0 to 32768 [ 93.118196][ T6044] loop3: detected capacity change from 0 to 8192 [ 93.822677][ T6059] loop1: detected capacity change from 0 to 512 [ 93.834469][ T6059] EXT4-fs: Ignoring removed i_version option [ 93.865857][ T6059] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 93.908187][ T6063] loop0: detected capacity change from 0 to 1024 [ 93.919500][ T6063] EXT4-fs: Ignoring removed oldalloc option [ 93.927077][ T6063] EXT4-fs: Ignoring removed bh option [ 93.969316][ T6063] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 94.046080][ T6063] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 94.165498][ T6063] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4031: comm syz.0.67: Allocating blocks 385-513 which overlap fs metadata [ 94.190343][ T6057] loop2: detected capacity change from 0 to 32768 [ 94.234925][ T6063] EXT4-fs (loop0): pa ffff88802bac41d0: logic 16, phys. 129, len 24 [ 94.243391][ T6063] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5372: group 0, free 0, pa_free 8 [ 94.306509][ T6057] XFS (loop2): DAX unsupported by block device. Turning off DAX. [ 94.320145][ T6057] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 94.336064][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.472805][ T6076] mmap: syz.1.68 (6076) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 94.519078][ T6057] XFS (loop2): Ending clean mount [ 94.552826][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.582463][ T6057] XFS (loop2): Quotacheck needed: Please wait. [ 94.778763][ T6057] XFS (loop2): Quotacheck: Done. [ 95.136459][ T5792] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 95.219786][ T23] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 95.444566][ T23] usb 1-1: config 0 has no interfaces? [ 95.461038][ T23] usb 1-1: New USB device found, idVendor=17dd, idProduct=5500, bcdDevice=f3.5e [ 95.480336][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.489036][ T23] usb 1-1: Product: syz [ 95.494030][ T23] usb 1-1: Manufacturer: syz [ 95.498666][ T23] usb 1-1: SerialNumber: syz [ 95.506883][ T23] usb 1-1: config 0 descriptor?? [ 95.866216][ T5834] usb 1-1: USB disconnect, device number 2 [ 95.903325][ T6110] loop3: detected capacity change from 0 to 512 [ 95.925549][ T6112] loop2: detected capacity change from 0 to 256 [ 95.926964][ T6110] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 95.950651][ T6112] exfat: Unknown parameter '01777777777777777777777' [ 95.985583][ T6110] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 95.987273][ T6104] kvm: kvm [6101]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0xc1) = 0xfffffc18 [ 96.005434][ T6104] kvm: kvm [6101]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0xc2) = 0xfffffc18 [ 96.018084][ T6110] System zones: 0-2, 18-18, 34-34 [ 96.020312][ T6104] kvm: kvm [6101]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x11e) = 0xfffffc18 [ 96.046796][ T6104] kvm: kvm [6101]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x186) = 0xfffffc18 [ 96.049114][ T6110] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.057916][ T6104] kvm: kvm [6101]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x187) = 0xfffffc18 [ 96.088338][ T6110] ext4 filesystem being mounted at /16/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 96.166733][ T6110] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 96.183044][ T6110] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 32896 with max blocks 1 with error 28 [ 96.197021][ T6110] EXT4-fs (loop3): This should not happen!! Data will be lost [ 96.197021][ T6110] [ 96.208750][ T6110] EXT4-fs (loop3): Total free blocks count 0 [ 96.217141][ T6110] EXT4-fs (loop3): Free/Dirty block details [ 96.223878][ T6110] EXT4-fs (loop3): free_blocks=39626 [ 96.229297][ T6110] EXT4-fs (loop3): dirty_blocks=1 [ 96.234841][ T6110] EXT4-fs (loop3): Block reservation details [ 96.241174][ T6110] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 96.249954][ T5777] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 96.295896][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.440052][ T5777] usb 3-1: Using ep0 maxpacket: 16 [ 96.462207][ T5777] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 96.487552][ T5777] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 96.501940][ T5777] usb 3-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 96.543113][ T5777] usb 3-1: config 0 interface 0 has no altsetting 0 [ 96.568760][ T5777] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 96.580143][ T6122] loop0: detected capacity change from 0 to 8 [ 96.583612][ T5777] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.605830][ T6122] SQUASHFS error: lzo decompression failed, data probably corrupt [ 96.633116][ T6122] SQUASHFS error: Failed to read block 0x91: -5 [ 96.633871][ T5777] usb 3-1: config 0 descriptor?? [ 96.665941][ T6122] SQUASHFS error: Unable to read metadata cache entry [8f] [ 96.690100][ T6122] SQUASHFS error: Unable to read inode 0x11f [ 97.087169][ T5777] hid (null): report_id 23696 is invalid [ 97.097453][ T5777] hid (null): global environment stack underflow [ 97.105191][ T5777] hid (null): global environment stack underflow [ 97.114591][ T6118] loop3: detected capacity change from 0 to 32768 [ 97.121322][ T23] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 97.159272][ T6118] XFS (loop3): DAX unsupported by block device. Turning off DAX. [ 97.202233][ T6118] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 97.302278][ T6118] XFS (loop3): Ending clean mount [ 97.342427][ T5834] usb 3-1: USB disconnect, device number 3 [ 97.357916][ T6118] XFS (loop3): Quotacheck needed: Please wait. [ 97.366288][ T23] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 97.408341][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.438610][ T23] usb 2-1: Product: syz [ 97.459870][ T23] usb 2-1: Manufacturer: syz [ 97.464516][ T23] usb 2-1: SerialNumber: syz [ 97.472789][ T6118] XFS (loop3): Quotacheck: Done. [ 97.485500][ T23] usb 2-1: config 0 descriptor?? [ 97.645740][ T6141] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 97.667231][ T5786] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 97.735415][ T23] hso 2-1:0.0: Can't find BULK IN endpoint [ 97.761330][ T23] usb-storage 2-1:0.0: USB Mass Storage device detected [ 97.953377][ T6125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 97.990327][ T6125] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 98.009671][ T23] usb 2-1: USB disconnect, device number 3 [ 99.605301][ T6151] loop6: detected capacity change from 0 to 7 [ 99.635126][ T6151] Dev loop6: unable to read RDB block 7 [ 99.651013][ T6146] kvm: kvm [6145]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0xc1) = 0xfffffc18 [ 99.660145][ T6146] kvm: kvm [6145]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0xc2) = 0xfffffc18 [ 99.663826][ T6151] loop6: AHDI p1 p2 [ 99.672977][ T6146] kvm: kvm [6145]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x11e) = 0xfffffc18 [ 99.704525][ T6146] kvm: kvm [6145]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x186) = 0xfffffc18 [ 99.704718][ T6151] loop6: partition table partially beyond EOD, [ 99.730084][ T6146] kvm: kvm [6145]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x187) = 0xfffffc18 [ 99.760820][ T6151] truncated [ 99.764170][ T6151] loop6: p1 start 926365495 is beyond EOD, truncated [ 100.264720][ T6170] Bluetooth: MGMT ver 1.22 [ 100.569852][ T5777] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 100.772508][ T5777] usb 2-1: Using ep0 maxpacket: 32 [ 100.789331][ T5777] usb 2-1: config 0 has an invalid interface number: 132 but max is 0 [ 100.809084][ T27] audit: type=1326 audit(1756835680.648:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6184 comm="syz.3.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd17ed8ebe9 code=0x7ffc0000 [ 100.835402][ T5777] usb 2-1: config 0 has no interface number 0 [ 100.841821][ T5777] usb 2-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 100.854955][ T5777] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 100.865089][ T27] audit: type=1326 audit(1756835680.648:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6184 comm="syz.3.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd17ed8ebe9 code=0x7ffc0000 [ 100.887243][ T5777] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.887265][ T5777] usb 2-1: Product: syz [ 100.887280][ T5777] usb 2-1: Manufacturer: syz [ 100.887293][ T5777] usb 2-1: SerialNumber: syz [ 100.917836][ T5777] usb 2-1: config 0 descriptor?? [ 100.934979][ T5777] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 100.955379][ T5777] em28xx 2-1:0.132: Video interface 132 found: [ 100.986831][ T27] audit: type=1326 audit(1756835680.648:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6184 comm="syz.3.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd17ed8ebe9 code=0x7ffc0000 [ 101.026714][ T27] audit: type=1326 audit(1756835680.648:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6184 comm="syz.3.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd17ed8ebe9 code=0x7ffc0000 [ 101.030486][ T6167] loop0: detected capacity change from 0 to 32768 [ 101.049148][ T27] audit: type=1326 audit(1756835680.648:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6184 comm="syz.3.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd17ed8ebe9 code=0x7ffc0000 [ 101.117889][ T27] audit: type=1326 audit(1756835680.648:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6184 comm="syz.3.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd17ed8ebe9 code=0x7ffc0000 [ 101.146013][ T27] audit: type=1326 audit(1756835680.648:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6184 comm="syz.3.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd17ed8ebe9 code=0x7ffc0000 [ 101.199079][ T27] audit: type=1326 audit(1756835680.648:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6184 comm="syz.3.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd17ed8ebe9 code=0x7ffc0000 [ 101.225907][ T27] audit: type=1326 audit(1756835680.648:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6184 comm="syz.3.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd17ed8ebe9 code=0x7ffc0000 [ 101.264179][ T6167] loop0: p1 p3 < > [ 101.272744][ T5857] IPVS: starting estimator thread 0... [ 101.310294][ T27] audit: type=1326 audit(1756835680.648:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6184 comm="syz.3.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd17ed8ebe9 code=0x7ffc0000 [ 101.370814][ T6195] IPVS: using max 21 ests per chain, 50400 per kthread [ 101.379493][ T5777] em28xx 2-1:0.132: unknown em28xx chip ID (0) [ 101.742665][ T6202] loop3: detected capacity change from 0 to 128 [ 102.486218][ T6216] loop3: detected capacity change from 0 to 128 [ 102.510428][ T5777] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 102.534354][ T6216] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 102.550278][ T6174] em28xx 2-1:0.132: failed to trigger write to i2c address 0x2 (error=-5) [ 102.554081][ T6216] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 102.560415][ T5777] em28xx 2-1:0.132: board has no eeprom [ 102.680580][ T5786] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 102.709893][ T5777] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 102.740346][ T5777] em28xx 2-1:0.132: analog set to bulk mode. [ 102.763570][ T8] em28xx 2-1:0.132: Registering V4L2 extension [ 102.800021][ T5777] usb 2-1: USB disconnect, device number 4 [ 102.899825][ T5777] em28xx 2-1:0.132: Disconnecting em28xx [ 103.081093][ T8] em28xx 2-1:0.132: Config register raw data: 0xffffffed [ 103.088543][ T8] em28xx 2-1:0.132: AC97 chip type couldn't be determined [ 103.115905][ T8] em28xx 2-1:0.132: No AC97 audio processor [ 103.135912][ T8] usb 2-1: Decoder not found [ 103.150245][ T8] em28xx 2-1:0.132: failed to create media graph [ 103.160949][ T8] em28xx 2-1:0.132: V4L2 device video103 deregistered [ 103.196922][ T8] em28xx 2-1:0.132: Remote control support is not available for this card. [ 103.234797][ T5777] em28xx 2-1:0.132: Closing input extension [ 103.300215][ T5777] em28xx 2-1:0.132: Freeing device [ 103.415394][ T6231] loop1: detected capacity change from 0 to 128 [ 103.484478][ T6231] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 103.520669][ T6229] loop3: detected capacity change from 0 to 8192 [ 103.574853][ T6229] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 103.591719][ T6229] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 103.636783][ T6229] REISERFS (device loop3): using ordered data mode [ 103.643893][ T6229] reiserfs: using flush barriers [ 103.655855][ T6229] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 103.677020][ T6229] REISERFS (device loop3): checking transaction log (loop3) [ 103.734111][ T6229] REISERFS (device loop3): Using r5 hash to sort names [ 103.753948][ T6229] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 103.830529][ T6239] netlink: 12 bytes leftover after parsing attributes in process `syz.0.127'. [ 103.859773][ T6239] netlink: 'syz.0.127': attribute type 18 has an invalid length. [ 103.914345][ T6239] vxlan1: entered promiscuous mode [ 104.250478][ T8] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 104.319351][ T6249] netlink: 8 bytes leftover after parsing attributes in process `syz.3.133'. [ 104.448369][ T6251] loop2: detected capacity change from 0 to 8192 [ 104.456138][ T8] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 104.463589][ T6251] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 104.479104][ T6251] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 104.479890][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.489444][ T6251] REISERFS (device loop2): using ordered data mode [ 104.503765][ T6251] reiserfs: using flush barriers [ 104.513947][ T6251] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 104.535072][ T6251] REISERFS (device loop2): checking transaction log (loop2) [ 104.544441][ T6251] REISERFS (device loop2): Using r5 hash to sort names [ 104.552083][ T6251] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 104.608822][ T8] usb 2-1: config 0 descriptor?? [ 105.192720][ T6258] loop0: detected capacity change from 0 to 32768 [ 105.221618][ T6265] syz.2.139 uses obsolete (PF_INET,SOCK_PACKET) [ 105.236037][ T6258] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 105.373224][ T5785] ocfs2: Unmounting device (7,0) on (node local) [ 105.688386][ T6275] loop0: detected capacity change from 0 to 512 [ 105.695973][ T6275] EXT4-fs: Ignoring removed oldalloc option [ 105.702151][ T5777] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 105.735086][ T6275] EXT4-fs (loop0): 1 truncate cleaned up [ 105.742981][ T6275] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.808332][ T6275] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.143: invalid indirect mapped block 234881024 (level 0) [ 105.833446][ T6275] EXT4-fs (loop0): Remounting filesystem read-only [ 105.884788][ T8] usb 2-1: Cannot set autoneg [ 105.890263][ T8] MOSCHIP usb-ethernet driver: probe of 2-1:0.0 failed with error -71 [ 105.899950][ T5777] usb 3-1: Using ep0 maxpacket: 16 [ 105.904703][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.907240][ T5777] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 105.930561][ T8] usb 2-1: USB disconnect, device number 5 [ 105.943165][ T5777] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 105.953913][ T5777] usb 3-1: New USB device found, idVendor=5543, idProduct=0081, bcdDevice= 0.00 [ 105.970463][ T5777] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.030252][ T5777] usb 3-1: config 0 descriptor?? [ 106.675899][ T5777] usb 3-1: string descriptor 0 read error: -71 [ 106.695570][ T5777] uclogic 0003:5543:0081.0003: failed retrieving string descriptor #200: -71 [ 106.728790][ T5777] uclogic 0003:5543:0081.0003: failed retrieving pen parameters: -71 [ 106.749990][ T5777] uclogic 0003:5543:0081.0003: failed probing pen v2 parameters: -71 [ 106.768996][ T5777] uclogic 0003:5543:0081.0003: failed probing parameters: -71 [ 106.778364][ T5777] uclogic: probe of 0003:5543:0081.0003 failed with error -71 [ 106.804083][ T5777] usb 3-1: USB disconnect, device number 4 [ 107.034163][ T8] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 107.163078][ T6312] netlink: 12 bytes leftover after parsing attributes in process `syz.3.157'. [ 107.173233][ T6312] netlink: 'syz.3.157': attribute type 18 has an invalid length. [ 107.195427][ T6312] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 107.204720][ T6312] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 107.213624][ T6312] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 107.222378][ T6312] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 107.230293][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 107.234950][ T6312] vxlan0: entered promiscuous mode [ 107.254396][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 107.281925][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 107.296096][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 107.309581][ T8] usb 2-1: New USB device found, idVendor=056a, idProduct=00c6, bcdDevice= 0.00 [ 107.344268][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.371513][ T8] usb 2-1: config 0 descriptor?? [ 107.816593][ T8] wacom 0003:056A:00C6.0004: hidraw0: USB HID v0.00 Device [HID 056a:00c6] on usb-dummy_hcd.1-1/input0 [ 108.036050][ T5777] usb 2-1: USB disconnect, device number 6 [ 108.089075][ T6336] loop2: detected capacity change from 0 to 512 [ 108.133393][ T6336] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.170237][ T6336] ext4 filesystem being mounted at /48/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.383578][ T5792] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.418119][ T6334] loop3: detected capacity change from 0 to 32768 [ 108.481835][ T6334] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 108.559723][ T27] kauditd_printk_skb: 11 callbacks suppressed [ 108.559736][ T27] audit: type=1800 audit(1756835688.398:25): pid=6334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.167" name="file1" dev="loop3" ino=17059 res=0 errno=0 [ 108.880983][ T5786] ocfs2: Unmounting device (7,3) on (node local) [ 109.685247][ T6368] input: syz1 as /devices/virtual/input/input8 [ 110.033574][ T6374] input: syz1 as /devices/virtual/input/input9 [ 110.147466][ T6376] loop3: detected capacity change from 0 to 1024 [ 110.539513][ T6347] loop2: detected capacity change from 0 to 65536 [ 110.565696][ T6347] XFS (loop2): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 110.694403][ T6347] XFS (loop2): Ending clean mount [ 110.699971][ T1187] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 110.881663][ T5792] XFS (loop2): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 110.897507][ T1187] usb 2-1: Using ep0 maxpacket: 8 [ 110.905113][ T1187] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 110.929823][ T1187] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 110.956854][ T1187] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 110.975671][ T6382] loop0: detected capacity change from 0 to 32768 [ 110.982774][ T1187] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 110.982808][ T1187] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 110.982848][ T1187] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 110.982869][ T1187] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.102753][ T48] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 111.105621][ T6382] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.189 (6382) [ 111.114673][ T48] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.259098][ T1187] usb 2-1: usb_control_msg returned -32 [ 111.273951][ T6382] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 111.284661][ T1187] usbtmc 2-1:16.0: can't read capabilities [ 111.309976][ T6382] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 111.318676][ T6382] BTRFS info (device loop0): using free space tree [ 111.402164][ T48] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 111.426162][ T48] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.541063][ T6382] BTRFS info (device loop0): enabling ssd optimizations [ 111.548113][ T6382] BTRFS info (device loop0): auto enabling async discard [ 111.666744][ T48] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 111.704420][ T48] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.776137][ T6407] usbtmc 2-1:16.0: usb_control_msg returned -32 [ 111.808619][ T1187] usb 2-1: USB disconnect, device number 7 [ 111.882297][ T48] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 111.903169][ T48] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.085705][ T1129] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 112.290997][ T6414] "syz.2.193" (6414) uses obsolete ecb(arc4) skcipher [ 112.481486][ T5785] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 112.591614][ T5791] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 112.601608][ T5791] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 112.619447][ T5791] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 112.638776][ T5791] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 112.654891][ T5791] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 112.702959][ T5791] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 113.240080][ T5777] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 113.258865][ T6436] loop2: detected capacity change from 0 to 1024 [ 113.345560][ T6436] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 113.375302][ T6436] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 113.393985][ T6436] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 113.410514][ T6436] EXT4-fs (loop2): This should not happen!! Data will be lost [ 113.410514][ T6436] [ 113.420233][ T5777] usb 2-1: Using ep0 maxpacket: 8 [ 113.421048][ T6436] EXT4-fs (loop2): Total free blocks count 0 [ 113.432620][ T6436] EXT4-fs (loop2): Free/Dirty block details [ 113.445293][ T27] audit: type=1800 audit(1756835693.288:26): pid=6444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.199" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 113.466119][ T5777] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 113.480058][ T6436] EXT4-fs (loop2): free_blocks=68451041280 [ 113.498452][ T5777] usb 2-1: config 179 has no interface number 0 [ 113.507132][ T6436] EXT4-fs (loop2): dirty_blocks=16 [ 113.529341][ T6436] EXT4-fs (loop2): Block reservation details [ 113.529363][ T5777] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 113.541451][ T6436] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 113.609826][ T5777] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 113.652839][ T5777] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 113.678505][ T1114] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 8 with error 28 [ 113.689786][ T5777] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 113.729923][ T5777] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 113.749311][ T5777] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.808311][ T6428] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 114.444329][ T5777] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input10 [ 114.749950][ T5104] Bluetooth: hci0: command tx timeout [ 114.780724][ T23] usb 2-1: USB disconnect, device number 8 [ 114.780801][ C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 114.795708][ C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 114.810819][ T23] xpad 2-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 114.841767][ T6417] chnl_net:caif_netlink_parms(): no params data found [ 115.196902][ T6417] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.227250][ T6417] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.249366][ T6417] bridge_slave_0: entered allmulticast mode [ 115.264057][ T6417] bridge_slave_0: entered promiscuous mode [ 115.292223][ T6484] loop0: detected capacity change from 0 to 64 [ 115.350003][ T5777] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 115.353540][ T6484] syz.0.205: attempt to access beyond end of device [ 115.353540][ T6484] loop0: rw=0, sector=268435468, nr_sectors = 2 limit=64 [ 115.373262][ T6417] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.380278][ T6484] Buffer I/O error on dev loop0, logical block 134217734, async page read [ 115.390249][ T6417] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.411642][ T6484] syz.0.205: attempt to access beyond end of device [ 115.411642][ T6484] loop0: rw=0, sector=268435468, nr_sectors = 2 limit=64 [ 115.420235][ T6417] bridge_slave_1: entered allmulticast mode [ 115.431219][ T6484] Buffer I/O error on dev loop0, logical block 134217734, async page read [ 115.452215][ T6417] bridge_slave_1: entered promiscuous mode [ 115.452924][ T6484] overlayfs: failed to create directory ./file0/work (errno: 5); mounting read-only [ 115.497390][ T6485] syz.0.205: attempt to access beyond end of device [ 115.497390][ T6485] loop0: rw=0, sector=268435468, nr_sectors = 2 limit=64 [ 115.529754][ T6484] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 115.530207][ T6485] Buffer I/O error on dev loop0, logical block 134217734, async page read [ 115.560060][ T6484] overlayfs: failed to get uuid (/bus, err=-95); falling back to uuid=null. [ 115.594678][ T5777] usb 3-1: Using ep0 maxpacket: 8 [ 115.608118][ T5777] usb 3-1: too many configurations: 129, using maximum allowed: 8 [ 115.621641][ T6485] syz.0.205: attempt to access beyond end of device [ 115.621641][ T6485] loop0: rw=0, sector=268435468, nr_sectors = 2 limit=64 [ 115.628194][ T5777] usb 3-1: config 0 has an invalid interface number: 153 but max is 0 [ 115.650346][ T6485] Buffer I/O error on dev loop0, logical block 134217734, async page read [ 115.665250][ T5777] usb 3-1: config 0 has no interface number 0 [ 115.678661][ T6417] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 115.699974][ T5777] usb 3-1: config 0 interface 153 altsetting 0 has a duplicate endpoint with address 0x3, skipping [ 115.725684][ T5777] usb 3-1: config 0 has an invalid interface number: 153 but max is 0 [ 115.750152][ T5777] usb 3-1: config 0 has no interface number 0 [ 115.756341][ T5777] usb 3-1: config 0 interface 153 altsetting 0 has a duplicate endpoint with address 0x3, skipping [ 115.803403][ T5777] usb 3-1: config 0 has an invalid interface number: 153 but max is 0 [ 115.812588][ T48] hsr_slave_0: left promiscuous mode [ 115.820677][ T5777] usb 3-1: config 0 has no interface number 0 [ 115.826824][ T5777] usb 3-1: config 0 interface 153 altsetting 0 has a duplicate endpoint with address 0x3, skipping [ 115.841026][ T48] hsr_slave_1: left promiscuous mode [ 115.842401][ T5785] syz-executor: attempt to access beyond end of device [ 115.842401][ T5785] loop0: rw=0, sector=268435468, nr_sectors = 2 limit=64 [ 115.848525][ T5777] usb 3-1: config 0 has an invalid interface number: 153 but max is 0 [ 115.878002][ T48] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 115.885747][ T48] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 115.900196][ T5777] usb 3-1: config 0 has no interface number 0 [ 115.903572][ T5785] Buffer I/O error on dev loop0, logical block 134217734, async page read [ 115.906320][ T5777] usb 3-1: config 0 interface 153 altsetting 0 has a duplicate endpoint with address 0x3, skipping [ 115.930922][ T5785] syz-executor: attempt to access beyond end of device [ 115.930922][ T5785] loop0: rw=0, sector=268435468, nr_sectors = 2 limit=64 [ 115.931383][ T48] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 115.960186][ T5785] Buffer I/O error on dev loop0, logical block 134217734, async page read [ 115.983644][ T5785] Trying to free block not in datazone [ 115.996457][ T48] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 116.010158][ T5777] usb 3-1: config 0 has an invalid interface number: 153 but max is 0 [ 116.018362][ T5777] usb 3-1: config 0 has no interface number 0 [ 116.028734][ T48] bridge_slave_1: left allmulticast mode [ 116.034796][ T48] bridge_slave_1: left promiscuous mode [ 116.042196][ T48] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.056680][ T48] bridge_slave_0: left allmulticast mode [ 116.059101][ T5777] usb 3-1: config 0 interface 153 altsetting 0 has a duplicate endpoint with address 0x3, skipping [ 116.065276][ T48] bridge_slave_0: left promiscuous mode [ 116.080956][ T48] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.147897][ T5777] usb 3-1: config 0 has an invalid interface number: 153 but max is 0 [ 116.158265][ T48] veth1_macvtap: left promiscuous mode [ 116.164501][ T5777] usb 3-1: config 0 has no interface number 0 [ 116.174251][ T48] veth0_macvtap: left promiscuous mode [ 116.182622][ T5777] usb 3-1: config 0 interface 153 altsetting 0 has a duplicate endpoint with address 0x3, skipping [ 116.183793][ T48] veth1_vlan: left promiscuous mode [ 116.201543][ T48] veth0_vlan: left promiscuous mode [ 116.207425][ T5777] usb 3-1: config 0 has an invalid interface number: 153 but max is 0 [ 116.220333][ T5777] usb 3-1: config 0 has no interface number 0 [ 116.226508][ T5777] usb 3-1: config 0 interface 153 altsetting 0 has a duplicate endpoint with address 0x3, skipping [ 116.256368][ T6499] loop0: detected capacity change from 0 to 1024 [ 116.263107][ T5777] usb 3-1: config 0 has an invalid interface number: 153 but max is 0 [ 116.263130][ T5777] usb 3-1: config 0 has no interface number 0 [ 116.263166][ T5777] usb 3-1: config 0 interface 153 altsetting 0 has a duplicate endpoint with address 0x3, skipping [ 116.287763][ T6499] EXT4-fs: Ignoring removed orlov option [ 116.314905][ T5777] usb 3-1: New USB device found, idVendor=0a5c, idProduct=bd27, bcdDevice=6e.27 [ 116.324699][ T5777] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.333775][ T5777] usb 3-1: Product: syz [ 116.338037][ T6499] EXT4-fs: Ignoring removed nomblk_io_submit option [ 116.344715][ T5777] usb 3-1: Manufacturer: syz [ 116.344731][ T5777] usb 3-1: SerialNumber: syz [ 116.350823][ T5777] usb 3-1: config 0 descriptor?? [ 116.421332][ T6499] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.678534][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.688813][ T9] usb 3-1: USB disconnect, device number 5 [ 116.833992][ T5104] Bluetooth: hci0: command tx timeout [ 116.982180][ T6508] Bluetooth: MGMT ver 1.22 [ 117.378479][ T48] team0 (unregistering): Port device team_slave_1 removed [ 117.452013][ T48] team0 (unregistering): Port device team_slave_0 removed [ 117.506184][ T48] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 117.549148][ T48] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 117.770444][ T5834] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 117.969965][ T5834] usb 3-1: Using ep0 maxpacket: 16 [ 117.989933][ T5834] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 118.015490][ T5834] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 118.032655][ T48] bond0 (unregistering): Released all slaves [ 118.039469][ T5834] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 118.064326][ T5834] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 118.073448][ T5834] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.098874][ T5834] usb 3-1: config 0 descriptor?? [ 118.177257][ T6417] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 118.218821][ T1114] ------------[ cut here ]------------ [ 118.225482][ T1114] WARNING: CPU: 0 PID: 1114 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 118.237126][ T1114] Modules linked in: [ 118.241491][ T1114] CPU: 0 PID: 1114 Comm: kworker/u4:5 Not tainted syzkaller #0 [ 118.249080][ T1114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 118.250925][ T1129] ------------[ cut here ]------------ [ 118.259519][ T1114] Workqueue: phy4 ieee80211_csa_finalize_work [ 118.265137][ T1129] WARNING: CPU: 1 PID: 1129 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 118.265181][ T1129] Modules linked in: [ 118.265197][ T1129] CPU: 1 PID: 1129 Comm: kworker/u4:6 Not tainted syzkaller #0 [ 118.265217][ T1129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 118.265230][ T1129] Workqueue: phy3 ieee80211_csa_finalize_work [ 118.271826][ T1114] [ 118.282931][ T1129] [ 118.286471][ T1114] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 118.294117][ T1129] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 118.294149][ T1129] Code: 48 89 df e8 1a 06 ea f7 e9 dc fc ff ff e8 f0 bf 92 f7 eb 24 e8 e9 bf 92 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 d8 bf 92 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ca bf 92 f7 48 8b 7c 24 08 4c 8b 7c [ 118.294166][ T1129] RSP: 0018:ffffc9000481f9c0 EFLAGS: 00010293 [ 118.294186][ T1129] RAX: ffffffff89f2cbce RBX: 0000000000000001 RCX: ffff888023b2bc00 [ 118.294200][ T1129] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 118.294212][ T1129] RBP: dffffc0000000000 R08: ffff88805e6295af R09: 1ffff1100bcc52b5 [ 118.294227][ T1129] R10: dffffc0000000000 R11: ffffed100bcc52b6 R12: 0000000000000001 [ 118.294268][ T1129] R13: ffff88805e62a5d9 R14: ffff88807d7fac70 R15: ffff88807d7face8 [ 118.294283][ T1129] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 118.304740][ T1114] Code: 48 89 df e8 1a 06 ea f7 e9 dc fc ff ff e8 f0 bf 92 f7 eb 24 e8 e9 bf 92 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 d8 bf 92 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ca bf 92 f7 48 8b 7c 24 08 4c 8b 7c [ 118.310504][ T1129] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.310522][ T1129] CR2: 00007fd6dbb3cfb3 CR3: 00000000310b9000 CR4: 00000000003506e0 [ 118.310541][ T1129] Call Trace: [ 118.310550][ T1129] [ 118.310584][ T1129] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 118.310658][ T1129] ieee80211_csa_finalize+0x59a/0xf00 [ 118.310689][ T1129] ? mutex_lock_nested+0x20/0x20 [ 118.310716][ T1129] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 118.310738][ T1129] ? ieee80211_csa_finalize_work+0x140/0x140 [ 118.313071][ T1114] RSP: 0018:ffffc900046cf9c0 EFLAGS: 00010293 [ 118.313092][ T1114] RAX: ffffffff89f2cbce RBX: 0000000000000001 RCX: ffff88802384da00 [ 118.313112][ T1114] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 118.315446][ T1129] ? read_lock_is_recursive+0x20/0x20 [ 118.323974][ C0] ------------[ cut here ]------------ [ 118.332883][ T1129] ieee80211_csa_finalize_work+0xf6/0x140 [ 118.350836][ C0] WARNING: CPU: 0 PID: 1114 at net/mac80211/tx.c:5031 __ieee80211_beacon_get+0x1233/0x1600 [ 118.350874][ C0] Modules linked in: [ 118.350887][ C0] CPU: 0 PID: 1114 Comm: kworker/u4:5 Not tainted syzkaller #0 [ 118.350905][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 118.350917][ C0] Workqueue: phy4 ieee80211_csa_finalize_work [ 118.357023][ T1129] ? process_scheduled_works+0x957/0x15b0 [ 118.364995][ C0] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600 [ 118.373024][ T1129] process_scheduled_works+0xa45/0x15b0 [ 118.380978][ C0] Code: 24 4c 89 e7 e8 0e 88 d4 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 19 65 97 f7 0f 0b e9 f6 f7 ff ff e8 0d 65 97 f7 <0f> 0b e9 48 fb ff ff e8 01 65 97 f7 48 c7 c7 a0 09 24 8e 4c 89 e6 [ 118.381000][ C0] RSP: 0018:ffffc90000007a18 EFLAGS: 00010246 [ 118.389049][ T1129] ? assign_work+0x400/0x400 [ 118.396990][ C0] [ 118.396999][ C0] RAX: ffffffff89ee2a93 RBX: ffffffff89ee1896 RCX: ffff88802384da00 [ 118.405972][ T1129] ? assign_work+0x39e/0x400 [ 118.425575][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 118.425589][ C0] RBP: 0000000000000000 R08: ffff88802384da00 R09: 0000000000000003 [ 118.425601][ C0] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805e69e3c0 [ 118.425614][ C0] R13: dffffc0000000000 R14: ffff88805e69e8b0 R15: ffff88805daee824 [ 118.425627][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 118.425643][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.425655][ C0] CR2: 0000001b2e71fff8 CR3: 00000000637ba000 CR4: 00000000003506f0 [ 118.425671][ C0] Call Trace: [ 118.425679][ C0] [ 118.425690][ C0] ? __ieee80211_beacon_get+0x36/0x1600 [ 118.425728][ C0] ieee80211_beacon_get_tim+0xb8/0x560 [ 118.425762][ C0] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 118.425819][ C0] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 118.425852][ C0] __iterate_interfaces+0x243/0x500 [ 118.425877][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 118.425902][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 118.425930][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 118.425955][ C0] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 118.425985][ C0] mac80211_hwsim_beacon+0xbb/0x1b0 [ 118.426012][ C0] __hrtimer_run_queues+0x51e/0xc40 [ 118.432860][ T1129] worker_thread+0xa55/0xfc0 [ 118.440651][ C0] ? hw_scan_work+0xf40/0xf40 [ 118.444009][ T1129] kthread+0x2fa/0x390 [ 118.446893][ C0] ? hrtimer_interrupt+0x9c0/0x9c0 [ 118.453423][ T1129] ? pr_cont_work+0x560/0x560 [ 118.458774][ C0] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 118.458816][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 118.463774][ T1129] ? kthread_blkcg+0xd0/0xd0 [ 118.469755][ C0] handle_softirqs+0x280/0x820 [ 118.469782][ C0] ? __irq_exit_rcu+0xc7/0x190 [ 118.475780][ T1129] ret_from_fork+0x48/0x80 [ 118.475805][ T1129] ? kthread_blkcg+0xd0/0xd0 [ 118.475825][ T1129] ret_from_fork_asm+0x11/0x20 [ 118.481954][ C0] ? do_softirq+0x180/0x180 [ 118.481984][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 118.490000][ T1129] [ 118.497939][ C0] __irq_exit_rcu+0xc7/0x190 [ 118.497966][ C0] ? irq_exit_rcu+0x20/0x20 [ 118.503363][ T1129] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 118.503374][ T1129] CPU: 1 PID: 1129 Comm: kworker/u4:6 Not tainted syzkaller #0 [ 118.503393][ T1129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 118.503406][ T1129] Workqueue: phy3 ieee80211_csa_finalize_work [ 118.503442][ T1129] Call Trace: [ 118.503450][ T1129] [ 118.503459][ T1129] dump_stack_lvl+0x16c/0x230 [ 118.503490][ T1129] ? show_regs_print_info+0x20/0x20 [ 118.503513][ T1129] ? load_image+0x3b0/0x3b0 [ 118.503546][ T1129] panic+0x2c0/0x710 [ 118.503582][ T1129] ? bpf_jit_dump+0xd0/0xd0 [ 118.503621][ T1129] ? ret_from_fork_asm+0x11/0x20 [ 118.503653][ T1129] __warn+0x2e0/0x470 [ 118.503679][ T1129] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 118.503712][ T1129] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 118.503740][ T1129] report_bug+0x2be/0x4f0 [ 118.503763][ T1129] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 118.503793][ T1129] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 118.503822][ T1129] ? ieee80211_vif_use_reserved_switch+0x10ea/0x28f0 [ 118.503859][ T1129] handle_bug+0xcf/0x120 [ 118.503883][ T1129] exc_invalid_op+0x1a/0x50 [ 118.503906][ T1129] asm_exc_invalid_op+0x1a/0x20 [ 118.503935][ T1129] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 118.503964][ T1129] Code: 48 89 df e8 1a 06 ea f7 e9 dc fc ff ff e8 f0 bf 92 f7 eb 24 e8 e9 bf 92 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 d8 bf 92 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ca bf 92 f7 48 8b 7c 24 08 4c 8b 7c [ 118.503980][ T1129] RSP: 0018:ffffc9000481f9c0 EFLAGS: 00010293 [ 118.503997][ T1129] RAX: ffffffff89f2cbce RBX: 0000000000000001 RCX: ffff888023b2bc00 [ 118.504010][ T1129] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 118.504022][ T1129] RBP: dffffc0000000000 R08: ffff88805e6295af R09: 1ffff1100bcc52b5 [ 118.504036][ T1129] R10: dffffc0000000000 R11: ffffed100bcc52b6 R12: 0000000000000001 [ 118.504048][ T1129] R13: ffff88805e62a5d9 R14: ffff88807d7fac70 R15: ffff88807d7face8 [ 118.504071][ T1129] ? ieee80211_vif_use_reserved_switch+0xcee/0x28f0 [ 118.504122][ T1129] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 118.504157][ T1129] ieee80211_csa_finalize+0x59a/0xf00 [ 118.504188][ T1129] ? mutex_lock_nested+0x20/0x20 [ 118.504215][ T1129] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 118.504237][ T1129] ? ieee80211_csa_finalize_work+0x140/0x140 [ 118.504269][ T1129] ? read_lock_is_recursive+0x20/0x20 [ 118.504300][ T1129] ieee80211_csa_finalize_work+0xf6/0x140 [ 118.504331][ T1129] ? process_scheduled_works+0x957/0x15b0 [ 118.504355][ T1129] process_scheduled_works+0xa45/0x15b0 [ 118.504410][ T1129] ? assign_work+0x400/0x400 [ 118.504441][ T1129] ? assign_work+0x39e/0x400 [ 118.504468][ T1129] worker_thread+0xa55/0xfc0 [ 118.504529][ T1129] kthread+0x2fa/0x390 [ 118.504545][ T1129] ? pr_cont_work+0x560/0x560 [ 118.504569][ T1129] ? kthread_blkcg+0xd0/0xd0 [ 118.504588][ T1129] ret_from_fork+0x48/0x80 [ 118.504608][ T1129] ? kthread_blkcg+0xd0/0xd0 [ 118.504628][ T1129] ret_from_fork_asm+0x11/0x20 [ 118.504670][ T1129] [ 118.509006][ T1129] Kernel Offset: disabled