last executing test programs: 2m40.470059384s ago: executing program 2 (id=60): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f00000001c0)={r0, r0, 0x7, 0x0, 0x0, 0x7, 0x7, 0x2, 0x4, 0x6, 0x1, 0x6, 'syz0\x00'}) 2m5.419245074s ago: executing program 2 (id=60): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f00000001c0)={r0, r0, 0x7, 0x0, 0x0, 0x7, 0x7, 0x2, 0x4, 0x6, 0x1, 0x6, 'syz0\x00'}) 1m27.681879115s ago: executing program 2 (id=60): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f00000001c0)={r0, r0, 0x7, 0x0, 0x0, 0x7, 0x7, 0x2, 0x4, 0x6, 0x1, 0x6, 'syz0\x00'}) 1m5.182858278s ago: executing program 3 (id=788): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080), 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x1}, 0x4) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0x40305839, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\b']) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000), 0x8) 1m5.070376932s ago: executing program 3 (id=792): r0 = socket(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(r0, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xfffa, 0x2}, {}, {0x10, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x28, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x73}, @TCA_FLOWER_KEY_IPV6_DST={0x14, 0x10, @ipv4={'\x00', '\xff\xff', @remote}}]}}]}, 0x58}}, 0x4) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1m4.254915289s ago: executing program 3 (id=795): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x2, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) fsmount(r2, 0x0, 0x0) 1m4.091190134s ago: executing program 3 (id=797): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) mount$bind(&(0x7f0000000180)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x1101088, 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='./file0/../file0/file0\x00') 1m4.090902899s ago: executing program 3 (id=798): r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}) msgsnd(r0, &(0x7f0000000040)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(0x0, 0x0) 1m3.702873977s ago: executing program 3 (id=804): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = socket$xdp(0x2c, 0x3, 0x0) mmap$xdp(&(0x7f000083d000/0x3000)=nil, 0x3000, 0xcf72427647ba2179, 0x4000010, r1, 0x80000000) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) keyctl$set_reqkey_keyring(0xe, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000000300), 0x2, 0x40000) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, 0x0) ioctl$sock_bt_hci(r4, 0x800448d3, 0x0) inotify_init1(0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @empty, 0x4}], 0x1c) sendto$inet6(r5, &(0x7f0000000040)='l', 0x1, 0x7ddfdbdfafa51cdd, &(0x7f0000000100)={0xa, 0x4e23, 0x2, @loopback, 0xffffffff}, 0x1c) shutdown(r5, 0x1) 1m3.564501382s ago: executing program 32 (id=804): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = socket$xdp(0x2c, 0x3, 0x0) mmap$xdp(&(0x7f000083d000/0x3000)=nil, 0x3000, 0xcf72427647ba2179, 0x4000010, r1, 0x80000000) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) keyctl$set_reqkey_keyring(0xe, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000000300), 0x2, 0x40000) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, 0x0) ioctl$sock_bt_hci(r4, 0x800448d3, 0x0) inotify_init1(0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @empty, 0x4}], 0x1c) sendto$inet6(r5, &(0x7f0000000040)='l', 0x1, 0x7ddfdbdfafa51cdd, &(0x7f0000000100)={0xa, 0x4e23, 0x2, @loopback, 0xffffffff}, 0x1c) shutdown(r5, 0x1) 1m2.527098633s ago: executing program 1 (id=815): r0 = socket$inet_udp(0x2, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, 0x0, 0x0) 1m2.526585895s ago: executing program 1 (id=817): r0 = socket(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r0, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xfffa, 0x2}, {}, {0x10, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x28, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x73}, @TCA_FLOWER_KEY_IPV6_DST={0x14, 0x10, @ipv4={'\x00', '\xff\xff', @remote}}]}}]}, 0x58}}, 0x4) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 59.639014773s ago: executing program 1 (id=825): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x2810000, &(0x7f0000000380)={[{@user_xattr}, {@noquota}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@jqfmt_vfsv1}, {@block_validity}, {@dioread_nolock}, {@nouid32}, {@min_batch_time={'min_batch_time', 0x3d, 0x8}}, {@delalloc}, {@user_xattr}, {@quota}]}, 0x1, 0x54f, &(0x7f0000000b00)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbZdnamc8HbnvOvTc995t7v6fn5iQkgKE1kf0oRLwcEd8kEQfbto1GvnFibb/V+1dnsyWJRuPTv5JI8nWt/ZP89/688lJE/PZVxPHCxnZryysLpXI5Xczrk/XKpcna8sqJC5XSfDqfXpyemTn19sz0e+++M7BY3zj7z/ef3P7w1NdHV7/75e6hm0mcjgP5tvY4nsC19spETOTPyVicfmTHqQE0tpMk230A9GUkz/OxyPqAgzGSZz3w//dlRDSAIZXIfxhSrXFA695+QPfBz417H6zdAG2Mf3TttZHY07w32reaPHRnlN3vjg+g/ayNX/+8dTNbYnCvQwBs6dr1iDg5Orqx/0vy/q9/J3vY59E29H/w7NzOxj9vdhr/FNbHP9Fh/LO/Q+72Y+v8L9wdQDNdZeO/9zuOf9cnrcZH8toLzTHfWHL+QjnN+rYXI+JYjO3O6pvN55xavdPotq19/JctWfutsWB+HHdHdz/8mLlSvfQkMbe7dz3ilY7j32T9/Ccdzn/2fJztsY0j6a3Xum3bOv6nq/FTxOsdz/+DGa1k8/nJyeb1MNm6Kjb6+8aR37u1v93xZ+d/3+bxjyft87W1x2/jxz3/pt229Xv970o+a5Z35euulOr1xamIXcnHG9dPP3hsq97aP4v/2NHN+79O1//eiPi8x/hvHP751f7jf7qy+Oce6/w/fuHOR1/80K393s7/W83SsXxNL/1frwf4JM8dAAAAAAAA7DSFiDgQSaG4Xi4UisW193ccjn2FcrVWP36+unRxLpqflR2PsUJrpvtg2/shpvL3w7bq04/UZyLiUER8O7K3WS/OVstz2x08AAAAAAAAAAAAAAAAAAAA7BD7u3z+P/PHyHYfHfDU+cpvGF5b5v8gvukJ2JH8/4fhJf9heMl/GF7yH4aX/IfhJf9heMl/GF7yHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAbq7Jkz2dJYvX91NqvPXV5eWqhePjGX1haKlaXZ4mx18VJxvlqdL6fF2Wplq79XrlYvTU3H0pXJelqrT9aWV85VqksX6+cuVErz6bl07JlEBQAAAAAAAAAAAAAAAAAAAM+X2vLKQqlcThcVFPoqjO6Mw1AYcGG7eyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeOC/AAAA///ktDiZ") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_open_pts(0xffffffffffffffff, 0x500) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000003000200850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10) r6 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r6, 0x0, 0x23, 0x0, 0x0) r7 = socket(0x28, 0x5, 0x0) r8 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r8, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r8, 0x0) connect$vsock_stream(r7, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) write(r7, &(0x7f00000000c0)='I', 0x1) 58.034925097s ago: executing program 1 (id=835): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f00000000c0)={[{@discard}, {@bsdgroups}, {@resuid}, {@noblock_validity}, {@minixdf}, {@errors_remount}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x6}}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000000600)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000340)='./file0/../file0\x00', 0x0, 0x101091, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) 57.811193225s ago: executing program 1 (id=837): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) writev(r1, &(0x7f00000002c0), 0x0) shutdown(r1, 0x1) 52.171248539s ago: executing program 1 (id=846): shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) r0 = shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000) shmctl$IPC_RMID(0x0, 0x0) shmdt(r0) 51.465803819s ago: executing program 33 (id=846): shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) r0 = shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000) shmctl$IPC_RMID(0x0, 0x0) shmdt(r0) 51.279602462s ago: executing program 2 (id=60): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f00000001c0)={r0, r0, 0x7, 0x0, 0x0, 0x7, 0x7, 0x2, 0x4, 0x6, 0x1, 0x6, 'syz0\x00'}) 21.211095211s ago: executing program 2 (id=60): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f00000001c0)={r0, r0, 0x7, 0x0, 0x0, 0x7, 0x7, 0x2, 0x4, 0x6, 0x1, 0x6, 'syz0\x00'}) 4.874028221s ago: executing program 6 (id=1029): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x8) openat$autofs(0xffffff9c, &(0x7f0000000000), 0x200142, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x8) 4.7551804s ago: executing program 6 (id=1031): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a0000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000400000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x6, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = socket(0x200000100000011, 0x803, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'ip_vti0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000100)='m', 0x102, 0x0, &(0x7f0000000200)={0x3a, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) 4.652582746s ago: executing program 6 (id=1034): r0 = socket(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xfffa, 0x2}, {}, {0x10, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x28, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x73}, @TCA_FLOWER_KEY_IPV6_DST={0x14, 0x10, @ipv4={'\x00', '\xff\xff', @remote}}]}}]}, 0x58}}, 0x4) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 4.575654713s ago: executing program 6 (id=1036): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000580)={0x10, 0x0, &(0x7f0000000700)=[@request_death={0x40406300, 0x0, 0xffffff7f00000000}], 0x0, 0x1000000000000, 0x0}) 4.44910516s ago: executing program 6 (id=1038): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$vhost_msg_v2(r0, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000001f80)=""/152, 0x98, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000180)={0x2, 0x0, {0x0, 0xf, 0x0, 0x3, 0x3}}, 0x48) 3.729502805s ago: executing program 6 (id=1041): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r1, &(0x7f0000000000)={0x0, 0x9, &(0x7f0000000100)=[{&(0x7f0000000040)="1800000072006bcd9e3fe3dc6e0800000709000000000000", 0x18}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x120) r2 = dup(r0) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x23c, &(0x7f0000000380)={0x0, 0x1ffefe, 0x10100, 0x7ffff, 0x0, 0x0, r2}, &(0x7f0000000200)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {}, 0x1}) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x40044590, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r5, 0x400448ca, 0x0) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000080)) read$dsp(0xffffffffffffffff, &(0x7f0000000340)=""/71, 0x47) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r5, 0x400448c9, 0x0) bind$bt_hci(r6, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d24", @ANYBLOB="f7", @ANYRESOCT], 0x0) r7 = syz_io_uring_setup(0xd2, &(0x7f00000003c0), 0x0, &(0x7f0000000080)) io_uring_enter(r7, 0x47ba, 0x95ff, 0x3900000000000000, 0x0, 0x0) r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_print_times', 0x0, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace(0x8, r9) fcntl$dupfd(r7, 0x0, 0xffffffffffffffff) read$FUSE(r8, &(0x7f0000000500)={0x2020}, 0x2020) write(r6, &(0x7f0000000340)="07000000010000", 0x7) 3.088723386s ago: executing program 0 (id=1053): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$vhost_msg_v2(r0, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000001f80)=""/152, 0x98, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000180)={0x2, 0x0, {0x0, 0xf, 0x0, 0x3, 0x3}}, 0x48) 2.319212434s ago: executing program 0 (id=1055): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b9", 0xf}], 0x1}, 0x0) r0 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="1f"], 0xfe33) 2.283658987s ago: executing program 0 (id=1056): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) io_setup(0x6, 0x0) syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') io_submit(0x0, 0x0, 0x0) r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 2.276082029s ago: executing program 4 (id=1058): r0 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x20) syz_emit_ethernet(0x8e, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES8], 0x0) recvfrom(r0, 0x0, 0x54, 0x0, 0x0, 0x0) 2.159445389s ago: executing program 4 (id=1059): r0 = socket(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xfffa, 0x2}, {}, {0x10, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x28, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x73}, @TCA_FLOWER_KEY_IPV6_DST={0x14, 0x10, @ipv4={'\x00', '\xff\xff', @remote}}]}}]}, 0x58}}, 0x4) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.158481036s ago: executing program 0 (id=1060): syz_emit_vhci(&(0x7f0000000900)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0xc}, @hci_rp_le_read_local_features={{0x9}, {0x0, "87409211e6ae9224"}}}}, 0xf) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, 0x0) 2.08322838s ago: executing program 0 (id=1061): r0 = socket$netlink(0x10, 0x3, 0x0) recvmmsg(r0, &(0x7f0000004340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 2.081853985s ago: executing program 5 (id=1062): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) syz_io_uring_setup(0x24b9, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f00000002c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000580)={0x10, 0x0, &(0x7f0000000700)=[@request_death={0x40406300, 0x0, 0xffffff7f00000000}], 0x0, 0x1000000000000, 0x0}) 2.011259915s ago: executing program 4 (id=1063): r0 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33) recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)}, 0x40012022) 1.99394137s ago: executing program 4 (id=1064): socket$inet_udplite(0x2, 0x2, 0x88) syz_emit_vhci(&(0x7f0000000680)=ANY=[@ANYBLOB="f10f7e9b04970aa92c3f15307f6af9cc6f4cf03d8e7f35e366882c5a2c6883778f3472e2da692b6d95942274148e639fc198bd6e48167488a0ead51905b374f5f665a4a9"], 0x8) r0 = syz_io_uring_setup(0x10d, &(0x7f00000004c0)={0x0, 0x2b7a, 0x400, 0x2, 0x4}, &(0x7f0000000240)=0x0, &(0x7f0000000800)=0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_open_procfs$namespace(0x0, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/ipc\x00') sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) syz_io_uring_setup(0x40566f, 0x0, &(0x7f00000000c0), &(0x7f0000000280)) add_key(0x0, 0x0, 0x0, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r6 = socket$igmp(0x2, 0x3, 0x2) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x8, 0x0, r6, 0x0, 0x0, 0x0, 0x44040}) unshare(0x22020600) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) 1.984644313s ago: executing program 5 (id=1065): ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000001f80)=""/152, 0x98, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x0, {0x0, 0xf, 0x0, 0x3, 0x3}}, 0x48) 1.843193089s ago: executing program 5 (id=1066): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b9", 0xf}], 0x1}, 0x0) r0 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="1f"], 0xfe33) 1.7699345s ago: executing program 5 (id=1067): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x8}, {&(0x7f0000000300)='l3', 0x7fffef80}], 0x3}], 0x1, 0x0) 1.097025117s ago: executing program 0 (id=1068): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e22}, 0x1c) fsopen(&(0x7f0000000040)='bdev\x00', 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_emit_ethernet(0x7f, &(0x7f0000000300)=ANY=[@ANYBLOB="ffffffffffff00230000000086dd60f2a40000492f00fe880000000000000000000000000001fe8000000000000000000000000000aa342088be0005000054812cbd3b00000800000086dd430588be00000000100000000100000000000000080022eb000000002000000002000000000000000000000008006558000000"], 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$kcm(0x2, 0x200000000000001, 0x106) openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) sendmsg$inet(r4, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001) sendto$inet6(r0, 0x0, 0x0, 0x200008d4, &(0x7f000072e000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000280)=ANY=[], 0x8) 1.035088168s ago: executing program 5 (id=1069): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) faccessat(0xffffffffffffffff, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x2, 0x4, 0x7, 0xc, 0x0, 0xffffffffffffffff, 0xf, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000340)=ANY=[@ANYRES32=r3, @ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], 0x0, 0x0, 0x0, 0x1}) r5 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c643c, &(0x7f0000000300)={0x0, 0x0, r5}) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101090, 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) pivot_root(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0\x00') syz_open_dev$tty20(0xc, 0x4, 0x1) 845.764297ms ago: executing program 4 (id=1070): getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x803}, 0xe) r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0xb, 0x81, 0x46d, 0xfff9, 0x3, 0x0, 0x8, 'syz0\x00'}) shutdown(r0, 0x1) 127.74855ms ago: executing program 5 (id=1071): timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, 0x0) 31.247684ms ago: executing program 4 (id=1072): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000300)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f00000003c0)=[@increfs], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x10, 0x0, &(0x7f0000000700)=[@request_death={0x400c6313, 0x0, 0xffffff7f00000000}], 0x0, 0x1000000000000, 0x0}) 0s ago: executing program 2 (id=60): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f00000001c0)={r0, r0, 0x7, 0x0, 0x0, 0x7, 0x7, 0x2, 0x4, 0x6, 0x1, 0x6, 'syz0\x00'}) kernel console output (not intermixed with test programs): 0 port 6081 - 0 [ 52.001473][ T6685] netlink: 'syz.3.69': attribute type 2 has an invalid length. [ 52.003136][ T6685] netlink: 4 bytes leftover after parsing attributes in process `syz.3.69'. [ 52.004920][ T6685] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 52.073401][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.094830][ T6690] netlink: 4 bytes leftover after parsing attributes in process `syz.4.71'. [ 52.095229][ T6688] tipc: Enabling of bearer rejected, failed to enable media [ 52.202909][ T6698] netlink: 16 bytes leftover after parsing attributes in process `syz.1.75'. [ 52.209337][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.311860][ T6707] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 52.439076][ T6717] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 52.495892][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.524354][ T6717] netlink: 'syz.4.78': attribute type 4 has an invalid length. [ 52.525937][ T6717] netlink: 152 bytes leftover after parsing attributes in process `syz.4.78'. [ 52.550548][ T6719] netlink: 8 bytes leftover after parsing attributes in process `syz.0.81'. [ 52.622488][ T6671] chnl_net:caif_netlink_parms(): no params data found [ 52.649829][ T6716] loop1: detected capacity change from 0 to 32768 [ 52.712759][ T6716] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 52.740269][ T6723] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 52.783599][ T6716] XFS (loop1): Ending clean mount [ 53.333523][ T6740] loop4: detected capacity change from 0 to 512 [ 53.338795][ T6740] EXT4-fs: Ignoring removed i_version option [ 53.340211][ T6740] EXT4-fs: Ignoring removed nobh option [ 53.385677][ T6740] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 53.388691][ T6740] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 53.460706][ T6740] EXT4-fs (loop4): 1 truncate cleaned up [ 53.462274][ T6740] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.540157][ T11] bridge_slave_1: left allmulticast mode [ 53.541554][ T11] bridge_slave_1: left promiscuous mode [ 53.544058][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.556439][ T11] bridge_slave_0: left allmulticast mode [ 53.562609][ T11] bridge_slave_0: left promiscuous mode [ 53.563933][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.642374][ T6422] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 53.647857][ T6429] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.777844][ T6432] Bluetooth: hci2: command tx timeout [ 53.806190][ T6769] netlink: 32 bytes leftover after parsing attributes in process `syz.0.85'. [ 54.095199][ T6775] netlink: 52 bytes leftover after parsing attributes in process `syz.1.91'. [ 54.097133][ T6775] nbd: must specify at least one socket [ 54.372727][ T6778] loop1: detected capacity change from 0 to 32768 [ 54.401647][ T6778] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 54.481622][ T6778] XFS (loop1): Ending clean mount [ 54.515529][ T6479] XFS (loop1): Metadata CRC error detected at xfs_rmapbt_read_verify+0x50/0xf0, xfs_rmapbt block 0x14 [ 54.518231][ T6479] XFS (loop1): Unmount and run xfs_repair [ 54.519505][ T6479] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 54.521352][ T6479] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff RMB3............ [ 54.523078][ T6479] 00000010: 00 a7 50 00 00 00 00 14 00 00 00 01 00 00 00 80 ..P............. [ 54.525001][ T6479] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 54.526886][ T6479] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01 ....[.;......... [ 54.529027][ T6479] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00 ................ [ 54.531093][ T6479] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb ................ [ 54.535409][ T6479] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02 ................ [ 54.537396][ T6479] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00 ................ [ 54.543737][ T6778] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x274/0x434" at daddr 0x14 len 4 error 74 [ 54.549871][ T6778] XFS (loop1): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x590/0xafc (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 54.552935][ T6778] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 54.573898][ T6422] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 55.221974][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 55.262407][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 55.303943][ T11] bond0 (unregistering): Released all slaves [ 55.308908][ T6671] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.310496][ T6671] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.312276][ T6671] bridge_slave_0: entered allmulticast mode [ 55.314518][ T6671] bridge_slave_0: entered promiscuous mode [ 55.321128][ T6671] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.324951][ T6671] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.326482][ T6671] bridge_slave_1: entered allmulticast mode [ 55.328257][ T6671] bridge_slave_1: entered promiscuous mode [ 55.336317][ T6767] netlink: 'syz.4.89': attribute type 10 has an invalid length. [ 55.372792][ T6767] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 55.457594][ T6671] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.461272][ T6671] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.821155][ T6810] netlink: 52 bytes leftover after parsing attributes in process `syz.0.102'. [ 55.823225][ T6810] nbd: must specify at least one socket [ 55.864250][ T6814] loop1: detected capacity change from 0 to 512 [ 55.866099][ T6814] EXT4-fs: Ignoring removed i_version option [ 55.867374][ T6814] EXT4-fs: Ignoring removed nobh option [ 55.952225][ T6814] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 55.958272][ T6432] Bluetooth: hci2: command tx timeout [ 56.469214][ T6814] EXT4-fs (loop1): 1 truncate cleaned up [ 56.470972][ T6814] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.538925][ T6671] team0: Port device team_slave_0 added [ 56.543526][ T6671] team0: Port device team_slave_1 added [ 56.569782][ T6671] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.571370][ T6671] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.622602][ T6671] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.669223][ T6422] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.697617][ T6671] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.699055][ T6671] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.704728][ T6671] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.940920][ T6848] netlink: 'syz.4.111': attribute type 1 has an invalid length. [ 57.170805][ T6671] hsr_slave_0: entered promiscuous mode [ 57.273664][ T6671] hsr_slave_1: entered promiscuous mode [ 57.418416][ T6869] Invalid ELF header magic: != ELF [ 57.461382][ T6671] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 57.463094][ T6671] Cannot create hsr debugfs directory [ 57.881031][ T6852] netlink: 'syz.4.111': attribute type 10 has an invalid length. [ 57.899270][ T6852] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.903724][ T6852] bond0: (slave team0): Enslaving as an active interface with an up link [ 58.003821][ T11] hsr_slave_0: left promiscuous mode [ 58.008289][ T6432] Bluetooth: hci2: command tx timeout [ 58.050826][ T11] hsr_slave_1: left promiscuous mode [ 58.177363][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 58.179174][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 58.186145][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 58.188212][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 58.204558][ T11] veth1_macvtap: left promiscuous mode [ 58.206111][ T11] veth0_macvtap: left promiscuous mode [ 58.210998][ T11] veth1_vlan: left promiscuous mode [ 58.212364][ T11] veth0_vlan: left promiscuous mode [ 59.211642][ T6898] netlink: 'syz.3.127': attribute type 3 has an invalid length. [ 59.990339][ T11] team0 (unregistering): Port device team_slave_1 removed [ 60.088328][ T6432] Bluetooth: hci2: command tx timeout [ 60.189939][ T11] team0 (unregistering): Port device team_slave_0 removed [ 63.117471][ T6928] netlink: 20 bytes leftover after parsing attributes in process `syz.3.139'. [ 63.486060][ T6972] tipc: Started in network mode [ 63.505943][ T6972] tipc: Node identity ff010000000000000000000000000001, cluster identity 4711 [ 63.514638][ T6972] tipc: Enabling of bearer rejected, failed to enable media [ 63.656764][ T6985] netlink: 20 bytes leftover after parsing attributes in process `syz.0.153'. [ 63.780689][ T6531] IPVS: starting estimator thread 0... [ 63.887319][ T6991] IPVS: using max 26 ests per chain, 62400 per kthread [ 63.909545][ T6997] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 63.912966][ T6997] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 64.489006][ T2348] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.492973][ T2348] ieee802154 phy1 wpan1: encryption failed: -22 [ 69.630722][ T1763] cfg80211: failed to load regulatory.db [ 75.271966][ T6671] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 75.292291][ T6671] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 75.308280][ T6671] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 75.459461][ T6671] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 75.568794][ T6671] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.580616][ T6671] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.584688][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.586299][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.598025][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.599737][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.766517][ T7071] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 76.167913][ T6671] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.224675][ T6671] veth0_vlan: entered promiscuous mode [ 76.232771][ T6671] veth1_vlan: entered promiscuous mode [ 76.304679][ T6671] veth0_macvtap: entered promiscuous mode [ 76.315651][ T6671] veth1_macvtap: entered promiscuous mode [ 76.340474][ T6671] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.342660][ T6671] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.364971][ T6671] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.370790][ T6671] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.372946][ T6671] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.375151][ T6671] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.410817][ T6671] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.487367][ T7104] Invalid ELF header magic: != ELF [ 76.553778][ T6671] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.556866][ T6671] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.561219][ T6671] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.563604][ T6671] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.565706][ T6671] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.568377][ T6671] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.570318][ T6671] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.572474][ T6671] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.574479][ T6671] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.580218][ T6671] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.583446][ T6671] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.586767][ T6671] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.588799][ T6671] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.590679][ T6671] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.592384][ T6671] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.692988][ T625] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.696066][ T625] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.700551][ T625] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.702402][ T625] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.736359][ T7121] TCP: request_sock_TCPv6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 76.953571][ T7139] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 76.956538][ T7139] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 77.332947][ T7165] gre1: entered promiscuous mode [ 77.926434][ T7204] netlink: 12 bytes leftover after parsing attributes in process `syz.4.207'. [ 77.940199][ T7204] IPv6: Can't replace route, no match found [ 77.955771][ T7204] netlink: 20 bytes leftover after parsing attributes in process `syz.4.207'. [ 78.036689][ T7209] netlink: 24 bytes leftover after parsing attributes in process `syz.4.207'. [ 78.187382][ T7223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 78.189383][ T7223] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 79.400168][ T45] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.682206][ T6441] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.685868][ T6441] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.688719][ T6441] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.691099][ T6441] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.693404][ T6441] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 79.695300][ T6441] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.924159][ T7273] chnl_net:caif_netlink_parms(): no params data found [ 79.930928][ T7293] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 79.936831][ T7293] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 80.064794][ T7273] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.066345][ T7273] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.068515][ T7273] bridge_slave_0: entered allmulticast mode [ 80.071171][ T7273] bridge_slave_0: entered promiscuous mode [ 80.074039][ T7273] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.075900][ T7273] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.078194][ T7273] bridge_slave_1: entered allmulticast mode [ 80.081108][ T7273] bridge_slave_1: entered promiscuous mode [ 80.125683][ T7273] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.134224][ T7273] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.240948][ T7273] team0: Port device team_slave_0 added [ 80.243942][ T7273] team0: Port device team_slave_1 added [ 80.287988][ T7273] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.289436][ T7273] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.294902][ T7273] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.298291][ T7273] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.300234][ T7273] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.305577][ T7273] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.015397][ T6441] Bluetooth: hci2: command tx timeout [ 82.159668][ T7273] hsr_slave_0: entered promiscuous mode [ 82.207849][ T7273] hsr_slave_1: entered promiscuous mode [ 82.538378][ T7339] netlink: 'syz.0.241': attribute type 178 has an invalid length. [ 83.563150][ T7357] ax25_connect(): syz.0.249 uses autobind, please contact jreuter@yaina.de [ 83.744892][ T7372] netlink: 'syz.4.256': attribute type 178 has an invalid length. [ 83.858981][ T45] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.115972][ T45] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.137397][ T6441] Bluetooth: hci2: command tx timeout [ 84.514198][ T45] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.833798][ T7390] netlink: 'syz.0.263': attribute type 10 has an invalid length. [ 84.842015][ T7390] syz_tun: entered promiscuous mode [ 84.849004][ T7390] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 84.851355][ T45] bridge_slave_1: left allmulticast mode [ 84.852632][ T45] bridge_slave_1: left promiscuous mode [ 84.853806][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.876556][ T45] bridge_slave_0: left allmulticast mode [ 84.884439][ T45] bridge_slave_0: left promiscuous mode [ 84.885749][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.992844][ T7417] netlink: 4 bytes leftover after parsing attributes in process `syz.3.272'. [ 85.969429][ T7434] ip6t_srh: unknown srh invflags 4000 [ 86.168262][ T6441] Bluetooth: hci2: command tx timeout [ 86.261573][ T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 86.311617][ T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 86.359621][ T45] bond0 (unregistering): Released all slaves [ 86.413000][ T7429] netlink: 8 bytes leftover after parsing attributes in process `syz.4.273'. [ 86.415027][ T7429] netlink: 48 bytes leftover after parsing attributes in process `syz.4.273'. [ 87.849301][ T45] hsr_slave_0: left promiscuous mode [ 87.889691][ T45] hsr_slave_1: left promiscuous mode [ 87.957759][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 87.959441][ T45] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 87.963062][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 87.964810][ T45] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 87.981532][ T45] veth1_macvtap: left promiscuous mode [ 87.983995][ T45] veth0_macvtap: left promiscuous mode [ 87.986686][ T45] veth1_vlan: left promiscuous mode [ 87.990923][ T45] veth0_vlan: left promiscuous mode [ 88.247820][ T6441] Bluetooth: hci2: command tx timeout [ 89.140709][ T7555] ax25_connect(): syz.1.314 uses autobind, please contact jreuter@yaina.de [ 89.741164][ T45] team0 (unregistering): Port device team_slave_1 removed [ 89.910148][ T45] team0 (unregistering): Port device team_slave_0 removed [ 92.075388][ T7273] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.083399][ T7273] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.096359][ T7273] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.122878][ T7273] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.173866][ T7577] ax25_connect(): syz.1.325 uses autobind, please contact jreuter@yaina.de [ 92.254107][ T7273] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.297035][ T7273] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.308274][ T1987] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.309936][ T1987] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.336900][ T7273] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 92.361851][ T7273] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 92.365782][ T625] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.367297][ T625] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.388053][ T7589] gre1: entered promiscuous mode [ 92.518174][ T7602] netlink: 28 bytes leftover after parsing attributes in process `syz.3.336'. [ 92.520023][ T7602] netlink: 8 bytes leftover after parsing attributes in process `syz.3.336'. [ 92.693521][ T7273] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.729044][ T7621] ax25_connect(): syz.0.342 uses autobind, please contact jreuter@yaina.de [ 92.792798][ T7273] veth0_vlan: entered promiscuous mode [ 92.834705][ T7273] veth1_vlan: entered promiscuous mode [ 92.883196][ T7273] veth0_macvtap: entered promiscuous mode [ 92.893109][ T7273] veth1_macvtap: entered promiscuous mode [ 92.913636][ T7273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.915966][ T7273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.921273][ T7273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.923694][ T7273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.925731][ T7273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.931972][ T7273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.935538][ T7273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.939855][ T7273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.943326][ T7273] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.963075][ T7273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.968716][ T7273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.972588][ T7273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.976626][ T7273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.979412][ T7273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.981808][ T7273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.983972][ T7273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.986334][ T7273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.990904][ T7273] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.996182][ T7273] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.999164][ T7273] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.001101][ T7273] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.002991][ T7273] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.075571][ T719] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.078815][ T719] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.101233][ T38] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.103161][ T38] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.602534][ T7673] netlink: 4 bytes leftover after parsing attributes in process `syz.3.368'. [ 94.060902][ T7684] loop4: detected capacity change from 0 to 512 [ 94.066070][ T7684] EXT4-fs: Ignoring removed i_version option [ 94.067554][ T7684] EXT4-fs: Ignoring removed nobh option [ 94.078767][ T7684] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 94.141378][ T7684] EXT4-fs (loop4): 1 truncate cleaned up [ 94.146811][ T7684] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.469125][ T7689] netlink: 'syz.1.372': attribute type 4 has an invalid length. [ 94.500339][ T6429] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.525558][ T7689] netlink: 'syz.1.372': attribute type 4 has an invalid length. [ 94.587364][ T7696] netlink: 8 bytes leftover after parsing attributes in process `syz.3.375'. [ 96.030544][ T7720] loop3: detected capacity change from 0 to 512 [ 96.032466][ T7720] EXT4-fs: Ignoring removed i_version option [ 96.033684][ T7720] EXT4-fs: Ignoring removed nobh option [ 96.035306][ T7720] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 96.557443][ T7720] EXT4-fs (loop3): 1 truncate cleaned up [ 96.559140][ T7720] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.762813][ T6423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.947668][ T6432] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 96.951351][ T6432] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 96.953435][ T6432] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 96.956966][ T6432] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 96.960743][ T6432] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 96.962416][ T6432] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 97.006053][ T7772] netlink: 16 bytes leftover after parsing attributes in process `syz.4.398'. [ 97.109888][ T719] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.118136][ T7758] netlink: 'syz.3.395': attribute type 1 has an invalid length. [ 97.163416][ T7767] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 97.179987][ T7767] bond1: (slave batadv1): Enslaving as a backup interface with an up link [ 97.219665][ T7774] bond1 (unregistering): (slave batadv1): Releasing backup interface [ 97.305552][ T7774] bond1 (unregistering): Released all slaves [ 97.320830][ T6432] Bluetooth: hci1: link tx timeout [ 97.322093][ T6432] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 97.567340][ T7789] loop1: detected capacity change from 0 to 512 [ 97.572810][ T7789] EXT4-fs: Ignoring removed i_version option [ 97.574121][ T7789] EXT4-fs: Ignoring removed nobh option [ 97.601276][ T7789] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 97.631272][ T7789] EXT4-fs (loop1): 1 truncate cleaned up [ 97.636715][ T7789] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.121539][ T6422] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.129486][ T7763] chnl_net:caif_netlink_parms(): no params data found [ 98.340923][ T7824] netlink: 76 bytes leftover after parsing attributes in process `syz.1.410'. [ 98.394155][ T7763] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.395784][ T7763] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.403645][ T7763] bridge_slave_0: entered allmulticast mode [ 98.405380][ T7763] bridge_slave_0: entered promiscuous mode [ 98.411460][ T7763] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.413038][ T7763] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.414791][ T7763] bridge_slave_1: entered allmulticast mode [ 98.416678][ T7763] bridge_slave_1: entered promiscuous mode [ 98.434673][ T7829] Driver unsupported XDP return value 0 on prog (id 20) dev N/A, expect packet loss! [ 98.451618][ T7763] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.455432][ T7763] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.770878][ T7833] Invalid ELF header magic: != ELF [ 99.069008][ T6441] Bluetooth: hci2: command tx timeout [ 99.244220][ T7763] team0: Port device team_slave_0 added [ 99.246699][ T7763] team0: Port device team_slave_1 added [ 99.291656][ T7842] netlink: 20 bytes leftover after parsing attributes in process `syz.1.415'. [ 99.389369][ T6438] Bluetooth: hci1: command 0x0406 tx timeout [ 99.390170][ T7763] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.402753][ T7763] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.414558][ T7763] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.421886][ T7763] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.423478][ T7763] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.429503][ T7763] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.733785][ T7853] loop4: detected capacity change from 0 to 512 [ 99.739220][ T7853] EXT4-fs: Ignoring removed i_version option [ 99.740665][ T7853] EXT4-fs: Ignoring removed nobh option [ 100.015328][ T7853] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 100.035162][ T7853] EXT4-fs (loop4): 1 truncate cleaned up [ 100.036843][ T7853] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.079549][ T7763] hsr_slave_0: entered promiscuous mode [ 100.117928][ T7763] hsr_slave_1: entered promiscuous mode [ 100.155583][ T7763] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 100.159838][ T7763] Cannot create hsr debugfs directory [ 100.206147][ T7850] netlink: 'syz.1.419': attribute type 8 has an invalid length. [ 100.267762][ T6429] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.375272][ T7866] netlink: 8 bytes leftover after parsing attributes in process `syz.3.423'. [ 100.381622][ T7866] netlink: 12 bytes leftover after parsing attributes in process `syz.3.423'. [ 100.683696][ T7873] Invalid ELF header magic: != ELF [ 101.127807][ T6432] Bluetooth: hci2: command tx timeout [ 101.129931][ T719] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.319983][ T719] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.662964][ T7895] netlink: 'syz.0.432': attribute type 178 has an invalid length. [ 101.684068][ T719] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.306283][ T7892] netlink: 16 bytes leftover after parsing attributes in process `syz.0.432'. [ 103.482607][ T6432] Bluetooth: hci2: command tx timeout [ 103.533355][ T7914] loop1: detected capacity change from 0 to 512 [ 103.535105][ T7914] EXT4-fs: Ignoring removed i_version option [ 103.536433][ T7914] EXT4-fs: Ignoring removed nobh option [ 103.538948][ T7914] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 103.602011][ T7914] EXT4-fs (loop1): 1 truncate cleaned up [ 103.611969][ T7914] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.636589][ T719] bridge_slave_1: left allmulticast mode [ 103.638042][ T719] bridge_slave_1: left promiscuous mode [ 103.639249][ T719] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.781678][ T7924] Invalid ELF header magic: != ELF [ 104.032870][ T719] bridge_slave_0: left allmulticast mode [ 104.034098][ T719] bridge_slave_0: left promiscuous mode [ 104.035461][ T719] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.045219][ T6422] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.255429][ T7937] netlink: 'syz.1.442': attribute type 2 has an invalid length. [ 105.537401][ T6432] Bluetooth: hci2: command tx timeout [ 106.270736][ T719] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 106.310336][ T719] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 106.350274][ T719] bond0 (unregistering): Released all slaves [ 106.807276][ T7987] loop0: detected capacity change from 0 to 512 [ 106.812476][ T7987] EXT4-fs: Ignoring removed i_version option [ 106.813957][ T7987] EXT4-fs: Ignoring removed nobh option [ 106.970811][ T7987] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 107.097941][ T7987] EXT4-fs (loop0): 1 truncate cleaned up [ 107.103175][ T7987] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.457278][ T6428] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.641061][ T719] hsr_slave_0: left promiscuous mode [ 108.698930][ T719] hsr_slave_1: left promiscuous mode [ 108.884203][ T719] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 108.886219][ T719] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 108.897434][ T719] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 108.899125][ T719] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 108.922285][ T719] veth1_macvtap: left promiscuous mode [ 108.923572][ T719] veth0_macvtap: left promiscuous mode [ 108.924764][ T719] veth1_vlan: left promiscuous mode [ 108.925835][ T719] veth0_vlan: left promiscuous mode [ 109.044826][ T8055] loop3: detected capacity change from 0 to 512 [ 109.050905][ T8055] EXT4-fs: Ignoring removed i_version option [ 109.052317][ T8055] EXT4-fs: Ignoring removed nobh option [ 109.071132][ T8055] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 109.162622][ T8055] EXT4-fs (loop3): 1 truncate cleaned up [ 109.168026][ T8055] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 109.590275][ T6423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.240437][ T719] team0 (unregistering): Port device team_slave_1 removed [ 111.440063][ T719] team0 (unregistering): Port device team_slave_0 removed [ 113.724528][ T7763] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 113.742968][ T7763] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 113.749338][ T7763] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 113.844647][ T7763] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 113.973703][ T7763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.998815][ T7763] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.015053][ T480] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.016640][ T480] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.030385][ T625] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.031963][ T625] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.123649][ T8100] ax25_connect(): syz.4.488 uses autobind, please contact jreuter@yaina.de [ 114.361930][ T8108] loop1: detected capacity change from 0 to 512 [ 114.365586][ T8108] EXT4-fs: Ignoring removed i_version option [ 114.365670][ T8108] EXT4-fs: Ignoring removed nobh option [ 114.751354][ T8108] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 114.800405][ T8108] EXT4-fs (loop1): 1 truncate cleaned up [ 114.802139][ T8108] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 114.988961][ T6422] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.946675][ T2348] ieee802154 phy0 wpan0: encryption failed: -22 [ 125.948121][ T2348] ieee802154 phy1 wpan1: encryption failed: -22 [ 125.953739][ T7763] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 125.972765][ T7763] veth0_vlan: entered promiscuous mode [ 125.976962][ T7763] veth1_vlan: entered promiscuous mode [ 126.000672][ T8155] netlink: 68 bytes leftover after parsing attributes in process `syz.4.497'. [ 126.024370][ T7763] veth0_macvtap: entered promiscuous mode [ 126.027446][ T7763] veth1_macvtap: entered promiscuous mode [ 126.033464][ T7763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 126.035506][ T7763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.037583][ T7763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 126.039550][ T7763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.041444][ T7763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 126.043510][ T7763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.045461][ T7763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 126.048003][ T7763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.051774][ T7763] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 126.054515][ T7763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 126.056580][ T7763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.058642][ T7763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 126.060695][ T7763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.066723][ T7763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 126.068966][ T7763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.070848][ T7763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 126.073556][ T7763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.076467][ T7763] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 126.119918][ T7763] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.121695][ T7763] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.123409][ T7763] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.125030][ T7763] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.183401][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.185219][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.227516][ T625] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.229073][ T625] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.261805][ T8174] ax25_connect(): syz.3.501 uses autobind, please contact jreuter@yaina.de [ 126.844769][ T8197] loop4: detected capacity change from 0 to 512 [ 126.850274][ T8197] EXT4-fs: Ignoring removed i_version option [ 126.851598][ T8197] EXT4-fs: Ignoring removed nobh option [ 126.891528][ T8197] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 126.932257][ T8197] EXT4-fs (loop4): 1 truncate cleaned up [ 126.937939][ T8197] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 127.430369][ T6429] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.548660][ T8214] syz.0.505 uses old SIOCAX25GETINFO [ 128.448881][ T8218] netlink: 68 bytes leftover after parsing attributes in process `syz.1.508'. [ 129.162064][ T8251] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 129.164020][ T8251] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 130.267479][ T8258] netlink: 68 bytes leftover after parsing attributes in process `syz.0.521'. [ 131.533699][ T8274] netlink: 4 bytes leftover after parsing attributes in process `syz.0.527'. [ 132.619107][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.107824][ T8295] netlink: 36 bytes leftover after parsing attributes in process `syz.3.533'. [ 133.205542][ T6438] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 133.218494][ T6438] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 133.220801][ T6438] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 133.222799][ T6438] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 133.228967][ T6438] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 133.230867][ T6438] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 133.925329][ T8303] could not allocate digest TFM handle sha384-avx [ 134.210288][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.598736][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.004975][ T8345] netlink: 36 bytes leftover after parsing attributes in process `syz.1.549'. [ 135.190246][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.859372][ T6432] Bluetooth: hci2: command tx timeout [ 135.965774][ T8299] chnl_net:caif_netlink_parms(): no params data found [ 136.097952][ T8368] xt_hashlimit: max too large, truncated to 1048576 [ 136.125625][ T8368] loop1: detected capacity change from 0 to 128 [ 136.143797][ T8368] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 136.497217][ T8299] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.509166][ T8299] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.510866][ T8299] bridge_slave_0: entered allmulticast mode [ 136.512655][ T8299] bridge_slave_0: entered promiscuous mode [ 136.526100][ T8380] netlink: 68 bytes leftover after parsing attributes in process `syz.0.561'. [ 136.533688][ T8299] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.557439][ T8299] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.568988][ T8299] bridge_slave_1: entered allmulticast mode [ 136.582081][ T8299] bridge_slave_1: entered promiscuous mode [ 137.316048][ T8299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 137.320037][ T8299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 137.337612][ T8299] team0: Port device team_slave_0 added [ 137.340618][ T8299] team0: Port device team_slave_1 added [ 138.357433][ T6432] Bluetooth: hci2: command tx timeout [ 138.621174][ T13] bridge_slave_1: left allmulticast mode [ 138.622426][ T13] bridge_slave_1: left promiscuous mode [ 138.623738][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.626867][ T13] bridge_slave_0: left allmulticast mode [ 138.628393][ T13] bridge_slave_0: left promiscuous mode [ 138.630079][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.948067][ T30] audit: type=1326 audit(138.920:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8423 comm="syz.4.571" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c34c768 code=0x7ffc0000 [ 138.952767][ T30] audit: type=1326 audit(138.930:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8423 comm="syz.4.571" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c34c768 code=0x7ffc0000 [ 138.961418][ T30] audit: type=1326 audit(138.940:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8423 comm="syz.4.571" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9c34c768 code=0x7ffc0000 [ 138.966836][ T30] audit: type=1326 audit(138.940:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8423 comm="syz.4.571" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c34c768 code=0x7ffc0000 [ 138.971729][ T30] audit: type=1326 audit(138.940:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8423 comm="syz.4.571" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c34c768 code=0x7ffc0000 [ 138.976585][ T30] audit: type=1326 audit(138.940:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8423 comm="syz.4.571" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=143 compat=0 ip=0xffff9c34c768 code=0x7ffc0000 [ 138.981306][ T30] audit: type=1326 audit(138.940:8): auid=4294967295 uid=0 gid=60928 ses=4294967295 subj=_ pid=8423 comm="syz.4.571" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c34c768 code=0x7ffc0000 [ 138.985942][ T30] audit: type=1326 audit(138.940:9): auid=4294967295 uid=0 gid=60928 ses=4294967295 subj=_ pid=8423 comm="syz.4.571" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c34c768 code=0x7ffc0000 [ 138.992662][ T30] audit: type=1326 audit(138.940:10): auid=4294967295 uid=0 gid=60928 ses=4294967295 subj=_ pid=8423 comm="syz.4.571" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9c34c768 code=0x7ffc0000 [ 138.997645][ T30] audit: type=1326 audit(138.940:11): auid=4294967295 uid=0 gid=60928 ses=4294967295 subj=_ pid=8423 comm="syz.4.571" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c34c768 code=0x7ffc0000 [ 139.261317][ T8426] netlink: 4 bytes leftover after parsing attributes in process `syz.4.571'. [ 140.039269][ T8428] netlink: 68 bytes leftover after parsing attributes in process `syz.4.572'. [ 140.418040][ T6432] Bluetooth: hci2: command tx timeout [ 140.505514][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 140.549541][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 140.599799][ T13] bond0 (unregistering): Released all slaves [ 140.617120][ T8299] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 140.624642][ T8299] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 140.644541][ T8433] netlink: 68 bytes leftover after parsing attributes in process `syz.1.574'. [ 140.662087][ T8299] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 140.720992][ T8299] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 140.722539][ T8299] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 140.750818][ T8299] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 140.966094][ T8444] loop0: detected capacity change from 0 to 32768 [ 141.454682][ T8444] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 141.749617][ T8299] hsr_slave_0: entered promiscuous mode [ 141.808275][ T8299] hsr_slave_1: entered promiscuous mode [ 142.617499][ T6432] Bluetooth: hci2: command tx timeout [ 143.256861][ T6428] ocfs2: Unmounting device (7,0) on (node local) [ 143.390170][ T8494] mmap: syz.0.588 (8494) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 143.405118][ T8496] loop4: detected capacity change from 0 to 16 [ 143.450976][ T13] hsr_slave_0: left promiscuous mode [ 143.452827][ T8496] erofs: (device loop4): mounted with root inode @ nid 36. [ 143.463734][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 86 @ nid 36 [ 143.465868][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 84 @ nid 36 [ 143.469356][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 80 @ nid 36 [ 143.471521][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 74 @ nid 36 [ 143.472534][ T13] hsr_slave_1: left promiscuous mode [ 143.473617][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 72 @ nid 36 [ 143.476963][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 70 @ nid 36 [ 143.480158][ T8496] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 62 of nid 36 [ 143.482409][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 63 @ nid 36 [ 143.484463][ T8496] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 62 of nid 36 [ 143.486733][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 62 @ nid 36 [ 143.493770][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 58 @ nid 36 [ 143.495877][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 57 @ nid 36 [ 143.498981][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 54 @ nid 36 [ 143.501008][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 53 @ nid 36 [ 143.502957][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 52 @ nid 36 [ 143.505001][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 51 @ nid 36 [ 143.506835][ T8496] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 363 @ lcn 50 of nid 36 [ 143.509978][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 50 @ nid 36 [ 143.513140][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 143.515176][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 143.520031][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 143.522157][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 143.524146][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 143.526231][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 34 @ nid 36 [ 143.528867][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 32 @ nid 36 [ 143.530850][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 30 @ nid 36 [ 143.533000][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 27 @ nid 36 [ 143.535062][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 26 @ nid 36 [ 143.537082][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 143.539712][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 143.541813][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 23 @ nid 36 [ 143.544006][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 22 @ nid 36 [ 143.546277][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 21 @ nid 36 [ 143.547320][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 143.549009][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 20 @ nid 36 [ 143.549824][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 143.551760][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 18 @ nid 36 [ 143.555435][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 12 @ nid 36 [ 143.558040][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 10 @ nid 36 [ 143.560146][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 6 @ nid 36 [ 143.560473][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 143.562146][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 4 @ nid 36 [ 143.565655][ T8496] erofs: (device loop4): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36 [ 143.568098][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 143.568157][ T8496] erofs: (device loop4): z_erofs_readahead: readahead error at folio 0 @ nid 36 [ 143.571939][ T8496] syz.4.589: attempt to access beyond end of device [ 143.571939][ T8496] loop4: rw=524288, sector=1049264, nr_sectors = 16 limit=16 [ 143.576322][ T8496] syz.4.589: attempt to access beyond end of device [ 143.576322][ T8496] loop4: rw=524288, sector=6520, nr_sectors = 16 limit=16 [ 143.580237][ T8496] syz.4.589: attempt to access beyond end of device [ 143.580237][ T8496] loop4: rw=524288, sector=34359736328, nr_sectors = 16 limit=16 [ 143.584036][ T8496] syz.4.589: attempt to access beyond end of device [ 143.584036][ T8496] loop4: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 143.587101][ T8496] syz.4.589: attempt to access beyond end of device [ 143.587101][ T8496] loop4: rw=524288, sector=536576856, nr_sectors = 16 limit=16 [ 143.591104][ T8496] syz.4.589: attempt to access beyond end of device [ 143.591104][ T8496] loop4: rw=524288, sector=13478624032, nr_sectors = 8 limit=16 [ 143.595298][ T8496] syz.4.589: attempt to access beyond end of device [ 143.595298][ T8496] loop4: rw=524288, sector=13716630376, nr_sectors = 8 limit=16 [ 143.600210][ T8496] syz.4.589: attempt to access beyond end of device [ 143.600210][ T8496] loop4: rw=524288, sector=133693448, nr_sectors = 8 limit=16 [ 143.603292][ T8496] syz.4.589: attempt to access beyond end of device [ 143.603292][ T8496] loop4: rw=524288, sector=790384, nr_sectors = 16 limit=16 [ 143.606202][ T8496] syz.4.589: attempt to access beyond end of device [ 143.606202][ T8496] loop4: rw=524288, sector=72, nr_sectors = 16 limit=16 [ 143.607985][ T13] veth1_macvtap: left promiscuous mode [ 143.616767][ T13] veth0_macvtap: left promiscuous mode [ 143.618209][ T13] veth1_vlan: left promiscuous mode [ 143.619364][ T13] veth0_vlan: left promiscuous mode [ 145.380146][ T13] team0 (unregistering): Port device team_slave_1 removed [ 145.549954][ T13] team0 (unregistering): Port device team_slave_0 removed [ 148.056904][ T8541] loop3: detected capacity change from 0 to 128 [ 148.126489][ T8541] usb usb8: usbfs: process 8541 (syz.3.598) did not claim interface 0 before use [ 148.154964][ T8543] netlink: 'syz.0.599': attribute type 1 has an invalid length. [ 148.166852][ T8543] 8021q: adding VLAN 0 to HW filter on device bond1 [ 149.439823][ T8562] loop4: detected capacity change from 0 to 32768 [ 149.469169][ T8562] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.606 (8562) [ 149.490024][ T8562] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 149.492293][ T8562] BTRFS info (device loop4): using crc32c (crc32c-generic) checksum algorithm [ 149.494118][ T8562] BTRFS info (device loop4): using free-space-tree [ 149.726918][ T8562] BTRFS info (device loop4): balance: start -s [ 149.728996][ T8562] BTRFS info (device loop4): balance: ended with status: 0 [ 149.765822][ T8594] loop0: detected capacity change from 0 to 256 [ 149.836990][ T8594] FAT-fs (loop0): Directory bread(block 64) failed [ 149.838666][ T8594] FAT-fs (loop0): Directory bread(block 65) failed [ 149.840028][ T8594] FAT-fs (loop0): Directory bread(block 66) failed [ 149.841309][ T8594] FAT-fs (loop0): Directory bread(block 67) failed [ 149.842653][ T8594] FAT-fs (loop0): Directory bread(block 68) failed [ 149.844303][ T8594] FAT-fs (loop0): Directory bread(block 69) failed [ 149.845828][ T8594] FAT-fs (loop0): Directory bread(block 70) failed [ 149.854547][ T8594] FAT-fs (loop0): Directory bread(block 71) failed [ 149.856014][ T8594] FAT-fs (loop0): Directory bread(block 72) failed [ 149.867726][ T6429] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 149.878909][ T8594] FAT-fs (loop0): Directory bread(block 73) failed [ 149.923323][ T8597] netlink: 8 bytes leftover after parsing attributes in process `syz.1.609'. [ 149.939381][ T8594] Process accounting resumed [ 149.941150][ T8594] FAT-fs (loop0): error, clusters badly computed (1 != 111024) [ 149.942792][ T8594] FAT-fs (loop0): Filesystem has been set read-only [ 149.954307][ T8597] : entered promiscuous mode [ 149.961744][ T8594] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1412) [ 150.046914][ T8604] netlink: 'syz.3.613': attribute type 1 has an invalid length. [ 150.076432][ T8604] 8021q: adding VLAN 0 to HW filter on device bond1 [ 150.100340][ T8611] capability: warning: `syz.1.615' uses deprecated v2 capabilities in a way that may be insecure [ 150.123231][ T8299] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 150.132377][ C1] TCP: request_sock_subflow_v6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 150.169033][ T8299] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 150.251682][ T8299] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 151.259263][ T8299] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 151.543998][ T8299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.699114][ T8299] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.587427][ T8654] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 152.931584][ T8299] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 152.935599][ T8299] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 153.341802][ T8686] Cannot find map_set index 0 as target [ 153.436623][ T8693] loop3: detected capacity change from 0 to 512 [ 153.444272][ T8693] EXT4-fs warning (device loop3): read_mmp_block:115: Error -117 while reading MMP block 12 [ 158.730246][ T6438] Bluetooth: hci4: command 0x0406 tx timeout [ 158.730436][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 158.731600][ T5992] Bluetooth: hci3: command 0x0406 tx timeout [ 164.392414][ T38] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.394115][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state [ 164.397493][ T38] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.399529][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state [ 164.454540][ T8299] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 165.168376][ T8718] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 165.170404][ T8718] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 165.172669][ T8718] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 165.209680][ T8299] veth0_vlan: entered promiscuous mode [ 165.233735][ T8299] veth1_vlan: entered promiscuous mode [ 165.268399][ T8299] veth0_macvtap: entered promiscuous mode [ 165.278931][ T8299] veth1_macvtap: entered promiscuous mode [ 165.290078][ T8299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 165.292499][ T8299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.294817][ T8299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 165.297100][ T8299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.299214][ T8299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 165.301425][ T8299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.303448][ T8299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 165.305749][ T8299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.309395][ T8299] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 165.312449][ T8299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 165.314648][ T8299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.317076][ T8299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 165.319508][ T8299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.322407][ T8299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 165.325032][ T8299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.327572][ T8299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 165.330561][ T8299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.378785][ T8299] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 165.382610][ T8299] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.384591][ T8299] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.386464][ T8299] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.388490][ T8299] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.541145][ T38] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.550093][ T38] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 165.689019][ T8640] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.691268][ T8640] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 166.664070][ T8751] netlink: 'syz.0.646': attribute type 4 has an invalid length. [ 167.106401][ T8766] loop0: detected capacity change from 0 to 1024 [ 167.131192][ T8766] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 167.229775][ T8766] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 167.232710][ T8766] EXT4-fs (loop0): orphan cleanup on readonly fs [ 167.237432][ T8766] __quota_error: 32 callbacks suppressed [ 167.237478][ T8766] Quota error (device loop0): v2_read_file_info: Can't read info structure [ 167.241088][ T8766] EXT4-fs warning (device loop0): ext4_enable_quotas:7097: Failed to enable quota tracking (type=0, err=-5, ino=3). Please run e2fsck to fix. [ 167.243958][ T8766] EXT4-fs (loop0): Cannot turn on quotas: error -5 [ 167.276335][ T8766] EXT4-fs (loop0): 1 truncate cleaned up [ 167.280627][ T8766] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 167.704696][ T6434] Bluetooth: hci1: link tx timeout [ 167.705778][ T6434] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa [ 167.875068][ T6428] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.331404][ T8815] netlink: 'syz.4.668': attribute type 29 has an invalid length. [ 168.348236][ T8815] netlink: 'syz.4.668': attribute type 29 has an invalid length. [ 168.903951][ T8855] netlink: 3 bytes leftover after parsing attributes in process `syz.4.690'. [ 169.233800][ T8880] sctp: [Deprecated]: syz.0.702 (pid 8880) Use of struct sctp_assoc_value in delayed_ack socket option. [ 169.233800][ T8880] Use struct sctp_sack_info instead [ 169.777310][ T6432] Bluetooth: hci1: command 0x0406 tx timeout [ 170.188741][ T6432] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 170.193305][ T6432] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 170.195535][ T6432] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 170.203822][ T6432] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 170.207757][ T6432] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 170.209922][ T6432] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 172.247324][ T6434] Bluetooth: hci2: command tx timeout [ 174.327314][ T6434] Bluetooth: hci2: command tx timeout [ 176.407299][ T6434] Bluetooth: hci2: command tx timeout [ 178.487315][ T6434] Bluetooth: hci2: command tx timeout [ 180.069361][ T8887] netlink: 4093 bytes leftover after parsing attributes in process `syz.0.703'. [ 180.456418][ T8890] netlink: 'syz.4.704': attribute type 10 has an invalid length. [ 180.464238][ T8890] bond0: (slave team0): Releasing backup interface [ 180.502585][ T8890] bridge0: port 3(team0) entered blocking state [ 180.504012][ T8890] bridge0: port 3(team0) entered disabled state [ 180.505438][ T8890] team0: entered allmulticast mode [ 180.510662][ T8890] team_slave_0: entered allmulticast mode [ 180.513069][ T8890] team_slave_1: entered allmulticast mode [ 180.515490][ T8890] team0: entered promiscuous mode [ 180.516636][ T8890] team_slave_0: entered promiscuous mode [ 180.519209][ T8890] team_slave_1: entered promiscuous mode [ 180.620714][ T1958] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.632643][ T8919] netlink: 'syz.1.715': attribute type 10 has an invalid length. [ 180.634823][ T8919] netlink: 40 bytes leftover after parsing attributes in process `syz.1.715'. [ 180.637126][ T8919] veth0_vlan: entered allmulticast mode [ 180.639309][ T8919] bridge0: port 3(veth0_vlan) entered blocking state [ 180.641156][ T8919] bridge0: port 3(veth0_vlan) entered disabled state [ 180.643772][ T8919] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 180.762574][ T1958] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.891477][ T1958] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.101272][ T1958] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.241429][ T8891] chnl_net:caif_netlink_parms(): no params data found [ 181.262759][ T8976] loop3: detected capacity change from 0 to 32768 [ 181.291406][ T8976] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 181.389950][ T8891] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.401915][ T8891] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.412801][ T8891] bridge_slave_0: entered allmulticast mode [ 181.423977][ T8891] bridge_slave_0: entered promiscuous mode [ 181.440135][ T8891] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.441675][ T8891] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.443403][ T8891] bridge_slave_1: entered allmulticast mode [ 181.445472][ T8891] bridge_slave_1: entered promiscuous mode [ 182.138144][ T8891] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 182.142301][ T8891] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 182.235117][ T1958] bridge_slave_1: left allmulticast mode [ 182.236415][ T1958] bridge_slave_1: left promiscuous mode [ 182.239403][ T1958] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.244277][ T1958] bridge_slave_0: left allmulticast mode [ 182.248629][ T1958] bridge_slave_0: left promiscuous mode [ 182.249948][ T1958] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.611141][ T1958] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 184.650194][ T1958] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 184.699741][ T1958] bond0 (unregistering): Released all slaves [ 184.759766][ T9031] netlink: 60 bytes leftover after parsing attributes in process `syz.0.736'. [ 184.866268][ T8891] team0: Port device team_slave_0 added [ 184.870804][ T8891] team0: Port device team_slave_1 added [ 184.902528][ T6423] ocfs2: Unmounting device (7,3) on (node local) [ 184.927351][ T6434] Bluetooth: hci3: unexpected event for opcode 0x0803 [ 184.983134][ T9056] delete_channel: no stack [ 184.984436][ T9056] delete_channel: no stack [ 185.008217][ T9058] loop4: detected capacity change from 0 to 128 [ 185.087501][ T9067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 185.090770][ T9067] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 185.186598][ T8891] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 185.188357][ T8891] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 185.193670][ T8891] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 185.196792][ T8891] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 185.198296][ T8891] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 185.203570][ T8891] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 185.216059][ T9068] warning: `syz.4.750' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 185.294300][ T8891] hsr_slave_0: entered promiscuous mode [ 185.339214][ T8891] hsr_slave_1: entered promiscuous mode [ 185.387704][ T8891] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 185.389354][ T8891] Cannot create hsr debugfs directory [ 185.568230][ T9107] loop3: detected capacity change from 0 to 1024 [ 185.570431][ T9107] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 185.572299][ T9107] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 185.574479][ T9107] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 185.611429][ T9107] EXT4-fs error (device loop3): ext4_get_journal_inode:5762: inode #5: comm syz.3.756: unexpected bad inode w/o EXT4_IGET_BAD [ 185.615820][ T9107] EXT4-fs (loop3): no journal found [ 185.616893][ T9107] EXT4-fs (loop3): can't get journal size [ 185.639686][ T9107] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 185.853032][ T6423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 185.960982][ T9118] loop4: detected capacity change from 0 to 8 [ 186.198983][ T1958] hsr_slave_0: left promiscuous mode [ 186.273697][ T1958] hsr_slave_1: left promiscuous mode [ 186.348138][ T1958] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 186.349789][ T1958] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 186.379947][ T1958] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 186.381512][ T1958] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 186.411356][ T1958] veth1_macvtap: left promiscuous mode [ 186.417586][ T1958] veth0_macvtap: left promiscuous mode [ 186.421151][ T1958] veth1_vlan: left promiscuous mode [ 186.425547][ T1958] veth0_vlan: left promiscuous mode [ 186.773276][ T9176] netlink: 28 bytes leftover after parsing attributes in process `syz.1.770'. [ 187.003353][ T9188] loop1: detected capacity change from 0 to 128 [ 187.049638][ T9188] EXT4-fs (loop1): Test dummy encryption mode enabled [ 187.055029][ T9188] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 187.072683][ T9188] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-ce" [ 187.378035][ T2348] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.379600][ T2348] ieee802154 phy1 wpan1: encryption failed: -22 [ 187.893954][ T6422] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 187.941851][ T9197] loop1: detected capacity change from 0 to 512 [ 187.959504][ T9197] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 187.961447][ T9197] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01c, mo2=0002] [ 187.963371][ T9197] EXT4-fs (loop1): orphan cleanup on readonly fs [ 187.966772][ T9197] EXT4-fs warning (device loop1): ext4_block_to_path:107: block 3279949761 > max in inode 13 [ 187.973309][ T9197] EXT4-fs warning (device loop1): ext4_block_to_path:107: block 3279949762 > max in inode 13 [ 187.976020][ T9197] EXT4-fs (loop1): 1 truncate cleaned up [ 187.978147][ T9197] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 187.984093][ T9197] EXT4-fs warning (device loop1): dx_probe:893: inode #2: comm syz.1.777: dx entry: limit 65535 != root limit 120 [ 187.986674][ T9197] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.777: Corrupt directory, running e2fsck is recommended [ 188.006292][ T6422] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.400769][ T1958] team0 (unregistering): Port device team_slave_1 removed [ 189.570831][ T1958] team0 (unregistering): Port device team_slave_0 removed [ 192.940521][ T8891] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 192.988089][ T8891] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 192.996956][ T8891] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 193.050205][ T9240] loop1: detected capacity change from 0 to 512 [ 193.150019][ T8891] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 193.214285][ T9240] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 193.438317][ T8891] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.445401][ T8891] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.460843][ T8891] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 193.463053][ T8891] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 193.528863][ T480] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.530264][ T480] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.532795][ T480] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.534318][ T480] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.536333][ T9271] loop4: detected capacity change from 0 to 8 [ 193.752726][ T6432] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 193.756894][ T6432] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 193.761332][ T6432] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 193.763862][ T6432] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 193.765847][ T6432] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 193.768764][ T6432] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 193.838283][ T6433] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 193.843877][ T6422] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.875116][ T9285] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 193.877082][ T9285] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 193.940667][ T38] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.002670][ T6433] usb 1-1: Using ep0 maxpacket: 16 [ 194.021679][ T6433] usb 1-1: config 0 has an invalid interface number: 214 but max is 0 [ 194.023575][ T6433] usb 1-1: config 0 has no interface number 0 [ 194.024899][ T6433] usb 1-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 194.040836][ T6433] usb 1-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 194.042955][ T6433] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.044811][ T6433] usb 1-1: Product: syz [ 194.045685][ T6433] usb 1-1: Manufacturer: syz [ 194.046685][ T6433] usb 1-1: SerialNumber: syz [ 194.053485][ T9295] loop4: detected capacity change from 0 to 128 [ 194.070176][ T38] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.076605][ T6433] usb 1-1: config 0 descriptor?? [ 194.079670][ T9295] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 194.102815][ T8891] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.119860][ T9295] EXT4-fs warning (device loop4): ext4_dirblock_csum_verify:406: inode #2: comm syz.4.808: No space for directory leaf checksum. Please run e2fsck -D. [ 194.123193][ T9295] EXT4-fs error (device loop4): __ext4_find_entry:1652: inode #2: comm syz.4.808: checksumming directory block 0 [ 194.167015][ T6429] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 194.191211][ T38] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.264115][ T8891] veth0_vlan: entered promiscuous mode [ 194.291988][ T9309] loop4: detected capacity change from 0 to 128 [ 194.308352][ T9309] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 194.319357][ T38] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.325724][ T8891] veth1_vlan: entered promiscuous mode [ 194.395911][ T8891] veth0_macvtap: entered promiscuous mode [ 194.431833][ T8891] veth1_macvtap: entered promiscuous mode [ 194.440786][ T8891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 194.443066][ T8891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.445159][ T8891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 194.448500][ T8891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.450584][ T8891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 194.452751][ T8891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.454833][ T8891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 194.457124][ T8891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.460440][ T8891] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 194.463414][ T6429] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 194.494497][ T8891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.496645][ T8891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.510509][ T8891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.512837][ T8891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.514888][ T8891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.517112][ T8891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.519708][ T8891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.521900][ T8891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.525071][ T8891] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 194.559281][ T8891] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.561015][ T8891] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.569632][ T8891] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.571428][ T8891] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.574410][ T38] bridge_slave_1: left allmulticast mode [ 194.575660][ T38] bridge_slave_1: left promiscuous mode [ 194.576948][ T38] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.580073][ T38] bridge_slave_0: left allmulticast mode [ 194.581310][ T38] bridge_slave_0: left promiscuous mode [ 194.582522][ T38] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.695906][ T6433] usbtouchscreen 1-1:0.214: probe with driver usbtouchscreen failed with error -71 [ 194.710107][ T6433] usb 1-1: USB disconnect, device number 2 [ 195.485552][ T9337] loop0: detected capacity change from 0 to 2048 [ 195.524447][ T9337] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 195.546598][ T6428] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.649367][ T9341] loop0: detected capacity change from 0 to 512 [ 195.656349][ T9341] EXT4-fs: Ignoring removed orlov option [ 195.660157][ T9341] EXT4-fs: Ignoring removed i_version option [ 195.670776][ T9341] EXT4-fs (loop0): Test dummy encryption mode enabled [ 195.672498][ T9341] EXT4-fs (loop0): blocks per group (255) and clusters per group (8192) inconsistent [ 195.847470][ T6434] Bluetooth: hci1: command tx timeout [ 196.719516][ T38] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 196.759944][ T38] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 196.799973][ T38] bond0 (unregistering): Released all slaves [ 197.469680][ T38] bond1 (unregistering): Released all slaves [ 197.474149][ T9280] chnl_net:caif_netlink_parms(): no params data found [ 197.604158][ T9352] loop1: detected capacity change from 0 to 1024 [ 197.643952][ T9352] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 197.929072][ T6434] Bluetooth: hci1: command tx timeout [ 198.163108][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.164769][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.284878][ T9280] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.288997][ T9280] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.294845][ T9280] bridge_slave_0: entered allmulticast mode [ 198.364421][ T9280] bridge_slave_0: entered promiscuous mode [ 198.419513][ T9280] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.421935][ T9280] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.430487][ T9280] bridge_slave_1: entered allmulticast mode [ 198.441886][ T9280] bridge_slave_1: entered promiscuous mode [ 199.172305][ T6422] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.242723][ T9399] loop1: detected capacity change from 0 to 1024 [ 199.274102][ T9399] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 199.305083][ T9280] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 199.325255][ T9399] EXT4-fs error (device loop1): ext4_xattr_ibody_get:653: inode #2: comm syz.1.835: corrupted in-inode xattr: bad e_name length [ 199.338876][ T9399] EXT4-fs (loop1): Remounting filesystem read-only [ 199.730213][ T9280] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 200.028361][ T6434] Bluetooth: hci1: command tx timeout [ 200.065315][ T1958] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.067335][ T1958] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.185630][ T9412] loop0: detected capacity change from 0 to 128 [ 200.203368][ T38] hsr_slave_0: left promiscuous mode [ 200.224047][ T9412] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 200.250936][ T38] hsr_slave_1: left promiscuous mode [ 200.253388][ T6428] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 200.284958][ T9421] loop4: detected capacity change from 0 to 256 [ 200.331053][ T38] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 200.332670][ T38] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 200.335376][ T38] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 200.336850][ T38] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 200.352796][ T38] veth1_macvtap: left promiscuous mode [ 200.354048][ T38] veth0_macvtap: left promiscuous mode [ 200.355294][ T38] veth1_vlan: left promiscuous mode [ 200.356439][ T38] veth0_vlan: left promiscuous mode [ 200.403716][ T9421] FAT-fs (loop4): Directory bread(block 64) failed [ 200.405108][ T9421] FAT-fs (loop4): Directory bread(block 65) failed [ 200.406569][ T9421] FAT-fs (loop4): Directory bread(block 66) failed [ 200.408775][ T9421] FAT-fs (loop4): Directory bread(block 67) failed [ 200.410338][ T9421] FAT-fs (loop4): Directory bread(block 68) failed [ 200.411878][ T9421] FAT-fs (loop4): Directory bread(block 69) failed [ 200.413313][ T9421] FAT-fs (loop4): Directory bread(block 70) failed [ 200.415216][ T9421] FAT-fs (loop4): Directory bread(block 71) failed [ 200.416626][ T9421] FAT-fs (loop4): Directory bread(block 72) failed [ 200.424703][ T9421] FAT-fs (loop4): Directory bread(block 73) failed [ 202.088474][ T6434] Bluetooth: hci1: command tx timeout [ 202.310757][ T38] team0 (unregistering): Port device team_slave_1 removed [ 202.540197][ T38] team0 (unregistering): Port device team_slave_0 removed [ 204.759196][ T9280] team0: Port device team_slave_0 added [ 204.772874][ T9280] team0: Port device team_slave_1 added [ 204.892848][ T6422] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.900266][ T11] Quota error (device loop1): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 204.903119][ T11] Quota error (device loop1): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 204.915395][ T9280] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 204.921099][ T9280] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 204.927118][ T9280] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 204.945517][ T9280] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 204.952092][ T9280] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 204.970879][ T9280] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 205.009297][ T9442] loop0: detected capacity change from 0 to 256 [ 205.509442][ T9442] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 205.760060][ T9459] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 205.762036][ T9459] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 205.859526][ T6432] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 205.859763][ T9280] hsr_slave_0: entered promiscuous mode [ 205.864186][ T6432] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 205.867045][ T6432] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 205.870112][ T6432] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 205.872143][ T6432] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 205.873823][ T6432] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 205.898337][ T9280] hsr_slave_1: entered promiscuous mode [ 206.298419][ T9280] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 206.303341][ T9280] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 206.353654][ T38] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.363644][ T9280] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 206.376750][ T9280] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 206.482726][ T38] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.496807][ T9462] chnl_net:caif_netlink_parms(): no params data found [ 206.596540][ T38] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.716325][ T6432] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 206.719953][ T6432] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 206.724028][ T6432] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 206.726049][ T6432] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 206.728052][ T6432] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 206.729749][ T6432] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 207.052037][ T38] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.311013][ T9462] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.320949][ T9462] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.387737][ T9462] bridge_slave_0: entered allmulticast mode [ 207.425306][ T9462] bridge_slave_0: entered promiscuous mode [ 207.438902][ T9462] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.443349][ T9462] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.444998][ T9462] bridge_slave_1: entered allmulticast mode [ 207.452592][ T9462] bridge_slave_1: entered promiscuous mode [ 207.532622][ T9280] 8021q: adding VLAN 0 to HW filter on device bond0 [ 207.641807][ T9462] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.238124][ T9462] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.241711][ T6434] Bluetooth: hci0: command tx timeout [ 208.327118][ T9462] team0: Port device team_slave_0 added [ 208.347128][ T9462] team0: Port device team_slave_1 added [ 208.520080][ T9280] 8021q: adding VLAN 0 to HW filter on device team0 [ 208.543295][ T480] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.544897][ T480] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.549964][ T480] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.551441][ T480] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.887589][ T6434] Bluetooth: hci2: command tx timeout [ 209.179281][ T9462] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.180766][ T9462] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.191033][ T9462] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.206993][ T9554] netlink: 16 bytes leftover after parsing attributes in process `syz.0.859'. [ 209.211877][ T9462] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.220013][ T9462] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.237649][ T9462] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.320733][ T9561] ax25_connect(): syz.4.862 uses autobind, please contact jreuter@yaina.de [ 209.335199][ T38] bridge_slave_1: left allmulticast mode [ 209.336484][ T38] bridge_slave_1: left promiscuous mode [ 209.338505][ T38] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.341326][ T38] bridge_slave_0: left allmulticast mode [ 209.342597][ T38] bridge_slave_0: left promiscuous mode [ 209.343811][ T38] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.413962][ T9567] loop4: detected capacity change from 0 to 1024 [ 209.470138][ T9567] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 209.513069][ T6429] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.481791][ T6434] Bluetooth: hci0: command tx timeout [ 210.584230][ T9595] loop0: detected capacity change from 0 to 2048 [ 210.594840][ T9595] UDF-fs: error (device loop0): udf_read_inode: (ino 1312) failed !bh [ 210.596945][ T9595] UDF-fs: Scanning with blocksize 512 failed [ 210.615019][ T9595] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 210.625334][ T9595] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 210.626989][ T9595] UDF-fs: Scanning with blocksize 1024 failed [ 210.629435][ T9595] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 210.632167][ T9595] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 210.634270][ T9595] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 210.636043][ T9595] UDF-fs: Scanning with blocksize 2048 failed [ 210.646147][ T9595] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 210.656028][ T9595] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 210.658756][ T9595] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 210.660654][ T9595] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 210.662384][ T9595] UDF-fs: Scanning with blocksize 4096 failed [ 210.663657][ T9595] UDF-fs: warning (device loop0): udf_fill_super: No partition found (1) [ 211.032946][ T6434] Bluetooth: hci2: command tx timeout [ 211.676055][ T9603] ax25_connect(): syz.0.871 uses autobind, please contact jreuter@yaina.de [ 211.911082][ T38] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 211.950047][ T38] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 211.989467][ T38] bond0 (unregistering): Released all slaves [ 212.020113][ T9462] hsr_slave_0: entered promiscuous mode [ 212.077546][ T9462] hsr_slave_1: entered promiscuous mode [ 212.117332][ T9462] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 212.118956][ T9462] Cannot create hsr debugfs directory [ 212.442947][ T9510] chnl_net:caif_netlink_parms(): no params data found [ 212.489596][ T6434] Bluetooth: hci0: command tx timeout [ 212.606842][ T9629] loop0: detected capacity change from 0 to 256 [ 212.640733][ T9629] exfat: Bad value for 'uid' [ 212.641745][ T9629] exfat: Bad value for 'uid' [ 212.727727][ T38] hsr_slave_0: left promiscuous mode [ 212.754805][ T9637] loop0: detected capacity change from 0 to 2048 [ 212.767788][ T38] hsr_slave_1: left promiscuous mode [ 212.782648][ T9637] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 212.801589][ T6428] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.847419][ T38] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 212.849253][ T38] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 212.851931][ T38] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 212.853502][ T38] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 212.880380][ T38] veth1_macvtap: left promiscuous mode [ 212.881727][ T38] veth0_macvtap: left promiscuous mode [ 212.883073][ T38] veth1_vlan: left promiscuous mode [ 212.884340][ T38] veth0_vlan: left promiscuous mode [ 213.127295][ T6434] Bluetooth: hci2: command tx timeout [ 214.567887][ T6434] Bluetooth: hci0: command tx timeout [ 214.569632][ T38] team0 (unregistering): Port device team_slave_1 removed [ 214.750785][ T38] team0 (unregistering): Port device team_slave_0 removed [ 215.217289][ T6434] Bluetooth: hci2: command tx timeout [ 216.994804][ T9510] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.996380][ T9510] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.000076][ T9510] bridge_slave_0: entered allmulticast mode [ 217.025654][ T9510] bridge_slave_0: entered promiscuous mode [ 217.066649][ T9280] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.074136][ T9668] loop4: detected capacity change from 0 to 256 [ 217.085213][ T9510] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.086940][ T9510] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.088985][ T9510] bridge_slave_1: entered allmulticast mode [ 217.090783][ T9510] bridge_slave_1: entered promiscuous mode [ 217.099243][ T9462] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 217.108270][ T9462] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 217.155087][ T9668] FAT-fs (loop4): Directory bread(block 64) failed [ 217.156631][ T9668] FAT-fs (loop4): Directory bread(block 65) failed [ 217.161860][ T9462] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 217.169446][ T9668] FAT-fs (loop4): Directory bread(block 66) failed [ 217.170831][ T9668] FAT-fs (loop4): Directory bread(block 67) failed [ 217.172221][ T9668] FAT-fs (loop4): Directory bread(block 68) failed [ 217.173552][ T9668] FAT-fs (loop4): Directory bread(block 69) failed [ 217.174834][ T9668] FAT-fs (loop4): Directory bread(block 70) failed [ 217.176302][ T9668] FAT-fs (loop4): Directory bread(block 71) failed [ 217.177868][ T9668] FAT-fs (loop4): Directory bread(block 72) failed [ 217.179258][ T9668] FAT-fs (loop4): Directory bread(block 73) failed [ 217.183948][ T9462] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 217.214330][ T9510] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 217.235332][ T9510] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 217.356088][ T9510] team0: Port device team_slave_0 added [ 217.365796][ T9510] team0: Port device team_slave_1 added [ 217.433941][ T9510] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 217.435622][ T9510] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.630038][ T9510] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 218.058444][ T9510] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 218.077467][ T9510] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.082842][ T9510] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 218.185997][ T9697] loop4: detected capacity change from 0 to 2048 [ 218.220240][ T9697] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 218.244483][ T6429] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 218.283098][ T9699] netlink: 56 bytes leftover after parsing attributes in process `syz.0.891'. [ 218.286207][ T9280] veth0_vlan: entered promiscuous mode [ 218.298205][ T9280] veth1_vlan: entered promiscuous mode [ 218.302544][ T9699] netlink: 4 bytes leftover after parsing attributes in process `syz.0.891'. [ 218.354163][ T9708] binder: 9707:9708 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 218.408492][ T9699] bond0: (slave bond_slave_0): Releasing backup interface [ 218.542169][ T9703] netlink: 'syz.0.891': attribute type 15 has an invalid length. [ 218.543828][ T9703] netlink: 24 bytes leftover after parsing attributes in process `syz.0.891'. [ 218.600032][ T9510] hsr_slave_0: entered promiscuous mode [ 218.660683][ T9510] hsr_slave_1: entered promiscuous mode [ 218.711793][ T9510] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 218.714422][ T9510] Cannot create hsr debugfs directory [ 218.732415][ T9280] veth0_macvtap: entered promiscuous mode [ 218.750323][ T9462] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.780597][ T9724] netlink: 56 bytes leftover after parsing attributes in process `syz.0.896'. [ 218.798405][ T9280] veth1_macvtap: entered promiscuous mode [ 218.805127][ T9280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 218.815446][ T9280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.818831][ T9280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 218.821033][ T9280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.823146][ T9280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 218.825312][ T9280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.838676][ T9280] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.854644][ T9462] 8021q: adding VLAN 0 to HW filter on device team0 [ 218.884200][ T9280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.886525][ T9280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.890150][ T9280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.892498][ T9280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.894770][ T9280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.897010][ T9280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.900755][ T9280] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 218.932957][ T7253] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.934510][ T7253] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.973920][ T1958] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.975556][ T1958] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.975964][ T9737] loop0: detected capacity change from 0 to 1024 [ 218.981976][ T9280] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.985006][ T9280] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.990357][ T9280] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.994554][ T9280] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.013924][ T9737] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 219.069298][ T6428] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.126381][ T9741] netlink: 'syz.0.899': attribute type 3 has an invalid length. [ 219.129801][ T9741] netlink: 8 bytes leftover after parsing attributes in process `syz.0.899'. [ 219.172240][ T9743] loop0: detected capacity change from 0 to 512 [ 219.196073][ T9462] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 219.231217][ T9743] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 219.271082][ T480] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 219.272970][ T480] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.370132][ T9462] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.385528][ T6428] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.390247][ T480] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 219.393538][ T480] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.592987][ T9763] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 219.605648][ T9763] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 219.643225][ T9773] loop0: detected capacity change from 0 to 256 [ 219.654785][ T9510] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 219.669695][ T9510] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 219.697816][ T9510] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 219.703641][ T9462] veth0_vlan: entered promiscuous mode [ 219.706749][ T9510] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 219.716324][ T9462] veth1_vlan: entered promiscuous mode [ 219.768682][ T9462] veth0_macvtap: entered promiscuous mode [ 219.771761][ T9462] veth1_macvtap: entered promiscuous mode [ 219.793224][ T9462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 219.795393][ T9462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.808218][ T9462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 219.810516][ T9462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.812530][ T9462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 219.814712][ T9462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.816791][ T9462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 219.825139][ T9462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.829081][ T9462] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 219.841733][ T9510] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.847064][ T9462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 219.850787][ T9462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.852887][ T9462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 219.855228][ T9462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.857361][ T9462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 219.859625][ T9462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.861625][ T9462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 219.863719][ T9462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.867069][ T9462] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 219.876822][ T9510] 8021q: adding VLAN 0 to HW filter on device team0 [ 219.884567][ T9462] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.886506][ T9462] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.888516][ T9462] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.890493][ T9462] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.895956][ T480] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.897569][ T480] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.909619][ T480] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.911151][ T480] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.225758][ T9790] ax25_connect(): syz.5.909 uses autobind, please contact jreuter@yaina.de [ 231.330220][ T38] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 231.331924][ T38] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 231.384289][ T9803] loop4: detected capacity change from 0 to 1024 [ 231.386082][ T9803] EXT4-fs: Ignoring removed nomblk_io_submit option [ 231.412096][ T9803] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 231.421676][ T1958] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 231.423906][ T1958] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 231.443858][ T9803] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 231.453664][ T9810] loop0: detected capacity change from 0 to 512 [ 231.474811][ T9810] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 231.475491][ T9803] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2793: inode #2: comm syz.4.911: corrupted in-inode xattr: bad e_name length [ 231.511196][ T9803] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2863: Unable to expand inode 2. Delete some EAs or run e2fsck. [ 231.693366][ T9510] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 232.153533][ T9803] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #2: comm syz.4.911: corrupted in-inode xattr: bad e_name length [ 232.183272][ T9510] veth0_vlan: entered promiscuous mode [ 232.188247][ T9510] veth1_vlan: entered promiscuous mode [ 232.205592][ T9510] veth0_macvtap: entered promiscuous mode [ 232.216483][ T9510] veth1_macvtap: entered promiscuous mode [ 232.225477][ T9510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 232.227811][ T9510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.246351][ T9510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 232.260895][ T9510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.263003][ T9510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 232.265146][ T9510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.277252][ T9510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 232.279575][ T9510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.281551][ T9510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 232.283743][ T9510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.287009][ T9510] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 232.306239][ T6429] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.329249][ T9510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 232.331761][ T9510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.333920][ T9510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 232.336209][ T9510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.338501][ T9510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 232.340552][ T9510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.342433][ T9510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 232.344469][ T9510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.346529][ T9510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 232.354802][ T9510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.358302][ T9510] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 232.362670][ T9510] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.365007][ T9510] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.366707][ T9510] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.368668][ T9510] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.452801][ T6428] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.513539][ T7902] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 232.515277][ T7902] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 232.605022][ T9841] netlink: 4 bytes leftover after parsing attributes in process `syz.0.917'. [ 232.629772][ T1958] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 232.646913][ T1958] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 232.789983][ T9855] ax25_connect(): syz.6.922 uses autobind, please contact jreuter@yaina.de [ 232.950526][ T9862] tipc: Started in network mode [ 232.951644][ T9862] tipc: Node identity 101, cluster identity 4711 [ 232.952941][ T9862] tipc: Node number set to 257 [ 232.954372][ T9862] tipc: Cannot configure node identity twice [ 235.549978][ T9940] netlink: 16 bytes leftover after parsing attributes in process `syz.5.939'. [ 235.865446][ T9956] netlink: 24 bytes leftover after parsing attributes in process `syz.4.947'. [ 236.421315][ T8640] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.892954][ T9978] netlink: 16 bytes leftover after parsing attributes in process `syz.0.952'. [ 236.902555][ T9979] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 236.916300][ T9979] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 237.025829][ T6432] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 237.030106][ T6432] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 237.033034][ T6432] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 237.035374][ T6432] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 237.042746][ T8640] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.056312][ T6432] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 237.064132][ T6432] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 237.194717][ T8640] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.379302][ T8640] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.423900][ T9988] chnl_net:caif_netlink_parms(): no params data found [ 237.480537][ T9988] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.482172][ T9988] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.484372][ T9988] bridge_slave_0: entered allmulticast mode [ 237.486279][ T9988] bridge_slave_0: entered promiscuous mode [ 237.495759][ T9988] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.497664][ T9988] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.499245][ T9988] bridge_slave_1: entered allmulticast mode [ 237.501097][ T9988] bridge_slave_1: entered promiscuous mode [ 237.520042][ T9988] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 237.544723][ T9988] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 237.605383][ T8640] bridge_slave_1: left allmulticast mode [ 237.606649][ T8640] bridge_slave_1: left promiscuous mode [ 237.612727][ T8640] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.618081][ T8640] bridge_slave_0: left allmulticast mode [ 237.619289][ T8640] bridge_slave_0: left promiscuous mode [ 237.620528][ T8640] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.127296][ T6432] Bluetooth: hci2: command tx timeout [ 240.545400][T10045] slcan: can't register candev [ 241.023548][ T8640] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 241.059965][ T8640] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 241.110380][ T8640] bond0 (unregistering): Released all slaves [ 241.118619][ T9988] team0: Port device team_slave_0 added [ 241.142512][T10022] netlink: 16 bytes leftover after parsing attributes in process `syz.6.968'. [ 241.188622][ T9988] team0: Port device team_slave_1 added [ 241.208088][ T6432] Bluetooth: hci2: command tx timeout [ 241.403757][ T9988] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 241.413991][ T9988] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 241.449717][ T9988] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 241.459489][ T9988] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 241.464763][ T9988] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 241.484650][ T9988] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 241.799915][ T9988] hsr_slave_0: entered promiscuous mode [ 241.838292][ T9988] hsr_slave_1: entered promiscuous mode [ 241.877804][ T9988] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 241.879865][ T9988] Cannot create hsr debugfs directory [ 241.918657][T10075] netlink: 4 bytes leftover after parsing attributes in process `syz.5.980'. [ 241.924851][T10075] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 241.939120][T10075] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 241.945767][T10075] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 241.966334][T10075] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 243.288179][ T6432] Bluetooth: hci2: command tx timeout [ 243.343398][ T8640] hsr_slave_0: left promiscuous mode [ 243.418152][ T8640] hsr_slave_1: left promiscuous mode [ 243.543446][ T8640] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 243.545070][ T8640] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 243.584695][ T8640] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 243.586370][ T8640] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 243.696257][ T8640] veth1_macvtap: left promiscuous mode [ 243.701605][ T8640] veth0_macvtap: left promiscuous mode [ 243.702856][ T8640] veth1_vlan: left promiscuous mode [ 243.703908][ T8640] veth0_vlan: left promiscuous mode [ 245.368278][ T6432] Bluetooth: hci2: command tx timeout [ 246.782699][ T8640] team0 (unregistering): Port device team_slave_1 removed [ 246.999303][ T8640] team0 (unregistering): Port device team_slave_0 removed [ 248.810132][ T2348] ieee802154 phy0 wpan0: encryption failed: -22 [ 248.811624][ T2348] ieee802154 phy1 wpan1: encryption failed: -22 [ 249.919837][T10125] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 249.959109][T10125] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 250.191662][T10125] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 250.193009][T10125] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 250.232694][T10170] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 250.234752][T10170] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 250.325701][T10176] binder: 10176:10174 cannot find target node [ 250.327049][T10176] binder: 10174:10176 transaction call to 0:0 failed 1/29189/-22, size 0-0 line 3145 [ 250.377611][ T6478] binder: undelivered TRANSACTION_ERROR: 29189 [ 251.025662][T10220] loop0: detected capacity change from 0 to 2048 [ 251.074198][T10220] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 251.115560][T10125] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 251.116769][T10125] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 251.186685][T10230] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1019'. [ 251.253624][ T9988] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 251.257978][T10233] binder: 10233:10228 cannot find target node [ 251.259386][ T9988] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 251.260948][T10233] binder: 10228:10233 transaction call to 0:0 failed 2/29189/-22, size 0-0 line 3145 [ 251.263728][ T6478] binder: undelivered TRANSACTION_ERROR: 29189 [ 251.266960][ T9988] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 251.604221][T10125] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 251.605848][T10125] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 251.867433][T10235] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1016'. [ 251.869935][T10236] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1016'. [ 251.872141][ T9988] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 251.940528][ T6428] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.986538][ T9988] 8021q: adding VLAN 0 to HW filter on device bond0 [ 251.996263][ T9988] 8021q: adding VLAN 0 to HW filter on device team0 [ 252.012156][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 252.013747][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 252.016284][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.017817][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 252.351565][ T9988] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 252.427986][T10125] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 252.435466][T10125] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 252.466469][T10285] netlink: 60 bytes leftover after parsing attributes in process `syz.6.1031'. [ 252.485898][ T9988] veth0_vlan: entered promiscuous mode [ 252.491027][ T9988] veth1_vlan: entered promiscuous mode [ 252.525509][ T9988] veth0_macvtap: entered promiscuous mode [ 252.531041][T10289] loop0: detected capacity change from 0 to 2048 [ 252.539164][ T9988] veth1_macvtap: entered promiscuous mode [ 252.551441][T10289] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 252.559032][ T9988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 252.574733][ T9988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.577083][ T9988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 252.583185][ T9988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.585465][ T9988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 252.603647][ T9988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.605659][ T9988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 252.610296][ T9988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.616485][ T9988] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 252.647674][ T9988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 252.649787][ T9988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.670301][ T9988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 252.684093][ T9988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.695719][ T9988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 252.713690][ T9988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.721785][ T9988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 252.721887][T10301] binder: 10301:10299 cannot find target node [ 252.725309][T10301] binder: 10299:10301 transaction call to 0:0 failed 3/29189/-22, size 0-0 line 3145 [ 252.736038][ T9988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.741975][ T6433] binder: undelivered TRANSACTION_ERROR: 29189 [ 252.744769][ T9988] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 253.055794][T10302] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1033'. [ 253.064602][T10304] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1033'. [ 253.101158][ T9988] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.183191][ T9988] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.255169][ T9988] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.346059][ T9988] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.405668][ T6428] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.534107][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 253.535704][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 253.628035][T10325] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1044'. [ 253.646780][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 253.650407][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 253.700894][T10327] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 253.717572][T10327] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 253.761413][T10327] Bluetooth: MGMT ver 1.23 [ 253.935824][T10339] binder: 10339:10337 cannot find target node [ 253.962694][T10341] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1049'. [ 253.965594][T10341] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1049'. [ 255.001083][T10371] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1057'. [ 255.691077][T10326] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 257.300930][ T6478] ================================================================== [ 257.302690][ T6478] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x34/0x158 [ 257.304462][ T6478] Read of size 8 at addr ffff0000d007f688 by task kworker/0:4/6478 [ 257.306041][ T6478] [ 257.306504][ T6478] CPU: 0 UID: 0 PID: 6478 Comm: kworker/0:4 Not tainted 6.12.0-syzkaller-g7b1d1d4cfac0 #0 [ 257.308680][ T6478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 257.310802][ T6478] Workqueue: events binder_deferred_func [ 257.311974][ T6478] Call trace: [ 257.312758][ T6478] show_stack+0x2c/0x3c (C) [ 257.313699][ T6478] dump_stack_lvl+0xe4/0x150 [ 257.314676][ T6478] print_report+0x198/0x538 [ 257.315610][ T6478] kasan_report+0xd8/0x138 [ 257.316543][ T6478] __asan_report_load8_noabort+0x20/0x2c [ 257.317711][ T6478] __list_del_entry_valid_or_report+0x34/0x158 [ 257.318957][ T6478] binder_release_work+0xc0/0x4f4 [ 257.320023][ T6478] binder_deferred_func+0x109c/0x1270 [ 257.321141][ T6478] process_one_work+0x7bc/0x1600 [ 257.322176][ T6478] worker_thread+0x97c/0xeec [ 257.323143][ T6478] kthread+0x288/0x310 [ 257.323995][ T6478] ret_from_fork+0x10/0x20 [ 257.324902][ T6478] [ 257.325382][ T6478] Allocated by task 10423: [ 257.326282][ T6478] kasan_save_track+0x40/0x78 [ 257.327274][ T6478] kasan_save_alloc_info+0x40/0x50 [ 257.328473][ T6478] __kasan_kmalloc+0xac/0xc4 [ 257.329424][ T6478] __kmalloc_cache_noprof+0x244/0x378 [ 257.330604][ T6478] binder_ioctl_write_read+0x1e94/0xb0d8 [ 257.331764][ T6478] binder_ioctl+0x408/0x2670 [ 257.332734][ T6478] __arm64_sys_ioctl+0x14c/0x1c8 [ 257.333697][ T6478] invoke_syscall+0x98/0x2b8 [ 257.334665][ T6478] el0_svc_common+0x130/0x23c [ 257.335742][ T6478] do_el0_svc+0x48/0x58 [ 257.336622][ T6478] el0_svc+0x54/0x168 [ 257.337382][ T6478] el0t_64_sync_handler+0x84/0x108 [ 257.338381][ T6478] el0t_64_sync+0x198/0x19c [ 257.339442][ T6478] [ 257.339942][ T6478] Freed by task 6478: [ 257.340755][ T6478] kasan_save_track+0x40/0x78 [ 257.341704][ T6478] kasan_save_free_info+0x54/0x6c [ 257.342813][ T6478] __kasan_slab_free+0x64/0x8c [ 257.343784][ T6478] kfree+0x184/0x47c [ 257.344642][ T6478] binder_deferred_func+0xff0/0x1270 [ 257.345787][ T6478] process_one_work+0x7bc/0x1600 [ 257.346863][ T6478] worker_thread+0x97c/0xeec [ 257.347908][ T6478] kthread+0x288/0x310 [ 257.348706][ T6478] ret_from_fork+0x10/0x20 [ 257.349654][ T6478] [ 257.350159][ T6478] The buggy address belongs to the object at ffff0000d007f680 [ 257.350159][ T6478] which belongs to the cache kmalloc-64 of size 64 [ 257.353325][ T6478] The buggy address is located 8 bytes inside of [ 257.353325][ T6478] freed 64-byte region [ffff0000d007f680, ffff0000d007f6c0) [ 257.356246][ T6478] [ 257.356697][ T6478] The buggy address belongs to the physical page: [ 257.358066][ T6478] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11007f [ 257.360186][ T6478] anon flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 257.361749][ T6478] page_type: f5(slab) [ 257.362741][ T6478] raw: 05ffc00000000000 ffff0000c00018c0 0000000000000000 dead000000000001 [ 257.364479][ T6478] raw: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000 [ 257.366304][ T6478] page dumped because: kasan: bad access detected [ 257.367663][ T6478] [ 257.368162][ T6478] Memory state around the buggy address: [ 257.369438][ T6478] ffff0000d007f580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 257.371132][ T6478] ffff0000d007f600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 257.372897][ T6478] >ffff0000d007f680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 257.374690][ T6478] ^ [ 257.375689][ T6478] ffff0000d007f700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 257.377409][ T6478] ffff0000d007f780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 257.379175][ T6478] ================================================================== [ 257.380979][ C0] vkms_vblank_simulate: vblank timer overrun [ 257.382519][ T6478] Disabling lock debugging due to kernel taint [ 257.383725][ T6478] Unable to handle kernel paging request at virtual address e0fd40ae00000329 [ 257.385538][ T6478] KASAN: maybe wild-memory-access in range [0x07ee057000001948-0x07ee05700000194f] [ 257.387825][ T6478] Mem abort info: [ 257.388553][ T6478] ESR = 0x0000000096000004 [ 257.389553][ T6478] EC = 0x25: DABT (current EL), IL = 32 bits [ 257.390846][ T6478] SET = 0, FnV = 0 [ 257.391591][ T6478] EA = 0, S1PTW = 0 [ 257.392387][ T6478] FSC = 0x04: level 0 translation fault [ 257.393529][ T6478] Data abort info: [ 257.394225][ T6478] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 257.395551][ T6478] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 257.396817][ T6478] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 257.398184][ T6478] [e0fd40ae00000329] address between user and kernel address ranges [ 257.399991][ T6478] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 257.401463][ T6478] Modules linked in: [ 257.402242][ T6478] CPU: 0 UID: 0 PID: 6478 Comm: kworker/0:4 Tainted: G B 6.12.0-syzkaller-g7b1d1d4cfac0 #0 [ 257.404525][ T6478] Tainted: [B]=BAD_PAGE [ 257.405317][ T6478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 257.407576][ T6478] Workqueue: events binder_deferred_func [ 257.408763][ T6478] pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 257.410335][ T6478] pc : __list_del_entry_valid_or_report+0x78/0x158 [ 257.411785][ T6478] lr : __list_del_entry_valid_or_report+0x4c/0x158 [ 257.413150][ T6478] sp : ffff8000a3d279c0 [ 257.414019][ T6478] x29: ffff8000a3d279c0 x28: ffff7000147a4f80 x27: ffff0000d007f680 [ 257.415747][ T6478] x26: dfff800000000000 x25: ffff8000922b00a0 x24: ffff80008f154f3b [ 257.417477][ T6478] x23: ffff80008f154f16 x22: dfff800000000000 x21: 07ee05700000194e [ 257.419069][ T6478] x20: ffff0000c88e8200 x19: ffff0000d007f680 x18: 0000000000000008 [ 257.420710][ T6478] x17: 0000000000000000 x16: ffff80008b47f65c x15: 0000000000000001 [ 257.422326][ T6478] x14: 1ffff000125bc2e8 x13: 0000000000000000 x12: 0000000000000000 [ 257.424046][ T6478] x11: ffff7000125bc2e9 x10: 0000000000ff0100 x9 : ffff80009746b3a0 [ 257.425639][ T6478] x8 : 00fdc0ae00000329 x7 : 0000000000000001 x6 : 0000000000000001 [ 257.427323][ T6478] x5 : ffff8000a3d26ff8 x4 : ffff80008f9bd220 x3 : ffff800083161924 [ 257.429054][ T6478] x2 : dead000000000122 x1 : 0000000000000008 x0 : 0000000000000000 [ 257.430673][ T6478] Call trace: [ 257.431366][ T6478] __list_del_entry_valid_or_report+0x78/0x158 (P) [ 257.432724][ T6478] __list_del_entry_valid_or_report+0x4c/0x158 (L) [ 257.434097][ T6478] binder_release_work+0xc0/0x4f4 [ 257.435182][ T6478] binder_deferred_func+0x109c/0x1270 [ 257.436350][ T6478] process_one_work+0x7bc/0x1600 [ 257.437371][ T6478] worker_thread+0x97c/0xeec [ 257.438277][ T6478] kthread+0x288/0x310 [ 257.439113][ T6478] ret_from_fork+0x10/0x20 [ 257.440001][ T6478] Code: 91008902 eb0202bf 54000520 d343fea8 (38766908) [ 257.441445][ T6478] ---[ end trace 0000000000000000 ]--- [ 258.130728][ T6478] Kernel panic - not syncing: Oops: Fatal exception [ 258.132137][ T6478] SMP: stopping secondary CPUs [ 258.133417][ T6478] Kernel Offset: disabled [ 258.134320][ T6478] CPU features: 0x40,0000081c,00800250,82017203 [ 258.135602][ T6478] Memory Limit: none [ 258.765728][ T6478] Rebooting in 86400 seconds..