last executing test programs: 24.784206421s ago: executing program 3 (id=1534): open(0x0, 0x0, 0x0) ioctl$BTRFS_IOC_QGROUP_ASSIGN(0xffffffffffffffff, 0x40189429, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x4109841, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0}, &(0x7f00000000c0)=0x5) setuid(r2) quotactl_fd$Q_QUOTAON(r0, 0xffffffff80000201, 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioperm(0x0, 0x0, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000300)=[{0x0}, {&(0x7f0000000080)="a1", 0x20000081}], 0x2, 0x0) vmsplice(r4, &(0x7f0000000040)=[{&(0x7f00000000c0)='c', 0x1}], 0x1, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0040, &(0x7f0000000000)={[{@noblock_validity}, {@noload}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7f}}, {@noload}, {@nobarrier}, {@nodiscard}]}, 0xfe, 0x470, &(0x7f0000000940)="$eJzs3MtvVFUYAPDvTqel5WER8QGCVtFIfLS0PGThRqOJC40musC4qtNCkIEaWhMhRNEFxrgwJO6NSxP/Ale6MerKxC3uDYkxbEBXY87MvdAOM7WPaac4v19y4Zx773DOd889M+eeM0MAPWsk/ZFFbI2IKxExHBHl5hNGGn/duHah8ve1C5UsarU3/srSy+L6tQuV/J+ob8mWxo5aLc9valHupbcjJqvV6bN5fmzu9Htjs+fOP3Py9OSJ6RPTZyaOHj10cO/AkYnDHYkzxXV994cze3a9/NblVyvHLr/z87epvlvz40UcnTTSuLotPd7pwrps27x0Vu5iRViW1G79+XYlhqMvhm4eG46XPulq5YA1VavVaq0+n3MXa8D/WBbdrgHQHcUHfXr+LbZ1GnpsCH8+35jwSHHfyLfGkXKU8nP6m55vO2kwIo5d/OertMUazUMAAMz3fRr/PN1q/FeK++add1e+hrI9Iu6OiB0RcU9E7IyIeyPq594fEQ8ss/zmFZLbxz+lqysKbInS+O+5fG1r4fivGP3F9r48t60ef392/GR1+kB+TfZH/6aUH1/wkoV+ePG3L5r3fZ5Ps4/MG/+lLZVfjAXzelwtN03QTU3OTXYk+BT/xxG7y63iz26uA2YRsSsidq+wjJNPfrOn3bH/jn8RHVhnqn0d8USj/S9GU/yFrO365PizRyYOjw1GdfrAWHFX3O6XXy+93q78VcXfAan9N7e8/xvxp2fEbDBi9tz5U/X12tnll3Hp908rWZtjO1d4/w9kb9bTA/m+Dybn5s6ORwxkr6Ts0IL9E7deW+SL81P8+/e17v87Go9n9SvxYESkm3hvRDwUEQ/nbfdIRDwaEfsWif+nFx57t92x9u2/yKx8B6X4pxZp//SWl1K32n/5ib5TP37Xrvzaktr/UD21P9+zlPe/pVZwNdcOAAAA7hSl+nfgs9LozXSpNDra+A7/zthcqs7Mzj11fOb9M1ON78pvj/5SMdM1PG8+dDyfGy7yE035g/m88Zd9Q/X8aGWmOtXt4KHHbWnT/5M/+rpdO2DN+b0W9C79H3qX/g+9S/+H3qX/Q48aaL37o/WuB9AVy//8H1yTegDrz/gfepf+D71L/4ee1Pa38aVV/eT/Tk2UN0Y1WiaGNkY1ikSUNkQ1Opd47bNGl9go9SkS5SX/ZxYrTGxqeajb70wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACd8W8AAAD//z8/5no=") socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'lo\x00'}) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r6}, 0x10) 21.236770243s ago: executing program 3 (id=1555): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) semctl$SEM_INFO(0x0, 0x0, 0x13, 0x0) 19.653166605s ago: executing program 1 (id=1561): syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd_index, 0x0, 0x20000000, 0x36a8, 0x0, 0x0, {0x2}}) munmap(&(0x7f0000001000/0x2000)=nil, 0x2000) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5393, &(0x7f0000000000)) 19.455393749s ago: executing program 1 (id=1562): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000140), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000340)=@gcm_256={{0x304}, "00cd83f39500", "7979c06f94e1f3ed1945a2b2c7ff1bd557b28d5a73226a963826af565862c109", '\vv?\f', "dbdf3ad7d6801cf6"}, 0x38) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x11a, 0x4, 0x0, 0x0) 19.287893822s ago: executing program 3 (id=1564): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r2, 0xc00464c9, &(0x7f0000000280)) 19.151458946s ago: executing program 3 (id=1566): r0 = syz_open_dev$video4linux(&(0x7f0000001380), 0x5, 0x0) ioctl$VIDIOC_SUBDEV_G_SELECTION(r0, 0xc0e85667, &(0x7f0000000000)) 19.033449874s ago: executing program 1 (id=1567): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=@newsa={0x1000, 0x10, 0x1, 0x0, 0x0, {{@in=@multicast2, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {@in=@broadcast, 0x0, 0x33}, @in=@local, {}, {}, {}, 0x0, 0x0, 0xa}, [@XFRMA_IF_ID={0x8, 0x1f, 0x3}, @mark={0xc, 0x15, {0x0, 0x4}}, @XFRMA_SET_MARK={0x8}, @algo_auth={0xecd, 0x1, {{'sha256\x00'}, 0x7428, "c0be23fa9c0855a83c337a3c7077eb0828b79dfae7329500880e4633afa6bd513ea24b96862e586adce6b9122acb6941df9ee2c561afdc8e41793aa412aefdf1878192c0605b4be23aa1946bdd28ceb0c3d04b18a3baa73e901531a6e111cff7116039f44b7770ad3a99ede4c1e770c9f4aba8c5e0e8518e441c0cbd0bbfd7c58837a3f687e467da96f2abd13a298c57aed44c96f224f1d1ccad9c53c13a3765f1b8c7028d167689c23966b8eed35360e817aeb16ed161a5e24e1a1b3f3d484f39c977752dc9e26ea11bc51258ec09129d082cd4e8e2119bdf02654a33134f2e79130562a2ace974cd3bf04369f4e79447f41216224fafef9ab18169687bac4d58e1a55b84875f69030fb4095f6a178ffe9ecaac8e011c360eff1ba0cb7c4c757c91c12fb4cdfffb8929346f6bc4af2177d8b088c924fe3e8c864c034090f5593e2958a11832430d3144929e07cf2e161587903da6fc0d246408c622804bfe9f3d93c7b75d7390447a5f8efb9eedfc2d716eeec5ac53b2762d07b62ffe9e890f7d0de2828133877fecb2219af2dabb63984f65d3699b9f4dab7e14144750177f08cd2381fb203988d3f7fce9a8e3bb6d99274efbde27bf2d83793c90cec0991b375f52c93c427ab0859c6e282cf586ce26d55fd0f173d4503df968b71550c01dd995fa6c46f790b58992458a0edcadf2135e2d2aaf0930b5d320b9107a390ef81963dd9654e9ce144e259f68423eb37d2cbf445ea351f34bc24913cb08abf585d263d4ca3408dc79b409db93f6dc303d91d978bcb9cde273cb75c099f38205c20d1ef46fb52f0b7b0131e9fce39b8c007fc31cd9ddfb143934bf21608b1a67eed538812d45fca44a58de44369a6b542756db8eaee9f3741953c0923da25c3e3ad0bc0475f305be8e5ce61ae1fb67e068ad5fd343325dc1c9f827573348f0cc42e42b0fc62fb47ddaef3feaf13d1601db5054e5c73ba25fca9e049ddefb77daccced21c9a734fd4f9c7705efe773e898ec6df2432b18dd1bfcc915a7ae803bb0e06cacce7b5584e6b43e9caa2e1a2a86ef2262bed9138c95c6325e607c546429faadb61bb412692f3ee3ad8a8e4cd99f70fc8154b67b58fb1626841dea68a8eec47a435712885c09567875b6cb811bd928eff38bcac45a3bc7c1a540fa6450aaa51973b1a69a241b0afbbb92a8dda164db7203517be651ea62d839b52778fe8e5e2241ea0603c641849e9c980caa2aa668d9fe40f2e6232b249737f0fb3e6e1d1b8180a427ce9eefd43882ffe01517db6128144ce99f1444b15a9e95a71f1c01f920601eb76756bf20d8bc55f037607e1ca7568b5c23dd9e1e3b5616a3d3cb53e6e170b433acce7d9292c003bcbf7a54b3abc98c9ee25c501007ea05c9d014e079ca961a565390cbd72ed2c4c54a367545d6b9d358255a6f9e957fe12f3f822b13b15a7260dcbc09c535f0f8eea80b3dbc6f9d740e20054166d2bcaa6687de9d0576291518ee265144ed0916dd42c59b5c2a77427e5fcd6fe8ecf3f71bc792e9628886c7fb43dfb2d4fc2a463ec54381e087fc1ea249a5714d069cc33649cd22fb195b689018d796dccccecde912b0d15a52683c2f2548826615cb5d12bc0287dca626919180bdce7bc240775ebe32472aa31d4c40f5f5cb9730421228007148ad507f0f9fea56d467cffa5ccf6fef240e2afe0dfe68bafa0b22eeb50796b65dc1a4ba3aeb1668731c027ecfcd691630c19fdc6f536afe63a99bc69a2980a3276073f318bceacb322e71b5f9cc37d6afc676fec9303270205e5c921753d20e64c7f6c31cde900309538d4483b29f4d4720521dce3c96c955ea1f13d0a06c44d81aee3934a8fb6f91b87cb2942e5f20cb0af7c9443de5fa232a6a84a7971903a5f7f8e8e2a7f336719e85971201364e820bd5475fdb77d995e5235c96aa92ef3e2fa6a3a0211b78d464ea911b001fd94e2f7c6e01e3f903edbd50dab92691f1855b9da98ab47b2e9efaebcc86ee2e953b67c021f165ebcc758011034adbbf68d7609e64c3e66510f0b752c2faffd9655cbab0a1faf5f1d4c9aca18511d5cdfe3d465014f401c4ba3f8897bafb6f323d2f27bff5bd111e419d0a540369fe2b7631c24243f43de25ad2ac3c8ba6bf415c044f74c0eca7d12f7c9cbd175d18d849dfd02685a63096e190f90aa2824ec4402b0c1e822f40ac2e2134b9a3f8578de33438a106517b0b046bf8aa22d0902ac10873d46ac826f55b8fa992827c64333f9a8591122fa7ceb1d1420d2f59f1dd8e497cb1cc31180262d5170e66c641935152435647b83c9781aedbe61c4b4eb5c09b9dbd1aa1c0365cdfa7119507a2eebcdeb4489176f01a5a48cac677b80bec2d4dbfc2e017da81eb178bfed2d85e710807b3fe881d3535ae9171ba6732001f31496f5cbd070d8be66e0744260934bcfc606606194203cd88a1867b6f6e2496af489fae8c34295a47105543e4cdb761ba19c55e51874dcedcbd5f4acb62283072a0e4ef9e84fa23adf202fe4eb3a7308a0954ce7460c70ea5974c8719d6ccf7fc480ace24741eeb90ecc3d7cfba29051211cfc6496d35a91f4a33a38961517dbeb4d4050059cc697ebdf7bf445c513342218c76fd17b2e2377a015f9c4eb44ad30601746a525217ef002de414732c003246404fde9ad11b0bc6525b9229559eda81a46114844f05ed7bbdffc6cca7838deb89d6f1b39d2fd8054c69b5b356d3a9b7d67d8ccf6cea3d74b35f7e0ec10f82253698b5981b00f3799d2300e41e9cf313dd0b4e63951edb83b4ce5101c4ef5d60e002fcee1276504b58a86f26290dfb2becc4180d3b07bb45f2612485f0262bfae6392940bf47f941fc21dac2fc4cad11d9f74fc7630a446cce5285a7118117d34f49a384fa0b246544d5e94e8d0c8d44ba06b97a529bc85238c198ffa4bb3542981fb23638c92b19847ed33eec662449c1b5836a7b8736199e371d879cd7bf810718093e3c173c1aea8366039dad3791a64d5394f8e26ec43718bca516fe1aa33c972a9af943b8e81ac07663477c2b3e64c26f1f470f4c307ff653f9a748d30322bab28f9f4361e625d0d056e7789c01cfe49f28a8e8bf81a7cee629f6966e3f58f89d349e1ecb7f71e2a97fdc4f590ee702d9cd9a7dd61a77f3e952877fff366a24b38afb16bdb779d1199fb7958afb2e0ab4bd147f46076ceda01214d5ecbf647e3b08179550861c7a1920722d63dbbdd65103c29a6f8530df0a294404445100620474fd119bb617359485c652da872ffc50a100d0693bb96aef2dfb897ce35ad358cd37eb3d4ecd983fcd964403c4e12443db908fe9806d694c8aa0a67fe998233cc13958349554599935b80f88946095acf351ea194f0939470d3427b69c502abe1aa3ae79bb4b40ff79ad13461561611b39868a307ccfea8a9f68598deaf4be3fa4c856497fd3f967a57765fda71823048ef90df169a56a2d218a299a1878bd0c521ae062b0d1341d9a64d9ac7fb3b35aff5c7d2ef9539665d5701e95995eb5adbae8964438761a2d4ef161f1a3978ea90290e8826ba7409dc123458104c22fbe51ecec74926112a106e5ce9dc32cf14da7f2450a13d59a78da3ff442aa64636e7c14c6040ca841c318c63718115c5ed5a993d8a540846837697513b3ca9a2cda7317612bb1d42891082bf6a559a762d093c4f3313faff21e2fe3b23eea0e1a64f32389c1d5a2383c38c74db859d0e7eaafcb7db502e7ea00bac6dfe2c7de041aa70e865f5e14f277d419c17c60a3199500b66bf0a28cd4409434d255ee3523975402b193b4fb932967059ca35fa07818bb2c0e6fe7b6f180f48d26e6f4cf116140962528ebfd0b7dcadec1bb4065dc51f53479a499c99de924988f8cd916de5e4433155549b9c9f9ad419b4cfa6bcdc4e4ba24c6b43eca03c487c475145e5a1e384602dea84c77977539bf4740e96148674a9c6e2c61574c97ad53fde6cbca25dbc6bdc48bf67f0a5529890329bd4e30f8f9fad08c0091a45a88c57d82361fe9d0b041901f11adf7ff0ef00ee1c54ed9fee26d6888af843aa5ee18a619c7e27af82925794da9c922805d578dfcc05f2e278d930f02b4ac61703d1baec8cbe55ce7b15733cc388c7fc70da15712b43eb52b7767b218c90410635d86a4c7440bd6dcfbf3bace3abca1d6e838a74702890f37d3ec41f12e381dca0d75764b82ed4942036093c4414037390405bb579a7c04c33abf6432153408b1e2856e1b6b13e6f593ae34efeab9178647dea4fe3a2217e4de6382253444696206df8641b89b629d4b03a4aabd967f7b2a756b8d4762d90746476c741269a921aed3d7bffde5b35347ad4d4f607ee1b17159c3a19a16b98258e5a728125c447a73bf2251ef6af9199f3e2356962dd095bc7a691500ef127ac942bd475faf6f1b348004c1018390c6db56ffd9ab408b20647bebd30b159a6d3d33394ed8229352849001f2602edb32fd919fb75487c527b7552cfb27918ee0c066a7c8347fe5e4dac17be13f9ea1cc8ca32986316a1c4c6a02d05c3a249fabc02d235ab058ec85991722a561677c32b1a5c1e4395a70d517c5df57236d9d04cfc8737bbe420afe08e6cd996bb51303498a1d89248d0822736ef61124f024ad519440b1c42b5d4c589dbcea11d1761a9662288db85dab7efeaa2f26c9c1569e9baafb5b9c3e9afc92117a3a9ea8b37f3c6f33697f902487f36a143d9c4feae7dcec3716ed49a37a30fe22da7fe86afc97ae3f60e21bf99605c0b98e1fb45fb34e65e25220a9e2586a219ec76f2f27687d97faf9cef72498da7bc0ee3249eadb5349835120f7e838746262a79d30e1512af1bf2fcdd287bceb97c9bf309127c52dde2d9048f8d25ded34d7631b01624f325075b9663c7ee4e4e9b34120098d8429f53bc90a7c1ffa65002ca83ea51cc8c1396add13e2e939dd1713e3048f9f09c5c0a876909adaadf0b69e9b4c80455e5c0384ac082e0918af5ff981c810d08a7afba2d68d44f065a928264a1cfbcd10910c628b6e660235850fd4bf63210949f6d86346b5c627b8e474f5b21403135a0f2f6f3cabd3779f025d6914a6936bee2e9091489d8842170d51757f5173358e8601dc21c004cfeb58e5ec6d0c87cd396029d363a55b8e00658c02622982419ab6f300afe890151cddd5aed62a48366dbfea0c1d536818c36ca23bbed3e5ad3288a098e3d012a959823813fcce56b33a46d219c18c124cfb7c1df9b92a39bab6f34"}}, @lifetime_val={0x24}]}, 0x1000}}, 0x0) 18.993921106s ago: executing program 3 (id=1568): inotify_add_watch(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', 0x0) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000180)=[0x0, 0x0], &(0x7f0000000040), 0x2, r2}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000380)={0x0, 0x1, &(0x7f00000003c0)=[r2], &(0x7f0000000200), &(0x7f0000000300)=[r3], &(0x7f0000000340)}) 18.74966547s ago: executing program 3 (id=1569): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000001f00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000001f80)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f0000002140)={0x0, 0x0, &(0x7f0000002100)={&(0x7f0000001fc0)={0x4c, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_SEC_DEVKEY={0x30, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x20, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}]}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x4c}}, 0x0) 18.637171636s ago: executing program 1 (id=1570): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_int(r0, &(0x7f0000000540), 0xfffffdd8) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) fsopen(&(0x7f0000002200)='erofs\x00', 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 16.824573805s ago: executing program 1 (id=1579): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r2}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000c00)={0x1190, 0x3b, 0x107, 0x0, 0x0, {0x3, 0x7c}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\b\x00'}]}, @typed={0xc, 0x129, 0x0, 0x0, @u64=0x8}, @nested={0x1111, 0x83, 0x0, 0x1, [@generic="7ecaee46de67c5ecb859fbf22173ef8385b04c4aec7b9f0f37bc141a218319a8d761a2", @typed={0x5, 0x1, 0x0, 0x0, @binary="9f"}, @generic="f4c8ef57fa33e0dda6cbce83055d3a16456c0cbf91f56290d8ceb4c7db30a0e5c0d72f706a3ed4a47c718d50694faae86d49373e86941a7c148030b15a5fb6563df0d919c44cf968ed140c165274ac08566640b4395820c1d504ad6436097b82883af419e2ca357878ba4e991ea0271edbe74cca3776050e4adb9275429063e670b1ff8d4168bde125292a565ff753789e498206d0179e836fa7dfd7088a88afe027d014dc0b2faefaa3db847e25fef7b7eb077b78e6bd7b33e4ef979db972ca26b0bdeec128c48a41b344fa77efaa3e667dc5d216165b6c04cc23c9069979540d45", @generic="94fc7b492b7abd9e6c23ddb00af0a5f2938d0ea6ad3c31fbc331f8c1b6526d71284c66772d5fb08c45000588a6c8d810eaec0854ecdccc4f1cf51c2d361b9bcd65577d8622a44619d91fb1b81379e227202f0ed9883cffb7b6cddc9086c25ea6b67dc508540e7d10ebfa96b379a2367e82c43e3438375c16cb6bd72c666e026a02aab254aa203f15ec5dadc8e614f2e456b344a031c69a17d383fbb7c85f35270f146680a3eddf05326809f3f7290fafaec5e71b5a67f29a3cae0d4aedda7ddd38f2cfbd46cbfa4a5b5fee5b77789ea58f3f6711db2cd495bf18e9034ceed00fcf9c95a9b3c334ea1c71ba3287fa99e3427e14967b0593d0d217cefe9245386d71a8bcfbc5a2b6fed2fcf2e8073d77d4a2cf13c1b5373a4f94cfb3b67fbfb780233373ce7dddac9c3997d5753243a3d6c0d235d4c0659d3720607c1908d7793270a1424645c6f5919c165e09414332ee411160d3ec63597f72f9e186bdc1de18309cb196137d56e181eb45554bd45c7c46dd9ba0efa1d9b587f109e08f0b18790fe6abafe637c49d7f884cfc5590c462615622509d2d260f2c8be11d70c6ecfa6fde6325c801da76220332f55ba4e3b44c0d0b1e6baa6858ebf0e33dd7e6c1ad6920900dcb1855b3c300384efd32d5f5cce231363b0c9d1060b6ccf2279b41a43e099475565d9c450ad3e7350865ddba1ac8baeb7325d1f5f1152c4e481061c0efafb045eefc22f770c6db965758226f4de5e10b3e8c42ccba6750ecbcbe85d8d5eebd873c4f0330c4a8981cd54144689b2dd7ff4553dffcd35276f9ad738b2df5535002e15add246a1e5365b912f07b09769df5a5496412a6df52cdfd1088c6eabd5a8b4eaa02c6a34faaeb7662b471a63f425fd245781a137aadfca7b94685c9ad55c900a02e1eb58c79b0a9681c0265173b988bb387e1939cb68318f05e29b9dfdc45f5e346ff2fdd43f59653ed0d297db7eb62c7b99044fe94b9b8b94b9a311116602ce9bb545382a45de00e654371a755c844272e211f9a2c9ebcff9cd89f7e37dc567b218a6e0e7fb2071a7f975783aac53bf17570c9058bb0953e8cecce81485dd8532a045efa08247858c00f85d7ca0aade0975ea57d10c871d5355b621da328d638d79d2ba8c2c7645b6315173dff99b410e4c249aeace40aa550130530d78bc27a3dfb6d8e85fdf34656cdab0ae9cb08752bb03c391de6aaf1806124c67163975c48370f99c85a0a74e52a95fd7e10c388f99695570629ab2ee3d7a4190dc03c7fe1b2b1e8f0df404b900657fe81162f9dd84f7e32a58187229b8ca4a85d805e814423f7f1a5f8c64bdea03b1ab3c9a84e63b9f9106401b6746b1ea9db13cb68b8a93a7c8953e08e14369278cdb20501069e42455c633369f88774291d563b0009c5aeaa6b97822f8162fe2ec1cfd4097c8b4e15502bef79f414ef76baa872c716679773fcfbe65578f3d8fada9fb40741ac16f44237e00a3905293015e4962203945a5fddcc0dfa47ca013d9353de3474493754f89be962a6ffa21eacb256f75055ee9631e3b549e8606bdcbf1c4bb094702e119addce0e5506467c5b50d8c82a6d9b7617d0753ecd61cd4705d2b0efda28029e5f8584188f4dba185385ba5fc6b9be3f2d74db6bef967e057b1853131c7bb40528e19d53cb78865aa80163700dc1426dd2975f94779ea503419d03c9c393ea024abea2094e11c95d95a50273aa140609a3fcda636be6125deb3be610e0d2bcb52986fb99d499ff3fcd97b2a62f2453cebe0c0c9b85fbed8c64b5e1ef87ea584a60efaf738daa1bde0b07c4b8507cba2b5945c24266013e6c2ea60a3a80a7ab9607b6b4a0a01324ea103acc9dc395ff99989f17ee6f7d77d085de29be5124b3f48c7c880d971f6980746fa95a56feb846d3aaa204e13e5725c871ee476cc11ff421e178f4d5d52eec251cf59fdb99ce2919be5526ce648c1d4766fdb85f89121987e0424a7428c3eaea2ea8e9c77854ab6026eae07ba465f718ed39ca4389026cec127f81bb039bafdd06dbcd5117e9438b25d5e4a9992391447309d99cbefd7c8ab9425014d8c26b74a4355f11faa283caa4c917ee79a7c7dca5688a6d41aa5d0fcda70947428a2c6bac7865f19384a5a509c6472adbf1fec1e3c7507e7ea3857440932e36129f95eae5136333abe249ef59b6fa522de53592d4af131c0975ca8f5afc37ae85aa197ff90ec3e3bb2435eae845c8d6328bf29d163cd33b05da5cfccc091076e4a79426c0de3283ffce1f8b0eab0a6f964e2b4f497926e5a4140971c3239618d1b411ce3a3904af03341cf00836f1e7aed0098cd924364bf18e1061f9c88f2cf794a102dd89014db9e9f0e595db89157566573ec9621d33fecc4c464a8891df1dc311aa6ee4892032203350a15b67e126e05acc28b7703d8029832059342aeaf0157fe21c3b34463834154cfff710b1e120c83d25940f87149801094fbd5865a992fb4c96052f432c81d7d1ea3997a0c6480644bec094e1a698ac86425c91bfb03599002554d412c1ec761dd3d40bccdb15e133edafd7f61ead2d089262050c1c8a7bdb94485a28221319c66abe671dc0e39655660aef969f714dbbe5811962d672598a50bd6cf78fd3996908688e0b63700c4908b0651ddb4a2f0e3b8138b48b7559321302c9a29fd06d4e34058a98573de3b8d975baac5a9a3cd3a4a8d7050c99e0435977e7cc4a8b26b079e7380ca3c8197f2b9bda2501ad756d6ea273a87ff6dbc7e823b91cec44a0f7e94e6acf36438b8398b5514a40264215c995313d10130577c1c892090ba942417680038f760d5de5e0d59abe5951bcf68f4a6b3975cc0af6e60f5b87dbbff827f42f38fdcaa0aae8866148b946986dea506bf59b3b76250d208b11accbe923d25c26062ae342790d0afef092103e772f6024e8e38f478986684cc0d199a178d1d1aa507eb4e36621441eb69bd28022e76e7406aaa8ec4e42cdcbfb831a441656812dacf554d5333c51a03beb9b1548d9fd379fa0aaf95bf15d6be310ff253a88c535d3669ac1072ee2261ed3176960c84a6bb3104271bdddc79d5876d0908424186d7f0a90ff37f77f2cb2eca7a787f3b9895d1db337efda5d5e1edaf42039831978120af6aa4525400e085d30f5b6631a80663b844812c6bc9d64547f5d164a4cbb7de00d19a0df9bf81384971c0a3b0a05adfb24180f3a6ee12254a84a3651d1185fe19fcc0bd45903425a53270642b0850f56c1db4b18cd10827bd97ae90e46b84d1c7b96424ec490c991d54e0a7d068711f640622496493f4528c7258b772770d5ca035884af1a77d3d56a9babc88e2a10f911af30fd267362e21caa520d200514cdf2ae310c0261ada21bc7cb59b313ec5c2aeed5599026b2fdd712321bad08047bb58b2c48a0346201be2c2dcdeaca42f0f1169c9b763c4e41e63130cb87b18974f3d9c623e7b733f8e71e4b6aa632cf557cea8987b4ec2442c04010905b4895c18ebf81f88ac37bf925242f7405522c9e7f50dd58270ab0a72e9e43ea68a518be786700eb3b774abfeebc30bbf323c0897aee5cf95682c45e0fbecc8423431250c33e973bd6490624011db7a4f445c1ded77b94f3f8121f2e9ff31ef0901a5545994d5fe3ce1e5ac2a11b90b2a478f65d2f810d0316569ad53a179080fe091688049d47046be4fd9e7a831b1ac193a94b970e4f6bbe76ffaf9562c39ff8c728da9abb98b75f6f2ca97a8a94a37915a04f4317bc5298140e788b3f992880b93ecf9ea4fbdf5781b8c23b4e41923f96ec94c23f1194956106fca337feff783b49f6d35837e0ba2cd821c109189e3f8e5b3161411c93efe23a4e3dfd75cd975227242ab026db27f0d7c05708190ec8fbe83fbae9b1de646ed47b1f5facf4a9d9b8c75f877ebf7f45dec8118e678e561cb55b2f3545c88994ed1a4f73e14828722e5188b1e5dc26096f6b0597b2860d8160c588b319f599f423fb443ba1d01d064fb7891ca0d5010070502456573970f755d98eac141b813273da20b865dc6d21580377cf60a9fb2ada31f145539b85ab053ba013d8b6e58e38a5e9b0d4ed3221744918a2e3a86e01d152d69ba57324071deab6e5d466c7e1ea05236398da5bc6311ce6856680e361a5e3c796bca0af91b07e31c33a451e9caa80e8c6c568031560f0ec47ef2c0b683670974eff8d2a88345aa604555d541c0ef4cb131639a3535b4ee0934e1ff59c855515095728e183af52120009b701daedaed28924c716cc769ecbe6315113c67093a84d2c97bfecc9a9ddfc23f4fcce87c5fa4159ee40df91a934f5592c7fbc8cd4399bdd877af7c8aa3b123899c84a4b30ac16280dcea242ee8509aba3b915ee481f74afa62249a5cf076775c8e0b2a89eee6841bfdf88b5ce418e974f92cbf26296507359002daad3f1d4c9b62cc088eaf0bec977de97fbc879384faeffecb23ac3a055c832f3ff4cc4ac95dbbb8e307046f58b368d7a4db73715c9a28422a48c21b4163d525124619df4897dd77d36e0fb5816baaac61ab41c79c7a6291c3b240304e087fbac60f8ff3bb2ada30b18ccd35aedf7545363ce163ebbb4cd80c6897e60b68f4e44a39e669ce5e73303151195af31d7e21f534ef60edf6138ba9d29fd131c635e036039dedd7ac6b219c213caa74ca4d208e29d0114dddd21d4ef48ce12df997d9c10f2eb5089480fb90ac9d1ae6874daa21bf25b61ed608aa00aa238c625f009b7e2fcd737e70f128d900da8cc69597fdb1104568627f50dbe7bba2d56f797dc95e4e504865720e480e641d577999bcb2e7e3385d7b0efc09b2c8e81a244d7f83f5d847b922ee8a223e7f775647172cf82ab8969648197dc2cde54c79e2ffc2ee353db634b314ad5f8fcc4458790835eab559b31fd9d84a7b2af28264ef39c65af01bac8f42fad3461c224d5d8f113a870f5789ae2e421af745def6779cd12ff723d19b4eaa48296b786e9ed173a125580608a24cc1dc949d8e7dca75150e069929e85123153fefde33a85efc37c1f78bff34d80ce0a862fe98a5a62c934772d076288a1577231fa30c9bb5ce44b83ecd8eaf1863a6f7fe4940f20d228d749f88af42ef26519ee3b774fdd2c5c8e3cbd7f56aee30988fbd68220395ad56328454984ef017a7a23c4958375fb874537776d3e18db5db2d6dd70541fdcb3ff149393d9b945be7179390bcbd8a4a9b013793a2ee38d2736e7fe916c076b240a94bc7451b3f1df2d614a84cbcdbc085d0e85e4b2956afb9bc415c85b9315b9e091b1097f466ffab4c9452f9ca0e6efc5d23361787bf317a32e99e79b85c52ba12406a8bcba252fbda0afdfe5a4e4f3af5b8d4c2a742f7d8d29a53b44a89d03548d647ae1fd7ead4af54780b9e234bd0cfaa78346bbffd9d87c1b38073e89d04a78ccd9b7f389337cae9148b55db450c189ca90d678c75d0c3fb2c0b9481b13749ac79076518e6c21a383faa5a4d00400b9694cd9eb3cd2c652a8d8a04cf149c0ec3f1eb8358c5dd03b159996ebe0a779363027e68603de579cf8b4dd5288db20c2d488602a6964a5c290e83a26cd4527dab6af86351b331ffb1a44ad049eca9ab9ca5c37061a753748758f9f14d3d47d8a6fce79a83918d53b20c53ff923b3a03aa369c9b61cc11c7f44fc09310bae54abc02f3d041e20e9746571bd1d422bc6be1291e5f40d21ff465281de10e9369e70a6b232261fa7c799cd8e33ac4213f0dd3fe0288ebf61c76322a1ff892f2e86b339b91513fb1c32f1a7f6a8df31285971aaa93e0eaf2e"]}, @generic="3058811d639ff3c3c759c5dd36df73384f43c7a015bb9453f9d3b64860004bee747a99ccf67514c8681fc285b01a0aa48c77", @typed={0x8, 0x7c, 0x0, 0x0, @fd=r2}, @nested={0xd, 0x38, 0x0, 0x1, [@generic="1802d706fcb25f049e"]}]}, 0x1190}}, 0x0) 16.341358889s ago: executing program 1 (id=1582): r0 = socket(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) write(0xffffffffffffffff, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4) write(r0, &(0x7f0000000000)='\"', 0x1) recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0) 8.799526206s ago: executing program 2 (id=1604): statfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000500)=""/4096) r0 = shmget$private(0x0, 0x3000, 0x4, &(0x7f0000ffa000/0x3000)=nil) shmctl$SHM_INFO(r0, 0xe, &(0x7f0000000140)=""/128) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000100)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x7fffffff, 0x6, 0x32}, 0x9c) bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000001b80), &(0x7f0000001940)=0xe2) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000001980), 0xc) sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) shmctl$SHM_STAT(r0, 0xd, &(0x7f0000000080)=""/42) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f0000001600)={0x0, 0xd6, "ab347fb1151edfaf5db4405a5ad6601fbfe4211b8a4d01717c0ba9ef1bf00ce24a3fcf4be6c59bf12287a13534a563c3d6f3b9f213344b02b0a1493daf3f098bd2a07ac52e554c32e2239f671285ebf093b85bc64a7827542634d44bda767e7495e319ab0779b35eb558c15f962b2f61cd74d547bcca8b1c5a054d52aefee632bf0a142fe00d80168be67c33b4752a8a12da8b881e4cda288d8f52332a68cb14b915d95e6b9609adcde77c7bb9dcc7bca72d86032ca797f5e136c285328feb78519b3e0694e4874570435155157392a624f85b7c5c56"}, &(0x7f0000001700)=0xde) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000001740)={r4, @in6={{0xa, 0x4e23, 0x3, @private1, 0xd03}}, 0x6, 0x9e2, 0x2, 0x4, 0xfffffffd}, &(0x7f0000001800)=0x98) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000300)={0x20, 0x4, 0x20, 0xff, 0xf1, 0x2, 0xe, 0x20, 0xfb, 0x1, 0x80, 0x40, 0x94, 0xd5}, 0xe) r5 = socket$nl_route(0x10, 0x3, 0x0) shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000200)=""/86) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0xd01591ce27e4290}, 0x0) quotactl_fd$Q_SETINFO(r5, 0xffffffff80000601, 0xee00, &(0x7f00000000c0)={0x7, 0x1, 0x0, 0x2}) ioctl$sock_inet6_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000440)) r6 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000000)={0x6, 0x1e, 0x6, 0xda, 0x0, 0x16, 0x24, 0x7f, 0x3f, 0x3, 0x0, 0x7, 0x80, 0x6}, 0xe) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000280)={'ip6_vti0\x00', &(0x7f0000000340)=@ethtool_eeprom={0x43, 0xd29, 0x10000, 0xac, "2c25883baf75d02d6d6cc79f60a74529682c001c4993646a9aaf2dfd8830042cf95d59ce3bb028aad9fe7c7d4b6f6b82439683511971a669b6c496cca4bb720e75696d8fc41089807080373bf415af10ff109e130ff229eb8310966dcb3deac22b766f0339d81683dd7adeab7ae447ac4a5d3294e98bc53d54c8556ae2a2edb694fd5ee9661c0f6265e8c26cc5a649eea8482e2ff24530f5dffafc16606021b687b3c86a22fcd02a84b97889"}}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000001a40)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000001b40)={&(0x7f0000001a00)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000001b00)={&(0x7f0000001a80)=@ipv6_deladdrlabel={0x60, 0x49, 0x200, 0x70bd2a, 0x25dfdbfc, {0xa, 0x0, 0x3f, 0x0, r7, 0x8000}, [@IFAL_LABEL={0x8, 0x2, 0x6}, @IFAL_ADDRESS={0x14, 0x1, @empty}, @IFAL_ADDRESS={0x14, 0x1, @empty}, @IFAL_ADDRESS={0x14, 0x1, @private0}]}, 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x40) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r1) sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f00000015c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001580)={&(0x7f0000001500)={0x58, r8, 0x100, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void, @val={0xc, 0x99, {0x90, 0x70}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}], @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x58}}, 0x4000051) syz_emit_vhci(&(0x7f0000000480)=ANY=[@ANYBLOB="040e050039200317b4966dd30f1cadd7ee12e06c79950679db79bfb2ed6b5ed3bce16d2376d4cbff956f91b60c548b74b4f7699f893451e2f73385ea067811e4b979a90023f2c66a8b15b2d25b42fc9c2ceae02f8d4ea8a3ff891fb3a8e1e7954993ab"], 0x7) 6.873510556s ago: executing program 2 (id=1606): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$cont(0x7, r0, 0x0, 0x97f) 6.573542446s ago: executing program 2 (id=1609): r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x100) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) r2 = syz_io_uring_setup(0x5169, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000200), &(0x7f0000000000)=0x0) syz_io_uring_setup(0x5e0, &(0x7f0000000300), &(0x7f0000000040)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) socketpair$unix(0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$unix(0x1, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000640)=ANY=[@ANYBLOB], 0xd) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000100)={0xe, 0x4, 0x4, 0x36e}, 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x7, [@fwd, @func_proto={0x0, 0x0, 0x0, 0xd, 0x3}, @const={0x0, 0x0, 0x0, 0xa, 0x1}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x43}, 0x20) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) fcntl$setpipe(r6, 0x407, 0x0) io_uring_enter(r2, 0xb15, 0x0, 0x0, 0x0, 0x0) 5.441759035s ago: executing program 2 (id=1614): socket$kcm(0x21, 0x2, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000240), &(0x7f0000000380)=0x4) r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0)) read$dsp(r3, &(0x7f00000000c0)=""/108, 0x6c) ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0) read$dsp(r3, &(0x7f0000000200)=""/168, 0xa8) 4.407099013s ago: executing program 2 (id=1615): sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x3c, 0x2, 0x1, 0x0, 0x0, 0x0, {}, [@CTA_ZONE={0x6}, @CTA_STATUS={0x8}, @CTA_STATUS_MASK={0x8}, @CTA_NAT_SRC={0x10, 0x6, 0x0, 0x1, [@CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6}]}]}]}, 0x3c}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x30, 0x0, 0x1, 0x0, 0x0, 0x0, {}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @remote={0xac, 0x3}}}}]}, @CTA_TUPLE_REPLY={0x4}]}, 0x30}}, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="d824000028000100020000080000000008"], 0x24d8}], 0x1}, 0x0) 2.841503465s ago: executing program 0 (id=1618): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000080)=0xc) sendmsg$netlink(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000005180)={0x38, 0x2d, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid=r2}, @nested={0xb, 0x0, 0x0, 0x1, [@generic="976b6408686030"]}, @nested={0x14, 0x1, 0x0, 0x1, [@generic="cd58877919b1363f7db58622a5a46a8b"]}]}, 0x38}], 0x1}, 0x0) 2.75507916s ago: executing program 0 (id=1619): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$cont(0x7, r0, 0x0, 0x97f) 2.631464835s ago: executing program 0 (id=1620): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) readv(r0, &(0x7f0000000000)=[{&(0x7f0000000080)=""/121, 0x79}], 0x1) 2.504545459s ago: executing program 0 (id=1621): socket$caif_stream(0x25, 0x1, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000080)={'ip6erspan0\x00', @random="201a4847569b"}) socket$tipc(0x1e, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f00000009c0)='net/tcp6\x00') read$FUSE(r0, &(0x7f00000082c0)={0x2020}, 0x2020) ioperm(0x7, 0x0, 0x2) futex_waitv(0x0, 0x0, 0x2, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x2004c840}, 0x4000044) socket(0x40000000015, 0x5, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x801) r4 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000000)={0x27}, 0x74) bind$nfc_llcp(r4, &(0x7f0000000380)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d929849825e6573561bd1ca44c226af5160e000000007760760beeab91e81597c80004da000000020000000000000000b0d800000000005bc42ffdd2b6b9c2"}, 0x60) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) ioctl$UFFDIO_CONTINUE(r3, 0x8010aa01, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 2.237587884s ago: executing program 2 (id=1622): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_int(r0, &(0x7f0000000540), 0xfffffdd8) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) fsopen(&(0x7f0000002200)='erofs\x00', 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 1.832827533s ago: executing program 4 (id=1623): socket$kcm(0x21, 0x2, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000240), &(0x7f0000000380)=0x4) r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0)) read$dsp(r3, &(0x7f00000000c0)=""/108, 0x6c) ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0) read$dsp(r3, &(0x7f0000000200)=""/168, 0xa8) 828.510181ms ago: executing program 4 (id=1624): sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@ip_retopts={{0x14, 0x110, 0xd, {[@rr={0x7, 0x3}]}}}], 0x18}, 0x0) 622.707519ms ago: executing program 4 (id=1625): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) execveat(r0, &(0x7f0000000280)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0, 0x1000) 481.200816ms ago: executing program 0 (id=1626): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)={0x38, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x3}]}]}, 0x38}}, 0x0) 297.699985ms ago: executing program 4 (id=1627): seccomp$SECCOMP_GET_NOTIF_SIZES(0x3, 0x0, &(0x7f00000001c0)) 281.26714ms ago: executing program 0 (id=1628): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(0xffffffffffffffff, 0x6628) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@multicast2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in6=@loopback, 0x0, 0x6c}}}, 0xe8) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd) socket(0x0, 0x6, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000380), 0x7b95b611, 0x802) writev(r2, 0x0, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @multicast1}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f5, &(0x7f00000001c0)={'syztnl0\x00'}) keyctl$dh_compute(0x17, 0x0, &(0x7f0000000480)=""/250, 0xfa, &(0x7f00000001c0)={&(0x7f0000000080)={'wp512-generic\x00'}}) close(r0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 191.429262ms ago: executing program 4 (id=1629): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) readv(r0, &(0x7f0000000000)=[{&(0x7f0000000080)=""/121, 0x79}], 0x1) 0s ago: executing program 4 (id=1630): openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f00000002c0)={[{@grpquota}, {@data_ordered}, {@resuid}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@resgid}, {@usrquota}, {@data_err_abort}, {@usrjquota}]}, 0x1, 0x5d8, &(0x7f0000001200)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r1 = open(&(0x7f0000000200)='./bus\x00', 0x10103e, 0x0) mmap(&(0x7f0000298000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ftruncate(r1, 0x8) ftruncate(r0, 0x6) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000080)=""/152) kernel console output (not intermixed with test programs): ][ T8456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 296.739803][ T8456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 296.750739][ T8456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 296.761262][ T8456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 296.772227][ T8456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 296.790195][ T8456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 296.813068][ T8456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 296.843576][ T8656] EXT4-fs error (device loop3): empty_inline_dir:1833: inode #12: block 7: comm syz.3.968: bad entry in directory: rec_len % 4 != 0 - offset=4, inode=4278190093, rec_len=255, size=60 fake=0 [ 297.182105][ T5106] Bluetooth: hci0: command tx timeout [ 297.317533][ T8656] EXT4-fs warning (device loop3): empty_inline_dir:1840: bad inline directory (dir #12) - inode 4278190093, rec_len 255, name_len 0inline size 60 [ 297.404889][ T8456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.436840][ T8456] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 297.516093][ T8641] netlink: 'syz.1.967': attribute type 5 has an invalid length. [ 297.545155][ T8651] netlink: 'syz.1.967': attribute type 1 has an invalid length. [ 297.557510][ T8651] netlink: 4 bytes leftover after parsing attributes in process `syz.1.967'. [ 297.748945][ T8456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.814490][ T8456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.877504][ T8456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.916932][ T8456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.942201][ T8456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.956013][ T8456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.966110][ T8456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.977643][ T8456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.988192][ T8456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 298.002128][ T8456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.015071][ T8456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 298.027874][ T8456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.045782][ T8456] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 298.117800][ T8456] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.137422][ T8456] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.154946][ T8456] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.197856][ T8456] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.715560][ T61] hsr_slave_0: left promiscuous mode [ 298.743636][ T61] hsr_slave_1: left promiscuous mode [ 298.750313][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 298.762116][ T61] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 298.776008][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 298.787901][ T61] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 298.865691][ T61] veth1_macvtap: left promiscuous mode [ 298.871517][ T61] veth0_macvtap: left promiscuous mode [ 298.877391][ T61] veth1_vlan: left promiscuous mode [ 298.883510][ T61] veth0_vlan: left promiscuous mode [ 299.181847][ T8321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 299.941257][ T61] team0 (unregistering): Port device team_slave_1 removed [ 300.010178][ T61] team0 (unregistering): Port device team_slave_0 removed [ 301.151475][ T51] vhci_hcd: vhci_device speed not set [ 302.219002][ T8703] netlink: 'syz.1.979': attribute type 5 has an invalid length. [ 302.262287][ T29] audit: type=1326 audit(1721225065.128:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8702 comm="syz.1.979" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff95e775a99 code=0x0 [ 302.371355][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 302.403957][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 302.523162][ T8714] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9) [ 302.529806][ T8714] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 302.611814][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 302.639490][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 302.670886][ T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 302.682939][ T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 302.693530][ T8714] vhci_hcd vhci_hcd.0: Device attached [ 302.722967][ T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 302.762553][ T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 302.773280][ T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 302.780648][ T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 302.840562][ T8549] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 302.918889][ T9] vhci_hcd: vhci_device speed not set [ 302.964340][ T8714] netlink: 'syz.1.979': attribute type 1 has an invalid length. [ 303.003603][ T8714] netlink: 4 bytes leftover after parsing attributes in process `syz.1.979'. [ 303.016909][ T9] usb 11-1: new full-speed USB device number 4 using vhci_hcd [ 303.031416][ T8549] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 303.045911][ T8549] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 303.069963][ T8549] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 303.262218][ T5156] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 303.301852][ T8718] vhci_hcd: connection reset by peer [ 303.342211][ T52] vhci_hcd: stop threads [ 303.351257][ T52] vhci_hcd: release socket [ 303.377695][ T52] vhci_hcd: disconnect device [ 303.482270][ T5156] usb 1-1: Using ep0 maxpacket: 8 [ 303.493196][ T5156] usb 1-1: New USB device found, idVendor=12ef, idProduct=0100, bcdDevice=8c.b6 [ 303.497266][ T8722] chnl_net:caif_netlink_parms(): no params data found [ 303.550488][ T8549] 8021q: adding VLAN 0 to HW filter on device bond0 [ 303.563408][ T5156] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.611723][ T5156] usb 1-1: config 0 descriptor?? [ 303.658466][ T5156] usb 1-1: active config #0 != 1 ?? [ 303.881491][ T51] usb 1-1: USB disconnect, device number 9 [ 303.925231][ T8549] 8021q: adding VLAN 0 to HW filter on device team0 [ 304.037447][ T8722] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.070817][ T8722] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.092527][ T8722] bridge_slave_0: entered allmulticast mode [ 304.121598][ T8722] bridge_slave_0: entered promiscuous mode [ 304.157159][ T8722] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.173083][ T8722] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.192920][ T8722] bridge_slave_1: entered allmulticast mode [ 304.200309][ T8722] bridge_slave_1: entered promiscuous mode [ 304.380734][ T8722] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 304.410268][ T8722] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 304.443378][ T5126] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.450568][ T5126] bridge0: port 1(bridge_slave_0) entered forwarding state [ 304.607403][ T5126] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.614667][ T5126] bridge0: port 2(bridge_slave_1) entered forwarding state [ 304.736171][ T8722] team0: Port device team_slave_0 added [ 304.788906][ T8722] team0: Port device team_slave_1 added [ 304.837307][ T54] Bluetooth: hci3: command tx timeout [ 306.127771][ T8781] loop2: detected capacity change from 0 to 64 [ 306.136403][ T8722] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 306.172785][ T8722] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 306.226199][ T8722] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 306.323704][ T8722] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 306.330697][ T8722] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 306.376589][ T8781] Process accounting resumed [ 306.394812][ T8781] program syz.2.989 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 306.479478][ T8722] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 306.902612][ T54] Bluetooth: hci3: command tx timeout [ 307.052819][ T8722] hsr_slave_0: entered promiscuous mode [ 307.278988][ T8722] hsr_slave_1: entered promiscuous mode [ 307.297649][ T5106] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 307.315339][ T5106] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 307.326593][ T5106] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 307.337432][ T5106] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 307.359081][ T5106] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 307.383110][ T5106] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 307.400669][ T8722] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 307.441078][ T8722] Cannot create hsr debugfs directory [ 307.556444][ T8804] input: syz0 as /devices/virtual/input/input10 [ 308.192403][ T9] vhci_hcd: vhci_device speed not set [ 308.204969][ T8818] loop7: detected capacity change from 0 to 1036 [ 308.231057][ T2845] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.308378][ T2845] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 308.587283][ T8818] netlink: 'syz.2.995': attribute type 39 has an invalid length. [ 308.644060][ T2845] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.660734][ T2845] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 308.926380][ T8825] loop2: detected capacity change from 0 to 128 [ 308.949726][ T2845] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.970460][ T8825] msdos: Unknown parameter 'usefRee' [ 308.982960][ T54] Bluetooth: hci3: command tx timeout [ 308.999731][ T2845] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 309.178503][ T8549] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 309.463796][ T54] Bluetooth: hci5: command tx timeout [ 310.012758][ T8825] loop2: detected capacity change from 0 to 4096 [ 310.072568][ T8825] ntfs3: Unknown parameter 'dots' [ 310.169407][ T8722] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 310.365354][ T2845] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 310.395034][ T2845] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 310.885396][ T8722] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.063102][ T54] Bluetooth: hci3: command tx timeout [ 311.187030][ T8722] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.361427][ T8851] loop2: detected capacity change from 0 to 1024 [ 311.496292][ T8851] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.1000: bad orphan inode 2097152 [ 311.531670][ T8851] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 311.542193][ T54] Bluetooth: hci5: command tx timeout [ 311.562473][ T8722] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.786770][ T2845] bridge_slave_1: left allmulticast mode [ 311.805111][ T2845] bridge_slave_1: left promiscuous mode [ 311.828449][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 311.833415][ T2845] bridge0: port 2(bridge_slave_1) entered disabled state [ 311.874058][ T2845] bridge_slave_0: left allmulticast mode [ 311.887749][ T2845] bridge_slave_0: left promiscuous mode [ 311.910420][ T2845] bridge0: port 1(bridge_slave_0) entered disabled state [ 311.984744][ T8862] loop2: detected capacity change from 0 to 64 [ 312.127743][ T8862] Process accounting resumed [ 312.133764][ T8862] program syz.2.1002 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 313.508935][ T2845] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 313.530960][ T2845] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 313.531509][ T8874] loop2: detected capacity change from 0 to 128 [ 313.563518][ T8874] msdos: Unknown parameter 'usefRee' [ 313.576828][ T2845] bond0 (unregistering): Released all slaves [ 313.622605][ T54] Bluetooth: hci5: command tx timeout [ 313.707702][ T8869] vlan2: entered allmulticast mode [ 313.743730][ T8869] bond0: entered allmulticast mode [ 313.750045][ T8869] bond_slave_0: entered allmulticast mode [ 313.781430][ T8869] bond_slave_1: entered allmulticast mode [ 313.817979][ T8874] loop2: detected capacity change from 0 to 4096 [ 313.819180][ T8869] bond0: left allmulticast mode [ 313.830475][ T8874] ntfs3: Unknown parameter 'dots' [ 313.859227][ T8869] bond_slave_0: left allmulticast mode [ 313.886194][ T8869] bond_slave_1: left allmulticast mode [ 314.114936][ T8549] veth0_vlan: entered promiscuous mode [ 314.138576][ T8880] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 314.143802][ T8798] chnl_net:caif_netlink_parms(): no params data found [ 314.222369][ T8880] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 314.227892][ T8883] loop2: detected capacity change from 0 to 256 [ 314.286546][ T8883] vfat: Unknown parameter '9-gq#l>Θ4ISbF#7A[D3)W1*2' [ 314.660480][ T8722] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 314.690940][ T8722] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 314.715475][ T8549] veth1_vlan: entered promiscuous mode [ 314.794342][ T2845] hsr_slave_0: left promiscuous mode [ 314.803244][ T2845] hsr_slave_1: left promiscuous mode [ 314.820972][ T2845] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 314.882132][ T2845] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 314.923062][ T2845] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 314.952229][ T2845] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 315.026519][ T2845] veth1_macvtap: left promiscuous mode [ 315.054140][ T2845] veth0_macvtap: left promiscuous mode [ 315.059824][ T2845] veth1_vlan: left promiscuous mode [ 315.085993][ T2845] veth0_vlan: left promiscuous mode [ 315.703045][ T54] Bluetooth: hci5: command tx timeout [ 316.375427][ T2845] team0 (unregistering): Port device team_slave_1 removed [ 316.506851][ T2845] team0 (unregistering): Port device team_slave_0 removed [ 317.561579][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.568197][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.497355][ T8722] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 318.536672][ T8722] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 318.867307][ T8798] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.902254][ T8798] bridge0: port 1(bridge_slave_0) entered disabled state [ 318.909547][ T8798] bridge_slave_0: entered allmulticast mode [ 318.943436][ T8798] bridge_slave_0: entered promiscuous mode [ 318.963860][ T8798] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.971710][ T8798] bridge0: port 2(bridge_slave_1) entered disabled state [ 319.003101][ T8798] bridge_slave_1: entered allmulticast mode [ 319.010592][ T8798] bridge_slave_1: entered promiscuous mode [ 319.023903][ T54] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 319.215062][ T8915] netlink: 'syz.0.1013': attribute type 5 has an invalid length. [ 319.216428][ T29] audit: type=1326 audit(1721225082.098:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8914 comm="syz.0.1013" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0555975a99 code=0x0 [ 319.260226][ T8549] veth0_macvtap: entered promiscuous mode [ 319.303485][ T8798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 319.321664][ T8915] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 319.328215][ T8915] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 319.339526][ T8798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 319.358275][ T8915] vhci_hcd vhci_hcd.0: Device attached [ 319.572312][ T9] vhci_hcd: vhci_device speed not set [ 319.643401][ T8549] veth1_macvtap: entered promiscuous mode [ 319.652199][ T9] usb 9-1: new full-speed USB device number 2 using vhci_hcd [ 319.721733][ T8798] team0: Port device team_slave_0 added [ 319.740492][ T8922] netlink: 'syz.0.1013': attribute type 1 has an invalid length. [ 319.752925][ T8922] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1013'. [ 319.777242][ T8922] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 319.791783][ T8922] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 319.802586][ T8922] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 319.812144][ T8922] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 319.890495][ T8918] vhci_hcd: connection closed [ 319.910640][ T2880] vhci_hcd: stop threads [ 319.952344][ T2880] vhci_hcd: release socket [ 319.954627][ T8798] team0: Port device team_slave_1 added [ 319.962317][ T2880] vhci_hcd: disconnect device [ 320.081051][ T8798] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 320.116109][ T8798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 320.181333][ T8798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 320.210925][ T8549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 320.232225][ T8549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.254712][ T8549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 320.287224][ T8549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.321810][ T8549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 320.342108][ T8549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.382079][ T8549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 320.412332][ T8549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.432227][ T8549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 320.462247][ T8549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.500409][ T8549] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 320.538360][ T8798] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 320.562717][ T8798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 320.632198][ T8798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 320.701971][ T8549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 320.740826][ T8549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.772101][ T8549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 320.792313][ T8549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.812191][ T8549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 320.851425][ T8549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.875703][ T8549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 320.896460][ T8549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.922165][ T8549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 320.942096][ T8549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.964539][ T8549] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 321.121918][ T8938] loop2: detected capacity change from 0 to 128 [ 321.145044][ T8798] hsr_slave_0: entered promiscuous mode [ 321.153235][ T8938] msdos: Unknown parameter 'usefRee' [ 321.182955][ T8798] hsr_slave_1: entered promiscuous mode [ 321.195753][ T8798] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 321.203889][ T8798] Cannot create hsr debugfs directory [ 321.234392][ T8549] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.272150][ T8549] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.281683][ T8549] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.310852][ T8549] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.350411][ T8938] loop2: detected capacity change from 0 to 4096 [ 321.372897][ T8938] ntfs3: Unknown parameter 'dots' [ 321.967863][ T8951] loop2: detected capacity change from 0 to 256 [ 322.003513][ T8951] exfat: Deprecated parameter 'utf8' [ 322.026013][ T8951] exfat: Unknown parameter 'dmaskWMm|' [ 322.148200][ T2845] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 322.182993][ T2845] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 322.317799][ T8722] 8021q: adding VLAN 0 to HW filter on device bond0 [ 322.366530][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 322.414767][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 322.529956][ T8722] 8021q: adding VLAN 0 to HW filter on device team0 [ 322.595250][ T5155] bridge0: port 1(bridge_slave_0) entered blocking state [ 322.602489][ T5155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 322.918807][ T1628] bridge0: port 2(bridge_slave_1) entered blocking state [ 322.926054][ T1628] bridge0: port 2(bridge_slave_1) entered forwarding state [ 323.531846][ T8968] loop4: detected capacity change from 0 to 1024 [ 323.562495][ T8968] EXT4-fs (loop4): bad geometry: first data block 100663296 is beyond end of filesystem (512) [ 323.574721][ T8971] loop2: detected capacity change from 0 to 64 [ 325.108537][ T8974] netlink: 277 bytes leftover after parsing attributes in process `syz.4.944'. [ 325.223211][ T9] vhci_hcd: vhci_device speed not set [ 326.016419][ T8722] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 326.183033][ T8986] binder: BINDER_SET_CONTEXT_MGR already set [ 326.252440][ T8986] binder: 8985:8986 ioctl 4018620d 20000100 returned -16 [ 326.456590][ T8798] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 326.526889][ T8798] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 326.550441][ T8798] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 326.652341][ T8798] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 326.726339][ T8977] loop2: detected capacity change from 0 to 2048 [ 326.874540][ T8722] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 327.069090][ T9001] loop4: detected capacity change from 0 to 4096 [ 327.113524][ T9001] ntfs3: Bad value for 'gid' [ 327.118180][ T9001] ntfs3: Bad value for 'gid' [ 327.236200][ T8722] veth0_vlan: entered promiscuous mode [ 327.309562][ T8798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 328.310250][ T8722] veth1_vlan: entered promiscuous mode [ 328.399351][ T9019] loop4: detected capacity change from 0 to 1024 [ 328.428434][ T9019] EXT4-fs: Ignoring removed nomblk_io_submit option [ 328.496410][ T9019] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 328.497004][ T9019] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 328.514594][ T8798] 8021q: adding VLAN 0 to HW filter on device team0 [ 328.537315][ T9019] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #11: comm syz.4.1030: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 328.540398][ T9019] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.1030: couldn't read orphan inode 11 (err -117) [ 328.545465][ T9019] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 328.571669][ T8722] veth0_macvtap: entered promiscuous mode [ 328.636402][ T5156] bridge0: port 1(bridge_slave_0) entered blocking state [ 328.636472][ T5156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 328.669724][ T5230] bridge0: port 2(bridge_slave_1) entered blocking state [ 328.747791][ T5230] bridge0: port 2(bridge_slave_1) entered forwarding state [ 328.778636][ T9019] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.1030: Invalid block bitmap block 0 in block_group 0 [ 328.787661][ T9019] Quota error (device loop4): write_blk: dquota write failed [ 328.787909][ T9019] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 328.790154][ T9019] EXT4-fs error (device loop4): ext4_acquire_dquot:6848: comm syz.4.1030: Failed to acquire dquot type 0 [ 328.829712][ T8722] veth1_macvtap: entered promiscuous mode [ 328.936678][ T9019] netlink: 'syz.4.1030': attribute type 10 has an invalid length. [ 328.987737][ T9019] team0: Device ipvlan1 failed to register rx_handler [ 329.014912][ T9035] loop2: detected capacity change from 0 to 256 [ 329.029381][ T9035] vfat: Unknown parameter '9-gq#l>Θ4ISbF#7A[D3)W1*2' [ 329.146282][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 329.219396][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.258004][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 329.258386][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.258410][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 329.259136][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.259156][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 329.259171][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.260331][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 329.260353][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.260369][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 329.260381][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.266364][ T8722] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 329.420285][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 329.420312][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.420323][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 329.420337][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.420348][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 329.420361][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.420373][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 329.420385][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.420396][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 329.420410][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.420422][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 329.420436][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.421888][ T8722] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 329.513350][ T8549] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 329.628887][ T8722] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 329.628927][ T8722] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 329.628954][ T8722] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 329.628979][ T8722] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.309457][ T9067] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1041'. [ 330.452796][ T9070] bond0: option all_slaves_active: invalid value (209) [ 330.505910][ C0] eth0: bad gso: type: 1, size: 1408 [ 330.639990][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 330.672232][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 330.817586][ T8798] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 330.866355][ T2799] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 330.902924][ T2799] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 331.012511][ T8798] veth0_vlan: entered promiscuous mode [ 331.217128][ T8798] veth1_vlan: entered promiscuous mode [ 331.959176][ T8798] veth0_macvtap: entered promiscuous mode [ 332.004743][ T8798] veth1_macvtap: entered promiscuous mode [ 332.081583][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 332.101855][ T9096] loop2: detected capacity change from 0 to 256 [ 332.141970][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.252491][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 332.322236][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.367425][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 332.402344][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.429733][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 332.462306][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.514044][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 332.554704][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.591293][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 332.638956][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.667586][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 332.711562][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.750845][ T8798] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 332.830898][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 332.895543][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.936640][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 332.959532][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.976652][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 332.992188][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.010317][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 333.048396][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.058817][ T9120] loop3: detected capacity change from 0 to 1024 [ 333.067451][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 333.096086][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.140066][ T9120] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 333.166358][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 333.203902][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.227929][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 333.254112][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.307247][ T8798] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 333.386202][ T9121] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1051'. [ 333.444864][ T9121] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1051'. [ 333.491109][ T9121] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1051'. [ 333.546151][ T8798] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.558414][ T29] audit: type=1800 audit(1721225096.438:146): pid=9120 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1050" name="bus" dev="loop3" ino=864 res=0 errno=0 [ 333.623839][ T8798] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.639258][ T8798] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.650194][ T8798] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.661339][ T29] audit: type=1804 audit(1721225096.528:147): pid=9120 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1050" name="/newroot/3/file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop3" ino=864 res=1 errno=0 [ 334.915452][ T9140] loop4: detected capacity change from 0 to 1024 [ 334.969198][ T9140] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 335.182636][ T1109] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 335.190603][ T1109] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.336917][ T9155] binder: 9151:9155 ioctl c018620c 20000180 returned -1 [ 335.352621][ T54] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 335.386818][ T2799] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 335.392744][ T9156] netlink: 'syz.0.1060': attribute type 5 has an invalid length. [ 335.402329][ T2799] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.687212][ T29] audit: type=1326 audit(1721225098.568:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9154 comm="syz.0.1060" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0555975a99 code=0x0 [ 335.793305][ T9156] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 335.799871][ T9156] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 335.808152][ T9156] vhci_hcd vhci_hcd.0: Device attached [ 336.055442][ T9] vhci_hcd: vhci_device speed not set [ 336.163188][ T9185] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1067'. [ 336.172971][ T9] usb 9-1: new full-speed USB device number 3 using vhci_hcd [ 336.227181][ T9185] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1067'. [ 336.304345][ T9181] netlink: 'syz.0.1060': attribute type 1 has an invalid length. [ 336.327851][ T9181] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1060'. [ 336.508270][ T9172] vhci_hcd: connection closed [ 336.518823][ T9189] loop3: detected capacity change from 0 to 4096 [ 336.540737][ T2845] vhci_hcd: stop threads [ 336.547122][ T9189] ntfs3: Bad value for 'gid' [ 336.551761][ T9189] ntfs3: Bad value for 'gid' [ 336.559211][ T2845] vhci_hcd: release socket [ 336.563933][ T2845] vhci_hcd: disconnect device [ 336.776609][ T9199] loop3: detected capacity change from 0 to 1024 [ 336.810423][ T9199] EXT4-fs: Ignoring removed nomblk_io_submit option [ 336.830381][ T9199] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 336.894695][ T9199] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 336.971265][ T9199] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #11: comm syz.3.1066: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 337.023771][ T9199] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.1066: couldn't read orphan inode 11 (err -117) [ 337.164121][ T9199] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 337.352690][ T9199] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.1066: Invalid block bitmap block 0 in block_group 0 [ 337.372387][ T9199] Quota error (device loop3): write_blk: dquota write failed [ 337.429563][ T9199] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 337.440221][ T9199] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.1066: Failed to acquire dquot type 0 [ 337.612914][ T9189] netlink: 'syz.3.1066': attribute type 10 has an invalid length. [ 337.675822][ T9189] team0: Device ipvlan1 failed to register rx_handler [ 337.989955][ T8722] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 338.417794][ T9228] loop1: detected capacity change from 0 to 1024 [ 338.521481][ T9228] EXT4-fs (loop1): bad geometry: first data block 100663296 is beyond end of filesystem (512) [ 338.887045][ T9236] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1084'. [ 340.027289][ T9245] netlink: 277 bytes leftover after parsing attributes in process `syz.1.1080'. [ 340.118430][ T54] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 340.364215][ T9243] netlink: 'syz.0.1086': attribute type 5 has an invalid length. [ 340.663589][ T29] audit: type=1326 audit(1721225103.548:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9242 comm="syz.0.1086" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0555975a99 code=0x0 [ 340.807128][ T9254] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 340.813767][ T9254] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 340.930486][ T9254] vhci_hcd vhci_hcd.0: Device attached [ 341.036679][ T9261] loop3: detected capacity change from 0 to 1024 [ 341.106002][ T9261] syz.3.1090: attempt to access beyond end of device [ 341.106002][ T9261] loop3: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 341.109802][ T9252] loop4: detected capacity change from 0 to 512 [ 341.153988][ T9257] netlink: 'syz.0.1086': attribute type 1 has an invalid length. [ 341.172374][ T9261] hfsplus: cannot replace xattr [ 341.184185][ T9257] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1086'. [ 341.242457][ T9252] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 341.353486][ T9252] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e018, mo2=0006] [ 341.402825][ T9252] System zones: 0-2, 18-18, 34-35 [ 341.422437][ T9255] vhci_hcd: connection closed [ 341.424851][ T2799] vhci_hcd: stop threads [ 341.471159][ T2799] vhci_hcd: release socket [ 341.490583][ T9252] EXT4-fs (loop4): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 341.522334][ T9274] binder: 9270:9274 ioctl c018620c 20000180 returned -1 [ 341.540321][ T2799] vhci_hcd: disconnect device [ 341.582370][ T9] vhci_hcd: vhci_device speed not set [ 342.048070][ T8549] EXT4-fs (loop4): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 342.137552][ T9288] loop2: detected capacity change from 0 to 512 [ 342.243092][ T9288] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 342.246895][ T9291] ieee802154 phy0 wpan0: encryption failed: -22 [ 342.351517][ T9288] ext4 filesystem being mounted at /42/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 342.579037][ T9288] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.1101: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled [ 342.762226][ T9288] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.1101: bg 0: block 18: invalid block bitmap [ 342.859174][ T9288] Quota error (device loop2): write_blk: dquota write failed [ 342.877577][ T9258] loop1: detected capacity change from 0 to 2048 [ 342.926191][ T9288] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 342.993502][ T9288] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.1101: Failed to acquire dquot type 1 [ 343.141154][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 343.224189][ T5106] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 343.247355][ T5106] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 343.262461][ T5106] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 343.270582][ T5106] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 343.281592][ T5106] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 343.300647][ T5106] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 343.540725][ T9309] loop3: detected capacity change from 0 to 4096 [ 343.581257][ T9309] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 343.659437][ T9309] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 343.679257][ T5106] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 343.696461][ T9309] ntfs3: loop3: Failed to load $Extend (-22). [ 343.721493][ T9313] binder: 9312:9313 ioctl c018620c 20000180 returned -1 [ 343.742310][ T9309] ntfs3: loop3: Failed to initialize $Extend. [ 343.794711][ T2880] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.905599][ T9315] netlink: 'syz.2.1110': attribute type 5 has an invalid length. [ 343.952126][ T29] audit: type=1800 audit(1721225106.818:150): pid=9309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1108" name="bus" dev="loop3" ino=33 res=0 errno=0 [ 344.077383][ T29] audit: type=1326 audit(1721225106.898:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9314 comm="syz.2.1110" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd22e575a99 code=0x0 [ 344.082345][ T2880] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.182989][ T9317] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9) [ 344.189795][ T9317] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 344.266228][ T9317] vhci_hcd vhci_hcd.0: Device attached [ 344.458935][ T9334] loop1: detected capacity change from 0 to 1024 [ 344.494333][ T5230] vhci_hcd: vhci_device speed not set [ 344.590332][ T5230] usb 13-1: new full-speed USB device number 2 using vhci_hcd [ 344.656157][ T2880] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.716512][ T9334] hfsplus: request for non-existent node 3 in B*Tree [ 344.741065][ T9334] hfsplus: request for non-existent node 3 in B*Tree [ 344.761719][ T9326] vhci_hcd: connection closed [ 344.766508][ T35] vhci_hcd: stop threads [ 344.842074][ T35] vhci_hcd: release socket [ 344.892825][ T35] vhci_hcd: disconnect device [ 344.944522][ T9331] netlink: 'syz.2.1110': attribute type 1 has an invalid length. [ 344.970356][ T9340] loop3: detected capacity change from 0 to 512 [ 344.988684][ T9331] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1110'. [ 345.049863][ T9331] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 345.064116][ T9331] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 345.085530][ T9340] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 345.108538][ T9331] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 345.117786][ T9340] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 345.139537][ T9331] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 345.194540][ T9340] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.1116: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled [ 345.303818][ T9340] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.1116: bg 0: block 18: invalid block bitmap [ 345.358157][ T9340] Quota error (device loop3): write_blk: dquota write failed [ 345.370492][ T2880] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 345.392228][ T5106] Bluetooth: hci0: command tx timeout [ 345.402587][ T9340] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 345.429170][ T9338] netlink: 'syz.0.1114': attribute type 10 has an invalid length. [ 345.437605][ T9340] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.1116: Failed to acquire dquot type 1 [ 345.506855][ T8722] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 345.610390][ T9338] team0: Device ipvlan1 failed to register rx_handler [ 345.663003][ T9348] loop3: detected capacity change from 0 to 1024 [ 345.774925][ T9348] syz.3.1118: attempt to access beyond end of device [ 345.774925][ T9348] loop3: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 345.848870][ T9303] chnl_net:caif_netlink_parms(): no params data found [ 345.857797][ T9348] hfsplus: cannot replace xattr [ 346.204271][ T9364] loop3: detected capacity change from 0 to 4096 [ 346.217588][ T9364] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 346.338305][ T9364] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 346.371640][ T9364] ntfs3: loop3: Failed to load $Extend (-22). [ 346.396873][ T9303] bridge0: port 1(bridge_slave_0) entered blocking state [ 346.399086][ T9364] ntfs3: loop3: Failed to initialize $Extend. [ 346.468758][ T9303] bridge0: port 1(bridge_slave_0) entered disabled state [ 346.498203][ T9303] bridge_slave_0: entered allmulticast mode [ 346.530462][ T9303] bridge_slave_0: entered promiscuous mode [ 346.557315][ T2880] bridge_slave_1: left allmulticast mode [ 346.573078][ T2880] bridge_slave_1: left promiscuous mode [ 346.585791][ T2880] bridge0: port 2(bridge_slave_1) entered disabled state [ 346.597785][ T29] audit: type=1800 audit(1721225109.478:152): pid=9364 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1123" name="bus" dev="loop3" ino=33 res=0 errno=0 [ 346.636182][ T2880] bridge_slave_0: left allmulticast mode [ 346.653342][ T2880] bridge_slave_0: left promiscuous mode [ 346.660205][ T2880] bridge0: port 1(bridge_slave_0) entered disabled state [ 346.897487][ T9376] loop1: detected capacity change from 0 to 512 [ 346.975528][ T9353] loop2: detected capacity change from 0 to 2048 [ 347.177702][ T9376] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 347.230977][ T9376] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e018, mo2=0006] [ 347.273852][ T9376] System zones: 0-2, 18-18, 34-35 [ 347.288634][ T9376] EXT4-fs (loop1): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 347.462572][ T5106] Bluetooth: hci0: command tx timeout [ 348.012619][ T9387] loop2: detected capacity change from 0 to 4096 [ 348.024316][ T9387] ntfs3: Bad value for 'gid' [ 348.028975][ T9387] ntfs3: Bad value for 'gid' [ 348.077176][ T8798] EXT4-fs (loop1): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 348.335440][ T9389] loop2: detected capacity change from 0 to 1024 [ 348.351579][ T9389] EXT4-fs: Ignoring removed nomblk_io_submit option [ 348.379494][ T9389] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 348.390155][ T9389] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 348.443273][ T9389] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #11: comm syz.2.1130: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 348.477157][ T9393] binder: 9390:9393 ioctl c018620c 20000180 returned -1 [ 348.504310][ T9389] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.1130: couldn't read orphan inode 11 (err -117) [ 348.566221][ T9389] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 348.747326][ T9389] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.1130: Invalid block bitmap block 0 in block_group 0 [ 348.802964][ T9389] Quota error (device loop2): write_blk: dquota write failed [ 348.857160][ T9389] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 348.872944][ T9389] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.1130: Failed to acquire dquot type 0 [ 348.936220][ T2880] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 348.965235][ T2880] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 348.989803][ T2880] bond0 (unregistering): Released all slaves [ 349.045692][ T9303] bridge0: port 2(bridge_slave_1) entered blocking state [ 349.082345][ T9303] bridge0: port 2(bridge_slave_1) entered disabled state [ 349.122338][ T9303] bridge_slave_1: entered allmulticast mode [ 349.165087][ T9303] bridge_slave_1: entered promiscuous mode [ 349.358296][ T9389] netlink: 'syz.2.1130': attribute type 10 has an invalid length. [ 349.419978][ T9389] team0: Device ipvlan1 failed to register rx_handler [ 349.544232][ T5106] Bluetooth: hci0: command tx timeout [ 349.570383][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 349.635211][ T9303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 349.694753][ T9303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 349.712411][ T5230] vhci_hcd: vhci_device speed not set [ 349.866310][ T9421] netlink: 'syz.2.1137': attribute type 1 has an invalid length. [ 349.902340][ T9421] netlink: 9280 bytes leftover after parsing attributes in process `syz.2.1137'. [ 349.919777][ T9421] netlink: 'syz.2.1137': attribute type 1 has an invalid length. [ 349.932616][ T9421] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1137'. [ 350.089892][ T2880] hsr_slave_0: left promiscuous mode [ 350.111610][ T2880] hsr_slave_1: left promiscuous mode [ 350.166572][ T2880] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 350.195549][ T2880] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 350.231220][ T2880] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 350.252197][ T2880] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 350.358287][ T2880] veth1_macvtap: left promiscuous mode [ 350.376987][ T2880] veth0_macvtap: left promiscuous mode [ 350.390751][ T2880] veth1_vlan: left promiscuous mode [ 350.400463][ T2880] veth0_vlan: left promiscuous mode [ 350.885227][ T9426] loop2: detected capacity change from 0 to 2048 [ 351.498601][ T51] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 351.627363][ T5106] Bluetooth: hci0: command tx timeout [ 351.686544][ T51] usb 3-1: Using ep0 maxpacket: 32 [ 351.718104][ T51] usb 3-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 351.728368][ T51] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 351.760946][ T51] usb 3-1: config 0 descriptor?? [ 351.783168][ T51] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 351.790647][ T2880] team0 (unregistering): Port device team_slave_1 removed [ 351.917736][ T2880] team0 (unregistering): Port device team_slave_0 removed [ 351.927128][ T9448] binder: 9447:9448 ioctl c018620c 20000180 returned -1 [ 353.064074][ T9303] team0: Port device team_slave_0 added [ 353.103637][ T51] gspca_sunplus: reg_w_riv err -110 [ 353.115888][ T51] sunplus 3-1:0.0: probe with driver sunplus failed with error -110 [ 353.138258][ T9432] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1141'. [ 353.168035][ T9303] team0: Port device team_slave_1 added [ 353.302489][ T51] usb 3-1: USB disconnect, device number 12 [ 353.412851][ T9303] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 353.431772][ T9303] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 353.437021][ T9454] loop1: detected capacity change from 0 to 32768 [ 353.496293][ T9303] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 353.551339][ T9303] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 353.559501][ T9303] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 353.587287][ T9303] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 353.733077][ T9454] XFS (loop1): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 353.925321][ T9303] hsr_slave_0: entered promiscuous mode [ 353.941231][ T9303] hsr_slave_1: entered promiscuous mode [ 353.951136][ T9303] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 353.959409][ T9303] Cannot create hsr debugfs directory [ 354.120979][ T9454] XFS (loop1): Ending clean mount [ 354.417914][ C0] eth0: bad gso: type: 1, size: 1408 [ 354.426294][ T9491] loop3: detected capacity change from 0 to 1024 [ 354.546261][ T9454] overlay: ./file2 is not a directory [ 354.589552][ T9491] syz.3.1151: attempt to access beyond end of device [ 354.589552][ T9491] loop3: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 354.644498][ T9491] hfsplus: cannot replace xattr [ 354.698185][ T9498] loop2: detected capacity change from 0 to 4096 [ 354.724160][ T9498] ntfs3: Bad value for 'gid' [ 354.728944][ T9498] ntfs3: Bad value for 'gid' [ 354.935383][ T9505] binder: 9503:9505 ioctl c018620c 20000180 returned -1 [ 354.973363][ T8798] XFS (loop1): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 354.989724][ T9504] loop2: detected capacity change from 0 to 1024 [ 355.053222][ T9504] EXT4-fs: Ignoring removed nomblk_io_submit option [ 355.101793][ T9504] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 355.146830][ T9504] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 355.265776][ T9504] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #11: comm syz.2.1154: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 355.332648][ T9504] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.1154: couldn't read orphan inode 11 (err -117) [ 355.427941][ T9504] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 355.487495][ T9504] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.1154: Invalid block bitmap block 0 in block_group 0 [ 355.578869][ T9504] Quota error (device loop2): write_blk: dquota write failed [ 355.652608][ T9504] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 355.699977][ T9506] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1155'. [ 355.725866][ T9504] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.1154: Failed to acquire dquot type 0 [ 355.787878][ T9522] netlink: 'syz.2.1154': attribute type 10 has an invalid length. [ 355.846429][ T9522] team0: Device ipvlan1 failed to register rx_handler [ 356.266627][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 356.361366][ T9303] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 356.440211][ T9546] loop3: detected capacity change from 0 to 1024 [ 356.447932][ T5106] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 356.534292][ T9546] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 356.603900][ T9543] netlink: 'syz.1.1157': attribute type 5 has an invalid length. [ 356.644438][ T9303] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 356.682610][ T9303] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 356.693797][ T29] audit: type=1800 audit(1721225119.568:153): pid=9546 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1162" name="bus" dev="loop3" ino=864 res=0 errno=0 [ 356.748929][ T29] audit: type=1804 audit(1721225119.608:154): pid=9546 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1162" name="/newroot/29/file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop3" ino=864 res=1 errno=0 [ 356.843454][ T29] audit: type=1326 audit(1721225119.608:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9542 comm="syz.1.1157" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb718775a99 code=0x0 [ 356.868650][ T9303] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 356.876714][ T9550] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9) [ 356.883252][ T9550] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 356.898692][ T9550] vhci_hcd vhci_hcd.0: Device attached [ 357.102933][ T9553] block device autoloading is deprecated and will be removed. [ 357.112113][ T5230] vhci_hcd: vhci_device speed not set [ 357.150689][ T9553] syz.2.1164: attempt to access beyond end of device [ 357.150689][ T9553] md102: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 357.183101][ T5230] usb 11-1: new full-speed USB device number 5 using vhci_hcd [ 357.428478][ T9563] netlink: 'syz.1.1157': attribute type 1 has an invalid length. [ 357.436528][ T9563] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1157'. [ 357.505632][ T9563] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 357.539302][ T9563] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 357.629310][ T9563] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 357.634428][ T9554] vhci_hcd: connection closed [ 357.642551][ T61] vhci_hcd: stop threads [ 357.661045][ T61] vhci_hcd: release socket [ 357.671827][ T9563] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 357.687543][ T61] vhci_hcd: disconnect device [ 358.004254][ T9303] 8021q: adding VLAN 0 to HW filter on device bond0 [ 358.094882][ T9303] 8021q: adding VLAN 0 to HW filter on device team0 [ 358.175432][ T5156] bridge0: port 1(bridge_slave_0) entered blocking state [ 358.182633][ T5156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 358.220269][ T9588] usb usb6: usbfs: process 9588 (syz.3.1175) did not claim interface 0 before use [ 358.277799][ T5157] bridge0: port 2(bridge_slave_1) entered blocking state [ 358.285016][ T5157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 358.546003][ T9596] syz.2.1177: attempt to access beyond end of device [ 358.546003][ T9596] md102: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 358.789325][ T9605] loop3: detected capacity change from 0 to 1024 [ 358.901226][ T9605] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 359.154431][ T9303] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 359.175349][ T8722] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 359.453059][ T9632] usb usb6: usbfs: process 9632 (syz.0.1187) did not claim interface 0 before use [ 359.660366][ T9643] Driver unsupported XDP return value 0 on prog (id 167) dev N/A, expect packet loss! [ 359.972272][ T9654] syz.3.1192: attempt to access beyond end of device [ 359.972272][ T9654] md102: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 360.060986][ T9303] veth0_vlan: entered promiscuous mode [ 360.098889][ T9303] veth1_vlan: entered promiscuous mode [ 360.219736][ T9303] veth0_macvtap: entered promiscuous mode [ 360.239384][ T5151] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 360.268013][ T9303] veth1_macvtap: entered promiscuous mode [ 360.359665][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 360.400627][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 360.438635][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 360.462117][ T5151] usb 1-1: Using ep0 maxpacket: 16 [ 360.464912][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 360.477223][ T5151] usb 1-1: no configurations [ 360.477245][ T5151] usb 1-1: can't read configurations, error -22 [ 360.497687][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 360.566141][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 360.586420][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 360.608922][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 360.642145][ T5151] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 360.651084][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 360.693785][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 360.718494][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 360.740237][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 360.761690][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 360.794584][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 360.852980][ T9303] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 360.872152][ T5151] usb 1-1: Using ep0 maxpacket: 16 [ 360.913007][ T5151] usb 1-1: no configurations [ 360.930765][ T5151] usb 1-1: can't read configurations, error -22 [ 360.958488][ T5151] usb usb1-port1: attempt power cycle [ 360.999444][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 361.008477][ T9609] loop1: detected capacity change from 0 to 32768 [ 361.042146][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 361.074666][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 361.142258][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 361.190405][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 361.201813][ T9609] XFS (loop1): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 361.252652][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 361.279688][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 361.303780][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 361.330755][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 361.402294][ T5151] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 361.462994][ T9609] XFS (loop1): Ending clean mount [ 361.539796][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 361.602461][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 361.640493][ T5151] usb 1-1: Using ep0 maxpacket: 16 [ 361.642563][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 361.646632][ T5151] usb 1-1: no configurations [ 361.660297][ T5151] usb 1-1: can't read configurations, error -22 [ 361.668355][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 361.680363][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 361.699664][ T9303] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 361.779891][ T9705] x_tables: duplicate underflow at hook 1 [ 361.832777][ T5151] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 362.015421][ T5151] usb 1-1: Using ep0 maxpacket: 16 [ 362.124005][ T5151] usb 1-1: no configurations [ 362.240925][ T5151] usb 1-1: can't read configurations, error -22 [ 362.286169][ T9303] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.325072][ T5151] usb usb1-port1: unable to enumerate USB device [ 362.352449][ T9303] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.361283][ T9303] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.426064][ T9303] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.503161][ T5230] vhci_hcd: vhci_device speed not set [ 362.511530][ T8798] XFS (loop1): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 362.553391][ T9709] loop3: detected capacity change from 0 to 256 [ 362.588335][ T9709] exfat: Unknown parameter '' [ 362.923392][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 362.956457][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 363.050392][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 363.078035][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 363.613559][ T9727] loop2: detected capacity change from 0 to 1024 [ 363.764002][ T9727] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1205'. [ 363.782504][ T9727] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1205'. [ 363.822444][ T9741] usb usb6: usbfs: process 9741 (syz.0.1209) did not claim interface 0 before use [ 363.924357][ T9742] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1205'. [ 364.003320][ T9727] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1205'. [ 364.279336][ T9757] x_tables: duplicate underflow at hook 1 [ 365.140083][ T9756] syz.0.1213: attempt to access beyond end of device [ 365.140083][ T9756] md102: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 365.816974][ T9787] usb usb6: usbfs: process 9787 (syz.2.1222) did not claim interface 0 before use [ 365.890177][ T9790] loop3: detected capacity change from 0 to 2048 [ 365.915410][ T9790] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found! [ 365.989395][ T9790] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 366.144168][ T9798] syz.1.1227: attempt to access beyond end of device [ 366.144168][ T9798] md102: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 367.086464][ T9828] loop2: detected capacity change from 0 to 128 [ 367.172935][ T9832] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1240'. [ 367.187041][ T9831] loop4: detected capacity change from 0 to 2048 [ 367.237007][ T9831] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found! [ 367.280822][ T9831] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 367.443251][ T9836] loop1: detected capacity change from 0 to 256 [ 367.516274][ T9836] exfat: Unknown parameter '' [ 369.155790][ T9875] x_tables: duplicate underflow at hook 1 [ 369.737637][ T9889] loop2: detected capacity change from 0 to 512 [ 369.806704][ T9889] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 369.872978][ T9893] loop4: detected capacity change from 0 to 1024 [ 369.909211][ T9889] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #16: comm syz.2.1256: invalid indirect mapped block 83886080 (level 1) [ 369.993602][ T9889] EXT4-fs (loop2): 1 orphan inode deleted [ 370.010636][ T9893] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 370.023954][ T9889] EXT4-fs (loop2): 1 truncate cleaned up [ 370.031567][ T9889] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 370.079684][ T9889] EXT4-fs error (device loop2): ext4_empty_dir:3103: inode #2: block 13: comm syz.2.1256: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0 [ 370.117401][ T9889] EXT4-fs warning (device loop2): ext4_empty_dir:3105: inode #2: comm syz.2.1256: directory missing '..' [ 370.369773][ T9303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 370.419196][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 371.143730][ T9926] x_tables: duplicate underflow at hook 1 [ 371.615346][ T9932] loop3: detected capacity change from 0 to 512 [ 371.642724][ T9932] EXT4-fs (loop3): blocks per group (95) and clusters per group (32768) inconsistent [ 371.976339][ T9941] loop3: detected capacity change from 0 to 256 [ 372.076597][ T29] audit: type=1800 audit(1721225134.948:156): pid=9941 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1274" name="file0" dev="loop3" ino=1048741 res=0 errno=0 [ 372.256913][ T9947] loop2: detected capacity change from 0 to 512 [ 372.297665][ T9947] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 372.355933][ T9950] MPI: mpi too large (187200 bits) [ 372.463959][ T9947] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #16: comm syz.2.1275: invalid indirect mapped block 83886080 (level 1) [ 372.549900][ T9947] EXT4-fs (loop2): 1 orphan inode deleted [ 372.559863][ T9947] EXT4-fs (loop2): 1 truncate cleaned up [ 372.617561][ T9947] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 372.639511][ T9950] loop4: detected capacity change from 0 to 1024 [ 372.690982][ T9950] hfsplus: bad catalog entry used to create inode [ 372.729460][ T9950] hfsplus: failed to load root directory [ 372.814134][ T9947] EXT4-fs error (device loop2): ext4_empty_dir:3103: inode #2: block 13: comm syz.2.1275: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0 [ 372.852479][ T9947] EXT4-fs warning (device loop2): ext4_empty_dir:3105: inode #2: comm syz.2.1275: directory missing '..' [ 372.937181][ T5153] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 372.985421][ C0] eth0: bad gso: type: 1, size: 1408 [ 373.163610][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 373.259923][ T5153] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 373.281841][ T5153] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 373.330675][ T9967] loop2: detected capacity change from 0 to 512 [ 373.348219][ T5153] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 373.382943][ T9967] EXT4-fs: Ignoring removed mblk_io_submit option [ 373.391047][ T5153] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 373.409936][ T9967] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 373.419607][ T5153] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.457878][ T9967] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002] [ 373.480030][ T9967] System zones: 1-12 [ 373.494016][ T5153] usb 2-1: config 0 descriptor?? [ 373.516668][ T9967] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.1284: corrupted in-inode xattr: e_value size too large [ 373.536781][ T9972] loop3: detected capacity change from 0 to 1024 [ 373.576757][ T9967] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.1284: couldn't read orphan inode 15 (err -117) [ 373.615126][ T9967] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 373.637281][ T9972] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 374.051773][ T8722] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 374.127798][ T9988] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 374.146376][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 374.172895][ T5153] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 374.191747][ T5153] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 374.213519][ T5153] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 374.224455][ T9988] overlayfs: conflicting lowerdir path [ 374.604347][ T9998] loop2: detected capacity change from 0 to 1024 [ 374.676422][ T9998] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 374.694094][T10002] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1294'. [ 375.062529][ T29] audit: type=1800 audit(1721225137.918:157): pid=9998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1291" name="bus" dev="loop2" ino=864 res=0 errno=0 [ 375.145983][ T29] audit: type=1804 audit(1721225137.978:158): pid=9998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1291" name="/newroot/79/file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop2" ino=864 res=1 errno=0 [ 375.826131][T10021] loop2: detected capacity change from 0 to 512 [ 375.848117][T10021] EXT4-fs (loop2): blocks per group (95) and clusters per group (32768) inconsistent [ 376.002240][ T51] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 376.253435][ T51] usb 5-1: Using ep0 maxpacket: 32 [ 376.274911][ T51] usb 5-1: config 0 has an invalid descriptor of length 86, skipping remainder of the config [ 376.300423][ T51] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 376.538339][ T51] usb 5-1: New USB device found, idVendor=0e8d, idProduct=0023, bcdDevice=3a.ab [ 376.552506][ T5126] usb 2-1: USB disconnect, device number 7 [ 376.567840][T10032] loop2: detected capacity change from 0 to 1024 [ 376.567978][ T51] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 376.620898][ T51] usb 5-1: Product: syz [ 376.627105][ T51] usb 5-1: Manufacturer: syz [ 376.649323][ T51] usb 5-1: SerialNumber: syz [ 376.897293][ T51] usb 5-1: config 0 descriptor?? [ 377.163930][T10032] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 377.428508][ C0] eth0: bad gso: type: 1, size: 1408 [ 377.548604][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 377.977091][T10047] loop2: detected capacity change from 0 to 256 [ 378.115521][ T29] audit: type=1800 audit(1721225140.998:159): pid=10047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1307" name="file0" dev="loop2" ino=1048755 res=0 errno=0 [ 378.223275][T10050] loop1: detected capacity change from 0 to 1024 [ 378.435148][T10050] hfsplus: request for non-existent node 3 in B*Tree [ 378.454469][T10050] hfsplus: request for non-existent node 3 in B*Tree [ 378.634724][ T51] usb 5-1: USB disconnect, device number 4 [ 378.801673][T10067] loop4: detected capacity change from 0 to 512 [ 378.868089][T10067] EXT4-fs (loop4): blocks per group (95) and clusters per group (32768) inconsistent [ 378.988373][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.002424][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.849042][T10089] MPI: mpi too large (187200 bits) [ 380.027116][T10089] loop1: detected capacity change from 0 to 1024 [ 380.144061][T10089] hfsplus: bad catalog entry used to create inode [ 380.206405][T10089] hfsplus: failed to load root directory [ 380.223098][ C0] eth0: bad gso: type: 1, size: 1408 [ 380.263054][ T5106] Bluetooth: hci0: unexpected event 0x04 length: 14 > 10 [ 380.627140][T10111] loop3: detected capacity change from 0 to 512 [ 380.722231][ T1628] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 380.748390][T10111] EXT4-fs (loop3): blocks per group (95) and clusters per group (32768) inconsistent [ 380.923278][ T1628] usb 3-1: Using ep0 maxpacket: 32 [ 380.957167][ T1628] usb 3-1: config 0 has an invalid descriptor of length 86, skipping remainder of the config [ 380.984185][T10118] loop1: detected capacity change from 0 to 1024 [ 381.009886][ T1628] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 381.041025][ T1628] usb 3-1: New USB device found, idVendor=0e8d, idProduct=0023, bcdDevice=3a.ab [ 381.088235][ T1628] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 381.116753][ T1628] usb 3-1: Product: syz [ 381.137823][ T1628] usb 3-1: Manufacturer: syz [ 381.153032][ T1628] usb 3-1: SerialNumber: syz [ 381.174747][T10118] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1328'. [ 381.186263][ T1628] usb 3-1: config 0 descriptor?? [ 381.208096][T10124] netlink: 'syz.3.1331': attribute type 23 has an invalid length. [ 381.232408][T10125] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1328'. [ 381.241858][T10125] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1328'. [ 381.276460][T10124] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1331'. [ 381.502521][T10118] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1328'. [ 381.892130][ T5126] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 381.936335][T10135] loop6: detected capacity change from 0 to 16384 [ 382.104279][ T5126] usb 1-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255 [ 382.130245][T10135] I/O error, dev loop6, sector 2048 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0 [ 382.182147][ T5126] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 382.188615][T10143] loop1: detected capacity change from 0 to 1024 [ 382.200221][T10135] I/O error, dev loop6, sector 2304 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0 [ 382.219082][ T5126] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 382.254865][ T5126] usb 1-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 382.294161][T10135] I/O error, dev loop6, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 382.301468][ T5126] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.349400][ T5126] usb 1-1: config 0 descriptor?? [ 382.352476][ T5106] Bluetooth: hci0: command tx timeout [ 382.368309][ T5126] usb-storage 1-1:0.0: USB Mass Storage device detected [ 382.444585][T10143] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 382.471329][ T5126] usb-storage 1-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 382.479486][T10135] Buffer I/O error on dev loop6, logical block 256, async page read [ 382.643861][ T5126] usb 1-1: USB disconnect, device number 14 [ 382.892676][ T29] audit: type=1800 audit(1721225145.768:160): pid=10143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1337" name="bus" dev="loop1" ino=864 res=0 errno=0 [ 382.980236][ T927] usb 3-1: USB disconnect, device number 13 [ 382.989527][ T29] audit: type=1804 audit(1721225145.828:161): pid=10143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1337" name="/newroot/40/file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop1" ino=864 res=1 errno=0 [ 383.237951][ C0] eth0: bad gso: type: 1, size: 1408 [ 383.544007][T10164] netlink: 'syz.1.1344': attribute type 23 has an invalid length. [ 383.612302][T10164] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1344'. [ 383.633115][T10167] loop2: detected capacity change from 0 to 512 [ 383.671253][T10167] EXT4-fs (loop2): blocks per group (95) and clusters per group (32768) inconsistent [ 384.212809][T10178] vxcan0: tx drop: invalid da for name 0x0000000000000004 [ 384.344735][T10182] loop2: detected capacity change from 0 to 1024 [ 384.455797][T10182] hfsplus: request for non-existent node 3 in B*Tree [ 384.477992][T10182] hfsplus: request for non-existent node 3 in B*Tree [ 384.732249][T10159] loop3: detected capacity change from 0 to 32768 [ 384.902680][ T927] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 385.001406][T10159] find_entry called with index >= next_index [ 385.051755][T10159] find_entry called with index >= next_index [ 385.062496][ T5126] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 385.072283][T10159] find_entry called with index >= next_index [ 385.102178][ T927] usb 1-1: Using ep0 maxpacket: 16 [ 385.121037][ T927] usb 1-1: no configurations [ 385.132155][ T927] usb 1-1: can't read configurations, error -22 [ 385.322129][ T927] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 385.322164][ T5126] usb 2-1: Using ep0 maxpacket: 32 [ 385.383185][ T5126] usb 2-1: config 0 has an invalid descriptor of length 86, skipping remainder of the config [ 385.420590][ T5126] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 385.430641][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88805aec1000: rx timeout, send abort [ 385.441905][ C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff88805aec1000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 385.520241][T10194] loop2: detected capacity change from 0 to 1024 [ 385.554616][ T5126] usb 2-1: New USB device found, idVendor=0e8d, idProduct=0023, bcdDevice=3a.ab [ 385.576774][ T927] usb 1-1: Using ep0 maxpacket: 16 [ 385.593991][ T5126] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 385.602501][ T927] usb 1-1: no configurations [ 385.608637][T10194] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 385.612625][ T927] usb 1-1: can't read configurations, error -22 [ 385.625637][ T5126] usb 2-1: Product: syz [ 385.644685][ T5126] usb 2-1: Manufacturer: syz [ 385.657758][ T5126] usb 2-1: SerialNumber: syz [ 385.667116][ T5126] usb 2-1: config 0 descriptor?? [ 385.686333][ T927] usb usb1-port1: attempt power cycle [ 385.822110][ T29] audit: type=1800 audit(1721225148.688:162): pid=10194 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1355" name="bus" dev="loop2" ino=864 res=0 errno=0 [ 385.922218][ T29] audit: type=1804 audit(1721225148.768:163): pid=10194 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1355" name="/newroot/93/file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop2" ino=864 res=1 errno=0 [ 386.172222][ T927] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 386.214983][ T927] usb 1-1: Using ep0 maxpacket: 16 [ 386.221955][ T927] usb 1-1: no configurations [ 386.247150][ T927] usb 1-1: can't read configurations, error -22 [ 386.424985][ T927] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 386.488915][T10202] loop2: detected capacity change from 0 to 2048 [ 386.503170][ T927] usb 1-1: Using ep0 maxpacket: 16 [ 386.513574][ T927] usb 1-1: no configurations [ 386.518177][ T927] usb 1-1: can't read configurations, error -22 [ 386.537465][T10202] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 386.558617][ T927] usb usb1-port1: unable to enumerate USB device [ 386.749508][T10209] loop3: detected capacity change from 0 to 256 [ 386.801739][ T29] audit: type=1800 audit(1721225149.678:164): pid=10209 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1361" name="file0" dev="loop3" ino=1048756 res=0 errno=0 [ 386.864411][T10211] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1362'. [ 387.260459][T10219] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 387.286182][T10221] loop2: detected capacity change from 0 to 512 [ 387.356051][T10221] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 387.477191][T10221] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #16: comm syz.2.1363: invalid indirect mapped block 83886080 (level 1) [ 387.482568][T10230] capability: warning: `syz.3.1368' uses deprecated v2 capabilities in a way that may be insecure [ 387.531610][ T8] usb 2-1: USB disconnect, device number 8 [ 387.553346][T10221] EXT4-fs (loop2): 1 orphan inode deleted [ 387.559373][T10221] EXT4-fs (loop2): 1 truncate cleaned up [ 387.567444][T10221] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 387.707047][T10233] loop4: detected capacity change from 0 to 1024 [ 387.752763][T10233] hfsplus: request for non-existent node 3 in B*Tree [ 387.765291][T10233] hfsplus: request for non-existent node 3 in B*Tree [ 387.780162][T10221] EXT4-fs error (device loop2): ext4_empty_dir:3103: inode #2: block 13: comm syz.2.1363: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0 [ 387.794758][T10236] netlink: 'syz.1.1369': attribute type 11 has an invalid length. [ 387.826599][T10221] EXT4-fs warning (device loop2): ext4_empty_dir:3105: inode #2: comm syz.2.1363: directory missing '..' [ 387.854757][T10236] netlink: 211132 bytes leftover after parsing attributes in process `syz.1.1369'. [ 388.097042][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 388.518246][T10247] loop2: detected capacity change from 0 to 2048 [ 388.541084][ T5106] Bluetooth: hci0: link tx timeout [ 388.548479][ T5106] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 388.590209][T10247] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 389.044274][ C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff88802e14e400: 0x00000: (2) System resources were needed for another task so this connection managed session was terminated. [ 389.243434][T10274] loop4: detected capacity change from 0 to 1024 [ 389.309335][T10274] hfsplus: request for non-existent node 3 in B*Tree [ 389.318968][T10274] hfsplus: request for non-existent node 3 in B*Tree [ 389.611369][T10285] netlink: 'syz.0.1392': attribute type 11 has an invalid length. [ 389.633229][T10285] netlink: 211132 bytes leftover after parsing attributes in process `syz.0.1392'. [ 390.074854][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff8880781c0c00: 0x00000: (2) System resources were needed for another task so this connection managed session was terminated. [ 390.109469][T10296] loop2: detected capacity change from 0 to 1024 [ 390.258204][T10296] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1395'. [ 390.291319][T10302] Bluetooth: MGMT ver 1.23 [ 390.302553][T10302] Bluetooth: hci3: unsupported parameter 65535 [ 390.311189][T10296] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1395'. [ 390.335779][T10302] Bluetooth: hci3: unsupported parameter 65535 [ 390.336246][T10296] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1395'. [ 390.412607][T10304] syz.4.1400 uses obsolete (PF_INET,SOCK_PACKET) [ 390.419587][T10305] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1395'. [ 390.582173][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 390.930637][ T5106] Bluetooth: hci3: unexpected event 0x04 length: 14 > 10 [ 391.653761][T10333] Bluetooth: hci3: unsupported parameter 65535 [ 391.691658][T10333] Bluetooth: hci3: unsupported parameter 65535 [ 392.034344][T10347] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 392.293180][ C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff88802d385c00: 0x00000: (2) System resources were needed for another task so this connection managed session was terminated. [ 392.489154][T10365] loop2: detected capacity change from 0 to 1024 [ 392.614749][T10365] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1423'. [ 392.639574][T10365] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1423'. [ 392.649857][T10365] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1423'. [ 392.688130][T10365] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1423'. [ 392.982518][ T5106] Bluetooth: hci3: command tx timeout [ 393.701834][T10392] loop4: detected capacity change from 0 to 2048 [ 393.773883][T10392] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 394.040256][T10397] loop3: detected capacity change from 0 to 8192 [ 394.101086][T10397] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 394.701690][T10415] loop1: detected capacity change from 0 to 1024 [ 394.730017][ T5106] Bluetooth: hci1: unexpected event 0x04 length: 14 > 10 [ 394.880869][T10415] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1443'. [ 394.979352][T10415] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1443'. [ 395.016518][T10415] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1443'. [ 395.097493][T10415] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1443'. [ 395.364884][T10429] loop3: detected capacity change from 0 to 512 [ 395.405368][T10429] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 395.507434][T10429] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #16: comm syz.3.1448: invalid indirect mapped block 83886080 (level 1) [ 395.530793][T10429] EXT4-fs (loop3): 1 orphan inode deleted [ 395.537977][T10429] EXT4-fs (loop3): 1 truncate cleaned up [ 395.547371][T10429] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 395.586066][T10429] EXT4-fs error (device loop3): ext4_empty_dir:3103: inode #2: block 13: comm syz.3.1448: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0 [ 395.618889][T10429] EXT4-fs warning (device loop3): ext4_empty_dir:3105: inode #2: comm syz.3.1448: directory missing '..' [ 395.862858][T10434] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 396.034939][T10445] bridge0: port 2(bridge_slave_1) entered disabled state [ 396.069167][ T8722] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 396.169641][T10445] bridge_slave_1: left allmulticast mode [ 396.199141][T10445] bridge_slave_1: left promiscuous mode [ 396.222921][T10445] bridge0: port 2(bridge_slave_1) entered disabled state [ 396.602145][ T5126] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 396.669727][T10466] bridge_slave_0: left allmulticast mode [ 396.723840][T10466] bridge_slave_0: left promiscuous mode [ 396.742426][ T5106] Bluetooth: hci1: command 0x0406 tx timeout [ 396.767586][T10466] bridge0: port 1(bridge_slave_0) entered disabled state [ 396.833646][ T5126] usb 5-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255 [ 397.003949][ T5126] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 397.014839][ T5126] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 397.031318][ T5126] usb 5-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 397.040818][ T5126] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 397.087741][ T5126] usb 5-1: config 0 descriptor?? [ 397.110390][ T5126] usb-storage 5-1:0.0: USB Mass Storage device detected [ 397.126661][T10466] bond0: (slave bond_slave_0): Releasing backup interface [ 397.160495][ T5126] usb-storage 5-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 397.273136][T10466] bond0: (slave bond_slave_1): Releasing backup interface [ 397.322185][ T51] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 397.392881][ T5126] usb 5-1: USB disconnect, device number 5 [ 397.512217][ T51] usb 3-1: Using ep0 maxpacket: 32 [ 397.538123][ T51] usb 3-1: config 0 has an invalid descriptor of length 86, skipping remainder of the config [ 397.567174][ T51] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 397.628708][ T51] usb 3-1: New USB device found, idVendor=0e8d, idProduct=0023, bcdDevice=3a.ab [ 397.663897][ T51] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 397.689701][ T51] usb 3-1: Product: syz [ 397.706235][ T51] usb 3-1: Manufacturer: syz [ 397.716299][ T51] usb 3-1: SerialNumber: syz [ 397.746213][ T51] usb 3-1: config 0 descriptor?? [ 397.754691][T10466] team0: Port device team_slave_0 removed [ 397.781868][T10462] loop3: detected capacity change from 0 to 32768 [ 397.856186][T10462] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1460 (10462) [ 397.989677][T10466] team0: Port device team_slave_1 removed [ 398.004789][T10462] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 398.052794][T10462] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 398.066040][T10466] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 398.095569][T10462] BTRFS info (device loop3): using free-space-tree [ 398.152596][T10466] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 398.270818][T10466] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 398.319416][T10466] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 398.663886][T10471] 8021q: adding VLAN 0 to HW filter on device bond0 [ 398.711954][T10471] team0: Port device bond0 added [ 398.714996][T10503] loop4: detected capacity change from 0 to 512 [ 398.798567][T10503] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1464: bg 0: block 393: padding at end of block bitmap is not set [ 398.869487][T10503] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 398.948426][T10503] EXT4-fs (loop4): 2 truncates cleaned up [ 398.980693][T10503] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 399.016688][T10510] libceph: resolve '0' (ret=-3): failed [ 399.209766][ T9303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 399.559748][T10523] loop4: detected capacity change from 0 to 1024 [ 399.681376][ T927] usb 3-1: USB disconnect, device number 14 [ 399.685635][T10523] hfsplus: request for non-existent node 3 in B*Tree [ 399.695554][T10525] overlayfs: missing 'lowerdir' [ 399.716834][T10523] hfsplus: request for non-existent node 3 in B*Tree [ 399.730858][ T8722] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 399.763645][T10525] syzkaller1: entered promiscuous mode [ 399.798376][T10525] syzkaller1: entered allmulticast mode [ 400.177700][T10533] loop2: detected capacity change from 0 to 512 [ 400.206090][T10533] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 400.289460][T10533] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #16: comm syz.2.1476: invalid indirect mapped block 83886080 (level 1) [ 400.320328][ T5126] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 400.335599][T10533] EXT4-fs (loop2): 1 orphan inode deleted [ 400.341620][T10533] EXT4-fs (loop2): 1 truncate cleaned up [ 400.353390][T10533] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 400.455817][T10533] EXT4-fs error (device loop2): ext4_empty_dir:3103: inode #2: block 13: comm syz.2.1476: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0 [ 400.570932][T10533] EXT4-fs warning (device loop2): ext4_empty_dir:3105: inode #2: comm syz.2.1476: directory missing '..' [ 400.646755][ T5126] usb 2-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255 [ 400.667580][T10541] libceph: resolve '0' (ret=-3): failed [ 400.733333][ T5126] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 400.782435][ T5126] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 400.798332][ T5126] usb 2-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 400.808771][ T5126] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.827466][ T5126] usb 2-1: config 0 descriptor?? [ 400.839292][ T5126] usb-storage 2-1:0.0: USB Mass Storage device detected [ 400.879350][ T5126] usb-storage 2-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 401.007111][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 401.235061][ T927] usb 2-1: USB disconnect, device number 9 [ 401.379056][ C0] eth0: bad gso: type: 1, size: 1408 [ 401.542188][ T54] Bluetooth: hci6: command 0x0406 tx timeout [ 401.573468][T10553] loop4: detected capacity change from 0 to 64 [ 402.402900][ T5151] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 402.602626][ T5151] usb 4-1: Using ep0 maxpacket: 32 [ 402.645015][ T5151] usb 4-1: config 0 has an invalid descriptor of length 86, skipping remainder of the config [ 402.710621][ T5151] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 402.763058][ T5151] usb 4-1: New USB device found, idVendor=0e8d, idProduct=0023, bcdDevice=3a.ab [ 402.819181][ T5151] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 402.848120][ T5151] usb 4-1: Product: syz [ 402.867053][ T5151] usb 4-1: Manufacturer: syz [ 402.900248][ T5151] usb 4-1: SerialNumber: syz [ 402.932573][ T5106] Bluetooth: hci0: SCO packet for unknown connection handle 768 [ 402.939007][ T5151] usb 4-1: config 0 descriptor?? [ 404.251395][T10639] loop4: detected capacity change from 0 to 64 [ 404.829362][ T5153] usb 4-1: USB disconnect, device number 13 [ 405.582097][ T5151] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 405.812409][ T5153] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 405.869303][ T5151] usb 1-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255 [ 405.926138][ T5151] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 405.964686][ T5151] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 405.998798][ T5151] usb 1-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 406.029250][ T5151] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.042221][ T5153] usb 5-1: Using ep0 maxpacket: 16 [ 406.064343][ T5153] usb 5-1: no configurations [ 406.068573][ T5151] usb 1-1: config 0 descriptor?? [ 406.068971][ T5153] usb 5-1: can't read configurations, error -22 [ 406.102471][ T51] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 406.147167][ T5151] usb-storage 1-1:0.0: USB Mass Storage device detected [ 406.202147][ T5151] usb-storage 1-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 406.262320][ T5153] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 406.346384][ T51] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 406.380072][ T8] usb 1-1: USB disconnect, device number 19 [ 406.420821][ T51] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.472354][ T5153] usb 5-1: Using ep0 maxpacket: 16 [ 406.490503][ T5153] usb 5-1: no configurations [ 406.498149][ T5153] usb 5-1: can't read configurations, error -22 [ 406.522690][ T5153] usb usb5-port1: attempt power cycle [ 406.583573][ T51] usb 3-1: config 0 descriptor?? [ 406.888255][T10685] batadv_slave_1: entered promiscuous mode [ 406.942228][ T5153] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 406.996675][ T5153] usb 5-1: Using ep0 maxpacket: 16 [ 407.017079][ T5153] usb 5-1: no configurations [ 407.048871][ T5153] usb 5-1: can't read configurations, error -22 [ 407.102940][T10714] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 407.235496][ T5153] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 407.330175][ T5153] usb 5-1: Using ep0 maxpacket: 16 [ 407.351777][ T5153] usb 5-1: no configurations [ 407.369185][ T5153] usb 5-1: can't read configurations, error -22 [ 407.398833][ T5153] usb usb5-port1: unable to enumerate USB device [ 407.480882][T10714] batadv_slave_1 (unregistering): left promiscuous mode [ 407.535498][T10714] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 407.664512][ T51] pegasus 3-1:0.0: probe with driver pegasus failed with error -32 [ 407.782623][ T8] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 407.897895][ T5230] usb 3-1: USB disconnect, device number 15 [ 407.992741][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 408.024235][ T8] usb 4-1: config 0 has an invalid descriptor of length 86, skipping remainder of the config [ 408.051762][ T8] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 408.089590][ T8] usb 4-1: New USB device found, idVendor=0e8d, idProduct=0023, bcdDevice=3a.ab [ 408.101680][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.113136][ T8] usb 4-1: Product: syz [ 408.135249][ T8] usb 4-1: Manufacturer: syz [ 408.139872][ T8] usb 4-1: SerialNumber: syz [ 408.186656][ T8] usb 4-1: config 0 descriptor?? [ 408.469395][T10728] bridge_slave_0: left allmulticast mode [ 408.511575][T10728] bridge_slave_0: left promiscuous mode [ 408.526761][T10728] bridge0: port 1(bridge_slave_0) entered disabled state [ 408.589603][T10728] bridge_slave_1: left allmulticast mode [ 408.609032][T10728] bridge_slave_1: left promiscuous mode [ 408.660247][T10728] bridge0: port 2(bridge_slave_1) entered disabled state [ 408.733351][T10728] bond0: (slave bond_slave_0): Releasing backup interface [ 408.886722][T10728] bond0: (slave bond_slave_1): Releasing backup interface [ 409.056038][T10741] loop2: detected capacity change from 0 to 512 [ 409.109137][T10741] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1522: bg 0: block 393: padding at end of block bitmap is not set [ 409.124536][T10728] team0: Port device team_slave_0 removed [ 409.158705][T10741] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 409.205322][T10728] team0: Port device team_slave_1 removed [ 409.219481][T10728] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 409.219631][T10741] EXT4-fs (loop2): 2 truncates cleaned up [ 409.227364][T10728] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 409.243467][T10728] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 409.250920][T10728] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 409.339544][T10741] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 409.356871][T10732] 8021q: adding VLAN 0 to HW filter on device bond0 [ 409.417991][T10732] team0: Port device bond0 added [ 409.678209][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 409.768585][ T51] usb 4-1: USB disconnect, device number 14 [ 409.987704][T10762] ptrace attach of "./syz-executor exec"[8798] was attempted by "./syz-executor exec"[10762] [ 410.133741][T10765] loop2: detected capacity change from 0 to 1024 [ 410.144246][T10762] loop1: detected capacity change from 0 to 512 [ 410.191931][T10762] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 410.256569][T10765] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 410.294798][T10765] ext4 filesystem being mounted at /129/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 410.316374][T10762] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.1527: iget: bad i_size value: -67835469387268086 [ 410.394886][T10770] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 410.406396][T10762] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.1527: couldn't read orphan inode 15 (err -117) [ 410.473853][T10762] EXT4-fs (loop1): mounted filesystem f7ff0000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 410.551792][T10762] ext2 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 410.640708][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 410.750772][T10755] EXT4-fs error (device loop1): ext4_add_entry:2435: inode #2: comm syz.1.1527: Directory hole found for htree leaf block 0 [ 410.854239][ T29] audit: type=1326 audit(1721225173.738:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10752 comm="syz.1.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb718775a99 code=0x7ffc0000 [ 410.873754][T10753] loop4: detected capacity change from 0 to 32768 [ 410.941927][T10753] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1526 (10753) [ 410.951669][ T29] audit: type=1326 audit(1721225173.768:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10752 comm="syz.1.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb718775a99 code=0x7ffc0000 [ 410.977456][ T29] audit: type=1326 audit(1721225173.768:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10752 comm="syz.1.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb718775a99 code=0x7ffc0000 [ 411.003634][ T29] audit: type=1326 audit(1721225173.778:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10752 comm="syz.1.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb718775a99 code=0x7ffc0000 [ 411.056486][ T29] audit: type=1326 audit(1721225173.778:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10752 comm="syz.1.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb718775a99 code=0x7ffc0000 [ 411.086627][T10753] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 411.157075][ T29] audit: type=1326 audit(1721225173.778:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10752 comm="syz.1.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fb718775a99 code=0x7ffc0000 [ 411.192448][T10753] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 411.212674][T10783] loop3: detected capacity change from 0 to 512 [ 411.258924][ T29] audit: type=1326 audit(1721225173.778:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10752 comm="syz.1.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb718775a99 code=0x7ffc0000 [ 411.293663][T10753] BTRFS info (device loop4): using free-space-tree [ 411.318646][T10788] loop2: detected capacity change from 0 to 64 [ 411.354202][ T29] audit: type=1326 audit(1721225173.778:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10752 comm="syz.1.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb718775a99 code=0x7ffc0000 [ 411.461844][ T29] audit: type=1326 audit(1721225173.808:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10752 comm="syz.1.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb718775a99 code=0x7ffc0000 [ 411.570435][T10783] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.1534: bad orphan inode 15 [ 411.607653][ T29] audit: type=1326 audit(1721225173.818:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10752 comm="syz.1.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb718775a99 code=0x7ffc0000 [ 411.632838][T10783] ext4_test_bit(bit=14, block=5) = 0 [ 411.651434][ T8798] EXT4-fs (loop1): unmounting filesystem f7ff0000-0000-0000-0000-000000000000. [ 411.971807][T10809] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 411.979536][T10809] pim6reg0: linktype set to 778 [ 412.218023][T10783] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 412.361934][T10783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 412.581968][ T9303] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 412.828166][T10814] overlayfs: missing 'lowerdir' [ 412.841525][T10818] loop2: detected capacity change from 0 to 1024 [ 412.978250][T10818] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 413.076864][T10814] syzkaller1: entered promiscuous mode [ 413.109884][T10818] ext4 filesystem being mounted at /134/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 413.132551][T10814] syzkaller1: entered allmulticast mode [ 413.545419][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 414.395747][T10844] loop2: detected capacity change from 0 to 512 [ 414.533839][T10844] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 414.790638][T10844] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #16: comm syz.2.1552: invalid indirect mapped block 83886080 (level 1) [ 414.826503][T10856] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 414.833394][T10856] pim6reg0: linktype set to 778 [ 414.921054][T10844] EXT4-fs (loop2): 1 orphan inode deleted [ 414.927075][T10844] EXT4-fs (loop2): 1 truncate cleaned up [ 414.987263][T10844] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 414.996276][T10855] loop6: detected capacity change from 0 to 16384 [ 415.282484][T10844] EXT4-fs error (device loop2): ext4_empty_dir:3103: inode #2: block 13: comm syz.2.1552: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0 [ 415.322664][T10844] EXT4-fs warning (device loop2): ext4_empty_dir:3105: inode #2: comm syz.2.1552: directory missing '..' [ 415.420356][T10855] I/O error, dev loop6, sector 4608 op 0x0:(READ) flags 0x80700 phys_seg 3 prio class 0 [ 415.504188][T10855] I/O error, dev loop6, sector 4864 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0 [ 415.590758][T10855] I/O error, dev loop6, sector 4608 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 415.698367][T10855] Buffer I/O error on dev loop6, logical block 576, async page read [ 415.859017][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 416.072533][T10866] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 416.076159][T10870] overlayfs: failed to resolve './file0': -2 [ 416.636553][T10879] ptrace attach of "./syz-executor exec"[5408] was attempted by "./syz-executor exec"[10879] [ 416.805153][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 416.805170][ T29] audit: type=1326 audit(1721225179.688:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0555975a99 code=0x7ffc0000 [ 416.873958][ T29] audit: type=1326 audit(1721225179.718:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0555975a99 code=0x7ffc0000 [ 416.957644][ T29] audit: type=1326 audit(1721225179.718:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0555975a99 code=0x7ffc0000 [ 417.022414][ T29] audit: type=1326 audit(1721225179.718:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0555975a99 code=0x7ffc0000 [ 417.121921][ T29] audit: type=1326 audit(1721225179.718:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0555975a99 code=0x7ffc0000 [ 417.214866][ T29] audit: type=1326 audit(1721225179.718:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0555975a99 code=0x7ffc0000 [ 417.314659][ T29] audit: type=1326 audit(1721225179.718:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0555975a99 code=0x7ffc0000 [ 417.460436][ T29] audit: type=1326 audit(1721225179.718:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f0555975a99 code=0x7ffc0000 [ 417.526020][T10902] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 417.597344][ T29] audit: type=1326 audit(1721225179.718:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0555975a99 code=0x7ffc0000 [ 417.685525][ T29] audit: type=1326 audit(1721225179.718:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0555975a99 code=0x7ffc0000 [ 417.952824][ T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 417.965797][ T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 417.986610][ T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 418.006614][ T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 418.023731][ T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 418.043815][ T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 418.530402][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.764885][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.776603][T10907] loop2: detected capacity change from 0 to 32768 [ 418.812490][T10907] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1574 (10907) [ 418.891650][T10907] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 418.912600][T10907] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 418.940705][T10907] BTRFS info (device loop2): using free-space-tree [ 419.089287][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 419.138638][T10928] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1579'. [ 419.201735][T10928] openvswitch: netlink: Missing key (keys=40, expected=80) [ 419.425700][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 419.512103][ T1628] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 419.584726][T10907] BTRFS info (device loop2 state M): max_inline set to 0 [ 419.713340][ T1628] usb 5-1: Using ep0 maxpacket: 8 [ 419.720457][ T1628] usb 5-1: config 0 has an invalid interface number: 176 but max is 2 [ 419.728909][ T1628] usb 5-1: config 0 has an invalid interface number: 49 but max is 2 [ 419.740253][ T1628] usb 5-1: config 0 has no interface number 1 [ 419.746829][ T1628] usb 5-1: config 0 has no interface number 2 [ 419.753166][ T1628] usb 5-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 419.755341][ T8456] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 419.762399][ T1628] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.771909][ T1628] usb 5-1: config 0 descriptor?? [ 419.797490][ T1628] qmi_wwan 5-1:0.0: probe with driver qmi_wwan failed with error -22 [ 419.996469][T10909] chnl_net:caif_netlink_parms(): no params data found [ 420.019663][ T1628] qcserial 5-1:0.49: Qualcomm USB modem converter detected [ 420.104837][ T5106] Bluetooth: hci3: command tx timeout [ 420.224447][ T12] bridge_slave_1: left allmulticast mode [ 420.230166][ T12] bridge_slave_1: left promiscuous mode [ 420.292568][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 420.329869][ T12] bridge_slave_0: left allmulticast mode [ 420.373181][ T12] bridge_slave_0: left promiscuous mode [ 420.389325][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 420.539495][T10956] input: syz1 as /devices/virtual/input/input12 [ 422.185601][ T5106] Bluetooth: hci3: command tx timeout [ 422.412642][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 422.440826][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 422.486690][ T12] bond0 (unregistering): Released all slaves [ 422.951382][ T5230] usb 5-1: USB disconnect, device number 10 [ 422.983027][ T5230] qcserial 5-1:0.49: device disconnected [ 422.994908][T10909] bridge0: port 1(bridge_slave_0) entered blocking state [ 423.008014][T10909] bridge0: port 1(bridge_slave_0) entered disabled state [ 423.032492][T10909] bridge_slave_0: entered allmulticast mode [ 423.063888][T10909] bridge_slave_0: entered promiscuous mode [ 423.107949][T10989] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1589'. [ 423.186320][T10909] bridge0: port 2(bridge_slave_1) entered blocking state [ 423.229286][T10909] bridge0: port 2(bridge_slave_1) entered disabled state [ 423.268337][T10909] bridge_slave_1: entered allmulticast mode [ 423.290462][T10909] bridge_slave_1: entered promiscuous mode [ 423.506077][T10909] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 423.677670][T10909] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 424.048930][T11017] input: syz1 as /devices/virtual/input/input13 [ 424.262647][ T5106] Bluetooth: hci3: command tx timeout [ 424.416661][T10909] team0: Port device team_slave_0 added [ 424.460199][T10909] team0: Port device team_slave_1 added [ 424.712299][ T12] hsr_slave_0: left promiscuous mode [ 424.807028][ T12] hsr_slave_1: left promiscuous mode [ 424.869254][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 424.922179][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 425.453556][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 425.654672][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 425.817680][ T12] veth1_macvtap: left promiscuous mode [ 425.845570][T11035] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 425.862137][ T12] veth0_macvtap: left promiscuous mode [ 425.892292][ T12] veth1_vlan: left promiscuous mode [ 425.897660][ T12] veth0_vlan: left promiscuous mode [ 426.352600][ T5106] Bluetooth: hci3: command tx timeout [ 427.225691][ T5106] Bluetooth: hci6: unexpected event for opcode 0x2039 [ 427.359676][ T12] team0 (unregistering): Port device team_slave_1 removed [ 427.457103][ T12] team0 (unregistering): Port device team_slave_0 removed [ 428.427904][T10909] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 428.443392][T10909] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 428.512653][T10909] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 428.534717][T10909] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 428.543323][T10909] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 428.569737][T10909] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 428.840459][T10909] hsr_slave_0: entered promiscuous mode [ 428.898449][T10909] hsr_slave_1: entered promiscuous mode [ 428.938010][T10909] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 428.982777][T10909] Cannot create hsr debugfs directory [ 429.241737][T11064] loop4: detected capacity change from 0 to 1024 [ 429.316183][T11064] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 430.228143][T11064] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 40 with max blocks 4 with error 28 [ 430.250647][T11064] EXT4-fs (loop4): This should not happen!! Data will be lost [ 430.250647][T11064] [ 430.261082][T11064] EXT4-fs (loop4): Total free blocks count 0 [ 430.384040][T11064] EXT4-fs (loop4): Free/Dirty block details [ 430.390178][T11064] EXT4-fs (loop4): free_blocks=0 [ 430.436347][T11064] EXT4-fs (loop4): dirty_blocks=0 [ 430.446947][T11064] EXT4-fs (loop4): Block reservation details [ 430.472139][T11064] EXT4-fs (loop4): i_reserved_data_blocks=0 [ 431.305153][ T54] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0 [ 431.314686][ T54] Bluetooth: hci6: Injecting HCI hardware error event [ 431.326185][ T54] Bluetooth: hci6: hardware error 0x00 [ 431.380653][T11091] netlink: 'syz.2.1615': attribute type 1 has an invalid length. [ 431.389979][T11091] netlink: 9372 bytes leftover after parsing attributes in process `syz.2.1615'. [ 431.399664][T11091] netlink: 'syz.2.1615': attribute type 1 has an invalid length. [ 431.493074][ T9303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 431.552720][T11088] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 431.567459][T11088] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 431.581486][T11088] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 431.594568][T11088] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 431.605482][T11088] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 431.619367][T11088] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 431.763523][ T12] bridge_slave_1: left allmulticast mode [ 431.769279][ T12] bridge_slave_1: left promiscuous mode [ 431.776030][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 431.829631][ T12] bridge_slave_0: left allmulticast mode [ 431.852227][ T12] bridge_slave_0: left promiscuous mode [ 431.858039][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 432.268781][T11088] Bluetooth: hci5: command 0x0406 tx timeout [ 433.314400][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 433.332357][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 433.376445][ T12] bond0 (unregistering): Released all slaves [ 433.469361][ T54] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 433.702254][ T54] Bluetooth: hci4: command tx timeout [ 435.630572][ T12] hsr_slave_0: left promiscuous mode [ 435.672995][ T12] hsr_slave_1: left promiscuous mode [ 435.683421][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 435.683795][T11120] ================================================================== [ 435.698883][T11120] BUG: KASAN: slab-use-after-free in handle_mm_fault+0x14f0/0x19a0 [ 435.706829][T11120] Read of size 8 at addr ffff88802cead020 by task syz.2.1622/11120 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 435.706843][T11120] [ 435.706860][T11120] CPU: 0 UID: 0 PID: 11120 Comm: syz.2.1622 Not tainted 6.10.0-next-20240717-syzkaller #0 [ 435.706875][T11120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 435.706883][T11120] Call Trace: [ 435.706889][T11120] [ 435.706893][T11120] dump_stack_lvl+0x241/0x360 [ 435.706914][T11120] ? __pfx_dump_stack_lvl+0x10/0x10 [ 435.706930][T11120] ? __pfx__printk+0x10/0x10 [ 435.706945][T11120] ? _printk+0xd5/0x120 [ 435.706958][T11120] ? __virt_addr_valid+0x183/0x530 [ 435.706969][T11120] ? __virt_addr_valid+0x183/0x530 [ 435.706980][T11120] print_report+0x169/0x550 [ 435.706992][T11120] ? __virt_addr_valid+0x183/0x530 [ 435.707002][T11120] ? __virt_addr_valid+0x183/0x530 [ 435.707012][T11120] ? __virt_addr_valid+0x45f/0x530 [ 435.707022][T11120] ? __phys_addr+0xba/0x170 [ 435.707032][T11120] ? handle_mm_fault+0x14f0/0x19a0 [ 435.707044][T11120] kasan_report+0x143/0x180 [ 435.707056][T11120] ? handle_mm_fault+0x14f0/0x19a0 [ 435.707068][T11120] handle_mm_fault+0x14f0/0x19a0 [ 435.707085][T11120] ? __pfx_handle_mm_fault+0x10/0x10 [ 435.707100][T11120] ? __pfx___up_read+0x10/0x10 [ 435.707153][T11120] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 435.707164][T11120] exc_page_fault+0x2b9/0x8c0 [ 435.707180][T11120] asm_exc_page_fault+0x26/0x30 [ 435.707197][T11120] RIP: 0010:fault_in_readable+0x165/0x2b0 [ 435.707211][T11120] Code: b4 ff 4c 8d b3 ff 0f 00 00 48 89 d8 4d 01 e6 49 81 e6 00 f0 ff ff 49 39 c6 72 6b e8 65 a9 b4 ff 4c 39 f3 74 6e 4c 89 64 24 10 <44> 8a 23 43 0f b6 04 2f 84 c0 75 18 44 88 64 24 40 48 81 c3 00 10 [ 435.707220][T11120] RSP: 0018:ffffc9000359fa20 EFLAGS: 00050287 [ 435.707232][T11120] RAX: ffffffff81df2f77 RBX: 0000000020012000 RCX: 0000000000040000 [ 435.707240][T11120] RDX: ffffc90017801000 RSI: 000000000000732a RDI: 000000000000732b [ 435.707248][T11120] RBP: ffffc9000359fad8 R08: ffffffff81df2ee8 R09: ffffffff84ae6b09 [ 435.707256][T11120] R10: 0000000000000002 R11: ffff88802a1d0000 R12: 000000000020002d [ 435.707264][T11120] R13: dffffc0000000000 R14: 0000000020201000 R15: 1ffff920006b3f4c [ 435.707274][T11120] ? fault_in_iov_iter_readable+0x49/0x280 [ 435.707287][T11120] ? fault_in_readable+0xf8/0x2b0 [ 435.707297][T11120] ? fault_in_readable+0x187/0x2b0 [ 435.707311][T11120] ? __pfx_fault_in_readable+0x10/0x10 [ 435.707323][T11120] ? inode_to_bdi+0x69/0xf0 [ 435.707335][T11120] fault_in_iov_iter_readable+0x229/0x280 [ 435.707348][T11120] generic_perform_write+0x29f/0x840 [ 435.707365][T11120] ? __pfx_generic_perform_write+0x10/0x10 [ 435.707378][T11120] ? mnt_put_write_access_file+0xc2/0x100 [ 435.707393][T11120] ? file_update_time+0x3b8/0x430 [ 435.707408][T11120] shmem_file_write_iter+0xfc/0x120 [ 435.707422][T11120] vfs_write+0xa72/0xc90 [ 435.707439][T11120] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 435.707453][T11120] ? __pfx_vfs_write+0x10/0x10 [ 435.707466][T11120] ? do_futex+0x33b/0x560 [ 435.707486][T11120] ksys_write+0x1a0/0x2c0 [ 435.707502][T11120] ? __pfx_ksys_write+0x10/0x10 [ 435.707517][T11120] ? do_syscall_64+0x100/0x230 [ 435.707532][T11120] ? do_syscall_64+0xb6/0x230 [ 435.707547][T11120] do_syscall_64+0xf3/0x230 [ 435.707561][T11120] ? clear_bhb_loop+0x35/0x90 [ 435.707574][T11120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.707587][T11120] RIP: 0033:0x7fd22e575a99 [ 435.707601][T11120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 435.707610][T11120] RSP: 002b:00007fd22f353048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 435.707622][T11120] RAX: ffffffffffffffda RBX: 00007fd22e704110 RCX: 00007fd22e575a99 [ 435.707630][T11120] RDX: 000000000208e24b RSI: 0000000020000240 RDI: 0000000000000005 [ 435.707637][T11120] RBP: 00007fd22e5e4e5d R08: 0000000000000000 R09: 0000000000000000 [ 435.707645][T11120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 435.707652][T11120] R13: 000000000000006e R14: 00007fd22e704110 R15: 00007ffdf32c8a58 [ 435.707664][T11120] [ 435.707668][T11120] [ 435.707671][T11120] Allocated by task 8456: [ 435.707676][T11120] kasan_save_track+0x3f/0x80 [ 435.707686][T11120] __kasan_slab_alloc+0x66/0x80 [ 435.707695][T11120] kmem_cache_alloc_noprof+0x135/0x2a0 [ 435.707708][T11120] vm_area_dup+0x27/0x290 [ 435.707719][T11120] copy_mm+0xc7b/0x1f30 [ 435.707731][T11120] copy_process+0x186b/0x3d90 [ 435.707743][T11120] kernel_clone+0x226/0x8f0 [ 435.707756][T11120] __x64_sys_clone+0x258/0x2a0 [ 435.707770][T11120] do_syscall_64+0xf3/0x230 [ 435.707783][T11120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.707794][T11120] [ 435.707797][T11120] Freed by task 5845: [ 435.707802][T11120] kasan_save_track+0x3f/0x80 [ 435.707810][T11120] kasan_save_free_info+0x40/0x50 [ 435.707823][T11120] poison_slab_object+0xe0/0x150 [ 435.707832][T11120] __kasan_slab_free+0x37/0x60 [ 435.707841][T11120] kmem_cache_free+0x145/0x350 [ 435.707853][T11120] rcu_core+0xafd/0x1830 [ 435.707866][T11120] handle_softirqs+0x2c4/0x970 [ 435.707879][T11120] __irq_exit_rcu+0xf4/0x1c0 [ 435.707890][T11120] irq_exit_rcu+0x9/0x30 [ 435.707902][T11120] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 435.707914][T11120] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 435.707929][T11120] [ 435.707932][T11120] Last potentially related work creation: [ 435.707936][T11120] kasan_save_stack+0x3f/0x60 [ 435.707945][T11120] __kasan_record_aux_stack+0xac/0xc0 [ 435.707957][T11120] call_rcu+0x167/0xa70 [ 435.707966][T11120] do_vmi_align_munmap+0x155c/0x18c0 [ 435.707977][T11120] do_vmi_munmap+0x261/0x2f0 [ 435.707987][T11120] mmap_region+0x72f/0x2090 [ 435.707996][T11120] do_mmap+0x8f9/0x1010 [ 435.708005][T11120] vm_mmap_pgoff+0x1dd/0x3d0 [ 435.708014][T11120] ksys_mmap_pgoff+0x4f1/0x720 [ 435.708023][T11120] do_syscall_64+0xf3/0x230 [ 435.708036][T11120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.708047][T11120] [ 435.708050][T11120] The buggy address belongs to the object at ffff88802cead000 [ 435.708050][T11120] which belongs to the cache vm_area_struct of size 184 [ 435.708060][T11120] The buggy address is located 32 bytes inside of [ 435.708060][T11120] freed 184-byte region [ffff88802cead000, ffff88802cead0b8) [ 435.708071][T11120] [ 435.708074][T11120] The buggy address belongs to the physical page: [ 435.708082][T11120] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2cead [ 435.708093][T11120] memcg:ffff88802474e801 [ 435.708098][T11120] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 435.708114][T11120] page_type: 0xfdffffff(slab) [ 435.708128][T11120] raw: 00fff00000000000 ffff888015eefb40 ffffea00015ea2c0 dead00000000000d [ 435.708138][T11120] raw: 0000000000000000 0000000000100010 00000001fdffffff ffff88802474e801 [ 435.708144][T11120] page dumped because: kasan: bad access detected [ 435.708154][T11120] page_owner tracks the page as allocated [ 435.708159][T11120] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 9303, tgid 9303 (syz-executor), ts 403880266521, free_ts 403806683153 [ 435.708177][T11120] post_alloc_hook+0x1f3/0x230 [ 435.708192][T11120] get_page_from_freelist+0x2ccb/0x2d80 [ 435.708202][T11120] __alloc_pages_noprof+0x256/0x6c0 [ 435.708212][T11120] alloc_slab_page+0x5f/0x120 [ 435.708221][T11120] allocate_slab+0x5a/0x2f0 [ 435.708229][T11120] ___slab_alloc+0xcd1/0x14b0 [ 435.708241][T11120] __slab_alloc+0x58/0xa0 [ 435.708253][T11120] kmem_cache_alloc_noprof+0x1c1/0x2a0 [ 435.708265][T11120] vm_area_dup+0x27/0x290 [ 435.708275][T11120] copy_mm+0xc7b/0x1f30 [ 435.708287][T11120] copy_process+0x186b/0x3d90 [ 435.708299][T11120] kernel_clone+0x226/0x8f0 [ 435.708311][T11120] __x64_sys_clone+0x258/0x2a0 [ 435.708325][T11120] do_syscall_64+0xf3/0x230 [ 435.708337][T11120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.708348][T11120] page last free pid 10603 tgid 10603 stack trace: [ 435.708355][T11120] free_unref_folios+0x103a/0x1b00 [ 435.708364][T11120] folios_put_refs+0x76e/0x860 [ 435.708375][T11120] free_pages_and_swap_cache+0x2ea/0x690 [ 435.708389][T11120] tlb_flush_mmu+0x3a3/0x680 [ 435.708401][T11120] tlb_finish_mmu+0xd4/0x200 [ 435.708414][T11120] exit_mmap+0x44f/0xc80 [ 435.708424][T11120] __mmput+0x115/0x390 [ 435.708435][T11120] exit_mm+0x220/0x310 [ 435.708443][T11120] do_exit+0x9b2/0x27f0 [ 435.708451][T11120] do_group_exit+0x207/0x2c0 [ 435.708460][T11120] __x64_sys_exit_group+0x3f/0x40 [ 435.708470][T11120] x64_sys_call+0x26c3/0x26d0 [ 435.708483][T11120] do_syscall_64+0xf3/0x230 [ 435.708496][T11120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.708507][T11120] [ 435.708509][T11120] Memory state around the buggy address: [ 435.708515][T11120] ffff88802ceacf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 435.708523][T11120] ffff88802ceacf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 435.708530][T11120] >ffff88802cead000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 435.708536][T11120] ^ [ 435.708541][T11120] ffff88802cead080: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc 00 [ 435.708549][T11120] ffff88802cead100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 435.708554][T11120] ================================================================== [ 435.708568][ C0] vkms_vblank_simulate: vblank timer overrun [ 435.719960][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 435.721000][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 435.721031][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 435.803052][ T54] Bluetooth: hci4: command tx timeout [ 435.836978][ T12] veth1_macvtap: left promiscuous mode [ 436.702387][T11120] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 436.709713][T11120] CPU: 1 UID: 0 PID: 11120 Comm: syz.2.1622 Not tainted 6.10.0-next-20240717-syzkaller #0 [ 436.719800][T11120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 436.729878][T11120] Call Trace: [ 436.733184][T11120] [ 436.736128][T11120] dump_stack_lvl+0x241/0x360 [ 436.740835][T11120] ? __pfx_dump_stack_lvl+0x10/0x10 [ 436.746120][T11120] ? __pfx__printk+0x10/0x10 [ 436.750742][T11120] ? preempt_schedule+0xe1/0xf0 [ 436.755702][T11120] ? vscnprintf+0x5d/0x90 [ 436.760044][T11120] panic+0x349/0x870 [ 436.763938][T11120] ? check_panic_on_warn+0x21/0xb0 [ 436.769040][T11120] ? __pfx_panic+0x10/0x10 [ 436.773465][T11120] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 436.779477][T11120] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 436.785829][T11120] ? print_report+0x502/0x550 [ 436.790544][T11120] check_panic_on_warn+0x86/0xb0 [ 436.795496][T11120] ? handle_mm_fault+0x14f0/0x19a0 [ 436.800621][T11120] end_report+0x77/0x160 [ 436.804882][T11120] kasan_report+0x154/0x180 [ 436.809415][T11120] ? handle_mm_fault+0x14f0/0x19a0 [ 436.814554][T11120] handle_mm_fault+0x14f0/0x19a0 [ 436.819543][T11120] ? __pfx_handle_mm_fault+0x10/0x10 [ 436.824860][T11120] ? __pfx___up_read+0x10/0x10 [ 436.829643][T11120] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 436.834946][T11120] exc_page_fault+0x2b9/0x8c0 [ 436.839664][T11120] asm_exc_page_fault+0x26/0x30 [ 436.844542][T11120] RIP: 0010:fault_in_readable+0x165/0x2b0 [ 436.850373][T11120] Code: b4 ff 4c 8d b3 ff 0f 00 00 48 89 d8 4d 01 e6 49 81 e6 00 f0 ff ff 49 39 c6 72 6b e8 65 a9 b4 ff 4c 39 f3 74 6e 4c 89 64 24 10 <44> 8a 23 43 0f b6 04 2f 84 c0 75 18 44 88 64 24 40 48 81 c3 00 10 [ 436.870127][T11120] RSP: 0018:ffffc9000359fa20 EFLAGS: 00050287 [ 436.876223][T11120] RAX: ffffffff81df2f77 RBX: 0000000020012000 RCX: 0000000000040000 [ 436.884229][T11120] RDX: ffffc90017801000 RSI: 000000000000732a RDI: 000000000000732b [ 436.892219][T11120] RBP: ffffc9000359fad8 R08: ffffffff81df2ee8 R09: ffffffff84ae6b09 [ 436.900203][T11120] R10: 0000000000000002 R11: ffff88802a1d0000 R12: 000000000020002d [ 436.908188][T11120] R13: dffffc0000000000 R14: 0000000020201000 R15: 1ffff920006b3f4c [ 436.916172][T11120] ? fault_in_iov_iter_readable+0x49/0x280 [ 436.921980][T11120] ? fault_in_readable+0xf8/0x2b0 [ 436.927004][T11120] ? fault_in_readable+0x187/0x2b0 [ 436.932134][T11120] ? __pfx_fault_in_readable+0x10/0x10 [ 436.937586][T11120] ? inode_to_bdi+0x69/0xf0 [ 436.942087][T11120] fault_in_iov_iter_readable+0x229/0x280 [ 436.947804][T11120] generic_perform_write+0x29f/0x840 [ 436.953085][T11120] ? __pfx_generic_perform_write+0x10/0x10 [ 436.958882][T11120] ? mnt_put_write_access_file+0xc2/0x100 [ 436.964595][T11120] ? file_update_time+0x3b8/0x430 [ 436.969614][T11120] shmem_file_write_iter+0xfc/0x120 [ 436.974807][T11120] vfs_write+0xa72/0xc90 [ 436.979140][T11120] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 436.984944][T11120] ? __pfx_vfs_write+0x10/0x10 [ 436.989732][T11120] ? do_futex+0x33b/0x560 [ 436.994063][T11120] ksys_write+0x1a0/0x2c0 [ 436.998394][T11120] ? __pfx_ksys_write+0x10/0x10 [ 437.003238][T11120] ? do_syscall_64+0x100/0x230 [ 437.008002][T11120] ? do_syscall_64+0xb6/0x230 [ 437.012670][T11120] do_syscall_64+0xf3/0x230 [ 437.017166][T11120] ? clear_bhb_loop+0x35/0x90 [ 437.021834][T11120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 437.027719][T11120] RIP: 0033:0x7fd22e575a99 [ 437.032139][T11120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 437.051744][T11120] RSP: 002b:00007fd22f353048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 437.060255][T11120] RAX: ffffffffffffffda RBX: 00007fd22e704110 RCX: 00007fd22e575a99 [ 437.068234][T11120] RDX: 000000000208e24b RSI: 0000000020000240 RDI: 0000000000000005 [ 437.076207][T11120] RBP: 00007fd22e5e4e5d R08: 0000000000000000 R09: 0000000000000000 [ 437.084260][T11120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 437.092320][T11120] R13: 000000000000006e R14: 00007fd22e704110 R15: 00007ffdf32c8a58 [ 437.100309][T11120] [ 437.103568][T11120] Kernel Offset: disabled [ 437.108061][T11120] Rebooting in 86400 seconds..