last executing test programs: 4.644514591s ago: executing program 2: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f00000001c0)={r1, 0x0, 0x20}, &(0x7f0000000200)=0x18) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000040)={r2}, 0xc) 4.576400392s ago: executing program 2: mkdir(0x0, 0x0) syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000000100)='./file1\x00', 0x2008002, &(0x7f0000000f40)=ANY=[@ANYBLOB='fileset=00000000000000021736,adinicb,uid=forget,gid=', @ANYRESDEC=0x0, @ANYBLOB=',gid=', @ANYRESDEC=0x0, @ANYBLOB=',adinicb,gid=ignore,utf8\x00\x00\x00\x00hor=00100000000000000002,\x00'], 0x2, 0xc3c, &(0x7f0000002740)="$eJzs3U9sHNd9B/DfGy3FpdJWTOwoThoXm7ZIZcZy9S+mYhXOqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBfApYzOxbcUWRNi2R+mN9Pjb13Zl5b+a9mfWMLOjNCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAg4vdfvnDyVHrQrQAA7qdL418/edrzHwAeK5f9/z8AAAAAAAAAAAAAADzsUhTxRKRYuLSRJqvljvrFdt+NmxMjoztXG0hVzUNV+fKnfur0mbNffn74XDcvtuc+oP5++1y8On75QuOl+esLizNLSzPTjYm59tT89Mye93Cv9bcbqk5A4/prN6avXl1qnH7uzG2bbw6+1/+JY4Pnh5858XS37MTI6Oj4VpF6b/naXTekY7cRHoejiBOR4tkf/Dy1IqKIez8X9ft77bcbqDoxVHViYmS06shsuzW3XG4c656IIqLRU6nZPUc7X4uo9d3XPuyuGbFSNr9s8FDZvfGF1mLryuxMY6y1uNxebs/PjaVOa8v+NKKIcyliNSLW++/cXV8UUYsU3zu6ka5ExKHuefhSNTB493YUB9jHPSjb2eiLWC0egWv2EOuPIl6JFL94+3hM5ftMda/5YsQrZf4o4s0yX4xI5RfjbMS7O3yPeDTVooi/KK//+Y00Xd0PuveVi99ofG3u6nxP2e595SM+H+64Uzyg58PAtrw/HvJ7Uz2KaFV3/I1097/ZAQAAAAAAAAAAAAAAAGC/DUQRn40UL//7H1fjiqMal370/PAfDP5q75jxpz5kP2XZ5yJipdjbmNzDeWDgWBpL6QGPJX6c1aOIP8nj/77zoBsDAAAAAAAAAAAAAAAAAADwWCviZ5HihXeOp9XonVO8PXetcbl1ZbYzK2x37t/unOmbm5ubjdTJZs7JnCs5V3Ou5VzPGUWun7OZczLnSs7VnGs513PGoVw/52Zu0GReXsm5mnMt53rOqOX6OZs5J3Ou5FzNuZZzPWc8JHP3AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8nBRRxC8jxXe/tZEiRUQzYjI6udb/oFsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJT6UxE/jBSNP2zeWleLiFT923G8/OVsNA+X+aloDpf5YjQv5GxVWWt+56MdurFffeDu9aUifhop+utv3brg+fr3dZZufQ3izW9vLX2u1slD3Y2D7/V/4tjR88Ojv/HUbp/TTg0Yutieu3GzMTEyOjres7qWj/6pnnWD+bjF/nSdiFh6/Y3XWrOzM4t3/6H8CtxD9UfoQ6o9Lj31ofoQtYeiGQ+m7zwGyuf/u5Hid9/5j+4Dv/P8r8evdJZuPeHj/T/dev6/sH1He3z+17bXy8//8pm+0/P/iZ51L+TfjfTVIurL1xf6jkXUl15/40T7euvazLWZubMnT35lePgrZ072HY6oX23PzvR82pfTBQAAAAAAAAAAAAAAAHD/pCK+GilaP91IjYi4WY3XGjw//MyJpw/FoWq81W3jtl8dv3yh8dL89YXFmaWlmenGxFx7an56Zq+Hq1fDvSZGRg+kMx9q4IDbP1B/aX7h9cX2tT9a3nH7kfqFK0vLi62pnTfHQBQRzd41Q1WDJ0ZGq0bPtltzVdWxHQfTf3R9qYj/jBRTZxvpC3ldHv+/fYT/beP/V7bv6IDG/3+yZ115zJSKeD9S/M5fPhVfqNp5JO44Z7nc30aKoXOfz+XicFmu24bOewU6IwPLsv8bKf7xl7eX7Y6HfGKr7Kk9n9hHRHn9j0aKH/759+M387rb3/+w8/U/sn1HB3T9n+xZd+S29xXcc9fJ1/9EpHjxibfit/K6D3r/R/fdG8dz4Vvv5zig6//pnnWD+bi/vT9dBwAAAAAAAAAAeKT1pSL+LlL8eLSWns/r9vL3/6a37+iA/v7XZ3rWTe/PfEUf+uGeTyoAAAAAPCT6UhE/ixTXlt+6NYb69vHfPeM/f29r/OdI2ra1+nO+X6veG7Cff/7XazAfd/Leuw0AAAAAAAAAAAAAAAAAAAAPlZSKeD7Ppz5Zjeef3nU+9bVI8fJ/P5vLpWNlue488IPVr/VL83MnLszOzk+1lltXZmca4wutqZmy7pORYuNvPp/rFtX86t355jtzvG/Nxb4YKUb/vlu2Mxd7d27yJ7fKnirLfjJS/Nc/3F62O4/1p7fKni7L/nWk+OY/71z22FbZM2XZ70eKn3yz0S17pCzbfT/qZ7bKPjc1XxzAVQEAAAAAAAAAAAAAAAAAAOBx05eK+LNI8T/XV2+N5c/z//f1LFbe/HbPfP/b3Kzm+R+s5v/f7fPdzP9fvVdgZbejAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAx1OKIt6IFAuXNtJaf7ncUb/Ynrtxc2JkdOdqA6mqeagqX/7UT50+c/bLzw+f6+YH199vn41Xxy9faLw0f31hcWZpaWa6MTHXnpqfntnzHu61/nZD1QloXH/txvTVq0uN08+dqVYfzptvDr7X/4ljg+eHnznxdLfsxMjo6HjPLmp9d330O6Rd1h+OIv4qUjz7g5+nH/dHFHHv5+JDvjsHbaDqxFDViYmR0aojs+3W3HK5cax7IoqIRk+lZvcc3YdrsYP3Nzc391ayGbFSNr9s8FDZvfGF1mLryuxMY6y1uNxebs/PjaVOa8v+NKKIcyliNSLW++/cXV8U8Vqk+N7RjfQv/RGHuufhS5fGv37y9O7tKO62q/ujbGejL2K1eGDX7GOhP4r4p0jxi7ePx7/2R9Si8xNfjHilzB9FvBmd653KL8bZiHd3+B7xaKpFEf9XXv/zG+nt/vJ+0L2vXPxG42tzV+d7ynbvK4/88+F+2v3e9NX72o5d1KOIn1R3/I30b/67BgAAAAAAAAAAAAAAAHiIFPHrkeKFd46nanxwHlP8ZN56ZbYzrK879q87Znpzc3OzkTrZzDmZcyXnas61nOs5o8j1czbLrG9uTubllZyrOddyrueMQ7l+zmbOyZwrOVdzruVczxm1XD9nM+dkzpWcqznXcq7nDOOKAQAAAAAAAAAAAAAAAACAA1BU/6T47rc20mZ/Z37pyejkmvlAP/b+PwAA///l1fnv") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpu.stat\x00', 0x26e1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$cgroup_type(r0, &(0x7f0000000080), 0x11ffffce1) 3.49070781s ago: executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r0, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x541b, 0x0) 3.285922152s ago: executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x220101c, 0x0) mount$cgroup2(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x80000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1001) umount2(&(0x7f0000000300)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, 0x0) 3.272740283s ago: executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_procfs(0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, &(0x7f00000000c0)="f23e0f2334baf80c66b8ec81848866efbafc0c66b80f00000066eff0835d083ebaf80c66b844f9808366efbafc0c66edbaa000b00cee36f734650f01cf66b8005000000f23c00f21f86635010003000f23f80f01ca0f35", 0x57}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2.477761016s ago: executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ENCRYPT={0x5, 0x7, 0x3}]}}}]}, 0x3c}}, 0x0) 2.435498833s ago: executing program 3: gettid() r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000080)={@loopback={0xff00000000000000, 0x307}, 0x0, r2}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'veth1_to_bridge\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf2e, 0x4) r5 = socket$inet6(0xa, 0x3, 0x6) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000000000000006000000000000850000009b00000085000000a000000000000000000000d0c7bd8ff9f4e756ea00"], &(0x7f0000000080)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b70200000094e200001212000000000007000000000000009500000000000a6682f0a61b01e4c027d252f602901b7cbbd5b9097bb8334a5541cf9e345af317e35f2ad53d857708f974879196ac07622b10548ccd2028eaf7610ae297a58e413b22d81494fcb1dbd1e9cb784c590ddd3d400ac1949839f92232e7684f2305d906ee929a27a5dedf301650960d8ae1cf339f6bda65bf6594c2839dcea6e419c9b8b7d17b9e49f392c832ffa41c17b82700789b163bbc8507f171b46d2c569e75810e60a06b6f69ef41ca39a2e8c2f369545d761d74"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc5, &(0x7f00000001c0)=""/197, 0x40f00, 0x0, '\x00', 0x0, 0x11}, 0x90) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet6_SIOCDELRT(r5, 0x890b, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @remote}, @mcast1, @loopback, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x804a0013}) sendto$packet(r0, &(0x7f00000000c0)="3f0402e9b0e812002c001e0089e9aaa911d7c2290f0086dd1327c9167c64044a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdc9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0x11, 0x0, r4, 0x4, 0x0, 0x6, @multicast}, 0x14) 2.270407749s ago: executing program 3: syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r0, 0x5411, &(0x7f0000000100)) 2.182460992s ago: executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f00000001c0)={r1, 0x0, 0x20}, &(0x7f0000000200)=0x18) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000040)={r2}, 0xc) 2.13162286s ago: executing program 2: socket$packet(0x11, 0x3, 0x300) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x17, 0xf, &(0x7f00000002c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x50}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) open(&(0x7f0000000100)='./file0\x00', 0x60c2, 0x0) open$dir(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) r4 = socket(0x2, 0x3, 0x100000001) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r4, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000100), 0x1) write$binfmt_misc(r2, &(0x7f0000000540)=ANY=[@ANYRES32=r4], 0xfffffecc) splice(r1, 0x0, r3, 0x0, 0x4efe0, 0x0) 2.122552652s ago: executing program 3: bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x1, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.319168086s ago: executing program 4: r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) r2 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'syz_tun\x00', 0x0}) bind$packet(r2, &(0x7f0000000080)={0x11, 0x800, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x2, 0x0, 0x6, 0x0, @rand_addr, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) 1.238685458s ago: executing program 0: gettid() r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000080)={@loopback={0xff00000000000000, 0x307}, 0x0, r2}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'veth1_to_bridge\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf2e, 0x4) r5 = socket$inet6(0xa, 0x3, 0x6) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000000000000006000000000000850000009b00000085000000a000000000000000000000d0c7bd8ff9f4e756ea00"], &(0x7f0000000080)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b70200000094e200001212000000000007000000000000009500000000000a6682f0a61b01e4c027d252f602901b7cbbd5b9097bb8334a5541cf9e345af317e35f2ad53d857708f974879196ac07622b10548ccd2028eaf7610ae297a58e413b22d81494fcb1dbd1e9cb784c590ddd3d400ac1949839f92232e7684f2305d906ee929a27a5dedf301650960d8ae1cf339f6bda65bf6594c2839dcea6e419c9b8b7d17b9e49f392c832ffa41c17b82700789b163bbc8507f171b46d2c569e75810e60a06b6f69ef41ca39a2e8c2f369545d761d74"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc5, &(0x7f00000001c0)=""/197, 0x40f00, 0x0, '\x00', 0x0, 0x11}, 0x90) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet6_SIOCDELRT(r5, 0x890b, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @remote}, @mcast1, @loopback, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x804a0013}) sendto$packet(r0, &(0x7f00000000c0)="3f0402e9b0e812002c001e0089e9aaa911d7c2290f0086dd1327c9167c64044a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdc9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0x11, 0x0, r4, 0x4, 0x0, 0x6, @multicast}, 0x14) 1.086274232s ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0e50006, &(0x7f0000000a80)={[{@jqfmt_vfsold}, {@resgid={'resgid', 0x3d, 0xee00}}, {@jqfmt_vfsold}, {@nogrpid}, {@data_err_ignore}, {@noload}]}, 0xfe, 0x43e, &(0x7f00000004c0)="$eJzs3MtvG0UYAPBv7SR9k1DKo6WFQEFEPJImfdADFxBIHEBCgkMRp5CkVajboCZItIogcAhHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZu6iZ3GiVOX7O8nbTvjHWvm292xZ2e8CaCwBtN/koi9EfFHRPTXs7cXGKz/d3NpfuKfpfmJJKrVt/9OauVuLM1P5EXz9+2pZ6rVLL+jSb2L70WMVypTl7L8yNyFD0dmL195YfrC+Lmpc1MXx06fPnH8SN+psZMdiTON68ahT2YOH3z93atvTpy5+v4v36Xt3Zvtb4yjUwbrR7eppztdWZfta0gnPV1sCG0pR0R6unpr/b8/yrFreV9/vPZ5VxsHbKlqtVpt9v2cWagC21gS3W4B0B35F316/5tvd2nocU+4/nL9BiiN+2a21ff0RCkr07vi/raTBiPizMK/X6dbbNE8BABAox/S8c/zzcZ/pXioodx92RrKQETcHxH7I+KBiDgQEQ9G1Mo+HBGPtFn/yhWS1eOf0rUNBbZO6fjvpWxt6/bxXz76i4FylttXi783OTtdmTqWHZOh6N2R5kfXqOPHV3//stW+xvFfuqX152PBrB3XelZM0E2Oz41vJuZG1z+LONTTLP4k8mWcJCIORsShDdYx/ey3h1vtu3P8a+jAOlP1m4hn6ud/IVbEn0tark+Ovnhq7OTIzqhMHRvJr4rVfv1t8a1W9W8q/g5Iz//uptf/cvwDyc6I2ctXztfWa2fbr2Pxzy9a3tNs9PrvS96ppfuy1z4en5u7NBrRl7yx+vWxW+/N83n5NP6ho837//64dSQejYj0Ij4SEY9FxONZ25+IiCcj4uga8f/8ylMftB//GrPyHZTGP3mn8x+N57/9RPn8T9+3H38uPf8naqmh7JX1fP6tt4GbOXYAAADwf1Gq/QY+KQ0vp0ul4eH6b/gPxO5SZWZ27rmzMx9dnKz/Vn4gekv5TFd/w3zoaDY3nOfHVuSPZ/PGX5V31fLDEzOVyW4HDwW3p0X/T/1V7nbrgC3neS0oLv0fikv/h+LS/6G49H8ormb9/9MutAO4+3z/Q3Hp/1Bc+j8Ul/4PhdTy2fjSph75l9j2iSjdE83Y/omedf8xiw0mdjTd1e1PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM74LwAA//9wiOSH") openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f0000000380)={{0x80}, 'port1\x00', 0xe3, 0x111c27}) setsockopt$rose(0xffffffffffffffff, 0x104, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x0, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="18000000010000000000000000"], 0x0}, 0x90) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x40183, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x0, 0x3, &(0x7f0000001300)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeef}, 0x90) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r1, 0xffffffffffffffff, 0x16, 0x0, @val=@tcx={@prog_fd}}, 0x40) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r2, 0x29, 0x49, &(0x7f0000000040)=0x3, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x11, 0x4, 0x4, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0}, 0x48) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x10, &(0x7f0000000900)=ANY=[@ANYRES32, @ANYBLOB="66000000000000859a3da112215e1d", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r3, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)='\v', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r3, 0x84, 0x77, &(0x7f00000002c0)=ANY=[@ANYBLOB="fe0f0900090004"], 0x1a) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) chdir(&(0x7f0000000100)='./file0\x00') r4 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) r5 = memfd_create(&(0x7f0000000280)='y\x105\xfb\xf7uZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S\xa4\xb3I\v\xe1\x11\xe7#\x99\x9b2\xd1Q\x01\xf4\x967\xc9\x00\x00]pq\xc6\xfa\xdd', 0x0) ftruncate(r5, 0xffff) fcntl$addseals(r5, 0x409, 0x7) r6 = ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000000)={r5, 0x0, 0x10000, 0x8000}) ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086203, 0x0) creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) 1.073707434s ago: executing program 4: socket$packet(0x11, 0x3, 0x300) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x17, 0xf, &(0x7f00000002c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x50}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) open(&(0x7f0000000100)='./file0\x00', 0x60c2, 0x0) open$dir(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) r4 = socket(0x2, 0x3, 0x100000001) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r4, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000100), 0x1) write$binfmt_misc(r2, &(0x7f0000000540)=ANY=[@ANYRES32=r4], 0xfffffecc) splice(r1, 0x0, r3, 0x0, 0x4efe0, 0x0) 919.464448ms ago: executing program 3: r0 = syz_open_dev$vbi(&(0x7f00000000c0), 0x0, 0x2) ioctl$VIDIOC_G_SLICED_VBI_CAP(r0, 0xc0745645, &(0x7f0000000100)={0x0, [], 0x7}) 813.382514ms ago: executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0e50006, &(0x7f0000000a80)={[{@jqfmt_vfsold}, {@resgid={'resgid', 0x3d, 0xee00}}, {@jqfmt_vfsold}, {@nogrpid}, {@data_err_ignore}, {@noload}]}, 0xfe, 0x43e, &(0x7f00000004c0)="$eJzs3MtvG0UYAPBv7SR9k1DKo6WFQEFEPJImfdADFxBIHEBCgkMRp5CkVajboCZItIogcAhHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZu6iZ3GiVOX7O8nbTvjHWvm292xZ2e8CaCwBtN/koi9EfFHRPTXs7cXGKz/d3NpfuKfpfmJJKrVt/9OauVuLM1P5EXz9+2pZ6rVLL+jSb2L70WMVypTl7L8yNyFD0dmL195YfrC+Lmpc1MXx06fPnH8SN+psZMdiTON68ahT2YOH3z93atvTpy5+v4v36Xt3Zvtb4yjUwbrR7eppztdWZfta0gnPV1sCG0pR0R6unpr/b8/yrFreV9/vPZ5VxsHbKlqtVpt9v2cWagC21gS3W4B0B35F316/5tvd2nocU+4/nL9BiiN+2a21ff0RCkr07vi/raTBiPizMK/X6dbbNE8BABAox/S8c/zzcZ/pXioodx92RrKQETcHxH7I+KBiDgQEQ9G1Mo+HBGPtFn/yhWS1eOf0rUNBbZO6fjvpWxt6/bxXz76i4FylttXi783OTtdmTqWHZOh6N2R5kfXqOPHV3//stW+xvFfuqX152PBrB3XelZM0E2Oz41vJuZG1z+LONTTLP4k8mWcJCIORsShDdYx/ey3h1vtu3P8a+jAOlP1m4hn6ud/IVbEn0tark+Ovnhq7OTIzqhMHRvJr4rVfv1t8a1W9W8q/g5Iz//uptf/cvwDyc6I2ctXztfWa2fbr2Pxzy9a3tNs9PrvS96ppfuy1z4en5u7NBrRl7yx+vWxW+/N83n5NP6ho837//64dSQejYj0Ij4SEY9FxONZ25+IiCcj4uga8f/8ylMftB//GrPyHZTGP3mn8x+N57/9RPn8T9+3H38uPf8naqmh7JX1fP6tt4GbOXYAAADwf1Gq/QY+KQ0vp0ul4eH6b/gPxO5SZWZ27rmzMx9dnKz/Vn4gekv5TFd/w3zoaDY3nOfHVuSPZ/PGX5V31fLDEzOVyW4HDwW3p0X/T/1V7nbrgC3neS0oLv0fikv/h+LS/6G49H8ormb9/9MutAO4+3z/Q3Hp/1Bc+j8Ul/4PhdTy2fjSph75l9j2iSjdE83Y/omedf8xiw0mdjTd1e1PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM74LwAA//9wiOSH") openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f0000000380)={{0x80}, 'port1\x00', 0xe3, 0x111c27}) setsockopt$rose(0xffffffffffffffff, 0x104, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x0, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="18000000010000000000000000"], 0x0}, 0x90) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x40183, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x0, 0x3, &(0x7f0000001300)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeef}, 0x90) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r1, 0xffffffffffffffff, 0x16, 0x0, @val=@tcx={@prog_fd}}, 0x40) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r2, 0x29, 0x49, &(0x7f0000000040)=0x3, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x11, 0x4, 0x4, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0}, 0x48) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x10, &(0x7f0000000900)=ANY=[@ANYRES32, @ANYBLOB="66000000000000859a3da112215e1d", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r3, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)='\v', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r3, 0x84, 0x77, &(0x7f00000002c0)=ANY=[@ANYBLOB="fe0f0900090004"], 0x1a) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) chdir(&(0x7f0000000100)='./file0\x00') r4 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) r5 = memfd_create(&(0x7f0000000280)='y\x105\xfb\xf7uZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S\xa4\xb3I\v\xe1\x11\xe7#\x99\x9b2\xd1Q\x01\xf4\x967\xc9\x00\x00]pq\xc6\xfa\xdd', 0x0) ftruncate(r5, 0xffff) fcntl$addseals(r5, 0x409, 0x7) r6 = ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000000)={r5, 0x0, 0x10000, 0x8000}) ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086203, 0x0) creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) 783.074919ms ago: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_procfs(0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, &(0x7f00000000c0)="f23e0f2334baf80c66b8ec81848866efbafc0c66b80f00000066eff0835d083ebaf80c66b844f9808366efbafc0c66edbaa000b00cee36f734650f01cf66b8005000000f23c00f21f86635010003000f23f80f01ca0f35", 0x57}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 637.705612ms ago: executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x20, 0x0, 0x0, 0xfffff024}, {0x6}]}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0) sendmmsg$unix(r0, &(0x7f000000a580)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 592.828978ms ago: executing program 1: gettid() r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000080)={@loopback={0xff00000000000000, 0x307}, 0x0, r2}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'veth1_to_bridge\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf2e, 0x4) r5 = socket$inet6(0xa, 0x3, 0x6) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000000000000006000000000000850000009b00000085000000a000000000000000000000d0c7bd8ff9f4e756ea00"], &(0x7f0000000080)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b70200000094e200001212000000000007000000000000009500000000000a6682f0a61b01e4c027d252f602901b7cbbd5b9097bb8334a5541cf9e345af317e35f2ad53d857708f974879196ac07622b10548ccd2028eaf7610ae297a58e413b22d81494fcb1dbd1e9cb784c590ddd3d400ac1949839f92232e7684f2305d906ee929a27a5dedf301650960d8ae1cf339f6bda65bf6594c2839dcea6e419c9b8b7d17b9e49f392c832ffa41c17b82700789b163bbc8507f171b46d2c569e75810e60a06b6f69ef41ca39a2e8c2f369545d761d74"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc5, &(0x7f00000001c0)=""/197, 0x40f00, 0x0, '\x00', 0x0, 0x11}, 0x90) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet6_SIOCDELRT(r5, 0x890b, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @remote}, @mcast1, @loopback, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x804a0013}) sendto$packet(r0, &(0x7f00000000c0)="3f0402e9b0e812002c001e0089e9aaa911d7c2290f0086dd1327c9167c64044a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdc9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0x11, 0x0, r4, 0x4, 0x0, 0x6, @multicast}, 0x14) 590.646179ms ago: executing program 0: unshare(0x28000600) r0 = socket$rxrpc(0x21, 0x2, 0xa) ppoll(&(0x7f0000000000)=[{r0}], 0x1, &(0x7f0000000040)={0x0, 0x3938700}, 0x0, 0x0) 536.585097ms ago: executing program 1: r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = gettid() read(r0, &(0x7f0000000200)=""/209, 0x10f) tkill(r1, 0x7) 481.411796ms ago: executing program 0: bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x1, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 468.219927ms ago: executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f0000000080)="0f2374360f01c30f06640fc7348c66baf80cb824ebc089ef66bafc0cedc4e2b191ac7b0100000066b8af000f00d89a0080000048000f01c565a4", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 446.658751ms ago: executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x13, &(0x7f0000000580)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b70300000000002085000000040000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200000a000000b703000000000000850000006d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='block_plug\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) r3 = socket(0x40000000015, 0x5, 0x0) getsockopt(r3, 0x200000000114, 0x0, 0x0, &(0x7f0000000080)=0x39) 346.908957ms ago: executing program 1: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r0) r2 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x1}, 0x0, 0x0, r1) add_key$keyring(&(0x7f0000001000), &(0x7f0000001040)={'syz', 0x1}, 0x0, 0x0, r2) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000080)='asymmetric\x00', &(0x7f0000008ac0)=@keyring={'key_or_keyring:', r0}) keyctl$KEYCTL_MOVE(0x1e, r1, r0, r2, 0x0) 283.221417ms ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0e50006, &(0x7f0000000a80)={[{@jqfmt_vfsold}, {@resgid={'resgid', 0x3d, 0xee00}}, {@jqfmt_vfsold}, {@nogrpid}, {@data_err_ignore}, {@noload}]}, 0xfe, 0x43e, &(0x7f00000004c0)="$eJzs3MtvG0UYAPBv7SR9k1DKo6WFQEFEPJImfdADFxBIHEBCgkMRp5CkVajboCZItIogcAhHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZu6iZ3GiVOX7O8nbTvjHWvm292xZ2e8CaCwBtN/koi9EfFHRPTXs7cXGKz/d3NpfuKfpfmJJKrVt/9OauVuLM1P5EXz9+2pZ6rVLL+jSb2L70WMVypTl7L8yNyFD0dmL195YfrC+Lmpc1MXx06fPnH8SN+psZMdiTON68ahT2YOH3z93atvTpy5+v4v36Xt3Zvtb4yjUwbrR7eppztdWZfta0gnPV1sCG0pR0R6unpr/b8/yrFreV9/vPZ5VxsHbKlqtVpt9v2cWagC21gS3W4B0B35F316/5tvd2nocU+4/nL9BiiN+2a21ff0RCkr07vi/raTBiPizMK/X6dbbNE8BABAox/S8c/zzcZ/pXioodx92RrKQETcHxH7I+KBiDgQEQ9G1Mo+HBGPtFn/yhWS1eOf0rUNBbZO6fjvpWxt6/bxXz76i4FylttXi783OTtdmTqWHZOh6N2R5kfXqOPHV3//stW+xvFfuqX152PBrB3XelZM0E2Oz41vJuZG1z+LONTTLP4k8mWcJCIORsShDdYx/ey3h1vtu3P8a+jAOlP1m4hn6ud/IVbEn0tark+Ovnhq7OTIzqhMHRvJr4rVfv1t8a1W9W8q/g5Iz//uptf/cvwDyc6I2ctXztfWa2fbr2Pxzy9a3tNs9PrvS96ppfuy1z4en5u7NBrRl7yx+vWxW+/N83n5NP6ho837//64dSQejYj0Ij4SEY9FxONZ25+IiCcj4uga8f/8ylMftB//GrPyHZTGP3mn8x+N57/9RPn8T9+3H38uPf8naqmh7JX1fP6tt4GbOXYAAADwf1Gq/QY+KQ0vp0ul4eH6b/gPxO5SZWZ27rmzMx9dnKz/Vn4gekv5TFd/w3zoaDY3nOfHVuSPZ/PGX5V31fLDEzOVyW4HDwW3p0X/T/1V7nbrgC3neS0oLv0fikv/h+LS/6G49H8ormb9/9MutAO4+3z/Q3Hp/1Bc+j8Ul/4PhdTy2fjSph75l9j2iSjdE83Y/omedf8xiw0mdjTd1e1PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM74LwAA//9wiOSH") openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f0000000380)={{0x80}, 'port1\x00', 0xe3, 0x111c27}) setsockopt$rose(0xffffffffffffffff, 0x104, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x0, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="18000000010000000000000000"], 0x0}, 0x90) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x40183, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x0, 0x3, &(0x7f0000001300)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeef}, 0x90) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r1, 0xffffffffffffffff, 0x16, 0x0, @val=@tcx={@prog_fd}}, 0x40) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r2, 0x29, 0x49, &(0x7f0000000040)=0x3, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x11, 0x4, 0x4, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0}, 0x48) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x10, &(0x7f0000000900)=ANY=[@ANYRES32, @ANYBLOB="66000000000000859a3da112215e1d", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r3, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)='\v', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r3, 0x84, 0x77, &(0x7f00000002c0)=ANY=[@ANYBLOB="fe0f0900090004"], 0x1a) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) chdir(&(0x7f0000000100)='./file0\x00') r4 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) r5 = memfd_create(&(0x7f0000000280)='y\x105\xfb\xf7uZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S\xa4\xb3I\v\xe1\x11\xe7#\x99\x9b2\xd1Q\x01\xf4\x967\xc9\x00\x00]pq\xc6\xfa\xdd', 0x0) ftruncate(r5, 0xffff) fcntl$addseals(r5, 0x409, 0x7) r6 = ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000000)={r5, 0x0, 0x10000, 0x8000}) ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086203, 0x0) creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) 250.702462ms ago: executing program 1: gettid() r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000080)={@loopback={0xff00000000000000, 0x307}, 0x0, r2}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'veth1_to_bridge\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf2e, 0x4) r5 = socket$inet6(0xa, 0x3, 0x6) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000000000000006000000000000850000009b00000085000000a000000000000000000000d0c7bd8ff9f4e756ea00"], &(0x7f0000000080)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b70200000094e200001212000000000007000000000000009500000000000a6682f0a61b01e4c027d252f602901b7cbbd5b9097bb8334a5541cf9e345af317e35f2ad53d857708f974879196ac07622b10548ccd2028eaf7610ae297a58e413b22d81494fcb1dbd1e9cb784c590ddd3d400ac1949839f92232e7684f2305d906ee929a27a5dedf301650960d8ae1cf339f6bda65bf6594c2839dcea6e419c9b8b7d17b9e49f392c832ffa41c17b82700789b163bbc8507f171b46d2c569e75810e60a06b6f69ef41ca39a2e8c2f369545d761d74"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc5, &(0x7f00000001c0)=""/197, 0x40f00, 0x0, '\x00', 0x0, 0x11}, 0x90) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet6_SIOCDELRT(r5, 0x890b, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @remote}, @mcast1, @loopback, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x804a0013}) sendto$packet(r0, &(0x7f00000000c0)="3f0402e9b0e812002c001e0089e9aaa911d7c2290f0086dd1327c9167c64044a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdc9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0x11, 0x0, r4, 0x4, 0x0, 0x6, @multicast}, 0x14) 10.757638ms ago: executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_procfs(0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, &(0x7f00000000c0)="f23e0f2334baf80c66b8ec81848866efbafc0c66b80f00000066eff0835d083ebaf80c66b844f9808366efbafc0c66edbaa000b00cee36f734650f01cf66b8005000000f23c00f21f86635010003000f23f80f01ca0f35", 0x57}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 0s ago: executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) kernel console output (not intermixed with test programs): tadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 487.477460][T11488] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 487.490082][T11553] loop2: detected capacity change from 0 to 64 [ 487.510417][T11438] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 487.623221][T11488] device hsr_slave_0 entered promiscuous mode [ 487.649054][T11488] device hsr_slave_1 entered promiscuous mode [ 487.664872][T11488] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 487.683356][T11488] Cannot create hsr debugfs directory [ 487.746266][ T4105] Bluetooth: hci2: command 0x0419 tx timeout [ 487.752748][ T4105] Bluetooth: hci6: command 0x041b tx timeout [ 488.022017][T11438] 8021q: adding VLAN 0 to HW filter on device bond0 [ 488.096323][T11488] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 488.130684][T11563] 9p: Unknown access argument client" [ 488.180027][ T3917] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 488.217428][ T3917] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 488.258117][T11438] 8021q: adding VLAN 0 to HW filter on device team0 [ 488.300272][T11488] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 488.406534][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 488.424970][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 488.456667][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 488.463750][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 488.489392][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 488.524889][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 488.543689][T11575] loop2: detected capacity change from 0 to 512 [ 488.564251][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 488.571365][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 488.602693][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 488.650435][T11575] EXT4-fs error (device loop2): ext4_find_inline_data_nolock:163: inode #12: comm syz-executor.2: inline data xattr refers to an external xattr inode [ 488.654908][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 488.674264][T11575] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 12 (err -117) [ 488.716951][T11575] EXT4-fs (loop2): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,data_err=ignore,norecovery,resuid=0x0000000000000000,prjquota,debug_want_extra_isize=0x0000000000000008,usrjquota=,nogrpid,nodiscard,,errors=continue. Quota mode: writeback. [ 488.781777][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 488.795911][ T4493] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 488.809522][ T4493] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9 [ 488.828817][ T4493] asix: probe of 5-1:0.0 failed with error -71 [ 488.845614][ T4493] usb 5-1: USB disconnect, device number 11 [ 488.853767][T11488] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 488.921598][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 488.960337][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 489.016924][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 489.025679][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 489.081362][T11488] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.148472][T11438] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 489.184976][T11438] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 489.222334][ T3917] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 489.231494][ T3917] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 489.262064][T11589] loop2: detected capacity change from 0 to 64 [ 489.279489][ T3917] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 489.294015][ T3917] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 489.340116][ T3917] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 489.386197][ T3917] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 489.545291][T11488] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 489.651185][T11488] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 489.667993][ T26] audit: type=1326 audit(1717156189.908:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11596 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50173a4ee9 code=0x7ffc0000 [ 489.742868][ T26] audit: type=1326 audit(1717156189.908:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11596 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f50173a4ee9 code=0x7ffc0000 [ 489.778206][T11488] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 489.803930][T11488] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 489.826078][ T4105] Bluetooth: hci6: command 0x040f tx timeout [ 489.829257][T11606] 9p: Unknown access argument client" [ 489.862858][ T3567] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 489.881481][ T3567] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 489.915320][ T26] audit: type=1326 audit(1717156190.148:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11596 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50173a4ee9 code=0x7ffc0000 [ 489.921003][T11438] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 490.015915][ T26] audit: type=1326 audit(1717156190.148:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11596 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50173a4ee9 code=0x7ffc0000 [ 490.088967][T11608] loop2: detected capacity change from 0 to 512 [ 490.101086][ T26] audit: type=1326 audit(1717156190.308:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11596 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f50173a4ee9 code=0x7ffc0000 [ 490.144073][ T4001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 490.167747][ T4001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 490.183108][ T26] audit: type=1326 audit(1717156190.308:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11596 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50173a4ee9 code=0x7ffc0000 [ 490.316127][ T26] audit: type=1326 audit(1717156190.308:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11596 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f50173a2667 code=0x7ffc0000 [ 490.339885][T11608] EXT4-fs error (device loop2): ext4_find_inline_data_nolock:163: inode #12: comm syz-executor.2: inline data xattr refers to an external xattr inode [ 490.359723][ T4001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 490.372789][ T4001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 490.404374][T11608] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 12 (err -117) [ 490.457691][ T26] audit: type=1326 audit(1717156190.308:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11596 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5017368329 code=0x7ffc0000 [ 490.458298][T11438] device veth0_vlan entered promiscuous mode [ 490.487605][T11608] EXT4-fs (loop2): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,data_err=ignore,norecovery,resuid=0x0000000000000000,prjquota,debug_want_extra_isize=0x0000000000000008,usrjquota=,nogrpid,nodiscard,,errors=continue. Quota mode: writeback. [ 490.534339][ T26] audit: type=1326 audit(1717156190.308:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11596 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f50173a2667 code=0x7ffc0000 [ 490.605843][T11438] device veth1_vlan entered promiscuous mode [ 490.615984][ T3567] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 490.630816][ T3567] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 490.635834][ T26] audit: type=1326 audit(1717156190.308:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11596 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5017368329 code=0x7ffc0000 [ 490.764418][T11488] 8021q: adding VLAN 0 to HW filter on device bond0 [ 490.793995][ T4491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 490.807095][ T4491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 490.834694][T11592] loop4: detected capacity change from 0 to 40427 [ 490.863585][T11438] device veth0_macvtap entered promiscuous mode [ 490.886886][T11438] device veth1_macvtap entered promiscuous mode [ 490.904478][ T3567] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 490.921320][ T3567] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 490.937804][T11592] F2FS-fs (loop4): invalid crc value [ 490.964071][T11612] loop2: detected capacity change from 0 to 2048 [ 490.974735][ T3567] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 490.999116][T11592] F2FS-fs (loop4): Found nat_bits in checkpoint [ 491.017965][ T3567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 491.080302][T11438] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 491.129315][T11438] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.161196][T11592] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 491.185756][T11438] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 491.226158][T11438] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.243658][T11438] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 491.254151][T11438] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.296067][T11438] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 491.313631][T11438] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.336938][T11438] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 491.361600][T11438] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.384945][T11438] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 491.406445][T11438] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.427859][T11438] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 491.439782][T11488] 8021q: adding VLAN 0 to HW filter on device team0 [ 491.462941][T11612] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 491.479900][ T4001] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 491.496735][ T4001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 491.508075][T11612] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 491.518122][T11438] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 491.535851][T11438] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.559228][T11438] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 491.595226][T11438] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.615647][T11438] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 491.635278][T11438] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.654369][T11438] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 491.665398][T11438] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.684152][T11438] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 491.694669][T11438] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.714777][T11438] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 491.725496][T11438] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.747097][T11438] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 491.787618][ T4001] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 491.804246][ T4001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 491.853839][ T4001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 491.876447][ T4001] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 491.896765][ T4493] Bluetooth: hci6: command 0x0419 tx timeout [ 491.903424][ T4001] bridge0: port 1(bridge_slave_0) entered blocking state [ 491.907738][T11625] loop2: detected capacity change from 0 to 64 [ 491.910522][ T4001] bridge0: port 1(bridge_slave_0) entered forwarding state [ 491.975031][ T4001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 492.000829][ T4001] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 492.034466][ T4001] bridge0: port 2(bridge_slave_1) entered blocking state [ 492.041585][ T4001] bridge0: port 2(bridge_slave_1) entered forwarding state [ 492.088378][ T4001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 492.107331][ T3567] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 492.149244][T11438] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 492.199817][T11438] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 492.231811][T11438] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 492.262447][T11438] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 492.284184][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 492.313444][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 492.347432][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 492.369626][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 492.398296][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 492.544785][T11488] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 492.560918][T11641] loop2: detected capacity change from 0 to 1024 [ 492.584725][T11488] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 492.640020][ T4491] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 492.653792][T11641] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 492.657793][ T4491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 492.679417][ T4491] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 492.691467][T11641] EXT4-fs error (device loop2): __ext4_get_inode_loc:4309: comm syz-executor.2: Invalid inode table block 0 in block_group 0 [ 492.700169][ T4491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 492.723123][ T4491] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 492.737165][T11641] EXT4-fs (loop2): Remounting filesystem read-only [ 492.776971][ T4491] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 492.786543][T11641] EXT4-fs (loop2): get root inode failed [ 492.846090][T11641] EXT4-fs (loop2): mount failed [ 493.110880][ T4363] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 493.151495][ T4363] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 493.194321][T11659] loop2: detected capacity change from 0 to 2048 [ 493.242394][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 493.244240][T10396] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 493.293097][T10396] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 493.294254][T11659] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 493.371014][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 493.383606][T11659] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 493.400632][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 493.424087][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 493.540918][T11488] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 493.627854][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 493.640414][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 493.721678][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 493.740256][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 493.769156][T11488] device veth0_vlan entered promiscuous mode [ 493.782885][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 493.816197][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 493.861839][T11488] device veth1_vlan entered promiscuous mode [ 493.974114][T11488] device veth0_macvtap entered promiscuous mode [ 494.007911][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 494.025247][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 494.066704][T11488] device veth1_macvtap entered promiscuous mode [ 494.097138][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 494.105566][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 494.195366][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.225417][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.292863][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.331070][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.346794][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.371920][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.392669][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.427775][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.453949][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.483648][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.515523][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.552087][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.575162][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.599369][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.637734][T11488] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 494.761376][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 494.781626][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 494.816483][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 494.874243][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.903238][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 494.919493][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.940838][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 494.978735][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.995818][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 495.013179][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 495.034463][T11720] loop0: detected capacity change from 0 to 512 [ 495.042086][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 495.058456][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 495.074237][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 495.104813][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 495.130486][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 495.151612][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 495.174982][T11488] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 495.217233][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 495.245943][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 495.263636][T11720] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 495.288778][T11488] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 495.301567][T11720] ext4 filesystem being mounted at /root/syzkaller-testdir864094733/syzkaller.sR4IPx/5/w5T)`)YFnA@T<3ڂ$rcnHwC" -8 supports timestamps until 2038 (0x7fffffff) [ 495.329450][T11488] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 495.347138][T11488] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 495.359307][T11488] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 495.413045][T10412] device hsr_slave_0 left promiscuous mode [ 495.429918][T11720] EXT4-fs error (device loop0): ext4_do_update_inode:5160: inode #2: comm syz-executor.0: corrupted inode contents [ 495.449481][T10412] device hsr_slave_1 left promiscuous mode [ 495.470787][T11720] EXT4-fs error (device loop0): ext4_dirty_inode:5993: inode #2: comm syz-executor.0: mark_inode_dirty error [ 495.470829][T10412] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 495.498909][T11720] EXT4-fs error (device loop0): ext4_do_update_inode:5160: inode #2: comm syz-executor.0: corrupted inode contents [ 495.522333][T11720] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #2: comm syz-executor.0: mark_inode_dirty error [ 495.536514][T10412] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 495.557033][T10412] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 495.564496][T10412] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 495.622424][T10412] device bridge_slave_1 left promiscuous mode [ 495.644346][T10412] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.692158][T10412] device bridge_slave_0 left promiscuous mode [ 495.701882][T10412] bridge0: port 1(bridge_slave_0) entered disabled state [ 495.813874][T10412] device veth1_macvtap left promiscuous mode [ 495.842486][T11750] fuse: Bad value for 'fd' [ 495.843457][T10412] device veth0_macvtap left promiscuous mode [ 495.870923][T10412] device veth1_vlan left promiscuous mode [ 495.894962][T10412] device veth0_vlan left promiscuous mode [ 497.328883][T10412] team0 (unregistering): Port device team_slave_1 removed [ 497.397529][T10412] team0 (unregistering): Port device team_slave_0 removed [ 497.433118][T10412] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 497.496796][T10412] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 497.726045][T10412] bond0 (unregistering): Released all slaves [ 497.840434][T11779] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 497.886100][T11780] batman_adv: batadv1: Adding interface: netdevsim0 [ 497.906000][T11780] batman_adv: batadv1: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 497.991364][T11780] batman_adv: batadv1: Interface activated: netdevsim0 [ 498.279147][ T4363] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 498.308994][ T4363] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 498.341357][T10416] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 498.383418][ T4105] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 498.383626][T10416] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 498.472211][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 498.587463][ T3567] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 498.825865][ T3567] usb 5-1: Using ep0 maxpacket: 16 [ 498.956078][ T3567] usb 5-1: config index 0 descriptor too short (expected 16456, got 72) [ 498.993107][ T3567] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 499.056300][ T3567] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 499.776229][ T3567] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 499.802543][ T3567] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 499.860152][ T3567] usb 5-1: config 0 has no interface number 0 [ 499.880967][ T3567] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 499.935892][ T3567] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 499.981595][ T3567] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 500.015536][ T3567] usb 5-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 500.059541][ T3567] usb 5-1: config 0 interface 125 has no altsetting 0 [ 500.082445][ T3567] usb 5-1: config 0 interface 125 has no altsetting 2 [ 500.126273][T11821] : renamed from bond0 [ 500.326112][ T3567] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 500.344157][ T3567] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.374526][ T3567] usb 5-1: Product: syz [ 500.390101][ T3567] usb 5-1: Manufacturer: syz [ 500.409944][ T3567] usb 5-1: SerialNumber: syz [ 500.434204][ T3567] usb 5-1: config 0 descriptor?? [ 500.487393][ T3567] usb 5-1: selecting invalid altsetting 2 [ 500.584052][T11836] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 501.096257][ T1281] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 501.338688][ T1377] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.369505][ T3567] parport0: fix this legacy no-device port driver! [ 501.465939][ T1281] usb 2-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 501.475066][ T1281] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.514296][ T1281] usb 2-1: config 0 descriptor?? [ 501.604714][ T3567] usb 5-1: USB disconnect, device number 12 [ 501.985949][ T1281] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 502.006356][ T1281] asix: probe of 2-1:0.0 failed with error -71 [ 502.043367][ T1281] usb 2-1: USB disconnect, device number 15 [ 502.572777][T11871] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 503.916965][T11887] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 504.391608][T11897] loop0: detected capacity change from 0 to 256 [ 504.547311][T11897] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f8593fa, utbl_chksum : 0xe619d30d) [ 504.991732][T11865] loop4: detected capacity change from 0 to 32768 [ 505.089395][T11865] XFS: attr2 mount option is deprecated. [ 505.193293][T11904] loop0: detected capacity change from 0 to 4096 [ 505.333689][T11911] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 505.652835][T11890] chnl_net:caif_netlink_parms(): no params data found [ 505.984851][T11929] loop4: detected capacity change from 0 to 512 [ 506.329709][T11940] loop0: detected capacity change from 0 to 2048 [ 506.767585][ T4100] Bluetooth: hci7: command 0x0409 tx timeout [ 506.830081][T11929] EXT4-fs (loop4): Test dummy encryption mode enabled [ 506.848622][T10416] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 506.872989][T11940] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 506.921034][T11948] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 506.951481][T11929] EXT4-fs error (device loop4): ext4_find_inline_data_nolock:163: inode #12: comm syz-executor.4: inline data xattr refers to an external xattr inode [ 507.077268][T11929] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz-executor.4: couldn't read orphan inode 12 (err -117) [ 507.097911][T11929] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,user_xattr,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000000409e,test_dummy_encryption,,errors=continue. Quota mode: writeback. [ 507.179954][T11944] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 507.190105][T11929] EXT4-fs error (device loop4): dx_make_map:1327: inode #2: block 253: comm syz-executor.4: bad entry in directory: inode out of bounds - offset=0, inode=1633771873, rec_len=1024, size=1024 fake=0 [ 507.224524][T11890] bridge0: port 1(bridge_slave_0) entered blocking state [ 507.231947][T11890] bridge0: port 1(bridge_slave_0) entered disabled state [ 507.256971][T11890] device bridge_slave_0 entered promiscuous mode [ 507.270607][T11929] EXT4-fs error (device loop4) in do_split:2092: Corrupt filesystem [ 507.283433][T10416] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.356224][T11890] bridge0: port 2(bridge_slave_1) entered blocking state [ 507.364531][T11890] bridge0: port 2(bridge_slave_1) entered disabled state [ 507.396019][T11890] device bridge_slave_1 entered promiscuous mode [ 507.463219][T11957] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 507.465581][T10416] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.587650][T10416] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.642341][T11890] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 507.682495][T11890] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 507.788145][T11890] team0: Port device team_slave_0 added [ 507.817194][T11890] team0: Port device team_slave_1 added [ 507.888328][T11890] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 507.909777][T11890] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 507.939379][ T3609] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 507.998328][T11890] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 508.035190][T11890] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 508.056519][T11890] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 508.134556][T11890] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 508.196083][ T3609] usb 1-1: Using ep0 maxpacket: 16 [ 508.287778][T11890] device hsr_slave_0 entered promiscuous mode [ 508.316061][ T3609] usb 1-1: config index 0 descriptor too short (expected 16456, got 72) [ 508.330079][ T3609] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 508.339378][T11890] device hsr_slave_1 entered promiscuous mode [ 508.362254][ T3609] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 508.388543][ T3609] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 508.415155][ T3609] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 508.425899][ T3609] usb 1-1: config 0 has no interface number 0 [ 508.432113][ T3609] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 508.443431][ T3609] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 508.453425][ T3609] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 508.463546][ T3609] usb 1-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 508.518260][ T3609] usb 1-1: config 0 interface 125 has no altsetting 0 [ 508.544536][ T3609] usb 1-1: config 0 interface 125 has no altsetting 2 [ 508.633062][T11988] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.2'. [ 508.716202][ T3609] usb 1-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 508.741690][ T3609] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 508.766742][ T3609] usb 1-1: Product: syz [ 508.775999][ T4495] Bluetooth: hci7: command 0x041b tx timeout [ 508.779926][ T3609] usb 1-1: Manufacturer: syz [ 508.812752][ T3609] usb 1-1: SerialNumber: syz [ 508.828679][ T3609] usb 1-1: config 0 descriptor?? [ 508.836995][ T26] kauditd_printk_skb: 62 callbacks suppressed [ 508.837008][ T26] audit: type=1804 audit(1717156209.078:599): pid=11998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2647363760/syzkaller.gln0dA/149/bus" dev="sda1" ino=1960 res=1 errno=0 [ 508.888448][ T3609] usb 1-1: selecting invalid altsetting 2 [ 508.975768][ T26] audit: type=1804 audit(1717156209.118:600): pid=11998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2647363760/syzkaller.gln0dA/149/bus" dev="sda1" ino=1960 res=1 errno=0 [ 509.048801][ T26] audit: type=1804 audit(1717156209.118:601): pid=11998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir2647363760/syzkaller.gln0dA/149/bus" dev="sda1" ino=1960 res=1 errno=0 [ 509.073410][ C1] vkms_vblank_simulate: vblank timer overrun [ 509.185374][T12011] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 509.449682][T11890] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 509.488268][T11890] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 509.509241][T11890] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 509.530195][T11890] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 509.708274][T11890] 8021q: adding VLAN 0 to HW filter on device bond0 [ 509.766044][ T3609] parport1: fix this legacy no-device port driver! [ 509.767537][T11890] 8021q: adding VLAN 0 to HW filter on device team0 [ 509.793331][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 509.802132][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 509.845793][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 509.866464][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 509.874984][ T4100] bridge0: port 1(bridge_slave_0) entered blocking state [ 509.882087][ T4100] bridge0: port 1(bridge_slave_0) entered forwarding state [ 509.906100][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 509.914909][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 509.946815][ T4100] bridge0: port 2(bridge_slave_1) entered blocking state [ 509.953898][ T4100] bridge0: port 2(bridge_slave_1) entered forwarding state [ 509.990533][ T3609] usb 1-1: USB disconnect, device number 13 [ 510.043959][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 510.055258][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 510.076921][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 510.116670][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 510.135022][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 510.173840][T10416] device hsr_slave_0 left promiscuous mode [ 510.183991][T10416] device hsr_slave_1 left promiscuous mode [ 510.201225][T10416] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 510.214584][T10416] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 510.234532][T10416] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 510.252511][T10416] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 510.275212][T10416] device bridge_slave_1 left promiscuous mode [ 510.289651][T10416] bridge0: port 2(bridge_slave_1) entered disabled state [ 510.309615][T10416] device bridge_slave_0 left promiscuous mode [ 510.324985][T10416] bridge0: port 1(bridge_slave_0) entered disabled state [ 510.353142][T10416] device veth1_macvtap left promiscuous mode [ 510.365916][T10416] device veth0_macvtap left promiscuous mode [ 510.378957][T10416] device veth1_vlan left promiscuous mode [ 510.391518][T10416] device veth0_vlan left promiscuous mode [ 510.860576][ T4491] Bluetooth: hci7: command 0x040f tx timeout [ 511.042156][T10416] team0 (unregistering): Port device team_slave_1 removed [ 511.101772][T10416] team0 (unregistering): Port device team_slave_0 removed [ 511.135235][T10416] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 511.171193][T10416] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 511.419249][T10416] bond0 (unregistering): Released all slaves [ 511.475406][ T26] audit: type=1804 audit(1717156211.708:602): pid=12061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2647363760/syzkaller.gln0dA/154/bus" dev="sda1" ino=1961 res=1 errno=0 [ 511.522182][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 511.527611][ T26] audit: type=1804 audit(1717156211.738:603): pid=12061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2647363760/syzkaller.gln0dA/154/bus" dev="sda1" ino=1961 res=1 errno=0 [ 511.559312][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 511.580710][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 511.602216][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 511.617094][ T26] audit: type=1804 audit(1717156211.798:604): pid=12061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir2647363760/syzkaller.gln0dA/154/bus" dev="sda1" ino=1961 res=1 errno=0 [ 511.621157][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 511.682842][T12045] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 511.776386][T12063] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 512.931926][ T4946] attempt to access beyond end of device [ 512.931926][ T4946] loop1: rw=0, want=6491538, limit=128 [ 512.953082][ T4946] buffer_io_error: 5 callbacks suppressed [ 512.953101][ T4946] Buffer I/O error on dev loop1, logical block 3245768, async page read [ 513.007731][ T4100] Bluetooth: hci7: command 0x0419 tx timeout [ 513.017583][ T4946] attempt to access beyond end of device [ 513.017583][ T4946] loop1: rw=0, want=17666808, limit=128 [ 513.031943][ T4946] Buffer I/O error on dev loop1, logical block 8833403, async page read [ 513.051931][ T4946] attempt to access beyond end of device [ 513.051931][ T4946] loop1: rw=0, want=26539620, limit=128 [ 513.085809][ T4946] Buffer I/O error on dev loop1, logical block 13269809, async page read [ 513.108333][ T4946] attempt to access beyond end of device [ 513.108333][ T4946] loop1: rw=0, want=16147214, limit=128 [ 513.145747][ T4946] Buffer I/O error on dev loop1, logical block 8073606, async page read [ 513.284505][T12045] bridge0: port 2(bridge_slave_1) entered disabled state [ 513.292071][T12045] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.876329][T12045] device bridge_slave_0 left promiscuous mode [ 513.882585][T12045] bridge0: port 1(bridge_slave_0) entered disabled state [ 514.011583][T12045] device bridge_slave_1 left promiscuous mode [ 514.028808][T12045] bridge0: port 2(bridge_slave_1) entered disabled state [ 514.154722][T12045] bond0: (slave bond_slave_0): Releasing backup interface [ 514.246379][T12045] bond0: (slave bond_slave_1): Releasing backup interface [ 514.405984][T12045] team0: Port device team_slave_0 removed [ 514.482854][T12045] team0: Port device team_slave_1 removed [ 514.589995][T12045] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 514.690591][T12045] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 515.341082][T12045] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 515.402109][T12045] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 516.078580][T12045] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.095889][T12045] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.104783][T12045] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.155855][T12045] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.370561][T11890] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 516.405405][T11890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 516.436135][ T4105] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 516.444646][ T4105] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 516.610615][T12101] 9pnet: Insufficient options for proto=fd [ 517.120071][T12110] loop4: detected capacity change from 0 to 2048 [ 517.610802][T12110] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 517.890580][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 517.930738][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 517.957870][T11890] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 518.100699][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 518.115625][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 518.202180][T11890] device veth0_vlan entered promiscuous mode [ 518.231546][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 518.256134][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 518.301469][T11890] device veth1_vlan entered promiscuous mode [ 518.332589][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 518.345298][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 518.374667][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 518.397212][ T26] audit: type=1326 audit(1717156218.638:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12130 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f504f8d3ee9 code=0x7ffc0000 [ 518.421348][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 518.464058][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 518.492941][ T26] audit: type=1326 audit(1717156218.658:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12130 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f504f8d3ee9 code=0x7ffc0000 [ 518.493833][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 518.590929][ T26] audit: type=1326 audit(1717156218.658:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12130 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=116 compat=0 ip=0x7f504f8d3ee9 code=0x7ffc0000 [ 518.608433][T11890] device veth0_macvtap entered promiscuous mode [ 518.621858][T12140] 9pnet: Insufficient options for proto=fd [ 518.673655][T11890] device veth1_macvtap entered promiscuous mode [ 518.703663][ T26] audit: type=1326 audit(1717156218.658:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12130 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f504f8d3ee9 code=0x7ffc0000 [ 518.771938][T12139] loop0: detected capacity change from 0 to 4096 [ 518.773814][T11890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 518.796446][ T26] audit: type=1326 audit(1717156218.658:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12130 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f504f8d3ee9 code=0x7ffc0000 [ 518.848218][T11890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 518.906050][T11890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 518.957647][T11890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 518.995861][T11890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 519.025660][T11890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 519.035541][T11890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 519.094331][T11890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 519.128667][T11890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 519.165353][T11890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 520.114767][T11890] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 520.208944][T11890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 520.260440][T11890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 520.310266][T11890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 520.331953][T11890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 520.363857][T11890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 520.398742][T11890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 520.430436][T11890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 521.394885][T11890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.471434][T11890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 521.554838][T11890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.627416][T11890] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 521.755822][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 521.764081][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 521.766964][T12158] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 521.776012][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 521.789722][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 521.827692][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 521.837383][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 521.879192][T11890] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 521.924037][T11890] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 521.953770][T11890] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.025982][T11890] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.083626][T12163] loop0: detected capacity change from 0 to 1024 [ 522.255514][ T2644] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 522.319685][T10396] hfsplus: b-tree write err: -5, ino 4 [ 522.328299][ T2644] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 522.349522][ T4726] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 522.361953][ T4726] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 522.389227][ T26] audit: type=1800 audit(1717156222.618:610): pid=12171 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=1939 res=0 errno=0 [ 522.468331][T12173] 9pnet: Insufficient options for proto=fd [ 522.546615][T12171] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 522.553566][T12167] loop4: detected capacity change from 0 to 4096 [ 522.590117][T12171] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 522.643172][T12175] cgroup: Unknown subsys name 'fsname' [ 522.652480][T12167] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512) [ 522.747189][T12171] 8021q: adding VLAN 0 to HW filter on device  [ 522.822003][T12171] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 522.921528][ T26] audit: type=1326 audit(1717156223.158:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12183 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56ff85eee9 code=0x7ffc0000 [ 522.953721][ T3567] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 522.965313][ T3567] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 523.011283][ T26] audit: type=1326 audit(1717156223.158:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12183 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56ff85eee9 code=0x7ffc0000 [ 523.122527][ T26] audit: type=1326 audit(1717156223.188:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12183 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=116 compat=0 ip=0x7f56ff85eee9 code=0x7ffc0000 [ 523.193421][ T26] audit: type=1326 audit(1717156223.188:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12183 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56ff85eee9 code=0x7ffc0000 [ 523.220414][T12188] 9pnet: Insufficient options for proto=fd [ 523.388301][T12189] loop4: detected capacity change from 0 to 4096 [ 523.464624][T12189] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512) [ 523.954381][T12202] loop0: detected capacity change from 0 to 1024 [ 524.466689][ T3970] hfsplus: b-tree write err: -5, ino 4 [ 524.507504][T12217] 9pnet: Insufficient options for proto=fd [ 524.643214][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 524.643228][ T26] audit: type=1800 audit(1717156224.878:616): pid=12225 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=1954 res=0 errno=0 [ 524.672690][T12223] Cannot find map_set index 0 as target [ 524.687921][T12225] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 524.717734][T12225] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 524.810452][T12225] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 524.857175][T12237] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 525.242149][T12225] cgroup: Unknown subsys name 'fsname' [ 526.846144][ T26] audit: type=1804 audit(1717156227.078:617): pid=12258 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir2647363760/syzkaller.gln0dA/179/file0" dev="sda1" ino=1962 res=1 errno=0 [ 526.885626][T12263] Cannot find map_set index 0 as target [ 527.070467][T12281] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 528.016095][T12280] loop4: detected capacity change from 0 to 8192 [ 528.139699][T12300] Cannot find map_set index 0 as target [ 528.157415][T12294] loop0: detected capacity change from 0 to 4096 [ 528.214376][T12294] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) [ 528.332694][ T26] audit: type=1804 audit(1717156228.568:618): pid=12303 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir2647363760/syzkaller.gln0dA/184/file0" dev="sda1" ino=1966 res=1 errno=0 [ 528.538816][ T26] audit: type=1804 audit(1717156228.778:619): pid=12311 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir4108826893/syzkaller.vqLcfd/9/file0" dev="sda1" ino=1958 res=1 errno=0 [ 528.853809][T12322] loop0: detected capacity change from 0 to 8192 [ 528.881482][T12337] fuse: Bad value for 'fd' [ 529.145637][T12353] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 529.160276][T12353] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 529.594724][T12369] fuse: Bad value for 'fd' [ 529.651976][T12375] loop0: detected capacity change from 0 to 128 [ 530.469723][T12373] attempt to access beyond end of device [ 530.469723][T12373] loop0: rw=2049, want=1041, limit=128 [ 530.831552][ T4493] libceph: connect (1)[c::]:6789 error -101 [ 530.837908][ T4493] libceph: mon0 (1)[c::]:6789 connect error [ 530.887526][T12382] loop4: detected capacity change from 0 to 8192 [ 531.116159][ T3569] libceph: connect (1)[c::]:6789 error -101 [ 531.124532][ T3569] libceph: mon0 (1)[c::]:6789 connect error [ 531.199677][T12401] fuse: Bad value for 'fd' [ 531.507818][T10405] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.599578][T12387] ceph: No mds server is up or the cluster is laggy [ 531.608477][T10405] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.668883][ T4493] libceph: connect (1)[c::]:6789 error -101 [ 531.674894][ T4493] libceph: mon0 (1)[c::]:6789 connect error [ 531.806946][T10405] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.918069][T10405] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 532.158508][T12430] loop4: detected capacity change from 0 to 4096 [ 532.174674][T12402] chnl_net:caif_netlink_parms(): no params data found [ 532.470259][T12430] ntfs3: loop4: failed to convert "0080" to macgreek [ 532.490610][T12402] bridge0: port 1(bridge_slave_0) entered blocking state [ 532.505902][T12430] ntfs3: loop4: failed to convert name for inode 1e. [ 532.512717][T12402] bridge0: port 1(bridge_slave_0) entered disabled state [ 532.565980][T12402] device bridge_slave_0 entered promiscuous mode [ 532.592637][T12402] bridge0: port 2(bridge_slave_1) entered blocking state [ 532.604375][T12402] bridge0: port 2(bridge_slave_1) entered disabled state [ 532.628714][T12402] device bridge_slave_1 entered promiscuous mode [ 532.750963][T12402] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 532.813727][T12452] loop0: detected capacity change from 0 to 256 [ 532.857314][T12455] loop4: detected capacity change from 0 to 256 [ 532.872709][T12402] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 533.088013][T12402] team0: Port device team_slave_0 added [ 533.091058][T12457] loop4: detected capacity change from 0 to 128 [ 533.123726][T12402] team0: Port device team_slave_1 added [ 533.235339][ T26] audit: type=1800 audit(1717156233.468:620): pid=12457 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file1" dev="loop4" ino=1048738 res=0 errno=0 [ 533.313271][T12402] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 533.336014][ T3569] Bluetooth: hci5: command 0x0409 tx timeout [ 533.383983][T12402] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 533.473395][T12402] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 533.562623][T12465] loop4: detected capacity change from 0 to 128 [ 534.351778][T12464] attempt to access beyond end of device [ 534.351778][T12464] loop4: rw=2049, want=1041, limit=128 [ 534.366136][T12402] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 534.382289][T12402] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 534.508413][T12402] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 534.735614][T12402] device hsr_slave_0 entered promiscuous mode [ 534.788165][T12402] device hsr_slave_1 entered promiscuous mode [ 534.809195][T12402] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 534.840883][T12402] Cannot create hsr debugfs directory [ 534.910616][T12481] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 535.039780][T12484] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 535.179892][T10405] device hsr_slave_0 left promiscuous mode [ 535.216803][T10405] device hsr_slave_1 left promiscuous mode [ 535.311252][T10405] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 535.323415][T10405] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 535.363856][T10405] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 535.389393][T10405] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 535.416382][ T4100] Bluetooth: hci5: command 0x041b tx timeout [ 535.419838][T10405] device bridge_slave_1 left promiscuous mode [ 535.458258][T10405] bridge0: port 2(bridge_slave_1) entered disabled state [ 535.511133][T10405] device bridge_slave_0 left promiscuous mode [ 535.529473][T10405] bridge0: port 1(bridge_slave_0) entered disabled state [ 535.600888][T10405] device veth1_macvtap left promiscuous mode [ 535.643529][T10405] device veth0_macvtap left promiscuous mode [ 535.665326][T10405] device veth1_vlan left promiscuous mode [ 535.695954][T10405] device veth0_vlan left promiscuous mode [ 536.083844][T12496] option changes via remount are deprecated (pid=12495 comm=syz-executor.0) [ 536.222610][T12487] loop4: detected capacity change from 0 to 32768 [ 536.332779][T12487] jfs_mount: dbMount failed w/rc = -22 [ 536.354335][T12487] Mount JFS Failure: -22 [ 536.378892][T12487] jfs_mount failed w/return code = -22 [ 537.563881][ T4100] Bluetooth: hci5: command 0x040f tx timeout [ 537.716959][T10405] team0 (unregistering): Port device team_slave_1 removed [ 537.735727][T10405] team0 (unregistering): Port device team_slave_0 removed [ 537.750377][T10405] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 537.766553][T10405] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 537.783545][T12506] loop4: detected capacity change from 0 to 256 [ 537.847449][T12506] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 537.975973][ T4100] Bluetooth: hci3: command 0x0409 tx timeout [ 538.044427][T10405] bond0 (unregistering): Released all slaves [ 538.058951][T12512] loop4: detected capacity change from 0 to 256 [ 538.455481][T12514] loop4: detected capacity change from 0 to 8 [ 538.624875][T12514] SQUASHFS error: zlib decompression failed, data probably corrupt [ 538.662533][T12514] SQUASHFS error: Failed to read block 0x9b: -5 [ 538.685800][T12514] SQUASHFS error: Unable to read metadata cache entry [99] [ 538.693133][T12514] SQUASHFS error: Unable to read inode 0x127 [ 538.861364][ T4946] sysv_free_block: flc_count > flc_size [ 538.896726][T12520] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 538.932751][T12491] chnl_net:caif_netlink_parms(): no params data found [ 538.945811][ T4946] sysv_free_block: flc_count > flc_size [ 538.960074][ T4946] sysv_free_block: flc_count > flc_size [ 538.991063][ T4946] sysv_free_block: flc_count > flc_size [ 539.004790][ T4946] sysv_free_block: flc_count > flc_size [ 539.014333][ T4946] sysv_free_block: flc_count > flc_size [ 539.028374][ T4946] sysv_free_block: flc_count > flc_size [ 539.064392][ T4946] sysv_free_block: flc_count > flc_size [ 539.076245][ T4946] sysv_free_block: flc_count > flc_size [ 539.085528][ T4946] sysv_free_block: flc_count > flc_size [ 539.098306][T12402] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 539.105995][ T4946] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 539.168216][T12402] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 539.221530][T12402] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 539.294900][T12402] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 539.347427][T12491] bridge0: port 1(bridge_slave_0) entered blocking state [ 539.375888][T12491] bridge0: port 1(bridge_slave_0) entered disabled state [ 539.384078][T12491] device bridge_slave_0 entered promiscuous mode [ 539.484093][T12491] bridge0: port 2(bridge_slave_1) entered blocking state [ 539.493587][T12491] bridge0: port 2(bridge_slave_1) entered disabled state [ 539.512179][T12491] device bridge_slave_1 entered promiscuous mode [ 539.552322][ T4946] syz-executor.1 (4946) used greatest stack depth: 18296 bytes left [ 539.637778][T12491] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 539.656422][ T4100] Bluetooth: hci5: command 0x0419 tx timeout [ 539.667363][T12531] loop4: detected capacity change from 0 to 2048 [ 539.692462][T12491] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 539.759793][T12531] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 539.788515][T12402] 8021q: adding VLAN 0 to HW filter on device bond0 [ 539.814113][T12491] team0: Port device team_slave_0 added [ 539.855187][T12402] 8021q: adding VLAN 0 to HW filter on device team0 [ 539.911079][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 539.934154][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 539.957764][T12491] team0: Port device team_slave_1 added [ 539.990130][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 540.006686][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 540.028437][ T3918] bridge0: port 1(bridge_slave_0) entered blocking state [ 540.035541][ T3918] bridge0: port 1(bridge_slave_0) entered forwarding state [ 540.055807][ T4100] Bluetooth: hci3: command 0x041b tx timeout [ 540.074987][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 540.092829][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 540.146565][ T3918] bridge0: port 2(bridge_slave_1) entered blocking state [ 540.153651][ T3918] bridge0: port 2(bridge_slave_1) entered forwarding state [ 540.260507][T12529] loop0: detected capacity change from 0 to 32768 [ 540.268139][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 540.292050][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 540.306123][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 540.316921][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 540.337956][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 540.362783][T12529] jfs_mount: dbMount failed w/rc = -22 [ 540.369266][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 540.377616][T12529] Mount JFS Failure: -22 [ 540.381869][T12529] jfs_mount failed w/return code = -22 [ 540.390680][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 540.424018][T12402] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 540.444529][T12402] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 540.469585][T12491] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 540.485731][T12491] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 540.565737][T12491] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 540.597065][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 540.616957][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 540.636260][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 540.677132][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 540.688004][ T26] audit: type=1800 audit(1717156240.928:621): pid=12543 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1951 res=0 errno=0 [ 540.709714][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 540.740980][T12491] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 540.751760][T12491] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 540.812726][T12491] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 540.835636][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 540.972475][T12491] device hsr_slave_0 entered promiscuous mode [ 540.993322][T12491] device hsr_slave_1 entered promiscuous mode [ 541.240672][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 541.254035][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 541.283771][T12402] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 541.354518][T12491] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 541.409975][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 541.434444][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 541.499206][T12491] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 541.567273][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 541.576379][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 541.587179][T12402] device veth0_vlan entered promiscuous mode [ 541.618319][T12402] device veth1_vlan entered promiscuous mode [ 541.637500][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 541.645945][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 541.653814][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 541.736139][T12491] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 541.811885][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 541.830972][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 541.866965][T12402] device veth0_macvtap entered promiscuous mode [ 541.874146][T12491] batman_adv: batadv1: Interface deactivated: netdevsim0 [ 541.887500][T12555] loop0: detected capacity change from 0 to 1764 [ 541.951364][T12491] batman_adv: batadv1: Removing interface: netdevsim0 [ 542.009071][T12491] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 542.009581][T12547] loop4: detected capacity change from 0 to 32768 [ 542.064798][T12402] device veth1_macvtap entered promiscuous mode [ 542.102092][T12402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.114221][T12402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.125344][T12402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.135945][ T4100] Bluetooth: hci3: command 0x040f tx timeout [ 542.136639][T12402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.152481][T12402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.163287][T12547] XFS (loop4): Mounting V5 Filesystem [ 542.195597][T12402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.228660][T12402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.241607][T12402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.248588][T12547] XFS (loop4): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 542.254996][T12402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.291344][T12402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.313793][T12547] XFS (loop4): Starting recovery (logdev: internal) [ 542.325528][T12402] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 542.355618][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 542.364527][T12547] XFS (loop4): Ending recovery (logdev: internal) [ 542.371055][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 542.374131][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 542.388055][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 542.400292][T12402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.457434][T12402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.481908][T12402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.493447][ T26] audit: type=1804 audit(1717156242.738:622): pid=12547 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3937378578/syzkaller.alcgxV/164/file1/bus" dev="loop4" ino=4425 res=1 errno=0 [ 542.504037][T12402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.532704][T12402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.551474][T12402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.565867][T12402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.584254][ T26] audit: type=1804 audit(1717156242.788:623): pid=12547 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir3937378578/syzkaller.alcgxV/164/file1/bus" dev="loop4" ino=4425 res=1 errno=0 [ 542.620277][T12402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.643813][T12402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.656977][T12402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.669895][T12402] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 542.675412][T10164] XFS (loop4): Unmounting Filesystem [ 542.685361][T12402] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.702587][T12402] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.712502][T12402] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.721260][T12402] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.737144][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 542.753950][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 542.890147][T12574] netlink: 'syz-executor.0': attribute type 8 has an invalid length. [ 542.933651][T12574] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 542.962684][T12491] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 542.983592][T12574] netlink: 193500 bytes leftover after parsing attributes in process `syz-executor.0'. [ 543.010886][T12491] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 543.033853][T12491] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 543.066594][T12491] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 543.091415][ T4363] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 543.118363][ T4363] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 543.158869][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 543.189121][ T26] audit: type=1800 audit(1717156243.428:624): pid=12576 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1934 res=0 errno=0 [ 543.246448][T10396] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 543.282882][T10396] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 543.336330][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 543.463109][T12491] 8021q: adding VLAN 0 to HW filter on device bond0 [ 543.493351][T12583] sctp: [Deprecated]: syz-executor.3 (pid 12583) Use of int in maxseg socket option. [ 543.493351][T12583] Use struct sctp_assoc_value instead [ 543.521024][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 543.531920][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 543.560525][T12491] 8021q: adding VLAN 0 to HW filter on device team0 [ 543.588828][ T3917] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 543.604290][ T3917] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 543.622416][ T3917] bridge0: port 1(bridge_slave_0) entered blocking state [ 543.629558][ T3917] bridge0: port 1(bridge_slave_0) entered forwarding state [ 543.671505][ T3917] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 543.689080][ T3917] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 543.712356][ T3917] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 543.739128][ T3917] bridge0: port 2(bridge_slave_1) entered blocking state [ 543.746287][ T3917] bridge0: port 2(bridge_slave_1) entered forwarding state [ 543.766414][ T3917] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 543.800722][T12591] loop4: detected capacity change from 0 to 1764 [ 543.866680][T12594] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 543.866680][T12594] The task syz-executor.3 (12594) triggered the difference, watch for misbehavior. [ 543.949913][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 543.985411][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 544.016074][ T3918] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 544.024597][T12579] loop0: detected capacity change from 0 to 32768 [ 544.059145][T12491] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 544.074132][T12491] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 544.086882][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 544.106048][T12579] jfs_mount: dbMount failed w/rc = -22 [ 544.112973][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 544.121327][T12579] Mount JFS Failure: -22 [ 544.125654][T12579] jfs_mount failed w/return code = -22 [ 544.134728][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 544.142927][ T26] audit: type=1800 audit(1717156244.378:625): pid=12597 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1960 res=0 errno=0 [ 544.165151][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 544.173938][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 544.182766][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 544.191628][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 544.216226][ T4493] Bluetooth: hci3: command 0x0419 tx timeout [ 544.251821][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 544.484433][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 544.495522][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 544.572663][T12491] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 544.622998][T12610] loop0: detected capacity change from 0 to 1024 [ 544.625837][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 544.651665][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 544.738705][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 544.761373][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 544.766829][ T26] audit: type=1800 audit(1717156244.998:626): pid=12614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1960 res=0 errno=0 [ 544.784530][T12491] device veth0_vlan entered promiscuous mode [ 544.803996][ T4363] hfsplus: b-tree write err: -5, ino 4 [ 544.810682][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 544.830861][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 544.931337][T12491] device veth1_vlan entered promiscuous mode [ 544.951942][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 544.970040][T12616] loop0: detected capacity change from 0 to 256 [ 545.027607][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 545.039676][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 545.055174][T12616] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 545.062089][T12491] device veth0_macvtap entered promiscuous mode [ 545.147046][T12491] device veth1_macvtap entered promiscuous mode [ 545.221070][T12491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 545.244885][T12491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.265636][T12491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 545.289466][T12623] sctp: [Deprecated]: syz-executor.3 (pid 12623) Use of int in maxseg socket option. [ 545.289466][T12623] Use struct sctp_assoc_value instead [ 545.292878][T12491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.324550][T12491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 545.336549][T12491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.355619][T12608] loop1: detected capacity change from 0 to 32768 [ 545.386056][T12491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 545.405711][T12491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.415535][T12491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 545.440599][T12491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.458091][T12491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 545.484394][T12491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.499192][T12491] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 545.516848][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 545.527327][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 545.535517][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 545.572072][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 545.584504][T12491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 545.617063][T12608] XFS (loop1): Mounting V5 Filesystem [ 545.651096][T12491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.714862][T12633] loop0: detected capacity change from 0 to 1764 [ 545.722983][T12491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 545.758983][T12491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.776984][T12491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 545.796019][T12491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.805074][T12608] XFS (loop1): Ending clean mount [ 545.807977][T12491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 545.814553][T12608] XFS (loop1): Quotacheck needed: Please wait. [ 545.829194][T12491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.846917][T12491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 545.871291][T12491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.892844][T12491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 545.911865][T12491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.931089][T12491] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 545.963824][T12608] XFS (loop1): Quotacheck: Done. [ 545.991971][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 546.005496][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 546.024681][T12491] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 546.040022][T12491] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 546.055722][T12491] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 546.074105][T12491] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 546.081179][T12622] loop4: detected capacity change from 0 to 32768 [ 546.329838][T12402] XFS (loop1): Unmounting Filesystem [ 546.446015][T12642] loop0: detected capacity change from 0 to 4096 [ 546.453772][T10416] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 546.462720][T10416] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 546.479723][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 546.528485][T12642] ntfs3: loop0: ino=3, Correct links count -> 2. [ 546.710669][T10416] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 546.765858][T10416] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 546.806325][T10405] device hsr_slave_0 left promiscuous mode [ 546.819468][T10405] device hsr_slave_1 left promiscuous mode [ 546.846187][T10405] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 546.854240][T10405] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 546.898287][T10405] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 546.925878][T10405] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 546.957191][T10405] device bridge_slave_1 left promiscuous mode [ 546.963403][T10405] bridge0: port 2(bridge_slave_1) entered disabled state [ 547.005280][T10405] device bridge_slave_0 left promiscuous mode [ 547.031040][T10405] bridge0: port 1(bridge_slave_0) entered disabled state [ 547.070762][T10405] device hsr_slave_0 left promiscuous mode [ 547.092295][T10405] device hsr_slave_1 left promiscuous mode [ 547.116123][T10405] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 547.123599][T10405] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 547.145493][T10405] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 547.156628][T10405] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 547.175278][T10405] device bridge_slave_1 left promiscuous mode [ 547.187258][T10405] bridge0: port 2(bridge_slave_1) entered disabled state [ 547.206337][T10405] device bridge_slave_0 left promiscuous mode [ 547.215007][T10405] bridge0: port 1(bridge_slave_0) entered disabled state [ 547.226334][T12656] loop0: detected capacity change from 0 to 4096 [ 547.276221][T10405] device veth1_macvtap left promiscuous mode [ 547.289001][T10405] device veth0_macvtap left promiscuous mode [ 547.295521][T12656] ntfs3: loop0: ino=3, Correct links count -> 2. [ 547.299722][T10405] device veth1_vlan left promiscuous mode [ 547.309345][T10405] device veth0_vlan left promiscuous mode [ 547.325966][T10405] device veth1_macvtap left promiscuous mode [ 547.346104][T10405] device veth0_macvtap left promiscuous mode [ 547.352603][T10405] device veth1_vlan left promiscuous mode [ 547.360438][T10405] device veth0_vlan left promiscuous mode [ 547.789748][T12662] input: syz1 as /devices/virtual/input/input30 [ 547.823156][T12651] loop4: detected capacity change from 0 to 32768 [ 547.915136][T12651] XFS (loop4): Mounting V5 Filesystem [ 548.040428][T12651] XFS (loop4): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 548.138034][T12651] XFS (loop4): Starting recovery (logdev: internal) [ 548.187945][T12651] XFS (loop4): Ending recovery (logdev: internal) [ 548.270596][ T26] audit: type=1804 audit(1717156248.508:627): pid=12651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3937378578/syzkaller.alcgxV/170/file1/bus" dev="loop4" ino=4425 res=1 errno=0 [ 548.339291][ T26] audit: type=1804 audit(1717156248.568:628): pid=12651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir3937378578/syzkaller.alcgxV/170/file1/bus" dev="loop4" ino=4425 res=1 errno=0 [ 548.348741][T10405] team0 (unregistering): Port device team_slave_1 removed [ 548.398866][T10164] XFS (loop4): Unmounting Filesystem [ 548.487958][T10405] team0 (unregistering): Port device team_slave_0 removed [ 548.548960][T10405] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 548.595979][T10405] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 548.674196][T12681] loop1: detected capacity change from 0 to 32768 [ 548.733766][T12681] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz-executor.1 (12681) [ 548.838766][T12681] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 548.838822][T12681] BTRFS info (device loop1): using free space tree [ 548.861020][T10405] bond0 (unregistering): Released all slaves [ 548.872232][T12681] BTRFS info (device loop1): has skinny extents [ 549.049302][T12681] BTRFS info (device loop1): enabling ssd optimizations [ 549.083071][ T26] audit: type=1800 audit(1717156249.318:629): pid=12681 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 errno=0 [ 549.224106][ T26] audit: type=1326 audit(1717156249.348:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12699 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f504f8d3ee9 code=0x7fc00000 [ 549.305787][ T26] audit: type=1326 audit(1717156249.398:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12699 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f504f8d3ee9 code=0x7fc00000 [ 549.339317][T10405] team0 (unregistering): Port device team_slave_1 removed [ 549.385758][ T26] audit: type=1326 audit(1717156249.398:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12699 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f504f8d3ee9 code=0x7fc00000 [ 549.412079][T10405] team0 (unregistering): Port device team_slave_0 removed [ 549.454845][ T26] audit: type=1326 audit(1717156249.398:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12699 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f504f8d3ee9 code=0x7fc00000 [ 549.457598][T10405]  (unregistering): (slave bond_slave_1): Releasing backup interface [ 549.518918][ T26] audit: type=1800 audit(1717156249.398:635): pid=12713 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file2" dev="loop1" ino=261 res=0 errno=0 [ 549.587761][ T26] audit: type=1326 audit(1717156249.398:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12699 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f504f8d3ee9 code=0x7fc00000 [ 549.665323][ T26] audit: type=1326 audit(1717156249.398:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12699 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f504f8d3ee9 code=0x7fc00000 [ 549.942435][T10405]  (unregistering): (slave bond_slave_0): Releasing backup interface [ 550.266384][T10405]  (unregistering): Released all slaves [ 550.389634][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 550.479254][T12733] loop2: detected capacity change from 0 to 256 [ 550.751782][T12750] vxcan0: tx drop: invalid sa for name 0x0000000000000001 [ 551.244126][T12762] team0: Device veth0_macvtap failed to register rx_handler [ 551.353307][T12764] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 551.516887][T12743] loop1: detected capacity change from 0 to 32768 [ 551.582363][T12743] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz-executor.1 (12743) [ 551.654490][T12778] vxcan0: tx drop: invalid sa for name 0x0000000000000001 [ 551.675976][T12743] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 551.700916][T12743] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 551.752547][T12743] BTRFS info (device loop1): use zstd compression, level 3 [ 551.787617][T12743] BTRFS info (device loop1): using free space tree [ 551.800886][T12743] BTRFS info (device loop1): has skinny extents [ 551.883773][T12787] loop0: detected capacity change from 0 to 512 [ 551.891378][T12793] 9pnet: p9_errstr2errno: server reported unknown error @hQIt [ 552.054505][T12743] BTRFS info (device loop1): enabling ssd optimizations [ 552.063498][T12787] EXT4-fs (loop0): fragment/cluster size (4096) != block size (1024) [ 552.073527][T12743] BTRFS info (device loop1): checking UUID tree [ 553.158989][T12825] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 553.256763][T12806] loop4: detected capacity change from 0 to 32768 [ 553.350344][T12812] loop2: detected capacity change from 0 to 32768 [ 553.375094][T12806] XFS (loop4): Mounting V5 Filesystem [ 553.493017][T12812] XFS (loop2): Mounting V5 Filesystem [ 553.504401][T12806] XFS (loop4): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 553.619330][T12812] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 553.674111][T12812] XFS (loop2): Starting recovery (logdev: internal) [ 553.688457][T12806] XFS (loop4): Starting recovery (logdev: internal) [ 553.719336][T12812] XFS (loop2): Ending recovery (logdev: internal) [ 553.730686][T12806] XFS (loop4): Ending recovery (logdev: internal) [ 553.747341][T12852] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 553.773473][T12820] loop0: detected capacity change from 0 to 32768 [ 553.929394][T10164] XFS (loop4): Unmounting Filesystem [ 553.944451][T12869] loop1: detected capacity change from 0 to 512 [ 554.035299][T12820] XFS (loop0): Mounting V5 Filesystem [ 554.036211][T12491] XFS (loop2): Unmounting Filesystem [ 554.053633][T12869] EXT4-fs (loop1): fragment/cluster size (4096) != block size (1024) [ 554.228147][T12820] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 554.311767][T12820] XFS (loop0): Starting recovery (logdev: internal) [ 554.405127][T12820] XFS (loop0): Ending recovery (logdev: internal) [ 554.696193][T12887] loop4: detected capacity change from 0 to 512 [ 554.702792][T11438] XFS (loop0): Unmounting Filesystem [ 554.792081][T12893] loop1: detected capacity change from 0 to 256 [ 554.804122][T12887] EXT4-fs (loop4): fragment/cluster size (4096) != block size (1024) [ 554.851043][T12895] loop2: detected capacity change from 0 to 512 [ 554.993274][T12895] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2802e02c, mo2=0002] [ 555.003903][T12893] exFAT-fs (loop1): error, invalid access to FAT (entry 0x00000005) bogus content (0x00000001) [ 555.027734][T12893] exFAT-fs (loop1): failed to load upcase table [ 555.034182][T12895] System zones: 1-12 [ 555.045126][T12893] exFAT-fs (loop1): failed to recognize exfat type [ 555.067919][T12895] EXT4-fs error (device loop2): __ext4_iget:4861: inode #11: block 393240: comm syz-executor.2: invalid block [ 555.156296][T12895] EXT4-fs (loop2): Remounting filesystem read-only [ 555.165212][T12895] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 11 (err -117) [ 555.194479][T12895] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,bsdgroups,noinit_itable,errors=remount-ro,max_batch_time=0x0000000000000001. Quota mode: none. [ 555.423496][T12911] loop2: detected capacity change from 0 to 512 [ 555.428046][T12910] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 555.518154][T12911] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 555.541010][T12911] EXT4-fs (loop2): 1 truncate cleaned up [ 555.545936][T12910] 8021q: adding VLAN 0 to HW filter on device bond1 [ 555.551270][T12919] loop0: detected capacity change from 0 to 512 [ 555.571384][T12911] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_dev=0x0000000000000009,noblock_validity,usrquota,journal_dev=0x0000000000000002,debug_want_extra_isize=0x0000000000000008,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9f,nodiscard,,errors=continue. Quota mode: writeback. [ 555.576678][T12916] 8021q: adding VLAN 0 to HW filter on device bond1 [ 555.607538][T12916] bond1: (slave ip6tnl1): The slave device specified does not support setting the MAC address [ 555.618956][T12916] bond1: (slave ip6tnl1): Error -95 calling set_mac_address [ 555.701036][T12919] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 555.743036][T12919] EXT4-fs (loop0): 1 truncate cleaned up [ 555.761896][T12919] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_dev=0x0000000000000009,noblock_validity,usrquota,journal_dev=0x0000000000000002,debug_want_extra_isize=0x0000000000000008,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9f,nodiscard,,errors=continue. Quota mode: writeback. [ 555.936504][ T26] kauditd_printk_skb: 1776 callbacks suppressed [ 555.936520][ T26] audit: type=1804 audit(1717156256.178:2413): pid=12922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2479742871/syzkaller.1O1hhQ/74/file0" dev="sda1" ino=1954 res=1 errno=0 [ 556.046591][T12924] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 556.188855][T12924] 8021q: adding VLAN 0 to HW filter on device bond2 [ 556.320415][T12927] 8021q: adding VLAN 0 to HW filter on device bond2 [ 556.415501][T12927] bond2: (slave ip6tnl1): The slave device specified does not support setting the MAC address [ 556.442356][T12914] loop1: detected capacity change from 0 to 32768 [ 556.505085][T12927] bond2: (slave ip6tnl1): Error -95 calling set_mac_address [ 556.521790][T12914] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz-executor.1 (12914) [ 556.563815][T12935] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 556.573378][T12935] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 556.598933][T12914] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 556.622410][T12914] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 556.645113][T12914] BTRFS info (device loop1): use zstd compression, level 3 [ 556.652764][T12914] BTRFS info (device loop1): using free space tree [ 556.667962][T12914] BTRFS info (device loop1): has skinny extents [ 556.820361][T12957] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 556.843050][T12914] BTRFS info (device loop1): enabling ssd optimizations [ 556.852354][T12914] BTRFS info (device loop1): checking UUID tree [ 557.044937][T12967] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 557.108136][T12926] loop2: detected capacity change from 0 to 32768 [ 557.383704][T12926] XFS (loop2): Mounting V5 Filesystem [ 557.542580][T12926] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 557.593531][T12926] XFS (loop2): Starting recovery (logdev: internal) [ 557.621438][T12996] Unsupported ieee802154 address type: 0 [ 557.631848][T12926] XFS (loop2): Ending recovery (logdev: internal) [ 557.715832][T12998] loop1: detected capacity change from 0 to 256 [ 557.743292][T12491] XFS (loop2): Unmounting Filesystem [ 558.024761][T13014] fuse: Bad value for 'fd' [ 559.166142][ T26] audit: type=1800 audit(1717156259.408:2414): pid=13064 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1967 res=0 errno=0 [ 559.236140][T13066] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 559.254479][T13066] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 559.311441][T13068] loop2: detected capacity change from 0 to 256 [ 559.393160][T13068] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 559.432402][T13039] loop4: detected capacity change from 0 to 32768 [ 559.558666][T13039] XFS (loop4): Mounting V5 Filesystem [ 559.575381][T13076] loop0: detected capacity change from 0 to 1024 [ 559.685605][T13076] hfsplus: extend alloc file! (8192,65536,366) [ 559.706001][T13039] XFS (loop4): Ending clean mount [ 559.713809][T13039] XFS (loop4): Quotacheck needed: Please wait. [ 559.738009][T13085] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 559.806040][T13076] kvm: vcpu 0: requested 394 ns lapic timer period limited to 200000 ns [ 559.910328][T13039] XFS (loop4): Quotacheck: Done. [ 560.001769][T10164] XFS (loop4): Unmounting Filesystem [ 560.185742][ T3915] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 560.257417][ T26] audit: type=1800 audit(1717156260.498:2415): pid=13097 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1951 res=0 errno=0 [ 560.577815][ T3915] usb 1-1: config 0 has no interfaces? [ 560.634484][T13108] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 560.676060][ T3915] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 560.720521][ T3915] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 560.746427][ T3915] usb 1-1: SerialNumber: syz [ 560.754157][ T3915] usb 1-1: config 0 descriptor?? [ 560.889204][T13113] loop4: detected capacity change from 0 to 4096 [ 560.963071][T13113] ntfs: (device loop4): ntfs_read_inode_mount(): $MFT must be non-resident but a resident extent was found. $MFT is corrupt. Run chkdsk. [ 561.012291][T13113] ntfs: (device loop4): ntfs_read_inode_mount(): Failed. Marking inode as bad. [ 561.192180][ T3915] usb 1-1: USB disconnect, device number 14 [ 561.397539][ T26] audit: type=1800 audit(1717156261.638:2416): pid=13126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1958 res=0 errno=0 [ 561.482483][T13129] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 561.514376][T13132] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 561.611303][T13136] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 561.972101][T13160] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 562.077349][T13164] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 562.119885][T13168] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 562.523585][T13174] loop2: detected capacity change from 0 to 4096 [ 562.622321][T13174] ntfs: (device loop2): ntfs_read_inode_mount(): $MFT must be non-resident but a resident extent was found. $MFT is corrupt. Run chkdsk. [ 562.665851][T13174] ntfs: (device loop2): ntfs_read_inode_mount(): Failed. Marking inode as bad. [ 562.797353][ T1377] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.831512][T13152] loop0: detected capacity change from 0 to 32768 [ 562.951833][T13192] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 563.039480][T13152] XFS (loop0): Mounting V5 Filesystem [ 563.211038][T13152] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 563.300676][T13152] XFS (loop0): Starting recovery (logdev: internal) [ 563.357463][T13152] XFS (loop0): Ending recovery (logdev: internal) [ 563.358367][T13210] loop2: detected capacity change from 0 to 2048 [ 563.485635][T13218] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 563.486058][T13210] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 563.596984][T13218] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 563.686577][T11438] XFS (loop0): Unmounting Filesystem [ 564.624294][T13217] loop4: detected capacity change from 0 to 40427 [ 564.696835][T13217] F2FS-fs (loop4): invalid crc value [ 564.742426][T13217] F2FS-fs (loop4): Found nat_bits in checkpoint [ 564.884348][T13217] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1 [ 564.926962][T13217] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 564.964066][T13217] F2FS-fs (loop4): switch extent_cache option is not allowed [ 565.061972][T10164] attempt to access beyond end of device [ 565.061972][T10164] loop4: rw=2049, want=45104, limit=40427 [ 565.369077][T13264] loop2: detected capacity change from 0 to 16 [ 565.427259][T13264] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 565.514925][T13264] cramfs: Error -3 while decompressing! [ 565.542580][T13264] cramfs: ffffffff9151c2a8(27)->ffff88802f4e5000(4096) [ 565.562007][T13264] cramfs: Error -3 while decompressing! [ 565.580726][T13264] cramfs: ffffffff9151c2c3(16)->ffff888051346000(4096) [ 565.588410][T13264] cramfs: Error -3 while decompressing! [ 565.607757][T13264] cramfs: ffffffff915182a8(27)->ffff88802f4e5000(4096) [ 565.623554][ T26] audit: type=1800 audit(1717156265.858:2417): pid=13264 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="file2" dev="loop2" ino=348 res=0 errno=0 [ 565.687910][T13269] loop0: detected capacity change from 0 to 1024 [ 565.772264][T13269] hfsplus: extend alloc file! (8192,65536,366) [ 565.929790][T13269] kvm: vcpu 0: requested 394 ns lapic timer period limited to 200000 ns [ 566.223848][ T4493] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 566.367610][T13290] loop4: detected capacity change from 0 to 1024 [ 566.452752][T13290] hfsplus: extend alloc file! (8192,65536,366) [ 566.590999][ T4493] usb 1-1: config 0 has no interfaces? [ 566.606894][T13290] kvm: vcpu 0: requested 394 ns lapic timer period limited to 200000 ns [ 566.681563][ T4493] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 566.694231][ T4493] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 566.714916][ T4493] usb 1-1: SerialNumber: syz [ 566.726890][T13275] loop2: detected capacity change from 0 to 40427 [ 566.734947][ T4493] usb 1-1: config 0 descriptor?? [ 566.805196][T13275] F2FS-fs (loop2): invalid crc value [ 566.844229][T13275] F2FS-fs (loop2): Found nat_bits in checkpoint [ 566.895824][ T3570] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 566.948410][T13275] F2FS-fs (loop2): Cannot turn on quotas: -2 on 1 [ 566.978112][T13275] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 567.056805][T13275] F2FS-fs (loop2): switch extent_cache option is not allowed [ 567.129144][T12491] attempt to access beyond end of device [ 567.129144][T12491] loop2: rw=2049, want=45104, limit=40427 [ 567.157109][ T4493] usb 1-1: USB disconnect, device number 15 [ 567.271508][ T3570] usb 5-1: config 0 has no interfaces? [ 567.356018][ T3570] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 567.374773][ T3570] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 567.397648][ T3570] usb 5-1: SerialNumber: syz [ 567.456806][ T3570] usb 5-1: config 0 descriptor?? [ 568.030187][ T1281] usb 5-1: USB disconnect, device number 13 [ 568.479999][T13328] loop2: detected capacity change from 0 to 16 [ 568.556900][T13328] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 568.589079][T13328] cramfs: Error -3 while decompressing! [ 568.602576][T13328] cramfs: ffffffff9151c2a8(27)->ffff888033aba000(4096) [ 568.626247][T13328] cramfs: Error -3 while decompressing! [ 568.639742][T13328] cramfs: ffffffff9151c2c3(16)->ffff888049b39000(4096) [ 568.663779][T13328] cramfs: Error -3 while decompressing! [ 568.678722][T13328] cramfs: ffffffff915182a8(27)->ffff888033aba000(4096) [ 568.696195][ T26] audit: type=1800 audit(1717156268.938:2418): pid=13328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="file2" dev="loop2" ino=348 res=0 errno=0 [ 568.893645][T13345] loop0: detected capacity change from 0 to 256 [ 568.975376][T13345] exFAT-fs (loop0): error, invalid access to FAT (entry 0x00000005) bogus content (0x00000001) [ 569.034443][T13345] exFAT-fs (loop0): failed to load upcase table [ 569.066889][T13345] exFAT-fs (loop0): failed to recognize exfat type [ 569.187564][T13356] loop2: detected capacity change from 0 to 1024 [ 569.291977][T13356] hfsplus: extend alloc file! (8192,65536,366) [ 569.301664][T13364] loop4: detected capacity change from 0 to 16 [ 569.346829][T13364] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 569.401840][T13364] cramfs: Error -3 while decompressing! [ 569.408086][T13364] cramfs: ffffffff9151c2a8(27)->ffff888038127000(4096) [ 569.435328][T13364] cramfs: Error -3 while decompressing! [ 569.448966][T13364] cramfs: ffffffff9151c2c3(16)->ffff888026a9a000(4096) [ 569.456010][T13356] kvm: vcpu 0: requested 394 ns lapic timer period limited to 200000 ns [ 569.487185][T13364] cramfs: Error -3 while decompressing! [ 569.505346][T13364] cramfs: ffffffff915182a8(27)->ffff888038127000(4096) [ 569.535755][ T26] audit: type=1800 audit(1717156269.768:2419): pid=13364 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.4" name="file2" dev="loop4" ino=348 res=0 errno=0 [ 569.745979][ T3609] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 569.780432][T13378] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 569.798326][T13376] device vlan2 entered promiscuous mode [ 569.997338][T13385] loop4: detected capacity change from 0 to 16 [ 570.047388][T13385] erofs: (device loop4): mounted with root inode @ nid 36. [ 570.156059][ T3609] usb 3-1: config 0 has no interfaces? [ 570.201445][ T26] audit: type=1800 audit(1717156270.438:2420): pid=13392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="/" dev="fuse" ino=1 res=0 errno=0 [ 570.245953][ T3609] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 570.255011][ T3609] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 570.289001][ T3609] usb 3-1: SerialNumber: syz [ 570.301097][ T3609] usb 3-1: config 0 descriptor?? [ 570.307614][T13398] loop4: detected capacity change from 0 to 16 [ 570.378137][T13398] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 570.398243][T13398] cramfs: Error -3 while decompressing! [ 570.416025][T13398] cramfs: ffffffff9151c2a8(27)->ffff88802d001000(4096) [ 570.434786][T13398] cramfs: Error -3 while decompressing! [ 570.452103][T13398] cramfs: ffffffff9151c2c3(16)->ffff888028bba000(4096) [ 570.467878][T13398] cramfs: Error -3 while decompressing! [ 570.482657][T13402] fscrypt: AES-128-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 570.492531][T13398] cramfs: ffffffff915182a8(27)->ffff88802d001000(4096) [ 570.503111][ T26] audit: type=1800 audit(1717156270.738:2421): pid=13398 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.4" name="file2" dev="loop4" ino=348 res=0 errno=0 [ 570.648309][T13404] netlink: 'syz-executor.0': attribute type 5 has an invalid length. [ 570.739886][ T3915] usb 3-1: USB disconnect, device number 19 [ 571.006743][T13419] loop1: detected capacity change from 0 to 16 [ 571.065946][T13419] erofs: (device loop1): mounted with root inode @ nid 36. [ 571.153649][T13423] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 571.178877][T13423] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 571.199298][T13422] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 571.304326][T13406] loop4: detected capacity change from 0 to 32768 [ 571.355134][T13430] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 571.440593][T13406] XFS (loop4): Mounting V5 Filesystem [ 571.448141][T13441] netlink: 'syz-executor.1': attribute type 5 has an invalid length. [ 571.450059][T13439] loop2: detected capacity change from 0 to 1024 [ 571.529348][T13432] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 571.568905][T13406] XFS (loop4): Ending clean mount [ 571.580128][T13406] XFS (loop4): Quotacheck needed: Please wait. [ 571.654854][T13406] XFS (loop4): Quotacheck: Done. [ 571.710468][T13450] device vlan2 entered promiscuous mode [ 571.810745][T13454] loop1: detected capacity change from 0 to 128 [ 571.889143][T10164] XFS (loop4): Unmounting Filesystem [ 572.011771][T13461] fuse: Bad value for 'fd' [ 572.200829][T13468] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. [ 572.568095][T13483] loop4: detected capacity change from 0 to 1024 [ 572.631642][T13483] hfsplus: extend alloc file! (8192,65536,366) [ 572.795031][T13483] kvm: vcpu 0: requested 394 ns lapic timer period limited to 200000 ns [ 573.085798][ T4495] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 573.377843][T13480] loop2: detected capacity change from 0 to 40427 [ 573.447734][T13480] F2FS-fs (loop2): invalid crc value [ 573.475875][ T4495] usb 5-1: config 0 has no interfaces? [ 573.500687][T13480] F2FS-fs (loop2): Found nat_bits in checkpoint [ 573.524253][T13489] loop1: detected capacity change from 0 to 32768 [ 573.556215][ T4495] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 573.571126][ T4495] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 573.579878][T13489] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz-executor.1 (13489) [ 573.601720][ T4495] usb 5-1: SerialNumber: syz [ 573.619747][ T4495] usb 5-1: config 0 descriptor?? [ 573.638650][T13489] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 573.647156][T13480] F2FS-fs (loop2): Cannot turn on quotas: -2 on 1 [ 573.653632][T13489] BTRFS info (device loop1): doing ref verification [ 573.677330][T13489] BTRFS info (device loop1): enabling ssd optimizations [ 573.685631][T13480] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 573.695965][T13489] BTRFS info (device loop1): max_inline at 4096 [ 573.710485][T13489] BTRFS info (device loop1): max_inline at 3 [ 573.723637][T13489] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 573.747368][T13489] BTRFS info (device loop1): use zstd compression, level 3 [ 573.759699][T13480] F2FS-fs (loop2): switch extent_cache option is not allowed [ 573.770744][T13489] BTRFS info (device loop1): not using ssd optimizations [ 573.786825][T13489] BTRFS info (device loop1): using free space tree [ 573.802724][T13489] BTRFS info (device loop1): has skinny extents [ 573.921140][T12491] attempt to access beyond end of device [ 573.921140][T12491] loop2: rw=2049, want=45104, limit=40427 [ 574.053581][ T3918] usb 5-1: USB disconnect, device number 14 [ 574.483188][T13514] loop2: detected capacity change from 0 to 1024 [ 575.145271][T13526] loop4: detected capacity change from 0 to 16 [ 575.259074][T13526] erofs: (device loop4): mounted with root inode @ nid 36. [ 575.613286][T13540] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. [ 575.627365][ T26] audit: type=1800 audit(1717156275.868:2422): pid=13541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="/" dev="fuse" ino=1 res=0 errno=0 [ 575.918045][T13545] loop2: detected capacity change from 0 to 1024 [ 576.341833][T13524] loop1: detected capacity change from 0 to 40427 [ 576.425701][ T26] audit: type=1800 audit(1717156276.658:2423): pid=13553 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="/" dev="fuse" ino=1 res=0 errno=0 [ 576.427694][T13524] F2FS-fs (loop1): invalid crc value [ 576.490683][T13555] loop4: detected capacity change from 0 to 16 [ 576.527479][T13524] F2FS-fs (loop1): Found nat_bits in checkpoint [ 576.561916][T13555] erofs: (device loop4): mounted with root inode @ nid 36. [ 576.645617][T13524] F2FS-fs (loop1): Cannot turn on quotas: -2 on 1 [ 576.680319][T13524] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 576.750256][T13562] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 576.756062][T13524] F2FS-fs (loop1): switch extent_cache option is not allowed [ 576.841326][T12402] attempt to access beyond end of device [ 576.841326][T12402] loop1: rw=2049, want=45104, limit=40427 [ 577.398168][T13572] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 577.643576][ T26] audit: type=1800 audit(1717156277.878:2424): pid=13586 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="/" dev="fuse" ino=1 res=0 errno=0 [ 577.670044][T13585] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 577.718470][ T4493] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 577.968937][ T4493] usb 2-1: Using ep0 maxpacket: 16 [ 578.089327][ T4493] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 578.113362][ T4493] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 578.149893][ T4493] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 578.174626][ T4493] usb 2-1: config 0 descriptor?? [ 578.215871][ T4495] Bluetooth: hci3: command 0x0411 tx timeout [ 578.646804][T13578] udc-core: couldn't find an available UDC or it's busy [ 578.653820][T13578] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 578.714673][ T4493] hid (null): report_id 2838798905 is invalid [ 578.722191][ T4493] hid (null): unknown global tag 0xc [ 578.722754][T13597] loop4: detected capacity change from 0 to 2048 [ 578.739255][ T4493] hid (null): unknown global tag 0xa5 [ 578.759541][ T4493] hid (null): unknown global tag 0xd [ 578.908801][ T4493] hid (null): unknown global tag 0xc [ 578.977720][ T4493] hid-generic 0003:0158:0100.000C: unknown main item tag 0x1 [ 579.605783][ T26] audit: type=1800 audit(1717156279.208:2425): pid=13600 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="/" dev="fuse" ino=1 res=0 errno=0 [ 579.650739][ T4493] hid-generic 0003:0158:0100.000C: unexpected long global item [ 579.658852][ T4493] hid-generic: probe of 0003:0158:0100.000C failed with error -22 [ 579.672000][ T4493] usb 2-1: USB disconnect, device number 16 [ 580.619561][T13619] loop1: detected capacity change from 0 to 256 [ 580.707730][T13619] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 581.381886][T13627] loop1: detected capacity change from 0 to 4096 [ 581.484221][T13627] ntfs3: loop1: mft corrupted [ 581.489243][T13627] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 581.503763][T13617] loop4: detected capacity change from 0 to 40427 [ 581.543517][T13627] ntfs3: loop1: mft corrupted [ 581.573720][T13617] F2FS-fs (loop4): invalid crc value [ 581.615212][T13617] F2FS-fs (loop4): Found nat_bits in checkpoint [ 581.733580][T13617] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1 [ 581.776382][T13617] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 581.836859][T13617] F2FS-fs (loop4): switch extent_cache option is not allowed [ 581.882176][ T26] audit: type=1800 audit(1717156282.118:2426): pid=13645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="/" dev="fuse" ino=1 res=0 errno=0 [ 581.903899][T10164] attempt to access beyond end of device [ 581.903899][T10164] loop4: rw=2049, want=45104, limit=40427 [ 581.905985][T13644] loop2: detected capacity change from 0 to 256 [ 581.971317][T13644] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 582.075520][ T26] audit: type=1400 audit(1717156282.308:2427): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=13643 comm="syz-executor.2" [ 582.387525][T13651] loop4: detected capacity change from 0 to 256 [ 582.487249][T13651] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 582.553514][ T26] audit: type=1400 audit(1717156282.788:2428): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=13650 comm="syz-executor.4" [ 582.580314][T13655] loop2: detected capacity change from 0 to 256 [ 582.609404][T13657] bridge0: port 1(bridge_slave_0) entered blocking state [ 582.640683][T13655] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 582.666481][T13657] bridge0: port 1(bridge_slave_0) entered disabled state [ 582.727059][T13657] device bridge_slave_0 entered promiscuous mode [ 583.772913][T13663] loop4: detected capacity change from 0 to 4096 [ 584.830439][T13663] ntfs3: loop4: mft corrupted [ 584.850396][T13663] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 585.675422][T13663] ntfs3: loop4: mft corrupted [ 585.780558][T13690] loop0: detected capacity change from 0 to 256 [ 585.854818][T13692] loop2: detected capacity change from 0 to 2048 [ 588.151566][T13690] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 589.285200][T13715] loop4: detected capacity change from 0 to 256 [ 589.359815][T13715] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 589.461346][T13722] loop2: detected capacity change from 0 to 256 [ 589.494332][ T26] audit: type=1400 audit(1717156289.728:2429): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=13714 comm="syz-executor.4" [ 589.530091][T13722] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 589.794392][T13727] loop4: detected capacity change from 0 to 128 [ 590.969185][T13741] loop4: detected capacity change from 0 to 256 [ 591.079657][T13741] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 591.081270][T13738] loop2: detected capacity change from 0 to 4096 [ 591.273693][ T26] audit: type=1400 audit(1717156291.408:2430): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=13740 comm="syz-executor.4" [ 592.182887][T13738] ntfs3: loop2: mft corrupted [ 592.210014][T13738] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 592.275358][T13738] ntfs3: loop2: mft corrupted [ 593.602134][T13765] loop2: detected capacity change from 0 to 256 [ 593.715279][T13765] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 596.763228][T13785] loop0: detected capacity change from 0 to 256 [ 596.883863][T13785] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 596.962926][T13790] loop2: detected capacity change from 0 to 2048 [ 597.852989][ T26] audit: type=1400 audit(1717156298.088:2431): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=13782 comm="syz-executor.0" [ 599.129388][ T26] audit: type=1800 audit(1717156299.358:2432): pid=13804 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=1945 res=0 errno=0 [ 599.194036][T13814] loop4: detected capacity change from 0 to 256 [ 599.204997][ T26] audit: type=1804 audit(1717156299.358:2433): pid=13804 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2479742871/syzkaller.1O1hhQ/133/file0" dev="sda1" ino=1945 res=1 errno=0 [ 600.084660][T13814] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 600.129998][T13820] loop0: detected capacity change from 0 to 256 [ 600.156617][ T26] audit: type=1400 audit(1717156300.388:2434): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=13813 comm="syz-executor.4" [ 600.336615][T13820] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 601.140404][ T3570] Bluetooth: hci2: command 0x0406 tx timeout [ 602.137863][T13840] loop2: detected capacity change from 0 to 2048 [ 602.352348][T13850] loop0: detected capacity change from 0 to 512 [ 604.606924][ T26] audit: type=1800 audit(1717156304.848:2435): pid=13877 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=1957 res=0 errno=0 [ 604.737345][ T26] audit: type=1804 audit(1717156304.938:2436): pid=13877 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir314898409/syzkaller.1vUaDp/116/file0" dev="sda1" ino=1957 res=1 errno=0 [ 604.893215][ T26] audit: type=1800 audit(1717156305.118:2437): pid=13887 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="sda1" ino=1965 res=0 errno=0 [ 604.917183][T13885] loop0: detected capacity change from 0 to 512 [ 604.962190][ T26] audit: type=1804 audit(1717156305.128:2438): pid=13887 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3937378578/syzkaller.alcgxV/273/file0" dev="sda1" ino=1965 res=1 errno=0 [ 605.662224][T13924] loop2: detected capacity change from 0 to 512 [ 605.815844][ T4495] Bluetooth: hci6: command 0x0406 tx timeout [ 605.965744][ T5567] ================================================================== [ 605.974581][ T5567] BUG: KASAN: use-after-free in sysv_new_inode+0x1062/0x11f0 [ 605.982149][ T5567] Read of size 2 at addr ffff888046b45f32 by task syz-executor.3/5567 [ 605.990303][ T5567] [ 605.992628][ T5567] CPU: 0 PID: 5567 Comm: syz-executor.3 Not tainted 5.15.160-syzkaller #0 [ 606.001127][ T5567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 606.011187][ T5567] Call Trace: [ 606.014464][ T5567] [ 606.017400][ T5567] dump_stack_lvl+0x1e3/0x2d0 [ 606.022090][ T5567] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 606.027729][ T5567] ? _printk+0xd1/0x120 [ 606.031895][ T5567] ? __wake_up_klogd+0xcc/0x100 [ 606.036755][ T5567] ? panic+0x860/0x860 [ 606.040829][ T5567] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 606.046305][ T5567] print_address_description+0x63/0x3b0 [ 606.051857][ T5567] ? sysv_new_inode+0x1062/0x11f0 [ 606.056889][ T5567] kasan_report+0x16b/0x1c0 [ 606.061402][ T5567] ? sysv_new_inode+0x1062/0x11f0 [ 606.066439][ T5567] sysv_new_inode+0x1062/0x11f0 [ 606.071321][ T5567] ? sysv_free_inode+0x840/0x840 [ 606.076278][ T5567] sysv_mknod+0x4a/0xe0 [ 606.080426][ T5567] ? sysv_lookup+0xe0/0xe0 [ 606.084833][ T5567] path_openat+0x130a/0x2f20 [ 606.089437][ T5567] ? do_filp_open+0x460/0x460 [ 606.094121][ T5567] do_filp_open+0x21c/0x460 [ 606.098614][ T5567] ? vfs_tmpfile+0x2e0/0x2e0 [ 606.103207][ T5567] ? _raw_spin_unlock+0x24/0x40 [ 606.108041][ T5567] ? alloc_fd+0x594/0x630 [ 606.112362][ T5567] do_sys_openat2+0x13b/0x500 [ 606.117027][ T5567] ? read_lock_is_recursive+0x10/0x10 [ 606.122385][ T5567] ? do_sys_open+0x220/0x220 [ 606.126959][ T5567] ? rcu_is_watching+0x11/0xa0 [ 606.131711][ T5567] __x64_sys_openat+0x243/0x290 [ 606.136548][ T5567] ? __ia32_sys_open+0x270/0x270 [ 606.141472][ T5567] ? syscall_enter_from_user_mode+0x2e/0x240 [ 606.147436][ T5567] ? lockdep_hardirqs_on+0x94/0x130 [ 606.152617][ T5567] ? syscall_enter_from_user_mode+0x2e/0x240 [ 606.158584][ T5567] do_syscall_64+0x3b/0xb0 [ 606.162981][ T5567] ? clear_bhb_loop+0x15/0x70 [ 606.167637][ T5567] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 606.173509][ T5567] RIP: 0033:0x7fae0c6c6ee9 [ 606.177908][ T5567] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 606.197491][ T5567] RSP: 002b:00007fae0ac3a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 606.205889][ T5567] RAX: ffffffffffffffda RBX: 00007fae0c7fdfa0 RCX: 00007fae0c6c6ee9 [ 606.213845][ T5567] RDX: 00000000000026e1 RSI: 0000000020000000 RDI: ffffffffffffff9c [ 606.221796][ T5567] RBP: 00007fae0c71347f R08: 0000000000000000 R09: 0000000000000000 [ 606.229747][ T5567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 606.237699][ T5567] R13: 000000000000000b R14: 00007fae0c7fdfa0 R15: 00007ffd222500b8 [ 606.245673][ T5567] [ 606.248675][ T5567] [ 606.250981][ T5567] The buggy address belongs to the page: [ 606.256586][ T5567] page:ffffea00011ad140 refcount:0 mapcount:0 mapping:0000000000000000 index:0x100 pfn:0x46b45 [ 606.266896][ T5567] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 606.273997][ T5567] raw: 00fff00000000000 dead000000000100 dead000000000122 0000000000000000 [ 606.282557][ T5567] raw: 0000000000000100 0000000000000000 00000000ffffffff 0000000000000000 [ 606.291118][ T5567] page dumped because: kasan: bad access detected [ 606.297503][ T5567] page_owner tracks the page as freed [ 606.302856][ T5567] page last allocated via order 0, migratetype Movable, gfp_mask 0x1101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), pid 12148, ts 520170227900, free_ts 521534883883 [ 606.318719][ T5567] get_page_from_freelist+0x322a/0x33c0 [ 606.324248][ T5567] __alloc_pages+0x272/0x700 [ 606.328817][ T5567] __page_cache_alloc+0xd4/0x4a0 [ 606.333732][ T5567] pagecache_get_page+0xa91/0x1010 [ 606.338824][ T5567] grab_cache_page_write_begin+0x57/0x90 [ 606.344437][ T5567] ext4_da_write_begin+0x599/0xb60 [ 606.349536][ T5567] generic_perform_write+0x2bf/0x5b0 [ 606.354800][ T5567] ext4_buffered_write_iter+0x227/0x360 [ 606.360325][ T5567] ext4_file_write_iter+0x87c/0x1990 [ 606.365699][ T5567] vfs_write+0xacf/0xe50 [ 606.369943][ T5567] ksys_write+0x1a2/0x2c0 [ 606.374267][ T5567] do_syscall_64+0x3b/0xb0 [ 606.378765][ T5567] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 606.384660][ T5567] page last free stack trace: [ 606.389322][ T5567] free_unref_page_prepare+0xc34/0xcf0 [ 606.394767][ T5567] free_unref_page_list+0x1f7/0x8e0 [ 606.399944][ T5567] release_pages+0x1bb9/0x1f40 [ 606.404693][ T5567] __pagevec_release+0x80/0xf0 [ 606.409446][ T5567] truncate_inode_pages_range+0x48b/0x1290 [ 606.415236][ T5567] ext4_evict_inode+0x2ae/0x1100 [ 606.420162][ T5567] evict+0x2a4/0x620 [ 606.424042][ T5567] do_unlinkat+0x508/0x950 [ 606.428449][ T5567] __x64_sys_unlink+0x45/0x50 [ 606.433121][ T5567] do_syscall_64+0x3b/0xb0 [ 606.437523][ T5567] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 606.443406][ T5567] [ 606.445714][ T5567] Memory state around the buggy address: [ 606.451325][ T5567] ffff888046b45e00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 606.459393][ T5567] ffff888046b45e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 2024/05/31 11:51:46 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 606.467437][ T5567] >ffff888046b45f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 606.475475][ T5567] ^ [ 606.481082][ T5567] ffff888046b45f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 606.489121][ T5567] ffff888046b46000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 606.497157][ T5567] ================================================================== [ 606.505192][ T5567] Disabling lock debugging due to kernel taint [ 606.537598][ T5567] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 606.544808][ T5567] CPU: 1 PID: 5567 Comm: syz-executor.3 Tainted: G B 5.15.160-syzkaller #0 [ 606.554692][ T5567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 606.564735][ T5567] Call Trace: [ 606.568002][ T5567] [ 606.570927][ T5567] dump_stack_lvl+0x1e3/0x2d0 [ 606.575594][ T5567] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 606.581213][ T5567] ? panic+0x860/0x860 [ 606.585273][ T5567] ? rcu_is_watching+0x11/0xa0 [ 606.590030][ T5567] ? preempt_schedule_common+0xa6/0xd0 [ 606.595485][ T5567] panic+0x318/0x860 [ 606.599380][ T5567] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 606.605525][ T5567] ? check_panic_on_warn+0x1d/0xa0 [ 606.610627][ T5567] ? fb_is_primary_device+0xd0/0xd0 [ 606.615824][ T5567] ? _raw_spin_unlock_irqrestore+0x128/0x130 [ 606.621803][ T5567] ? _raw_spin_unlock+0x40/0x40 [ 606.626655][ T5567] check_panic_on_warn+0x7e/0xa0 [ 606.631586][ T5567] ? sysv_new_inode+0x1062/0x11f0 [ 606.636606][ T5567] end_report+0x6d/0xf0 [ 606.640760][ T5567] kasan_report+0x18e/0x1c0 [ 606.645260][ T5567] ? sysv_new_inode+0x1062/0x11f0 [ 606.650293][ T5567] sysv_new_inode+0x1062/0x11f0 [ 606.655154][ T5567] ? sysv_free_inode+0x840/0x840 [ 606.660107][ T5567] sysv_mknod+0x4a/0xe0 [ 606.664266][ T5567] ? sysv_lookup+0xe0/0xe0 [ 606.668677][ T5567] path_openat+0x130a/0x2f20 [ 606.673272][ T5567] ? do_filp_open+0x460/0x460 [ 606.677955][ T5567] do_filp_open+0x21c/0x460 [ 606.682456][ T5567] ? vfs_tmpfile+0x2e0/0x2e0 [ 606.687052][ T5567] ? _raw_spin_unlock+0x24/0x40 [ 606.691905][ T5567] ? alloc_fd+0x594/0x630 [ 606.696235][ T5567] do_sys_openat2+0x13b/0x500 [ 606.700911][ T5567] ? read_lock_is_recursive+0x10/0x10 [ 606.706285][ T5567] ? do_sys_open+0x220/0x220 [ 606.710870][ T5567] ? rcu_is_watching+0x11/0xa0 [ 606.715627][ T5567] __x64_sys_openat+0x243/0x290 [ 606.720473][ T5567] ? __ia32_sys_open+0x270/0x270 [ 606.725409][ T5567] ? syscall_enter_from_user_mode+0x2e/0x240 [ 606.731391][ T5567] ? lockdep_hardirqs_on+0x94/0x130 [ 606.736586][ T5567] ? syscall_enter_from_user_mode+0x2e/0x240 [ 606.742560][ T5567] do_syscall_64+0x3b/0xb0 [ 606.746971][ T5567] ? clear_bhb_loop+0x15/0x70 [ 606.751641][ T5567] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 606.757531][ T5567] RIP: 0033:0x7fae0c6c6ee9 [ 606.761936][ T5567] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 606.781538][ T5567] RSP: 002b:00007fae0ac3a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 606.789952][ T5567] RAX: ffffffffffffffda RBX: 00007fae0c7fdfa0 RCX: 00007fae0c6c6ee9 [ 606.797925][ T5567] RDX: 00000000000026e1 RSI: 0000000020000000 RDI: ffffffffffffff9c [ 606.805896][ T5567] RBP: 00007fae0c71347f R08: 0000000000000000 R09: 0000000000000000 [ 606.813862][ T5567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 606.821825][ T5567] R13: 000000000000000b R14: 00007fae0c7fdfa0 R15: 00007ffd222500b8 [ 606.829799][ T5567] [ 606.832948][ T5567] Kernel Offset: disabled [ 606.837259][ T5567] Rebooting in 86400 seconds..