last executing test programs: 1m20.252272805s ago: executing program 4 (id=418): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_aout(r2, &(0x7f00000002c0)=ANY=[], 0xc1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000005, 0x13, r1, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) write$binfmt_script(r3, 0x0, 0x0) 1m19.177019972s ago: executing program 4 (id=425): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00'}, 0x90) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) r0 = syz_open_dev$radio(&(0x7f0000000100), 0x3, 0x2) r1 = syz_io_uring_setup(0x239, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f00000002c0)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000140)={0x3, 0x98f90f, 0x1}) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$l2tp6(0xa, 0x2, 0x73) r4 = socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$SIOCSIFMTU(r4, 0x8922, &(0x7f00000005c0)={'veth1_macvtap\x00', 0xff}) 1m19.040751743s ago: executing program 4 (id=426): fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x800, &(0x7f0000000380)={[{@iocharset={'iocharset', 0x3d, 'maciceland'}}, {@umask={'umask', 0x3d, 0x9}}, {@iocharset={'iocharset', 0x3d, 'cp949'}}, {@errors_remount}, {}, {@iocharset={'iocharset', 0x3d, 'cp950'}}, {@gid}, {@errors_remount}, {@discard}, {@errors_continue}]}, 0x5, 0x1510, &(0x7f00000037c0)="$eJzs3Am4TlX7MPD7Xmvt45D0dJLhsNa6N08yLCdJMiTJkCRJkmRKSDrJKwmJQ6akQxKS4ZAMh5AMJ0465nkekyTpJEmmTMn6rlN83t7qe//v/+17/a//uX/Xta9n3c/a99prP/czrL0N33UZWrNxrWoNiQj+LfjrQxIAxALAQAC4DgACACgXVy4uqz+nxKR/7yDsr/VI6tWeAbuauP7ZG9c/e+P6Z29c/+yN65+9cf2zN65/9sb1Zyw72zy94PW8Zd+N7/9nZ/z7/79IZumxX60tfWPXfyGF65+9cf3/1wr+Kztx/bM3rn/2xvXP3rj+2UGOP+3h+mdvXH/GsrOrff+Zt6u7Xe33H2OMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yx7OGsv0IBwOX21Z4XY4wxxhhjjDHG/jo+x9WeAWOMMcYYY4wxxv7/QxAgQUEAMZADYiEn5AIBANdCHrgOInA9xMENkBduhHyQHwpAQYiHQlAYNBiwQBBCESgKUbgJisHNUBxKQEkoBQ5KQwLcAmXgVigLt0E5uB3Kwx1QASpCJagMd0IVuAuqwt1QDe6B6lADakItuBdqw31QB+6HuvAA1IMHoT48BA3gYWgIj0AjeBQaw2PQBB6HptAMmkMLaPnfyn8JesDL0BN6QRL0hj7wCvSFftAfBsBAeBUGwWswGF6HZBgCQ+ENGAZvwnB4C0bASBgFb8NoeAfGwFgYB+MhBSbARHgXJsF7MBmmwFSYBqkwHWbA+zATZsFs+ADmwIcwF+bBfFgAafARLIRFkA4fw2L4BDJgCSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVtsB12wE7YBbvhU9gDn8Fe+Bz2wRf/Yv6Zf8jvioCAAgUqVBiDMRiLsZgLc2FuzI15MA9GMIJxGId5MS/mw3xYAAtgPMZjYSyMBg0SEhbBIhjFKBbDYlgci2NJLIkOHSZgApbBW7EslsVyWA7LY3msgBWxIlbGylgFq2BVrIrVsBpWx+pYE2vivXgv9sY6WAfrYl2sh/Uu357ChtgQG2EjbIyNsQk2wabYFJtjc2yJLbEVtsLW2BrbYltsh+2wPbbHREzEDtgBO2JH7ISdsDN2xi7YBbtiN+yGL+UAfBlfxl5YXfTGPtgH+2Jyjv44AAfgqzgIX8PX8HVMxiE4FN/AN/BNHI6ncQSOxFE4CquId3AMjkUS4zEFU3AiTsRJOAkn4xScgtMwFafjDJyBM3EWzsIPcA5+iB/iPJyHCzAN03AhLsJ0TMfFeAYzcAkuxWW4HFfgclyFq3EVrsV1uBY34AbchJtwC27BbbgNd+AO3IUKAD/Fz/AzTMZ9uA/34348gAfwIB7ETMzEQ3gID+NhPIJH8CgexWN4HE/gcTyFp/A0nsGzeBbP43m8gC/Ef9NoV4k1ySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBN5RV6RT+QTBUQBES/iRWFRWBhhBIkwBgBEVERFMVFMFBfFRUlRUjjhRIJIEGVEGVFWlBXlxO2ivLhDVBAVRRtXWVQWVURbV1XcLaqJaqK6qCFqilqilqgtaos6oo6oK+qKeqKeqC8eEg1Eb+yPj4isyjQWQ7CJGIpNRTMhL32DtRLDsbVoI9qKp8RIHIHtRSuXKJ4VHcQY7Cj+Jsbi86KzGI9dxIuiq+gmuouXRA/R2vUUvcRk7C36iGnYV/QT/cUAMRNriA9wTs6a4nWRLIaIoeINsQDfFMPFW2KEGClGibfFaPGOGCPGinFivEgRE8RE8a6YJN4Tk8UUMVVME6liupgh3hczxSwxW3wg5ogPxVwxT8wXC0Sa+EgsFItEuvhYLBafiAyxRCwVy8RysUKsFKvEarFGrBXrxHqxQWwUm8RmsUVsFdvEdrFD7BS7xG7xqdgjPhN7xedin/hC7BdfigPiK3FQfC0yxTfikPhWHBbfiSPie3FU/CCOiePihDgpTokfxWlxRpwV58R58ZO4IH4WF4UXIFEKKaWSgYyROWSszClzyWtkbhlcenWvl3HyBplX3ijzyfyygCwo42UhWVhqaaSVJENZRBaVUXmTLCZvlsVlCVlSlpJOlpYJ8hZZRt4qy8rbZDl5uywv75AVZEVZSVaWd8oq8i4JkV+PUV3WkDVlLXmvrC3vk3Xk/bKufEDWkw/K+vIh2UA+LBvKR2Qj+ahsLB+TTeTjsqlsJpvLFrKlfEK2kk/K1rKNbCufku3k07K9fEYmymdlB+kvvUWel53lC7KLfFF2ld1kd/mzvCi97Cl7SYDeso98RfaV/WR/OUAOlK/KQfI1OVi+LpPlEDlUviGHyTflcPmWHCFHylHybTlaviPHyLFynBwvU+QEOVG+KyfJ9+RkOUVOldNkqpwu+18aabaU/zT/3T/IH/zL0TfJzXKL3Cq3ye1yh9wpd8ndcrfcI/fIvXKv3Cf3yf1yvzwgD8iD8qDMlJnykDwkD8vD8og8Io/Ko/KYPC7PyZPylPxRnpZn5Bl5Tp6X5+WFS68BKFRCSaVUoGJUDhWrcqpc6hqVW12r8qjrVERdr+LUDSqvulHlU/lVAVVQxatCqrDSyiirSIWqiCqqouomvPSGUSVVKeVUaZWgbvlX8lUxdbMqrkr8Jv/y/JL+ZH4tVUvVSrVSrVVr1Va1Ve1UO9VetVeJKlF1UB1UR9VRdVKdVGfVWXVRXVRX1VV1V91VD9VD9VQ9VZJKUn3UK6qv6qf6qwFqoHpVDVKD1GA1WCWrZDVUDVXD1DA1XA1XI9QINUqNUqPVaDVGjVHj1DiVolLURDVRTVKT1GQ1WU1VU1WqSlUz1Aw1U81Us9VsNUfNUXPVXDVfzVdpKk0tVAtVukpXi9VilaGWqCVqmVqmVqgVapVapdaoNWqdWqc2qA0qQ21Wm9VWtVVtV9vVTrVT7Va71R61R+1Ve9U+tU/tV/vVAXVAHVQHVabKVIfUIXVYHVZH1BF1VB1Vx9QxdUKdUKfUKXVanVZn1Vl1Xp1XF9QFdVFdzFr2BSIQgQpUEBPEBLFBbJAryBXkDnIHeYI8QSSIBHFBXJA3uDHIF+QPCgQFg/igUFA40IEJbCAuFT0a3BQUC24OigclgpJBqcAFpYOE4JagTHBrUDa4LSgX3B6UD+4IKgQVg0pB5eDOoEpwV1A1uDuoFtwTVA9qBDWDWsG9Qe3gvqBOcH9QN3ggqBc8GNQPHgoaBA8HDYNHgkbBo0Hj4LGgSfB40DRoFjQPWgQt/9LxvT+d/0nXU/fSSbq37qNf0X11P91fD9AD9at6kH5ND9av62Q9RA/Vb+hh+k09XL+lR+iRepR+W4/W7+gxeqwep8frFD1BT9Tv6kn6PT1ZT9FT9TSdqqfrGfp9PVPP0rP1B3qO/lDP1fP0fL1Ap+mP9EK9SKfrj/Vi/YnO0Ev0Ur1ML9cr9Eq9Sq/Wa/RavU6v1xv0Rr1Jb9Zb9Fa9TW/XO/ROvUvv1p/qPfozvVd/rvfpL/R+/aU+oL/SB/XXOlN/ow/pb/Vh/Z0+or/XR/UP+pg+rk/ok/qU/lGf1mf0WX1On9c/6Qv6Z31R+6zFfdbPu1FGmRgTY2JNrMllcpncJrfJY/KYiImYOBNn8pq8Jp/JZwqYAibexJvCprDJQoZMEVPERE3UFDPFTHFT3JQ0JY0zziSYBFPGlDFlTVlTzpQz5U15U8FUMJVMJXOnudPcZe4yd5u7zT3mHlPD1DC1TC1T29Q2dUwdU9fUNfVMPVPf1DcNTAPT0DQ0jUwj09g0Nk1ME9PUNDXNTXPT0rQ0rUwr09q0Nm1NW9POtDPtTXuTaBJNB9PBdDQdTSfTyXQ2nU0X08V0NV1Nd9Pd9DA9TE/T0ySZJNPH9DF9TV/T3/Q3A81AM8gMMoPNYJNsks1QM9QMM8PMcDPcjDAjzaishap5x4wxY804M96kmBQz0Uw0k8wkM9lMNlPNVJNqUs0MM8PMNDPNbDPbzDFzzFwz18w3802aSTMLzUKTbtLNYrPYZJgMs9QsNcvNcrPSrDSrzWqz1qw162G92Wg2ms1ms9lqtprtZrvZaXaa3Wa32WP2mL1mr9ln9pn9Zr85YA6Yg+agyTSZ5pA5ZA6bw+aIOWKOmqPmmDlmTpgT5pQ5ZU6b0+asOWvOm/yXfi+9ibU5bS57jc1tr7V57HX2H+MCtqCNt4VsYattPpv/N7Gx1ha3JWxJW8o6W9om2Ft+F1ewFW0lW9neaavYu2zV38W17X22jr3f1rUP2Fr23t/E9eyDtr59zDZABLDNbCPbwja2j9km9nHb1DazzW0L284+bdvbZ2yifdZ2sM/9Ll5oF9nVdo1da9fZPfYze9aes4ftd/a8/cn2tL3sQPuqHWRfs4Pt6zbZDvldPMq+bUfbd+wYO9aOs+N/F0+102yqnW5n2PftTDvrd3Ga/cjOsel2rp1n59sFv8RZc0q3H9vF9hObYZfYpXaZXW5X2JV21f+d6zK7wW60m+xu+6ndarfZ7XaH3Wl3/RJnncde+7ndZ7+wh+y39oD9yh60R2ym/eaXOOv8jtjv7VH7gz1mj9sT9qQ9ZX+0p+2ZX84/69xP2p/tRestEBKQJEUBxVAOiqWclIuuodx0LeWh6yhC11Mc3UB56UbKR/mpABWkeCpEhUmTIUtEIRWhohSlm+jyOr0klSJHpSmBbqEydCuVpduoHN1O5ekOqkAVqRJVpjupCt1FVeluqkb3UHWqQTWpFt1Ltek+qkP3U116gOrRg1SfHqIG9DA1pEeoET1KjekxakKPU1NqRs2pBbWkJ6gVPUmtqQ21paeoHT1N7ekZSqRnqQM9Rx3pb9SJnqfO9AJ1oRepK3Wj7vQS9aCXqSf1oiTqTX3oFepL/ag/DaCB9CoNotdoML1OyTSEhtIbNIzepOH0Fo2gkTSK3qbR9A6NobE0jsZTCk2gifQuTaL3aDJNoak0jVJpOs2g92kmzaLZ9AHNoQ9pLs2j+bSA0ugjWkiLKJ0+psX0CWXQElpKy2g5raCVtIpW0xpaS+toPW2gjbSJNtMW2krbaDvtoJ20i3bTp7SHPqO99Dntoy9oP31JB+grOkhfUyZ9Q4foWzpM39ER+t73oh/oGB2nE3SSTtGPdJrO0Fk6R+fpJ7pAP9NF8gQhhiKUoQqDMCbMEcaGOcNc4TVh7vDaME94XRgJrw/jwhvCvOGNYb4wf1ggLBjGh4XCwqEOTWhDCsOwSFg0jIY3hcXCm8PiYYmwZFgqdGHpMCG8JSwT3hqWDW8Ly4W3h+XDO8IKYcXwsQcqh3eGVcK7wqrh3WG18J6welgjrBnWCu8Na4f3hXXC+8O64QNh2fDBsH74UNggfDhsGD4SNgofDRuHj4VNwsfDpmGzsHnYImwZPhG2Cp8MW4dtwrbhU2G78OmwffhMmBg+G3YIn/ul/8FFf96fFPYO+4SvhK+E3t8v50cXRNOiH0UXRhdF06MfRxdHP4lmRJdEl0aXRZdHV0RXRldFV0fXRNdG10XXRzdEN0Y3Rb2vlQMcOuGkUy5wMS6Hi3U5XS53jcvtrnV53HUu4q53ce4Gl9fd6PK5/K6AK+jiXSFX2GlnnHXkQlfEFXVRd5Mr5m52xV0JV9KVcs6VdgmuhWvpWrpW7knX2rVxbd1T7in3tHvaPeOecc+6Du4519H9zXVyz7vO7gX3gnvRdXXdXHf3kuvhJuT59TOZ5Pq4Pq6v6+v6u/5uoBvoBrlBbrAb7JJdshvqhrphbpgb7oa7EW6EG+VGudFutBvjxrhxbpxLcSluopvoJrlJbrKb7Ka6qS7VpboZboab6Wa6KrN+PcpcN9fNd/NdmktzC13WmjHdLXaLXYbLcEvdUrfcLXcr3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O91Ot9vtdnv8db8O6va5/W6/O+AOuIPua5fpvnGH3LfusPvOHXHfu6PuB3fMHXcn3El3yv3oTrsz7qw75867n9wF97O76LxLiUyITIy8G5kUeS8yOTIlMjUyLZIamR6ZEXk/MjMyKzI78kFkTuTDyNzIvMj8yIJIWuSjyMLIokh65OPI4sgnkYzIksjSyLLI8siKiPeFtoa+iC/qo/4mX8zf7Iv7Er6kL+WdL+0T/C2+jL/Vl/W3+XL+dl/e3+Er+Iq+kn/cN/XNfHPfwrf0T/hW/knf2rfxbf1Tvp1/2rf3z/hE/6zv4J/zHf3ffCf/vO/sX/Bd/Iu+q+/mu/uXfA//su/pe/kk39v38a/4vr6f7+8H+IH+VT/Iv+YH+9d9sh/ih/o3/DD/ph/u3/Ij/Eg/KuZtP/ryJTKM9yl+gp/o3/WT/Ht+sp/ip/ppPtVP9zP8+36mn+Vn+w/8HP+hn+vn+fl+gU/zH/mFfpFP9x/7xf4Tn+GXXL6p7Ff6VX61X+PX+nV+vd/gN/pNfrPf4rf6bX673+F3+l1+t//U7/Gf+b3+c7/Pf+H3+y/9Af+VP+i/9pn+G3/If+sP++/8Ef+9P+p/8Mf8cX/Cn/Sn/I/+tD/jz/pz/rz/yV/wP/uL/G/WGGOMMcb+SyZcaYo/6u/9B8+Jv9u5DwBcu61g5t/3Z60o1+f7td1PxLeLAMCzvbo8cnmrXj0pKenSvhkSgqLzAC7/SVCWGLgSL4G28DQkQhso84fz7ye6nad/Mn70doBcf5cTC1fiK+N/+SfjP/HUqIXlw7Nx/4/x5wEUL3olJydciZdAW5X12AbK/sn4+Vv9k/nn/CoFoPXf5eSGK/GV+SfAk/AcJP5mT8YYY4wxxhhj7Ff9RKVOl68/L/+Nzz+6Po9XV3JywJX4n12fM8YYY4wxxhhj7Op7vlv3Z55ITGzT6V9vVP1vZXHjf2rDe4DLzygA+DcHBPiPn8WW/8ixki99dP6xa/k5H8D/jFL+FY2r/MXEGGOMMcYY+8tdWfT/9nl1tSbEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xlQ/+J/07sap8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdrX9nwAAAP//geYOMQ==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000e00)={'#! ', '', [{0x20, 'cp932Y\xe4\x00\x01mi@\xa9\x04\xa6c\xe3\x80ox\xfc\xe0\x94R\x81a\xbb\x924\xfe\xac\\\xef\xb5E\xfb\xf1@\v2\xca\x9eQ-I\a\xb2\x84\x9b\xea\x82}lB\xdc@(th*\xe0\v\xba\xe6iP\xd8\xfb\x11\x86\x99\x94\xc12\x9fj\xefP\x9c\xc2\xc8\xb1-d\xb3\xb3\xbc \\\x11V%\x87\xd5\x16\xf1\x89|\xfc!\xa1\xda,\xbd\xd0\xedw\x8c\xee\xc3\xe5Ii\x81K\x1b{\xc6b;d+&i\xab\b\xbd\xbd\x8d|d\x8f+\xad\x83\x18\x81\x87(\x1e\x12\x1b\xfe\xc9 bW\xffx\xc0\x868\b!\xd7\x1d-\xaa\xdd\xa3\xe5\x19\xbbA\xa4p\x16\xbc`\xc7\xb4z\b\xb8H\v\x15\xbdD\x17c\xda\xbd?\'t\x10\xf6\xb1l\xb71\x011\xda\xce`\x16\xc7#\x1f\xa4\xfan&\xdaH\xd0\x88\xbf\x01\x13\x80n.\xc5N\a\xeb\xb1\xec|\xf5\xfe\xd0F\xbb\xa9(\xe5 \xb7Ws\xbdu\xca\xc0\a\xb3Z\xa9@\xff\x04\x8c\xbeN\x8c\x98\xb1\xe0\x84\xfa\xca\xc8'}]}, 0x105) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) 1m18.749554477s ago: executing program 4 (id=427): openat(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1010d1, 0x0) mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x2081c80, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) fchdir(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) dup3(r1, r0, 0x0) mount_setattr(0xffffffffffffff9c, &(0x7f0000000700)='./file0/file0\x00', 0x0, &(0x7f0000000100)={0x0, 0x0, 0x40000}, 0x20) 1m18.518861936s ago: executing program 4 (id=429): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), r1) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x38, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x3}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x38}}, 0x0) 1m18.049410924s ago: executing program 4 (id=433): syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file1\x00', 0x402, &(0x7f0000000800)=ANY=[@ANYBLOB="756e695f786c6174653d312c6e6f6e756d7461696c3d300000000000000008303030303030303030303034303030303030303030302c73686f72746e616d653d65722c73686f72746e616d653d6d697865642c756e695f786c6174653d312c73686f72746e616d653d6d697865642c696f630100727365743d757466f69e75731725e72216799ebd57484a7e1948a8aa65667265652c757466383d312c6e66733d6e6f7374616c655f726f2c73686f72682e616d653d6d697865642c757466383d306d653d77696e6e742c007aea3388304ddedb3208ceb9b2c23924743277bd2c0d0019d44efede967f3df81cce421f7aafa8aa7c706311ab7a0ce39abf7858b6ba6ef5206da03692650000000000000001d0559b166f8c433d34c03a60999dea3bab649a260b216354ecc726cd1f6519546e8ef6ae17a0da1b9313ef4b5633c5f1bf756a7816d304d61c4d15539bae9f6e8dc91d178c85744c5cc226ca0568f9f6da8997bc10100b836488e47d0b7e6ccffaf123b1000000d6d876f2e37dde582f497ab6d4d11f7211b4aaf087f529ffc0000ee312a30cc69ae25ac6a986a76824020b12971980e00a27786eef1c2537fdcb1de9c4bed7175c6704f0c39d14da07a8edf97525a0c8138686d6e2b8d90102027245729e944719894ebe079bf1ab2b7002c54c5c714bff93d9475ff23f653874321e4ecc1ebd2baa44aea86a1617e53fcc5683e5c7b14e5158239aebf96ef3b73359414993575bf4e880ac24d7fee38c5a22f6fae6a22a2185cd5a25b7bc11062d649340f8220bfa18cae94fd73afbb38b2fc20a263e091c5eb14ce630628aaf65b7ccab9b4d3b2c220153cd28c86e6c8e58903c66698fd27f4f22a9fd1dd67d70de664e3b985f20ada8c0f531865a9093fe6d3cd52c721dcfe391a812583c4e745b824429ce98f2a7928d22c9b5302719058f593fddbbb60ca7"], 0x1, 0x27a, &(0x7f0000000540)="$eJzs3DFrE38cx/FP0/zbNKVNhr+CgvhFF12ONj4ACdKCGFBqI+ogXO1FQ85cyYVKRGw3FwcfR3F0E9Qn0MXN3a2L4FJQjCRNTdKmitr0onm/oHff5pdP8rvkEr53kNu6+fxBqRA6BbeqWMIUk9a1LaUbVctIax1r1mPqtK7zk5/en7p+6/aVbC43t2A2n128kDGz6dOvHz5+ceZtdfLGy+lX49pM39n6mPmweXzzxNbXxfvF0IqhlYOqubYUBFV3yfdsuRiWHLNrvueGnhXLoVfpGi/4wcpKzdzy8lRypeKFobnlmpW8mlUDq1Zq5t5zi2VzHMemksLP5DcWFtxs1LNA38Qbi0ol645Kmtg3nN+IYlIAACBanf2/Bq7/b3QtP+7/1+n//wD9/zBo9P/J1ue3G/0/AAAAAAAAAAAAAAAAAAAAAAB/g+16PVWv11O7692/cUkJSbv/Rz1P9Afv/3Dr+OFeQvKfruZX85I/0lg2ZAsqypenGaX0pbk/tOzU85dzczPWlNYbf62VX1vNj3bnZ5VSund+didv3fn/lOzMZ5TS/73zmZ75MZ0725F3lNK7uwrka7m5X7fzT2bNLl3N7clPNO8HAAAAAMC/wLHveh6/O85B4zv5Xzg/sOf4Oq6T8Wi3HQAAAACAYRHWHpVc3/cq0RSfWycLIp7GgBfHJP1W/GLHVV/bQ/F9txx28SwYlJduAIuEpEN9wAn1Y6oRfikBAAAA6It20x/1TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGF5HccGzA546dsSbCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAETuWwAAAP//AmwlzQ==") open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) mount$tmpfs(0x0, &(0x7f0000000340)='./file0/../file0\x00', 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0) write$binfmt_script(r0, &(0x7f0000000080), 0x208e24b) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) openat(r1, &(0x7f0000000200)='./file0/file0\x00', 0xa4b40, 0x0) rmdir(&(0x7f0000000180)='./file0/../file0\x00') 1m17.880884797s ago: executing program 1 (id=436): socket$inet(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x8, 0x6}, 0x48) r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) getgroups(0x2, &(0x7f0000001080)=[0xee01, 0x0]) keyctl$chown(0x4, r0, 0xee01, r1) keyctl$setperm(0x5, r0, 0x21062437) keyctl$chown(0x4, r0, 0xee01, 0x0) add_key$keyring(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x2}, 0x0, 0x0, r0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000740)='blkio.throttle.write_iops_device\x00', 0x2, 0x0) write$cgroup_int(r4, &(0x7f0000000780), 0x12) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000040)=0x4000, 0x4) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x180000000) madvise(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x14) r8 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000408a25886a000000000001090224000100000000090400000103000000092100000001220100090581030000000000"], 0x0) syz_usb_control_io(r8, 0x0, 0x0) syz_usb_control_io$hid(r8, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="002205000000"], 0x0}, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES16=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x10) 1m17.000737059s ago: executing program 0 (id=439): r0 = userfaultfd(0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x48031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r1 = socket(0x1e, 0x1, 0x0) connect$tipc(r1, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) write$binfmt_misc(r1, &(0x7f0000000040)=ANY=[], 0x2000011a) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000311000/0x1000)=nil, 0x1000}, 0x3}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) read(r0, &(0x7f0000001600)=""/233, 0xe9) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000040), 0x0, 0x4) ioctl$UFFDIO_COPY(r0, 0x8010aa01, &(0x7f0000000400)={&(0x7f0000272000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x4000}) ioctl$SIOCPNENABLEPIPE(0xffffffffffffffff, 0x5411, 0x1000000000000) syz_emit_vhci(&(0x7f0000001b80)=ANY=[@ANYBLOB="02c9000a00060005"], 0xf) 1m16.052000996s ago: executing program 0 (id=440): r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x3, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r0, 0xc0305602, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1}) 1m15.950283875s ago: executing program 0 (id=441): r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x190, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f00000001c0), 0x10) recvmmsg(0xffffffffffffffff, &(0x7f00000049c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000008340)=[{&(0x7f0000004780)=""/31, 0x46}], 0x1, 0x0, 0xffffffffffffff92}}], 0x1, 0x0, 0x0) setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f0000000580)=0x1, 0x4) sendmsg$can_raw(r0, &(0x7f0000000440)={&(0x7f0000000780)={0x1d, r1}, 0x10, &(0x7f0000000200)={&(0x7f0000000140)=@can={{}, 0x0, 0x0, 0x0, 0x0, "400000008b20aaf0"}, 0x10}}, 0x0) 1m15.828592114s ago: executing program 0 (id=442): r0 = socket$inet6_sctp(0xa, 0x0, 0x84) socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vxcan0\x00'}) ioctl$SNDCTL_DSP_SUBDIVIDE(0xffffffffffffffff, 0xc0045009, &(0x7f0000000080)) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$peeksig(0x4, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, 0x0, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000200)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) r3 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) dup2(r2, 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000000)={r4, 0x0, 0x9, 0x0, 0x0, 0x8}, &(0x7f00000000c0)=0x14) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) 1m15.540468378s ago: executing program 0 (id=443): syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file1\x00', 0x402, &(0x7f0000000800)=ANY=[@ANYBLOB="756e695f786c6174653d312c6e6f6e756d7461696c3d300000000000000008303030303030303030303034303030303030303030302c73686f72746e616d653d65722c73686f72746e616d653d6d697865642c756e695f786c6174653d312c73686f72746e616d653d6d697865642c696f630100727365743d757466f69e75731725e72216799ebd57484a7e1948a8aa65667265652c757466383d312c6e66733d6e6f7374616c655f726f2c73686f72682e616d653d6d697865642c757466383d306d653d77696e6e742c007aea3388304ddedb3208ceb9b2c23924743277bd2c0d0019d44efede967f3df81cce421f7aafa8aa7c706311ab7a0ce39abf7858b6ba6ef5206da03692650000000000000001d0559b166f8c433d34c03a60999dea3bab649a260b216354ecc726cd1f6519546e8ef6ae17a0da1b9313ef4b5633c5f1bf756a7816d304d61c4d15539bae9f6e8dc91d178c85744c5cc226ca0568f9f6da8997bc10100b836488e47d0b7e6ccffaf123b1000000d6d876f2e37dde582f497ab6d4d11f7211b4aaf087f529ffc0000ee312a30cc69ae25ac6a986a76824020b12971980e00a27786eef1c2537fdcb1de9c4bed7175c6704f0c39d14da07a8edf97525a0c8138686d6e2b8d90102027245729e944719894ebe079bf1ab2b7002c54c5c714bff93d9475ff23f653874321e4ecc1ebd2baa44aea86a1617e53fcc5683e5c7b14e5158239aebf96ef3b73359414993575bf4e880ac24d7fee38c5a22f6fae6a22a2185cd5a25b7bc11062d649340f8220bfa18cae94fd73afbb38b2fc20a263e091c5eb14ce630628aaf65b7ccab9b4d3b2c220153cd28c86e6c8e58903c66698fd27f4f22a9fd1dd67d70de664e3b985f20ada8c0f531865a9093fe6d3cd52c721dcfe391a812583c4e745b824429ce98f2a7928d22c9b5302719058f593fddbbb60ca7"], 0x1, 0x27a, &(0x7f0000000540)="$eJzs3DFrE38cx/FP0/zbNKVNhr+CgvhFF12ONj4ACdKCGFBqI+ogXO1FQ85cyYVKRGw3FwcfR3F0E9Qn0MXN3a2L4FJQjCRNTdKmitr0onm/oHff5pdP8rvkEr53kNu6+fxBqRA6BbeqWMIUk9a1LaUbVctIax1r1mPqtK7zk5/en7p+6/aVbC43t2A2n128kDGz6dOvHz5+ceZtdfLGy+lX49pM39n6mPmweXzzxNbXxfvF0IqhlYOqubYUBFV3yfdsuRiWHLNrvueGnhXLoVfpGi/4wcpKzdzy8lRypeKFobnlmpW8mlUDq1Zq5t5zi2VzHMemksLP5DcWFtxs1LNA38Qbi0ol645Kmtg3nN+IYlIAACBanf2/Bq7/b3QtP+7/1+n//wD9/zBo9P/J1ue3G/0/AAAAAAAAAAAAAAAAAAAAAAB/g+16PVWv11O7692/cUkJSbv/Rz1P9Afv/3Dr+OFeQvKfruZX85I/0lg2ZAsqypenGaX0pbk/tOzU85dzczPWlNYbf62VX1vNj3bnZ5VSund+didv3fn/lOzMZ5TS/73zmZ75MZ0725F3lNK7uwrka7m5X7fzT2bNLl3N7clPNO8HAAAAAMC/wLHveh6/O85B4zv5Xzg/sOf4Oq6T8Wi3HQAAAACAYRHWHpVc3/cq0RSfWycLIp7GgBfHJP1W/GLHVV/bQ/F9txx28SwYlJduAIuEpEN9wAn1Y6oRfikBAAAA6It20x/1TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGF5HccGzA546dsSbCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAETuWwAAAP//AmwlzQ==") open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) mount$tmpfs(0x0, &(0x7f0000000340)='./file0/../file0\x00', 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0) write$binfmt_script(r0, &(0x7f0000000080), 0x208e24b) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) openat(r1, &(0x7f0000000200)='./file0/file0\x00', 0xa4b40, 0x0) rmdir(&(0x7f0000000180)='./file0/../file0\x00') 1m15.38977017s ago: executing program 1 (id=444): io_setup(0x8, &(0x7f0000000000)) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00', @ANYBLOB="0900ffffffa47100000002"], 0x28}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$P9_RWRITE(0xffffffffffffffff, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {0x7a}, [{0x78, 0x1, [@m_police={0x74, 0x1, 0x0, 0x0, {{0xb}, {0x48, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x80}}}, @TCA_POLICE_RESULT={0x8, 0x5, 0x20000000}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x8c}}, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r2, &(0x7f0000000080)=0x6, 0x9) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=@gettaction={0x34, 0x32, 0x909, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0xc, 0x18, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000740)) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8b1a, &(0x7f0000000000)={'wlan1\x00'}) 1m15.194563976s ago: executing program 0 (id=445): socketpair$unix(0x1, 0x0, 0x0, 0x0) timer_create(0x3, 0x0, &(0x7f0000000340)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x9}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000000)={{}, {0x77359400}}, &(0x7f0000000040)) 1m14.945627876s ago: executing program 1 (id=446): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000480)='./bus\x00', 0x800, &(0x7f0000000040)={[{@jqfmt_vfsv0}, {@data_err_abort}]}, 0x1, 0x465, &(0x7f00000011c0)="$eJzs3U1PXFUfAPD/vQxtHtpHqta32ira2qJVEKpVE9OkOxeNLuzC7QQoNlLQgoltiIHEhVsT+wE0bu1HMNrEl42uTLdqdKEmxBQWTexizJ25AwPM0E4Dvcr8fskdzrlzhnPu/XPuy+HkTgAdqy97SSJ2R8SPEdFby64u0Ff7sXRtdiRbkqhUXv8rqZZbvDY7EhGno+Fzu7KXNKI/jUg/SOLhJvVOX7j4VnliYux8nh+cOff24PSFi8+cPVceHxsfmxw6NnT8+AvPvzg8tFHz9+1uY1tf+WHpt09Lr05+dmlx8vqJ4Z6svfXP59uxqfqib/W+bHB4sysr2H0N6aRUYENoS1dEZOHqrvb/3uiKleD1xrc/F9o4YEtVMjtbvj1XAbaxJIpuAVCM+ok+u/+tL02uA/6ubNUFCIVaOFm7AVzMx3aWluNfirSWeOfw11+tur/fTH0R8cap1w5kS2zROAwAAABAJ/vyZEQ83Wz8L437G8pl6Qci4sGIeCgi9kVU5/Xsj4gDEfFIRDxan0/UhrXl14z/tP7PJJti4WTEyw1zu5Ya4p/b05Xn/p9lojs5c3Zi7NmIuCsi+qN7Z5bfaJbWuTfL37d6b2X870pPbc3sSH0sMG/Hn6U1fwWj5ZnybW8wqyzMR+wrNYt/EqUs3Pm8vsci4vFb+YXfVGfUje+9fGN51Usf3nu1VfHG8d9syepfHX+2UuWTiCNN+//8cplk4/mZg9XjwWD9qLDed5eOf96qfvEvVtb/e5rGf3nm6p6kcb7udPt1XNn7y0+t3rtRqVQ2jn/z4/+O5HS1gTvyde+VZ2bOD0XsSE6tXz/cfpu3q/r+qO+vLP79B1fiv1IyjXvyVLZDD0bEoYh4Ip+7fKR67o94MiKeioijG9Q5N/5ry+s4/b9YWfxH2+r/7Sf+mP/oUKv6bx7/rP8/V21Mf77G9d/N3WqAim4nAAAAAAAAAJsjrT4DL0kHltNpOjBQe4bf3uhJJ6amZ46emXp3crT2rLw90Z3WZ3r1NswHHYraZMF6fnhN/lhE3B0RH3f9r5ofGJmaGC1646HD7WrR/zO/dxXdOmDLeV4rdC79HzqX/g+dS/+HzqX/Q+da1/9bfWsVsO04/0Pnyvv/XNHtAO68tef/96+eOnH9i/2XC2oOcAe5/oeO1PLZcPUv/Lu9R/5JSEj8pxMFH5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/iX+CQAA//8OZNCQ") chdir(0x0) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, 0x0) unshare(0x60480) open(&(0x7f0000000100)='./bus\x00', 0x121040, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f00000001c0)='./bus\x00', 0x0, 0x1000, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r0, &(0x7f0000000200)=""/209, 0xd1) unlink(&(0x7f0000000080)='./bus\x00') 1m10.653652595s ago: executing program 1 (id=452): openat(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1010d1, 0x0) mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x2081c80, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) fchdir(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) dup3(r1, r0, 0x0) mount_setattr(0xffffffffffffff9c, &(0x7f0000000700)='./file0/file0\x00', 0x0, &(0x7f0000000100)={0x0, 0x0, 0x40000}, 0x20) 1m8.651993437s ago: executing program 1 (id=456): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f511, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r3, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07}) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r3, 0x40a85323, &(0x7f0000000000)={{0x80}, 'port0\x00'}) dup3(r3, r4, 0x0) 1m3.355649296s ago: executing program 1 (id=462): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r1}, 0x10) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000040), 0x20000044) epoll_create(0x80) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x0, 0x0) open_by_handle_at(r3, &(0x7f0000000240)=@reiserfs_2={0x8, 0x2, {0x8}}, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) prctl$PR_SET_MM(0x21, 0x0, &(0x7f0000ff9000/0x4000)=nil) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000001040)='./file1\x00', 0x4040, &(0x7f0000001080)=ANY=[@ANYBLOB='lastblock=00000000000000000000,umask=00000000000000000000002,dmode=00000000000000000077777,novrs,shortad,shortad,undelete,iocharset=cp437,shortad,umask=00000000000000000000006,dmode=00000000000000000000011,fileset=00000000000000000011,uid=', @ANYRESDEC, @ANYRES32, @ANYBLOB="cdf7c0c4ada580d5d36bd90806b670b73bb5112f75ca483652cf9b8a22555c3af34a84c5747ac51aa890ca205a0f27d7dde81ad3a01f21810b6de2d56be05416c54e1c6e8459e1643b129327581f7716b38db3d3f3bbeb6d1b846a2aad654e1795850a1f82ac738387d9c3009d18eb2a78258fcc4ac4eb6a12a5650e10ebf077d9ab33f24de7cbffe0", @ANYRESHEX], 0x2, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir") r4 = landlock_create_ruleset(&(0x7f0000000140)={0x18a}, 0x10, 0x0) landlock_restrict_self(r4, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.dequeue\x00', 0x275a, 0x0) r5 = socket(0x0, 0x803, 0x0) sendto(r5, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x7, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000200), 0x200, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) 23.314315074s ago: executing program 3 (id=489): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001240)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_STATE={0x6}]}}]}, 0x3c}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 21.38985405s ago: executing program 3 (id=490): syz_mount_image$minix(&(0x7f0000000300), &(0x7f0000000080)='./bus\x00', 0x4000, &(0x7f0000000340)=ANY=[], 0x1, 0x1ff, &(0x7f00000005c0)="$eJzs3M1O1FAYxvGn0xZGNOJH/IgrExPjRkaBhMxKuQBvwMQFwUImFjXiBmKi3IR7t668BBO9D28AFu5ccUzbQ2Y6MzCnpaXK/H8J05eZ87TnQM5h2oYRgKn1NH305KmdVsaYj3clPX8mKWi4cwBqZez20ACYPn7pqf/iaA0B8F86WPUltfXdk379/rC+b7/aju8fDlZbWeFJ+wP5C675PS/d3gny+TlJF0daj56QmC9Z/r7y+UsFjz83lNcV13w2/gf3FGogf1nSvJTu5qqka5KuS7NJ2xuSWrnjz9jv+vnb2RN7jsMAAAAAAOBEydnnwmnzE3fgS3o09pXkPHijF0fjX50stPnHJfMzNr94yvzS4JOt41p7/TLMNrM2v7D+Jn5Zsg9AWa1i83/ksqDL/D92OtiVIT//Q/fe2CuCG73PhTIAMts7u6/W4jh6V2Xx5KQ2UtEdJitCxT0cX3xNCv3J7ozUfKwyRbLYlo0f3ZCpumOfNLmNcWhznoqg2p/zD3nD8zTITaJv9ndb6SiGFgr/jBcmALXrvN9629ne2X3Y21rbjDaj18sr3e7K8tJit5O+LU8ezXzTvQRQh/4f/aZ7AgAAAAAAAAAAAAAAyrop6VZa/TwsEHP9eA8AAAAA/5Cz+KeopscIAAAAAAAAAAAAAMB59zcAAP//jf04bg==") r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r0, 0xfffffffffffffffe, 0x29) 19.571284077s ago: executing program 3 (id=491): r0 = socket$nl_route(0x10, 0x3, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000400)=0x1000000000010001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x20) r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2) ioctl$vim2m_VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f0000000080)=@fd={0x4, 0x0, 0x4, 0x0, 0x9, {0x0, 0x2710}, {0x1, 0x1, 0x0, 0x8, 0x3, 0x2, "a33d4fc6"}, 0x5b98, 0x4, {}, 0x3}) semget$private(0x0, 0x1, 0xb62878136430cbcf) rt_sigprocmask(0x0, &(0x7f000078b000)={[0x1]}, 0x0, 0x8) gettid() r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f00000001c0), 0x20800) ioctl$BTRFS_IOC_START_SYNC(r3, 0x80089418, &(0x7f0000000200)) write$P9_RSTATu(r3, &(0x7f00000007c0)=ANY=[], 0x232) syz_emit_ethernet(0x76, &(0x7f0000000000)={@random="e7842a3e0090", @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x40, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x4, 0x2, 0x0, 0x0, {0x0, 0x6, "000810", 0x0, 0x11, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, @private2, [], "fb36eeca6fad50b375a22a584d16ca55"}}}}}}}, 0x0) r4 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000001080), 0x2, 0x0) readv(r4, &(0x7f0000000240)=[{&(0x7f0000000000)=""/207, 0xcf}], 0x1) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_PACKETS_PER_SLAVE={0x8, 0x14, 0x1}]}}}]}, 0x3c}}, 0x0) 17.992852325s ago: executing program 3 (id=493): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000005b00)=ANY=[@ANYBLOB="140000001000010000000000000000000080000a20000000000a01020000000000000000010000000900010073797a300000000014000000110001"], 0x48}}, 0x0) sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000580)={0x20, 0x1, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x0) 17.992064355s ago: executing program 3 (id=494): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000006, &(0x7f0000000380)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40000}}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@jqfmt_vfsv1}, {@norecovery}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@orlov}, {@bsdgroups}, {@max_batch_time={'max_batch_time', 0x3d, 0x2}}, {@min_batch_time={'min_batch_time', 0x3d, 0x2}}, {@quota}]}, 0x1, 0x54f, &(0x7f0000000b00)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbZdnamc8HbnvOvTc995t7v6fn5iQkgKE1kf0oRLwcEd8kEQfbto1GvnFibb/V+1dnsyWJRuPTv5JI8nWt/ZP89/688lJE/PZVxPHCxnZryysLpXI5Xczrk/XKpcna8sqJC5XSfDqfXpyemTn19sz0e+++M7BY3zj7z/ef3P7w1NdHV7/75e6hm0mcjgP5tvY4nsC19spETOTPyVicfmTHqQE0tpMk230A9GUkz/OxyPqAgzGSZz3w//dlRDSAIZXIfxhSrXFA695+QPfBz417H6zdAG2Mf3TttZHY07w32reaPHRnlN3vjg+g/ayNX/+8dTNbYnCvQwBs6dr1iDg5Orqx/0vy/q9/J3vY59E29H/w7NzOxj9vdhr/FNbHP9Fh/LO/Q+72Y+v8L9wdQDNdZeO/9zuOf9cnrcZH8toLzTHfWHL+QjnN+rYXI+JYjO3O6pvN55xavdPotq19/JctWfutsWB+HHdHdz/8mLlSvfQkMbe7dz3ilY7j32T9/Ccdzn/2fJztsY0j6a3Xum3bOv6nq/FTxOsdz/+DGa1k8/nJyeb1MNm6Kjb6+8aR37u1v93xZ+d/3+bxjyft87W1x2/jxz3/pt229Xv970o+a5Z35euulOr1xamIXcnHG9dPP3hsq97aP4v/2NHN+79O1//eiPi8x/hvHP751f7jf7qy+Oce6/w/fuHOR1/80K393s7/W83SsXxNL/1frwf4JM8dAAAAAAAA7DSFiDgQSaG4Xi4UisW193ccjn2FcrVWP36+unRxLpqflR2PsUJrpvtg2/shpvL3w7bq04/UZyLiUER8O7K3WS/OVstz2x08AAAAAAAAAAAAAAAAAAAA7BD7u3z+P/PHyHYfHfDU+cpvGF5b5v8gvukJ2JH8/4fhJf9heMl/GF7yH4aX/IfhJf9heMl/GF7yHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAbq7Jkz2dJYvX91NqvPXV5eWqhePjGX1haKlaXZ4mx18VJxvlqdL6fF2Wplq79XrlYvTU3H0pXJelqrT9aWV85VqksX6+cuVErz6bl07JlEBQAAAAAAAAAAAAAAAAAAAM+X2vLKQqlcThcVFPoqjO6Mw1AYcGG7eyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeOC/AAAA///ktDiZ") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$bind(&(0x7f00000001c0)='.\x00', &(0x7f0000000100)='./file0/../file0\x00', 0x0, 0x905891, 0x0) mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x212f4d1, 0x0) mount$9p_xen(0x0, &(0x7f0000000200)='./file0/file0\x00', 0x0, 0x24000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) 16.173601922s ago: executing program 3 (id=498): syz_mount_image$minix(&(0x7f0000000300), &(0x7f0000000080)='./bus\x00', 0x4000, &(0x7f0000000340)=ANY=[], 0x1, 0x1ff, &(0x7f00000005c0)="$eJzs3M1O1FAYxvGn0xZGNOJH/IgrExPjRkaBhMxKuQBvwMQFwUImFjXiBmKi3IR7t668BBO9D28AFu5ccUzbQ2Y6MzCnpaXK/H8J05eZ87TnQM5h2oYRgKn1NH305KmdVsaYj3clPX8mKWi4cwBqZez20ACYPn7pqf/iaA0B8F86WPUltfXdk379/rC+b7/aju8fDlZbWeFJ+wP5C675PS/d3gny+TlJF0daj56QmC9Z/r7y+UsFjz83lNcV13w2/gf3FGogf1nSvJTu5qqka5KuS7NJ2xuSWrnjz9jv+vnb2RN7jsMAAAAAAOBEydnnwmnzE3fgS3o09pXkPHijF0fjX50stPnHJfMzNr94yvzS4JOt41p7/TLMNrM2v7D+Jn5Zsg9AWa1i83/ksqDL/D92OtiVIT//Q/fe2CuCG73PhTIAMts7u6/W4jh6V2Xx5KQ2UtEdJitCxT0cX3xNCv3J7ozUfKwyRbLYlo0f3ZCpumOfNLmNcWhznoqg2p/zD3nD8zTITaJv9ndb6SiGFgr/jBcmALXrvN9629ne2X3Y21rbjDaj18sr3e7K8tJit5O+LU8ezXzTvQRQh/4f/aZ7AgAAAAAAAAAAAAAAyrop6VZa/TwsEHP9eA8AAAAA/5Cz+KeopscIAAAAAAAAAAAAAMB59zcAAP//jf04bg==") r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r0, 0xfffffffffffffffe, 0x29) 12.36351295s ago: executing program 2 (id=500): r0 = socket$nl_route(0x10, 0x3, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000400)=0x1000000000010001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x20) r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2) ioctl$vim2m_VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f0000000080)=@fd={0x4, 0x0, 0x4, 0x0, 0x9, {0x0, 0x2710}, {0x1, 0x1, 0x0, 0x8, 0x3, 0x2, "a33d4fc6"}, 0x5b98, 0x4, {}, 0x3}) semget$private(0x0, 0x1, 0xb62878136430cbcf) rt_sigprocmask(0x0, &(0x7f000078b000)={[0x1]}, 0x0, 0x8) gettid() r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f00000001c0), 0x20800) ioctl$BTRFS_IOC_START_SYNC(r3, 0x80089418, &(0x7f0000000200)) write$P9_RSTATu(r3, &(0x7f00000007c0)=ANY=[], 0x232) syz_emit_ethernet(0x76, &(0x7f0000000000)={@random="e7842a3e0090", @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x40, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x4, 0x2, 0x0, 0x0, {0x0, 0x6, "000810", 0x0, 0x11, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, @private2, [], "fb36eeca6fad50b375a22a584d16ca55"}}}}}}}, 0x0) r4 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000001080), 0x2, 0x0) readv(r4, &(0x7f0000000240)=[{&(0x7f0000000000)=""/207, 0xcf}], 0x1) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_PACKETS_PER_SLAVE={0x8, 0x14, 0x1}]}}}]}, 0x3c}}, 0x0) 10.670099817s ago: executing program 2 (id=501): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) socket$kcm(0x10, 0x0, 0x10) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000480)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) ioctl$BINDER_GET_FROZEN_INFO(r1, 0xc00c620f, &(0x7f0000000180)={r5}) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x102}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000880)={@flat=@handle={0x73682a85, 0x0, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000900)=""/206, 0xce}, @fda}, &(0x7f0000000240)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000017c0)=@newtaction={0x18, 0x30, 0x0, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x6}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r8, &(0x7f0000000200), 0x20000000}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r8, &(0x7f0000000040)}, 0x20) ioctl$TCXONC(r0, 0x540a, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) 6.247388885s ago: executing program 2 (id=502): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000001480)=@broute={'broute\x00', 0x20, 0x6, 0x276, [], 0x0, 0x0, &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0x0, 0x1, [{0x0, 0x0, 0x0, 'wg2\x00', 'ipvlan1\x00', 'veth1_macvtap\x00', 'nicvf0\x00', @multicast, [], @local, [], 0xb6, 0xb6, 0x1e6, [@ip={{'ip\x00', 0x0, 0x20}, {{@multicast2, @loopback}}}], [], @common=@SECMARK={'SECMARK\x00', 0x108, {{0x0, 0x0, 'system_u:object_r:systemd_unit_file_t:s0\x00'}}}}]}, {0x0, '\x00', 0x2}, {0x0, '\x00', 0x3}]}, 0x2ee) 6.122769425s ago: executing program 2 (id=503): openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x2}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000001c40), 0xffffffffffffffff) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0) bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x6b, 0x11, 0x32}]}, 0x0}, 0x90) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r1, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 3.328658331s ago: executing program 2 (id=505): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SFACILITIES(r0, 0x89e3, &(0x7f0000000000)={0x1, 0x0, 0x6, 0xc, 0x40}) 0s ago: executing program 2 (id=506): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x6, 0x8, 0x8}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040), &(0x7f00000005c0), 0x6, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/uevent_helper', 0x202, 0x0) write$tun(r3, &(0x7f00000006c0)={@val, @void, @ipv4=@igmp={{0x5, 0x4, 0x0, 0x0, 0x65, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x0, 0x0, 0x0, @dev, "5a6d3715715839271a7dece955ae0433e99e15680027b633e2b9b140239d6c10c7ba799ae98cea22b09267b7d4250d53ad0a2857f4bb75c510ba7277477006c3194b9b501c46cd2c0a"}}}, 0x69) bpf$BPF_PROG_QUERY(0x1d, &(0x7f0000000040)={@cgroup=r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r4}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r5}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) kernel console output (not intermixed with test programs): ated IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 52.383908][ T3547] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 52.392564][ T3547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 52.394239][ T1240] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 52.408918][ T3509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 52.419596][ T3509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.433162][ T3509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 52.444844][ T3509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.446421][ T3551] Bluetooth: hci1: command 0x040f tx timeout [ 52.454791][ T3509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 52.465795][ T3551] Bluetooth: hci0: command 0x040f tx timeout [ 52.471371][ T3509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.487504][ T3509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 52.498128][ T3509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.509871][ T3509] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 52.520015][ T3510] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.530983][ T3551] Bluetooth: hci4: command 0x040f tx timeout [ 52.534983][ T3510] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.537418][ T3551] Bluetooth: hci3: command 0x040f tx timeout [ 52.550130][ T3510] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.560859][ T3510] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.598558][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 52.607266][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 52.614392][ T3551] Bluetooth: hci2: command 0x040f tx timeout [ 52.616079][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 52.631560][ T3509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 52.642517][ T3509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.652954][ T3509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 52.664481][ T3509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.674362][ T3509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 52.685091][ T3509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.695355][ T3509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 52.705811][ T3509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.716658][ T3509] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 52.740159][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 52.749652][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 52.770621][ T3509] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.785535][ T3509] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.795752][ T3509] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.805124][ T3509] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.820697][ T1125] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 52.829561][ T1125] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 52.876739][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 53.007073][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 53.050575][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 53.099445][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 53.134428][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 53.501216][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 53.529410][ T1240] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 53.582653][ T1240] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 53.688153][ T3550] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 53.765352][ T1240] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 53.780484][ T3550] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 53.781383][ T1240] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 53.861123][ T3586] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 53.896704][ T3550] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 54.060624][ T1240] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.062911][ T3588] loop4: detected capacity change from 0 to 64 [ 54.081089][ T1240] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.116089][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 54.131744][ T3590] netlink: 'syz.0.7': attribute type 8 has an invalid length. [ 54.158660][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.160703][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.173507][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.204113][ T3551] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 54.223384][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.300908][ T3551] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 54.332449][ T3594] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 54.524639][ T3551] Bluetooth: hci0: command 0x0419 tx timeout [ 54.541528][ T3551] Bluetooth: hci1: command 0x0419 tx timeout [ 54.626178][ T3551] Bluetooth: hci3: command 0x0419 tx timeout [ 54.651844][ T3551] Bluetooth: hci4: command 0x0419 tx timeout [ 54.684206][ T3548] Bluetooth: hci2: command 0x0419 tx timeout [ 54.778261][ T3610] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 54.786190][ T3614] loop4: detected capacity change from 0 to 1024 [ 54.826525][ T3617] netlink: 'syz.1.15': attribute type 8 has an invalid length. [ 54.849683][ T3614] EXT4-fs (loop4): Ignoring removed orlov option [ 54.865729][ T3614] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 55.001297][ T3614] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 55.067953][ T26] audit: type=1804 audit(1721807593.590:2): pid=3614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.14" name="/newroot/3/file1/bus" dev="loop4" ino=18 res=1 errno=0 [ 55.129673][ T3630] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 55.167865][ T26] audit: type=1804 audit(1721807593.590:3): pid=3614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.14" name="/newroot/3/file1/bus" dev="loop4" ino=18 res=1 errno=0 [ 55.469628][ T3644] netlink: 12 bytes leftover after parsing attributes in process `syz.0.25'. [ 55.554520][ T3651] loop3: detected capacity change from 0 to 512 [ 55.628904][ T3653] lo speed is unknown, defaulting to 1000 [ 55.648979][ T3653] lo speed is unknown, defaulting to 1000 [ 55.662368][ T3653] lo speed is unknown, defaulting to 1000 [ 56.105623][ T3653] infiniband syz0: set active [ 56.110666][ T3653] infiniband syz0: added lo [ 56.146804][ T7] lo speed is unknown, defaulting to 1000 [ 56.210988][ T3653] infiniband syz0: Couldn't open port 1 [ 56.224860][ T3651] ======================================================= [ 56.224860][ T3651] WARNING: The mand mount option has been deprecated and [ 56.224860][ T3651] and is ignored by this kernel. Remove the mand [ 56.224860][ T3651] option from the mount to silence this warning. [ 56.224860][ T3651] ======================================================= [ 56.254666][ T3653] RDS/IB: syz0: added [ 56.264352][ T3653] smc: adding ib device syz0 with port count 1 [ 56.270777][ T3653] smc: ib device syz0 port 1 has pnetid [ 56.280680][ T3653] lo speed is unknown, defaulting to 1000 [ 56.306703][ T3524] lo speed is unknown, defaulting to 1000 [ 56.403015][ T3653] lo speed is unknown, defaulting to 1000 [ 56.461139][ T3653] lo speed is unknown, defaulting to 1000 [ 56.516833][ T3653] lo speed is unknown, defaulting to 1000 [ 56.572877][ T3653] lo speed is unknown, defaulting to 1000 [ 56.689859][ T3665] loop4: detected capacity change from 0 to 1024 [ 56.789726][ T3665] EXT4-fs (loop4): Ignoring removed orlov option [ 56.816950][ T3665] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 56.851168][ T3651] EXT4-fs (loop3): 1 orphan inode deleted [ 56.863899][ T3651] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 56.888918][ T3670] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 56.954775][ T3651] ext4 filesystem being mounted at /6/file1 supports timestamps until 2038 (0x7fffffff) [ 57.003621][ T3665] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 57.174917][ T26] audit: type=1804 audit(1721807595.700:4): pid=3665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.33" name="/newroot/5/file1/bus" dev="loop4" ino=18 res=1 errno=0 [ 57.273633][ T26] audit: type=1804 audit(1721807595.730:5): pid=3665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.33" name="/newroot/5/file1/bus" dev="loop4" ino=18 res=1 errno=0 [ 57.352259][ T3689] syz.3.27[3689] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 57.352882][ T3689] syz.3.27[3689] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 57.968027][ T3680] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 58.000549][ T26] audit: type=1804 audit(1721807596.000:6): pid=3689 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.27" name="/newroot/6/file1/bus" dev="loop3" ino=16 res=1 errno=0 [ 58.030150][ T26] audit: type=1804 audit(1721807596.030:7): pid=3689 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.27" name="/newroot/6/file1/bus" dev="loop3" ino=16 res=1 errno=0 [ 58.215370][ T3692] netlink: 12 bytes leftover after parsing attributes in process `syz.4.39'. [ 58.274396][ T3688] loop0: detected capacity change from 0 to 32768 [ 58.465100][ T3695] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 58.500053][ T3688] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.40 (3688) [ 58.573687][ T3688] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 58.582882][ T3688] BTRFS info (device loop0): setting nodatacow, compression disabled [ 58.591184][ T3688] BTRFS info (device loop0): max_inline at 0 [ 58.597619][ T3688] BTRFS info (device loop0): turning off barriers [ 58.604207][ T3688] BTRFS info (device loop0): enabling ssd optimizations [ 58.611157][ T3688] BTRFS info (device loop0): using spread ssd allocation scheme [ 58.618912][ T3688] BTRFS info (device loop0): not using ssd optimizations [ 58.625978][ T3688] BTRFS info (device loop0): not using spread ssd allocation scheme [ 58.634820][ T3688] BTRFS info (device loop0): using free space tree [ 58.641343][ T3688] BTRFS info (device loop0): has skinny extents [ 58.775296][ T3710] netlink: 'syz.3.47': attribute type 10 has an invalid length. [ 58.886311][ T3710] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.916235][ T3731] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 58.952515][ T3710] bond0: (slave team0): Enslaving as an active interface with an up link [ 59.149785][ T3717] netlink: 4 bytes leftover after parsing attributes in process `syz.3.47'. [ 59.284181][ T3734] netlink: 'syz.3.47': attribute type 10 has an invalid length. [ 59.457913][ T3734] bond0: (slave team0): Releasing backup interface [ 59.875279][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 59.884343][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 59.893231][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 59.902171][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 59.911093][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 59.920007][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 59.988020][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!! [ 59.997053][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!! [ 60.006053][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!! [ 60.015044][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!! [ 59.553860][ T3734] bridge0: port 3(team0) entered blocking state [ 60.377432][ T3734] bridge0: port 3(team0) entered disabled state [ 60.440684][ T3734] device team0 entered promiscuous mode [ 60.452710][ T3734] device team_slave_0 entered promiscuous mode [ 60.471024][ T3734] device team_slave_1 entered promiscuous mode [ 60.558736][ T3757] netlink: 'syz.1.53': attribute type 8 has an invalid length. [ 61.128732][ T3777] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 61.584028][ T3774] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 62.023297][ T3808] loop1: detected capacity change from 0 to 32768 [ 62.246625][ T3774] usb 5-1: Using ep0 maxpacket: 16 [ 62.252836][ T3808] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.66 (3808) [ 62.419811][ T3808] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 62.428666][ T3808] BTRFS info (device loop1): setting nodatacow, compression disabled [ 62.436917][ T3808] BTRFS info (device loop1): max_inline at 0 [ 62.442918][ T3808] BTRFS info (device loop1): turning off barriers [ 62.451037][ T3808] BTRFS info (device loop1): enabling ssd optimizations [ 62.458091][ T3808] BTRFS info (device loop1): using spread ssd allocation scheme [ 62.465800][ T3808] BTRFS info (device loop1): not using ssd optimizations [ 62.472840][ T3808] BTRFS info (device loop1): not using spread ssd allocation scheme [ 62.480888][ T3808] BTRFS info (device loop1): using free space tree [ 62.487518][ T3808] BTRFS info (device loop1): has skinny extents [ 62.596938][ T3819] netlink: 'syz.3.67': attribute type 10 has an invalid length. [ 62.633968][ T3819] device team0 left promiscuous mode [ 62.639541][ T3819] device team_slave_0 left promiscuous mode [ 62.643950][ T3774] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 62.646197][ T3819] device team_slave_1 left promiscuous mode [ 62.663883][ T3819] bridge0: port 3(team0) entered disabled state [ 62.754821][ T3819] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.792102][ T3838] netlink: 312 bytes leftover after parsing attributes in process `syz.2.68'. [ 62.820355][ T3804] loop0: detected capacity change from 0 to 32768 [ 62.857050][ T3819] bond0: (slave team0): Enslaving as an active interface with an up link [ 62.880536][ T3832] netlink: 4 bytes leftover after parsing attributes in process `syz.3.67'. [ 62.913929][ T3774] usb 5-1: New USB device found, idVendor=0403, idProduct=fa78, bcdDevice=c5.ff [ 62.923030][ T3774] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 63.100684][ T3774] usb 5-1: Product: syz [ 63.105545][ T3774] usb 5-1: Manufacturer: syz [ 63.110165][ T3774] usb 5-1: SerialNumber: syz [ 63.120058][ T3774] usb 5-1: config 0 descriptor?? [ 63.122540][ T3835] netlink: 'syz.3.67': attribute type 10 has an invalid length. [ 63.154848][ T3835] bond0: (slave team0): Releasing backup interface [ 63.187172][ T3774] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 63.871425][ T3774] usb 5-1: Detected FT-X [ 63.893987][ T3774] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 63.923900][ T3774] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 63.943865][ T3774] ftdi_sio 5-1:0.0: GPIO initialisation failed: -71 [ 63.961713][ T3774] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 63.992486][ T3774] usb 5-1: USB disconnect, device number 2 [ 64.009279][ T3774] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 64.030224][ T3774] ftdi_sio 5-1:0.0: device disconnected [ 64.182853][ T3804] XFS (loop0): Mounting V5 Filesystem [ 64.208295][ T3835] bridge0: port 3(team0) entered blocking state [ 64.233961][ T3835] bridge0: port 3(team0) entered disabled state [ 64.245920][ T3835] device team0 entered promiscuous mode [ 64.263845][ T3835] device team_slave_0 entered promiscuous mode [ 64.273015][ T3835] device team_slave_1 entered promiscuous mode [ 64.512296][ T3804] XFS (loop0): Ending clean mount [ 64.702119][ T3919] netlink: 64 bytes leftover after parsing attributes in process `syz.3.72'. [ 64.875474][ T3504] XFS (loop0): Unmounting Filesystem [ 65.751996][ T1125] bond0: (slave bond_slave_0): interface is now down [ 65.785791][ T1125] bond0: (slave bond_slave_1): interface is now down [ 65.796973][ T3915] loop2: detected capacity change from 0 to 32768 [ 65.994760][ T1125] bond0: (slave bond_slave_0): interface is now down [ 65.998107][ T3927] loop1: detected capacity change from 0 to 32768 [ 66.006609][ T1125] bond0: (slave bond_slave_1): interface is now down [ 66.122832][ T3950] Cannot find add_set index 0 as target [ 66.479516][ T1125] bond0: now running without any active interface! [ 66.568866][ T3915] XFS (loop2): Mounting V5 Filesystem [ 66.815608][ T3927] ialloc: diAlloc returned -5! [ 66.844294][ T3956] netlink: 'syz.0.82': attribute type 10 has an invalid length. [ 66.952677][ T3956] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.972776][ T3936] loop4: detected capacity change from 0 to 32768 [ 67.048423][ T3936] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.79 (3936) [ 67.100418][ T3956] bond0: (slave team0): Enslaving as an active interface with an up link [ 67.113934][ T3888] bond0: (slave team0): interface is now down [ 67.153924][ T3958] netlink: 4 bytes leftover after parsing attributes in process `syz.0.82'. [ 67.155247][ T3888] bond0: (slave team0): interface is now down [ 67.174780][ T3961] netlink: 'syz.0.82': attribute type 10 has an invalid length. [ 67.178465][ T3915] XFS (loop2): Ending clean mount [ 67.198340][ T3936] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 67.226632][ T3936] BTRFS info (device loop4): using free space tree [ 67.256640][ T3888] bond0: (slave team0): interface is now down [ 67.275237][ T3915] XFS (loop2): Quotacheck needed: Please wait. [ 67.291748][ T3961] bond0: (slave team0): Releasing backup interface [ 67.311817][ T3936] BTRFS info (device loop4): has skinny extents [ 67.335724][ T3961] bridge0: port 3(team0) entered blocking state [ 67.342024][ T3961] bridge0: port 3(team0) entered disabled state [ 67.389335][ T3961] device team0 entered promiscuous mode [ 67.397453][ T3961] device team_slave_0 entered promiscuous mode [ 67.404693][ T3961] device team_slave_1 entered promiscuous mode [ 67.691157][ T3915] XFS (loop2): Quotacheck: Done. [ 67.730703][ T3936] BTRFS info (device loop4): enabling ssd optimizations [ 67.893865][ T3511] XFS (loop2): Unmounting Filesystem [ 68.328976][ T4015] loop0: detected capacity change from 0 to 1024 [ 68.754887][ T4001] loop3: detected capacity change from 0 to 32768 [ 68.902161][ T4001] ialloc: diAlloc returned -5! [ 68.950526][ T4032] netlink: 64 bytes leftover after parsing attributes in process `syz.4.103'. [ 69.225866][ T4040] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 69.347911][ T4043] loop4: detected capacity change from 0 to 2048 [ 69.425399][ T4043] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 69.636143][ T26] audit: type=1800 audit(1721807608.160:8): pid=4043 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.109" name="bus" dev="loop4" ino=1367 res=0 errno=0 [ 69.692205][ T4050] loop0: detected capacity change from 0 to 1024 [ 69.840864][ T4050] EXT4-fs (loop0): mounted filesystem without journal. Opts: nombcache,abort,dioread_lock,norecovery,discard,lazytime,noload,usrquota,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 69.852329][ T4036] loop2: detected capacity change from 0 to 32768 [ 69.901304][ T4036] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.105 (4036) [ 69.969036][ T4036] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 70.022295][ T4036] BTRFS info (device loop2): using free space tree [ 70.058737][ T4036] BTRFS info (device loop2): has skinny extents [ 70.177530][ T4045] loop3: detected capacity change from 0 to 32768 [ 70.266652][ T4045] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.106 (4045) [ 70.329931][ T4071] loop1: detected capacity change from 0 to 32768 [ 70.378442][ T4071] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.117 (4071) [ 70.392046][ T4045] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 70.404088][ T4045] BTRFS info (device loop3): setting nodatacow, compression disabled [ 70.412212][ T4045] BTRFS info (device loop3): turning on flush-on-commit [ 70.414998][ T4071] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 70.428199][ T4071] BTRFS info (device loop1): setting nodatacow, compression disabled [ 70.436429][ T4071] BTRFS info (device loop1): max_inline at 0 [ 70.442424][ T4071] BTRFS info (device loop1): turning off barriers [ 70.449053][ T4071] BTRFS info (device loop1): enabling ssd optimizations [ 70.456026][ T4071] BTRFS info (device loop1): using spread ssd allocation scheme [ 70.463677][ T4071] BTRFS info (device loop1): not using ssd optimizations [ 70.468982][ T4084] loop4: detected capacity change from 0 to 1024 [ 70.470832][ T4071] BTRFS info (device loop1): not using spread ssd allocation scheme [ 70.485406][ T4071] BTRFS info (device loop1): using free space tree [ 70.491928][ T4071] BTRFS info (device loop1): has skinny extents [ 70.520053][ T4045] BTRFS info (device loop3): max_inline at 0 [ 70.555293][ T4045] BTRFS info (device loop3): enabling auto defrag [ 70.561857][ T4045] BTRFS info (device loop3): max_inline at 63 [ 70.588664][ T4045] BTRFS info (device loop3): using free space tree [ 70.608949][ T4045] BTRFS info (device loop3): has skinny extents [ 70.621806][ T4036] BTRFS info (device loop2): enabling ssd optimizations [ 71.131050][ T4045] BTRFS info (device loop3): enabling ssd optimizations [ 71.475224][ T1377] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.485897][ T1377] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.976077][ T4011] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 72.197968][ T4152] loop3: detected capacity change from 0 to 512 [ 72.260496][ T4152] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodelalloc,grpid,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 72.275337][ T4152] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038 (0x7fffffff) [ 72.396898][ T4011] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 72.436893][ T4011] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 72.499009][ T4011] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 72.563618][ T4011] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.604140][ T4011] usb 3-1: config 0 descriptor?? [ 72.744527][ T4163] loop3: detected capacity change from 0 to 512 [ 72.894819][ T4163] EXT4-fs (loop3): 1 orphan inode deleted [ 72.900551][ T4163] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 73.045851][ T4163] ext4 filesystem being mounted at /30/file1 supports timestamps until 2038 (0x7fffffff) [ 73.108898][ T4011] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 73.133400][ T4011] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 73.207827][ T4011] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 73.315534][ T4011] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 73.349263][ T4174] loop1: detected capacity change from 0 to 1024 [ 73.463000][ T4011] usb 3-1: USB disconnect, device number 2 [ 73.538910][ T4179] syz.3.129[4179] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.539001][ T4179] syz.3.129[4179] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.583344][ T26] audit: type=1804 audit(1721807612.080:9): pid=4179 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.129" name="/newroot/30/file1/bus" dev="loop3" ino=18 res=1 errno=0 [ 74.334343][ T26] audit: type=1804 audit(1721807612.090:10): pid=4179 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.129" name="/newroot/30/file1/bus" dev="loop3" ino=18 res=1 errno=0 [ 74.627230][ T4188] loop2: detected capacity change from 0 to 256 [ 74.780242][ T4188] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 74.903492][ T26] audit: type=1800 audit(1721807613.420:11): pid=4188 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.135" name="file1" dev="loop2" ino=1048590 res=0 errno=0 [ 76.192790][ T4190] loop3: detected capacity change from 0 to 32768 [ 76.309001][ T4190] ERROR: (device loop3): dtSearch: stack overrun! [ 76.309001][ T4190] [ 76.401573][ T4190] ERROR: (device loop3): remounting filesystem as read-only [ 76.554938][ T4225] xt_hashlimit: max too large, truncated to 1048576 [ 76.636895][ T4224] loop4: detected capacity change from 0 to 1024 [ 76.712020][ T4190] btstack dump: [ 76.741939][ T4190] bn = 0, index = 4 [ 76.793856][ T4190] bn = 0, index = 4 [ 76.834482][ T21] cfg80211: failed to load regulatory.db [ 76.835804][ T4190] bn = 0, index = 4 [ 76.909975][ T4190] bn = 0, index = 4 [ 76.934293][ T4190] bn = 0, index = 4 [ 76.938228][ T4190] bn = 0, index = 4 [ 76.964532][ T4236] ALSA: seq fatal error: cannot create timer (-22) [ 76.982692][ T4190] bn = 0, index = 4 [ 77.002575][ T4190] bn = 0, index = 0 [ 77.020744][ T4190] jfs_lookup: dtSearch returned -5 [ 77.048770][ T4226] ERROR: (device loop3): dtSearch: stack overrun! [ 77.048770][ T4226] [ 77.072625][ T4244] loop1: detected capacity change from 0 to 256 [ 77.082922][ T4226] btstack dump: [ 77.086982][ T4226] bn = 0, index = 4 [ 77.090801][ T4226] bn = 0, index = 4 [ 77.104858][ T4226] bn = 0, index = 4 [ 77.108792][ T4226] bn = 0, index = 4 [ 77.113139][ T4226] bn = 0, index = 4 [ 77.117387][ T4226] bn = 0, index = 4 [ 77.121215][ T4226] bn = 0, index = 4 [ 77.125403][ T4226] bn = 0, index = 0 [ 77.129252][ T4226] jfs_lookup: dtSearch returned -5 [ 77.177889][ T4244] FAT-fs (loop1): Directory bread(block 64) failed [ 77.185131][ T4244] FAT-fs (loop1): Directory bread(block 65) failed [ 77.191806][ T4244] FAT-fs (loop1): Directory bread(block 66) failed [ 77.199065][ T4244] FAT-fs (loop1): Directory bread(block 67) failed [ 77.206206][ T4244] FAT-fs (loop1): Directory bread(block 68) failed [ 77.213106][ T4244] FAT-fs (loop1): Directory bread(block 69) failed [ 77.228979][ T4244] FAT-fs (loop1): Directory bread(block 70) failed [ 77.241072][ T4244] FAT-fs (loop1): Directory bread(block 71) failed [ 77.243775][ T4130] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 77.247919][ T4244] FAT-fs (loop1): Directory bread(block 72) failed [ 77.262067][ T4244] FAT-fs (loop1): Directory bread(block 73) failed [ 77.622185][ T4253] lo speed is unknown, defaulting to 1000 [ 77.683960][ T4130] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 77.700552][ T4130] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 77.722164][ T4130] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 77.731929][ T4130] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.743058][ T4130] usb 5-1: config 0 descriptor?? [ 77.837643][ T3510] syz-executor (3510) used greatest stack depth: 19640 bytes left [ 78.014440][ T3584] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.811101][ T4130] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 78.840185][ T4130] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 78.852084][ T4275] fuse: Bad value for 'group_id' [ 78.862544][ T4130] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 78.874554][ T4275] overlayfs: overlapping lowerdir path [ 78.885015][ T4130] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 78.900808][ T3584] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.072277][ T3584] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.151925][ T21] usb 5-1: USB disconnect, device number 3 [ 79.210126][ T4285] loop2: detected capacity change from 0 to 256 [ 79.221581][ T4287] loop3: detected capacity change from 0 to 1024 [ 79.233317][ T3584] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.310282][ T4285] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 79.325482][ T4253] chnl_net:caif_netlink_parms(): no params data found [ 79.643997][ T4004] Bluetooth: hci5: command 0x0409 tx timeout [ 79.722738][ T4253] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.823909][ T4253] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.847959][ T4253] device bridge_slave_0 entered promiscuous mode [ 80.545187][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 80.555450][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 80.562922][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 80.570361][ T4324] A link change request failed with some changes committed already. Interface vxcan1 may have been left with an inconsistent configuration, please check. [ 80.586631][ T4253] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.593678][ T4253] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.685944][ T4253] device bridge_slave_1 entered promiscuous mode [ 80.701502][ C1] Illegal XDP return value 1603896156, expect packet loss! [ 80.776885][ T4253] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.795121][ T4253] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.897075][ T4253] team0: Port device team_slave_0 added [ 81.734920][ T3549] Bluetooth: hci5: command 0x041b tx timeout [ 82.072114][ T4253] team0: Port device team_slave_1 added [ 82.258009][ T4253] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.272496][ T4253] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.487228][ T4368] loop2: detected capacity change from 0 to 1024 [ 82.515458][ T4253] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.973580][ T4373] infiniband syz0: set active [ 82.995461][ T4373] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 83.019225][ T4373] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 83.027862][ T4373] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 83.059182][ T4373] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 83.185677][ T4253] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.239191][ T4253] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.291135][ T3504] syz-executor (3504) used greatest stack depth: 19320 bytes left [ 83.315153][ T4368] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 83.343921][ T4253] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.357091][ T4344] lo speed is unknown, defaulting to 1000 [ 84.210961][ T4011] Bluetooth: hci5: command 0x040f tx timeout [ 84.213484][ T4141] Bluetooth: hci3: command 0x0409 tx timeout [ 84.240741][ T21] lo speed is unknown, defaulting to 1000 [ 84.266363][ T4253] device hsr_slave_0 entered promiscuous mode [ 84.273355][ T4253] device hsr_slave_1 entered promiscuous mode [ 84.325396][ T4253] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 84.333121][ T4253] Cannot create hsr debugfs directory [ 84.819196][ T26] audit: type=1400 audit(1721807623.340:12): apparmor="DENIED" operation="stack" info="label not found" error=-2 profile="unconfined" name=3A3A0AE10CCA7C2B08C9DFF78977F306B457CA93031D371D06D2E59E863E2FE54118A4EE43068DF6BA88E1B6DC3A552C91AE1C817D6B6014270B8BC51F73363852F4F12EE955F464599F0C485D pid=4393 comm="syz.2.186" [ 85.585473][ T4415] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=none:owns=io+mem [ 86.284097][ T4142] Bluetooth: hci5: command 0x0419 tx timeout [ 86.293277][ T4142] Bluetooth: hci3: command 0x041b tx timeout [ 86.420102][ T4430] loop2: detected capacity change from 0 to 1024 [ 86.489148][ T4433] loop3: detected capacity change from 0 to 16 [ 86.548967][ T4430] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 86.568680][ T4344] chnl_net:caif_netlink_parms(): no params data found [ 86.586021][ T4433] erofs: Unknown parameter 'dont_measure' [ 86.753247][ T4448] netlink: 24 bytes leftover after parsing attributes in process `syz.3.196'. [ 86.759451][ T3867] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 86.854627][ T3867] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 28 [ 86.895035][ T4454] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=none,decodes=none:owns=io+mem [ 86.910885][ T3867] EXT4-fs (loop2): This should not happen!! Data will be lost [ 86.910885][ T3867] [ 86.971748][ T3867] EXT4-fs (loop2): Total free blocks count 0 [ 87.002138][ T3867] EXT4-fs (loop2): Free/Dirty block details [ 87.036416][ T3867] EXT4-fs (loop2): free_blocks=68451041280 [ 87.060180][ T3867] EXT4-fs (loop2): dirty_blocks=64 [ 87.068601][ T3867] EXT4-fs (loop2): Block reservation details [ 87.076609][ T3867] EXT4-fs (loop2): i_reserved_data_blocks=4 [ 87.114104][ T4004] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 87.122040][ T4463] loop4: detected capacity change from 0 to 256 [ 87.197551][ T4344] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.204199][ T4463] FAT-fs (loop4): Directory bread(block 64) failed [ 87.242915][ T4463] FAT-fs (loop4): Directory bread(block 65) failed [ 87.255226][ T4463] FAT-fs (loop4): Directory bread(block 66) failed [ 87.261881][ T4463] FAT-fs (loop4): Directory bread(block 67) failed [ 87.274710][ T4463] FAT-fs (loop4): Directory bread(block 68) failed [ 87.281926][ T4344] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.297704][ T4463] FAT-fs (loop4): Directory bread(block 69) failed [ 87.309987][ T4344] device bridge_slave_0 entered promiscuous mode [ 87.322790][ T4463] FAT-fs (loop4): Directory bread(block 70) failed [ 87.336722][ T4463] FAT-fs (loop4): Directory bread(block 71) failed [ 87.343501][ T4463] FAT-fs (loop4): Directory bread(block 72) failed [ 87.358608][ T4463] FAT-fs (loop4): Directory bread(block 73) failed [ 87.365652][ T4004] usb 4-1: Using ep0 maxpacket: 16 [ 87.391497][ T3584] device hsr_slave_0 left promiscuous mode [ 87.428710][ T3584] device hsr_slave_1 left promiscuous mode [ 87.437320][ T3584] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 87.524213][ T26] audit: type=1400 audit(1721807626.030:13): apparmor="DENIED" operation="stack" info="label not found" error=-2 profile="unconfined" name=3A3A0AE10CCA7C2B08C9DFF78977F306B457CA93031D371D06D2E59E863E2FE54118A4EE43068DF6BA88E1B6DC3A552C91AE1C817D6B6014270B8BC51F73363852F4F12EE955F464599F0C485D pid=4465 comm="syz.2.198" [ 87.661739][ T3584] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 87.735035][ T4004] usb 4-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=1b.b2 [ 87.788492][ T4004] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.891594][ T4004] usb 4-1: Product: syz [ 87.947713][ T4004] usb 4-1: Manufacturer: syz [ 88.008019][ T4004] usb 4-1: SerialNumber: syz [ 88.064430][ T3584] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 88.071877][ T3584] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 88.105058][ T4004] usb 4-1: config 0 descriptor?? [ 88.152898][ T3584] device bridge_slave_1 left promiscuous mode [ 88.165591][ T4004] ati_remote2 4-1:0.0: ati_remote2_probe(): interface 0 must have an endpoint [ 88.177245][ T3584] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.298939][ T3584] device bridge_slave_0 left promiscuous mode [ 88.320809][ T3584] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.376617][ T4143] Bluetooth: hci3: command 0x040f tx timeout [ 88.402232][ T4143] usb 4-1: USB disconnect, device number 2 [ 88.424202][ T3584] device veth1_macvtap left promiscuous mode [ 88.430700][ T3584] device veth0_macvtap left promiscuous mode [ 88.440202][ T3584] device veth1_vlan left promiscuous mode [ 89.027196][ T3584] device veth0_vlan left promiscuous mode [ 89.221556][ T4490] loop3: detected capacity change from 0 to 16 [ 89.264393][ T4490] erofs: Unknown parameter 'dont_measure' [ 89.327552][ T3584] team0 (unregistering): Port device team_slave_1 removed [ 89.370893][ T3584] team0 (unregistering): Port device team_slave_0 removed [ 89.385243][ T3584] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 89.399625][ T3584] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 89.497517][ T3584] bond0 (unregistering): Released all slaves [ 89.558783][ T4344] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.567478][ T4344] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.576202][ T4344] device bridge_slave_1 entered promiscuous mode [ 89.671800][ T4344] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.719748][ T4502] loop2: detected capacity change from 0 to 128 [ 89.750232][ T4344] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.820676][ T4344] team0: Port device team_slave_0 added [ 89.843004][ T4344] team0: Port device team_slave_1 added [ 89.849458][ T4253] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.860577][ T4502] EXT4-fs (loop2): mounted filesystem without journal. Opts: minixdf,nodelalloc,,errors=continue. Quota mode: none. [ 89.874713][ T4253] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.904443][ T4502] ext4 filesystem being mounted at /33/mnt supports timestamps until 2038 (0x7fffffff) [ 89.924911][ T4511] netlink: 2048 bytes leftover after parsing attributes in process `syz.3.211'. [ 89.935738][ T4511] netlink: 24 bytes leftover after parsing attributes in process `syz.3.211'. [ 89.946800][ T4253] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.976177][ T4344] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.983137][ T4344] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.063190][ T26] audit: type=1804 audit(1721807628.580:14): pid=4502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.208" name="/newroot/33/mnt/cgroup.controllers" dev="loop2" ino=12 res=1 errno=0 [ 90.103164][ T4344] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.125263][ T4513] netlink: 24 bytes leftover after parsing attributes in process `syz.4.212'. [ 90.198812][ T4524] Zero length message leads to an empty skb [ 90.443915][ T4141] Bluetooth: hci3: command 0x0419 tx timeout [ 90.563501][ T4344] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.604397][ T4344] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.630467][ C1] vkms_vblank_simulate: vblank timer overrun [ 90.903471][ T4344] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.923086][ T4253] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 91.099443][ T4344] device hsr_slave_0 entered promiscuous mode [ 91.118374][ T4344] device hsr_slave_1 entered promiscuous mode [ 91.136435][ T4344] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.181136][ T4344] Cannot create hsr debugfs directory [ 91.593143][ T4344] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.749412][ T4344] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.780892][ T4527] loop4: detected capacity change from 0 to 32768 [ 91.799152][ T4253] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.837825][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 91.857380][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 91.868516][ T3549] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 91.917718][ T4537] loop3: detected capacity change from 0 to 32768 [ 91.918025][ T4253] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.956878][ T4527] XFS (loop4): Mounting V5 Filesystem [ 91.966324][ T4344] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.976315][ T4537] XFS: noikeep mount option is deprecated. [ 91.982444][ T4537] XFS: attr2 mount option is deprecated. [ 91.997364][ T4537] XFS: noikeep mount option is deprecated. [ 92.009709][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 92.048486][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 92.068724][ T4011] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.075875][ T4011] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.099841][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 92.117179][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 92.126307][ T4011] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.133463][ T4011] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.157327][ T4537] XFS (loop3): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 92.191327][ T4344] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.216017][ T4527] XFS (loop4): Ending clean mount [ 92.226599][ T4141] XFS (loop3): Metadata CRC error detected at xfs_inobt_read_verify+0x39/0xc0, xfs_finobt block 0x10 [ 92.238913][ T4141] XFS (loop3): Unmount and run xfs_repair [ 92.249891][ T4141] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 92.257659][ T4141] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff FIB3............ [ 92.268221][ T4141] 00000010: 00 00 00 00 00 00 00 10 00 00 00 03 00 00 00 80 ................ [ 92.277447][ T4141] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 92.287349][ T4141] 00000030: 00 00 00 00 37 43 cf 4c 00 00 24 40 00 00 40 37 ....7C.L..$@..@7 [ 92.296573][ T4141] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 92.305929][ T4141] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 92.314098][ T3549] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 92.315212][ T4141] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 92.335618][ T4141] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 92.343801][ T3549] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 92.345237][ T4537] XFS (loop3): metadata I/O error in "xfs_btree_read_buf_block+0x26e/0x370" at daddr 0x10 len 4 error 74 [ 92.372514][ T4537] XFS (loop3): Failed to initialize disk quotas. [ 92.374151][ T4130] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 92.403317][ T3509] XFS (loop3): Unmounting Filesystem [ 92.410679][ T3549] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 92.434455][ T4130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 92.442394][ T3549] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.451305][ T4130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 92.483405][ T3549] usb 3-1: config 0 descriptor?? [ 92.489903][ T4130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 92.500144][ T4130] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 92.509125][ T4130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 92.519064][ T4130] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 92.555197][ T4527] XFS (loop4): Quotacheck needed: Please wait. [ 92.556864][ T4003] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 92.612414][ T4003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 92.628252][ T4003] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 92.637006][ T4003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 92.645711][ T4003] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 92.655693][ T4253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 92.663033][ T4527] XFS (loop4): Quotacheck: Done. [ 92.873360][ T26] audit: type=1804 audit(1721807631.390:15): pid=4527 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.214" name="/newroot/46/file0/bus" dev="loop4" ino=9292 res=1 errno=0 [ 92.874696][ T4141] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 92.894755][ C1] vkms_vblank_simulate: vblank timer overrun [ 92.931228][ T4141] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 92.952954][ T4344] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.976791][ T3549] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 93.014423][ T26] audit: type=1804 audit(1721807631.540:16): pid=4585 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.214" name="/newroot/46/file0/bus" dev="loop4" ino=9292 res=1 errno=0 [ 93.041003][ T4253] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.045729][ T3549] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 93.056637][ T4587] loop3: detected capacity change from 0 to 128 [ 93.077640][ T4344] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.094426][ T3549] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 93.103232][ T4344] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.135579][ T4587] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 93.152164][ T3549] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 93.169370][ T4587] ext4 filesystem being mounted at /64/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 93.208704][ T4344] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.232791][ T3507] XFS (loop4): Unmounting Filesystem [ 93.292632][ T3549] usb 3-1: USB disconnect, device number 3 [ 93.395831][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 93.424541][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 93.439601][ T4253] device veth0_vlan entered promiscuous mode [ 93.470411][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 93.486179][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 93.515637][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 93.523487][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 93.560650][ T4253] device veth1_vlan entered promiscuous mode [ 93.686287][ T4344] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.698343][ T4253] device veth0_macvtap entered promiscuous mode [ 93.711980][ T4143] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 93.729262][ T4143] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 93.741532][ T4143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 93.758216][ T4143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 93.776857][ T4253] device veth1_macvtap entered promiscuous mode [ 93.811842][ T4344] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.820200][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 93.836559][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 93.849715][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 93.861576][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 93.926287][ T4253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.943324][ T4253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.961336][ T4253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.973106][ T4253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.005201][ T4253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.033383][ T4605] loop2: detected capacity change from 0 to 1024 [ 94.038730][ T4253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.067185][ T4253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.067210][ T4253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.068803][ T4253] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.069708][ T4143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 94.070408][ T4143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.070781][ T4143] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.070865][ T4143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.071232][ T4143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 94.071762][ T4143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 94.072121][ T4143] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.072153][ T4143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.072536][ T4143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 94.073263][ T4143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 94.079268][ T4143] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 94.079997][ T4143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 94.100150][ T4143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.100802][ T4143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 94.102510][ T4143] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.103190][ T4143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.104449][ T4143] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.105448][ T4143] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 94.109882][ T4253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.109902][ T4253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.109911][ T4253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.109922][ T4253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.109931][ T4253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.109942][ T4253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.109950][ T4253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.109961][ T4253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.112301][ T4253] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.124323][ T4253] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.124365][ T4253] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.124392][ T4253] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.124417][ T4253] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.130213][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 94.130874][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 94.131363][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 94.131948][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 94.193598][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 94.195053][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 94.200381][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 94.219607][ T4605] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 94.219731][ T4605] ext4 filesystem being mounted at /39/file1 supports timestamps until 2038 (0x7fffffff) [ 94.356697][ T3888] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.356758][ T3888] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.390693][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 94.393296][ T3583] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.393356][ T3583] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.403030][ T4141] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 94.625715][ T4625] capability: warning: `syz.4.230' uses deprecated v2 capabilities in a way that may be insecure [ 94.754184][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 94.754375][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 94.766997][ T4344] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.836525][ T4130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 94.837126][ T4130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 94.876856][ T4638] loop4: detected capacity change from 0 to 128 [ 94.882177][ T4130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 94.908843][ T4639] netlink: 12 bytes leftover after parsing attributes in process `syz.2.236'. [ 94.911088][ T4130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 94.963327][ T4642] netlink: 'syz.2.236': attribute type 11 has an invalid length. [ 94.984563][ T4344] device veth0_vlan entered promiscuous mode [ 95.098317][ T4645] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 95.341360][ T4638] EXT4-fs (loop4): mounted filesystem without journal. Opts: minixdf,nodelalloc,,errors=continue. Quota mode: none. [ 95.345412][ T4645] overlayfs: failed to resolve './file0': -2 [ 95.360415][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 95.385717][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 95.401937][ T4344] device veth1_vlan entered promiscuous mode [ 95.453883][ T4638] ext4 filesystem being mounted at /53/mnt supports timestamps until 2038 (0x7fffffff) [ 95.589051][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 95.628771][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 95.671133][ T4344] device veth0_macvtap entered promiscuous mode [ 96.436468][ T4660] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 96.470313][ T26] audit: type=1804 audit(1721807634.990:17): pid=4661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.235" name="/newroot/53/mnt/cgroup.controllers" dev="loop4" ino=12 res=1 errno=0 [ 96.512596][ T4146] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 96.564365][ T4662] netlink: 8 bytes leftover after parsing attributes in process `syz.1.243'. [ 96.611414][ T4344] device veth1_macvtap entered promiscuous mode [ 96.629638][ T4660] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.638151][ T4660] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.817843][ T4344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.868410][ T4344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.910674][ T4344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.952551][ T4344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.977943][ T4683] netlink: 12 bytes leftover after parsing attributes in process `syz.2.250'. [ 96.977990][ T4344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.978007][ T4344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.978017][ T4344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.978030][ T4344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.978055][ T4344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.978067][ T4344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.979696][ T4344] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.984637][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 96.985338][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 96.995156][ T4683] netlink: 'syz.2.250': attribute type 11 has an invalid length. [ 97.011263][ T4344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.011286][ T4344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.011296][ T4344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.011308][ T4344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.011318][ T4344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.011330][ T4344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.011339][ T4344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.011351][ T4344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.011363][ T4344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.011374][ T4344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.019716][ T4344] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.019844][ T4141] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 97.020514][ T4141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 97.041356][ T4683] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 97.272008][ T4683] overlayfs: failed to resolve './file0': -2 [ 97.282437][ T4344] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.316661][ T4344] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.355130][ T4344] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.370670][ T4344] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.561060][ T4694] loop2: detected capacity change from 0 to 128 [ 97.612154][ T3894] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.634892][ T4677] loop1: detected capacity change from 0 to 40427 [ 97.642045][ T3894] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.680060][ T4694] EXT4-fs (loop2): mounted filesystem without journal. Opts: minixdf,nodelalloc,,errors=continue. Quota mode: none. [ 97.695354][ T4141] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 97.695802][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 97.725428][ T1125] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.733431][ T1125] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.734073][ T4694] ext4 filesystem being mounted at /48/mnt supports timestamps until 2038 (0x7fffffff) [ 97.791575][ T4677] F2FS-fs (loop1): invalid crc value [ 97.809770][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 97.827848][ T4677] F2FS-fs (loop1): Found nat_bits in checkpoint [ 97.847802][ T26] audit: type=1804 audit(1721807636.370:18): pid=4694 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.254" name="/newroot/48/mnt/cgroup.controllers" dev="loop2" ino=12 res=1 errno=0 [ 97.919359][ T4677] F2FS-fs (loop1): Cannot turn on quotas: -2 on 1 [ 97.953925][ T4141] usb 4-1: Using ep0 maxpacket: 32 [ 97.985121][ T4677] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 98.005860][ T4704] loop4: detected capacity change from 0 to 256 [ 98.011704][ T4708] loop0: detected capacity change from 0 to 2048 [ 98.065258][ T4704] exfat: Unknown parameter '184467440737095516150x0000000000000000' [ 98.076897][ T4677] attempt to access beyond end of device [ 98.076897][ T4677] loop1: rw=2049, want=40976, limit=40427 [ 98.077616][ T4141] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 98.138034][ T4708] NILFS (loop0): invalid segment: Inconsistency found [ 98.142706][ T4141] usb 4-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 98.170834][ T4708] NILFS (loop0): trying rollback from an earlier position [ 98.181445][ T4711] netlink: 'syz.2.257': attribute type 29 has an invalid length. [ 98.189659][ T4708] NILFS (loop0): invalid segment: Checksum error in segment payload [ 98.200802][ T4708] NILFS (loop0): error -22 while searching super root [ 98.206900][ T4141] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.223183][ T4141] usb 4-1: config 0 descriptor?? [ 98.241880][ T4711] netlink: 'syz.2.257': attribute type 29 has an invalid length. [ 98.259451][ T4714] loop4: detected capacity change from 0 to 512 [ 98.270144][ T4141] usb 4-1: bad CDC descriptors [ 98.270626][ T4713] netlink: 'syz.2.257': attribute type 29 has an invalid length. [ 98.398016][ T4713] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 98.441285][ T4704] loop4: detected capacity change from 0 to 512 [ 98.448127][ T4715] netlink: 'syz.2.257': attribute type 29 has an invalid length. [ 98.479342][ T4141] usb 4-1: USB disconnect, device number 3 [ 98.563568][ T4704] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 98.629256][ T4725] netlink: 1032 bytes leftover after parsing attributes in process `syz.0.262'. [ 98.953458][ T3584] device hsr_slave_0 left promiscuous mode [ 99.045803][ T26] audit: type=1400 audit(1721807637.570:19): apparmor="DENIED" operation="stack" info="label not found" error=-2 profile="unconfined" name=3A3A0AE10CCA7C2B08C9DFF78977F306B457CA93031D371D06D2E59E863E2FE54118A4EE43068DF6BA88E1B6DC3A552C91AE1C817D6B6014270B8BC51F73363852F4F12EE955F464599F0C485D pid=4729 comm="syz.0.265" [ 99.134999][ T3584] device hsr_slave_1 left promiscuous mode [ 99.469349][ T3584] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 99.605232][ T3584] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 99.709901][ T3584] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 99.775817][ T3584] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 99.829045][ T4753] loop2: detected capacity change from 0 to 512 [ 99.848830][ T3584] device team0 left promiscuous mode [ 99.858580][ T3584] device team_slave_0 left promiscuous mode [ 99.893990][ T3584] device team_slave_1 left promiscuous mode [ 99.934908][ T3584] bridge0: port 3(team0) entered disabled state [ 99.966026][ T3584] device bridge_slave_1 left promiscuous mode [ 99.969463][ T4753] EXT4-fs (loop2): Ignoring removed orlov option [ 99.972247][ T3584] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.994443][ T4760] IPVS: wlc: SCTP 172.20.20.187:0 - no destination available [ 100.717218][ T3584] device bridge_slave_0 left promiscuous mode [ 100.723441][ T3584] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.753318][ T4753] EXT4-fs (loop2): 1 orphan inode deleted [ 100.771958][ T4753] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,orlov,usrjquota=,resgid=0x0000000000000000,sysvgroups,delalloc,errors=continue,. Quota mode: writeback. [ 100.795926][ T4753] ext4 filesystem being mounted at /52/file1 supports timestamps until 2038 (0x7fffffff) [ 100.842810][ T3584] device veth1_macvtap left promiscuous mode [ 100.850789][ T3584] device veth0_macvtap left promiscuous mode [ 100.860645][ T3584] device veth1_vlan left promiscuous mode [ 100.867345][ T3584] device veth0_vlan left promiscuous mode [ 100.888687][ T26] audit: type=1800 audit(1721807639.410:20): pid=4753 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.269" name="bus" dev="loop2" ino=16 res=0 errno=0 [ 101.093138][ T4777] loop4: detected capacity change from 0 to 512 [ 101.443081][ T4777] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 101.507895][ T4777] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 101.558333][ T4777] EXT4-fs (loop4): 1 truncate cleaned up [ 101.575363][ T4777] EXT4-fs (loop4): mounted filesystem without journal. Opts: resuid=0x0000000000000000,grpquota,stripe=0x0000000000000000,noblock_validity,,errors=continue. Quota mode: writeback. [ 101.593123][ C1] vkms_vblank_simulate: vblank timer overrun [ 101.650744][ T4004] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 101.711746][ T4777] syz.4.278 (pid 4777) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 101.791840][ T3584] team0 (unregistering): Port device team_slave_1 removed [ 101.842404][ T3584] team0 (unregistering): Port device team_slave_0 removed [ 101.893255][ T3584] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 101.915013][ T4004] usb 4-1: Using ep0 maxpacket: 32 [ 101.949095][ T3584] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 102.096806][ T4788] process 'syz.2.279' launched './file0' with NULL argv: empty string added [ 102.164756][ T4788] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 102.584641][ T4004] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 102.595263][ T4004] usb 4-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 102.612673][ T4004] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.683642][ T4004] usb 4-1: config 0 descriptor?? [ 102.729647][ T4004] usb 4-1: bad CDC descriptors [ 102.762320][ T3584] bond0 (unregistering): Released all slaves [ 102.805971][ T4793] sctp: [Deprecated]: syz.4.280 (pid 4793) Use of int in max_burst socket option deprecated. [ 102.805971][ T4793] Use struct sctp_assoc_value instead [ 102.859134][ T4755] netlink: 24 bytes leftover after parsing attributes in process `syz.0.268'. [ 102.873879][ T4769] device gretap0 entered promiscuous mode [ 102.900286][ T4769] netlink: 'syz.1.276': attribute type 2 has an invalid length. [ 102.918896][ T4769] netlink: 9 bytes leftover after parsing attributes in process `syz.1.276'. [ 102.979691][ T4010] usb 4-1: USB disconnect, device number 4 [ 103.067267][ T4803] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 103.115870][ T4142] libceph: connect (1)[c::]:6789 error -101 [ 103.125502][ T4142] libceph: mon0 (1)[c::]:6789 connect error [ 103.141405][ T4142] libceph: connect (1)[c::]:6789 error -101 [ 103.158723][ T4801] ceph: No mds server is up or the cluster is laggy [ 103.177528][ T4142] libceph: mon0 (1)[c::]:6789 connect error [ 103.507433][ T21] libceph: connect (1)[c::]:6789 error -101 [ 103.569498][ T21] libceph: mon0 (1)[c::]:6789 connect error [ 106.237958][ T4832] loop3: detected capacity change from 0 to 512 [ 106.329642][ T4835] device gretap0 entered promiscuous mode [ 106.376010][ T4835] netlink: 'syz.4.295': attribute type 2 has an invalid length. [ 106.383030][ T4832] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 106.412067][ T4835] netlink: 9 bytes leftover after parsing attributes in process `syz.4.295'. [ 106.481280][ T4832] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz.3.294: casefold flag without casefold feature [ 106.580959][ T4832] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz.3.294: missing EA_INODE flag [ 106.601624][ T4823] loop0: detected capacity change from 0 to 32768 [ 106.616809][ T4832] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.294: error while reading EA inode 12 err=-117 [ 106.638511][ T4832] EXT4-fs (loop3): 1 orphan inode deleted [ 106.662750][ T4832] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,journal_dev=0x0000000000000007,quota,noinit_itable,errors=continue,errors=continue,errors=remount-ro,delalloc,auto_da_alloc,norecovery,errors=continue,journal_ioprio=0x0000000000000001,. Quota mode: writeback. [ 106.823099][ T4857] loop2: detected capacity change from 0 to 64 [ 106.835650][ T4823] XFS (loop0): Mounting V5 Filesystem [ 106.921213][ T4823] XFS (loop0): Ending clean mount [ 107.038624][ T4344] XFS (loop0): Unmounting Filesystem [ 109.463513][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 109.539162][ T4895] loop3: detected capacity change from 0 to 64 [ 109.680203][ T4895] BFS-fs: bfs_fill_super(): Inode 0x00000003 corrupted on loop3 [ 109.997064][ T4881] loop0: detected capacity change from 0 to 32768 [ 110.007564][ T4901] loop3: detected capacity change from 0 to 256 [ 110.054448][ T4881] XFS: attr2 mount option is deprecated. [ 110.063477][ T4881] XFS: noikeep mount option is deprecated. [ 110.158364][ T4887] loop4: detected capacity change from 0 to 32768 [ 110.167412][ T4881] XFS (loop0): Mounting V5 Filesystem [ 110.323651][ T4912] netlink: 'syz.1.313': attribute type 2 has an invalid length. [ 110.331976][ T4912] netlink: 9 bytes leftover after parsing attributes in process `syz.1.313'. [ 110.397103][ T4881] XFS (loop0): Ending clean mount [ 110.418701][ T4881] XFS (loop0): Quotacheck needed: Please wait. [ 110.501394][ T4881] XFS (loop0): Quotacheck: Done. [ 110.713769][ T4916] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 110.730996][ T4344] XFS (loop0): Unmounting Filesystem [ 110.761717][ T4916] netlink: 132 bytes leftover after parsing attributes in process `syz.2.316'. [ 111.713444][ T4951] netlink: 'syz.2.327': attribute type 10 has an invalid length. [ 112.116509][ T4955] loop2: detected capacity change from 0 to 16 [ 112.202527][ T4955] erofs: (device loop2): mounted with root inode @ nid 36. [ 112.218956][ T4955] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 112.423216][ T4934] loop1: detected capacity change from 0 to 40427 [ 112.485785][ T4934] F2FS-fs (loop1): invalid crc value [ 112.521627][ T4964] loop0: detected capacity change from 0 to 512 [ 112.527012][ T4967] loop4: detected capacity change from 0 to 256 [ 112.560560][ T4934] F2FS-fs (loop1): Found nat_bits in checkpoint [ 112.582499][ T4949] loop3: detected capacity change from 0 to 32768 [ 112.614829][ T4949] XFS: attr2 mount option is deprecated. [ 112.621041][ T4949] XFS: noikeep mount option is deprecated. [ 112.627881][ T4934] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 112.640135][ T4964] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 112.760208][ T4253] attempt to access beyond end of device [ 112.760208][ T4253] loop1: rw=2049, want=45104, limit=40427 [ 112.793455][ T4964] EXT4-fs (loop0): 1 truncate cleaned up [ 112.807203][ T4964] EXT4-fs (loop0): mounted filesystem without journal. Opts: resuid=0x0000000000000000,grpquota,stripe=0x0000000000000000,noblock_validity,,errors=continue. Quota mode: writeback. [ 112.871392][ T4978] loop2: detected capacity change from 0 to 1024 [ 112.909936][ T4949] XFS (loop3): Mounting V5 Filesystem [ 113.089151][ T4949] XFS (loop3): Ending clean mount [ 113.100986][ T4949] XFS (loop3): Quotacheck needed: Please wait. [ 113.161966][ T4949] XFS (loop3): Quotacheck: Done. [ 113.251916][ T4978] EXT4-fs (loop2): Test dummy encryption mode enabled [ 113.274988][ T4978] EXT4-fs (loop2): Ignoring removed orlov option [ 113.326804][ T4978] EXT4-fs (loop2): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback. [ 113.372400][ T3509] XFS (loop3): Unmounting Filesystem [ 113.430245][ T4978] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 113.709473][ T4993] netlink: 'syz.4.338': attribute type 10 has an invalid length. [ 113.796507][ T26] audit: type=1326 audit(1721807652.320:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4994 comm="syz.0.339" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa13bc87f19 code=0x0 [ 113.878732][ T5006] loop2: detected capacity change from 0 to 1024 [ 113.986098][ T5006] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv1,bsddf,barrier=0x0000000000000000,norecovery,data_err=ignore,resuid=0x0000000000000000,nodelalloc,acl,noinit_itable,,errors=continue. Quota mode: none. [ 114.163963][ T5006] EXT4-fs (loop2): re-mounted. Opts: usrquota,usrjquota="errors=continue,noload,data_err=ignore,grpjquota="grpquota,jqfmt=vfsold,noblock_validity,. Quota mode: writeback. [ 114.288773][ T5019] (unnamed net_device) (uninitialized): option primary_reselect: invalid value (64) [ 114.562983][ T5010] loop1: detected capacity change from 0 to 40427 [ 114.666286][ T5010] F2FS-fs (loop1): invalid crc value [ 114.758624][ T5010] F2FS-fs (loop1): Found nat_bits in checkpoint [ 114.793808][ T21] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 115.464030][ T21] usb 3-1: New USB device found, idVendor=0df6, idProduct=004b, bcdDevice=56.d7 [ 115.500686][ T5010] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 115.508682][ T21] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.542940][ T21] usb 3-1: Product: syz [ 115.555437][ T21] usb 3-1: Manufacturer: syz [ 115.574296][ T21] usb 3-1: SerialNumber: syz [ 115.580952][ T21] usb 3-1: config 0 descriptor?? [ 115.626239][ T21] r8712u: register rtl8712_netdev_ops to netdev_ops [ 115.648578][ T4253] attempt to access beyond end of device [ 115.648578][ T4253] loop1: rw=2049, want=45104, limit=40427 [ 115.653843][ T21] usb 3-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 115.684818][ T5033] loop4: detected capacity change from 0 to 32768 [ 115.768916][ T5052] loop0: detected capacity change from 0 to 1024 [ 115.834989][ T5033] XFS (loop4): Mounting V5 Filesystem [ 115.861317][ T21] usb 3-1: r8712u: Boot from EFUSE: Autoload Failed [ 115.872391][ T21] usb 3-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 115.913851][ T21] usb 3-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 115.929949][ T5063] loop3: detected capacity change from 0 to 512 [ 115.964311][ T21] usb 3-1: USB disconnect, device number 4 [ 115.973166][ T5052] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv1,bsddf,barrier=0x0000000000000000,norecovery,data_err=ignore,resuid=0x0000000000000000,nodelalloc,acl,noinit_itable,,errors=continue. Quota mode: none. [ 116.020752][ T5033] XFS (loop4): Ending clean mount [ 116.094040][ T5063] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 116.106002][ T5052] EXT4-fs (loop0): re-mounted. Opts: usrquota,usrjquota="errors=continue,noload,data_err=ignore,grpjquota="grpquota,jqfmt=vfsold,noblock_validity,. Quota mode: writeback. [ 116.169881][ T5063] ext4 filesystem being mounted at /90/w5T)`)YFnA@T<3ڂ$rcnHwC" -8 supports timestamps until 2038 (0x7fffffff) [ 116.277634][ T26] audit: type=1800 audit(1721807654.800:22): pid=5033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.350" name="bus" dev="loop4" ino=4427 res=0 errno=0 [ 116.331086][ T5063] EXT4-fs error (device loop3): ext4_do_update_inode:5160: inode #2: comm syz.3.358: corrupted inode contents [ 116.362040][ T5069] loop1: detected capacity change from 0 to 512 [ 116.412012][ T26] audit: type=1800 audit(1721807654.820:23): pid=5033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.350" name="file0" dev="loop4" ino=4428 res=0 errno=0 [ 116.418795][ T3507] XFS (loop4): Unmounting Filesystem [ 116.450112][ T5063] EXT4-fs error (device loop3): ext4_dirty_inode:5993: inode #2: comm syz.3.358: mark_inode_dirty error [ 116.461784][ T5071] loop0: detected capacity change from 0 to 512 [ 116.467290][ T5063] EXT4-fs error (device loop3): ext4_do_update_inode:5160: inode #2: comm syz.3.358: corrupted inode contents [ 116.491349][ T5063] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #2: comm syz.3.358: mark_inode_dirty error [ 116.607893][ T5069] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 116.629520][ T5071] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 116.655592][ T26] audit: type=1326 audit(1721807655.180:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5072 comm="syz.2.361" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff260c65f19 code=0x0 [ 116.675510][ T5071] ext4 filesystem being mounted at /19/bus supports timestamps until 2038 (0x7fffffff) [ 116.687430][ T5069] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038 (0x7fffffff) [ 116.849842][ T26] audit: type=1804 audit(1721807655.370:25): pid=5071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.359" name="/newroot/19/bus/file1" dev="loop0" ino=15 res=1 errno=0 [ 117.196333][ T5099] loop4: detected capacity change from 0 to 64 [ 117.232236][ T5099] BFS-fs: bfs_fill_super(): Inode 0x00000003 corrupted on loop4 [ 117.273933][ T4130] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 117.475993][ T5106] netlink: 'syz.4.373': attribute type 10 has an invalid length. [ 117.539133][ T4130] usb 2-1: Using ep0 maxpacket: 32 [ 117.592576][ T5110] loop4: detected capacity change from 0 to 512 [ 117.619310][ T5112] loop2: detected capacity change from 0 to 512 [ 117.647488][ T5087] loop3: detected capacity change from 0 to 40427 [ 117.694085][ T4130] usb 2-1: config 0 has an invalid descriptor of length 220, skipping remainder of the config [ 117.711818][ T5110] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 117.712996][ T5102] loop0: detected capacity change from 0 to 32768 [ 117.751023][ T4130] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 117.754000][ T5110] ext4 filesystem being mounted at /94/bus supports timestamps until 2038 (0x7fffffff) [ 117.765013][ T5087] F2FS-fs (loop3): invalid crc value [ 117.779877][ T5112] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 117.793882][ T4130] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 117.813425][ T26] audit: type=1804 audit(1721807656.330:26): pid=5110 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.376" name="/newroot/94/bus/file1" dev="loop4" ino=15 res=1 errno=0 [ 117.813940][ T5112] ext4 filesystem being mounted at /72/file0 supports timestamps until 2038 (0x7fffffff) [ 117.835385][ T4130] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFA, skipping [ 117.856083][ T4130] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 4 [ 117.872723][ T5087] F2FS-fs (loop3): Found nat_bits in checkpoint [ 117.881495][ T5102] XFS (loop0): Mounting V5 Filesystem [ 117.943601][ T5102] XFS (loop0): Ending clean mount [ 118.044987][ T26] audit: type=1800 audit(1721807656.570:27): pid=5102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.371" name="bus" dev="loop0" ino=4427 res=0 errno=0 [ 118.073949][ T4130] usb 2-1: New USB device found, idVendor=04bb, idProduct=0515, bcdDevice=5a.a2 [ 118.083101][ T4130] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.093247][ T4130] usb 2-1: Product: syz [ 118.099114][ T4130] usb 2-1: Manufacturer: syz [ 118.114301][ T4130] usb 2-1: SerialNumber: syz [ 118.125772][ T5087] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 118.135779][ T4130] usb 2-1: config 0 descriptor?? [ 118.173252][ T26] audit: type=1800 audit(1721807656.610:28): pid=5102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.371" name="file0" dev="loop0" ino=4428 res=0 errno=0 [ 118.223555][ T4344] XFS (loop0): Unmounting Filesystem [ 118.264020][ T3509] attempt to access beyond end of device [ 118.264020][ T3509] loop3: rw=2049, want=45104, limit=40427 [ 118.320252][ T5135] loop4: detected capacity change from 0 to 16 [ 118.421829][ T5135] erofs: (device loop4): erofs_fc_fill_super: rootino(nid 36) is not a directory(i_mode 66300) [ 118.559953][ T4130] usb 2-1: USB disconnect, device number 2 [ 118.577692][ T26] audit: type=1326 audit(1721807657.100:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5138 comm="syz.2.383" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff260c65f19 code=0x0 [ 118.791771][ T5149] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 118.799714][ T5149] IPv6: NLM_F_CREATE should be set when creating new route [ 118.807045][ T5149] IPv6: NLM_F_CREATE should be set when creating new route [ 118.841006][ T5151] loop3: detected capacity change from 0 to 512 [ 118.879425][ T5151] EXT4-fs (loop3): Ignoring removed orlov option [ 118.896479][ T5151] EXT4-fs (loop3): 1 truncate cleaned up [ 118.902430][ T5151] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsdgroups,quota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,orlov,i_version,data_err=ignore,errors=remount-ro,nobarrier,. Quota mode: writeback. [ 118.962299][ T5151] EXT4-fs warning (device loop3): ext4_read_inode_bitmap:149: Cannot read inode bitmap - block_group = 0, inode_bitmap = 3111355655 [ 118.985598][ T3509] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /93/file0: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=196608, rec_len=0, size=1024 fake=0 [ 119.009166][ T3509] EXT4-fs (loop3): Remounting filesystem read-only [ 119.084593][ T3549] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 119.124138][ T4004] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 119.299300][ T3883] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.336440][ T5158] loop2: detected capacity change from 0 to 512 [ 119.404490][ T4004] usb 1-1: Using ep0 maxpacket: 8 [ 119.405193][ T3883] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.460953][ T5158] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 119.487288][ T3883] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.504242][ T3549] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 119.505376][ T5158] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038 (0x7fffffff) [ 119.554282][ T3549] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 119.565153][ T4004] usb 1-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.01 [ 119.581123][ T4004] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.589851][ T3549] usb 5-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 119.618169][ T4004] usb 1-1: config 0 descriptor?? [ 119.630984][ T3549] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.698875][ T4004] ums-jumpshot 1-1:0.0: USB Mass Storage device detected [ 119.708109][ T3549] usb 5-1: config 0 descriptor?? [ 119.774606][ T4004] ums-jumpshot 1-1:0.0: Quirks match for vid 05dc pid 0001: 2 [ 119.801165][ T3549] gspca_main: spca561-2.14.0 probing abcd:cdee [ 119.810701][ T3883] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.900248][ T4004] usb 1-1: USB disconnect, device number 2 [ 119.903567][ T5166] lo speed is unknown, defaulting to 1000 [ 120.430649][ T3549] spca561: probe of 5-1:0.0 failed with error -22 [ 120.479044][ T3549] usb 5-1: MIDIStreaming interface descriptor not found [ 120.610843][ T5191] dccp_invalid_packet: P.Data Offset(224) too large [ 120.805486][ T5164] loop2: detected capacity change from 0 to 40427 [ 121.167665][ T3549] usb 5-1: USB disconnect, device number 4 [ 121.185968][ T5164] F2FS-fs (loop2): invalid crc value [ 121.323859][ T5166] chnl_net:caif_netlink_parms(): no params data found [ 121.515390][ T5164] F2FS-fs (loop2): Found nat_bits in checkpoint [ 121.666648][ T5164] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 121.677679][ T5207] loop4: detected capacity change from 0 to 512 [ 121.723983][ T4142] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 121.806695][ T5207] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 121.875415][ T5207] ext4 filesystem being mounted at /98/bus supports timestamps until 2038 (0x7fffffff) [ 121.884015][ T4144] Bluetooth: hci0: command 0x0409 tx timeout [ 122.428558][ T3511] attempt to access beyond end of device [ 122.428558][ T3511] loop2: rw=2049, want=45104, limit=40427 [ 122.464978][ T4142] usb 2-1: Using ep0 maxpacket: 32 [ 122.482033][ T26] audit: type=1804 audit(1721807661.000:30): pid=5207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.400" name="/newroot/98/bus/file1" dev="loop4" ino=15 res=1 errno=0 [ 122.628659][ T5166] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.639400][ T4142] usb 2-1: config 0 has an invalid descriptor of length 220, skipping remainder of the config [ 122.649900][ T4142] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 122.658866][ T4142] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 122.672994][ T4142] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFA, skipping [ 122.683634][ T4142] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 4 [ 122.694358][ T5166] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.771421][ T5166] device bridge_slave_0 entered promiscuous mode [ 122.781500][ T5166] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.791107][ T5166] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.819011][ T5166] device bridge_slave_1 entered promiscuous mode [ 122.855264][ T4142] usb 2-1: New USB device found, idVendor=04bb, idProduct=0515, bcdDevice=5a.a2 [ 122.877631][ T4142] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.908947][ T4142] usb 2-1: Product: syz [ 122.916432][ T4142] usb 2-1: Manufacturer: syz [ 122.921066][ T4142] usb 2-1: SerialNumber: syz [ 122.954657][ T4142] usb 2-1: config 0 descriptor?? [ 123.124175][ T5246] loop4: detected capacity change from 0 to 64 [ 123.124348][ T5166] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 123.166588][ T5166] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 123.282224][ T3549] usb 2-1: USB disconnect, device number 3 [ 123.298031][ T5166] team0: Port device team_slave_0 added [ 123.308825][ T5246] overlayfs: upper fs needs to support d_type. [ 123.335292][ T5253] netlink: 'syz.2.410': attribute type 10 has an invalid length. [ 123.344099][ T5253] netlink: 40 bytes leftover after parsing attributes in process `syz.2.410'. [ 123.367416][ T5246] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 123.570633][ T5246] overlayfs: failed to set xattr on upper [ 123.711111][ T5246] overlayfs: ...falling back to index=off,metacopy=off. [ 123.935588][ T5253] team0: Port device geneve0 added [ 124.090787][ T4146] Bluetooth: hci0: command 0x041b tx timeout [ 124.145132][ T5166] team0: Port device team_slave_1 added [ 124.246033][ T5261] loop2: detected capacity change from 0 to 64 [ 124.263267][ T5166] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 124.282456][ T5166] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 124.331110][ T5268] loop0: detected capacity change from 0 to 512 [ 124.331333][ T5166] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 124.371918][ T3883] device hsr_slave_0 left promiscuous mode [ 124.393578][ T3883] device hsr_slave_1 left promiscuous mode [ 124.401507][ T26] audit: type=1800 audit(1721807662.920:31): pid=5261 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.413" name="bus" dev="loop2" ino=21 res=0 errno=0 [ 124.422025][ T3883] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 124.430739][ T3883] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 124.438768][ T3883] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 124.447069][ T5268] EXT4-fs error (device loop0): ext4_fill_super:4840: inode #2: comm syz.0.416: casefold flag without casefold feature [ 124.447412][ T3883] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 124.467536][ T3883] device team0 left promiscuous mode [ 124.473335][ T3883] device team_slave_0 left promiscuous mode [ 124.479622][ T3883] device team_slave_1 left promiscuous mode [ 124.487070][ T3883] bridge0: port 3(team0) entered disabled state [ 124.495517][ T3883] device bridge_slave_1 left promiscuous mode [ 124.501791][ T3883] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.510736][ T3883] device bridge_slave_0 left promiscuous mode [ 124.511168][ T5268] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 124.519192][ T3311] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 124.537210][ T3883] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.556562][ T5268] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,data_err=abort,,errors=continue. Quota mode: none. [ 124.620885][ T3883] device veth1_macvtap left promiscuous mode [ 124.633658][ T3507] Trying to free block not in datazone [ 124.646872][ T3883] device veth0_macvtap left promiscuous mode [ 124.664290][ T3883] device veth1_vlan left promiscuous mode [ 124.670103][ T3883] device veth0_vlan left promiscuous mode [ 124.774902][ T3311] usb 2-1: Using ep0 maxpacket: 8 [ 124.894022][ T3311] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 124.906540][ T3311] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 124.917256][ T3311] usb 2-1: New USB device found, idVendor=056a, idProduct=0303, bcdDevice= 0.00 [ 124.926932][ T3311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.937314][ T3311] usb 2-1: config 0 descriptor?? [ 124.996480][ T3883] team0 (unregistering): Port device team_slave_1 removed [ 125.012376][ T3883] team0 (unregistering): Port device team_slave_0 removed [ 125.030680][ T3883] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 125.044845][ T3883] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 125.112158][ T3883] bond0 (unregistering): Released all slaves [ 125.171058][ T5166] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 125.185959][ T5166] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 125.236545][ T5166] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 125.314373][ T5166] device hsr_slave_0 entered promiscuous mode [ 125.349915][ T5166] device hsr_slave_1 entered promiscuous mode [ 125.431192][ T3311] wacom 0003:056A:0303.0004: unbalanced delimiter at end of report description [ 125.456529][ T3311] wacom 0003:056A:0303.0004: parse failed [ 125.478944][ T3311] wacom: probe of 0003:056A:0303.0004 failed with error -22 [ 125.685550][ T4144] usb 2-1: USB disconnect, device number 4 [ 125.733974][ T3549] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 125.895516][ T5304] loop4: detected capacity change from 0 to 256 [ 125.990834][ T5304] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 126.013993][ T3549] usb 1-1: Using ep0 maxpacket: 32 [ 126.134003][ T4010] Bluetooth: hci0: command 0x040f tx timeout [ 126.143093][ T5166] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 126.154148][ T3549] usb 1-1: config 0 has an invalid descriptor of length 220, skipping remainder of the config [ 126.172378][ T3549] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 126.172748][ T5166] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 126.198693][ T3549] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 126.218695][ T3549] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFA, skipping [ 126.264235][ T5166] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 126.287090][ T3549] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 4 [ 126.292754][ T5166] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 126.514198][ T3549] usb 1-1: New USB device found, idVendor=04bb, idProduct=0515, bcdDevice=5a.a2 [ 126.527911][ T3549] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.584198][ T3549] usb 1-1: Product: syz [ 126.594929][ T3549] usb 1-1: Manufacturer: syz [ 126.599601][ T3549] usb 1-1: SerialNumber: syz [ 126.655201][ T3549] usb 1-1: config 0 descriptor?? [ 126.694586][ T5166] 8021q: adding VLAN 0 to HW filter on device bond0 [ 126.709833][ T4130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 126.732574][ T4130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 126.745005][ T5166] 8021q: adding VLAN 0 to HW filter on device team0 [ 126.796917][ T4130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 126.814425][ T4130] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 126.829769][ T4130] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.836951][ T4130] bridge0: port 1(bridge_slave_0) entered forwarding state [ 126.872659][ T4130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 126.891894][ T4130] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 126.944230][ T4130] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.951358][ T4130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.960811][ T21] usb 1-1: USB disconnect, device number 3 [ 126.981742][ T4130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 127.038832][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 127.052911][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 127.080267][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 127.123431][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 127.185822][ T4004] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 127.200435][ T4004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 127.222623][ T4004] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 127.250915][ T4004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 127.275257][ T4004] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 127.284015][ T4004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 127.292670][ T4004] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 127.304942][ T5166] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 127.382181][ T5347] lo speed is unknown, defaulting to 1000 [ 127.533798][ T21] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 127.592330][ T5166] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 127.610043][ T5363] loop0: detected capacity change from 0 to 164 [ 127.624953][ T4142] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 127.639520][ T4142] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 127.691971][ T4146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 127.704868][ T4146] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 127.754768][ T5363] xt_bpf: check failed: parse error [ 127.799163][ T4146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 127.824860][ T4146] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 127.854708][ T5166] device veth0_vlan entered promiscuous mode [ 127.887641][ T4130] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 127.901814][ T4130] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 127.904202][ T21] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.953828][ T5166] device veth1_vlan entered promiscuous mode [ 127.976873][ T21] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 128.023948][ T21] usb 2-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00 [ 128.033022][ T21] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.070767][ T4004] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 128.077623][ T21] usb 2-1: config 0 descriptor?? [ 128.089194][ T4004] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 128.099250][ T4004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 128.114481][ T4004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 128.125841][ T5166] device veth0_macvtap entered promiscuous mode [ 128.164083][ T4146] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 128.178915][ T5166] device veth1_macvtap entered promiscuous mode [ 128.204038][ T4010] Bluetooth: hci0: command 0x0419 tx timeout [ 128.294258][ T5166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.318408][ T5166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.328976][ T5166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.340005][ T5166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.354271][ T5166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.375194][ T5166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.388147][ T5166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.399148][ T5166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.410645][ T5166] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 128.425033][ T4010] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 128.443485][ T4010] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 128.451946][ T4010] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 128.462026][ T4146] usb 3-1: Using ep0 maxpacket: 8 [ 128.474675][ T4010] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 128.490469][ T5347] chnl_net:caif_netlink_parms(): no params data found [ 128.505840][ T5166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.528920][ T5166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.549922][ T5166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.563398][ T21] itetech 0003:258A:6A88.0005: item fetching failed at offset 0/1 [ 128.578937][ T21] itetech: probe of 0003:258A:6A88.0005 failed with error -22 [ 128.592157][ T5166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.609422][ T4146] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 128.627366][ T4146] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 128.643759][ T5166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.663809][ T4146] usb 3-1: New USB device found, idVendor=056a, idProduct=0303, bcdDevice= 0.00 [ 128.673457][ T5166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.689415][ T4146] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.698196][ T5166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.714403][ T4146] usb 3-1: config 0 descriptor?? [ 128.719500][ T5166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.731205][ T5166] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 128.748979][ T4004] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 128.759295][ T4004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 128.792671][ T5166] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.835415][ T5166] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.841076][ T4142] usb 2-1: USB disconnect, device number 5 [ 128.866540][ T5166] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.888165][ T5166] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.159825][ T5347] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.165131][ T3867] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.168426][ T5347] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.185404][ T5347] device bridge_slave_0 entered promiscuous mode [ 129.204379][ T5347] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.211669][ T5347] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.221775][ T5347] device bridge_slave_1 entered promiscuous mode [ 129.226788][ T4146] wacom 0003:056A:0303.0006: unbalanced delimiter at end of report description [ 129.238642][ T3888] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.244565][ T3867] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.260117][ T3888] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.273443][ T4146] wacom 0003:056A:0303.0006: parse failed [ 129.286207][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 129.296698][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 129.297564][ T4146] wacom: probe of 0003:056A:0303.0006 failed with error -22 [ 129.333861][ T4004] Bluetooth: hci1: command 0x0409 tx timeout [ 129.357553][ T5347] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 129.394544][ T5422] loop0: detected capacity change from 0 to 128 [ 129.408074][ T5347] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 129.540750][ T4146] usb 3-1: USB disconnect, device number 5 [ 129.599859][ T5347] team0: Port device team_slave_0 added [ 129.620924][ T26] audit: type=1800 audit(1721807668.140:32): pid=5429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.443" name="file0" dev="loop0" ino=1048642 res=0 errno=0 [ 129.631246][ T5431] loop3: detected capacity change from 0 to 128 [ 129.726227][ T5431] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 129.753207][ T5347] team0: Port device team_slave_1 added [ 129.784050][ T5431] ext4 filesystem being mounted at /0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 129.815280][ C1] vkms_vblank_simulate: vblank timer overrun [ 129.838750][ T5347] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 129.879049][ T5347] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.970000][ T5347] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 129.976718][ T5437] loop1: detected capacity change from 0 to 512 [ 129.995443][ C0] hrtimer: interrupt took 9741507 ns [ 130.074394][ T5347] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 130.081450][ T5347] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 130.334358][ T5347] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 130.896161][ T5437] EXT4-fs error (device loop1): ext4_fill_super:4840: inode #2: comm syz.1.446: casefold flag without casefold feature [ 130.909549][ T5437] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 130.920380][ T5437] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,data_err=abort,,errors=continue. Quota mode: none. [ 131.032351][ T5448] netlink: 4 bytes leftover after parsing attributes in process `syz.3.451'. [ 132.320156][ T144] wlan1: Trigger new scan to find an IBSS to join [ 132.846535][ T1377] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.852913][ T1377] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.221360][ T3549] Bluetooth: hci1: command 0x041b tx timeout [ 135.081735][ T5347] device hsr_slave_0 entered promiscuous mode [ 135.888455][ T3888] wlan1: Trigger new scan to find an IBSS to join [ 136.146257][ T5347] device hsr_slave_1 entered promiscuous mode [ 136.165149][ T5347] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 136.189878][ T5347] Cannot create hsr debugfs directory [ 136.363855][ T3773] Bluetooth: hci1: command 0x040f tx timeout [ 137.227838][ T3888] wlan1: Creating new IBSS network, BSSID 3a:71:b9:d0:b9:16 [ 138.211794][ T3883] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.329579][ T5466] loop2: detected capacity change from 0 to 256 [ 138.443917][ T3311] Bluetooth: hci1: command 0x0419 tx timeout [ 139.302717][ T5468] loop3: detected capacity change from 0 to 128 [ 140.302015][ T5470] lo speed is unknown, defaulting to 1000 [ 141.031058][ T5470] chnl_net:caif_netlink_parms(): no params data found [ 141.477014][ T5474] loop3: detected capacity change from 0 to 256 [ 142.218933][ T3883] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.280918][ T5470] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.288252][ T4142] Bluetooth: hci2: command 0x0409 tx timeout [ 142.305108][ T5470] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.326778][ T5470] device bridge_slave_0 entered promiscuous mode [ 142.382150][ T5470] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.389490][ T5470] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.406250][ T5470] device bridge_slave_1 entered promiscuous mode [ 143.439068][ T5470] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 143.451230][ T5470] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 143.461098][ T5486] lo speed is unknown, defaulting to 1000 [ 145.084932][ T4142] Bluetooth: hci3: command 0x0409 tx timeout [ 145.094649][ T4142] Bluetooth: hci2: command 0x041b tx timeout [ 145.121382][ T5470] team0: Port device team_slave_0 added [ 145.129328][ T5470] team0: Port device team_slave_1 added [ 145.149198][ T3883] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.191068][ T5492] loop3: detected capacity change from 0 to 1024 [ 147.484658][ T3549] Bluetooth: hci2: command 0x040f tx timeout [ 147.494186][ T4142] Bluetooth: hci3: command 0x041b tx timeout [ 150.163395][ T4004] Bluetooth: hci3: command 0x040f tx timeout [ 150.169449][ T4004] Bluetooth: hci2: command 0x0419 tx timeout [ 150.187639][ T5470] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 150.207329][ T5470] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 150.268598][ T5470] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 150.289094][ T5470] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 150.299549][ T5470] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 150.335866][ T5470] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 152.553339][ T4130] Bluetooth: hci3: command 0x0419 tx timeout [ 152.598395][ T3883] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.639033][ T5470] device hsr_slave_0 entered promiscuous mode [ 152.645970][ T5470] device hsr_slave_1 entered promiscuous mode [ 154.759686][ T5470] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 154.776380][ T5470] Cannot create hsr debugfs directory [ 155.824431][ T5507] loop2: detected capacity change from 0 to 16 [ 155.846966][ T5507] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 156.089445][ T5486] chnl_net:caif_netlink_parms(): no params data found [ 156.140185][ T5509] loop3: detected capacity change from 0 to 4096 [ 157.051322][ T5486] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.818134][ T5486] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.079225][ T5486] device bridge_slave_0 entered promiscuous mode [ 159.212393][ T5509] NILFS (loop3): error -4 creating segctord thread [ 162.977077][ T5486] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.993502][ T5486] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.001631][ T5486] device bridge_slave_1 entered promiscuous mode [ 163.716791][ T5486] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 166.435542][ T5486] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.585028][ T3888] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 167.696073][ T5545] loop2: detected capacity change from 0 to 128 [ 167.718911][ T5545] FAT-fs (loop2): bogus number of reserved sectors [ 167.733998][ T5545] FAT-fs (loop2): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 167.755951][ T5545] FAT-fs (loop2): Can't find a valid FAT filesystem [ 167.974542][ T5550] syz.2.476 uses obsolete (PF_INET,SOCK_PACKET) [ 168.697709][ T5486] team0: Port device team_slave_0 added [ 168.723110][ T5486] team0: Port device team_slave_1 added [ 168.775648][ T5486] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.887681][ T5563] loop3: detected capacity change from 0 to 16 [ 169.609503][ T5486] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.635474][ T5486] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.652718][ T5486] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.659769][ T5486] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.685641][ T5486] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 170.764016][ T3311] Bluetooth: hci4: command 0x0406 tx timeout [ 170.989086][ T5563] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 172.619745][ T5486] device hsr_slave_0 entered promiscuous mode [ 172.634454][ T5486] device hsr_slave_1 entered promiscuous mode [ 174.023844][ T5486] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 174.031433][ T5486] Cannot create hsr debugfs directory [ 175.113988][ T5585] loop3: detected capacity change from 0 to 128 [ 175.303825][ T4143] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 175.620658][ T5585] FAT-fs (loop3): bogus number of reserved sectors [ 175.627207][ T5585] FAT-fs (loop3): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 175.636498][ T5585] FAT-fs (loop3): Can't find a valid FAT filesystem [ 175.674064][ T4143] usb 3-1: config 1 has an invalid descriptor of length 224, skipping remainder of the config [ 175.693871][ T4143] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 176.294511][ T4143] usb 3-1: New USB device found, idVendor=44b7, idProduct=0000, bcdDevice= 0.00 [ 176.303549][ T4143] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 176.326512][ T4143] usb 3-1: SerialNumber: syz [ 176.616444][ T4143] usb 3-1: 0:48 : does not exist [ 176.621979][ T4143] usb 3-1: 0:199 : does not exist [ 176.664108][ T4143] usb 3-1: USB disconnect, device number 6 [ 176.935993][ T5572] udevd[5572]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 179.049066][ T5595] loop2: detected capacity change from 0 to 40427 [ 180.121477][ T5595] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 180.129583][ T5595] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 180.143219][ T5595] F2FS-fs (loop2): Found nat_bits in checkpoint [ 181.634206][ T5642] loop3: detected capacity change from 0 to 64 [ 186.890883][ T5649] loop3: detected capacity change from 0 to 1024 [ 187.835962][ T5649] EXT4-fs (loop3): Ignoring removed orlov option [ 187.888110][ T5649] EXT4-fs (loop3): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000040000,data_err=abort,barrier=0x0000000000000002,jqfmt=vfsv1,norecovery,max_dir_size_kb=0x00000000004007b1,orlov,bsdgroups,max_batch_time=0x0000000000000002,min_batch_time=0x0000000000000002,,errors=continue. Quota mode: none. [ 187.988449][ T5656] lo speed is unknown, defaulting to 1000 [ 189.640478][ T5656] chnl_net:caif_netlink_parms(): no params data found [ 190.847448][ T4143] Bluetooth: hci5: command 0x0409 tx timeout [ 190.902015][ T5656] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.909436][ T5656] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.917787][ T5656] device bridge_slave_0 entered promiscuous mode [ 190.926360][ T5656] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.933445][ T5656] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.442102][ T5656] device bridge_slave_1 entered promiscuous mode [ 192.480532][ T5656] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 192.492315][ T5656] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 193.452313][ T4146] Bluetooth: hci5: command 0x041b tx timeout [ 193.510799][ T5656] team0: Port device team_slave_0 added [ 193.531820][ T5656] team0: Port device team_slave_1 added [ 194.235505][ T5656] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 194.235522][ T5656] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 194.235546][ T5656] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 194.236699][ T5656] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 194.236713][ T5656] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 194.236730][ T5656] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 194.280474][ T5656] device hsr_slave_0 entered promiscuous mode [ 194.281009][ T5656] device hsr_slave_1 entered promiscuous mode [ 194.312527][ T1377] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.312617][ T1377] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.803085][ T5656] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 194.956695][ T5656] Cannot create hsr debugfs directory [ 195.582104][ T4010] Bluetooth: hci5: command 0x040f tx timeout [ 196.544653][ T5678] binder: 5676:5678 ioctl c00c620f 20000180 returned -22 [ 197.644400][ T3311] Bluetooth: hci5: command 0x0419 tx timeout [ 201.083989][ T4142] Bluetooth: hci0: command 0x0409 tx timeout [ 201.304869][ T144] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 201.322711][ T5470] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.431011][ T5690] lo speed is unknown, defaulting to 1000 [ 204.867068][ T4143] Bluetooth: hci6: command 0x0409 tx timeout [ 204.913779][ T4143] Bluetooth: hci0: command 0x041b tx timeout [ 205.018332][ T5687] lo speed is unknown, defaulting to 1000 [ 205.438910][ T5697] lo speed is unknown, defaulting to 1000 [ 205.507300][ T5690] chnl_net:caif_netlink_parms(): no params data found [ 209.430049][ T4142] Bluetooth: hci0: command 0x040f tx timeout [ 209.451815][ T4142] Bluetooth: hci6: command 0x041b tx timeout [ 209.493987][ T3311] Bluetooth: hci7: command 0x0409 tx timeout [ 214.881963][ T3549] Bluetooth: hci7: command 0x041b tx timeout [ 214.882558][ T3311] Bluetooth: hci0: command 0x0419 tx timeout [ 214.888014][ T3549] Bluetooth: hci6: command 0x040f tx timeout [ 221.104700][ T3549] Bluetooth: hci6: command 0x0419 tx timeout [ 221.110745][ T3549] Bluetooth: hci7: command 0x040f tx timeout [ 228.462422][ T4143] Bluetooth: hci7: command 0x0419 tx timeout [ 236.641662][ T4130] Bluetooth: hci1: command 0x0409 tx timeout [ 236.659037][ T5690] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.683899][ T5690] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.691922][ T5690] device bridge_slave_0 entered promiscuous mode [ 236.727603][ T5687] chnl_net:caif_netlink_parms(): no params data found [ 236.734437][ T5718] lo speed is unknown, defaulting to 1000 [ 236.751219][ T5690] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.773897][ T5690] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.793912][ T5690] device bridge_slave_1 entered promiscuous mode [ 247.015821][ T3549] Bluetooth: hci1: command 0x041b tx timeout [ 247.067337][ T5470] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.146315][ T4130] Bluetooth: hci1: command 0x040f tx timeout [ 260.154353][ T1377] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.160629][ T1377] ieee802154 phy1 wpan1: encryption failed: -22 [ 260.239751][ T5690] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 276.265273][ T4143] Bluetooth: hci1: command 0x0419 tx timeout [ 295.950572][ T1125] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 295.962435][ T4142] Bluetooth: hci3: command 0x0406 tx timeout [ 296.018338][ T4142] Bluetooth: hci2: command 0x0406 tx timeout [ 296.053946][ T4142] Bluetooth: hci8: command 0x0409 tx timeout [ 296.060209][ T4142] Bluetooth: hci9: command 0x0409 tx timeout [ 296.083999][ T4142] Bluetooth: hci11: command 0x0409 tx timeout [ 296.096601][ T4142] Bluetooth: hci10: command 0x0409 tx timeout [ 319.799140][ T3311] Bluetooth: hci10: command 0x041b tx timeout [ 319.848228][ T3311] Bluetooth: hci11: command 0x041b tx timeout [ 319.873883][ T3311] Bluetooth: hci9: command 0x041b tx timeout [ 319.880621][ T3311] Bluetooth: hci8: command 0x041b tx timeout [ 319.893998][ T3311] Bluetooth: hci12: command 0x0409 tx timeout [ 348.194074][ T1377] ieee802154 phy0 wpan0: encryption failed: -22 [ 348.200403][ T1377] ieee802154 phy1 wpan1: encryption failed: -22 [ 348.208686][ T3311] Bluetooth: hci9: command 0x040f tx timeout [ 348.225600][ T27] INFO: task syz-executor:5486 blocked for more than 159 seconds. [ 348.273017][ T5690] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 348.314011][ T3311] Bluetooth: hci11: command 0x040f tx timeout [ 348.320291][ T27] Not tainted 5.15.163-syzkaller #0 [ 348.423111][ T3311] Bluetooth: hci10: command 0x040f tx timeout [ 348.433858][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 348.442535][ T27] task:syz-executor state:D stack:20184 pid: 5486 ppid: 1 flags:0x00004004 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 348.513980][ T3311] Bluetooth: hci5: command 0x0406 tx timeout [ 348.543845][ T3311] Bluetooth: hci12: command 0x041b tx timeout [ 348.594102][ T27] Call Trace: [ 348.597508][ T27] [ 348.600442][ T27] __schedule+0x12c4/0x45b0 [ 348.605718][ T3311] Bluetooth: hci8: command 0x040f tx timeout [ 348.654581][ T27] ? release_firmware_map_entry+0x190/0x190 [ 348.660519][ T27] ? __mutex_trylock_common+0x8d/0x2e0 [ 348.683896][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 348.689146][ T27] schedule+0x11b/0x1f0 [ 348.693315][ T27] schedule_preempt_disabled+0xf/0x20 [ 348.713978][ T27] __mutex_lock_common+0xe34/0x25a0 [ 348.719236][ T27] ? del_device_store+0xf1/0x470 [ 348.733898][ T27] ? mutex_lock_io_nested+0x60/0x60 [ 348.739227][ T27] ? skip_atoi+0xd0/0xd0 [ 348.743485][ T27] mutex_lock_nested+0x17/0x20 [ 348.761414][ T27] del_device_store+0xf1/0x470 [ 348.770760][ T27] ? del_port_store+0x270/0x270 [ 348.784028][ T27] ? sysfs_kf_write+0x181/0x2a0 [ 348.788911][ T27] ? sysfs_kf_read+0x300/0x300 [ 348.793674][ T27] kernfs_fop_write_iter+0x3a2/0x4f0 [ 348.811867][ T27] vfs_write+0xacd/0xe50 [ 348.820290][ T27] ? file_end_write+0x250/0x250 [ 348.832603][ T27] ? read_lock_is_recursive+0x10/0x10 [ 348.844028][ T27] ? __fdget_pos+0x2d2/0x380 [ 348.848667][ T27] ksys_write+0x1a2/0x2c0 [ 348.853023][ T27] ? print_irqtrace_events+0x210/0x210 [ 348.872094][ T27] ? __ia32_sys_read+0x80/0x80 [ 348.880828][ T27] ? syscall_enter_from_user_mode+0x2e/0x240 [ 348.893989][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 348.899216][ T27] ? syscall_enter_from_user_mode+0x2e/0x240 [ 348.917846][ T27] do_syscall_64+0x3b/0xb0 [ 348.922289][ T27] ? clear_bhb_loop+0x15/0x70 [ 348.934199][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 348.952392][ T27] RIP: 0033:0x7f713f9dda9f [ 348.957280][ T27] RSP: 002b:00007ffe6efaa170 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 348.979719][ T27] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f713f9dda9f [ 348.994019][ T27] RDX: 0000000000000001 RSI: 00007ffe6efaa1c0 RDI: 0000000000000005 [ 349.002082][ T27] RBP: 00007f713fa4d5b2 R08: 0000000000000000 R09: 00007ffe6efa9fc7 [ 349.021705][ T27] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 349.033447][ T27] R13: 00007ffe6efaa1c0 R14: 00007f714069d620 R15: 0000000000000003 [ 349.055758][ T27] [ 349.058996][ T27] [ 349.058996][ T27] Showing all locks held in the system: [ 349.081100][ T27] 3 locks held by kworker/1:0/21: [ 349.092189][ T27] #0: ffff888011c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 349.113956][ T27] #1: ffffc90000db7d20 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 349.133811][ T27] #2: ffffffff8d9e8348 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20 [ 349.153843][ T27] 1 lock held by khungtaskd/27: [ 349.158714][ T27] #0: ffffffff8c91fb20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 349.180910][ T27] 1 lock held by dhcpcd/3174: [ 349.191764][ T27] #0: ffffffff8d9e8348 (rtnl_mutex){+.+.}-{3:3}, at: __netlink_dump_start+0x12e/0x6f0 [ 349.214055][ T27] 2 locks held by getty/3270: [ 349.218743][ T27] #0: ffff8880248c8098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 349.240186][ T27] #1: ffffc9000209b2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0 [ 349.263905][ T27] 3 locks held by kworker/u4:6/3583: [ 349.269209][ T27] #0: ffff888019e69938 ((wq_completion)phy14){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 349.291482][ T27] #1: ffffc90004197d20 ((work_completion)(&(&local->scan_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 349.315104][ T27] #2: ffff88807aa229c8 (&local->mtx){+.+.}-{3:3}, at: ieee80211_scan_work+0xb7/0x1d00 [ 349.333865][ T27] 4 locks held by kworker/u4:11/3883: [ 349.339250][ T27] #0: ffff888011dcd138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 349.362381][ T27] #1: ffffc90003347d20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 349.384035][ T27] #2: ffffffff8d9dc790 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf1/0xb60 [ 349.393409][ T27] #3: ffffffff8d9e8348 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x4d/0x220 [ 349.417263][ T27] 4 locks held by kworker/0:17/4130: [ 349.422759][ T27] 3 locks held by kworker/1:14/4141: [ 349.442231][ T27] #0: ffff888011c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 349.463920][ T27] #1: ffffc90003137d20 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 349.493907][ T27] #2: ffff8880768b2400 (&nsim_dev->port_list_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x56/0xab0 [ 349.513854][ T27] 3 locks held by kworker/1:16/4143: [ 349.519162][ T27] #0: ffff888011c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 349.551149][ T27] #1: ffffc90004477d20 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 349.573997][ T27] #2: ffffffff8d9e8348 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xa/0x50 [ 349.583184][ T27] 2 locks held by kworker/1:17/4144: [ 349.603896][ T27] #0: ffff888011c72138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 349.623863][ T27] #1: ffffc90004497d20 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 349.656034][ T27] 8 locks held by syz-executor/5470: [ 349.661623][ T27] #0: ffff88807ec3a460 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x29a/0xe50 [ 349.686114][ T27] #1: ffff888061b09c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1e7/0x4f0 [ 349.704038][ T27] #2: ffff888147b85918 (kn->active#232){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20b/0x4f0 [ 349.724258][ T27] #3: ffffffff8d363c28 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xf1/0x470 [ 349.747091][ T27] #4: ffff8880768b3178 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xc2/0x7f0 [ 349.772157][ T27] #5: ffff8880768b2400 (&nsim_dev->port_list_lock){+.+.}-{3:3}, at: nsim_dev_reload_destroy+0x118/0x240 [ 349.793849][ T27] #6: ffffffff8d9e8348 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x3a/0x140 [ 349.802776][ T27] #7: ffffffff8c9240e8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x350/0x740 [ 349.826053][ T27] 4 locks held by syz-executor/5486: [ 349.831368][ T27] #0: ffff88807ec3a460 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x29a/0xe50 [ 349.853420][ T27] #1: ffff88807af29088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1e7/0x4f0 [ 349.875254][ T27] #2: ffff888147b85918 (kn->active#232){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20b/0x4f0 [ 349.893830][ T27] #3: ffffffff8d363c28 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xf1/0x470 [ 349.916566][ T27] 4 locks held by syz-executor/5656: [ 349.922019][ T27] #0: ffff88807ec3a460 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x29a/0xe50 [ 349.943681][ T27] #1: ffff888062ffb888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1e7/0x4f0 [ 349.953657][ T27] #2: ffff888147b85918 (kn->active#232){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20b/0x4f0 [ 349.981767][ T27] #3: ffffffff8d363c28 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xf1/0x470 [ 350.005436][ T27] 1 lock held by syz-executor/5687: [ 350.010761][ T27] #0: ffffffff8c9240e8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x280/0x740 [ 350.035648][ T27] 1 lock held by syz.2.506/5695: [ 350.040706][ T27] 2 locks held by syz-executor/5718: [ 350.054081][ T27] #0: ffffffff8d9dc790 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x378/0x5d0 [ 350.073904][ T27] #1: ffffffff8d9e8348 (rtnl_mutex){+.+.}-{3:3}, at: wg_netns_pre_exit+0x1b/0x1d0 [ 350.083266][ T27] 2 locks held by syz-executor/5727: [ 350.101241][ T27] #0: ffffffff8d9dc790 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x378/0x5d0 [ 350.124099][ T27] #1: ffffffff8d9e8348 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x80/0x270 [ 350.143794][ T27] 2 locks held by syz-executor/5728: [ 350.149105][ T27] #0: ffffffff8d9dc790 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x378/0x5d0 [ 350.171222][ T27] #1: ffffffff8d9e8348 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x80/0x270 [ 350.193857][ T27] 1 lock held by syz-executor/5741: [ 350.199075][ T27] #0: ffffffff8d9e8348 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 350.220470][ T27] [ 350.222812][ T27] ============================================= [ 350.222812][ T27] [ 350.245314][ T27] NMI backtrace for cpu 1 [ 350.249667][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.163-syzkaller #0 [ 350.257635][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 350.267690][ T27] Call Trace: [ 350.270981][ T27] [ 350.273915][ T27] dump_stack_lvl+0x1e3/0x2d0 [ 350.278600][ T27] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 350.284233][ T27] ? panic+0x860/0x860 [ 350.288332][ T27] ? nmi_cpu_backtrace+0x23b/0x4a0 [ 350.293444][ T27] nmi_cpu_backtrace+0x46a/0x4a0 [ 350.298398][ T27] ? __wake_up_klogd+0xd5/0x100 [ 350.303252][ T27] ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0 [ 350.309404][ T27] ? _printk+0xd1/0x120 [ 350.313556][ T27] ? panic+0x860/0x860 [ 350.317622][ T27] ? __wake_up_klogd+0xcc/0x100 [ 350.322468][ T27] ? panic+0x860/0x860 [ 350.326535][ T27] ? __rcu_read_unlock+0x92/0x100 [ 350.331559][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 350.337631][ T27] nmi_trigger_cpumask_backtrace+0x181/0x2a0 [ 350.343614][ T27] watchdog+0xe72/0xeb0 [ 350.347786][ T27] kthread+0x3f6/0x4f0 [ 350.351850][ T27] ? hungtask_pm_notify+0x50/0x50 [ 350.356877][ T27] ? kthread_blkcg+0xd0/0xd0 [ 350.361466][ T27] ret_from_fork+0x1f/0x30 [ 350.365893][ T27] [ 350.369800][ T27] Sending NMI from CPU 1 to CPUs 0: [ 350.375114][ C0] NMI backtrace for cpu 0 [ 350.375125][ C0] CPU: 0 PID: 4130 Comm: kworker/0:17 Not tainted 5.15.163-syzkaller #0 [ 350.375140][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 350.375150][ C0] Workqueue: events_power_efficient gc_worker [ 350.375169][ C0] RIP: 0010:check_preemption_disabled+0x42/0x110 [ 350.375190][ C0] Code: 08 65 8b 1d 08 54 e3 75 65 8b 05 71 ae e3 75 a9 ff ff ff 7f 74 22 65 48 8b 04 25 28 00 00 00 48 3b 44 24 08 0f 85 c7 00 00 00 <89> d8 48 83 c4 10 5b 41 5c 41 5e 41 5f c3 48 c7 04 24 00 00 00 00 [ 350.375211][ C0] RSP: 0018:ffffc90000007a68 EFLAGS: 00000046 [ 350.375223][ C0] RAX: b3dbd71bbc878e00 RBX: 0000000000000000 RCX: ffffffff8162acdc [ 350.375234][ C0] RDX: 0000000000000000 RSI: ffffffff8ad8f6e0 RDI: ffffffff8ad8f6a0 [ 350.375244][ C0] RBP: ffffc90000007c08 R08: dffffc0000000000 R09: fffffbfff1bc8ede [ 350.375255][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92000000f60 [ 350.375265][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: dffffc0000000000 [ 350.375275][ C0] FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 350.375288][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 350.375298][ C0] CR2: 00007f82cede4ed0 CR3: 00000000734d5000 CR4: 00000000003506f0 [ 350.375315][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 350.375324][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 350.375333][ C0] Call Trace: [ 350.375338][ C0] [ 350.375345][ C0] ? nmi_cpu_backtrace+0x39f/0x4a0 [ 350.375360][ C0] ? read_lock_is_recursive+0x10/0x10 [ 350.375375][ C0] ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0 [ 350.375387][ C0] ? unknown_nmi_error+0xd0/0xd0 [ 350.375409][ C0] ? nmi_cpu_backtrace_handler+0x8/0x10 [ 350.375423][ C0] ? nmi_handle+0xf7/0x370 [ 350.375438][ C0] ? check_preemption_disabled+0x42/0x110 [ 350.375453][ C0] ? default_do_nmi+0x62/0x150 [ 350.375468][ C0] ? exc_nmi+0xa8/0x100 [ 350.375481][ C0] ? end_repeat_nmi+0x16/0x31 [ 350.375500][ C0] ? lock_acquire+0xcc/0x4f0 [ 350.375513][ C0] ? check_preemption_disabled+0x42/0x110 [ 350.375529][ C0] ? check_preemption_disabled+0x42/0x110 [ 350.375545][ C0] ? check_preemption_disabled+0x42/0x110 [ 350.375561][ C0] [ 350.375565][ C0] [ 350.375571][ C0] rcu_is_watching+0x11/0xa0 [ 350.375586][ C0] lock_acquire+0xdd/0x4f0 [ 350.375602][ C0] ? read_lock_is_recursive+0x10/0x10 [ 350.375621][ C0] ? read_lock_is_recursive+0x10/0x10 [ 350.375635][ C0] ? do_raw_spin_lock+0x14a/0x370 [ 350.375651][ C0] _raw_spin_lock_irqsave+0xd1/0x120 [ 350.375666][ C0] ? debug_object_activate+0x63/0x4e0 [ 350.375682][ C0] ? _raw_spin_lock+0x40/0x40 [ 350.375697][ C0] ? do_raw_spin_unlock+0x137/0x8b0 [ 350.375715][ C0] debug_object_activate+0x63/0x4e0 [ 350.375730][ C0] ? _raw_spin_lock_irqsave+0x120/0x120 [ 350.375747][ C0] enqueue_hrtimer+0x30/0x390 [ 350.375763][ C0] __hrtimer_run_queues+0x6b6/0xcf0 [ 350.375785][ C0] ? hrtimer_interrupt+0x980/0x980 [ 350.375802][ C0] hrtimer_interrupt+0x392/0x980 [ 350.375826][ C0] __sysvec_apic_timer_interrupt+0x139/0x470 [ 350.375844][ C0] sysvec_apic_timer_interrupt+0x8c/0xb0 [ 350.375860][ C0] [ 350.375864][ C0] [ 350.375869][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 350.375883][ C0] RIP: 0010:lock_acquire+0x252/0x4f0 [ 350.375896][ C0] Code: 2b 00 74 08 4c 89 f7 e8 5c 82 67 00 f6 44 24 61 02 0f 85 84 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25 [ 350.375908][ C0] RSP: 0018:ffffc90003197980 EFLAGS: 00000206 [ 350.375920][ C0] RAX: 0000000000000001 RBX: 1ffff92000632f3c RCX: 1ffff92000632edc [ 350.375930][ C0] RDX: dffffc0000000000 RSI: ffffffff8a8b3ca0 RDI: ffffffff8ad8f700 [ 350.375941][ C0] RBP: ffffc90003197ae0 R08: dffffc0000000000 R09: fffffbfff1f7f419 [ 350.375951][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92000632f38 [ 350.375961][ C0] R13: dffffc0000000000 R14: ffffc900031979e0 R15: 0000000000000246 [ 350.375982][ C0] ? read_lock_is_recursive+0x10/0x10 [ 350.375999][ C0] ? __might_sleep+0xc0/0xc0 [ 350.376012][ C0] ? seqcount_lockdep_reader_access+0x1d3/0x220 [ 350.376033][ C0] rcu_lock_acquire+0x2a/0x30 [ 350.376046][ C0] ? rcu_lock_acquire+0x5/0x30 [ 350.376057][ C0] gc_worker+0x289/0x14b0 [ 350.376075][ C0] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 350.376091][ C0] ? init_conntrack+0x1740/0x1740 [ 350.376104][ C0] ? do_raw_spin_unlock+0x137/0x8b0 [ 350.376122][ C0] process_one_work+0x8a1/0x10c0 [ 350.376144][ C0] ? worker_detach_from_pool+0x260/0x260 [ 350.376161][ C0] ? _raw_spin_lock_irqsave+0x120/0x120 [ 350.376176][ C0] ? kthread_data+0x4e/0xc0 [ 350.376189][ C0] ? wq_worker_running+0x97/0x170 [ 350.376204][ C0] worker_thread+0xaca/0x1280 [ 350.376231][ C0] kthread+0x3f6/0x4f0 [ 350.376243][ C0] ? rcu_lock_release+0x20/0x20 [ 350.376257][ C0] ? kthread_blkcg+0xd0/0xd0 [ 350.376270][ C0] ret_from_fork+0x1f/0x30 [ 350.376292][ C0] [ 350.378005][ T3311] Bluetooth: hci7: command 0x0406 tx timeout [ 350.932010][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 350.938883][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.163-syzkaller #0 [ 350.947581][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 350.957624][ T27] Call Trace: [ 350.960895][ T27] [ 350.963817][ T27] dump_stack_lvl+0x1e3/0x2d0 [ 350.968635][ T27] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 350.974284][ T27] ? panic+0x860/0x860 [ 350.978366][ T27] panic+0x318/0x860 [ 350.982258][ T27] ? schedule_preempt_disabled+0x20/0x20 [ 350.987891][ T27] ? nmi_trigger_cpumask_backtrace+0x221/0x2a0 [ 350.994046][ T27] ? fb_is_primary_device+0xd0/0xd0 [ 350.999253][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 351.005321][ T27] ? nmi_trigger_cpumask_backtrace+0x221/0x2a0 [ 351.011468][ T27] ? nmi_trigger_cpumask_backtrace+0x281/0x2a0 [ 351.017621][ T27] ? nmi_trigger_cpumask_backtrace+0x286/0x2a0 [ 351.023777][ T27] watchdog+0xeb0/0xeb0 [ 351.027939][ T27] kthread+0x3f6/0x4f0 [ 351.032022][ T27] ? hungtask_pm_notify+0x50/0x50 [ 351.037047][ T27] ? kthread_blkcg+0xd0/0xd0 [ 351.041633][ T27] ret_from_fork+0x1f/0x30 [ 351.046057][ T27] [ 352.144187][ T27] Shutting down cpus with NMI [ 352.149101][ T27] Kernel Offset: disabled [ 352.153426][ T27] Rebooting in 86400 seconds..