last executing test programs: 14.384762722s ago: executing program 0 (id=1037): timer_create(0x9, 0x0, &(0x7f0000bbdffc)=0x0) timer_delete(r0) 14.240459374s ago: executing program 0 (id=1038): r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0215000311"], 0x88}}, 0x20040090) 12.411246708s ago: executing program 0 (id=1044): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000040), 0x0, 0x40302) ioctl$HIDIOCGCOLLECTIONINDEX(r1, 0x40184810, &(0x7f0000000000)={0x2, 0x100, 0xaa4, 0x2, 0xe000000, 0x100}) 7.474779563s ago: executing program 0 (id=1072): sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() syz_mount_image$iso9660(&(0x7f0000000dc0), &(0x7f0000002380)='./file1\x00', 0x3a0cc0a, &(0x7f0000000480)=ANY=[@ANYBLOB='unhide,dmode=0x0000000000000005,map=normal,map=normal,session=0x000000000000000e,overriderockperm,nocompress,nocompress,utf8,mode=0x0000000000000003,session=0x0000000000000009,map=acorn,mode=0x0000000000000086,uid=', @ANYRESDEC=0x0, @ANYBLOB='\f,'], 0x41, 0x9ea, &(0x7f0000004100)="$eJzs3U1sHOUZB/D/+CNxTRQCpDRFQDahAQOpYzslNOLSxF4npv6obEciqipCSVJFsUoFRQLUQypVPRW1h6oHekPqpSckLnCpcmuvvfRQqeLcG+op6qFbzew6tmOv1wn+Ivx+1nrn45n3fd6d2Xnl8e684cus0WhUj3ucv/Dn7UyW3efs2GcffvR++fjljexJd14oPkn6ktSSniSHkt7RsdmZqQ4FXU8uJbmZFEn2pvm8IZdS/Db7luZvpvhjWW/lwj02jA1p8JW208cfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsRsXo2NDQcJHJiekLr9Taq4YAb7eya6m8T6tRv4tPO9abFOUjfX2LQ30fOri0+tHy19E83px7vBqQPH1574FHD7z0SE/X4vbrJHw3/tcaDPmuN3zr3feuv7awcOXNTUrky+ZcfXpibmZi6sy5em1ibqZ2+tSpoRPnx+dq4xOT9bmLc/P1qdrobP3M/MxsbWD02drw6dMna/XBizMXps+NDU7WFxe++O2RoaFTtZcHf1A/Mzs3M33i5cG50fMTk5MT0+eqmHJ1GfNieSB+f2K+Nl8/M1WrXb22cOXkiozWOCTKoOFOLSmDRjoFjQyNjAwPj4wMn3rh9AsvDg31LC3oTrVg6A5Ztcntgzb7slnHLzvvg66NRm7yGRzuXVer/89kJjKdC3kltTV/RjOW2cxkqs36lsX+/9iJ+rr1Lu//F3v5Q0urH0vV/z/ZnHuyXf/fJpft+3kr7+a9XM9rWchCruTNFWv33kOJjcbarfrT35uvxU63eOXPudQznYnMZSYTmcqZakmttaSW0zmVUxnKqzmf8cyllvFMZDL1zOVi5jKfenVEjWY29ZzJfE+zjQMZzbOpZTinczonU0s9g7mYmVzIdM5lLGeqUq7mWvW6n1wnx9tBwxsJGlknaJ3+v7XgLvp/vqI2+xQO96zR6v/3dA4dGN2OhAAAAIBN982/Zf/Bh//6r6Q3T1TX2AEAAID7TfVxvcfLp95y6okU4xOT9aHVgW9vf24AAADA5iiq79gVSfpzuDm1+E2oNS4CAAAAAF9G1f//nyyf+supwyn8/Q8AAAD3m8732O8YURxPLTfKVbXLzcjLrYjWfX77xycm64OjM5MvDefp6i4D1TcNVpXWnQNJ9fWD53KkGXWkv/ncv7LEvjJqePCl4fTlaKshA0+VT08NrBE5UkY+l2eakc8sRvZlVeTJMhIA7ndH1+mPN9r/P5fjzYjjj1W3b+95bI0+eEjPCgC7RecxdjpGFN9ZHP6nzd//3bl6uPmRgsG8njeykMs5Xn3boPrEQavU3CyyVGr/so8hHO9wNaB/2QgvxxevBxzet+b1gP5lA70cX3VFoF3syTVfu2LT9wYAbI+jq/rhdfr/RqM5ter6//p///f7SCEA7Cq3R7Dfwok76+zdmaYCAC3te+l1dG9hQgAAAAAAAAAAAAAAAAAAAAAAAAAAAHAf2Mr7/3cl2dqRBb7AxI0kuyCNbZ74d2u3r1rVWn5jxzNcNrE3X7ycvm0Z4eLdH+3ZxYf6vU3s4EkJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbVMk3Wst70r2Jj1DSU5sf1Zb58ZOJ7DDilu5lXeyf6fzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC437Tu/9+V5vMDzUXp6UqOJbmU5Ic7neNmurXTCeywZff/L/d5GkV6mrs9Re/o2OzMVLn7s7dc/9mHH71fPu6lnrKAsoYVg0u0ami/1UPVVv1jV966/vM3flYbO1sleXZ+fHJs6tzs95YCHy0+TmppPhYt5vuLonUUr2z5x2VLO9db1jJe1Tu2ut5vrLX17XqP/eV37du2ZCmNawtXRsqa5uuvzL/902vvLAt6OEeSpwaSgZU1/aR8tKnpSHrXq7f4vPh1sT9/yKVq/5dpFI2i3EUPVu3/2tVrC1cGX39j4XKbnA7kcJLLSd/Gczq8ek8sqo66rt6y1qEqqPx1sEN563qge3+j0SxxuE0bHqoOmf67akOtfRsqHV73VhtPtsnokTx913v66Q41tvy30dScKz4v/lmczz/yq2Xjf3SV+/9YNvLuLGOqyGVHSvs2H1tq+cjyFa/eGdn2XckW+E1+nO/e3v9dy87/rX21PeejZTVu2fuiaPZCLdX0wTt6pNbZp12WrTwPNqPa5Pn1PL96uw55Pt/hjLJJ7/+Vis+LD4qB/Cc3jP8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsfkXSvdbyruRYkgNJHizna0ljM+rr6i82o5gN2rNqyY1trH336Lo9VdzKrbyT/TuaDgAAAAAAAACb5uzYZx9+9H75qP4f351vFZ8kfc3/9PckOVD8vnd0bHZmqkNBvcmlJDfL6b67y6HcLvuW5m+Wc4fuvi0AwMb8PwAA//9F2m9c") mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x1480, 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x185093, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount$tmpfs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x20000, 0x0) move_mount(r0, &(0x7f0000008080)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x160) 5.976996872s ago: executing program 0 (id=1078): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="90010000000903000000000000000000030000000800064000000000a80002001400018008000100000000000800020000000000060003400001000006000340000300002c000180140003002001000000000000000000000000000214000400fe88000000000000000000000000010106000340000200000c000280050001003a0000001400018008000101ac1414aa08000200ac1414bb2c00018014000300fe8000000000000000000000000000bb14000400ff020000000000000000000000000001080003400000ffff0900010073797a30000000000c000480080001400000000508000540000000020c000480", @ANYRESHEX=r0], 0x190}, 0x1, 0x0, 0x0, 0x24004041}, 0x844) 4.54650408s ago: executing program 2 (id=1089): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shutdown(0xffffffffffffffff, 0x0) r3 = syz_open_dev$usbmon(&(0x7f0000000000), 0x8ac, 0x2682) ioctl$MON_IOCX_MFETCH(r3, 0xc0109207, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0], 0x4}) setgroups(0x0, &(0x7f0000000440)) recvmmsg(0xffffffffffffffff, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000340)={[{@lazytime}, {@bsdgroups}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nobarrier}, {@oldalloc}, {@max_batch_time={'max_batch_time', 0x3d, 0xffff}}]}, 0x2, 0x44a, &(0x7f0000000400)="$eJzs281vFOUfAPDvzLbl9+OtFfEFRK0SY+NLSwsqBy8aTTxgNNEDHuu2EMJCDa2JECLVGLyYGBI9G48m/gXevBj1ZOJV74aEKBfQU83MzsDuslsobHcr+/kkA8+z82yf57vPPDPPzLMbwMAaz/5JIrZGxG8RMVrPNhcYr/939fLZ6t+Xz1aTWFl5688kL3fl8tlqWbR835YiM5FGpJ8kRSXNFk+fOT5bq82fKvJTSyfem1o8febZYydmj84fnT85c/Dggf3TLzw/81xX4sziurL7w4U9u15758Lr1cMX3v3p26y9W4v9jXF0y3gW+F8rudZ9T3S7sj7b1pBOhvrYENakEhFZdw3n4380KnG980bj1Y/72jhgXWXXpk2ddy+vAHexJPrdAqA/ygt9dv9bbj2aemwIl16q3wBlcV8ttvqeoUiLMsMt97fdNB4Rh5f/+SrbYp2eQwAANPqs+uWheKbd/C+N+xvKbS/WUMYi4p6I2BER90bEzoi4LyIv+0BEPLjG+luXhm6c/6QXbyuwW5TN/14s1raa53/l7C/GKkVuWx7/cHLkWG1+X/GZTMTwpiw/vUod37/y6+ed9jXO/7Itq7+cCxbtuDjU8oBubnZpNp+UdsGljyJ2D7WLP7m2EpBExK6I2L22P729TBx76ps9nQrdPP5VdGGdaeXriCfr/b8cLfGXktXXJ6f+F7X5fVPlUXGjn385/2an+u8o/i7I+n9z8/HfWmQsaVyvXVx7Hed//7TjPc3tHv8jydv5+WikeO2D2aWlU9MRI8mhPN/0+sz195b5snwW/8Te9uN/R/GeLP6HIiI7iB+OiEci4tGi7Y9FxOMRsXeV+H98ufO+jdD/c23Pf9eO/5b+X3uicvyH7zrVf2v9fyBPTRSv5Oe/m7jVBt7JZwcAAAD/FWn+HfgknbyWTtPJyfp3+HfG5rS2sLj09JGF90/O1b8rPxbDafmka7Theeh0slz8xXp+pnhWXO7fXzw3/qLy/zw/WV2ozfU5dhh0WzqM/8wflX63Dlh37dbRZkb60BCg51rHf9qcPfdGLxsD9JTfa8Pgusn4T3vVDqD3XP9hcLUb/+da8tYC4O7k+g+Dy/iHwWX8w+Ay/mEg3cnv+iUGORHphmiGxDol+n1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6I5/AwAA///K8u7c") 4.219023735s ago: executing program 0 (id=1095): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x2810000, &(0x7f0000000380)={[{@user_xattr}, {@noquota}, {@noinit_itable}, {@nogrpid}, {@block_validity}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7b4}}, {@noquota}, {@errors_remount}, {@dioread_lock}, {@user_xattr}, {@quota}]}, 0x1, 0x57e, &(0x7f0000000440)="$eJzs3U1rG0cfAPD/ylZen6dxIIS2lGLIoSlp5NjuSwo9pMfShgbaeypsxQTLUbDkELuBJIfm0ksJhVIaKL239x5DvkA/RaANhBJMe+hFZaWVo9hSrDhOrGZ/P1h7RrPS7H9nZzSr1aIAcms8/VOIeCUivkkiDnSVjUZWON5eb/XBlZl0SaLZ/OzPJJLssc76SfZ//5525uWIuPNVxLHCxnrryyvz5Wq1spjlJxoLFyfqyyvHzy+U5ypzlQtT09Mn35meev+9d7ct1jfP/P39p7c/Ovn1kdXvfrl38GYSp+J/WVl3HJlCV0iDutadGY/x7AWKcWrdipNPuvFDqrP/nnRHMRxGsn5ejHQMOBAjWa8HXnxXI6IJ5FSi/0NOdeYBnXP7HufBL7T7H7ZPgDbGP9r+bCT2tM6N9q0mj5wZpee7Y9tQf1rHr3/cupku0ftziPWSdR8zAGzJtesRcWJ0dOP4l2Tj39adGGCd9XXk7f0HdtLtdP7zVq/5T2Ft/hM95j/7e/Tdrdi8/xfubUM1faXzvw96zn/XLlqNjWS5/7fmfMXk3PlqJR3bXoqIo1HcneYfdz3n5OrdZr+y7vlfuqT1d+aC2XbcG9396HNmy43y08Tc7f71iFd7zn+TtfZPerR/uj/ODFjH4cqt1/uVbR7/s9X8KeKNiLizq53vjr8jefz1yYnW8TDROSo2+uvG4d/61b/T8aftv6/n8b8W/1jSfb22HnuftI4f9/xTiebVnmVbPf53JZ+30lmzxeVyo7E4GbEr+WTj41MPn9vJd9ZP4z965PHjX6/jP90JXwwY/41DP7/Wr6xH/IXn3f6zA7V/Ogqm7b92IAycuPvxlz/0q/+R+K9Fn/Z/u5U6mj0yyPg36AY+zb4DAAAAAACAYVNo3cOZFEpr6UKhVGp/v+NQ7CtUa/XGsXO1pQuz7Xs9x6JY6FzpPtD1fYjJ7PuwnfzUuvx0RByMiG9H9rbypZladXangwcAAAAAAAAAAAAAAAAAAIAhsb/P/f+p30d2euuAZ85PfkN+bdr/t+OXnoCh5P0f8kv/h/zS/yG/9H/IL/0f8ivr/y73Qw55/4f80v8BAAAAAAAAAAAAAAAAAAAAAAAAAABgW505fTpdmqsPrsyk+dlLy0vztUvHZyv1+dLC0kxpprZ4sTRXq81VK6WZ2sJmr1et1S5OTsXS5YlGpd6YqC+vnF2oLV1onD2/UJ6rnK0Un0tUAAAAAAAAAAAAAAAAAAAA8N9SX16ZL1erlcXnmyjGDlQq8SwSo8OxGRLbnNjpkQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHvo3AAD//9PsMgg=") setxattr$incfs_metadata(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, 0x0, 0x0) 3.347847896s ago: executing program 32 (id=1095): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x2810000, &(0x7f0000000380)={[{@user_xattr}, {@noquota}, {@noinit_itable}, {@nogrpid}, {@block_validity}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7b4}}, {@noquota}, {@errors_remount}, {@dioread_lock}, {@user_xattr}, {@quota}]}, 0x1, 0x57e, &(0x7f0000000440)="$eJzs3U1rG0cfAPD/ylZen6dxIIS2lGLIoSlp5NjuSwo9pMfShgbaeypsxQTLUbDkELuBJIfm0ksJhVIaKL239x5DvkA/RaANhBJMe+hFZaWVo9hSrDhOrGZ/P1h7RrPS7H9nZzSr1aIAcms8/VOIeCUivkkiDnSVjUZWON5eb/XBlZl0SaLZ/OzPJJLssc76SfZ//5525uWIuPNVxLHCxnrryyvz5Wq1spjlJxoLFyfqyyvHzy+U5ypzlQtT09Mn35meev+9d7ct1jfP/P39p7c/Ovn1kdXvfrl38GYSp+J/WVl3HJlCV0iDutadGY/x7AWKcWrdipNPuvFDqrP/nnRHMRxGsn5ejHQMOBAjWa8HXnxXI6IJ5FSi/0NOdeYBnXP7HufBL7T7H7ZPgDbGP9r+bCT2tM6N9q0mj5wZpee7Y9tQf1rHr3/cupku0ftziPWSdR8zAGzJtesRcWJ0dOP4l2Tj39adGGCd9XXk7f0HdtLtdP7zVq/5T2Ft/hM95j/7e/Tdrdi8/xfubUM1faXzvw96zn/XLlqNjWS5/7fmfMXk3PlqJR3bXoqIo1HcneYfdz3n5OrdZr+y7vlfuqT1d+aC2XbcG9396HNmy43y08Tc7f71iFd7zn+TtfZPerR/uj/ODFjH4cqt1/uVbR7/s9X8KeKNiLizq53vjr8jefz1yYnW8TDROSo2+uvG4d/61b/T8aftv6/n8b8W/1jSfb22HnuftI4f9/xTiebVnmVbPf53JZ+30lmzxeVyo7E4GbEr+WTj41MPn9vJd9ZP4z965PHjX6/jP90JXwwY/41DP7/Wr6xH/IXn3f6zA7V/Ogqm7b92IAycuPvxlz/0q/+R+K9Fn/Z/u5U6mj0yyPg36AY+zb4DAAAAAACAYVNo3cOZFEpr6UKhVGp/v+NQ7CtUa/XGsXO1pQuz7Xs9x6JY6FzpPtD1fYjJ7PuwnfzUuvx0RByMiG9H9rbypZladXangwcAAAAAAAAAAAAAAAAAAIAhsb/P/f+p30d2euuAZ85PfkN+bdr/t+OXnoCh5P0f8kv/h/zS/yG/9H/IL/0f8ivr/y73Qw55/4f80v8BAAAAAAAAAAAAAAAAAAAAAAAAAABgW505fTpdmqsPrsyk+dlLy0vztUvHZyv1+dLC0kxpprZ4sTRXq81VK6WZ2sJmr1et1S5OTsXS5YlGpd6YqC+vnF2oLV1onD2/UJ6rnK0Un0tUAAAAAAAAAAAAAAAAAAAA8N9SX16ZL1erlcXnmyjGDlQq8SwSo8OxGRLbnNjpkQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHvo3AAD//9PsMgg=") setxattr$incfs_metadata(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, 0x0, 0x0) 3.340079946s ago: executing program 2 (id=1097): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x8, 0x3, 0x4a8, 0x0, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x3d8, 0xffffffff, 0xffffffff, 0x3d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x128, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x508) syz_emit_ethernet(0x5e, &(0x7f0000000080)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x28, 0x3a, 0xff, @rand_addr=' \x01\x00', @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @private0, @mcast1}}}}}}, 0x0) 3.339759357s ago: executing program 3 (id=1098): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000640)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x22, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x240007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000180)="df91", 0x2, 0x80, 0x0, 0x0) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x0, 0x0, 0x21) 3.269401727s ago: executing program 1 (id=1099): prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0x19) r0 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x4) readv(r0, &(0x7f0000000980)=[{0x0, 0x6c}, {&(0x7f0000000f00)=""/4096, 0x1000}], 0x2) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='status\x00') 2.978876911s ago: executing program 1 (id=1100): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000780)=@newtaction={0x14, 0x76, 0x1}, 0x14}}, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.848652113s ago: executing program 1 (id=1101): socket(0x10, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000180)={r1}, 0x10) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r4 = syz_open_dev$evdev(&(0x7f0000000080), 0x3, 0x101142) writev(r4, &(0x7f0000000b00)=[{0x0}, {&(0x7f00000001c0)='g', 0x1}], 0x2) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') lseek(r5, 0x10001, 0x0) 1.630043179s ago: executing program 1 (id=1102): r0 = socket(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) write(r0, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4) write(r0, &(0x7f0000000000)='\"', 0x1) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0) 1.629819279s ago: executing program 3 (id=1103): renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="0409"], 0x6) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0) 1.503432101s ago: executing program 3 (id=1104): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000640)=@newqdisc={0x24, 0x25, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x6}, {0xffff, 0xffff}, {0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0xc000}, 0x0) 1.421624911s ago: executing program 3 (id=1105): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x3000080, &(0x7f0000000240)={[{@noblock_validity}, {}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@block_validity}, {@nomblk_io_submit}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x572, &(0x7f0000000300)="$eJzs3c9rHFUcAPDvbDb9rU2hFPUggR6s1G6axB8VhNajaLGg97ok01Cy6ZbspjSx0PZgL16kCB4siH+Ad4/Ff8C/oqCFIiXowUtkNrPtNsnmV1d363w+MO17M7P5ztuZ9/b7dnbZAAprNPunFPFqRHyTRBzu2FaOfOPo6n7Lj29MZUsSKyuf/ZFEkq9r75/k/x/MK69ExC9fRZwsrY/bWFyardZq6XxeH2vOXR1rLC6dujxXnUln0isTk5Nn3pmceP+9d3vW1jcv/LXw6f2Pznx9fPm7nx4euZvEuTiUb+tsx3O41VkZjdH8ORmOc2t2HO9BsEGS9PsA2JWhvJ8PRzYGHI6hvNcD/383I25HxApQRInODwXVzgPac/sezYNfGI8+XJ0ArW9/efW9kdjXmhsdWE6emRll892RHsTPYvz8+7272RJbvA9xswfxANpuZbO/0+Xy+vEvyce/3TvdevN4c2tjFO31B/rpfpb/vLVR/lN6kv/EBvnPwQ367m5s3f9LD3sQpqss//tgw/z3ydA1MpTXXmrlfMPJpcu19HREvBwRJ2J4b1bf7H7OmeUHK922deZ/2ZLFb+eC+XE8LO999jHT1Wb1edrc6dHtiNee5r9JrBv/97Vy3bXnP3s+LmwzxrH03uvdtm3d/k69z4BXfox4Y8Pz//SOVrL5/cmx1vUw1r4q1vvzzrFfu8XfWft7Lzv/BzZv/0jSeb+2sfMYP+z7O+22bbfX/57k81Z5T77uerXZnB+P2JN8sn79xNPHtuvt/bP2nzi++fi30fW/PyK+2Gb77xy903XXQTj/0zs6/zsvPPj4y++7xd/e+X+7VTqRr9nO+LfdA3ye5w4AAAAAAAAGTSkiDkVSqjwpl0qVyurnO47GgVKt3mievFRfuDIdre/KjsRwqX2n+3DH5yHG88/DtusTa+qTEXEkIr4d2t+qV6bqtel+Nx4AAAAAAAAAAAAAAAAAAAAGxMEu3//P/DbU76MD/nV+8huKa8v+34tfegIGktd/KC79H4pL/4fi0v+huPR/KK6yMQAKS9+H4tL/AQAAAAAAAAAAAAAAAAAAAAAAAAAAoKcunD+fLSvLj29MZfXpa4sLs/Vrp6bTxmxlbmGqMlWfv1qZqddnamllqj631d+r1etXxydi4fpYM200xxqLSxfn6gtXmhcvz1Vn0ovp8H/SKgAAAAAAAAAAAAAAAAAAAHixNBaXZqu1Wjqv0LVwNgbiMHZdSLY6y2fzi2FXIcr9b2APC0ODcRgDUOjzwAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHf4JAAD//3FPMLU=") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x101000) fanotify_mark(r1, 0x121, 0x40000000, r0, 0x0) open(&(0x7f0000000480)='./bus\x00', 0x14927e, 0x0) 1.334763623s ago: executing program 2 (id=1106): socket$inet6_udp(0xa, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x3c, r2, 0xb7a006d1969b963b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x20, 0x33, @probe_request={{{0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, @broadcast, @device_b, @initial, {}, @value}, @void, @void, @void, @void, @void}}]}, 0x3c}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000003880)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1.255544033s ago: executing program 3 (id=1107): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shutdown(0xffffffffffffffff, 0x0) r3 = syz_open_dev$usbmon(&(0x7f0000000000), 0x8ac, 0x2682) ioctl$MON_IOCX_MFETCH(r3, 0xc0109207, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0], 0x4}) setgroups(0x0, &(0x7f0000000440)) recvmmsg(0xffffffffffffffff, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000340)={[{@lazytime}, {@bsdgroups}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nobarrier}, {@oldalloc}, {@max_batch_time={'max_batch_time', 0x3d, 0xffff}}]}, 0x2, 0x44a, &(0x7f0000000400)="$eJzs281vFOUfAPDvzLbl9+OtFfEFRK0SY+NLSwsqBy8aTTxgNNEDHuu2EMJCDa2JECLVGLyYGBI9G48m/gXevBj1ZOJV74aEKBfQU83MzsDuslsobHcr+/kkA8+z82yf57vPPDPPzLMbwMAaz/5JIrZGxG8RMVrPNhcYr/939fLZ6t+Xz1aTWFl5688kL3fl8tlqWbR835YiM5FGpJ8kRSXNFk+fOT5bq82fKvJTSyfem1o8febZYydmj84fnT85c/Dggf3TLzw/81xX4sziurL7w4U9u15758Lr1cMX3v3p26y9W4v9jXF0y3gW+F8rudZ9T3S7sj7b1pBOhvrYENakEhFZdw3n4380KnG980bj1Y/72jhgXWXXpk2ddy+vAHexJPrdAqA/ygt9dv9bbj2aemwIl16q3wBlcV8ttvqeoUiLMsMt97fdNB4Rh5f/+SrbYp2eQwAANPqs+uWheKbd/C+N+xvKbS/WUMYi4p6I2BER90bEzoi4LyIv+0BEPLjG+luXhm6c/6QXbyuwW5TN/14s1raa53/l7C/GKkVuWx7/cHLkWG1+X/GZTMTwpiw/vUod37/y6+ed9jXO/7Itq7+cCxbtuDjU8oBubnZpNp+UdsGljyJ2D7WLP7m2EpBExK6I2L22P729TBx76ps9nQrdPP5VdGGdaeXriCfr/b8cLfGXktXXJ6f+F7X5fVPlUXGjn385/2an+u8o/i7I+n9z8/HfWmQsaVyvXVx7Hed//7TjPc3tHv8jydv5+WikeO2D2aWlU9MRI8mhPN/0+sz195b5snwW/8Te9uN/R/GeLP6HIiI7iB+OiEci4tGi7Y9FxOMRsXeV+H98ufO+jdD/c23Pf9eO/5b+X3uicvyH7zrVf2v9fyBPTRSv5Oe/m7jVBt7JZwcAAAD/FWn+HfgknbyWTtPJyfp3+HfG5rS2sLj09JGF90/O1b8rPxbDafmka7Theeh0slz8xXp+pnhWXO7fXzw3/qLy/zw/WV2ozfU5dhh0WzqM/8wflX63Dlh37dbRZkb60BCg51rHf9qcPfdGLxsD9JTfa8Pgusn4T3vVDqD3XP9hcLUb/+da8tYC4O7k+g+Dy/iHwWX8w+Ay/mEg3cnv+iUGORHphmiGxDol+n1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6I5/AwAA///K8u7c") 1.145128215s ago: executing program 4 (id=1109): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000002340), 0x1, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000002380)={0x9, 0x4, {0x57, 0xa, 0x0, {0x10, 0x9}, {}, @ramp={0x3, 0xe, {0x50, 0x4d, 0x3, 0x4}}}, {0x54, 0x8001, 0x3, {0xd, 0x1c}, {0x80, 0x4}, @cond=[{0x7, 0x5, 0x5, 0x6d, 0x2, 0x3}, {0xffff, 0x200, 0x7b, 0xd, 0x5, 0x1}]}}) 1.075747616s ago: executing program 4 (id=1110): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0x2, 0x5}, 0x6) 1.075587216s ago: executing program 4 (id=1111): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1, 0x2}, 0xe) 1.075368606s ago: executing program 4 (id=1112): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0), 0xfc, 0x580, &(0x7f00000013c0)="$eJzs3U1rG9caAOB3xnbifNxrB0K4t4tiyKIpaeTY7kcKXaSrUtrQQLtPha2YYDkKlhxiN9Bk0Wy6KaFQSgOl3XffZegf6K8ItIFQgmkX3biMPHJUW3JkW46V6HlgknNmRj7n1cx7dEYjoQD61lj2Txrx/4j4KokYado2GPnGsbX9Vh7fnM6WJFZXP/4jiSRf19g/yf8/klf+FxG/fBFxOt3cbnVpea5YLpcW8vp4bf7aeHVp+cyV+eJsabZ0dXJq6twbU5Nvv/Vm12J99eJf3350//1zX55c+eanh8fuJnE+jubbmuPYhVvNlbEYy5+ToTi/YceJLjTWS5L97gA7MpDn+VBkY8BIDORZ39LqyLPsGrDHPs/SGuhTifyHPtWYBzSu7bt0HfzcePTu2gXQ5vgH194bieH6tdHhleRfV0bZ9e5oF9rP2vj593t3syXavQ9xsAsNAWxw63ZEnB0c3Dz+Jfn4t3NnO9hnYxv99voD++l+Nv95rdX8J12f/0SL+c+RFrm7E0/P//RhF5ppK5v/vdNy/rt+02p0IK/9pz7nG0ouXymXsrHtvxFxKoYOZvWJiHiv9U2QT9OVB6vt2m+e/2VL1n5jLpj34+HghvnfTLFW3H3kax7djnip5fw3WT/+SYvjnz0fFzts40Tp3svttj09/r21+kPEKy2P/5ODmWx9f3K8fj6MN86Kzf68c+LXdu3vMv7b2wx3k+z4H946/tGk+X5tdfttfD/8dynye0wbbR1/2vb8P5B8Ui8fyNfdKNZqCxMRB5IPN6+ffPLYRr2xfxb/qZNbj3+tzv9DWWJ3GP+d43eadx3uPP69l8U/s63jv/3Cgw8++65d+52Nf6/XS6fyNZ2Mf512cDfPHQAAAAAAAPSaNCKORpIW1stpWiisfb7jeBxOy5Vq7fTlyuLVmah/V3Y0htLGne6Rps9DTOSfh23UJzfUpyLiWER8PXCoXi9MV8oz+x08AAAAAAAAAAAAAAAAAAAA9IgjEcOtvv+f+W2g9WParAaeR1v85Dfwgmuf//mWbvzSE9Bzznv9h74m/6F/yX/oX/If+pf8h/4l/6F/yX/oX9vJ/x8v7GFHAAAAAAAAAAAAAAAAAAAAAAAAAAAA4MVw8cKFbFldeXxzOqvPXF9anKtcPzNTqs4V5henC9OVhWuF2UpltlwqpE//e+VK5drEZCzeGK+VqrXx6tLypfnK4tXapSvzxdnSpdLQM4gJAAAAAAAAAAAAAAAAAAAAnjfVpeW5YrlcWlBQ2FFhsDe60YOFtDe6scPCfo9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDEPwEAAP//3yw6ZQ==") getuid() r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c460d04000c028000000000000003003e00ecffffff940200000000000040000000000000004d020000000000000000000000003800010001017f000800030000006400000005000000000000000a000000000000000101000000000000a1"], 0x78) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) 208.638927ms ago: executing program 2 (id=1113): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TCSETSW2(r0, 0x5408, &(0x7f0000000040)={0x0, 0xfdfd, 0x0, 0x0, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf"}) 207.767297ms ago: executing program 4 (id=1114): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000000)={[{@quota}, {@nobh}]}, 0x1, 0x512, &(0x7f0000000380)="$eJzs3d9rY1kdAPDvvW1mOzNdk1WRdcF1cVc6i07Sbt3dIqLriz4tqOv7WNu0lCZNadJ1Whbt4H8ggoJPPvki+AcIwzz4B8jAgL6ID6KiiM7og6DOlSQ3TidN2rrTNp3m84HTnHPvzf2ec0NO7o/TewMYWy9FxFsRMRERr0ZEMZ+e5in2uqm93IP77y21UxJZ9s5fk0jyab11tcuTEXE1f9tURHztyxHfTA7Gbe7sri/WatWtvFxp1TcrzZ3d62v1xdXqanVjfn7ujYU3F15fmM1yT9TOUi/zky99/vanv/W7G3++9u12tT73kShEXztOUrfphc626Glvo63TCDYCE3l7CqOuCAAAx9Lex/9gRHyis/9fjInO3lyfiVHUDAAAADgp2Rem499JRAYAAABcWGlETEeSlvOxANORppfycwMfjitprdFsfWqlsb2x3J4XUYpCurJWq87mY4VLUUja5bl8jG2v/FpfeT4inouI7xcvd8rlpUZtecTnPgAAAGBcXO07/v9HMe3kjzbg/wQAAACA86s0tAAAAABcFA75AQAA4OLrP/6/PaJ6AAAAAKfiK2+/3U5Z7/nXy+/ubK833r2+XG2ul+vbS+WlxtZmebXRWO3cs69+1PpqjcbmZ2Jj+2alVW22Ks2d3Rv1xvZG68baY4/ABgAAAM7Qcx+/8+skIvY+e7mTIr8PIMBj/jDqCgAnaWLUFQBGxl28YXwVRl0BYOSSI+YbvAMAAE+/mY8evP7fe/6/cwNwsRnrAwDjx/V/GF8FIwBhrKUR8YFu9plhywy9/v/L40bJsoi7xf1TnF8EAICzNd1JSVrOjwOmI03L5YhnI9JSFJKVtVp1Nj8++FWx8Ey7PNd5Z3LkmGEAAAAAAAAAAAAAAAAAAAAAAAAAoCvLksgAAACACy0i/VPSuZt/xEzxlen+8wOXkn8W44954Ufv/ODmYqu1Ndee/rfOs7wuRUTrh/n014Y+PgwAAAA4acne0Fnd4/T8de5MawUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAGHhw/72lXjrLuH/5YkSUBsWfjKnO61QUIuLK35OY3Pe+JCImTiD+3q2IeH5Q/CQeZllWymvRHz+NiMunHL/U2TTD4189gfgwzu60+5+3Bn3/0nip8zr4+zeZpyc1vP9L88jPd/q5Qf3fswfWVh8Y44V7P6sMjX8r4oXJwf1Pr/9NhsR/+cDa/pVl2cEY3/j67u6w+NmPI2YG/v4kj8WqtOqblebO7vW1+uJqdbW6MT8/98bCmwuvL8xWVtZq1fzvwBjf+9jPHx7W/isD4v/2N93+97D2vzJspX3+c+/m/Q91s4VB8a+9PPD3dyqGxE/z375P5vn2/Jlefq+b3+/Fn9598bD2Lw/Z/kd9/teO2f5Xv/rd3x9zUQDgDDR3dtcXa7Xq1iGZqWMs8zRmfjF1Lqrxf2ay73Q/ufNSn/ebae+tPprSa9U5qNi+THZmsSbinDT5f5mRdksAAMApeLTTP+qaAAAAAAAAAAAAAAAAAAAAwPg6i9uJ9cfcG01TAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO9d8AAAD//ysA4A0=") quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000002540)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000140)={0x0, 0x2, 0xa, 0x7ec, 0x2000000000, 0x1, 0x3, 0x7, 0x7ffd}) 155.998598ms ago: executing program 1 (id=1115): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) clock_adjtime(0xffffffd3, &(0x7f0000000000)={0x10000, 0x6, 0x2, 0x0, 0x7, 0xb, 0x651, 0xfffffffffffffff9, 0x8000009657, 0x1, 0x7fffffff, 0x0, 0x10, 0xb, 0x80000000000000, 0xcc0, 0x1, 0x1, 0x94d6, 0x0, 0x0, 0x809, 0x0, 0xfffffffffffffffa, 0x3, 0x2000000000004}) 141.422508ms ago: executing program 3 (id=1116): syz_mount_image$udf(&(0x7f0000000a40), &(0x7f0000000000)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4400, &(0x7f0000000240)=ANY=[@ANYBLOB="73686f72746164000000006d653d3030303030303030303030303030303030b030342c6e6f6164696e6963622c7569643d00", @ANYRES8, @ANYRES64=0x0], 0x1, 0xa23, &(0x7f0000000a80)="$eJzs209sm+d9B/Dfw1eyaadrFbd1kzbLWLQIPKUN5P9KvAH2rApt5iZGZWXzZTBlyQ4R/askF043tB42oAjQg1FgPWzAkMsOA3bwDrvsFOwwDBg2GDsMxYp2Wrpm6WkMNiCnTcP78qFEyXKsxbEl25+PYX/Jl7+XfP7Q5Es+fAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiPiNr5waOpi2uxUAwP300tg3hg57/weAR8o5n/8BAAAAAAAAAAAAAGCnS1HEn0SKV3/STheq6x31M63ZK1fHR0Y3321PihS1KKr68m/94KHDR44eOz7czQ/e/6P2ZLw8du5U4/TczPzC1OLi1GRjfLZ1cW5yasv3cLf7bzRYDUBj5rUrk5cuLTYOPXd43c1XB97Z/dj+gRPHXzy/r1s7PjI6OtZT09f/oR/9Frc7w2NXFPGzSFH/3rupGRG1uPuxuMNz517bU3VisOrE+Mho1ZHpVnN2qbwx1XJVLWKgZ6eT3TG6D3NxVxoR18rmlw0eLLs3Nt9caE5MTzXONheWWkutudlU67S27M9A1GI4RcxHRLu49e76o4h/jRTff7+dJiKi6I7Ds9WJwXduT+0e9HEL+sq+FRE34wGYsx1sdxTxRqT4wfmhuJjHtRq2ZyK+XubTEd8scznier6eyifIUxHvbfJ84sHSF0X8Q6SYS+002Z376nXlzCuNr81emuup7b6uPPDvD/fTDn9tqkcRE9Urfjt9+IMdAAAAAAB2niL+OlLcmDmQ5qN3TbE1e7lxrjkx3flWuPvdfyPvtbKysjKQOtnIOZTzZM6zOS/knM95Lef1nG/mvJHzrZw3cy7nbOeMWn78nI2cQzlP5jyb80LO+ZzXcl7P+WbOGznfynkz53LOds6w7gUAAAAAAADADrMnivhxpPjCX32rOq84qvPSP3Fi+MBXv9h7zvhn7nA/Ze1zEXEjtnZObn8+dTjVyj8ffb/YmnoU8Z18/t/vb3djAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbVWLIj4TKX74RjtFiohGxIXo5HKx3a0DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPox6KuJ0pPjFV+rV9ZsR8dmI+N+V8k9ELK9ssN0tBgAAAAAAAABukYoYihSPP9lOAxFxdeCd3Y/tHzhx/MXz+4ooIpUlvfUvj5071Tg9NzO/MLW4ODXZGJ9tXZybnNrqw9XPtGavXB0fGb0nnbmjPfe4/Xvqp+fmX19oXX51adPb99ZPTSwuLTQvbn5z7IlaxFDvlsGqweMjo1Wjp1vN2WrXVLtNA2sRja12BgAAAAAAAICHxt5UxNFI8WrrSOquG/d11vx/qXOtWK39s99b+y3A9Ibs6v39wFYup602dLBaeG+Mj4yOjvVs7uu/tbRsU0pF/GWk+NxvP1Gth6fYu+naeFm3K1Ic+9aRXDfwubLu5Lqq+uD4yGjjpbnZL5+anp672FxqTkxPNcbmmxe3/MMBAAAAAAAAALiH9qYi/jRS/M7QzdQ97zyv//d1rvWs//9atYReqaf1uapa2/94tbbfufyJE8ON0V+53fZ7sf5ftimlIv4lUjz+u09U59N31/+HNtSWdf8VKf7575/KdbVdZd3Bbnc693ipNT01lPJYff7Zbm1Utcdz7SfXag+WtZ+PFH/+zPra4Vz7qbXaQ2XtH0aK/zm6ee2n12oPl7V/ECl+8+1Gt3ZvWXsm1+5fq33u4tz05J2GtZz/v4kUZ3/x1dTt823nv+f3H9c25Kpb5vyDL39U8z/Qs+1antcf5/k/eIf5/9tI8Uc/fSrXdcb+UL798erftfn/rUjxH7+8vvZYrt23Vntwq93abuX8fylSnPjRj1b7nOc/j+zaDPXO/2f71ufqs2Sb5v/xnm0DuV2H/59j8ShafP3brzWnp6cWHpQL/5kbvlPa44ILD+WFbX5h4r4o3///MVK8cKaWuscx+f3/Y51ra8d/739n7f3/hQ25apve//f1bHshH7X090XUl2bm+/dH1Bdf//aXWzPNy1OXp2aHjx098vzwsWPP9+/qHtutXdry0D0Uyvk/Eyle+ek/rX6OWX/8t/nx/94NuWqb5v+TvX1ad1yz5aF4JJXzfz1SfPftd1c/b37Q8X/38/+BL6zP1f9/2zT/n+rZVv3G/+MRz/dsO/DpiFNbfSwAAAB4yOzN6+R//Kt/t3rO+/rP//HFbm3v9z+3sxPO/wcAAAAAgEfd3lTEX0SK/x76UuqeQ7aV339ObshV2/T7v/092ybv03ktWx5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAdKEURT0eKV3/STstFeb2jfqY1e+Xq+Mjo5rvtSZGiFkVVX/6tHzx0+MjRY8eHu/nB+3/UnoyXx86dapyem5lfmFpcnJpsjM+2Ls5NTm35Hu52/40GqwFozLx2ZfLSpcXGoecOr7v56sA7ux/bP3Di+Ivn93Vrx0dGR8d6avr6P/Sj3yLdZvuuKOJSpKh/7930b0VELe5+LO7w3LnX9lSdGKw6MT4yWnVkutWcXSpvTLVcVYsY6NnpZHeM7sNc3JVGxLWy+WWDB8vujc03F5oT01ONs82FpdZSa2421TqtLfszELUYThHzEdEubr27/ihiIlJ8//12eruIKLrj8OxLY98YOnzn9tTuQR97rXx30819Zd+KiJvxAMzZDrY7ivhYpPjB+aH4WdEZ12rYnon4eplPR3yzzOWI6/l6Kp8gT0W8t8nziQdLXxRxNlLMpXb69yLPffW6cuaVxtdmL8311HZfVx7494f7aYe/NtWjiJ9Xr/jt9HP/nwEAAAAAHiJF/HqkuDFzIFXrg6triq3Zy41zzYnpztf63e/+G3mvlZWVlYHUyUbOoZwnc57NeSHnfM5rOa/nfDPnjZxv5byZczlnO2fU8uPnbOQcynky59mcF3LO57yW83rON3PeyPlWzps5l3O2c4bvyQEAAAAAAIAdqBZFPBEpfvhGO60UnQXeC9HJZeucD73/CwAA//8Nuzyo") openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/sync_on_suspend', 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x800, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) r2 = getpid() ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000340)={{0xfffffffe, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x2, 0x4, r2, 0x0, 0x0, 'syz1\x00', 0x0}) 140.738168ms ago: executing program 2 (id=1117): r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0xd, 0x101301) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200)) 27.64015ms ago: executing program 4 (id=1118): syz_usb_connect$cdc_ecm(0x2, 0x5e, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000020000202505a1a440020000010109"], 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x800000, 0x0) syz_usb_connect$uac1(0x5, 0x71, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x6, 0x10, 0x4, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xffae, 0xfb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x2, 0x9, 0x5, {0x7, 0x25, 0x1, 0x2, 0x7, 0xb70}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0x8, 0x1, 0xe3, {0x7, 0x25, 0x1, 0x0, 0xff, 0x1}}}}}}}]}}, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d"], 0xf8) 4.08587ms ago: executing program 2 (id=1119): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3800480, &(0x7f0000000280), 0x45, 0x786, &(0x7f00000007c0)="$eJzs3d9rW2UfAPDvSX93e9/2hRd0XhUELYyldtZNwYuJFyI4GOi1W0mzMps2o0nHWgpuiOCNoOKFoDe79se889Yft/pfeCEbU7vhxAupnDRZszXpkq1J5vb5wGme5zwnfZ5vnnOe8yTnkATwyJpI/2QiDkTEB0nEWHV9EhEDlVR/xLGt7W5urOfSJYnNzdd/Syrb3NhYz0Xdc1L7qpnHI+L7dyMOZnbWW1pdW5gtFPLL1fxUefHsVGl17dCZxdn5/Hx+6cj0zMzho88dPbJ3sf7x09r+qx++8vRXx/5657HL7/+QxLHYXy2rj2OvTMRE9TUZSF/C27y815X1WLJ7cYM9gAdB2jF9W0d5HIix6KukmhjpZssAgE55OyI2m+lrWgIA/Kslzc//AMBDqfY5wI2N9Vxt6e0nEt117aWIGN6Kv3Z9c6ukv3rNbrhyHXT0RnLblZEkIsb3oP6JiPjsmze/SJfo0HVIgEYuXIyIU+MTO8f/ZMc9C+16poVtJu7IG/+ge75N5z/PN5r/ZW7Nf6LB/GeowbF7L+5+/Geu7EE1TaXzvxfr7m27WRd/1XhfNfefypxvIDl9ppBPx7b/RsRkDAyl+eld6pi8/vf1ZmX187/fP3rr87T+9HF7i8yV/qHbnzM3W569n5jrXbsY8UR/o/iTW/2fNJn/nmixjldfeO/TZmVp/Gm8tWVn/J21eSniqYb9v31HW7Lr/YlTld1hqrZTNPD1z5+MNqu/vv/TJa2/9l6gG9L+H909/vGk/n7NUvt1/Hhp7LtmZXePv/H+P5i8UUkPVtedny2Xl6cjBpPXdq4/vP3cWr62fRr/5JONj//d9v/0PeGpFuPvv/rrl/cef2el8c+11f/tJy7fXOhrVn9r/T9TSU1W17Qy/rXawPt57QAAAAAAAAAAAAAAAAAAAAAAAACgVZmI2B9JJnsrnclks1u/4f3/GM0UiqXywdPFlaW5qPxW9ngMZGpfdTlW932o09Xvw6/lD9+RfzYi/hcRHw+NVPLZXLEw1+vgAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBqX5Pf/0/9MtTr1gEAHTPc1+sWAADdNtzf6xYAAN023NbWIx1rBwDQPe2d/wGAh4HzPwA8epz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6LATx4+ny+afG+u5ND93bnVloXju0Fy+tJBdXMllc8Xls9n5YnG+kM/miotN/9GFrYdCsXh2JpZWzk+V86XyVGl17eRicWWpfPLM4ux8/mR+oGuRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDrSqtrC7OFQn5ZQkKi7URc2DqOHpT27F0iBrdHiZGejU8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD7p/AgAA//+mAybn") r0 = open(&(0x7f0000000040)='./bus\x00', 0x80242, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)={[{0x2d, 'devices'}]}, 0x9) ftruncate(r0, 0x2007ffc) sendfile(r0, r0, 0x0, 0x800000009) 0s ago: executing program 1 (id=1120): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$inet6_udp(0xa, 0x2, 0x0) mlockall(0x2) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, 0x0, 0x5000) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r0, 0x8040942d, &(0x7f0000000280)) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0x4008af12, &(0x7f00000001c0)={0x2, 0x98}) r5 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$TIOCL_GETKMSGREDIRECT(r5, 0x541c, &(0x7f00000000c0)) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x0, &(0x7f0000000580)={[{@errors_remount}, {@dioread_lock}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}, {@noinit_itable}, {@jqfmt_vfsv1}]}, 0x1, 0x434, &(0x7f0000000940)="$eJzs289vFFUcAPDvzLZFKNiK+IOCWkVj44+WFlQOXjSaeNDERA94rG0hlYUaWhMhjVZj8GhIvBuPJv4FnvRi1JOJV70bEmJ6AT2tmd2ZdrvdLW3ZdtH9fJKB92be5n2/O/N238zrBtC1hrN/koj9EfF7RAzUqmsbDNf+u7m8OPX38uJUEpXKW38l1XY3lheniqbF6/rzykgakX6WxJEm/c5funxuslyeuZjXxxbOvz82f+nys7PnJ8/OnJ25MHHq1MkT4y88P/FcW/LMYrox9NHc0cOvvXP1janTV9/9+dukyL8hjzYZ3ujgE5VKm7vrrAN15aSng4GwJaWIyE5Xb3X8D0QpVk/eQLz6aUeDA3ZUpVKp9Lc+vFQB/seS6HQEQGcUX/TZ/W+x7dLU445w/aXaDVCW9818qx3piTRv09twf9tOwxFxeumfr7ItduY5BADAGt9n859nms3/0ri/rt3d+drQYETcExEHI+LeiDgUEfdFVNs+EBEPbrH/xkWS9fOf9Nq2EtukbP73Yr62tXb+V8z+YrCU1w5U8+9NzsyWZ47n78lI9O7J6uMb9PHDK7990epY/fwv27L+i7lgHse1nj1rXzM9uTB5OznXu/5JxFBPs/yTlZWAJCIOR8TQNvuYfeqbo62O3Tr/DbRhnanydcSTtfO/FA35F5KN1yfH7oryzPGx4qpY75dfr7zZqv/byr8NsvO/r+n1v5L/YFK/Xju/9T6u/PF5y3ua7V7/fcnb1XJfvu/DyYWFi+MRfcnrtaDr90+svraoF+2z/EeONR//B2P1nTgSEdlF/FBEPBwRj+SxPxoRj0XEsQ3y/+nlx9/bfv47K8t/ekvnf7XQF417mhdK5378bk2ng1vJPzv/J6ulkXzPZj7/NhPX9q5mAAAA+O9JI2J/JOnoSjlNR0drfy9/KPal5bn5hafPzH1wYbr2G4HB6E2LJ10Ddc9Dx/Pb+qI+0VA/kT83/rK0t1ofnZorT3c6eehy/S3Gf+bPUqejA3ac32tB9zL+oXsZ/9C9jH/oXk3G/95OxAHsvmbf/x93IA5g9zWMf8t+0EXc/0P3Mv6hexn/0JXm98atfySvoLCuEOkdEYbCDhU6/ckEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHv8GAAD//5LX5s8=") write$P9_RGETLOCK(r1, &(0x7f0000000200)={0x23, 0x37, 0x2, {0x1, 0x7f, 0x80000001, 0xffffffffffffffff, 0x5, 'ext4\x00'}}, 0x23) r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) fcntl$lock(r6, 0x7, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) linkat(r7, &(0x7f0000000180)='./file1\x00', r7, &(0x7f0000000640)='./bus\x00', 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="004100004008000008002800febf00006c0016806400018028000100"], 0x94}, 0x1, 0x0, 0x0, 0x200000d1}, 0x20008840) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.42' (ED25519) to the list of known hosts. [ 42.492027][ T4011] cgroup: Unknown subsys name 'net' [ 42.786728][ T4011] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 43.139210][ T4011] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 44.519598][ T4036] chnl_net:caif_netlink_parms(): no params data found [ 44.565091][ T4023] chnl_net:caif_netlink_parms(): no params data found [ 44.644031][ T4033] chnl_net:caif_netlink_parms(): no params data found [ 44.680753][ T4022] chnl_net:caif_netlink_parms(): no params data found [ 44.687025][ T4036] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.688871][ T4036] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.692919][ T4036] device bridge_slave_0 entered promiscuous mode [ 44.705415][ T4023] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.707138][ T4023] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.709627][ T4023] device bridge_slave_0 entered promiscuous mode [ 44.719018][ T4036] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.721106][ T4036] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.723657][ T4036] device bridge_slave_1 entered promiscuous mode [ 44.728679][ T4023] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.730851][ T4023] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.733321][ T4023] device bridge_slave_1 entered promiscuous mode [ 44.762811][ T4036] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 44.785824][ T4036] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 44.788120][ T4028] chnl_net:caif_netlink_parms(): no params data found [ 44.800574][ T4033] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.802296][ T4033] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.804954][ T4033] device bridge_slave_0 entered promiscuous mode [ 44.824005][ T4023] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 44.837260][ T4033] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.839060][ T4033] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.842131][ T4033] device bridge_slave_1 entered promiscuous mode [ 44.846119][ T4036] team0: Port device team_slave_0 added [ 44.853068][ T4023] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 44.879504][ T4036] team0: Port device team_slave_1 added [ 44.889135][ T4022] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.891620][ T4022] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.894211][ T4022] device bridge_slave_0 entered promiscuous mode [ 44.915633][ T4023] team0: Port device team_slave_0 added [ 44.919850][ T4022] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.923048][ T4022] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.925454][ T4022] device bridge_slave_1 entered promiscuous mode [ 44.929574][ T4033] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 44.941346][ T4023] team0: Port device team_slave_1 added [ 44.957987][ T4033] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 44.966215][ T4036] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 44.967860][ T4036] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.974682][ T4036] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.002540][ T4022] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.005254][ T4036] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.006979][ T4036] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.014139][ T4036] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.023126][ T4028] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.025009][ T4028] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.027315][ T4028] device bridge_slave_0 entered promiscuous mode [ 45.037867][ T4022] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.042760][ T4033] team0: Port device team_slave_0 added [ 45.047946][ T4023] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.049738][ T4023] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.056714][ T4023] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.060685][ T4023] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.062318][ T4023] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.068547][ T4023] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.072065][ T4028] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.073819][ T4028] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.076308][ T4028] device bridge_slave_1 entered promiscuous mode [ 45.085618][ T4033] team0: Port device team_slave_1 added [ 45.095060][ T4022] team0: Port device team_slave_0 added [ 45.118560][ T4022] team0: Port device team_slave_1 added [ 45.145692][ T4028] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.154150][ T4033] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.155863][ T4033] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.162603][ T4033] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.172718][ T4022] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.174513][ T4022] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.186816][ T4022] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.197182][ T4028] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.199853][ T4033] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.201985][ T4033] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.208107][ T4033] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.220087][ T4022] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.222010][ T4022] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.228231][ T4022] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.283007][ T4036] device hsr_slave_0 entered promiscuous mode [ 45.320943][ T4036] device hsr_slave_1 entered promiscuous mode [ 45.442702][ T4023] device hsr_slave_0 entered promiscuous mode [ 45.481121][ T4023] device hsr_slave_1 entered promiscuous mode [ 45.550697][ T4023] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 45.552696][ T4023] Cannot create hsr debugfs directory [ 45.571476][ T4028] team0: Port device team_slave_0 added [ 45.601241][ T4028] team0: Port device team_slave_1 added [ 45.682418][ T4033] device hsr_slave_0 entered promiscuous mode [ 45.720928][ T4033] device hsr_slave_1 entered promiscuous mode [ 45.760748][ T4033] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 45.762738][ T4033] Cannot create hsr debugfs directory [ 45.802405][ T4022] device hsr_slave_0 entered promiscuous mode [ 45.840951][ T4022] device hsr_slave_1 entered promiscuous mode [ 45.880691][ T4022] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 45.882763][ T4022] Cannot create hsr debugfs directory [ 45.890356][ T4028] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.892381][ T4028] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.899002][ T4028] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.903452][ T4028] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.905184][ T4028] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.911641][ T4028] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.052494][ T4028] device hsr_slave_0 entered promiscuous mode [ 46.101111][ T4028] device hsr_slave_1 entered promiscuous mode [ 46.140825][ T4028] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.142746][ T4028] Cannot create hsr debugfs directory [ 46.331837][ T25] Bluetooth: hci4: command 0x0409 tx timeout [ 46.333755][ T25] Bluetooth: hci3: command 0x0409 tx timeout [ 46.335319][ T25] Bluetooth: hci1: command 0x0409 tx timeout [ 46.339475][ T4023] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 46.340868][ T7] Bluetooth: hci2: command 0x0409 tx timeout [ 46.342622][ T7] Bluetooth: hci0: command 0x0409 tx timeout [ 46.376975][ T4023] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 46.413367][ T4023] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 46.476324][ T4023] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 46.537613][ T4036] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 46.592359][ T4036] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 46.640592][ T4036] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 46.692853][ T4036] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 46.779868][ T4022] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 46.813395][ T4022] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 46.857854][ T4022] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 46.912665][ T4022] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 47.039198][ T4033] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 47.097025][ T4036] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.098959][ T4033] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 47.158908][ T4033] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 47.202907][ T4033] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 47.254240][ T4023] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.268258][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.277641][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.295718][ T4036] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.298639][ T4023] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.303970][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.306707][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.310169][ T4028] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 47.333073][ T4028] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 47.388060][ T4028] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 47.438920][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.441684][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.445315][ T306] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.447271][ T306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.450103][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.453606][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.456128][ T306] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.457877][ T306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.460044][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 47.463322][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 47.474306][ T4028] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 47.524458][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.527093][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.529499][ T148] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.531477][ T148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.534438][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.537107][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.539351][ T148] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.541046][ T148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.557442][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 47.577582][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 47.580380][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 47.594469][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 47.609441][ T4022] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.611540][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 47.614648][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.617189][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 47.629701][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 47.633211][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.637036][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 47.654528][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 47.657129][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.659608][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 47.663678][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.667676][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 47.670329][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.688718][ T4036] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 47.692700][ T4036] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 47.697179][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 47.699750][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.704036][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.707142][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.723516][ T4022] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.728628][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 47.733113][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.739055][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.743604][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.746056][ T136] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.747814][ T136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.758098][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 47.760410][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 47.763836][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.766550][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.769082][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.772080][ T136] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.773816][ T136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.783732][ T4033] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.819362][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 47.837734][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.840145][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.849519][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 47.865130][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 47.868367][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.880240][ T4033] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.887668][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 47.904462][ T4028] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.909412][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 47.912576][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 47.914553][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.917567][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.920031][ T136] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.921991][ T136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.925429][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 47.940208][ T4036] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.948353][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 47.952246][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.954742][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 47.957172][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.962718][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.965289][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.967536][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.969198][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.987184][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.989541][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.993776][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 47.996189][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.003086][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 48.010353][ T4028] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.023162][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.026139][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 48.028837][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.032883][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.035156][ T1628] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.036952][ T1628] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.039235][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.042940][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.045274][ T1628] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.047050][ T1628] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.049235][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 48.052594][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 48.054577][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.064109][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 48.067005][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.085629][ T4023] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.087707][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.090146][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.093714][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 48.099139][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.125701][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 48.128219][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.132240][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 48.135126][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 48.138222][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.142315][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 48.144841][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.147292][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.185638][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 48.188159][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.192141][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 48.196655][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.199318][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 48.202345][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.204983][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 48.207466][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.210042][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 48.214235][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.218587][ T4033] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 48.230339][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 48.233139][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 48.235434][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 48.238077][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.245964][ T4036] device veth0_vlan entered promiscuous mode [ 48.257075][ T4028] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 48.268161][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 48.270075][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 48.277950][ T4022] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.295323][ T4036] device veth1_vlan entered promiscuous mode [ 48.318445][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 48.321229][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 48.323767][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 48.326262][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.330056][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 48.338677][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.350901][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 48.353625][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 48.356038][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 48.358620][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.365084][ T4023] device veth0_vlan entered promiscuous mode [ 48.384228][ T4036] device veth0_macvtap entered promiscuous mode [ 48.387881][ T4023] device veth1_vlan entered promiscuous mode [ 48.406263][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 48.408756][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 48.415398][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 48.417987][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.422968][ T1960] Bluetooth: hci0: command 0x041b tx timeout [ 48.424649][ T1960] Bluetooth: hci2: command 0x041b tx timeout [ 48.426335][ T1960] Bluetooth: hci1: command 0x041b tx timeout [ 48.427944][ T1960] Bluetooth: hci3: command 0x041b tx timeout [ 48.429715][ T1960] Bluetooth: hci4: command 0x041b tx timeout [ 48.438249][ T4022] device veth0_vlan entered promiscuous mode [ 48.442491][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 48.446195][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 48.450132][ T4036] device veth1_macvtap entered promiscuous mode [ 48.486927][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 48.489656][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 48.495936][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 48.497820][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 48.506680][ T4036] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.509309][ T4022] device veth1_vlan entered promiscuous mode [ 48.522587][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 48.525049][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 48.527042][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 48.528882][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 48.532158][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.534933][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 48.537460][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.542038][ T4028] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.547347][ T4033] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.554016][ T4023] device veth0_macvtap entered promiscuous mode [ 48.565086][ T4036] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.575109][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 48.577700][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 48.584149][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 48.586816][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.590275][ T4036] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.594594][ T4036] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.596766][ T4036] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.599173][ T4036] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.605312][ T4023] device veth1_macvtap entered promiscuous mode [ 48.630834][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 48.634040][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 48.638163][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.675135][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 48.677928][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.692223][ T4022] device veth0_macvtap entered promiscuous mode [ 48.704288][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 48.706900][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 48.709488][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.713753][ T4023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.716449][ T4023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.720158][ T4023] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.739829][ T4023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.743614][ T4023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.747216][ T4023] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.752719][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 48.755266][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 48.757750][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 48.760350][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.764018][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 48.766602][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.776319][ T4022] device veth1_macvtap entered promiscuous mode [ 48.787068][ T4033] device veth0_vlan entered promiscuous mode [ 48.792457][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 48.798799][ T4023] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.802389][ T4023] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.804469][ T4023] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.806614][ T4023] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.831051][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 48.833929][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.848073][ T4033] device veth1_vlan entered promiscuous mode [ 48.857448][ T4022] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.860216][ T4022] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.860399][ T1628] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.863074][ T4022] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.867394][ T4022] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.872233][ T4022] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.881657][ T1628] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.886011][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 48.890245][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 48.894393][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.944667][ T4022] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.947200][ T4022] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.949591][ T4022] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.953860][ T4022] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.957696][ T4022] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.964955][ T1352] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.967033][ T1352] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.978012][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 48.981376][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.984341][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 48.987091][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 48.989680][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.993397][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 48.995731][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.018206][ T4022] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.020327][ T4022] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.026237][ T4022] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.028385][ T4022] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.039347][ T4028] device veth0_vlan entered promiscuous mode [ 49.053170][ T4033] device veth0_macvtap entered promiscuous mode [ 49.058383][ T4033] device veth1_macvtap entered promiscuous mode [ 49.063919][ T1352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 49.066475][ T1352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.068953][ T1352] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 49.073423][ T1352] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 49.085354][ T4028] device veth1_vlan entered promiscuous mode [ 49.092627][ T1352] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.094634][ T1352] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.128864][ T4103] udc-core: couldn't find an available UDC or it's busy [ 49.140893][ T4103] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 49.152934][ T1352] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 49.155745][ T1352] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 49.158186][ T1352] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 49.175751][ T4033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.178305][ T4033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.181561][ T4033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.184257][ T4033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.186546][ T4033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.189029][ T4033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.193615][ T4033] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.206452][ T1352] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.209198][ T1352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.224931][ T1352] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.226884][ T1352] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.237151][ T4033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.239794][ T4033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.244012][ T4033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.246509][ T4033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.248889][ T4033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.255038][ T4033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.258771][ T4033] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.264906][ T4033] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.267099][ T4033] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.269228][ T4033] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.271737][ T4033] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.288272][ T1352] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 49.292254][ T1352] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.294989][ T1352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.325435][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 49.327958][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.364489][ T4028] device veth0_macvtap entered promiscuous mode [ 49.367635][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.369691][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.370288][ T4028] device veth1_macvtap entered promiscuous mode [ 49.389673][ T4106] udc-core: couldn't find an available UDC or it's busy [ 49.392709][ T4106] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 49.395018][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 49.397445][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 49.400094][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 49.443033][ T4028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.445722][ T4028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.448185][ T4028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.452856][ T4028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.455255][ T4028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.457776][ T4028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.460253][ T4028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.469111][ T4028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.474935][ T4028] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.488057][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.490774][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.504392][ T1628] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.506366][ T1628] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.509494][ T4028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.513329][ T4028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.515794][ T4028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.519011][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.519425][ T4028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.525621][ T4028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.527004][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.528422][ T4028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.533969][ T4028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.536481][ T4028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.540277][ T4028] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.551823][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 49.554496][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 49.556918][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.559397][ T1628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.571450][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.573636][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.575339][ T4028] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.577627][ T4028] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.579774][ T4028] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.588361][ T4028] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.614090][ T1352] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 49.753094][ T1352] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.755213][ T1352] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.758476][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 49.762428][ T4113] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6'. [ 49.762591][ T4114] loop3: detected capacity change from 0 to 16 [ 49.819502][ T306] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.824044][ T4114] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 49.826382][ T306] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.833349][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 50.000410][ T4124] loop3: detected capacity change from 0 to 16 [ 50.005160][ T4123] udc-core: couldn't find an available UDC or it's busy [ 50.006957][ T4123] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 50.020828][ T4104] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 50.027381][ T4127] udc-core: couldn't find an available UDC or it's busy [ 50.029186][ T4127] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 50.035683][ T4128] loop2: detected capacity change from 0 to 128 [ 50.038390][ T4124] erofs: (device loop3): mounted with root inode @ nid 36. [ 50.088315][ T4128] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 50.240298][ T4134] udc-core: couldn't find an available UDC or it's busy [ 50.244927][ T4134] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 50.501356][ T4075] Bluetooth: hci4: command 0x040f tx timeout [ 50.503180][ T4075] Bluetooth: hci3: command 0x040f tx timeout [ 50.506101][ T4075] Bluetooth: hci1: command 0x040f tx timeout [ 50.508237][ T4075] Bluetooth: hci2: command 0x040f tx timeout [ 50.510114][ T4075] Bluetooth: hci0: command 0x040f tx timeout [ 50.544763][ T4104] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 50.547156][ T4104] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 50.549246][ T4104] usb 1-1: Product: syz [ 50.550293][ T4104] usb 1-1: Manufacturer: syz [ 50.552807][ T4104] usb 1-1: SerialNumber: syz [ 50.559310][ T4104] usb 1-1: config 0 descriptor?? [ 50.635029][ T4143] netlink: 4 bytes leftover after parsing attributes in process `syz.4.18'. [ 50.649014][ T4145] loop1: detected capacity change from 0 to 8 [ 50.708285][ T4149] loop4: detected capacity change from 0 to 16 [ 50.709478][ T4145] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 50.751071][ T4149] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 50.804440][ T4151] udc-core: couldn't find an available UDC or it's busy [ 50.806242][ T4151] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 50.820699][ T4104] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 50.852593][ T4153] udc-core: couldn't find an available UDC or it's busy [ 50.854448][ T4153] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 50.954625][ T4159] loop4: detected capacity change from 0 to 512 [ 50.964586][ T4159] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.26: casefold flag without casefold feature [ 50.968539][ T4159] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.26: couldn't read orphan inode 15 (err -117) [ 50.975699][ T4159] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 51.069871][ T4162] udc-core: couldn't find an available UDC or it's busy [ 51.072627][ T4162] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 51.365091][ T4164] syz.3.28 uses obsolete (PF_INET,SOCK_PACKET) [ 51.563067][ T4172] netlink: 4 bytes leftover after parsing attributes in process `syz.3.31'. [ 51.609855][ T4176] udc-core: couldn't find an available UDC or it's busy [ 51.631338][ T4176] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 51.648119][ T4179] udc-core: couldn't find an available UDC or it's busy [ 51.649942][ T4179] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 51.667103][ T4180] netlink: 36 bytes leftover after parsing attributes in process `syz.1.36'. [ 51.736412][ T4184] netlink: 8 bytes leftover after parsing attributes in process `syz.1.38'. [ 52.165631][ T4188] udc-core: couldn't find an available UDC or it's busy [ 52.181177][ T4188] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 52.241005][ T26] audit: type=1326 audit(52.210:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4191 comm="syz.1.42" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8af8e728 code=0x7ffc0000 [ 52.246659][ T26] audit: type=1326 audit(52.220:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4191 comm="syz.1.42" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8af8e728 code=0x7ffc0000 [ 52.269865][ T26] audit: type=1326 audit(52.220:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4191 comm="syz.1.42" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8af8e728 code=0x7ffc0000 [ 52.289194][ T26] audit: type=1326 audit(52.220:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4191 comm="syz.1.42" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=141 compat=0 ip=0xffff8af8e728 code=0x7ffc0000 [ 52.300712][ T26] audit: type=1326 audit(52.220:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4191 comm="syz.1.42" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8af8e728 code=0x7ffc0000 [ 52.315185][ T4197] netlink: 28 bytes leftover after parsing attributes in process `syz.1.44'. [ 52.325562][ T4197] netlink: 28 bytes leftover after parsing attributes in process `syz.1.44'. [ 52.327985][ T4197] Zero length message leads to an empty skb [ 52.335703][ T4198] loop3: detected capacity change from 0 to 1024 [ 52.372804][ T4198] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 52.376424][ T4198] EXT4-fs (loop3): filesystem is read-only [ 52.377912][ T4198] EXT4-fs (loop3): Unsupported encryption level 6 [ 52.574065][ T4207] udc-core: couldn't find an available UDC or it's busy [ 52.581373][ T1960] Bluetooth: hci0: command 0x0419 tx timeout [ 52.585037][ T4207] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 52.587051][ T1960] Bluetooth: hci2: command 0x0419 tx timeout [ 52.589798][ T1960] Bluetooth: hci1: command 0x0419 tx timeout [ 52.594110][ T1960] Bluetooth: hci3: command 0x0419 tx timeout [ 52.596012][ T1960] Bluetooth: hci4: command 0x0419 tx timeout [ 52.900650][ T4104] dvb_usb_rtl28xxu: probe of 1-1:0.0 failed with error -71 [ 52.920301][ T4104] usb 1-1: USB disconnect, device number 2 [ 53.206052][ T4224] loop2: detected capacity change from 0 to 512 [ 53.351091][ T4224] EXT4-fs error (device loop2): ext4_orphan_get:1401: inode #15: comm syz.2.58: casefold flag without casefold feature [ 53.366312][ T4224] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.58: couldn't read orphan inode 15 (err -117) [ 53.369956][ T4224] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobarrier,delalloc,norecovery,journal_dev=0x0000000000000256,,errors=continue. Quota mode: writeback. [ 53.684759][ T4234] loop2: detected capacity change from 0 to 2048 [ 53.702770][ T4234] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 53.739950][ T4236] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 53.805695][ T4241] capability: warning: `syz.1.63' uses 32-bit capabilities (legacy support in use) [ 53.907259][ T4036] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 147 [ 53.913199][ T4036] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15) [ 53.919725][ T4036] Remounting filesystem read-only [ 53.928521][ T4036] NILFS (loop2): error -5 truncating bmap (ino=15) [ 53.968363][ T4036] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer [ 54.017403][ T4248] udc-core: couldn't find an available UDC or it's busy [ 54.022952][ T4248] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 54.031734][ T4249] tipc: Started in network mode [ 54.036402][ T4249] tipc: Node identity 7f000001, cluster identity 4711 [ 54.038434][ T4249] tipc: Enabling of bearer rejected, failed to enable media [ 54.340131][ T4263] loop2: detected capacity change from 0 to 1024 [ 54.397841][ T4263] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 54.401171][ T4263] EXT4-fs (loop2): blocks per group (131072) and clusters per group (8192) inconsistent [ 54.588584][ T4271] loop2: detected capacity change from 0 to 16 [ 54.606906][ T4273] netlink: 20 bytes leftover after parsing attributes in process `syz.4.78'. [ 54.607391][ T4271] erofs: (device loop2): mounted with root inode @ nid 36. [ 54.629085][ T4271] attempt to access beyond end of device [ 54.629085][ T4271] loop2: rw=0, want=15300821032, limit=16 [ 54.646182][ T4271] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117] [ 54.766948][ T4282] udc-core: couldn't find an available UDC or it's busy [ 54.768662][ T4282] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 54.930742][ T4071] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 55.092656][ T4294] netlink: 20 bytes leftover after parsing attributes in process `syz.4.88'. [ 55.180601][ T4071] usb 1-1: Using ep0 maxpacket: 16 [ 55.223282][ T4299] loop4: detected capacity change from 0 to 64 [ 55.294097][ T4299] udc-core: couldn't find an available UDC or it's busy [ 55.300005][ T4299] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 55.331168][ T4071] usb 1-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 55.331917][ T4301] loop2: detected capacity change from 0 to 128 [ 55.333983][ T4071] usb 1-1: config 0 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 55.339904][ T4071] usb 1-1: config 0 interface 0 has no altsetting 0 [ 55.344144][ T4071] usb 1-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00 [ 55.347691][ T4071] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.355980][ T4071] usb 1-1: config 0 descriptor?? [ 55.428940][ T4301] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 55.558679][ T4304] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 55.560586][ T4304] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 55.577856][ T4304] vhci_hcd vhci_hcd.0: Device attached [ 55.618705][ T4304] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(5) [ 55.620489][ T4304] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 55.627865][ T4304] vhci_hcd vhci_hcd.0: Device attached [ 55.630273][ T4304] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 55.648205][ T4304] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(9) [ 55.649885][ T4304] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 55.655760][ T4304] vhci_hcd vhci_hcd.0: Device attached [ 55.674080][ T4304] vhci_hcd vhci_hcd.0: pdev(2) rhport(4) sockfd(11) [ 55.675700][ T4304] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 55.677491][ T4304] vhci_hcd vhci_hcd.0: Device attached [ 55.698087][ T4304] vhci_hcd vhci_hcd.0: pdev(2) rhport(5) sockfd(13) [ 55.699747][ T4304] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 55.711554][ T4304] vhci_hcd vhci_hcd.0: Device attached [ 55.738327][ T4304] vhci_hcd vhci_hcd.0: pdev(2) rhport(6) sockfd(15) [ 55.739918][ T4304] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 55.743386][ T4304] vhci_hcd vhci_hcd.0: Device attached [ 55.745944][ T4311] vhci_hcd: connection closed [ 55.747555][ T4309] vhci_hcd: connection closed [ 55.747574][ T148] vhci_hcd: stop threads [ 55.749826][ T4307] vhci_hcd: connection closed [ 55.750201][ T148] vhci_hcd: release socket [ 55.761326][ T4305] vhci_hcd: connection closed [ 55.762665][ T4313] vhci_hcd: connection closed [ 55.763890][ T148] vhci_hcd: disconnect device [ 55.764016][ T4316] vhci_hcd: connection closed [ 55.766546][ T148] vhci_hcd: stop threads [ 55.768869][ T148] vhci_hcd: release socket [ 55.770187][ T148] vhci_hcd: disconnect device [ 55.773076][ T148] vhci_hcd: stop threads [ 55.774173][ T148] vhci_hcd: release socket [ 55.775257][ T148] vhci_hcd: disconnect device [ 55.776891][ T148] vhci_hcd: stop threads [ 55.777754][ T13] vhci_hcd: vhci_device speed not set [ 55.777930][ T148] vhci_hcd: release socket [ 55.780596][ T148] vhci_hcd: disconnect device [ 55.782155][ T148] vhci_hcd: stop threads [ 55.783342][ T148] vhci_hcd: release socket [ 55.784495][ T148] vhci_hcd: disconnect device [ 55.785961][ T148] vhci_hcd: stop threads [ 55.787168][ T148] vhci_hcd: release socket [ 55.788336][ T148] vhci_hcd: disconnect device [ 55.851445][ T13] usb 6-1: new full-speed USB device number 2 using vhci_hcd [ 55.853322][ T13] usb 6-1: enqueue for inactive port 0 [ 55.853398][ T4071] hid-generic 0003:04D8:00DF.0001: hidraw0: USB HID v0.00 Device [HID 04d8:00df] on usb-dummy_hcd.0-1/input0 [ 55.937673][ T13] vhci_hcd: vhci_device speed not set [ 56.051195][ T4070] usb 1-1: USB disconnect, device number 3 [ 56.410312][ T4354] udc-core: couldn't find an available UDC or it's busy [ 56.454574][ T4354] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 56.537935][ T4363] udc-core: couldn't find an available UDC or it's busy [ 56.539736][ T4363] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 56.723089][ T4372] netlink: 24 bytes leftover after parsing attributes in process `syz.2.118'. [ 56.979523][ T4378] udc-core: couldn't find an available UDC or it's busy [ 56.983693][ T4378] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 57.010837][ T4071] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 57.094415][ T4380] udc-core: couldn't find an available UDC or it's busy [ 57.096587][ T4380] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 57.359620][ T4384] netlink: 'syz.3.124': attribute type 3 has an invalid length. [ 57.371055][ T4071] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 57.373540][ T4071] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 57.540203][ T4071] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 57.543040][ T4071] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 57.545103][ T4071] usb 1-1: Product: syz [ 57.546131][ T4071] usb 1-1: Manufacturer: syz [ 57.547223][ T4071] usb 1-1: SerialNumber: syz [ 57.587164][ T226] block nbd3: Attempted send on invalid socket [ 57.589188][ T226] blk_update_request: I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 57.809858][ T4406] loop1: detected capacity change from 0 to 512 [ 57.874485][ T4071] usb 1-1: skipping empty audio interface (v1) [ 57.879761][ T4406] ======================================================= [ 57.879761][ T4406] WARNING: The mand mount option has been deprecated and [ 57.879761][ T4406] and is ignored by this kernel. Remove the mand [ 57.879761][ T4406] option from the mount to silence this warning. [ 57.879761][ T4406] ======================================================= [ 57.883705][ T4411] loop4: detected capacity change from 0 to 4096 [ 57.937391][ T4071] snd-usb-audio: probe of 1-1:1.0 failed with error -22 [ 57.946471][ T4071] usb 1-1: USB disconnect, device number 4 [ 57.965080][ T4411] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 58.032634][ T4406] EXT4-fs (loop1): Project quota feature not enabled. Cannot enable project quota enforcement. [ 58.074079][ T4413] loop2: detected capacity change from 0 to 1024 [ 58.157088][ T4039] udevd[4039]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 58.216677][ T1352] hfsplus: b-tree write err: -5, ino 4 [ 58.337580][ T4427] loop3: detected capacity change from 0 to 8 [ 58.342543][ T4424] loop2: detected capacity change from 0 to 2048 [ 58.348511][ T4428] loop0: detected capacity change from 0 to 256 [ 58.379332][ T4431] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 58.380997][ T4431] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 58.391805][ T4431] vhci_hcd vhci_hcd.0: Device attached [ 58.429217][ T4427] SQUASHFS error: lzo decompression failed, data probably corrupt [ 58.435977][ T4436] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 58.445593][ T4427] SQUASHFS error: Failed to read block 0x144: -5 [ 58.447298][ T4427] SQUASHFS error: Unable to read metadata cache entry [142] [ 58.448990][ T4427] SQUASHFS error: Unable to read inode 0x11f [ 58.461496][ T4428] FAT-fs (loop0): Directory bread(block 64) failed [ 58.463314][ T4428] FAT-fs (loop0): Directory bread(block 65) failed [ 58.464987][ T4428] FAT-fs (loop0): Directory bread(block 66) failed [ 58.466587][ T4428] FAT-fs (loop0): Directory bread(block 67) failed [ 58.467694][ T4431] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(5) [ 58.468300][ T4428] FAT-fs (loop0): Directory bread(block 68) failed [ 58.469886][ T4431] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 58.475760][ T4431] vhci_hcd vhci_hcd.0: Device attached [ 58.509649][ T4428] FAT-fs (loop0): Directory bread(block 69) failed [ 58.519099][ T4428] FAT-fs (loop0): Directory bread(block 70) failed [ 58.525476][ T4428] FAT-fs (loop0): Directory bread(block 71) failed [ 58.527703][ T4428] FAT-fs (loop0): Directory bread(block 72) failed [ 58.529281][ T4428] FAT-fs (loop0): Directory bread(block 73) failed [ 58.532531][ T4431] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 58.585623][ T4431] vhci_hcd vhci_hcd.0: pdev(4) rhport(3) sockfd(9) [ 58.587249][ T4431] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 58.589250][ T4431] vhci_hcd vhci_hcd.0: Device attached [ 58.600847][ T13] vhci_hcd: vhci_device speed not set [ 58.617871][ T4444] vhci_hcd vhci_hcd.0: pdev(4) rhport(4) sockfd(11) [ 58.619591][ T4444] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 58.625039][ T4444] vhci_hcd vhci_hcd.0: Device attached [ 58.638803][ T4431] vhci_hcd vhci_hcd.0: pdev(4) rhport(5) sockfd(13) [ 58.640396][ T4431] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 58.644467][ T4431] vhci_hcd vhci_hcd.0: Device attached [ 58.677342][ T4431] vhci_hcd vhci_hcd.0: pdev(4) rhport(6) sockfd(15) [ 58.678999][ T4431] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 58.680707][ T13] usb 10-1: new full-speed USB device number 2 using vhci_hcd [ 58.681891][ T4431] vhci_hcd vhci_hcd.0: Device attached [ 58.686702][ T4456] IPv6: Can't replace route, no match found [ 58.701912][ T4455] loop6: detected capacity change from 0 to 1 [ 58.720706][ T4455] Dev loop6: unable to read RDB block 1 [ 58.722693][ T4455] loop6: unable to read partition table [ 58.724326][ T4455] loop6: partition table beyond EOD, truncated [ 58.725758][ T4455] loop_reread_partitions: partition scan of loop6 (被x) failed (rc=-5) [ 58.729160][ T4451] vhci_hcd: connection closed [ 58.729933][ T1352] vhci_hcd: stop threads [ 58.756223][ T4448] vhci_hcd: connection closed [ 58.756647][ T4445] vhci_hcd: connection closed [ 58.758295][ T4440] vhci_hcd: connection closed [ 58.760055][ T4437] vhci_hcd: connection closed [ 58.761897][ T4432] vhci_hcd: connection reset by peer [ 58.788498][ T1352] vhci_hcd: release socket [ 58.790766][ T1352] vhci_hcd: disconnect device [ 58.810890][ T1352] vhci_hcd: stop threads [ 58.811968][ T1352] vhci_hcd: release socket [ 58.817509][ T1352] vhci_hcd: disconnect device [ 58.819335][ T1352] vhci_hcd: stop threads [ 58.820358][ T1352] vhci_hcd: release socket [ 58.822479][ T1352] vhci_hcd: disconnect device [ 58.837568][ T1352] vhci_hcd: stop threads [ 58.838718][ T1352] vhci_hcd: release socket [ 58.847260][ T4459] loop3: detected capacity change from 0 to 2048 [ 58.855566][ T1352] vhci_hcd: disconnect device [ 58.859255][ T1352] vhci_hcd: stop threads [ 58.860319][ T1352] vhci_hcd: release socket [ 58.863830][ T1352] vhci_hcd: disconnect device [ 58.866321][ T1352] vhci_hcd: stop threads [ 58.867440][ T1352] vhci_hcd: release socket [ 58.868070][ T4463] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition [ 58.872011][ T1352] vhci_hcd: disconnect device [ 58.882579][ T4463] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0) [ 58.895187][ T4459] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 58.918340][ T4467] udc-core: couldn't find an available UDC or it's busy [ 58.931262][ T4467] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 59.086070][ T4476] udc-core: couldn't find an available UDC or it's busy [ 59.087775][ T4476] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 59.210592][ T1960] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 59.301641][ T4476] udc-core: couldn't find an available UDC or it's busy [ 59.303477][ T4476] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 59.339152][ T4480] bridge0: port 3(syz_tun) entered blocking state [ 59.342772][ T4480] bridge0: port 3(syz_tun) entered disabled state [ 59.345672][ T4480] device syz_tun entered promiscuous mode [ 59.348066][ T4480] bridge0: port 3(syz_tun) entered blocking state [ 59.349873][ T4480] bridge0: port 3(syz_tun) entered forwarding state [ 59.359619][ T4480] udc-core: couldn't find an available UDC or it's busy [ 59.361967][ T4480] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 59.544838][ T4487] capability: warning: `syz.2.165' uses deprecated v2 capabilities in a way that may be insecure [ 59.572151][ T1960] usb 1-1: config 0 has an invalid interface number: 230 but max is 0 [ 59.574208][ T1960] usb 1-1: config 0 has no interface number 0 [ 59.575892][ T1960] usb 1-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 59.578672][ T1960] usb 1-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 59.587450][ T1960] usb 1-1: config 0 interface 230 has no altsetting 0 [ 59.597329][ T4489] loop2: detected capacity change from 0 to 764 [ 59.680339][ T4489] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 59.695590][ T4491] loop1: detected capacity change from 0 to 512 [ 59.740725][ T1960] usb 1-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 59.742888][ T1960] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 59.745215][ T1960] usb 1-1: Product: syz [ 59.746216][ T1960] usb 1-1: Manufacturer: syz [ 59.747338][ T1960] usb 1-1: SerialNumber: syz [ 59.774780][ T1960] usb 1-1: config 0 descriptor?? [ 59.790763][ T4469] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 59.792853][ T4469] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 59.811619][ T1960] ums-usbat 1-1:0.230: USB Mass Storage device detected [ 59.836835][ T1960] ums-usbat 1-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 59.908288][ T4501] loop3: detected capacity change from 0 to 1024 [ 59.915329][ T4491] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 60.657027][ T4505] udc-core: couldn't find an available UDC or it's busy [ 60.658932][ T4505] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 60.712574][ T4501] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,,errors=continue. Quota mode: none. [ 60.952167][ T4519] udc-core: couldn't find an available UDC or it's busy [ 60.962265][ T4519] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 61.019977][ T4523] netlink: 48 bytes leftover after parsing attributes in process `syz.3.177'. [ 61.056186][ T4527] udc-core: couldn't find an available UDC or it's busy [ 61.057898][ T4527] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 61.067466][ T4529] loop3: detected capacity change from 0 to 128 [ 61.161596][ T4529] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,data_err=ignore,jqfmt=vfsv1,init_itable,lazytime,,errors=continue. Quota mode: none. [ 61.171514][ T4529] EXT4-fs warning (device loop3): ext4_dirblock_csum_verify:406: inode #2: comm syz.3.180: No space for directory leaf checksum. Please run e2fsck -D. [ 61.175775][ T4529] EXT4-fs error (device loop3): __ext4_find_entry:1696: inode #2: comm syz.3.180: checksumming directory block 0 [ 61.568666][ T4034] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 61.571691][ T4034] CPU: 1 PID: 4034 Comm: kworker/u5:6 Not tainted 5.15.180-syzkaller #0 [ 61.573771][ T4034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 61.576259][ T4034] Workqueue: hci4 hci_rx_work [ 61.577496][ T4034] Call trace: [ 61.578305][ T4034] dump_backtrace+0x0/0x43c [ 61.579405][ T4034] show_stack+0x2c/0x3c [ 61.580452][ T4034] __dump_stack+0x30/0x40 [ 61.581551][ T4034] dump_stack_lvl+0xf8/0x160 [ 61.582725][ T4034] dump_stack+0x1c/0x5c [ 61.583878][ T4034] sysfs_create_dir_ns+0x22c/0x24c [ 61.585215][ T4034] kobject_add_internal+0x590/0xc54 [ 61.586536][ T4034] kobject_add+0x134/0x1f8 [ 61.587656][ T4034] device_add+0x3f0/0xf94 [ 61.588764][ T4034] hci_conn_add_sysfs+0xbc/0x1cc [ 61.590016][ T4034] le_conn_complete_evt+0x9a4/0x11bc [ 61.591301][ T4034] hci_le_meta_evt+0x85c/0x3010 [ 61.592505][ T4034] hci_event_packet+0xd10/0x11bc [ 61.593756][ T4034] hci_rx_work+0x1cc/0x880 [ 61.594780][ T4034] process_one_work+0x79c/0x1140 [ 61.595991][ T4034] worker_thread+0x8f4/0x101c [ 61.597231][ T4034] kthread+0x374/0x454 [ 61.598224][ T4034] ret_from_fork+0x10/0x20 [ 61.599346][ C1] vkms_vblank_simulate: vblank timer overrun [ 61.603717][ T4034] kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 61.606926][ T4034] Bluetooth: hci4: failed to register connection device [ 61.613624][ T4559] netlink: 48 bytes leftover after parsing attributes in process `syz.4.191'. [ 61.668510][ T4564] udc-core: couldn't find an available UDC or it's busy [ 61.670395][ T4564] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 61.704617][ T4566] udc-core: couldn't find an available UDC or it's busy [ 61.706499][ T4566] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 62.034958][ T4570] device syzkaller0 entered promiscuous mode [ 62.232938][ T4576] device bridge0 entered promiscuous mode [ 62.234470][ T4576] device macvlan2 entered promiscuous mode [ 62.267100][ T4580] loop1: detected capacity change from 0 to 128 [ 62.339880][ T4580] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 62.414864][ T4582] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.445167][ T4590] udc-core: couldn't find an available UDC or it's busy [ 62.446928][ T4590] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 62.469410][ T4588] device syz_tun entered promiscuous mode [ 62.471958][ T4588] device vlan2 entered promiscuous mode [ 62.499605][ T4588] device syz_tun left promiscuous mode [ 62.556037][ T4596] loop0: detected capacity change from 0 to 512 [ 62.562049][ T4582] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.604388][ T4596] EXT4-fs (loop0): Ignoring removed bh option [ 62.639363][ T4582] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.642341][ T4596] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 62.657581][ T4596] EXT4-fs (loop0): 1 truncate cleaned up [ 62.662055][ T4596] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none. [ 62.709525][ T4582] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.877098][ T1960] ums-usbat: probe of 1-1:0.230 failed with error 4 [ 62.885743][ T1960] usb 1-1: USB disconnect, device number 5 [ 62.908453][ T4582] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.916488][ T4582] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.924346][ T4582] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.932175][ T4582] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.012138][ T4608] udc-core: couldn't find an available UDC or it's busy [ 63.014134][ T4608] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 63.078908][ T4614] loop1: detected capacity change from 0 to 24 [ 63.132171][ T4614] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 63.150211][ T4614] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 63.178797][ T4612] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 63.204266][ T4614] VFS: Lookup of 'file0' in romfs loop1 would have caused loop [ 63.262682][ T4622] loop3: detected capacity change from 0 to 2048 [ 63.290731][ T1960] Bluetooth: hci4: command 0x0405 tx timeout [ 63.299536][ T4622] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 63.348430][ T4622] fs-verity: sha512 using implementation "sha512-arm64" [ 63.365510][ T4632] loop4: detected capacity change from 0 to 256 [ 63.415930][ T4632] FAT-fs (loop4): Directory bread(block 64) failed [ 63.417659][ T4632] FAT-fs (loop4): Directory bread(block 65) failed [ 63.419334][ T4632] FAT-fs (loop4): Directory bread(block 66) failed [ 63.430039][ T4632] FAT-fs (loop4): Directory bread(block 67) failed [ 63.442311][ T4632] FAT-fs (loop4): Directory bread(block 68) failed [ 63.448199][ T4632] FAT-fs (loop4): Directory bread(block 69) failed [ 63.450084][ T4632] FAT-fs (loop4): Directory bread(block 70) failed [ 63.452021][ T4632] FAT-fs (loop4): Directory bread(block 71) failed [ 63.453767][ T4632] FAT-fs (loop4): Directory bread(block 72) failed [ 63.455457][ T4632] FAT-fs (loop4): Directory bread(block 73) failed [ 63.619301][ T4640] loop4: detected capacity change from 0 to 2048 [ 63.654039][ T4645] udc-core: couldn't find an available UDC or it's busy [ 63.656000][ T4645] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 63.671899][ T4640] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=26504, location=26504 [ 63.693343][ T4640] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 63.721008][ T4649] loop2: detected capacity change from 0 to 256 [ 63.794297][ T13] vhci_hcd: vhci_device speed not set [ 63.805410][ T4649] FAT-fs (loop2): Directory bread(block 64) failed [ 63.815198][ T4649] FAT-fs (loop2): Directory bread(block 65) failed [ 63.818734][ T4649] FAT-fs (loop2): Directory bread(block 66) failed [ 63.824405][ T4649] FAT-fs (loop2): Directory bread(block 67) failed [ 63.826321][ T4649] FAT-fs (loop2): Directory bread(block 68) failed [ 63.827959][ T4649] FAT-fs (loop2): Directory bread(block 69) failed [ 63.829640][ T4649] FAT-fs (loop2): Directory bread(block 70) failed [ 63.833998][ T4649] FAT-fs (loop2): Directory bread(block 71) failed [ 63.835992][ T4649] FAT-fs (loop2): Directory bread(block 72) failed [ 63.837748][ T4649] FAT-fs (loop2): Directory bread(block 73) failed [ 64.011536][ T4658] loop2: detected capacity change from 0 to 512 [ 64.015688][ T4659] loop4: detected capacity change from 0 to 256 [ 64.078007][ T4659] FAT-fs (loop4): Directory bread(block 64) failed [ 64.079752][ T4659] FAT-fs (loop4): Directory bread(block 65) failed [ 64.085290][ T4659] FAT-fs (loop4): Directory bread(block 66) failed [ 64.087152][ T4659] FAT-fs (loop4): Directory bread(block 67) failed [ 64.089215][ T4659] FAT-fs (loop4): Directory bread(block 68) failed [ 64.090056][ T4658] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,bsddf,. Quota mode: writeback. [ 64.093697][ T4659] FAT-fs (loop4): Directory bread(block 69) failed [ 64.096027][ T4659] FAT-fs (loop4): Directory bread(block 70) failed [ 64.097578][ T4659] FAT-fs (loop4): Directory bread(block 71) failed [ 64.099440][ T4659] FAT-fs (loop4): Directory bread(block 72) failed [ 64.104836][ T4659] FAT-fs (loop4): Directory bread(block 73) failed [ 64.150236][ T4665] netlink: 'syz.0.236': attribute type 10 has an invalid length. [ 64.165537][ T4665] netlink: 40 bytes leftover after parsing attributes in process `syz.0.236'. [ 64.179252][ T4658] EXT4-fs error (device loop2): ext4_empty_dir:3136: inode #12: comm syz.2.233: invalid size [ 64.195548][ T4658] EXT4-fs (loop2): Remounting filesystem read-only [ 64.278326][ T4665] team0: Port device geneve0 added [ 64.396913][ T4678] loop1: detected capacity change from 0 to 2048 [ 64.420228][ T4681] loop0: detected capacity change from 0 to 1024 [ 64.470410][ T4678] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 64.784319][ T4683] loop2: detected capacity change from 0 to 4096 [ 64.812047][ T4687] loop0: detected capacity change from 0 to 256 [ 64.861966][ T4687] exfat: Deprecated parameter 'namecase' [ 64.863521][ T4687] exfat: Deprecated parameter 'utf8' [ 64.864893][ T4687] exfat: Deprecated parameter 'namecase' [ 64.931633][ T4687] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xdf1ac56c, utbl_chksum : 0xe619d30d) [ 65.246388][ T4699] loop1: detected capacity change from 0 to 512 [ 65.355828][ T4699] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,bsddf,. Quota mode: writeback. [ 65.367396][ T4720] udc-core: couldn't find an available UDC or it's busy [ 65.369374][ T4720] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 65.429723][ T4724] loop8: detected capacity change from 0 to 8 [ 65.439077][ T4724] Dev loop8: unable to read RDB block 8 [ 65.454943][ T4699] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #12: comm syz.1.252: invalid size [ 65.458987][ T4724] loop8: unable to read partition table [ 65.474896][ T4724] loop8: partition table beyond EOD, truncated [ 65.476533][ T4724] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 65.478973][ T4699] EXT4-fs (loop1): Remounting filesystem read-only [ 65.647460][ T4734] loop2: detected capacity change from 0 to 64 [ 65.655031][ T4734] hfs: unable to parse mount options [ 65.948821][ T4754] loop1: detected capacity change from 0 to 4096 [ 65.985823][ T4759] loop2: detected capacity change from 0 to 512 [ 66.094189][ T4754] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 66.108123][ T4759] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 66.123596][ T4771] udc-core: couldn't find an available UDC or it's busy [ 66.125806][ T4771] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 66.143279][ T4774] loop4: detected capacity change from 0 to 1024 [ 66.162127][ T4759] Quota error (device loop2): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8 [ 66.162939][ T4023] ntfs3: loop1: ntfs_evict_inode r=5 failed, -22. [ 66.168856][ T4759] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 66.199263][ T4759] EXT4-fs error (device loop2): ext4_acquire_dquot:6204: comm syz.2.279: Failed to acquire dquot type 0 [ 66.235064][ T4774] Process accounting resumed [ 66.260902][ T136] hfsplus: b-tree write err: -5, ino 4 [ 66.382890][ T4782] udc-core: couldn't find an available UDC or it's busy [ 66.384611][ T4782] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 66.401774][ T4784] loop8: detected capacity change from 0 to 8 [ 66.407680][ T4784] Dev loop8: unable to read RDB block 8 [ 66.409227][ T4784] loop8: unable to read partition table [ 66.415189][ T4784] loop8: partition table beyond EOD, truncated [ 66.416917][ T4784] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 66.732281][ T1960] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 66.734483][ T1960] Bluetooth: hci3: Injecting HCI hardware error event [ 66.737193][ T4034] Bluetooth: hci3: hardware error 0x00 [ 66.932037][ T4800] netlink: 'syz.2.298': attribute type 1 has an invalid length. [ 66.947081][ T4803] loop1: detected capacity change from 0 to 512 [ 66.970077][ T4800] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 66.979030][ T4800] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 66.989836][ T4800] bond1: (slave vcan1): Error -22 calling dev_set_mtu [ 67.072477][ T4812] loop0: detected capacity change from 0 to 128 [ 67.084299][ T4803] EXT4-fs (loop1): orphan cleanup on readonly fs [ 67.086970][ T4815] loop2: detected capacity change from 0 to 512 [ 67.088504][ T4803] Quota error (device loop1): find_tree_dqentry: Getting block too big (196613 >= 6) [ 67.088667][ T4803] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 67.099520][ T4803] EXT4-fs error (device loop1): ext4_acquire_dquot:6204: comm syz.1.299: Failed to acquire dquot type 1 [ 67.110355][ T4803] EXT4-fs (loop1): 1 truncate cleaned up [ 67.116242][ T4815] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 67.118147][ T4815] EXT4-fs (loop2): Invalid want_extra_isize 134217774 [ 67.122225][ T4803] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsdgroups,nodiscard,norecovery,grpjquota=,grpjquota=,noquota,nobarrier,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 67.133632][ T4812] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 67.197863][ T4812] fscrypt (loop0, inode 12): Unsupported encryption modes (contents 0, filenames 0) [ 67.424836][ T4833] loop0: detected capacity change from 0 to 256 [ 67.628662][ T4840] udc-core: couldn't find an available UDC or it's busy [ 67.634184][ T4840] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 67.916925][ T4852] loop4: detected capacity change from 0 to 1024 [ 67.960377][ T4856] netlink: 16 bytes leftover after parsing attributes in process `syz.3.321'. [ 67.990096][ T4852] hfsplus: bad catalog entry type [ 68.027318][ T306] hfsplus: b-tree write err: -5, ino 4 [ 68.174326][ T4866] udc-core: couldn't find an available UDC or it's busy [ 68.176404][ T4866] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 68.197459][ T4869] udc-core: couldn't find an available UDC or it's busy [ 68.201694][ T4869] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 68.297770][ T4875] loop1: detected capacity change from 0 to 256 [ 68.785986][ T4897] loop4: detected capacity change from 0 to 2048 [ 68.831334][ T4904] loop0: detected capacity change from 0 to 256 [ 68.854150][ T4908] udc-core: couldn't find an available UDC or it's busy [ 68.856006][ T4908] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 68.871966][ T4903] loop1: detected capacity change from 0 to 4096 [ 68.881171][ T4904] exfat: Unknown parameter 'sys_tz' [ 68.899957][ T4909] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 69.218124][ T4923] loop1: detected capacity change from 0 to 2048 [ 69.249394][ T4929] loop3: detected capacity change from 0 to 256 [ 69.287388][ T4923] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 69.359549][ T4931] ALSA: mixer_oss: invalid OSS volume '0' [ 69.365032][ T4928] loop4: detected capacity change from 0 to 4096 [ 69.403167][ T4933] loop2: detected capacity change from 0 to 512 [ 69.414183][ T4928] ntfs3: Unknown parameter 'windows_names' [ 69.453622][ T4937] loop3: detected capacity change from 0 to 256 [ 69.456230][ T4939] udc-core: couldn't find an available UDC or it's busy [ 69.458019][ T4939] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 69.484166][ T4933] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 69.499215][ T4941] loop0: detected capacity change from 0 to 16 [ 69.526565][ T4933] EXT4-fs warning (device loop2): ext4_enable_quotas:6439: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 69.537931][ T4933] EXT4-fs (loop2): mount failed [ 69.551468][ T4941] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 69.613642][ T2056] ieee802154 phy0 wpan0: encryption failed: -22 [ 69.615640][ T2056] ieee802154 phy1 wpan1: encryption failed: -22 [ 69.626834][ T1534] cfg80211: failed to load regulatory.db [ 69.730965][ T4946] loop4: detected capacity change from 0 to 4096 [ 69.930406][ T4025] Bluetooth: hci3: unexpected event for opcode 0x2006 [ 69.956228][ T4968] netlink: 8 bytes leftover after parsing attributes in process `syz.2.373'. [ 70.017572][ T26] audit: type=1326 audit(69.990:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4970 comm="syz.3.375" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb16a4728 code=0x7ffc0000 [ 70.043264][ T26] audit: type=1326 audit(70.020:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4970 comm="syz.3.375" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=72 compat=0 ip=0xffffb16a4728 code=0x7ffc0000 [ 70.057174][ T4974] loop0: detected capacity change from 0 to 16 [ 70.091224][ T4974] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 70.098396][ T4978] loop2: detected capacity change from 0 to 256 [ 70.100113][ T4974] cramfs: unsupported filesystem features [ 70.108828][ T4977] loop4: detected capacity change from 0 to 1764 [ 70.168649][ T4980] loop1: detected capacity change from 0 to 64 [ 70.444976][ T4997] device netdevsim0 entered promiscuous mode [ 70.468196][ T4997] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 70.704069][ T5003] loop2: detected capacity change from 0 to 4096 [ 70.708671][ T5011] netlink: 104 bytes leftover after parsing attributes in process `syz.1.395'. [ 70.728031][ T5001] team0 (unregistering): Port device team_slave_0 removed [ 70.759304][ T5003] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 70.781887][ T5001] team0 (unregistering): Port device team_slave_1 removed [ 70.975680][ T5022] loop3: detected capacity change from 0 to 2048 [ 71.004643][ T5019] loop0: detected capacity change from 0 to 4096 [ 71.013536][ T5025] loop4: detected capacity change from 0 to 512 [ 71.022002][ T5025] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 71.025470][ T5025] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 71.084989][ T5022] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 71.099578][ T5025] EXT4-fs error (device loop4): ext4_orphan_get:1427: comm syz.4.402: bad orphan inode 131083 [ 71.100147][ T5026] loop1: detected capacity change from 0 to 512 [ 71.107343][ T5025] EXT4-fs (loop4): mounted filesystem without journal. Opts: stripe=0x000000000000003d,init_itable,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 71.157557][ T5030] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 71.188152][ T5026] EXT4-fs (loop1): Ignoring removed oldalloc option [ 71.200232][ T5026] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 71.226610][ T5026] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=b842c01c, mo2=0002] [ 71.228589][ T5026] System zones: 0-2, 18-18, 34-34 [ 71.278967][ T5026] EXT4-fs error (device loop1): ext4_orphan_get:1427: comm syz.1.400: bad orphan inode 15 [ 71.339419][ T5026] ext4_test_bit(bit=14, block=18) = 1 [ 71.365045][ T5026] is_bad_inode(inode)=0 [ 71.366181][ T5026] NEXT_ORPHAN(inode)=2264924160 [ 71.367327][ T5026] max_ino=32 [ 71.368146][ T5026] i_nlink=0 [ 71.369098][ T5026] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1062: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 71.457508][ T5026] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.400: bg 0: block 80: padding at end of block bitmap is not set [ 71.464503][ T5043] loop4: detected capacity change from 0 to 16 [ 71.481985][ T5026] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6183: Corrupt filesystem [ 71.485489][ T5026] EXT4-fs (loop1): mounted filesystem without journal. Opts: abort,jqfmt=vfsold,init_itable,init_itable,inode_readahead_blks=0x0000000000800000,data_err=abort,oldalloc,jqfmt=vfsv0,min_batch_time=0x0000000000000003,grpid,,errors=continue. Quota mode: none. [ 71.508881][ T5043] erofs: (device loop4): mounted with root inode @ nid 36. [ 71.525764][ T5043] erofs: (device loop4): z_erofs_map_blocks_iter: unknown type 3 @ offset 180223 of nid 36 [ 71.528654][ T5043] erofs: (device loop4): z_erofs_readpage: failed to read, err [-95] [ 71.576460][ T5043] erofs: (device loop4): z_erofs_map_blocks_iter: unknown type 3 @ offset 180223 of nid 36 [ 71.579037][ T5043] erofs: (device loop4): z_erofs_readpage: failed to read, err [-95] [ 71.743983][ T5061] netlink: 4 bytes leftover after parsing attributes in process `syz.2.416'. [ 71.761347][ T5059] loop0: detected capacity change from 0 to 512 [ 71.782058][ T5065] udc-core: couldn't find an available UDC or it's busy [ 71.791894][ T5065] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 71.852577][ T5059] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000003,noquota,init_itable,max_batch_time=0x0000000000001e2c,usrquota,quota,mb_optimize_scan=0x0000000000000000,,errors=continue. Quota mode: writeback. [ 72.026477][ T5074] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.045945][ T5080] loop2: detected capacity change from 0 to 512 [ 72.129981][ T5080] EXT4-fs (loop2): can't mount with both data=journal and delalloc [ 72.134729][ T5086] loop0: detected capacity change from 0 to 512 [ 72.137059][ T5074] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.195824][ T5074] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.247884][ T5086] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 72.268757][ T5086] EXT4-fs (loop0): 1 truncate cleaned up [ 72.276313][ T5086] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,usrjquota="errors=continue,errors=remount-ro,noblock_validity,. Quota mode: writeback. [ 72.306977][ T5074] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.310198][ T5086] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [ 72.356471][ T5089] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 72.363486][ T5089] overlayfs: missing 'lowerdir' [ 72.432307][ T5095] loop2: detected capacity change from 0 to 1024 [ 72.471468][ T5074] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.480359][ T5074] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.496761][ T5074] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.521432][ T5095] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 72.533829][ T5074] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.675391][ T5104] loop1: detected capacity change from 0 to 2048 [ 72.723094][ T5113] loop0: detected capacity change from 0 to 128 [ 72.730262][ T5114] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 72.962698][ T5126] udc-core: couldn't find an available UDC or it's busy [ 72.964574][ T5126] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 73.041865][ T5133] loop2: detected capacity change from 0 to 128 [ 73.145842][ T5138] loop0: detected capacity change from 0 to 2048 [ 73.147415][ T5133] attempt to access beyond end of device [ 73.147415][ T5133] loop2: rw=2049, want=210, limit=128 [ 73.223446][ T5141] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 73.287881][ T5143] udc-core: couldn't find an available UDC or it's busy [ 73.289683][ T5143] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 73.699203][ T5157] loop1: detected capacity change from 0 to 4096 [ 73.768994][ T5157] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 73.785579][ T5169] netlink: 8 bytes leftover after parsing attributes in process `syz.3.465'. [ 73.937973][ T5175] loop0: detected capacity change from 0 to 64 [ 73.940533][ T5178] udc-core: couldn't find an available UDC or it's busy [ 73.942368][ T5178] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 73.979534][ T5177] loop1: detected capacity change from 0 to 512 [ 74.014740][ T5177] EXT4-fs (loop1): can't mount with both data=journal and delalloc [ 74.030622][ T5175] BFS-fs: bfs_fill_super(): loop0 is unclean, continuing [ 74.032700][ T5175] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop0 [ 74.268650][ T5193] loop1: detected capacity change from 0 to 16 [ 74.301309][ T5193] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 74.419012][ T5196] loop8: detected capacity change from 0 to 8 [ 74.429888][ T5196] Dev loop8: unable to read RDB block 8 [ 74.434994][ T5196] loop8: unable to read partition table [ 74.441946][ T5196] loop8: partition table beyond EOD, truncated [ 74.445890][ T5196] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 74.546563][ T5199] udc-core: couldn't find an available UDC or it's busy [ 74.553030][ T5199] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 74.563563][ T5200] udc-core: couldn't find an available UDC or it's busy [ 74.565303][ T5200] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 74.584392][ T5202] netlink: 277 bytes leftover after parsing attributes in process `syz.4.480'. [ 74.850410][ T5209] netlink: 4 bytes leftover after parsing attributes in process `syz.4.482'. [ 75.016505][ T5216] loop0: detected capacity change from 0 to 512 [ 75.056090][ T5216] EXT4-fs (loop0): can't mount with both data=journal and delalloc [ 75.151845][ T5222] loop3: detected capacity change from 0 to 64 [ 75.404820][ T5233] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 75.450654][ T4074] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 75.710693][ T4074] usb 1-1: Using ep0 maxpacket: 32 [ 75.840685][ T4074] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 75.843614][ T4074] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 75.846046][ T4074] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 75.848226][ T4074] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.872085][ T4074] usb 1-1: config 0 descriptor?? [ 75.917647][ T4074] hub 1-1:0.0: USB hub found [ 76.120761][ T4074] hub 1-1:0.0: 1 port detected [ 77.350767][ T5263] netlink: 28 bytes leftover after parsing attributes in process `syz.4.505'. [ 77.353065][ T5263] netlink: 28 bytes leftover after parsing attributes in process `syz.4.505'. [ 77.680695][ T306] hub 1-1:0.0: activate --> -90 [ 77.855607][ T5274] netlink: 'syz.2.510': attribute type 4 has an invalid length. [ 77.974389][ T5274] netlink: 'syz.2.510': attribute type 4 has an invalid length. [ 78.101832][ T4070] usb 1-1: USB disconnect, device number 6 [ 78.352368][ T5287] netlink: 12 bytes leftover after parsing attributes in process `syz.2.514'. [ 78.784378][ T5287] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.787298][ T5287] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.955580][ C1] vcan0: j1939_tp_rxtimer: 0x00000000f9708700: rx timeout, send abort [ 78.959097][ C1] vcan0: j1939_xtp_rx_abort_one: 0x00000000f9708700: 0x10000: (3) A timeout occurred and this is the connection abort to close the session. [ 79.002058][ T5304] netlink: 20 bytes leftover after parsing attributes in process `syz.1.520'. [ 79.383352][ T5287] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 79.418644][ T5287] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 79.908352][ T5287] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.910902][ T5287] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.913047][ T5287] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.915497][ T5287] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.145476][ T5289] netlink: 8 bytes leftover after parsing attributes in process `syz.3.515'. [ 80.281117][ T5312] loop0: detected capacity change from 0 to 64 [ 80.755009][ T7] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 80.992919][ T7] usb 1-1: Using ep0 maxpacket: 16 [ 81.115400][ T7] usb 1-1: config 0 has an invalid interface number: 126 but max is 0 [ 81.117606][ T7] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 81.119885][ T7] usb 1-1: config 0 has no interface number 0 [ 81.125386][ T7] usb 1-1: config 0 interface 126 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 81.128754][ T7] usb 1-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88 [ 81.156991][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 81.162678][ T7] usb 1-1: config 0 descriptor?? [ 81.168560][ T5330] loop3: detected capacity change from 0 to 64 [ 81.296017][ T7] snd-usb-audio: probe of 1-1:0.126 failed with error -2 [ 81.377700][ T4038] udevd[4038]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.126/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 81.424150][ T4070] usb 1-1: USB disconnect, device number 7 [ 81.897250][ T5340] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 82.174539][ T5347] loop3: detected capacity change from 0 to 512 [ 82.425772][ T5350] loop0: detected capacity change from 0 to 32768 [ 82.453753][ T5350] (syz.0.538,5350,0):ocfs2_parse_options:1459 ERROR: Invalid heartbeat mount options [ 82.456494][ T5350] (syz.0.538,5350,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 82.609961][ T5347] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 82.998277][ T5365] udc-core: couldn't find an available UDC or it's busy [ 83.000036][ T5365] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 83.020259][ T5367] loop0: detected capacity change from 0 to 2048 [ 83.057027][ T5369] tipc: Started in network mode [ 83.058231][ T5369] tipc: Node identity ac1414aa, cluster identity 4711 [ 83.068654][ T5369] tipc: Enabled bearer , priority 10 [ 83.088412][ T5367] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 83.097742][ T5367] NILFS (loop0): unrecognized mount option "00000000000000000000000" [ 83.099948][ T4016] udevd[4016]: incorrect nilfs2 checksum on /dev/loop0 [ 83.770958][ T4070] usb 1-1: new low-speed USB device number 8 using dummy_hcd [ 84.062196][ T1960] tipc: Node number set to 2886997162 [ 84.170794][ T4070] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 84.173023][ T4070] usb 1-1: config 0 has no interface number 0 [ 84.174673][ T4070] usb 1-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 84.176993][ T4070] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 84.179732][ T4070] usb 1-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping [ 84.188020][ T4070] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 84.194743][ T4070] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 84.196972][ T4070] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.206980][ T4070] usb 1-1: config 0 descriptor?? [ 84.241404][ T5378] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 84.243317][ T5378] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 84.263189][ T4070] ldusb 1-1:0.55: Interrupt in endpoint not found [ 84.307679][ T26] audit: type=1326 audit(84.280:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5406 comm="syz.3.562" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb16a4728 code=0x7ffc0000 [ 84.500001][ T1960] usb 1-1: USB disconnect, device number 8 [ 84.772342][ T5427] loop3: detected capacity change from 0 to 1024 [ 84.940213][ T5432] loop1: detected capacity change from 0 to 8192 [ 85.118279][ T4074] kernel write not supported for file /vcs (pid: 4074 comm: kworker/0:6) [ 85.252833][ T5446] loop3: detected capacity change from 0 to 512 [ 85.437273][ T5457] loop0: detected capacity change from 0 to 256 [ 85.619597][ T5457] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 85.640870][ T5457] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 85.678301][ T5446] EXT4-fs (loop3): Test dummy encryption mode enabled [ 85.682140][ T5446] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 85.695026][ T5457] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x108de57f, utbl_chksum : 0xe619d30d) [ 85.699988][ T5446] EXT4-fs error (device loop3): ext4_orphan_get:1427: comm syz.3.581: bad orphan inode 131083 [ 85.718806][ T5446] EXT4-fs (loop3): mounted filesystem without journal. Opts: test_dummy_encryption,bsddf,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 85.959346][ T5446] fscrypt: AES-256-XTS using implementation "xts-aes-ce" [ 86.347847][ T5491] udc-core: couldn't find an available UDC or it's busy [ 86.349628][ T5491] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 86.451365][ T7] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 87.550957][ T7] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 87.553726][ T7] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 87.721843][ T7] usb 1-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60 [ 87.724107][ T7] usb 1-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3 [ 87.726137][ T7] usb 1-1: Product: syz [ 87.727148][ T7] usb 1-1: Manufacturer: syz [ 88.480071][ T7] usb 1-1: SerialNumber: syz [ 88.508474][ T7] usb 1-1: config 0 descriptor?? [ 88.548659][ T5516] udc-core: couldn't find an available UDC or it's busy [ 88.560094][ T5516] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 88.783739][ T4074] usb 1-1: USB disconnect, device number 9 [ 88.908050][ T5534] udc-core: couldn't find an available UDC or it's busy [ 88.909991][ T5534] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 89.759876][ T5544] netlink: 'syz.2.617': attribute type 4 has an invalid length. [ 91.059064][ T5556] loop0: detected capacity change from 0 to 1024 [ 92.654821][ T5556] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 94.079641][ T5605] udc-core: couldn't find an available UDC or it's busy [ 94.081797][ T5605] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 95.179749][ T5618] device batadv_slave_1 entered promiscuous mode [ 95.186272][ T5615] device batadv_slave_1 left promiscuous mode [ 96.341028][ T1960] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 97.195445][ T5634] device bridge1 entered promiscuous mode [ 97.253501][ T5639] loop3: detected capacity change from 0 to 512 [ 97.344855][ T5639] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 97.423292][ T5639] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv1,stripe=0x000000000800000f,dioread_nolock,mblk_io_submit,nogrpid,usrjquota=,,errors=continue. Quota mode: none. [ 97.490860][ T1960] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 97.493674][ T1960] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 97.495965][ T1960] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 97.506915][ T1960] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 97.509302][ T1960] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.518154][ T1960] usb 1-1: config 0 descriptor?? [ 97.604237][ T5652] udc-core: couldn't find an available UDC or it's busy [ 97.605939][ T5652] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 97.872911][ T5669] loop3: detected capacity change from 0 to 8 [ 98.910600][ T1960] usbhid 1-1:0.0: can't add hid device: -71 [ 98.912231][ T1960] usbhid: probe of 1-1:0.0 failed with error -71 [ 98.915442][ T1960] usb 1-1: USB disconnect, device number 10 [ 99.032172][ T5690] udc-core: couldn't find an available UDC or it's busy [ 99.033986][ T5690] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 99.500198][ T5713] netlink: 4 bytes leftover after parsing attributes in process `syz.4.685'. [ 99.598998][ T5722] loop3: detected capacity change from 0 to 128 [ 99.647615][ T5722] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 99.652141][ T5722] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 99.829765][ T5738] netlink: 128 bytes leftover after parsing attributes in process `syz.3.697'. [ 99.833595][ T5738] netlink: 16 bytes leftover after parsing attributes in process `syz.3.697'. [ 99.836108][ T5738] netlink: 16 bytes leftover after parsing attributes in process `syz.3.697'. [ 99.928580][ T5741] mmap: syz.3.699 (5741): VmData 37507072 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 101.169550][ T5778] loop0: detected capacity change from 0 to 512 [ 101.391822][ T5778] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 101.480614][ T5778] UDF-fs: error (device loop0): udf_verify_fi: directory (ino 21) has entry past directory size at pos 128 [ 101.566414][ T5794] netlink: 8 bytes leftover after parsing attributes in process `syz.3.716'. [ 103.742475][ T5820] loop0: detected capacity change from 0 to 512 [ 103.746106][ T5819] loop1: detected capacity change from 0 to 512 [ 104.137877][ T5819] EXT4-fs (loop1): Ignoring removed orlov option [ 104.149542][ T5820] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled [ 104.158946][ T5819] EXT4-fs (loop1): Journaled quota options ignored when QUOTA feature is enabled [ 104.788549][ T5820] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.730: invalid indirect mapped block 256 (level 2) [ 104.795848][ T5819] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,noinit_itable,orlov,grpjquota=.,stripe=0x0000000000000000,bsddf,,errors=continue. Quota mode: writeback. [ 104.832314][ T5839] netlink: 128 bytes leftover after parsing attributes in process `syz.4.737'. [ 104.834723][ T5839] netlink: 16 bytes leftover after parsing attributes in process `syz.4.737'. [ 104.836860][ T5839] netlink: 16 bytes leftover after parsing attributes in process `syz.4.737'. [ 104.875855][ T5820] EXT4-fs (loop0): 2 truncates cleaned up [ 104.877446][ T5820] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,auto_da_alloc,data_err=ignore,,errors=continue. Quota mode: writeback. [ 105.391003][ T4104] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 105.640847][ T4104] usb 1-1: Using ep0 maxpacket: 32 [ 106.060957][ T4104] usb 1-1: unable to get BOS descriptor or descriptor too short [ 106.142106][ T4104] usb 1-1: config 1 interface 0 altsetting 15 bulk endpoint 0x82 has invalid maxpacket 720 [ 106.144715][ T4104] usb 1-1: config 1 interface 0 altsetting 15 bulk endpoint 0x3 has invalid maxpacket 16 [ 106.147225][ T4104] usb 1-1: config 1 interface 0 has no altsetting 0 [ 106.980608][ T4104] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 106.982915][ T4104] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.984855][ T4104] usb 1-1: Product: syz [ 106.985871][ T4104] usb 1-1: Manufacturer: syz [ 106.987073][ T4104] usb 1-1: SerialNumber: syz [ 107.083243][ T5863] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 107.085073][ T5863] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 107.422304][ T4104] cdc_ether: probe of 1-1:1.0 failed with error -71 [ 108.638925][ T4104] usb 1-1: USB disconnect, device number 11 [ 108.849638][ T5919] loop1: detected capacity change from 0 to 164 [ 109.220717][ T4104] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 110.083830][ T5944] netlink: 20 bytes leftover after parsing attributes in process `syz.2.778'. [ 110.328988][ T4104] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 110.331920][ T4104] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.336143][ T4104] usb 1-1: config 0 descriptor?? [ 110.362681][ T5950] netlink: 8 bytes leftover after parsing attributes in process `syz.3.780'. [ 110.371867][ T4104] cp210x 1-1:0.0: cp210x converter detected [ 111.162144][ T4104] usb 1-1: cp210x converter now attached to ttyUSB0 [ 111.410125][ T21] usb 1-1: USB disconnect, device number 12 [ 111.418208][ T21] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 111.436168][ T21] cp210x 1-1:0.0: device disconnected [ 113.847667][ T6024] syz.3.809 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 113.986845][ T6029] loop1: detected capacity change from 0 to 128 [ 114.133068][ T6029] FAT-fs (loop1): Directory bread(block 162) failed [ 114.135119][ T6029] FAT-fs (loop1): Directory bread(block 163) failed [ 114.137146][ T6029] FAT-fs (loop1): Directory bread(block 164) failed [ 114.139129][ T6029] FAT-fs (loop1): Directory bread(block 165) failed [ 114.141098][ T6029] FAT-fs (loop1): Directory bread(block 166) failed [ 114.143027][ T6029] FAT-fs (loop1): Directory bread(block 167) failed [ 114.144992][ T6029] FAT-fs (loop1): Directory bread(block 168) failed [ 114.147080][ T6029] FAT-fs (loop1): Directory bread(block 169) failed [ 114.885996][ T6042] netlink: 60 bytes leftover after parsing attributes in process `syz.1.819'. [ 114.957713][ T6049] loop1: detected capacity change from 0 to 8 [ 115.111386][ T6049] SQUASHFS error: zlib decompression failed, data probably corrupt [ 115.113579][ T6049] SQUASHFS error: Failed to read block 0x4de: -5 [ 115.115101][ T6049] SQUASHFS error: Failed to read block 0x4e2: -5 [ 115.116782][ T6049] SQUASHFS error: Failed to read block 0x9ca: -5 [ 115.116907][ T6055] loop0: detected capacity change from 0 to 512 [ 115.138642][ T6049] SQUASHFS error: Failed to read block 0x2cf2: -5 [ 115.140366][ T6049] SQUASHFS error: Failed to read block 0x52cf2: -5 [ 115.159006][ T6049] SQUASHFS error: Failed to read block 0x535f2: -5 [ 115.231543][ T6055] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,acl,max_dir_size_kb=0x0000000000000001,. Quota mode: writeback. [ 115.317231][ T6055] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [ 116.828410][ T6091] loop1: detected capacity change from 0 to 2048 [ 116.898067][ T6091] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found! [ 117.236384][ T4075] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 118.210631][ T4075] usb 1-1: Using ep0 maxpacket: 32 [ 118.356309][ T4075] usb 1-1: config 0 has an invalid interface number: 85 but max is 0 [ 118.358389][ T4075] usb 1-1: config 0 has no interface number 0 [ 118.360055][ T4075] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 118.370504][ T4075] usb 1-1: config 0 interface 85 has no altsetting 0 [ 118.456990][ T6129] udc-core: couldn't find an available UDC or it's busy [ 118.458882][ T6129] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 118.531662][ T4075] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 118.534166][ T4075] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.536177][ T4075] usb 1-1: Product: syz [ 118.537387][ T4075] usb 1-1: Manufacturer: syz [ 118.538642][ T4075] usb 1-1: SerialNumber: syz [ 118.548837][ T4075] usb 1-1: config 0 descriptor?? [ 119.520640][ T26] audit: type=1326 audit(119.470:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6118 comm="syz.2.849" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff96327728 code=0x7fc00000 [ 119.526602][ T26] audit: type=1326 audit(119.470:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6118 comm="syz.2.849" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffff96327728 code=0x7fc00000 [ 119.540617][ T26] audit: type=1326 audit(119.470:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6118 comm="syz.2.849" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff96327728 code=0x7fc00000 [ 119.546092][ T26] audit: type=1326 audit(119.470:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6118 comm="syz.2.849" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff96327728 code=0x7fc00000 [ 119.576270][ T26] audit: type=1326 audit(119.470:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6118 comm="syz.2.849" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff96327728 code=0x7fc00000 [ 119.596343][ T26] audit: type=1326 audit(119.470:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6118 comm="syz.2.849" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff96327728 code=0x7fc00000 [ 119.602156][ T26] audit: type=1326 audit(119.470:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6118 comm="syz.2.849" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff96327728 code=0x7fc00000 [ 119.607504][ T26] audit: type=1326 audit(119.470:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6118 comm="syz.2.849" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff96327728 code=0x7fc00000 [ 119.646760][ T26] audit: type=1326 audit(119.470:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6118 comm="syz.2.849" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff96327728 code=0x7fc00000 [ 119.665800][ T26] audit: type=1326 audit(119.470:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6118 comm="syz.2.849" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff96327728 code=0x7fc00000 [ 120.003214][ T4075] appletouch 1-1:0.85: Geyser mode initialized. [ 120.991900][ T4075] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.85/input/input4 [ 121.063764][ T4075] usb 1-1: USB disconnect, device number 14 [ 121.096252][ T6154] loop1: detected capacity change from 0 to 1024 [ 121.203077][ T4075] appletouch 1-1:0.85: input: appletouch disconnected [ 121.263161][ T6154] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 121.423476][ T6183] loop0: detected capacity change from 0 to 256 [ 121.661274][ T6183] exfat: Deprecated parameter 'namecase' [ 121.662652][ T6183] exfat: Deprecated parameter 'namecase' [ 122.847201][ T6183] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xfcc0b04e, utbl_chksum : 0xe619d30d) [ 123.557359][ T6223] fuse: Bad value for 'fd' [ 125.209616][ T6251] loop0: detected capacity change from 0 to 1024 [ 125.405221][ T6251] attempt to access beyond end of device [ 125.405221][ T6251] loop0: rw=0, want=5780, limit=1024 [ 125.408825][ T6251] Buffer I/O error on dev loop0, logical block 2889, async page read [ 125.448196][ T6268] loop1: detected capacity change from 0 to 256 [ 125.497581][ T26] kauditd_printk_skb: 55 callbacks suppressed [ 125.497592][ T26] audit: type=1326 audit(125.470:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6267 comm="syz.3.909" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb16a4728 code=0x0 [ 125.588153][ T6251] attempt to access beyond end of device [ 125.588153][ T6251] loop0: rw=0, want=1026, limit=1024 [ 125.598191][ T6251] Buffer I/O error on dev loop0, logical block 512, async page read [ 125.600138][ T6251] attempt to access beyond end of device [ 125.600138][ T6251] loop0: rw=0, want=1028, limit=1024 [ 125.614249][ T6251] Buffer I/O error on dev loop0, logical block 513, async page read [ 125.621354][ T6251] attempt to access beyond end of device [ 125.621354][ T6251] loop0: rw=0, want=1030, limit=1024 [ 125.624222][ T6251] Buffer I/O error on dev loop0, logical block 514, async page read [ 125.626409][ T6251] attempt to access beyond end of device [ 125.626409][ T6251] loop0: rw=0, want=1032, limit=1024 [ 125.629193][ T6251] Buffer I/O error on dev loop0, logical block 515, async page read [ 125.638127][ T6251] attempt to access beyond end of device [ 125.638127][ T6251] loop0: rw=0, want=1034, limit=1024 [ 125.641461][ T6251] Buffer I/O error on dev loop0, logical block 516, async page read [ 125.643702][ T6251] attempt to access beyond end of device [ 125.643702][ T6251] loop0: rw=0, want=1036, limit=1024 [ 125.646507][ T6251] Buffer I/O error on dev loop0, logical block 517, async page read [ 125.648998][ T6251] attempt to access beyond end of device [ 125.648998][ T6251] loop0: rw=0, want=1038, limit=1024 [ 125.661675][ T6251] Buffer I/O error on dev loop0, logical block 518, async page read [ 125.904570][ T6251] attempt to access beyond end of device [ 125.904570][ T6251] loop0: rw=0, want=1040, limit=1024 [ 125.989937][ T6251] Buffer I/O error on dev loop0, logical block 519, async page read [ 126.213717][ T6251] attempt to access beyond end of device [ 126.213717][ T6251] loop0: rw=0, want=1042, limit=1024 [ 126.483657][ T6251] Buffer I/O error on dev loop0, logical block 520, async page read [ 126.487493][ T6268] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x99a53fd9, utbl_chksum : 0xe619d30d) [ 127.869572][ T6300] loop0: detected capacity change from 0 to 128 [ 128.884518][ T6300] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 128.938161][ T6300] process 'syz.0.920' launched './file1' with NULL argv: empty string added [ 129.838730][ T6327] udc-core: couldn't find an available UDC or it's busy [ 129.841033][ T6327] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 130.128864][ T6333] netlink: 8 bytes leftover after parsing attributes in process `syz.4.931'. [ 130.159389][ T6338] loop0: detected capacity change from 0 to 2048 [ 130.564713][ T6338] EXT4-fs (loop0): Ignoring removed bh option [ 130.576964][ T6338] EXT4-fs (loop0): DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 130.579194][ T6338] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 130.605505][ T6338] EXT4-fs (loop0): Ignoring removed orlov option [ 130.617955][ T6338] EXT4-fs (loop0): can't mount with both data=journal and dax [ 130.996288][ T6338] loop0: detected capacity change from 0 to 256 [ 131.052651][ T2056] ieee802154 phy0 wpan0: encryption failed: -22 [ 131.054382][ T2056] ieee802154 phy1 wpan1: encryption failed: -22 [ 131.698342][ T6338] exfat: Deprecated parameter 'namecase' [ 131.753651][ T6338] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe3f33698, utbl_chksum : 0xe619d30d) [ 132.767992][ T6366] 9pnet: Insufficient options for proto=fd [ 132.918615][ T6371] fuse: Bad value for 'fd' [ 133.178701][ T6381] loop1: detected capacity change from 0 to 1024 [ 133.214400][ T6381] EXT4-fs (loop1): Test dummy encryption mode enabled [ 133.317420][ T6381] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,barrier=0x00000000000003ff,stripe=0x0000000000000009,noblock_validity,data=ordered,debug_want_extra_isize=0x0000000000000084,max_batch_time=0x0000000000000000,test_dummy_encryption,,errors=continue. Quota mode: writeback. [ 133.324954][ T26] audit: type=1326 audit(133.290:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6387 comm="syz.4.952" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a624728 code=0x7ffc0000 [ 133.330265][ T26] audit: type=1326 audit(133.300:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6387 comm="syz.4.952" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=172 compat=0 ip=0xffff9a624728 code=0x7ffc0000 [ 133.366506][ T26] audit: type=1326 audit(133.300:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6387 comm="syz.4.952" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a624728 code=0x7ffc0000 [ 133.375767][ T26] audit: type=1326 audit(133.300:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6387 comm="syz.4.952" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9a624728 code=0x7ffc0000 [ 133.388354][ T6394] loop0: detected capacity change from 0 to 1024 [ 133.399611][ T26] audit: type=1326 audit(133.300:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6387 comm="syz.4.952" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a624728 code=0x7ffc0000 [ 133.426129][ T26] audit: type=1326 audit(133.300:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6387 comm="syz.4.952" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=67 compat=0 ip=0xffff9a624728 code=0x7ffc0000 [ 133.460201][ T26] audit: type=1326 audit(133.300:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6387 comm="syz.4.952" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a624728 code=0x7ffc0000 [ 133.483271][ T26] audit: type=1326 audit(133.300:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6387 comm="syz.4.952" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=268 compat=0 ip=0xffff9a624728 code=0x7ffc0000 [ 133.488817][ T26] audit: type=1326 audit(133.300:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6387 comm="syz.4.952" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a624728 code=0x7ffc0000 [ 133.516550][ T26] audit: type=1326 audit(133.300:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6387 comm="syz.4.952" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=428 compat=0 ip=0xffff9a624728 code=0x7ffc0000 [ 133.522900][ T6398] mmap: syz.3.955 (6398) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 133.602017][ T6381] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback. [ 133.870356][ T6406] syz.0.959 sent an empty control message without MSG_MORE. [ 134.069196][ T6405] loop1: detected capacity change from 0 to 2048 [ 134.482883][ T6419] loop0: detected capacity change from 0 to 16 [ 134.633286][ T6419] erofs: (device loop0): mounted with root inode @ nid 36. [ 135.035737][ T6410] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 135.179458][ T6405] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 136.771269][ T6469] netlink: 4 bytes leftover after parsing attributes in process `syz.4.982'. [ 136.847019][ T6469] bridge0: port 3(syz_tun) entered disabled state [ 136.881016][ T6469] device syz_tun left promiscuous mode [ 136.883588][ T6469] bridge0: port 3(syz_tun) entered disabled state [ 138.077087][ T6493] loop0: detected capacity change from 0 to 2048 [ 138.895475][ T6493] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 139.006247][ T6506] loop1: detected capacity change from 0 to 512 [ 139.195537][ T6506] EXT4-fs (loop1): 1 orphan inode deleted [ 139.196964][ T6506] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 139.482114][ T6530] loop1: detected capacity change from 0 to 2048 [ 139.718231][ T6530] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 140.718194][ T6530] EXT4-fs (loop1): mounted filesystem without journal. Opts: lazytime,usrjquota=,errors=remount-ro,norecovery,auto_da_alloc,mblk_io_submit,grpquota,barrier=0x0000000000000000,grpjquota=,bsddf,bsddf,usrjquota=,. Quota mode: writeback. [ 141.013088][ T6574] loop0: detected capacity change from 0 to 128 [ 141.030814][ T6574] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 141.063275][ T6574] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 144.647904][ T4075] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 144.882993][ T4071] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 144.895312][ T4071] Bluetooth: hci0: Injecting HCI hardware error event [ 144.923265][ T4025] Bluetooth: hci0: hardware error 0x00 [ 145.461603][ T4075] usb 1-1: Using ep0 maxpacket: 32 [ 145.466765][ T6641] loop1: detected capacity change from 0 to 1024 [ 145.527224][ T4034] Bluetooth: hci2: link tx timeout [ 145.528962][ T4034] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 146.526993][ T4075] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 146.529633][ T4075] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 146.533873][ T4075] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 146.536175][ T4075] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.541376][ T4075] usb 1-1: config 0 descriptor?? [ 147.554737][ T21] Bluetooth: hci2: command 0x0406 tx timeout [ 147.682126][ T4075] savu 0003:1E7D:2D5A.0002: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 148.014249][ T4104] usb 1-1: USB disconnect, device number 15 [ 149.532733][ T6708] loop0: detected capacity change from 0 to 1764 [ 149.753570][ T6715] trusted_key: encrypted_key: key user:syz not found [ 150.909164][ T6728] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 150.926811][ T6728] device batadv_slave_1 entered promiscuous mode [ 152.239983][ T6757] loop1: detected capacity change from 0 to 512 [ 153.216844][ T6757] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpjquota=,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 153.519599][ T136] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.592991][ T136] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.660175][ T136] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.713989][ T136] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.386591][ T6781] chnl_net:caif_netlink_parms(): no params data found [ 155.649113][ T6781] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.208845][ T4070] Bluetooth: hci1: command 0x0409 tx timeout [ 156.435229][ T6781] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.510177][ T6781] device bridge_slave_0 entered promiscuous mode [ 156.531877][ T6781] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.534210][ T6781] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.561202][ T6781] device bridge_slave_1 entered promiscuous mode [ 156.659286][ T4025] Bluetooth: hci2: Unknown advertising packet type: 0x100 [ 156.659422][ T4025] ================================================================== [ 156.663241][ T4025] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0xcd0/0x3010 [ 156.665238][ T4025] Read of size 1 at addr ffff0000dc129c05 by task kworker/u5:1/4025 [ 156.667222][ T4025] [ 156.667813][ T4025] CPU: 1 PID: 4025 Comm: kworker/u5:1 Not tainted 5.15.180-syzkaller #0 [ 156.669881][ T4025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 156.672293][ T4025] Workqueue: hci2 hci_rx_work [ 156.673406][ T4025] Call trace: [ 156.674243][ T4025] dump_backtrace+0x0/0x43c [ 156.675331][ T4025] show_stack+0x2c/0x3c [ 156.676346][ T4025] __dump_stack+0x30/0x40 [ 156.677401][ T4025] dump_stack_lvl+0xf8/0x160 [ 156.678540][ T4025] print_address_description+0x78/0x30c [ 156.679841][ T4025] kasan_report+0xec/0x15c [ 156.681008][ T4025] __asan_report_load1_noabort+0x44/0x50 [ 156.682349][ T4025] hci_le_meta_evt+0xcd0/0x3010 [ 156.683552][ T4025] hci_event_packet+0xd10/0x11bc [ 156.684789][ T4025] hci_rx_work+0x1cc/0x880 [ 156.685880][ T4025] process_one_work+0x79c/0x1140 [ 156.687127][ T4025] worker_thread+0x8f4/0x101c [ 156.688329][ T4025] kthread+0x374/0x454 [ 156.689360][ T4025] ret_from_fork+0x10/0x20 [ 156.690503][ T4025] [ 156.691066][ T4025] Allocated by task 6862: [ 156.692206][ T4025] __kasan_kmalloc+0xb0/0xf0 [ 156.693369][ T4025] __kmalloc_node_track_caller+0x234/0x3bc [ 156.694868][ T4025] kmalloc_reserve+0xe4/0x26c [ 156.696086][ T4025] __alloc_skb+0x23c/0x67c [ 156.697238][ T4025] vhci_write+0xb8/0x3ac [ 156.698291][ T4025] vfs_write+0x7c8/0xa2c [ 156.699339][ T4025] ksys_write+0x120/0x210 [ 156.700433][ T4025] __arm64_sys_write+0x7c/0x90 [ 156.701633][ T4025] invoke_syscall+0x98/0x2b8 [ 156.702767][ T4025] el0_svc_common+0x138/0x258 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 156.704020][ T4025] do_el0_svc+0x58/0x14c [ 156.705070][ T4025] el0_svc+0x78/0x1e0 [ 156.706125][ T4025] el0t_64_sync_handler+0xcc/0xe4 [ 156.707377][ T4025] el0t_64_sync+0x1a0/0x1a4 [ 156.708562][ T4025] [ 156.709143][ T4025] The buggy address belongs to the object at ffff0000dc129800 [ 156.709143][ T4025] which belongs to the cache kmalloc-1k of size 1024 [ 156.712613][ T4025] The buggy address is located 5 bytes to the right of [ 156.712613][ T4025] 1024-byte region [ffff0000dc129800, ffff0000dc129c00) [ 156.716039][ T4025] The buggy address belongs to the page: [ 156.717516][ T4025] page:000000001d076c42 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c128 [ 156.720055][ T4025] head:000000001d076c42 order:3 compound_mapcount:0 compound_pincount:0 [ 156.722165][ T4025] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 156.724298][ T4025] raw: 05ffc00000010200 0000000000000000 0000000100000001 ffff0000c0002780 [ 156.726414][ T4025] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 156.728518][ T4025] page dumped because: kasan: bad access detected [ 156.730190][ T4025] [ 156.730741][ T4025] Memory state around the buggy address: [ 156.732156][ T4025] ffff0000dc129b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 156.734217][ T4025] ffff0000dc129b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 156.736172][ T4025] >ffff0000dc129c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 156.738207][ T4025] ^ [ 156.739225][ T4025] ffff0000dc129c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 156.741360][ T4025] ffff0000dc129d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 156.743343][ T4025] ================================================================== [ 156.745474][ T4025] Disabling lock debugging due to kernel taint [ 156.748954][ T4025] Bluetooth: hci2: Unknown advertising packet type: 0x13c0 [ 156.748973][ T4025] Bluetooth: hci2: Unknown advertising packet type: 0x80 [ 156.750720][ T4025] Bluetooth: hci2: Unknown advertising packet type: 0x4475 [ 157.433361][ T136] device hsr_slave_0 left promiscuous mode [ 157.478350][ T136] device hsr_slave_1 left promiscuous mode [ 157.538017][ T136] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 157.539862][ T136] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 157.542372][ T136] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 157.544282][ T136] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 157.547762][ T136] device bridge_slave_1 left promiscuous mode [ 157.549426][ T136] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.578046][ T136] device bridge_slave_0 left promiscuous mode [ 157.579678][ T136] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.610625][ T136] device bridge0 left promiscuous mode [ 157.705399][ T136] device veth1_macvtap left promiscuous mode [ 157.706827][ T136] device veth0_macvtap left promiscuous mode [ 157.708322][ T136] device veth1_vlan left promiscuous mode [ 157.709873][ T136] device veth0_vlan left promiscuous mode [ 157.808283][ T136] team0 (unregistering): Port device geneve0 removed [ 157.871342][ T136] team0 (unregistering): Port device team_slave_1 removed [ 157.879282][ T136] team0 (unregistering): Port device team_slave_0 removed [ 157.885433][ T136] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 157.920250][ T136] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 158.078204][ T136] bond0 (unregistering): Released all slaves [ 162.299283][ T136] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.344752][ T136] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.393079][ T136] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.422343][ T136] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.570496][ T136] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.594573][ T136] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.653479][ T136] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.694911][ T136] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.872304][ T136] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.909885][ T136] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.930420][ T136] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.982347][ T136] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.596633][ T136] tipc: Left network mode [ 163.721395][ T136] tipc: Disabling bearer [ 163.723066][ T136] tipc: Left network mode