last executing test programs: 12.785074337s ago: executing program 0 (id=2814): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd) write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0xff2e) write$binfmt_script(r0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) 12.456399154s ago: executing program 0 (id=2816): io_setup(0x8, &(0x7f00000001c0)=0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk', 0x1, 0x0) io_submit(r0, 0x1, &(0x7f0000000400)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000300)="d0", 0x1}]) 11.689386306s ago: executing program 0 (id=2819): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='yeah\x00', 0x5) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x24, &(0x7f0000000200)=[@window, @mss, @mss, @window], 0x4) 11.450699116s ago: executing program 0 (id=2823): syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000080)='./file1\x00', 0x8, &(0x7f0000006500)={[{@dots}, {@dots}, {@dots}, {@nodots}, {@dots}, {@nodots}, {@dots}, {@fat=@quiet}, {@nodots}, {@dots}, {@fat=@showexec}, {@dots}, {@dots}, {@fat=@umask={'umask', 0x3d, 0x7fff}}, {@fat=@nfs}, {@dots}, {@fat=@tz_utc}, {@fat=@errors_continue}, {@nodots}, {@fat=@nocase}, {@fat=@check_strict}, {@dots}]}, 0xfd, 0x1bf, &(0x7f0000000680)="$eJzs3TGL02AYB/Cn9bzmnG4TRCHg4nSon+BEThADgtJBJ4XT5SqCt0SX9mP4Af0A0qmLRGrSxkaHWmxS6++39En/edvnHZp26ZNXN99dnL+/fPvl+udIkl70T+M0Zr04jn4sTAIA2CezooivRanrXgCAdqzx/f+t5ZYAgC17/uLlkwdZdvYsTZOI6SQf5sPyscwfPc7O7qY/HNerpnk+vLLM76XN3w7z/Gpcq/L75fp0NT+MO7fLfJ49fJo18kGcb3frAAAAAAAAAAAAAAAAAAAAAADQmVuRLvx2vs/JSTM/qvLy6Kf5QI35PQdx46A6rMcDFeM2NgUAAAAAAAAAAAAAAAAAAAD/mMuPny5ej0ZvPtTFICJWn/mTole98IbL2y76sRNtKP5qke5GG6MNPwWHEbGtxmZFUax1cn2NGHR1cQIAAAAAAAAAAAAAAAAAgP9M/affX7Oki4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAP1/f83KMYRscbJyzc76nSrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7LHvAQAA///DgjXa") mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$9p_tcp(&(0x7f0000000040), &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x2000, 0x0) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc) readlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=""/234, 0xea) 11.254901692s ago: executing program 0 (id=2827): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7ffffdbf}]}) rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0) 10.761519182s ago: executing program 0 (id=2832): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newtaction={0x4c, 0x1e, 0x109, 0x0, 0x0, {}, [{0x38, 0x1, [@m_gact={0x34, 0x0, 0x0, 0x0, {{0x9}, {0x4}, {0x6, 0x6, "dce7"}, {0xc}, {0xc, 0x8, {0x4}}}}]}]}, 0x4c}}, 0x0) 10.332471397s ago: executing program 3 (id=2836): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}]}, 0x50}}, 0x0) 10.186958149s ago: executing program 3 (id=2839): r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r1) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x2, 0x4, 0x20006, 0x5}, 0x48) setuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 10.002677444s ago: executing program 3 (id=2842): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0x0) r3 = epoll_create(0x3f) epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r1, &(0x7f0000000080)={0x30000003}) 9.275501704s ago: executing program 3 (id=2843): syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000080)='./file1\x00', 0x8, &(0x7f0000006500)={[{@dots}, {@dots}, {@dots}, {@nodots}, {@dots}, {@nodots}, {@dots}, {@fat=@quiet}, {@nodots}, {@dots}, {@fat=@showexec}, {@dots}, {@dots}, {@fat=@umask={'umask', 0x3d, 0x7fff}}, {@fat=@nfs}, {@dots}, {@fat=@tz_utc}, {@fat=@errors_continue}, {@nodots}, {@fat=@nocase}, {@fat=@check_strict}, {@dots}]}, 0xfd, 0x1bf, &(0x7f0000000680)="$eJzs3TGL02AYB/Cn9bzmnG4TRCHg4nSon+BEThADgtJBJ4XT5SqCt0SX9mP4Af0A0qmLRGrSxkaHWmxS6++39En/edvnHZp26ZNXN99dnL+/fPvl+udIkl70T+M0Zr04jn4sTAIA2CezooivRanrXgCAdqzx/f+t5ZYAgC17/uLlkwdZdvYsTZOI6SQf5sPyscwfPc7O7qY/HNerpnk+vLLM76XN3w7z/Gpcq/L75fp0NT+MO7fLfJ49fJo18kGcb3frAAAAAAAAAAAAAAAAAAAAAADQmVuRLvx2vs/JSTM/qvLy6Kf5QI35PQdx46A6rMcDFeM2NgUAAAAAAAAAAAAAAAAAAAD/mMuPny5ej0ZvPtTFICJWn/mTole98IbL2y76sRNtKP5qke5GG6MNPwWHEbGtxmZFUax1cn2NGHR1cQIAAAAAAAAAAAAAAAAAgP9M/affX7Oki4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAP1/f83KMYRscbJyzc76nSrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7LHvAQAA///DgjXa") mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$9p_tcp(&(0x7f0000000040), &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x2000, 0x0) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc) readlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=""/234, 0xea) 9.19116872s ago: executing program 1 (id=2844): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in=@multicast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}}}, 0xb8}}, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "0bc0f7", 0x0, "de9560"}}}}}}, 0x0) 9.042382213s ago: executing program 1 (id=2847): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)={0x3c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x10, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8}, @ETHTOOL_A_BITSET_VALUE={0x4}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}]}]}, 0x3c}}, 0x0) 9.008008586s ago: executing program 2 (id=2848): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000240)={'ip_vti0\x00', 0x0, 0x8000, 0x7800, 0x0, 0x3cf7, {{0x14, 0x4, 0x0, 0x34, 0x50, 0x68, 0x0, 0x40, 0x0, 0x0, @broadcast, @broadcast, {[@timestamp_addr={0x44, 0x1c, 0xb, 0x1, 0x6, [{@remote, 0x9}, {@private=0xa010101, 0x7fff}, {@broadcast}]}, @timestamp_prespec={0x44, 0x1c, 0x0, 0x3, 0x8, [{@private=0xa010100, 0x3}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1}, {@rand_addr=0x64010100, 0xd3}]}, @ra={0x94, 0x4}]}}}}}) bind$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x1b, r2, 0x1, 0x5}, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r3 = getpid() r4 = syz_open_dev$vim2m(0x0, 0x0, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000040)={0x2, @pix_mp={0x0, 0x0, 0x50323234}}) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) futex(&(0x7f000000cffc), 0xd, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(r6, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r7 = socket(0x15, 0x5, 0x0) getsockopt$nfc_llcp(r7, 0x114, 0x2721, 0x0, 0x20000000) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x1, 0x0) open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) inotify_init1(0x0) bind$inet(r0, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10) 8.984653208s ago: executing program 3 (id=2849): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}]}, 0x50}}, 0x0) 8.8268214s ago: executing program 1 (id=2852): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0x0) r3 = epoll_create(0x3f) epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r1, &(0x7f0000000080)={0x30000003}) 8.71053137s ago: executing program 1 (id=2853): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x10, &(0x7f00000014c0), 0x1, 0x793, &(0x7f0000001700)="$eJzs3c1rXFUbAPDnTpKmb9r3TV4QbF0FBA2UTkyNrYKLigsRLBR0bTtMpqFmkimZSWlCoBYR3AhaXAi66dqPunPrx1b/Bd2ISEvVtFhxISN3PjqTZiadtvloze8Htz3n3jM595l77zln5h7mBrBjjab/ZCL2R8R7ScRwY30SEQO1VH/E0Xq5myvL+XRJolp99bekVubGynI+2l6T2tPI7IuIb96OOJBZW295cWkmVywW5hv58crsmfHy4tLB07O56cJ0Ye7wxOTkoSPPHBncuFj/+H5p79X3X3ry86N/vfXo5Xe/TeJo7G1sa49jo4zGaOM9GUjfwlVe3OjKtlmy3TvAPUkvzb76VR77Yzj6aqne9F4SAHiQnI+IKgCwwyT6fwDYYZrfA9xYWc6nS/X89n4fsdWuvRARu+vxN+9v1rf0N+7Z7a7dBx26kay635FExMgG1D8aER9/+fqn6RKbdB8SoJM3L0TEyZHRZvvfan+SNXMW6nqfkPFUD2VGb8tr/2DrfJWOf55tjf9a11/m1vgnOox/Bjtcu/diNGJXe37t9Z+5sgHVdJWO/54faM1tu9kWf8NIXyP339qYbyA5dbpYSNu2/0XEWAwMpvmJdeoYu/739VUr+lrJ9vHf7xff+CStP/2/VSJzpf+2JncqV8ndb9xN1y5EPNbfKf7k1vFPuox/j/dYx8vPvfNRt21p/Gm8zWV1/Js/q6x6KeKJ6Bx/U7Le/MTD47XTYbx5UnTwxU8fDnWrv/34p0taf/OzwFZIj//Q+vGPJO3zNct3X8d3l4a/7rbtzvF3Pv93Ja/V0s3G41yuUpmfiNiVvLJ2/aHWa5v5Zvk0/rHHO1//653/6WfCkz3G33/118/uPf7NlcY/dVfH/+4Tl2/O9HWrv7fjP1lLjTXW9NL+9bqD9/PeAQAAAAAAAAAAAAAAAAAAAAAAAECvMhGxN5JM9lY6k8lm68/wfiSGMsVSuXLgVGlhbipqz8oeiYFM86cuh9t+D3Wi8Xv4zfyh2/JPR8T/I+KDwf/U8tl8qTi13cEDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMOeLs//T/0yuN17BwBsmt13LHG9sCU7AgBsmTv3/wDAv43+HwB2Hv0/AOw8+n8A2Hn0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGyy48eOpUv1z5XlfJqfOru4MFM6e3CqUJ7Jzi7ks/nS/JnsdKk0XSxk86XZtpf+0OnvFUulM5Mxt3BuvFIoV8bLi0snZksLc5UTp2dz04UThYEtiwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeldeXJrJFYuFeYmHJVEdrh+6B2V/Nj/x88Ef961X5qLTeOMT290yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwc/gkAAP//skMoxA==") setxattr$trusted_overlay_upper(&(0x7f0000000040)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x14553e, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) write$binfmt_script(r0, &(0x7f0000000080), 0x208e24b) rmdir(&(0x7f0000000180)='./file0/../file0\x00') 8.505834236s ago: executing program 3 (id=2854): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000000, &(0x7f00000001c0), 0x1, 0x4f7, &(0x7f0000000540)="$eJzs3UtrXG0dAPD/mWTe9BJN1HfxKrwXbCUt2pmksW1w0VYQdwWl7mtIJiFkkgmZSW1CkRQ/gCCi3XblRvADCNKPIEJB96KiFG110YV65MycaUycaRIyF0x+P3hynnP9/5+TzJlzedoTwJn1SUTcjYiRiLgaERP59EJeYrdVsuVev3q8kJUk0vT+X5NI8mnZYkleMhfz1c61Bh3Vt3dW56vVymY+Xm6sbZTr2zvXVtbmlyvLlfXZ2Zmbc7fmbsxN96SdWbtuf+NPP/nhz755+1df+d7vH/zlyvezfMfz+e129FprnxSzffHWaERs9iPYEIzk7SkOOxEAAI4kO8f/bER8sXn+PxEjzbO5o0n6mhkAAADQK+md8fhnEpECAAAAp1ah2Qc2KZTyvgDjUSiUSq0+vO/HhUK1Vm98eam2tb7Y6is7GcXC0kq1Mp33qZ2MYpKNzzTre+PX344n+/oA/3jifHN+aaFWXRzebQ8AAAA4Uy4euP7/x0Tr+v8dngwsOQAAAKB3JoedAAAAANB3/3v9/2woeQAAAAD94/k/AAAAnGrfuncvK2n7/deLD7e3VmsPry1W6qulta2F0kJtc6O0XKstV9OxiLXDtlet1Ta+Gutbj8qNSr1Rrm/vPFirba03HqzsewU2AAAAMECf+fj575KI2P3a+WbJvJf9GOmygr4CcGoUjrPwH/uXBzB43b7mgdNvdNgJAENTbA2SYecBDM9hB4CunXd+3ftcAACA/pj6fOfn/6N79waAU+pYz/+BU8Xzfzi7PP+Hs6voDADOvP4//0/TQ7cFAAD01XizJIVS/ixwPApv0paYjGKytFKtTEfEpyPitxPFsWx8prlm4h8NAAAAAAAAAAAAAAAAAAAAAAAAAMARpWkSKQAAAHCqRRT+nOTv/5qauDx+8P7Ae8mbieaw+XaA+z99NN9obM5k0/+WT49oPM2nXz/OnQdvHgcAAIB+aV+nt6/jAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKCXXr96vNAug4z78usRMdkp/micaw7PRTEiLvw9idH2Sh9HJBEx0oP4u08i4oNO8ZMsrZjMs9gXPyIKEXG+mUXf43+YpmnH+BdPHB3OtufZ8edup89fIT5pDjt//kfzclLdj3+Ft8e/kQ7xsyPPp44Y4wsvflHuPGesNX+08/GnHT/pEv9Sp0122Cnf/c7OTrfc0mcRUx2/f5J9scqNtY1yfXvn2sra/HJlubI+Oztzc+7W3I256fLSSrWS/+wY40cf/vLf3eK/fBJxoUv8yf3tnz/Y/stZpdhty3v+9eLRq8+1qsUDm2jGv3Kp8+//g/3x9+3a7G/iS/n3QDZ/ql3fbdX/20c//81H72r/Ypf2H/b7v3J405uufvsHfzjiogDAANS3d1bnq9XKZt8rT9M0HVSs7OxoULFOXHn//yfVvcqd4yycjg36j03lxJVhH5kAAIBe2zvpH3YmAAAAAAAAAAAAAAAAAAAAcHYN4r8TOxhzdzhNBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4p/8EAAD//2vU2W8=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x0) fallocate(r0, 0x3, 0x0, 0x404042bbe) 8.061163472s ago: executing program 1 (id=2856): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r0 = gettid() process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) mremap(&(0x7f0000371000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 8.060706013s ago: executing program 2 (id=2857): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in=@multicast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}}}, 0xb8}}, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "0bc0f7", 0x0, "de9560"}}}}}}, 0x0) 7.936959903s ago: executing program 2 (id=2858): r0 = fsopen(&(0x7f0000000200)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='[:::/', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000240)='[:::/', &(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='\x00', &(0x7f0000000180)='.!^#\x00', 0x0) fsconfig$FSCONFIG_SET_PATH(r0, 0x3, &(0x7f00000000c0)='\x00', &(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000300)='source', &(0x7f0000000340)=',[\x00', 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 7.862368489s ago: executing program 2 (id=2859): syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000080)='./file1\x00', 0x8, &(0x7f0000006500)={[{@dots}, {@dots}, {@dots}, {@nodots}, {@dots}, {@nodots}, {@dots}, {@fat=@quiet}, {@nodots}, {@dots}, {@fat=@showexec}, {@dots}, {@dots}, {@fat=@umask={'umask', 0x3d, 0x7fff}}, {@fat=@nfs}, {@dots}, {@fat=@tz_utc}, {@fat=@errors_continue}, {@nodots}, {@fat=@nocase}, {@fat=@check_strict}, {@dots}]}, 0xfd, 0x1bf, &(0x7f0000000680)="$eJzs3TGL02AYB/Cn9bzmnG4TRCHg4nSon+BEThADgtJBJ4XT5SqCt0SX9mP4Af0A0qmLRGrSxkaHWmxS6++39En/edvnHZp26ZNXN99dnL+/fPvl+udIkl70T+M0Zr04jn4sTAIA2CezooivRanrXgCAdqzx/f+t5ZYAgC17/uLlkwdZdvYsTZOI6SQf5sPyscwfPc7O7qY/HNerpnk+vLLM76XN3w7z/Gpcq/L75fp0NT+MO7fLfJ49fJo18kGcb3frAAAAAAAAAAAAAAAAAAAAAADQmVuRLvx2vs/JSTM/qvLy6Kf5QI35PQdx46A6rMcDFeM2NgUAAAAAAAAAAAAAAAAAAAD/mMuPny5ej0ZvPtTFICJWn/mTole98IbL2y76sRNtKP5qke5GG6MNPwWHEbGtxmZFUax1cn2NGHR1cQIAAAAAAAAAAAAAAAAAgP9M/affX7Oki4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAP1/f83KMYRscbJyzc76nSrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7LHvAQAA///DgjXa") mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$9p_tcp(&(0x7f0000000040), &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x2000, 0x0) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc) readlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=""/234, 0xea) 7.60607328s ago: executing program 2 (id=2860): r0 = socket$inet6(0xa, 0x806, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r0, 0x3) r1 = syz_io_uring_setup(0xf02, &(0x7f0000000080), &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x1c3c, 0x0, 0x0, 0x0, 0x0) r4 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r4, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) 7.166004546s ago: executing program 2 (id=2861): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r3}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000880)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) 7.165844386s ago: executing program 1 (id=2862): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0xf, &(0x7f00000003c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='syzkaller\x00'}, 0x90) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r1, r3}, 0x10) syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[], 0x0) syz_emit_ethernet(0xfdef, &(0x7f0000000300)=ANY=[], 0x0) 1.794849214s ago: executing program 4 (id=2872): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in=@multicast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}}}, 0xb8}}, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "0bc0f7", 0x0, "de9560"}}}}}}, 0x0) 1.544705904s ago: executing program 4 (id=2873): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000200)={[{@noblock_validity}, {@sysvgroups}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@jqfmt_vfsold}, {@usrquota}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000080)='ro\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', 0x0, 0x804020, 0x0) 1.250740418s ago: executing program 4 (id=2874): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000240)={'ip_vti0\x00', 0x0, 0x8000, 0x7800, 0x0, 0x3cf7, {{0x14, 0x4, 0x0, 0x34, 0x50, 0x68, 0x0, 0x40, 0x0, 0x0, @broadcast, @broadcast, {[@timestamp_addr={0x44, 0x1c, 0xb, 0x1, 0x6, [{@remote, 0x9}, {@private=0xa010101, 0x7fff}, {@broadcast}]}, @timestamp_prespec={0x44, 0x1c, 0x0, 0x3, 0x8, [{@private=0xa010100, 0x3}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1}, {@rand_addr=0x64010100, 0xd3}]}, @ra={0x94, 0x4}]}}}}}) bind$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x1b, r2, 0x1, 0x5}, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r3 = getpid() r4 = syz_open_dev$vim2m(0x0, 0x0, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000040)={0x2, @pix_mp={0x0, 0x0, 0x50323234}}) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) futex(&(0x7f000000cffc), 0xd, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(r6, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r7 = socket(0x15, 0x5, 0x0) getsockopt$nfc_llcp(r7, 0x114, 0x2721, 0x0, 0x20000000) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x1, 0x0) open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) inotify_init1(0x0) bind$inet(r0, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10) 344.934952ms ago: executing program 4 (id=2875): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x3, &(0x7f0000000680)=@framed, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) setsockopt$packet_int(r3, 0x107, 0x16, &(0x7f0000000000), 0x4) 200.606184ms ago: executing program 4 (id=2876): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x3000490, &(0x7f0000000380), 0x45, 0x7ac, &(0x7f0000000f80)="$eJzs3c9rHNcdAPDvrFY/7VYqFFr3JCi0BuNV5ap2C4Wq9FAKNRiSc2yxWgtHK63RrowlRGITArkEkpBbcvE5Py8h1/w45JL8H8HGSWQThxyCwuwPaWXtyru2tGvHnw+M9d7MG733nTf75mlnvBvAU2sy/ScTcSwiXksixuvrk4gYrKayEbO1cvc2N/LpksTW1jPfJtUydzc38tG0T+pIPfP7iPjs5YgTmb31ltfWF+eKxcJKPT9VWbo8VV5bP3lpaW6hsFBYPj09M3PqzN/OnD64WL//av3ordf/++f3Z3986XcfvPp5ErNxtL6tOY6DMhmT9WMymB7CXf5z0JX1zUcvdFCo6QzIHmZj6FLaMQP1XjkW4zGwX/+M9rJlAMBheTEittoZaLsFAHiiJbXr/7/63Q4AoFca7wPc3dzIN5b+viPRW7f/HREjtfgb9zdrW7L1e3Yj1fugY3eTXXdGkoiYOID6JyPi7Y+fezdd4pDuQwK0cu16RFyYmNw7/id7nlno1l9ar15ozkzet9H4B73zSTr/+Xur+V9me/4TLeY/wy1euw/jwa//zM0DqKatdP73z6Zn2+41xV83MVDP/ao65xtMLl4qFtKx7dcRcTwGh9P89D51HL/z051225rnf9+98fw7af3pz50SmZvZ4d37zM9V5h4l5ma3r0f8Idsq/nT8H672f9Jm/nuuwzr+949X3mq3LY0/jbex7I3/cG3diPhTy/5Ptssk+z6fOFU9HaYaJ0ULH87GWLv6J7M7/Z8uaf2NvwV6Ie3/sf3jn0ian9csd/yrt58W+/LG+KftCjWf/63jb33+DyXPVtND9XVX5yqVlemIoeT/e9ef2tm3kW+UT+M//sfWr//G+Nfq/E//JrzQ4YHI3vrmvYeP/3Cl8c931f9dJ2Lk3uJAu/o76/+ZXft0Mv512sCHPW4AAAAAAAAAAAAAAAAAAAAAAAAA0I1MRByNJJPbTmcyuVztO7x/G2OZYqlcOXGxtLo8H9Xvyp6IwUzjoy7Hmz4Pdbr+efiN/Kn78n+NiN9ExJvDo9V8Ll8qzvc7eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoO9Lm+/9TXw/3u3UAwKEZGeh3CwCAHkuy2X43AQDotZGuSo8eWjsAgN7p7voPAPwSuP4DwNPnAdd//w0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAR3Xu7Nl02fphcyOf5uevrK0ulq6cnC+UF3NLq/lcvrRyObdQKi0UC7l8aantL7pW+1EslS7PxPLq1alKoVyZKq+tn18qrS5Xzl9amlsonC8M9iwyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOhceW19ca5YLKxI9CWx+EWtHx6X9kh0l4hrtf57XNpzcIkY2hklRvszOAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AX4OAAD//1N1IyI=") creat(&(0x7f0000000040)='./bus\x00', 0x0) ioprio_set$pid(0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) acct(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00') acct(0x0) 0s ago: executing program 4 (id=2877): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$tipc(0x1e, 0x0, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000002c0)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_KEY(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x1c, r2, 0x1, 0x0, 0x0, {0x12}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x1c}}, 0x0) syz_open_procfs(0x0, 0x0) keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000001580)=""/4100, 0x1004) keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000000)=""/119, 0x77) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x10, &(0x7f0000000140)={[{@norecovery}]}, 0xee, 0x469, &(0x7f0000000b00)="$eJzs3E1sVEUcAPD/e/3i01bEDxC0ikbiR0vLhxy8aDTxoImJHjCealsIUqihNRFCFD3g0ZB4Nx5NvJt40otRD8bEq94NCTFcQE9rZve9sl12S8tuWXB/v+RtZ96bZua/86Y7O7PbAHrWaHrIIrZExB8RMVzLLi8wWvtx7cq56X+unJvOolJ58++sWu7qlXPTZdHy9zbXMpVKxFBKDjWp98I7EVNzc7Oni/z44sn3xxfOnH3u+MmpY7PHZk9NHj58YP/uwUOTB9uKLy9+priu7vxofteOV9+++Pr0kYvv/vxNau+W4np9HLckRdtgtPbsNno0PTzZVmV3lF/Tw9a6E1l/68Jjt6FBrF5fRKTuGqiO/+Hoi41L14bjlU+72jhgXVUqlUqz1+fC+QrwP5ZFt1sAdEf5Qp/e/5bHbZp63BEuv1h7A5TivlYctSv9S2sHAw3vbztpNCKOnP/3y3REJ9YhAABu4vs0/3m22fwvjwfqyt1T7KGMRMS9EbEtIu6LiO0RcX9EteyDEfHQGutv3CG5cf6TX7qlwFYpzf9eKPa2ls//ytlfjPQVua3V+Aeyo8fnZvcVz8neGBhK+YkV6vjh5d8/L9MbGq7Vz//Skeov54JFOy71NyzQzUwtTrUbd+nyJxE7+5vFn0W5jZNFxI6I2HmLdRx/+utdra7dPP4VrLDPtFqVryKeqvX/+VgW//WuylruT048f2jy4PiGmJvdN17eFTf65bcLb7Sqv634OyD1/6am9//SLvBItiFi4czZE9X92oW113Hhz8/qxvSy3eUUf/5txJrv/8HsrWp6sDj34dTi4umJiMHstRvPT17/3TJflk/x793TfPxvq2vxwxGRbuLdEfFIsYmb+u6xiHg8IvasEP9PLz3xXqtrrft/hVX5Dkrxz9ys/6O+/9ee6Dvx43drj7+U+v9ANbW3OLOav3+rbWA7zx0AAADcLfLqZ+CzfGwpnedjY7XP8G+PTfnc/MLiM0fnPzg1U/us/EgM5OVK13DdeuhEsTZc5icb8vuLdeMv+jZW82PT83Mz3Q4eetzmFuM/+auv260D1l0H9tGAu5TxD73L+IfeZfxD7zL+oXc1G/8fd6EdwO3n9R96l/EPvcv4h95l/ENPavnd+Lytr/x3OVH+74Q7pT1dSmxczyoi736APZHoX+/beKjppS7/YQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiQ/wIAAP//YKPiyQ==") chdir(&(0x7f0000000080)='./file0\x00') r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r5, 0xc0505405, &(0x7f00000000c0)={0x3}) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='freezer.state\x00', 0x275a, 0x0) ioctl$FS_IOC_GETFSMAP(r6, 0xc0c0583b, &(0x7f00000001c0)=ANY=[@ANYBLOB="cc2f4060a7eefed125e967253a8a94bbb89a874e8dc2de9856d1ce", @ANYBLOB]) bpf$PROG_LOAD(0x5, 0x0, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x8, 0x0) mbind(&(0x7f0000403000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4003, &(0x7f00000003c0), 0x2, 0x4e6, &(0x7f0000000840)="$eJzs3MtrXNUfAPDvvUnapo9f8qvPPrSjVQyKTZM+Fy6sKHQjCIrUZUzSUpu20kRoS7BRpIILpX+Bj53gX+BKN6LiQnGruBWhSDatLmTkztwbZzozeXWSaZPPB6Y9595z7znn3nuS85ibANatUvZPErE1In6JiL5qtD5Bqfrfzdnp0b9mp0eTKJdf/jOppLsxOz1aJC2O25JHBtKI9L0kdjXJd/LS5TMjExPjF/L44FSah86OnBo/NX5u+OjRgwd6jxwePtSWemZlurHz7fO7dxx/7dqLoyeuvf7dF1l5y/n+2npU9S8xh66GLaUo1V/LGo8v8ex3um014aQ7+zftXGFYtOypzW5XT6X995VzlX198cK7RboNnSwksCKyxr6xYevc77KZcq0kqR4ArBGJJg3rVPGL/sZsNlKdHm0cBzfR3dYuSEddPxaVCmX1vpl/qnu6KyPYUn91bNSzQvnfGxEnZv7+OPtE03kIAID2+upYxOa831F8qnvSuL8m3f/yWaH+iPh/RGyPiHvy/st9EZW0D0TEgzXHJPl60nxKt8Qb+z8/9eaB2u5q22T9v2fyta36/t/c+kV/Vx7bVql/T3Ly9MT4/vyaDETPxiw+1HjquWm1r5//+aNW+Zdq+n/ZJ8u/6Avm5fij+5YJurGRqZHbrXfh+juVC3ulsf5JdCdFKGJHROxcxvmza3b6yc93t9pfV/+sng31/7D1ydswDil/GvFE9f7PxC31j3zdI6msT559c3Dy0uWnT9euTw4dOTx8aHBTTIzvHyyeikbf/3j1pTzYMIxY+P6vrOz+b276/M+tXPYnteu1k0vP4+qv77cc0yz3+d+QvFIJF+tSF0empi4MRWxIZhq3D/937MWR3rr0Wf0H9jZv/9sj/vkkP25XRGQP8UMR8XBE7MnL/khEPBoRe+ep/7fPPfZGqyHknXD/x5Z0/1sFnv0hovmurjPffNmQ8QelRdY/u/8HK6GBfMvYyNSmheo1X0lrA7d9AQEAAOAusCcitkaS7svnOLdGmu7bF7FlbgZlcuqpk+ffOjdWfUegP3rSYqarr2Y+dCifG87i2VHDNfFs/4HKvHG5XC73ZvFs/D6xrbNVh3VvS4v2n/m98ZUWYK1Z0jpaqzfagLvS8tfR2/+FDGB1raHv8wNLpP3D+rXo9r9Sb8EBHdOs/V+JuNmBogCrrFn7f7UD5QBWn/E/rF/aP6xbC75MC6xJi3pJfhmB7cfnSZN0r0ymrQNp1G3JfuLV/RWA/ogicfEFx/lP+Fsa0Z4SdrW1pr119zRtmmZTtCOvSBdM072EP8SwuoH0zihGNbAxIhZ4eucetitF4PJKF6zSCD7r7E8nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA2/dvAAAA//+lFtmI") quotactl$Q_GETNEXTQUOTA(0x0, &(0x7f00000080c0)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3, 0xc, &(0x7f0000000280)=ANY=[@ANYRESDEC=0x0], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) kernel console output (not intermixed with test programs): _extend:1894: will only finish group (16384 blocks, 16256 new) [ 412.580804][T10984] loop0: detected capacity change from 512 to 0 [ 412.751658][T10674] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /7/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0 [ 412.847718][T10674] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /7/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 412.971391][T10674] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /7/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 413.147362][T11013] loop2: detected capacity change from 0 to 2048 [ 413.193323][T10674] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /7/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 413.241597][T10674] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /7/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 413.275033][T11013] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 413.307652][T11013] ext4 filesystem being mounted at /181/file0 supports timestamps until 2038 (0x7fffffff) [ 413.406736][T10674] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /7/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 413.490859][T10674] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /7/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 413.519438][T10674] EXT4-fs error (device loop0): ext4_map_blocks:607: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1) [ 413.522130][ T8184] EXT4-fs (loop2): unmounting filesystem. [ 413.769965][T11016] loop3: detected capacity change from 0 to 32768 [ 413.999577][T10674] EXT4-fs (loop0): unmounting filesystem. [ 414.039746][T11016] XFS (loop3): Mounting V5 Filesystem [ 414.187688][T11016] XFS (loop3): Ending clean mount [ 414.205124][ T102] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.218276][T11016] XFS (loop3): Quotacheck needed: Please wait. [ 414.344351][T11016] XFS (loop3): Quotacheck: Done. [ 414.425185][ T102] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.459719][ T8131] XFS (loop3): Unmounting Filesystem [ 414.632582][ T102] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.801107][ T47] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 414.813197][ T47] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 414.821354][ T47] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 414.829068][ T47] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 414.843975][ T47] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 414.845564][ T9728] bio_check_eod: 294 callbacks suppressed [ 414.845577][ T9728] syz.4.2054: attempt to access beyond end of device [ 414.845577][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 414.873770][ T47] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 414.918527][ T102] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.950871][ T9728] syz.4.2054: attempt to access beyond end of device [ 414.950871][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 415.003675][ T9728] syz.4.2054: attempt to access beyond end of device [ 415.003675][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 415.045170][ T9728] syz.4.2054: attempt to access beyond end of device [ 415.045170][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 415.096095][ T9728] syz.4.2054: attempt to access beyond end of device [ 415.096095][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 415.144336][T11066] loop3: detected capacity change from 0 to 2048 [ 415.165765][ T9728] syz.4.2054: attempt to access beyond end of device [ 415.165765][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 415.213456][ T9728] syz.4.2054: attempt to access beyond end of device [ 415.213456][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 415.216639][ T4652] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 415.229440][ T9728] syz.4.2054: attempt to access beyond end of device [ 415.229440][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 415.252455][ T9728] syz.4.2054: attempt to access beyond end of device [ 415.252455][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 415.277775][ T9728] syz.4.2054: attempt to access beyond end of device [ 415.277775][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 415.311154][T11066] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 415.350509][T11066] ext4 filesystem being mounted at /152/file0 supports timestamps until 2038 (0x7fffffff) [ 415.498765][ T47] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 415.509003][ T47] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 415.519045][ T47] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 415.531347][ T47] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 415.539180][ T47] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 415.541039][ T8131] EXT4-fs (loop3): unmounting filesystem. [ 415.553770][ T47] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 415.726461][ T4652] usb 3-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 415.750269][ T4652] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.770146][T11055] chnl_net:caif_netlink_parms(): no params data found [ 415.798018][ T4652] usb 3-1: config 0 descriptor?? [ 415.854884][ T4652] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input29 [ 416.195152][T11083] loop3: detected capacity change from 0 to 32768 [ 416.244115][T11055] bridge0: port 1(bridge_slave_0) entered blocking state [ 416.256389][T11055] bridge0: port 1(bridge_slave_0) entered disabled state [ 416.264450][T11083] XFS (loop3): Mounting V5 Filesystem [ 416.285212][T11055] device bridge_slave_0 entered promiscuous mode [ 416.297666][ T153] usb 3-1: USB disconnect, device number 15 [ 416.379025][T11083] XFS (loop3): Ending clean mount [ 416.389663][T11055] bridge0: port 2(bridge_slave_1) entered blocking state [ 416.401857][T11083] XFS (loop3): Quotacheck needed: Please wait. [ 416.416492][T11055] bridge0: port 2(bridge_slave_1) entered disabled state [ 416.485079][T11055] device bridge_slave_1 entered promiscuous mode [ 416.493389][T11083] XFS (loop3): Quotacheck: Done. [ 416.559511][T11077] chnl_net:caif_netlink_parms(): no params data found [ 416.647681][ T8131] XFS (loop3): Unmounting Filesystem [ 416.765592][T11055] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 416.833052][T11055] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 416.940854][ T3549] Bluetooth: hci4: command tx timeout [ 417.291446][T11055] team0: Port device team_slave_0 added [ 417.316118][T11055] team0: Port device team_slave_1 added [ 417.485797][ T27] audit: type=1326 audit(1720686258.644:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11105 comm="syz.2.2426" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6259575bd9 code=0x0 [ 417.607768][T11116] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 417.632745][T11116] loop2: detected capacity change from 0 to 164 [ 417.642893][ T3549] Bluetooth: hci6: command tx timeout [ 418.099991][T11077] bridge0: port 1(bridge_slave_0) entered blocking state [ 418.117526][T11077] bridge0: port 1(bridge_slave_0) entered disabled state [ 418.165679][T11077] device bridge_slave_0 entered promiscuous mode [ 418.297418][T11055] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 418.317674][T11055] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 418.400466][T11055] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 418.420176][T11077] bridge0: port 2(bridge_slave_1) entered blocking state [ 418.427503][T11077] bridge0: port 2(bridge_slave_1) entered disabled state [ 418.485034][T11077] device bridge_slave_1 entered promiscuous mode [ 418.499963][T11055] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 418.507906][T11055] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 418.558933][T11055] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 418.583933][ T102] device hsr_slave_0 left promiscuous mode [ 418.597210][ T102] device hsr_slave_1 left promiscuous mode [ 418.603964][ T102] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 418.612148][ T102] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 418.619813][ T102] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 418.636527][ T102] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 418.648488][ T102] device bridge_slave_1 left promiscuous mode [ 418.659037][ T102] bridge0: port 2(bridge_slave_1) entered disabled state [ 418.669190][ T102] device bridge_slave_0 left promiscuous mode [ 418.679049][ T102] bridge0: port 1(bridge_slave_0) entered disabled state [ 418.737186][ T102] device veth1_macvtap left promiscuous mode [ 418.748660][ T102] device veth0_macvtap left promiscuous mode [ 418.759396][ T102] device veth1_vlan left promiscuous mode [ 418.769530][ T102] device veth0_vlan left promiscuous mode [ 419.028560][ T47] Bluetooth: hci4: command tx timeout [ 419.449942][ T102] team0 (unregistering): Port device team_slave_1 removed [ 419.576789][ T102] team0 (unregistering): Port device team_slave_0 removed [ 419.667507][ T47] Bluetooth: hci6: command tx timeout [ 419.695790][ T102] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 419.739279][ T102] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 420.025245][ T9728] bio_check_eod: 566 callbacks suppressed [ 420.025265][ T9728] syz.4.2054: attempt to access beyond end of device [ 420.025265][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 420.253703][ T102] bond0 (unregistering): Released all slaves [ 420.284940][ T9728] syz.4.2054: attempt to access beyond end of device [ 420.284940][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 420.302240][ T9728] syz.4.2054: attempt to access beyond end of device [ 420.302240][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 420.320177][ T9728] syz.4.2054: attempt to access beyond end of device [ 420.320177][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 420.383853][ T9728] syz.4.2054: attempt to access beyond end of device [ 420.383853][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 420.431514][ T9728] syz.4.2054: attempt to access beyond end of device [ 420.431514][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 420.534446][ T9728] syz.4.2054: attempt to access beyond end of device [ 420.534446][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 420.640987][T11077] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 420.661131][ T9728] syz.4.2054: attempt to access beyond end of device [ 420.661131][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 420.678288][T11055] device hsr_slave_0 entered promiscuous mode [ 420.688777][T11140] loop2: detected capacity change from 0 to 8 [ 420.699305][ T9728] syz.4.2054: attempt to access beyond end of device [ 420.699305][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 420.716308][ T9728] syz.4.2054: attempt to access beyond end of device [ 420.716308][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 420.950241][T11143] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 420.975518][T11143] loop3: detected capacity change from 0 to 164 [ 420.987945][ T27] audit: type=1326 audit(1720686261.984:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11136 comm="syz.3.2438" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb3e5375bd9 code=0x0 [ 421.110432][ T47] Bluetooth: hci4: command tx timeout [ 421.449469][T11055] device hsr_slave_1 entered promiscuous mode [ 421.553684][T11055] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 421.561369][T11055] Cannot create hsr debugfs directory [ 421.569253][T11077] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 421.753823][ T3549] Bluetooth: hci6: command tx timeout [ 421.759697][ T27] audit: type=1326 audit(1720686262.914:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11139 comm="syz.2.2439" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6259575bd9 code=0x0 [ 422.244381][T11077] team0: Port device team_slave_0 added [ 422.303205][T11077] team0: Port device team_slave_1 added [ 422.430541][T11151] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2442'. [ 422.466965][T11151] device bond2 entered promiscuous mode [ 422.488105][T11151] 8021q: adding VLAN 0 to HW filter on device bond2 [ 422.623250][T11157] device bond2 left promiscuous mode [ 422.660056][T11077] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 422.678601][T11077] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 422.740365][T11077] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 422.763728][T11077] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 422.780508][T11077] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 422.941606][T11077] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 422.991733][T11155] 8021q: adding VLAN 0 to HW filter on device bond2 [ 422.998748][T11155] bond2: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 423.094455][T11155] bond2: (slave ip6gre1): Error -95 calling set_mac_address [ 423.183850][ T47] Bluetooth: hci4: command tx timeout [ 423.234263][T11162] loop2: detected capacity change from 0 to 512 [ 423.315153][T11077] device hsr_slave_0 entered promiscuous mode [ 423.331536][T11077] device hsr_slave_1 entered promiscuous mode [ 423.340574][T11077] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 423.368536][T11077] Cannot create hsr debugfs directory [ 423.456441][T11165] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2446'. [ 423.591079][T11162] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2802c018, mo2=0002] [ 423.605263][T11162] System zones: 0-2, 18-18, 34-35 [ 423.668724][T11162] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 423.696301][T11162] ext4 filesystem being mounted at /204/file0 supports timestamps until 2038 (0x7fffffff) [ 423.821401][ T47] Bluetooth: hci6: command tx timeout [ 423.840305][T11162] loop2: detected capacity change from 512 to 0 [ 423.860033][T11162] EXT4-fs warning (device loop2): ext4_group_extend:1894: will only finish group (16384 blocks, 16256 new) [ 423.948426][T11077] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.971707][ T8184] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /204/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0 [ 424.026866][ T8184] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /204/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 424.085387][ T8184] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /204/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 424.180656][T11077] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 424.198463][ T8184] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /204/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 424.227888][ T8184] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /204/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 424.256890][ T8184] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /204/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 424.279868][ T8184] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /204/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 424.323129][T11077] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 424.333966][ T8184] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1) [ 424.484602][T11077] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 424.794667][ T8184] EXT4-fs (loop2): unmounting filesystem. [ 424.855122][T11186] loop3: detected capacity change from 0 to 1024 [ 424.900391][T11186] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 424.944038][T11188] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2456'. [ 424.950497][T11186] EXT4-fs (loop3): The Hurd can't support 64-bit file systems [ 425.021662][T11077] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 425.039065][ T9728] bio_check_eod: 250 callbacks suppressed [ 425.039084][ T9728] syz.4.2054: attempt to access beyond end of device [ 425.039084][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 425.090731][ T9728] syz.4.2054: attempt to access beyond end of device [ 425.090731][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 425.165349][T11077] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 425.182341][ T9728] syz.4.2054: attempt to access beyond end of device [ 425.182341][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 425.210847][T11077] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 425.245381][T11191] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 425.268311][ T3549] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 425.280152][ T3549] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 425.288646][ T3549] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 425.299515][ T3549] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 425.308984][ T3549] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 425.316771][ T3549] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 425.337445][ T9728] syz.4.2054: attempt to access beyond end of device [ 425.337445][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 425.351752][T11077] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 425.367607][ T9728] syz.4.2054: attempt to access beyond end of device [ 425.367607][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 425.438360][T11055] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 425.438960][ T9728] syz.4.2054: attempt to access beyond end of device [ 425.438960][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 425.462990][ T9728] syz.4.2054: attempt to access beyond end of device [ 425.462990][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 425.478856][ T9728] syz.4.2054: attempt to access beyond end of device [ 425.478856][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 425.495578][ T9728] syz.4.2054: attempt to access beyond end of device [ 425.495578][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 425.513318][ T9728] syz.4.2054: attempt to access beyond end of device [ 425.513318][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 425.564383][T11055] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 425.642618][T11077] 8021q: adding VLAN 0 to HW filter on device bond0 [ 425.649856][T11055] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 425.728966][T11055] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 425.814069][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 425.832303][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 425.899707][T11077] 8021q: adding VLAN 0 to HW filter on device team0 [ 426.114711][T11203] loop3: detected capacity change from 0 to 32768 [ 426.130544][T11203] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.2464 (11203) [ 426.147618][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 426.162770][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 426.173212][ T8644] bridge0: port 1(bridge_slave_0) entered blocking state [ 426.180339][ T8644] bridge0: port 1(bridge_slave_0) entered forwarding state [ 426.188163][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 426.204612][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 426.217458][ T8644] bridge0: port 2(bridge_slave_1) entered blocking state [ 426.224601][ T8644] bridge0: port 2(bridge_slave_1) entered forwarding state [ 426.257314][T11203] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 426.321621][ T3588] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 426.329731][ T3588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 426.340347][T11203] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 426.341924][ T3588] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 426.357392][T11203] BTRFS info (device loop3): using free space tree [ 426.358650][ T3588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 426.384424][ T3588] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 426.450185][T11055] 8021q: adding VLAN 0 to HW filter on device bond0 [ 426.490799][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 426.499758][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 426.516658][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 426.537140][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 426.546391][T11203] BTRFS info (device loop3): enabling ssd optimizations [ 426.547861][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 426.570466][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 426.579230][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 426.673262][T11193] chnl_net:caif_netlink_parms(): no params data found [ 426.685024][T11077] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 426.700544][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 426.709100][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 426.729830][T11055] 8021q: adding VLAN 0 to HW filter on device team0 [ 426.866339][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 426.903727][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 426.978026][ T3289] bridge0: port 1(bridge_slave_0) entered blocking state [ 426.985368][ T3289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 427.035754][T11234] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2467'. [ 427.080775][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 427.119694][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 427.170915][ T3289] bridge0: port 2(bridge_slave_1) entered blocking state [ 427.178020][ T3289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 427.220679][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 427.323006][ T102] device hsr_slave_0 left promiscuous mode [ 427.341399][ T3549] Bluetooth: hci0: command tx timeout [ 427.351245][ T102] device hsr_slave_1 left promiscuous mode [ 427.371300][ T102] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 427.378857][ T102] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 427.386651][ T8131] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 427.399981][ T102] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 427.418331][ T102] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 427.426579][ T102] device bridge_slave_1 left promiscuous mode [ 427.440631][ T102] bridge0: port 2(bridge_slave_1) entered disabled state [ 427.555044][ T102] device bridge_slave_0 left promiscuous mode [ 427.562584][ T102] bridge0: port 1(bridge_slave_0) entered disabled state [ 427.663393][ T102] device veth1_macvtap left promiscuous mode [ 427.669456][ T102] device veth0_macvtap left promiscuous mode [ 427.685816][ T102] device veth1_vlan left promiscuous mode [ 427.692221][ T102] device veth0_vlan left promiscuous mode [ 427.894568][T11239] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 428.696054][ T102] team0 (unregistering): Port device team_slave_1 removed [ 428.719196][T11247] loop3: detected capacity change from 0 to 40427 [ 428.767904][T11247] F2FS-fs (loop3): Found nat_bits in checkpoint [ 428.779374][ T102] team0 (unregistering): Port device team_slave_0 removed [ 428.857388][T11247] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 428.865578][ T102] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 428.982474][ T102] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 429.420696][ T3549] Bluetooth: hci0: command tx timeout [ 429.770092][ T102] bond0 (unregistering): Released all slaves [ 429.910861][ T3588] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 429.929404][ T3588] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 429.949661][ T3588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 429.981205][ T3588] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 430.011530][T11253] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2472'. [ 430.042634][ T9728] bio_check_eod: 1310 callbacks suppressed [ 430.042650][ T9728] syz.4.2054: attempt to access beyond end of device [ 430.042650][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 430.063624][ T9728] syz.4.2054: attempt to access beyond end of device [ 430.063624][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 430.080353][ T9728] syz.4.2054: attempt to access beyond end of device [ 430.080353][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 430.095852][T11253] device bond2 entered promiscuous mode [ 430.112911][T11253] 8021q: adding VLAN 0 to HW filter on device bond2 [ 430.129241][ T9728] syz.4.2054: attempt to access beyond end of device [ 430.129241][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 430.152319][T11254] 8021q: adding VLAN 0 to HW filter on device bond2 [ 430.159325][T11254] bond2: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 430.168052][ T9728] syz.4.2054: attempt to access beyond end of device [ 430.168052][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 430.171113][T11254] bond2: (slave ip6gre1): Error -95 calling set_mac_address [ 430.204818][ T9728] syz.4.2054: attempt to access beyond end of device [ 430.204818][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 430.239401][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 430.249446][ T9728] syz.4.2054: attempt to access beyond end of device [ 430.249446][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 430.256682][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 430.264104][ T9728] syz.4.2054: attempt to access beyond end of device [ 430.264104][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 430.287778][ T9728] syz.4.2054: attempt to access beyond end of device [ 430.287778][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 430.297391][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 430.304782][ T9728] syz.4.2054: attempt to access beyond end of device [ 430.304782][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 430.323212][ T27] audit: type=1326 audit(1720686271.474:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11262 comm="syz.4.2474" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6724175bd9 code=0x0 [ 430.332243][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 430.365092][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 430.387522][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 430.408030][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 430.442402][T11055] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 430.490600][ T4654] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 430.498691][ T4654] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 430.512113][T11077] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 430.536300][T11193] bridge0: port 1(bridge_slave_0) entered blocking state [ 430.553145][T11193] bridge0: port 1(bridge_slave_0) entered disabled state [ 430.571217][T11193] device bridge_slave_0 entered promiscuous mode [ 430.604722][ T4646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 430.621124][ T4646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 430.639983][T11193] bridge0: port 2(bridge_slave_1) entered blocking state [ 430.671510][T11193] bridge0: port 2(bridge_slave_1) entered disabled state [ 430.690150][T11193] device bridge_slave_1 entered promiscuous mode [ 430.774651][T11193] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 430.809928][T11193] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 430.837194][T11077] device veth0_vlan entered promiscuous mode [ 431.028286][ T3591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 431.051017][ T3591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 431.502462][ T3549] Bluetooth: hci0: command tx timeout [ 431.884630][T11077] device veth1_vlan entered promiscuous mode [ 431.894025][ T4646] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 431.902207][ T4646] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 432.013447][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 432.033217][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 432.063412][T11193] team0: Port device team_slave_0 added [ 432.073583][T11055] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 432.108975][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 432.123263][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 432.149726][T11193] team0: Port device team_slave_1 added [ 432.210582][T11077] device veth0_macvtap entered promiscuous mode [ 432.251873][T11193] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 432.258864][T11193] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 432.330327][T11193] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 432.356610][T11193] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 432.370425][T11193] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 432.440281][T11193] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 432.462121][T11077] device veth1_macvtap entered promiscuous mode [ 432.477259][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 432.495828][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 432.515276][T11293] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 432.516023][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 432.634744][T11077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 432.663462][T11077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 432.693539][T11077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 432.710327][T11077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 432.720167][T11077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 432.748879][T11077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 432.770245][T11077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 432.781820][T11077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 432.802092][T11077] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 432.809560][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 432.824813][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 432.849393][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 432.886362][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 432.915867][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 432.939938][ T8644] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 432.965720][T11193] device hsr_slave_0 entered promiscuous mode [ 432.982706][T11193] device hsr_slave_1 entered promiscuous mode [ 432.998975][T11055] device veth0_vlan entered promiscuous mode [ 433.016476][T11297] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2483'. [ 433.069918][T11297] device bond3 entered promiscuous mode [ 433.095215][T11297] 8021q: adding VLAN 0 to HW filter on device bond3 [ 433.168498][T11298] 8021q: adding VLAN 0 to HW filter on device bond3 [ 433.189823][T11298] bond3: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 433.221816][T11298] bond3: (slave ip6gre1): Error -95 calling set_mac_address [ 433.283828][T11077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 433.316873][T11077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 433.348134][T11077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 433.372145][T11077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 433.393284][T11077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 433.414837][T11077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 433.436962][T11077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 433.458477][T11077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 433.490318][T11077] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 433.562874][ T8646] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 433.581077][ T3549] Bluetooth: hci0: command tx timeout [ 433.593868][ T8646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 433.634394][T11077] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 433.655444][T11302] loop3: detected capacity change from 0 to 1024 [ 433.670317][T11077] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 433.679035][T11077] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 433.707867][T11077] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 433.749324][T11055] device veth1_vlan entered promiscuous mode [ 433.806836][T11302] Buffer I/O error on dev loop3, logical block 2889, async page read [ 433.828738][ T27] audit: type=1326 audit(1720686274.984:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11301 comm="syz.3.2484" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb3e5375bd9 code=0x0 [ 433.905985][ T27] audit: type=1800 audit(1720686275.024:509): pid=11302 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2484" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 433.936860][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 433.953794][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 433.977989][T11055] device veth0_macvtap entered promiscuous mode [ 434.042408][T11055] device veth1_macvtap entered promiscuous mode [ 434.101262][ T3648] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 434.118872][T11055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 434.120563][ T3648] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 434.138103][T11055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.149670][T11055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 434.170370][T11055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.187343][T11055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 434.211558][T11055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.223630][T11055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 434.244339][T11055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.259415][T11055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 434.276121][T11055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.297823][T11055] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 434.327401][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 434.341225][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 434.348216][T11315] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 434.349275][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 434.387285][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 434.407449][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 434.556018][T11055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 434.566876][T11055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.576978][T11055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 434.587613][T11055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.597604][T11055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 434.608430][T11055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.642951][T11055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 434.768702][T11055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.867969][T11055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 434.966733][T11055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.055510][ T9728] bio_check_eod: 801 callbacks suppressed [ 435.055652][ T9728] syz.4.2054: attempt to access beyond end of device [ 435.055652][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 435.094113][T11055] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 435.180935][ T9728] syz.4.2054: attempt to access beyond end of device [ 435.180935][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 435.195200][T11320] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2492'. [ 435.202806][ T9728] syz.4.2054: attempt to access beyond end of device [ 435.202806][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 435.222147][ T9728] syz.4.2054: attempt to access beyond end of device [ 435.222147][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 435.238786][ T9728] syz.4.2054: attempt to access beyond end of device [ 435.238786][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 435.260274][ T9728] syz.4.2054: attempt to access beyond end of device [ 435.260274][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 435.275308][T11320] device bond4 entered promiscuous mode [ 435.281223][T11320] 8021q: adding VLAN 0 to HW filter on device bond4 [ 435.290582][ T9728] syz.4.2054: attempt to access beyond end of device [ 435.290582][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 435.306350][ T9728] syz.4.2054: attempt to access beyond end of device [ 435.306350][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 435.322256][ T9728] syz.4.2054: attempt to access beyond end of device [ 435.322256][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 435.337428][ T9728] syz.4.2054: attempt to access beyond end of device [ 435.337428][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 435.382331][T11324] 8021q: adding VLAN 0 to HW filter on device bond4 [ 435.389405][T11324] bond4: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 435.405559][T11324] bond4: (slave ip6gre1): Error -95 calling set_mac_address [ 435.438142][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 435.461197][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 435.496354][ T7167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 435.533626][T11055] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 435.560301][ T7167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 435.560301][T11055] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 435.560331][T11055] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 435.632602][T11055] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 435.696959][ T27] audit: type=1326 audit(1720686276.854:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11331 comm="syz.4.2495" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6724175bd9 code=0x0 [ 435.760055][T11193] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 435.785370][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 435.967083][T11193] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.103367][T11193] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.129306][T11346] xt_CT: You must specify a L4 protocol and not use inversions on it [ 436.278335][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 436.308513][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 436.328298][T11193] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.607524][ T8646] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 436.965679][ T3694] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 437.010023][ T3694] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 437.083758][ T4656] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 437.161531][ T3594] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 437.305250][T11363] netlink: 'syz.1.2504': attribute type 3 has an invalid length. [ 437.363933][T11193] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 437.430365][T11193] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 437.451653][T11193] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 437.515607][T11193] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 437.530927][ T3594] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 437.548702][T11371] xt_CT: You must specify a L4 protocol and not use inversions on it [ 437.722971][ T3594] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 437.742845][T11193] 8021q: adding VLAN 0 to HW filter on device bond0 [ 437.750668][ T4656] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 437.768070][ T3594] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 437.776668][ T3594] usb 4-1: Product: syz [ 437.788402][ T3594] usb 4-1: Manufacturer: syz [ 437.794848][ T3594] usb 4-1: SerialNumber: syz [ 437.857615][ T3594] cdc_ether: probe of 4-1:1.0 failed with error -22 [ 437.993768][ T4656] usb 1-1: Using ep0 maxpacket: 16 [ 438.076516][ T4654] usb 4-1: USB disconnect, device number 13 [ 438.142907][ T4656] usb 1-1: config 0 has an invalid interface number: 222 but max is 1 [ 438.166949][ T4656] usb 1-1: config 0 has no interface number 1 [ 438.430866][ T4656] usb 1-1: New USB device found, idVendor=0582, idProduct=00a3, bcdDevice=fa.29 [ 438.473121][ T4656] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 438.544011][ T4656] usb 1-1: Product: syz [ 438.566419][ T4656] usb 1-1: Manufacturer: syz [ 438.578154][ T4656] usb 1-1: SerialNumber: syz [ 438.598402][ T4656] usb 1-1: config 0 descriptor?? [ 438.661950][ T4646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 438.708700][ T4646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 438.732619][T11193] 8021q: adding VLAN 0 to HW filter on device team0 [ 438.783396][ T102] device hsr_slave_0 left promiscuous mode [ 438.800328][ T102] device hsr_slave_1 left promiscuous mode [ 438.815691][ T102] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 438.837125][ T102] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 438.845370][ T102] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 438.895934][ T102] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 438.931285][ T102] device bridge_slave_1 left promiscuous mode [ 438.938158][ T102] bridge0: port 2(bridge_slave_1) entered disabled state [ 438.963712][ T102] device bridge_slave_0 left promiscuous mode [ 438.980148][ T102] bridge0: port 1(bridge_slave_0) entered disabled state [ 439.106313][T11387] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 439.149614][ T102] device veth1_macvtap left promiscuous mode [ 439.262786][ T102] device veth0_macvtap left promiscuous mode [ 439.332082][T11387] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 439.350014][ T102] device veth1_vlan left promiscuous mode [ 439.428037][ T102] device veth0_vlan left promiscuous mode [ 439.824249][ T1251] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.831886][ T1251] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.194953][ T4656] usb 1-1: USB disconnect, device number 18 [ 440.224043][ T9728] bio_check_eod: 472 callbacks suppressed [ 440.224162][ T9728] syz.4.2054: attempt to access beyond end of device [ 440.224162][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 440.537038][ T9728] syz.4.2054: attempt to access beyond end of device [ 440.537038][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 440.618662][ T9728] syz.4.2054: attempt to access beyond end of device [ 440.618662][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 440.642957][T11400] xt_CT: You must specify a L4 protocol and not use inversions on it [ 440.679681][ T9728] syz.4.2054: attempt to access beyond end of device [ 440.679681][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 440.740816][T11405] netlink: 'syz.4.2518': attribute type 3 has an invalid length. [ 440.819941][ T9728] syz.4.2054: attempt to access beyond end of device [ 440.819941][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 440.875554][ T9728] syz.4.2054: attempt to access beyond end of device [ 440.875554][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 440.902333][ T9728] syz.4.2054: attempt to access beyond end of device [ 440.902333][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 440.917054][ T9728] syz.4.2054: attempt to access beyond end of device [ 440.917054][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 441.012922][ T9728] syz.4.2054: attempt to access beyond end of device [ 441.012922][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 441.738680][ T9728] syz.4.2054: attempt to access beyond end of device [ 441.738680][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 442.260291][ T14] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 442.438295][T11433] xt_CT: You must specify a L4 protocol and not use inversions on it [ 442.459449][T11435] syz.0.2529[11435] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 442.468228][T11435] syz.0.2529[11435] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 443.211589][ T102] bond2 (unregistering): Released all slaves [ 443.280485][ T14] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 443.360487][ T3591] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 443.409074][ T102] bond1 (unregistering): Released all slaves [ 443.450547][ T14] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 443.463436][ T14] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 443.480265][ T14] usb 2-1: Product: syz [ 443.488949][ T14] usb 2-1: Manufacturer: syz [ 443.499144][ T14] usb 2-1: SerialNumber: syz [ 443.551323][ T14] cdc_ether: probe of 2-1:1.0 failed with error -22 [ 443.618399][ T3591] usb 5-1: Using ep0 maxpacket: 16 [ 443.777576][ T14] usb 2-1: USB disconnect, device number 15 [ 443.795717][ T3591] usb 5-1: config 0 has an invalid interface number: 222 but max is 1 [ 443.806245][ T3591] usb 5-1: config 0 has no interface number 1 [ 444.005492][ T3591] usb 5-1: New USB device found, idVendor=0582, idProduct=00a3, bcdDevice=fa.29 [ 444.020375][ T3591] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 444.028615][ T3591] usb 5-1: Product: syz [ 444.040900][ T3591] usb 5-1: Manufacturer: syz [ 444.046192][ T3591] usb 5-1: SerialNumber: syz [ 444.059441][ T3591] usb 5-1: config 0 descriptor?? [ 444.186132][ T102] team0 (unregistering): Port device team_slave_1 removed [ 444.262048][ T102] team0 (unregistering): Port device team_slave_0 removed [ 444.312978][ T102] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 444.409155][ T102] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 444.435225][T11439] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 444.454704][T11439] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 444.595300][ T3591] usb 5-1: USB disconnect, device number 15 [ 445.113519][ T102] bond0 (unregistering): Released all slaves [ 445.214319][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 445.231069][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 445.239687][ T9728] bio_check_eod: 893 callbacks suppressed [ 445.239703][ T9728] syz.4.2054: attempt to access beyond end of device [ 445.239703][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 445.260060][ T3289] bridge0: port 1(bridge_slave_0) entered blocking state [ 445.267222][ T3289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 445.313482][ T9728] syz.4.2054: attempt to access beyond end of device [ 445.313482][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 445.332590][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 445.352065][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 445.381026][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 445.389782][ T153] bridge0: port 2(bridge_slave_1) entered blocking state [ 445.396954][ T153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 445.407102][ T9728] syz.4.2054: attempt to access beyond end of device [ 445.407102][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 445.465046][ T9728] syz.4.2054: attempt to access beyond end of device [ 445.465046][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 445.526631][ T9728] syz.4.2054: attempt to access beyond end of device [ 445.526631][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 445.556416][T11458] xt_CT: You must specify a L4 protocol and not use inversions on it [ 445.603024][ T8646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 445.620159][ T8646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 445.626265][ T9728] syz.4.2054: attempt to access beyond end of device [ 445.626265][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 445.629094][ T8646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 445.661018][ T3591] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 445.837356][ T9728] syz.4.2054: attempt to access beyond end of device [ 445.837356][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 446.166707][ T9728] syz.4.2054: attempt to access beyond end of device [ 446.166707][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 446.191492][ T9728] syz.4.2054: attempt to access beyond end of device [ 446.191492][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 446.197210][ T8646] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 446.311018][T11467] syz.4.2543[11467] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 446.311128][T11467] syz.4.2543[11467] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 446.480893][ T3591] usb 2-1: config 0 has an invalid interface number: 106 but max is 0 [ 446.547258][ T9728] syz.4.2054: attempt to access beyond end of device [ 446.547258][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 446.679339][ T3591] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 446.912985][ T3591] usb 2-1: config 0 has no interface number 0 [ 446.919144][ T3591] usb 2-1: config 0 interface 106 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 446.966166][ T8646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 446.979861][ T8646] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 446.997624][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 447.003419][T11465] loop3: detected capacity change from 0 to 8192 [ 447.006271][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 447.019603][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 447.027921][ T3591] usb 2-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 447.047457][T11193] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 447.072748][T11465] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 447.073502][T11193] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 447.103298][T11465] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 447.115171][ T3591] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 447.130365][T11465] REISERFS (device loop3): using ordered data mode [ 447.138791][ T3591] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.152432][T11465] reiserfs: using flush barriers [ 447.167416][ T3591] usb 2-1: config 0 descriptor?? [ 447.173160][T11465] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 447.200406][T11474] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2546'. [ 447.260781][T11465] REISERFS (device loop3): checking transaction log (loop3) [ 447.272486][ T3591] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 447.285717][T11465] REISERFS (device loop3): Using r5 hash to sort names [ 447.326318][T11465] reiserfs: enabling write barrier flush mode [ 447.339836][ T4646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 447.349849][ T4646] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 447.357411][T11465] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 447.459430][ T4646] usb 2-1: USB disconnect, device number 16 [ 447.460386][ T7167] usb 2-1: Failed to submit usb control message: -71 [ 447.493130][ T7167] usb 2-1: unable to send the bmi data to the device: -71 [ 447.523107][ T7167] usb 2-1: unable to get target info from device [ 447.539182][ T7167] usb 2-1: could not get target info (-71) [ 447.578461][ T7167] usb 2-1: could not probe fw (-71) [ 447.813752][ T4656] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 447.824713][ T4656] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 447.849626][T11193] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 447.896671][ T4656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 447.907986][ T4656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 447.955440][ T3590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 447.966563][ T3590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 447.998590][T11193] device veth0_vlan entered promiscuous mode [ 448.017407][ T3590] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 448.027650][ T3590] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 448.048036][T11193] device veth1_vlan entered promiscuous mode [ 448.071559][ T3289] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 448.116160][ T3590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 448.151730][ T3590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 448.170047][T11193] device veth0_macvtap entered promiscuous mode [ 448.184767][T11193] device veth1_macvtap entered promiscuous mode [ 448.331420][T11193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 448.410317][T11193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 448.570460][T11193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 448.734130][T11193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 448.870616][T11498] loop0: detected capacity change from 0 to 4096 [ 448.895158][T11193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 449.070304][T11193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.127990][T11193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 449.160284][ T3289] usb 5-1: Using ep0 maxpacket: 16 [ 449.200223][T11193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.225472][T11193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 449.258953][T11193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.280367][ T3289] usb 5-1: config 0 has an invalid interface number: 222 but max is 1 [ 449.301763][T11193] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 449.304190][ T3289] usb 5-1: config 0 has no interface number 1 [ 449.335372][ T8646] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 449.381474][ T8646] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 449.404100][ T8646] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 449.437196][ T8646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 449.540365][ T3289] usb 5-1: New USB device found, idVendor=0582, idProduct=00a3, bcdDevice=fa.29 [ 449.556043][ T3289] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.596435][ T3289] usb 5-1: Product: syz [ 449.611624][T11193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 449.622183][T11193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.632090][T11193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 449.640307][ T3289] usb 5-1: Manufacturer: syz [ 449.643070][T11193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.656964][T11193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 449.667095][ T3289] usb 5-1: SerialNumber: syz [ 449.667530][T11193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.742520][T11513] syz.3.2557[11513] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 449.742896][T11513] syz.3.2557[11513] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 449.793603][T11193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 450.087563][T11193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 450.215929][T11193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 450.343678][T11193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 450.433048][ T3289] usb 5-1: config 0 descriptor?? [ 450.439985][ T9728] bio_check_eod: 409 callbacks suppressed [ 450.440003][ T9728] syz.4.2054: attempt to access beyond end of device [ 450.440003][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 450.469932][T11193] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 450.478200][ T9728] syz.4.2054: attempt to access beyond end of device [ 450.478200][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 450.490339][T11508] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2558'. [ 450.515499][ T9728] syz.4.2054: attempt to access beyond end of device [ 450.515499][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 450.519754][ T3590] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 450.551328][ T9728] syz.4.2054: attempt to access beyond end of device [ 450.551328][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 450.565829][ T3590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 450.584854][T11193] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.613096][ T9728] syz.4.2054: attempt to access beyond end of device [ 450.613096][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 450.629926][T11193] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.649247][ T9728] syz.4.2054: attempt to access beyond end of device [ 450.649247][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 450.658111][T11193] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.682804][ T9728] syz.4.2054: attempt to access beyond end of device [ 450.682804][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 450.696656][T11193] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.718286][ T9728] syz.4.2054: attempt to access beyond end of device [ 450.718286][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 450.763319][ T9728] syz.4.2054: attempt to access beyond end of device [ 450.763319][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 450.799506][ T9728] syz.4.2054: attempt to access beyond end of device [ 450.799506][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 450.880330][ T3595] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 450.888470][T11528] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 450.898778][ T3570] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 450.918590][ T3570] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 450.966929][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 451.003444][ T3695] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 451.029615][T11528] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 451.037964][ T3695] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 451.052268][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 451.250489][ T3595] usb 1-1: config 0 has an invalid interface number: 106 but max is 0 [ 451.276564][ T3595] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 451.349176][ T3595] usb 1-1: config 0 has no interface number 0 [ 451.390653][ T3595] usb 1-1: config 0 interface 106 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 451.463551][ T3595] usb 1-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 451.626262][ T3595] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 451.751796][ T3595] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.831399][ T3595] usb 1-1: config 0 descriptor?? [ 451.933155][ T3595] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 451.959614][ T3289] usb 5-1: USB disconnect, device number 16 [ 452.042722][T11545] loop2: detected capacity change from 0 to 2048 [ 452.092269][T11545] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 452.109027][ T14] usb 1-1: USB disconnect, device number 19 [ 452.120446][ T3760] usb 1-1: Failed to submit usb control message: -71 [ 452.128235][ T3760] usb 1-1: unable to send the bmi data to the device: -71 [ 452.159149][T11535] loop1: detected capacity change from 0 to 4096 [ 452.172040][ T3760] usb 1-1: unable to get target info from device [ 452.200096][ T3760] usb 1-1: could not get target info (-71) [ 452.229566][ T3760] usb 1-1: could not probe fw (-71) [ 453.824508][T11582] loop3: detected capacity change from 0 to 4096 [ 453.916639][ T4652] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 454.221272][T11598] loop1: detected capacity change from 0 to 512 [ 454.249043][T11598] EXT4-fs error (device loop1): mb_free_blocks:1815: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 454.270289][ T14] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 454.278732][T11598] EXT4-fs (loop1): 1 truncate cleaned up [ 454.286765][T11598] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 454.331747][ T4652] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 454.549646][ T4652] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 454.561237][ T4652] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 454.574965][ T4652] usb 1-1: Product: syz [ 454.581512][ T4652] usb 1-1: Manufacturer: syz [ 454.591154][ T4652] usb 1-1: SerialNumber: syz [ 454.641229][ T4652] cdc_ether: probe of 1-1:1.0 failed with error -22 [ 454.884217][ T4652] usb 1-1: USB disconnect, device number 20 [ 455.235467][ T14] usb 4-1: config 0 has an invalid interface number: 106 but max is 0 [ 455.245933][ T14] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 455.256147][ T14] usb 4-1: config 0 has no interface number 0 [ 455.262390][ T14] usb 4-1: config 0 interface 106 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 455.273410][ T14] usb 4-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 455.291474][ T14] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 455.301819][ T14] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 455.317195][ T14] usb 4-1: config 0 descriptor?? [ 455.389246][ T14] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 455.414915][T11077] EXT4-fs (loop1): unmounting filesystem. [ 455.440942][ T9728] bio_check_eod: 742 callbacks suppressed [ 455.440958][ T9728] syz.4.2054: attempt to access beyond end of device [ 455.440958][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 455.462316][ T9728] syz.4.2054: attempt to access beyond end of device [ 455.462316][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 455.484387][ T9728] syz.4.2054: attempt to access beyond end of device [ 455.484387][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 455.499130][ T9728] syz.4.2054: attempt to access beyond end of device [ 455.499130][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 455.515979][ T9728] syz.4.2054: attempt to access beyond end of device [ 455.515979][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 455.594295][ T14] usb 4-1: USB disconnect, device number 14 [ 455.614577][ T9728] syz.4.2054: attempt to access beyond end of device [ 455.614577][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 455.616455][ T3694] usb 4-1: Failed to submit usb control message: -71 [ 455.646387][ T9728] syz.4.2054: attempt to access beyond end of device [ 455.646387][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 455.679181][ T3694] usb 4-1: unable to send the bmi data to the device: -71 [ 455.710451][ T3694] usb 4-1: unable to get target info from device [ 455.730323][ T3694] usb 4-1: could not get target info (-71) [ 455.730941][ T9728] syz.4.2054: attempt to access beyond end of device [ 455.730941][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 455.736189][ T3694] usb 4-1: could not probe fw (-71) [ 455.872946][ T9728] syz.4.2054: attempt to access beyond end of device [ 455.872946][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 455.893502][ T9728] syz.4.2054: attempt to access beyond end of device [ 455.893502][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 456.064215][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 456.213483][T11637] loop0: detected capacity change from 0 to 512 [ 456.292878][T11637] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 456.360741][T11637] EXT4-fs (loop0): 1 truncate cleaned up [ 456.366577][T11637] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 456.602079][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 457.500494][ T4656] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 457.569036][T11055] EXT4-fs (loop0): unmounting filesystem. [ 457.906952][ T4656] usb 3-1: config 0 has an invalid interface number: 106 but max is 0 [ 457.925529][ T4656] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 457.956776][ T4656] usb 3-1: config 0 has no interface number 0 [ 457.973449][ T4656] usb 3-1: config 0 interface 106 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 458.009335][ T4656] usb 3-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 458.137325][ T4656] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 458.228152][ T4656] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 458.363837][ T4656] usb 3-1: config 0 descriptor?? [ 458.556189][T11719] loop3: detected capacity change from 0 to 512 [ 458.597240][ T4656] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 458.646876][T11719] EXT4-fs error (device loop3): mb_free_blocks:1815: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 458.686751][ T4656] usb 3-1: USB disconnect, device number 16 [ 458.709292][ T7167] usb 3-1: Failed to submit usb control message: -71 [ 458.736110][T11719] EXT4-fs (loop3): 1 truncate cleaned up [ 458.745457][ T7167] usb 3-1: unable to send the bmi data to the device: -71 [ 458.757197][T11719] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 458.764606][ T7167] usb 3-1: unable to get target info from device [ 458.793585][ T7167] usb 3-1: could not get target info (-71) [ 458.813852][ T7167] usb 3-1: could not probe fw (-71) [ 458.965284][ T8131] EXT4-fs (loop3): unmounting filesystem. [ 459.921011][T11728] rtc_cmos 00:00: Alarms can be up to one day in the future [ 460.066867][T11744] loop3: detected capacity change from 0 to 512 [ 460.166283][T11744] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 460.310729][T11744] ext4 filesystem being mounted at /227/file1 supports timestamps until 2038 (0x7fffffff) [ 460.786624][ T3289] rtc_cmos 00:00: Alarms can be up to one day in the future [ 460.799358][ T3289] rtc_cmos 00:00: Alarms can be up to one day in the future [ 460.807107][ T3289] rtc_cmos 00:00: Alarms can be up to one day in the future [ 460.814726][ T3289] rtc_cmos 00:00: Alarms can be up to one day in the future [ 460.828223][ T9728] bio_check_eod: 354 callbacks suppressed [ 460.828241][ T9728] syz.4.2054: attempt to access beyond end of device [ 460.828241][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 460.868874][ T3289] rtc rtc0: __rtc_set_alarm: err=-22 [ 460.879895][ T9728] syz.4.2054: attempt to access beyond end of device [ 460.879895][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 460.927814][ T8131] EXT4-fs (loop3): unmounting filesystem. [ 460.957873][ T9728] syz.4.2054: attempt to access beyond end of device [ 460.957873][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 461.074990][ T9728] syz.4.2054: attempt to access beyond end of device [ 461.074990][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 461.115574][ T9728] syz.4.2054: attempt to access beyond end of device [ 461.115574][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 461.143074][ T9728] syz.4.2054: attempt to access beyond end of device [ 461.143074][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 461.831414][ T9728] syz.4.2054: attempt to access beyond end of device [ 461.831414][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 463.609158][ T9728] syz.4.2054: attempt to access beyond end of device [ 463.609158][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 463.764473][ T9728] syz.4.2054: attempt to access beyond end of device [ 463.764473][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 463.949578][ T3594] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 463.986086][ T9728] syz.4.2054: attempt to access beyond end of device [ 463.986086][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 464.098059][T11792] rtc_cmos 00:00: Alarms can be up to one day in the future [ 464.116048][ T4654] rtc_cmos 00:00: Alarms can be up to one day in the future [ 464.125941][ T4654] rtc_cmos 00:00: Alarms can be up to one day in the future [ 464.160596][ T4654] rtc_cmos 00:00: Alarms can be up to one day in the future [ 464.198558][ T4654] rtc_cmos 00:00: Alarms can be up to one day in the future [ 464.218545][ T4654] rtc rtc0: __rtc_set_alarm: err=-22 [ 464.270114][T11797] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2665'. [ 464.390592][ T3594] usb 2-1: config 0 has an invalid interface number: 106 but max is 0 [ 464.421313][ T3594] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 464.461767][ T3594] usb 2-1: config 0 has no interface number 0 [ 464.487525][ T3594] usb 2-1: config 0 interface 106 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 464.511806][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 464.536204][ T3594] usb 2-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 464.585378][ T3594] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 464.630273][ T3594] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 464.659077][ T3594] usb 2-1: config 0 descriptor?? [ 465.531508][ T3594] usb 2-1: can't set config #0, error -71 [ 465.672237][ T3594] usb 2-1: USB disconnect, device number 17 [ 465.713526][T11823] loop1: detected capacity change from 0 to 8 [ 465.752943][T11823] squashfs: Unknown parameter 'á' [ 465.869774][ T9728] bio_check_eod: 86 callbacks suppressed [ 465.869893][ T9728] syz.4.2054: attempt to access beyond end of device [ 465.869893][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 466.437719][ T9728] syz.4.2054: attempt to access beyond end of device [ 466.437719][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 466.478116][ T9728] syz.4.2054: attempt to access beyond end of device [ 466.478116][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 466.503081][T11823] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2675'. [ 466.634522][T11823] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2675'. [ 466.660650][T11823] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2675'. [ 466.671213][ T9728] syz.4.2054: attempt to access beyond end of device [ 466.671213][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 467.431614][ T9728] syz.4.2054: attempt to access beyond end of device [ 467.431614][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 467.476763][ T9728] syz.4.2054: attempt to access beyond end of device [ 467.476763][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 467.510505][ T9728] syz.4.2054: attempt to access beyond end of device [ 467.510505][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 467.526660][ T9728] syz.4.2054: attempt to access beyond end of device [ 467.526660][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 467.543524][ T9728] syz.4.2054: attempt to access beyond end of device [ 467.543524][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 467.561373][ T9728] syz.4.2054: attempt to access beyond end of device [ 467.561373][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 469.231175][T11862] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2689'. [ 469.677023][T11893] loop0: detected capacity change from 0 to 8 [ 469.683970][T11893] squashfs: Unknown parameter 'á' [ 469.740544][T11893] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2702'. [ 469.755295][T11893] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2702'. [ 469.776485][T11893] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2702'. [ 470.270089][T11907] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2705'. [ 470.550734][T11912] rtc_cmos 00:00: Alarms can be up to one day in the future [ 470.591089][T11901] loop0: detected capacity change from 0 to 40427 [ 470.616162][T11901] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 470.676650][T11901] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 470.718971][T11901] F2FS-fs (loop0): invalid crc value [ 470.786054][T11901] F2FS-fs (loop0): Found nat_bits in checkpoint [ 470.874434][ T9728] bio_check_eod: 353 callbacks suppressed [ 470.874452][ T9728] syz.4.2054: attempt to access beyond end of device [ 470.874452][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 470.989880][T11901] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 470.997897][ T9728] syz.4.2054: attempt to access beyond end of device [ 470.997897][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 471.016226][ T9728] syz.4.2054: attempt to access beyond end of device [ 471.016226][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 471.020849][T11901] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 471.051384][ T9728] syz.4.2054: attempt to access beyond end of device [ 471.051384][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 471.116065][ T9728] syz.4.2054: attempt to access beyond end of device [ 471.116065][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 471.203474][ T9728] syz.4.2054: attempt to access beyond end of device [ 471.203474][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 471.270438][ T4656] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 471.282840][T11908] rtc_cmos 00:00: Alarms can be up to one day in the future [ 471.291218][ T9728] syz.4.2054: attempt to access beyond end of device [ 471.291218][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 471.417601][ T9728] syz.4.2054: attempt to access beyond end of device [ 471.417601][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 471.495625][ T9728] syz.4.2054: attempt to access beyond end of device [ 471.495625][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 471.519909][ T9728] syz.4.2054: attempt to access beyond end of device [ 471.519909][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 471.527770][T11942] netlink: 2036 bytes leftover after parsing attributes in process `syz.3.2718'. [ 471.570249][T11942] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2718'. [ 471.634666][T11946] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2716'. [ 471.670566][ T4656] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 471.691302][ T4656] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 471.717166][ T4656] usb 2-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 471.728719][ T4656] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 471.743603][ T4656] usb 2-1: config 0 descriptor?? [ 471.763251][ T14] rtc_cmos 00:00: Alarms can be up to one day in the future [ 471.777609][ T14] rtc_cmos 00:00: Alarms can be up to one day in the future [ 471.803495][ T14] rtc_cmos 00:00: Alarms can be up to one day in the future [ 471.816939][ T14] rtc_cmos 00:00: Alarms can be up to one day in the future [ 471.829829][ T14] rtc rtc0: __rtc_set_alarm: err=-22 [ 472.110406][ T3590] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 472.232791][ T4656] hid-led 0003:1D34:000A.000C: unknown main item tag 0x0 [ 472.360483][ T3590] usb 1-1: Using ep0 maxpacket: 32 [ 472.443447][ T4656] hid-led: probe of 0003:1D34:000A.000C failed with error -71 [ 472.480590][ T3590] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 472.681338][ T3590] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 472.732720][ T3590] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 472.847892][ T3590] usb 1-1: Product: syz [ 472.903640][ T3590] usb 1-1: Manufacturer: syz [ 472.968209][ T3590] usb 1-1: SerialNumber: syz [ 473.091067][ T3590] usb 1-1: config 0 descriptor?? [ 473.163422][ T4656] usb 2-1: USB disconnect, device number 18 [ 473.210551][T11955] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 473.537281][T11973] loop1: detected capacity change from 0 to 512 [ 473.564780][T11974] rtc_cmos 00:00: Alarms can be up to one day in the future [ 473.572910][ T4656] usb 1-1: USB disconnect, device number 21 [ 473.621975][T11973] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 473.665651][T11973] EXT4-fs error (device loop1): mb_free_blocks:1815: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 473.684381][T11973] EXT4-fs (loop1): Remounting filesystem read-only [ 473.720710][T11973] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.2731: invalid indirect mapped block 1 (level 1) [ 473.798744][T11973] EXT4-fs (loop1): 1 truncate cleaned up [ 473.840536][T11973] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 474.006968][T11077] EXT4-fs (loop1): unmounting filesystem. [ 474.222791][T11963] loop3: detected capacity change from 0 to 32768 [ 474.243939][T11963] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.2726 (11963) [ 474.265694][T11963] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 474.288924][T11969] rtc_cmos 00:00: Alarms can be up to one day in the future [ 474.316841][T11963] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 474.344030][T11963] BTRFS info (device loop3): metadata ratio 2 [ 474.381107][T11963] BTRFS info (device loop3): force zlib compression, level 3 [ 474.411609][T11963] BTRFS info (device loop3): use zlib compression, level 3 [ 474.455571][T11963] BTRFS info (device loop3): enabling auto defrag [ 474.497656][T11963] BTRFS info (device loop3): max_inline at 0 [ 474.518747][T11963] BTRFS info (device loop3): using free space tree [ 474.762977][ T14] rtc_cmos 00:00: Alarms can be up to one day in the future [ 474.771121][ T14] rtc_cmos 00:00: Alarms can be up to one day in the future [ 474.778897][ T14] rtc_cmos 00:00: Alarms can be up to one day in the future [ 474.787027][ T14] rtc_cmos 00:00: Alarms can be up to one day in the future [ 475.099564][ T14] rtc rtc0: __rtc_set_alarm: err=-22 [ 475.601566][T11963] BTRFS info (device loop3): enabling ssd optimizations [ 475.855263][T12024] loop0: detected capacity change from 0 to 512 [ 475.871254][ T8131] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 475.883355][T12024] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 475.904380][ T9728] bio_check_eod: 683 callbacks suppressed [ 475.904397][ T9728] syz.4.2054: attempt to access beyond end of device [ 475.904397][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 475.960931][T12024] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 476.090702][T12024] EXT4-fs (loop0): Remounting filesystem read-only [ 476.090893][T12022] loop1: detected capacity change from 0 to 8192 [ 476.104505][ T9728] syz.4.2054: attempt to access beyond end of device [ 476.104505][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 476.119882][T12024] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.2742: invalid indirect mapped block 1 (level 1) [ 476.146399][T12022] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 476.151792][ T9728] syz.4.2054: attempt to access beyond end of device [ 476.151792][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 476.174700][T12024] EXT4-fs (loop0): 1 truncate cleaned up [ 476.180452][T12024] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 476.198691][ T9728] syz.4.2054: attempt to access beyond end of device [ 476.198691][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 476.264990][ T3560] Bluetooth: hci6: Malformed LE Event: 0x0d [ 476.315702][T11055] EXT4-fs (loop0): unmounting filesystem. [ 476.368633][ T9728] syz.4.2054: attempt to access beyond end of device [ 476.368633][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 476.411341][ T9728] syz.4.2054: attempt to access beyond end of device [ 476.411341][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 476.548282][ T9728] syz.4.2054: attempt to access beyond end of device [ 476.548282][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 476.630143][T12040] netlink: 2036 bytes leftover after parsing attributes in process `syz.0.2746'. [ 476.654241][T12040] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2746'. [ 476.667510][ T9728] syz.4.2054: attempt to access beyond end of device [ 476.667510][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 477.003523][ T9728] syz.4.2054: attempt to access beyond end of device [ 477.003523][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 477.595602][ T9728] syz.4.2054: attempt to access beyond end of device [ 477.595602][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 477.612681][T12052] XFS (nullb0): Invalid superblock magic number [ 477.697869][T12062] program syz.3.2753 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 477.740314][ T3560] Bluetooth: hci5: command 0x0406 tx timeout [ 478.077699][T12075] loop3: detected capacity change from 0 to 512 [ 478.102266][T12075] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 478.164251][T12075] EXT4-fs (loop3): 1 truncate cleaned up [ 478.194067][ T27] audit: type=1326 audit(1720686319.354:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12073 comm="syz.2.2758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2bd175bd9 code=0x7ffc0000 [ 478.210756][T12075] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 478.226031][ T27] audit: type=1326 audit(1720686319.354:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12073 comm="syz.2.2758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2bd175bd9 code=0x7ffc0000 [ 478.279044][ T27] audit: type=1326 audit(1720686319.364:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12073 comm="syz.2.2758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd2bd175bd9 code=0x7ffc0000 [ 479.315943][T12075] syz.3.2759 (pid 12075) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 479.508399][ T27] audit: type=1326 audit(1720686319.364:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12073 comm="syz.2.2758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2bd175bd9 code=0x7ffc0000 [ 479.509370][ T27] audit: type=1326 audit(1720686319.364:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12073 comm="syz.2.2758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2bd175bd9 code=0x7ffc0000 [ 479.510619][ T27] audit: type=1326 audit(1720686319.364:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12073 comm="syz.2.2758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fd2bd175bd9 code=0x7ffc0000 [ 479.511918][ T27] audit: type=1326 audit(1720686319.364:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12073 comm="syz.2.2758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd2bd175c13 code=0x7ffc0000 [ 479.512655][ T27] audit: type=1326 audit(1720686320.314:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12073 comm="syz.2.2758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fd2bd17475f code=0x7ffc0000 [ 479.554761][T12096] fscrypt: key with description 'fscrypt:e8dab99234bb312e' has invalid payload [ 479.594768][T12095] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 479.662557][ T8131] EXT4-fs (loop3): unmounting filesystem. [ 479.675749][ T27] audit: type=1326 audit(1720686320.764:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12073 comm="syz.2.2758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fd2bd175c67 code=0x7ffc0000 [ 479.775241][T12099] loop1: detected capacity change from 0 to 256 [ 479.799694][T12083] loop2: detected capacity change from 0 to 8192 [ 479.900318][ T27] audit: type=1326 audit(1720686320.944:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12073 comm="syz.2.2758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd2bd174610 code=0x7ffc0000 [ 479.971920][T12110] program syz.3.2765 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 479.997478][T12083] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. [ 479.997504][T12083] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 479.997582][T12083] loop2: p2 p3 p4 [ 479.997604][T12083] loop2: partition table partially beyond EOD, truncated [ 479.997682][T12083] loop2: p2 start 452985600 is beyond EOD, truncated [ 479.997703][T12083] loop2: p3 size 33554432 extends beyond EOD, truncated [ 480.003241][T12083] loop2: p4 start 8388607 is beyond EOD, truncated [ 480.287276][T12118] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 480.321196][T12118] batman_adv: batadv0: Adding interface: ip6gretap1 [ 480.327865][T12118] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active [ 480.434456][T12124] input: syz1 as /devices/virtual/input/input30 [ 480.549490][T12128] loop1: detected capacity change from 0 to 512 [ 480.574475][T12128] EXT4-fs: Ignoring removed nobh option [ 480.607819][T12128] fscrypt (loop1, inode 2): Error -61 getting encryption context [ 480.655703][T12128] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -61 [ 480.737232][T12128] EXT4-fs error (device loop1): ext4_orphan_get:1396: inode #13: comm syz.1.2775: casefold flag without casefold feature [ 480.818335][T12128] EXT4-fs error (device loop1): ext4_orphan_get:1396: inode #13: comm syz.1.2775: unexpected EA_INODE flag [ 480.841192][T12128] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz.1.2775: couldn't read orphan inode 13 (err -117) [ 480.877768][T12128] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 480.906860][T12128] fscrypt (loop1, inode 2): Error -61 getting encryption context [ 480.922269][T12126] loop3: detected capacity change from 0 to 32768 [ 480.931215][ T9728] bio_check_eod: 150 callbacks suppressed [ 480.931230][ T9728] syz.4.2054: attempt to access beyond end of device [ 480.931230][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 480.962719][T12126] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.2774 (12126) [ 480.976659][T11077] EXT4-fs (loop1): unmounting filesystem. [ 481.015612][T12126] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 481.027955][ T9728] syz.4.2054: attempt to access beyond end of device [ 481.027955][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 481.055606][T12126] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 481.083273][ T9728] syz.4.2054: attempt to access beyond end of device [ 481.083273][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 481.085223][T12126] BTRFS info (device loop3): metadata ratio 2 [ 481.150691][T12126] BTRFS info (device loop3): force zlib compression, level 3 [ 481.167607][ T9728] syz.4.2054: attempt to access beyond end of device [ 481.167607][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 481.173177][T12126] BTRFS info (device loop3): use zlib compression, level 3 [ 481.192685][T12143] loop1: detected capacity change from 0 to 4096 [ 481.204657][T12126] BTRFS info (device loop3): enabling auto defrag [ 481.223628][T12126] BTRFS info (device loop3): max_inline at 0 [ 481.229787][ T9728] syz.4.2054: attempt to access beyond end of device [ 481.229787][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 481.252991][T12126] BTRFS info (device loop3): using free space tree [ 481.311730][ T9728] syz.4.2054: attempt to access beyond end of device [ 481.311730][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 481.328029][ T9728] syz.4.2054: attempt to access beyond end of device [ 481.328029][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 481.346293][ T9728] syz.4.2054: attempt to access beyond end of device [ 481.346293][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 481.369443][ T9728] syz.4.2054: attempt to access beyond end of device [ 481.369443][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 481.385147][ T9728] syz.4.2054: attempt to access beyond end of device [ 481.385147][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 481.481942][T12120] loop0: detected capacity change from 0 to 40427 [ 481.512257][T12165] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 481.520333][T12126] BTRFS info (device loop3): enabling ssd optimizations [ 481.523442][T12165] batman_adv: batadv0: Adding interface: ip6gretap1 [ 481.536324][T12120] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 481.536772][T12165] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active [ 481.562922][T12120] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 481.652279][T12120] F2FS-fs (loop0): invalid crc value [ 482.102116][T12120] F2FS-fs (loop0): Found nat_bits in checkpoint [ 482.335142][T12120] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 482.348483][ T8131] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 482.371891][T12120] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 482.414030][T12175] loop2: detected capacity change from 0 to 4096 [ 482.429872][T12175] ntfs3: loop2: Different NTFS' sector size (2048) and media sector size (512) [ 482.760879][T12187] loop2: detected capacity change from 0 to 512 [ 482.767781][T12187] EXT4-fs: Ignoring removed nobh option [ 482.835119][T12187] fscrypt (loop2, inode 2): Error -61 getting encryption context [ 482.858097][T12187] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -61 [ 482.894244][T12187] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #13: comm syz.2.2793: casefold flag without casefold feature [ 483.298166][T12198] vim2m vim2m.0: Fourcc format (0x31384142) invalid. [ 483.671690][T12187] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #13: comm syz.2.2793: unexpected EA_INODE flag [ 483.717208][T12187] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.2793: couldn't read orphan inode 13 (err -117) [ 483.751304][T12187] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 483.816406][T12187] fscrypt (loop2, inode 2): Error -61 getting encryption context [ 483.889056][T11193] EXT4-fs (loop2): unmounting filesystem. [ 484.849711][T12221] netlink: 'syz.1.2804': attribute type 7 has an invalid length. [ 484.867990][T12221] netlink: 'syz.1.2804': attribute type 8 has an invalid length. [ 484.964124][T12225] loop0: detected capacity change from 0 to 1024 [ 484.998933][T12227] vim2m vim2m.0: Fourcc format (0x31384142) invalid. [ 485.020037][T12225] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 486.006230][ T9728] bio_check_eod: 389 callbacks suppressed [ 486.006251][ T9728] syz.4.2054: attempt to access beyond end of device [ 486.006251][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 486.062947][ T9728] syz.4.2054: attempt to access beyond end of device [ 486.062947][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 486.090570][T12245] loop2: detected capacity change from 0 to 2048 [ 486.151163][ T9728] syz.4.2054: attempt to access beyond end of device [ 486.151163][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 486.165718][T12245] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 486.191154][T12245] ext4 filesystem being mounted at /58/bus supports timestamps until 2038 (0x7fffffff) [ 486.228119][ T9728] syz.4.2054: attempt to access beyond end of device [ 486.228119][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 486.301742][ T9728] syz.4.2054: attempt to access beyond end of device [ 486.301742][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 486.418056][ T9728] syz.4.2054: attempt to access beyond end of device [ 486.418056][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 486.483936][T12258] loop1: detected capacity change from 0 to 512 [ 486.491060][ T9728] syz.4.2054: attempt to access beyond end of device [ 486.491060][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 486.497231][T12215] loop3: detected capacity change from 0 to 40427 [ 486.511871][T12258] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 486.776978][T12215] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 487.012065][ T9728] syz.4.2054: attempt to access beyond end of device [ 487.012065][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 487.027116][T12258] EXT4-fs (loop1): 1 truncate cleaned up [ 487.033404][T12215] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 487.044068][T12258] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 487.062100][T12215] F2FS-fs (loop3): invalid crc value [ 487.099552][T12215] F2FS-fs (loop3): Found nat_bits in checkpoint [ 487.131734][T12258] fscrypt: key with description 'fscrypt:e8dab99234bb312e' has invalid payload [ 487.169042][T11193] EXT4-fs (loop2): unmounting filesystem. [ 487.177339][ T9728] syz.4.2054: attempt to access beyond end of device [ 487.177339][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 487.221935][ T9728] syz.4.2054: attempt to access beyond end of device [ 487.221935][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 487.243410][T12215] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 487.253583][T11077] EXT4-fs (loop1): unmounting filesystem. [ 487.259480][T12215] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 487.297607][T12272] netlink: 'syz.2.2817': attribute type 7 has an invalid length. [ 487.333351][T12272] netlink: 'syz.2.2817': attribute type 8 has an invalid length. [ 487.482584][T12281] loop0: detected capacity change from 0 to 256 [ 487.489587][ T27] kauditd_printk_skb: 29 callbacks suppressed [ 487.489602][ T27] audit: type=1326 audit(1720686328.644:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12243 comm="syz.4.2813" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6724175bd9 code=0x0 [ 487.668134][T12287] loop2: detected capacity change from 0 to 1024 [ 487.909295][ T3760] hfsplus: b-tree write err: -5, ino 3 [ 487.952015][T11193] hfsplus: node 4:3 still has 1 user(s)! [ 488.038942][T12299] loop2: detected capacity change from 0 to 512 [ 488.048436][T12299] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 488.129139][T12299] EXT4-fs (loop2): 1 truncate cleaned up [ 488.158753][T12299] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 488.236500][ T3695] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 488.251049][T12305] fscrypt: key with description 'fscrypt:e8dab99234bb312e' has invalid payload [ 488.362671][T11193] EXT4-fs (loop2): unmounting filesystem. [ 488.478572][ T3695] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 488.639548][ T3695] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 488.783243][ T3695] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 488.919900][ T3560] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 488.941696][ T3560] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 489.095772][ T3560] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 489.269990][ T3560] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 489.283443][ T3560] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 489.292224][ T3560] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 489.784387][T12337] loop3: detected capacity change from 0 to 256 [ 490.287435][T12324] chnl_net:caif_netlink_parms(): no params data found [ 490.319613][T12356] loop1: detected capacity change from 0 to 2048 [ 490.330330][ T7685] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 490.356940][T12356] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 490.542215][T12362] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #2: block 16: comm syz.1.2853: lblock 0 mapped to illegal pblock 16 (length 1) [ 490.617487][T12324] bridge0: port 1(bridge_slave_0) entered blocking state [ 490.651724][T12324] bridge0: port 1(bridge_slave_0) entered disabled state [ 490.700842][T12324] device bridge_slave_0 entered promiscuous mode [ 490.746809][T12324] bridge0: port 2(bridge_slave_1) entered blocking state [ 490.762025][T12324] bridge0: port 2(bridge_slave_1) entered disabled state [ 490.782482][T12324] device bridge_slave_1 entered promiscuous mode [ 490.821397][T11077] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #2: block 16: comm syz-executor: lblock 0 mapped to illegal pblock 16 (length 1) [ 490.879967][T11077] EXT4-fs error (device loop1): __ext4_get_inode_loc:4495: comm syz-executor: Invalid inode table block 0 in block_group 0 [ 490.909095][T12324] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 490.910430][ T7685] usb 5-1: New USB device found, idVendor=0c45, idProduct=6240, bcdDevice=9f.28 [ 490.932030][T11077] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5868: Corrupt filesystem [ 490.958567][ T7685] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 490.972937][T11077] EXT4-fs error (device loop1): ext4_dirty_inode:6072: inode #2: comm syz-executor: mark_inode_dirty error [ 490.988984][ T7685] usb 5-1: Product: syz [ 491.000492][ T7685] usb 5-1: Manufacturer: syz [ 491.005114][ T7685] usb 5-1: SerialNumber: syz [ 491.013115][ T9728] bio_check_eod: 596 callbacks suppressed [ 491.013129][ T9728] syz.4.2054: attempt to access beyond end of device [ 491.013129][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 491.034716][ T7685] usb 5-1: config 0 descriptor?? [ 491.058322][T12324] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 491.073176][ T3549] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 491.084634][ T3549] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 491.085544][ T3742] EXT4-fs error (device loop1): __ext4_get_inode_loc:4495: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 491.102937][ T9728] syz.4.2054: attempt to access beyond end of device [ 491.102937][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 491.106370][ T7685] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:6240 [ 491.119226][ T9728] syz.4.2054: attempt to access beyond end of device [ 491.119226][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 491.140714][ T3549] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 491.148896][ T3549] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 491.157062][ T3549] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 491.164412][ T3549] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 491.173978][ T9728] syz.4.2054: attempt to access beyond end of device [ 491.173978][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 491.175267][T12371] loop2: detected capacity change from 0 to 256 [ 491.200886][ T9728] syz.4.2054: attempt to access beyond end of device [ 491.200886][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 491.223134][T11077] EXT4-fs (loop1): unmounting filesystem. [ 491.266941][T12324] team0: Port device team_slave_0 added [ 491.278264][T12324] team0: Port device team_slave_1 added [ 491.299675][ T9728] syz.4.2054: attempt to access beyond end of device [ 491.299675][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 491.338262][ T9728] syz.4.2054: attempt to access beyond end of device [ 491.338262][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 491.352548][ T3549] Bluetooth: hci1: command tx timeout [ 491.373327][ T9728] syz.4.2054: attempt to access beyond end of device [ 491.373327][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 491.398388][ T7685] gspca_sn9c20x: Write register 1000 failed -71 [ 491.409066][ T9728] syz.4.2054: attempt to access beyond end of device [ 491.409066][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 491.410592][ T7685] gspca_sn9c20x: Device initialization failed [ 491.426258][ T9728] syz.4.2054: attempt to access beyond end of device [ 491.426258][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 491.434921][ T7685] gspca_sn9c20x: probe of 5-1:0.0 failed with error -71 [ 491.459484][ T7685] usb 5-1: USB disconnect, device number 17 [ 491.564918][T12324] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 491.583384][T12324] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 491.618874][T12324] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 491.756964][T12324] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 491.764452][T12324] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 491.820208][T12324] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 492.091155][T12324] device hsr_slave_0 entered promiscuous mode [ 492.110595][T12324] device hsr_slave_1 entered promiscuous mode [ 492.117232][T12324] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 492.132127][T12324] Cannot create hsr debugfs directory [ 492.189976][ T3695] device hsr_slave_0 left promiscuous mode [ 492.197253][ T3695] device hsr_slave_1 left promiscuous mode [ 492.210915][ T3695] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 492.218340][ T3695] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 492.251022][ T3695] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 492.258468][ T3695] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 492.298006][ T3695] device bridge_slave_1 left promiscuous mode [ 492.318052][ T3695] bridge0: port 2(bridge_slave_1) entered disabled state [ 492.361009][ T3560] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 492.371647][ T3695] device bridge_slave_0 left promiscuous mode [ 492.380651][ T3560] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 492.389288][ T3560] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 492.402291][ T3560] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 492.409641][ T3695] bridge0: port 1(bridge_slave_0) entered disabled state [ 492.418595][ T3560] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 492.425994][ T3560] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 492.479534][T12381] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 492.490616][T12381] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 492.502189][ T3695] device veth1_macvtap left promiscuous mode [ 492.508238][ T3695] device veth0_macvtap left promiscuous mode [ 492.508920][T12381] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 492.525201][ T3695] device veth1_vlan left promiscuous mode [ 492.532092][T12381] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 492.537896][ T3695] device veth0_vlan left promiscuous mode [ 492.546480][T12381] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 492.555601][T12381] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 493.260434][ T3560] Bluetooth: hci3: command tx timeout [ 493.379106][ T3695] team0 (unregistering): Port device team_slave_1 removed [ 493.428324][ T3560] Bluetooth: hci1: command tx timeout [ 493.508927][ T3695] team0 (unregistering): Port device team_slave_0 removed [ 493.533049][T12388] Process accounting resumed [ 493.599446][ T3695] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 493.710528][ T3695] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 494.062318][ T4656] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 494.325779][ T3695] bond0 (unregistering): Released all slaves [ 494.460462][T12381] Bluetooth: hci0: command tx timeout [ 494.490575][ T4656] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 494.502090][ T4656] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 494.512018][ T4656] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 494.534614][ T4656] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 494.565304][ T4656] usb 5-1: config 0 descriptor?? [ 494.620383][T12381] Bluetooth: hci4: command tx timeout [ 494.676603][T12366] chnl_net:caif_netlink_parms(): no params data found [ 495.100381][T12366] bridge0: port 1(bridge_slave_0) entered blocking state [ 495.127857][T12366] bridge0: port 1(bridge_slave_0) entered disabled state [ 495.148998][T12366] device bridge_slave_0 entered promiscuous mode [ 495.178979][T12366] bridge0: port 2(bridge_slave_1) entered blocking state [ 495.200314][T12366] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.218832][T12366] device bridge_slave_1 entered promiscuous mode [ 495.340303][T12381] Bluetooth: hci3: command tx timeout [ 495.342168][T12380] chnl_net:caif_netlink_parms(): no params data found [ 495.384362][T12376] chnl_net:caif_netlink_parms(): no params data found [ 495.431626][T12366] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 495.502005][ T3560] Bluetooth: hci1: command tx timeout [ 495.548775][T12366] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 495.759185][T12366] team0: Port device team_slave_0 added [ 495.819168][T12366] team0: Port device team_slave_1 added [ 495.951942][T12380] bridge0: port 1(bridge_slave_0) entered blocking state [ 495.989663][T12380] bridge0: port 1(bridge_slave_0) entered disabled state [ 496.016103][T12380] device bridge_slave_0 entered promiscuous mode [ 496.031103][ T9728] bio_check_eod: 1575 callbacks suppressed [ 496.031121][ T9728] syz.4.2054: attempt to access beyond end of device [ 496.031121][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 496.067646][ T9728] syz.4.2054: attempt to access beyond end of device [ 496.067646][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 496.084995][ T9728] syz.4.2054: attempt to access beyond end of device [ 496.084995][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 496.087414][T12366] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 496.101978][ T9728] syz.4.2054: attempt to access beyond end of device [ 496.101978][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 496.119781][T12366] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 496.168582][ T9728] syz.4.2054: attempt to access beyond end of device [ 496.168582][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 496.180188][T12366] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 496.209693][ T9728] syz.4.2054: attempt to access beyond end of device [ 496.209693][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 496.221532][T12376] bridge0: port 1(bridge_slave_0) entered blocking state [ 496.229139][ T9728] syz.4.2054: attempt to access beyond end of device [ 496.229139][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 496.240739][T12376] bridge0: port 1(bridge_slave_0) entered disabled state [ 496.272072][T12376] device bridge_slave_0 entered promiscuous mode [ 496.284140][T12380] bridge0: port 2(bridge_slave_1) entered blocking state [ 496.309233][T12380] bridge0: port 2(bridge_slave_1) entered disabled state [ 496.320996][ T9728] syz.4.2054: attempt to access beyond end of device [ 496.320996][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 496.336717][T12380] device bridge_slave_1 entered promiscuous mode [ 496.353047][ T9728] syz.4.2054: attempt to access beyond end of device [ 496.353047][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 496.386540][ T9728] syz.4.2054: attempt to access beyond end of device [ 496.386540][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 496.400931][T12366] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 496.410147][T12366] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 496.483678][T12366] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 496.532216][T12376] bridge0: port 2(bridge_slave_1) entered blocking state [ 496.539332][T12376] bridge0: port 2(bridge_slave_1) entered disabled state [ 496.546498][ T3560] Bluetooth: hci0: command tx timeout [ 496.554386][T12376] device bridge_slave_1 entered promiscuous mode [ 496.700330][ T3560] Bluetooth: hci4: command tx timeout [ 496.741448][T12376] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 496.781943][T12380] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 496.838387][T12376] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 496.871059][T12380] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 496.898245][T12366] device hsr_slave_0 entered promiscuous mode [ 496.927066][T12366] device hsr_slave_1 entered promiscuous mode [ 496.951655][T12366] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 496.959326][T12366] Cannot create hsr debugfs directory [ 497.093164][T12380] team0: Port device team_slave_0 added [ 497.123715][T12324] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 497.155247][T12380] team0: Port device team_slave_1 added [ 497.161133][ T4656] uclogic 0003:256C:006D.000D: failed retrieving Huion firmware version: -71 [ 497.170035][ T4656] uclogic 0003:256C:006D.000D: failed probing parameters: -71 [ 497.193970][T12376] team0: Port device team_slave_0 added [ 497.210225][ T4656] uclogic: probe of 0003:256C:006D.000D failed with error -71 [ 497.219883][T12324] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 497.230683][ T4656] usb 5-1: USB disconnect, device number 18 [ 497.297625][T12376] team0: Port device team_slave_1 added [ 497.322876][T12324] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 497.413052][T12376] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 497.420413][ T3560] Bluetooth: hci3: command tx timeout [ 497.430321][T12376] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 497.456687][T12376] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 497.469168][T12376] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 497.476266][T12376] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 497.504770][T12376] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 497.531058][T12324] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 497.566059][T12380] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 497.580304][T12380] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 497.580469][ T3560] Bluetooth: hci1: command tx timeout [ 497.626661][T12380] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 497.699100][T12380] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 497.719923][T12380] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 497.772513][T12380] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 497.847618][T12376] device hsr_slave_0 entered promiscuous mode [ 497.869029][T12376] device hsr_slave_1 entered promiscuous mode [ 497.876030][T12376] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 497.893811][T12376] Cannot create hsr debugfs directory [ 498.049844][T12380] device hsr_slave_0 entered promiscuous mode [ 498.071696][T12380] device hsr_slave_1 entered promiscuous mode [ 498.079115][T12380] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 498.100234][T12380] Cannot create hsr debugfs directory [ 498.303980][T12366] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 498.405081][ T3695] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 498.476143][T12366] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 498.602238][ T3695] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 498.621813][T12381] Bluetooth: hci0: command tx timeout [ 498.646195][T12366] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 498.759548][ T3695] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 498.780331][T12381] Bluetooth: hci4: command tx timeout [ 498.815472][T12366] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 498.834045][T12422] Process accounting resumed [ 498.874957][T12324] 8021q: adding VLAN 0 to HW filter on device bond0 [ 498.909273][ T3695] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 498.981163][T12324] 8021q: adding VLAN 0 to HW filter on device team0 [ 498.988916][ T7685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 499.011135][ T7685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 499.077754][ T7684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 499.087033][ T7684] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 499.096561][ T7684] bridge0: port 1(bridge_slave_0) entered blocking state [ 499.103658][ T7684] bridge0: port 1(bridge_slave_0) entered forwarding state [ 499.120497][ T7684] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 499.131360][ T7684] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 499.150606][ T7684] bridge0: port 2(bridge_slave_1) entered blocking state [ 499.157732][ T7684] bridge0: port 2(bridge_slave_1) entered forwarding state [ 499.165685][ T7685] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 499.217099][ T9210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 499.247114][ T9210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 499.265144][ T9210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 499.312460][ T9210] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 499.331215][ T9210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 499.340653][ T28] INFO: task syz.4.2054:9769 blocked for more than 143 seconds. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 499.360387][ T28] Not tainted 6.1.97-syzkaller #0 [ 499.380414][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 499.394858][ T9210] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 499.412670][ T28] task:syz.4.2054 state:D stack:24272 pid:9769 ppid:7310 flags:0x00004004 [ 499.456118][ T28] Call Trace: [ 499.459430][ T28] [ 499.495593][ T28] __schedule+0x142d/0x4550 [ 499.500292][T12381] Bluetooth: hci3: command tx timeout [ 499.507263][ T28] ? __sched_text_start+0x8/0x8 [ 499.519389][ T28] ? print_irqtrace_events+0x210/0x210 [ 499.525095][ T28] ? _raw_spin_lock_irq+0xdb/0x110 [ 499.535328][ T28] ? do_raw_spin_unlock+0x137/0x8a0 [ 499.545217][ T28] schedule+0xbf/0x180 [ 499.549431][ T9210] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 499.562758][ T9210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 499.576728][ T28] rwsem_down_write_slowpath+0xea1/0x14b0 [ 499.577390][ T9210] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 499.596291][ T9210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 499.608292][ T9210] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 499.623689][ T28] ? rwsem_down_write_slowpath+0x9e3/0x14b0 [ 499.629607][ T28] ? down_write_killable_nested+0x90/0x90 [ 499.645968][T12324] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 499.730394][ T28] ? read_lock_is_recursive+0x10/0x10 [ 499.735834][ T28] ? rwsem_write_trylock+0x166/0x210 [ 499.743871][ T28] ? clear_nonspinnable+0x60/0x60 [ 499.748953][ T28] f2fs_balance_fs+0x4fb/0x6c0 [ 499.753782][ T28] ? f2fs_commit_atomic_write+0x14f0/0x14f0 [ 499.759695][ T28] ? __up_read+0x2b9/0x690 [ 499.770126][ T28] ? folio_unlock+0x122/0x2f0 [ 499.775015][ T28] f2fs_map_blocks+0x2871/0x3ab0 [ 499.780005][ T28] ? f2fs_do_map_lock+0x70/0x70 [ 499.784943][ T28] expand_inode_data+0x56d/0xaf0 [ 499.789921][ T28] ? f2fs_insert_range+0x3c0/0x3c0 [ 499.806038][ T28] ? file_modified_flags+0x3e1/0x480 [ 499.817618][ T28] ? rcu_read_lock_any_held+0xb3/0x160 [ 499.833152][ T28] f2fs_fallocate+0x44a/0x9f0 [ 499.837970][ T28] vfs_fallocate+0x547/0x6b0 [ 499.849640][ T28] do_vfs_ioctl+0x222c/0x2a90 [ 499.854504][ T28] ? __x64_compat_sys_ioctl+0x80/0x80 [ 499.862213][ T28] ? __lock_acquire+0x1f80/0x1f80 [ 499.867391][ T28] ? lockdep_hardirqs_on+0x94/0x130 [ 499.873445][ T28] ? __kmem_cache_free+0x25c/0x3c0 [ 499.878665][ T28] ? tomoyo_path_number_perm+0x68a/0x7f0 [ 499.884357][ T28] ? tomoyo_path_number_perm+0x1f2/0x7f0 [ 499.890092][ T28] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 499.895621][ T28] ? __fget_files+0x28/0x4a0 [ 499.900908][ T28] ? __fget_files+0x28/0x4a0 [ 499.905863][ T28] ? __fget_files+0x435/0x4a0 [ 499.912634][ T28] ? __fget_files+0x28/0x4a0 [ 499.917387][ T28] ? bpf_lsm_file_ioctl+0x5/0x10 [ 499.922744][ T28] ? security_file_ioctl+0x7d/0xa0 [ 499.927874][ T28] __se_sys_ioctl+0x81/0x160 [ 499.932648][ T28] do_syscall_64+0x3b/0xb0 [ 499.937080][ T28] ? clear_bhb_loop+0x45/0xa0 [ 499.941865][ T28] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 499.948054][ T28] RIP: 0033:0x7f7580975bd9 [ 499.953021][ T28] RSP: 002b:00007f75816d1048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 499.961564][ T28] RAX: ffffffffffffffda RBX: 00007f7580b04038 RCX: 00007f7580975bd9 [ 499.969544][ T28] RDX: 00000000200000c0 RSI: 0000000040305828 RDI: 0000000000000004 [ 499.977576][ T28] RBP: 00007f75809e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 499.986203][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 499.994331][ T28] R13: 000000000000006e R14: 00007f7580b04038 R15: 00007ffffbec1428 [ 500.002409][ T28] [ 500.005494][ T28] [ 500.005494][ T28] Showing all locks held in the system: [ 500.013627][ T28] 4 locks held by kworker/u4:1/11: [ 500.018755][ T28] #0: ffff888014e6d138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 500.040697][ T28] #1: ffffc90000107d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 500.063470][ T28] #2: ffff88806625a0e0 (&type->s_umount_key#57){++++}-{3:3}, at: trylock_super+0x1b/0xf0 [ 500.074599][ T28] #3: ffff8880207b5140 (&sbi->gc_lock){+.+.}-{3:3}, at: f2fs_balance_fs+0x4fb/0x6c0 [ 500.094476][ T28] 1 lock held by rcu_tasks_kthre/12: [ 500.099789][ T28] #0: ffffffff8d12aed0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xe30 [ 500.120370][ T28] 1 lock held by rcu_tasks_trace/13: [ 500.125679][ T28] #0: ffffffff8d12b6d0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xe30 [ 500.151211][ T28] 1 lock held by khungtaskd/28: [ 500.156601][ T28] #0: ffffffff8d12ad00 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290 [ 500.176700][ T28] 2 locks held by getty/3302: [ 500.184436][ T28] #0: ffff8880281d6098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 500.201871][ T28] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a7/0x1db0 [ 500.219663][ T28] 3 locks held by kworker/0:4/3588: [ 500.227075][ T28] #0: ffff88814bb1a138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 500.245643][ T28] #1: ffffc9000443fd20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 500.262803][ T28] #2: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xcc/0x16b0 [ 500.280820][ T28] 2 locks held by kworker/0:6/3590: [ 500.286037][ T28] #0: ffff888012470938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 500.305474][ T28] #1: ffffc9000476fd20 ((work_completion)(&pwq->unbound_release_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 500.322718][ T28] 3 locks held by kworker/u4:8/3695: [ 500.328028][ T28] #0: ffff888012616938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 500.344816][ T28] #1: ffffc90004a77d20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 500.359691][ T28] #2: ffffffff8e28d810 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf1/0xb60 [ 500.374713][ T28] 2 locks held by kworker/1:13/4652: [ 500.380011][ T28] #0: ffff888012472138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 500.400317][ T28] #1: ffffc9000314fd20 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 500.421571][ T28] 3 locks held by kworker/0:11/7684: [ 500.426876][ T28] #0: ffff888012470938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 500.444882][ T28] #1: ffffc9000397fd20 ((work_completion)(&pwq->unbound_release_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 500.462429][ T28] #2: ffffffff8d1302f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x360/0x930 [ 500.492730][ T28] 2 locks held by kworker/0:12/7685: [ 500.498068][ T28] #0: ffff888012470938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 500.519056][ T28] #1: ffffc900038ffd20 ((work_completion)(&pwq->unbound_release_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 500.540375][ T28] 2 locks held by kworker/0:13/8644: [ 500.545736][ T28] #0: ffff888012470938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 500.557287][ T28] #1: ffffc9000440fd20 ((work_completion)(&pwq->unbound_release_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 500.573393][ T28] 3 locks held by kworker/1:19/9210: [ 500.578726][ T28] #0: ffff88814bb1a138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 500.589777][ T28] #1: ffffc900047ffd20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 500.612146][ T28] #2: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xcc/0x16b0 [ 500.632310][ T28] 4 locks held by syz.4.2054/9728: [ 500.639548][ T28] 4 locks held by syz.4.2054/9769: [ 500.651342][ T28] #0: ffff88806625a460 (sb_writers#16){.+.+}-{0:0}, at: vfs_fallocate+0x4ba/0x6b0 [ 500.671511][ T28] #1: ffff888073b28a30 (&sb->s_type->i_mutex_key#24){+.+.}-{3:3}, at: f2fs_fallocate+0x22a/0x9f0 [ 500.689730][ T28] #2: ffff8880207b5288 (&sbi->pin_sem){+.+.}-{3:3}, at: expand_inode_data+0x50e/0xaf0 [ 500.702278][ T28] #3: ffff8880207b5140 (&sbi->gc_lock){+.+.}-{3:3}, at: f2fs_balance_fs+0x4fb/0x6c0 [ 500.720217][T12381] Bluetooth: hci0: command tx timeout [ 500.725702][ T28] 7 locks held by syz-executor/12376: [ 500.731258][ T28] #0: ffff88807e984460 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x269/0xba0 [ 500.740512][ T28] #1: ffff88801e2d0088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1e7/0x4f0 [ 500.750371][ T28] #2: ffff888021be2bd0 (kn->active#50){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20b/0x4f0 [ 500.760569][ T28] #3: ffffffff8dc0cf08 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xf8/0x480 [ 500.771690][ T28] #4: ffff888066bab0e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xb6/0x880 [ 500.782541][ T28] #5: ffff888066bac2f8 (&devlink->lock_key#21){+.+.}-{3:3}, at: nsim_drv_remove+0x54/0x160 [ 500.794531][ T28] #6: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x3a/0x140 [ 500.813421][ T28] 4 locks held by syz-executor/12380: [ 500.818814][ T28] #0: ffff88807e984460 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x269/0xba0 [ 500.837765][ T28] #1: ffff888060ed3c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1e7/0x4f0 [ 500.848796][ T28] #2: ffff888021be2bd0 (kn->active#50){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20b/0x4f0 [ 500.860368][ T3560] Bluetooth: hci4: command tx timeout [ 500.875613][ T28] #3: ffffffff8dc0cf08 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xf8/0x480 [ 500.895885][ T28] 1 lock held by syz.4.2877/12423: [ 500.901173][ T28] #0: ffffffff8d1302f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x360/0x930 [ 500.912380][ T28] [ 500.950906][ T28] ============================================= [ 500.950906][ T28] [ 500.959358][ T28] NMI backtrace for cpu 1 [ 500.963692][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.1.97-syzkaller #0 [ 500.971581][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 500.981626][ T28] Call Trace: [ 500.984894][ T28] [ 500.987810][ T28] dump_stack_lvl+0x1e3/0x2cb [ 500.992494][ T28] ? nf_tcp_handle_invalid+0x642/0x642 [ 500.997945][ T28] ? panic+0x764/0x764 [ 501.002021][ T28] ? vprintk_emit+0x622/0x740 [ 501.006693][ T28] ? printk_sprint+0x490/0x490 [ 501.011445][ T28] ? nmi_cpu_backtrace+0x252/0x560 [ 501.016548][ T28] nmi_cpu_backtrace+0x4e1/0x560 [ 501.021484][ T28] ? nmi_trigger_cpumask_backtrace+0x3f0/0x3f0 [ 501.027625][ T28] ? _printk+0xd1/0x111 [ 501.031767][ T28] ? panic+0x764/0x764 [ 501.035823][ T28] ? __wake_up_klogd+0xcc/0x100 [ 501.040668][ T28] ? panic+0x764/0x764 [ 501.044722][ T28] ? nmi_trigger_cpumask_backtrace+0xe2/0x3f0 [ 501.050784][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 501.056846][ T28] nmi_trigger_cpumask_backtrace+0x1b0/0x3f0 [ 501.062819][ T28] watchdog+0xf88/0xfd0 [ 501.066971][ T28] ? watchdog+0x1f8/0xfd0 [ 501.071297][ T28] kthread+0x28d/0x320 [ 501.075350][ T28] ? hungtask_pm_notify+0x50/0x50 [ 501.080370][ T28] ? kthread_blkcg+0xd0/0xd0 [ 501.084945][ T28] ret_from_fork+0x1f/0x30 [ 501.089359][ T28] [ 501.092977][ T28] Sending NMI from CPU 1 to CPUs 0: [ 501.098321][ C0] NMI backtrace for cpu 0 [ 501.098332][ C0] CPU: 0 PID: 3742 Comm: kworker/u4:9 Not tainted 6.1.97-syzkaller #0 [ 501.098348][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 501.098358][ C0] Workqueue: phy26 ieee80211_iface_work [ 501.098379][ C0] RIP: 0010:enqueue_entity+0xa06/0x1770 [ 501.098399][ C0] Code: 00 00 41 20 ee 4b 8b 2c 3c 48 85 ed 74 6c 49 89 ec 48 8d 7d 40 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 <74> 05 e8 53 96 80 00 48 8b 6c 24 20 49 2b 6c 24 40 48 89 eb 48 c1 [ 501.098410][ C0] RSP: 0018:ffffc900000079f0 EFLAGS: 00000046 [ 501.098422][ C0] RAX: 1ffff110094e801a RBX: ffff8880246f9e90 RCX: dffffc0000000000 [ 501.098434][ C0] RDX: ffffffff8cfee700 RSI: ffffffff8aec13c0 RDI: ffff88804a7400d0 [ 501.098446][ C0] RBP: ffff88804a740090 R08: ffffffff813f2cef R09: fffffbfff1ce7016 [ 501.098457][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88804a740090 [ 501.098467][ C0] R13: ffff8880b983aac0 R14: ffff8880b983aa01 R15: ffff8880b983ab00 [ 501.098478][ C0] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 501.098491][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 501.098502][ C0] CR2: 00007f9bdadf3440 CR3: 000000000ce8e000 CR4: 00000000003506f0 [ 501.098515][ C0] DR0: 0004000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 501.098525][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 501.098534][ C0] Call Trace: [ 501.098540][ C0] [ 501.098546][ C0] ? nmi_cpu_backtrace+0x3de/0x560 [ 501.098566][ C0] ? read_lock_is_recursive+0x10/0x10 [ 501.098596][ C0] ? nmi_trigger_cpumask_backtrace+0x3f0/0x3f0 [ 501.098615][ C0] ? nmi_handle+0x25/0x440 [ 501.098642][ C0] ? nmi_cpu_backtrace_handler+0x8/0x10 [ 501.098662][ C0] ? nmi_handle+0x12e/0x440 [ 501.098680][ C0] ? nmi_handle+0x25/0x440 [ 501.098699][ C0] ? enqueue_entity+0xa06/0x1770 [ 501.098715][ C0] ? default_do_nmi+0x62/0x150 [ 501.098729][ C0] ? exc_nmi+0xa8/0x100 [ 501.098743][ C0] ? end_repeat_nmi+0x16/0x31 [ 501.098764][ C0] ? __cpu_to_node+0x2f/0xe0 [ 501.098780][ C0] ? enqueue_entity+0xa06/0x1770 [ 501.098797][ C0] ? enqueue_entity+0xa06/0x1770 [ 501.098814][ C0] ? enqueue_entity+0xa06/0x1770 [ 501.098830][ C0] [ 501.098835][ C0] [ 501.098846][ C0] enqueue_task_fair+0x228/0xb90 [ 501.098865][ C0] ? psi_task_change+0xf9/0x270 [ 501.098878][ C0] ? sched_group_set_idle+0x880/0x880 [ 501.098896][ C0] ? psi_task_change+0xf9/0x270 [ 501.098913][ C0] enqueue_task+0x181/0x3a0 [ 501.098932][ C0] ttwu_do_activate+0x1b4/0x370 [ 501.098951][ C0] try_to_wake_up+0x76b/0x12e0 [ 501.098971][ C0] ? cpu_curr_snapshot+0xd0/0xd0 [ 501.098989][ C0] ? __rwlock_init+0x140/0x140 [ 501.099003][ C0] ? __lock_acquire+0x1f80/0x1f80 [ 501.099025][ C0] autoremove_wake_function+0x12/0x110 [ 501.099045][ C0] __wake_up_common+0x2a0/0x4e0 [ 501.099067][ C0] __wake_up+0x11a/0x1c0 [ 501.099085][ C0] ? __wake_up_bit+0x2b0/0x2b0 [ 501.099105][ C0] ? ktime_get+0x242/0x270 [ 501.099126][ C0] irq_work_single+0xd5/0x230 [ 501.099142][ C0] irq_work_run+0x187/0x350 [ 501.099157][ C0] ? irq_work_single+0x230/0x230 [ 501.099169][ C0] ? __irq_exit_rcu+0x163/0x240 [ 501.099188][ C0] ? irq_exit_rcu+0x20/0x20 [ 501.099211][ C0] __sysvec_irq_work+0xbb/0x360 [ 501.099227][ C0] sysvec_irq_work+0x89/0xb0 [ 501.099240][ C0] [ 501.099245][ C0] [ 501.099250][ C0] asm_sysvec_irq_work+0x16/0x20 [ 501.099268][ C0] RIP: 0010:native_apic_msr_write+0x35/0x50 [ 501.099285][ C0] Code: 74 2a 83 ff 30 74 25 eb 10 81 ff d0 00 00 00 74 1b 81 ff e0 00 00 00 74 13 c1 ef 04 81 c7 00 08 00 00 89 f9 89 f0 31 d2 0f 30 <66> 90 c3 89 f6 31 d2 e9 0f d2 28 03 66 2e 0f 1f 84 00 00 00 00 00 [ 501.099296][ C0] RSP: 0018:ffffc90004bb7308 EFLAGS: 00000246 [ 501.099308][ C0] RAX: 00000000000000f6 RBX: ffffffff8cb15a68 RCX: 000000000000083f [ 501.099318][ C0] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f [ 501.099327][ C0] RBP: 0000000000000000 R08: ffffffff84377e44 R09: fffff52000976e51 [ 501.099337][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffff8d21ad88 [ 501.099348][ C0] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000020 [ 501.099361][ C0] ? llist_add_batch+0x134/0x1d0 [ 501.099383][ C0] arch_irq_work_raise+0x82/0xd0 [ 501.099397][ C0] irq_work_queue+0xa3/0x150 [ 501.099412][ C0] __kfence_alloc+0x226/0x370 [ 501.099429][ C0] ? reacquire_held_locks+0x660/0x660 [ 501.099449][ C0] ? kfence_guarded_free+0x7f0/0x7f0 [ 501.099464][ C0] ? validate_chain+0x112/0x5950 [ 501.099508][ C0] ? should_failslab+0x5/0x20 [ 501.099526][ C0] ? ieee802_11_parse_elems_full+0xc4/0x1380 [ 501.099540][ C0] __kmem_cache_alloc_node+0x1fa/0x260 [ 501.099557][ C0] ? ieee802_11_parse_elems_full+0xc4/0x1380 [ 501.099573][ C0] ? ieee802_11_parse_elems_full+0xc4/0x1380 [ 501.099591][ C0] __kmalloc+0xa1/0x230 [ 501.099608][ C0] ieee802_11_parse_elems_full+0xc4/0x1380 [ 501.099624][ C0] ? trace_raw_output_contention_end+0xd0/0xd0 [ 501.099644][ C0] ? rcu_is_watching+0x11/0xb0 [ 501.099657][ C0] ? trace_contention_end+0x61/0x170 [ 501.099674][ C0] ? __mutex_lock+0x2f7/0xd80 [ 501.099689][ C0] ? reacquire_held_locks+0x660/0x660 [ 501.099709][ C0] ? ieee80211_queue_delayed_work+0x160/0x160 [ 501.099724][ C0] ? mutex_lock_nested+0x10/0x10 [ 501.099740][ C0] ? mark_lock+0x9a/0x340 [ 501.099762][ C0] ieee80211_ibss_rx_queued_mgmt+0x430/0x2dd0 [ 501.099781][ C0] ? __lock_acquire+0x125b/0x1f80 [ 501.099805][ C0] ? ieee80211_ibss_rx_no_sta+0x740/0x740 [ 501.099826][ C0] ? mark_lock+0x9a/0x340 [ 501.099845][ C0] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 501.099871][ C0] ? print_irqtrace_events+0x210/0x210 [ 501.099889][ C0] ? do_raw_spin_unlock+0x137/0x8a0 [ 501.099905][ C0] ? lockdep_hardirqs_on+0x94/0x130 [ 501.099922][ C0] ? skb_dequeue+0x10f/0x140 [ 501.099939][ C0] ieee80211_iface_work+0x7aa/0xce0 [ 501.099959][ C0] ? process_one_work+0x7a9/0x11d0 [ 501.099975][ C0] process_one_work+0x8a9/0x11d0 [ 501.099997][ C0] ? worker_detach_from_pool+0x260/0x260 [ 501.100015][ C0] ? _raw_spin_lock_irqsave+0x120/0x120 [ 501.100030][ C0] ? kthread_data+0x4e/0xc0 [ 501.100050][ C0] ? wq_worker_running+0x97/0x190 [ 501.100070][ C0] worker_thread+0xa47/0x1200 [ 501.100091][ C0] ? _raw_spin_unlock+0x40/0x40 [ 501.100113][ C0] kthread+0x28d/0x320 [ 501.100125][ C0] ? worker_clr_flags+0x190/0x190 [ 501.100140][ C0] ? kthread_blkcg+0xd0/0xd0 [ 501.100156][ C0] ret_from_fork+0x1f/0x30 [ 501.100177][ C0] [ 501.739478][ T1251] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.745776][ T1251] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.821937][ T9728] bio_check_eod: 1438 callbacks suppressed [ 501.821958][ T9728] syz.4.2054: attempt to access beyond end of device [ 501.821958][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 502.061950][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 502.068830][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.1.97-syzkaller #0 [ 502.076643][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 502.086701][ T28] Call Trace: [ 502.089980][ T28] [ 502.092907][ T28] dump_stack_lvl+0x1e3/0x2cb [ 502.097600][ T28] ? nf_tcp_handle_invalid+0x642/0x642 [ 502.103069][ T28] ? panic+0x764/0x764 [ 502.107137][ T28] ? llist_add_batch+0x160/0x1d0 [ 502.112083][ T28] ? vscnprintf+0x59/0x80 [ 502.116418][ T28] panic+0x318/0x764 [ 502.120319][ T28] ? nmi_trigger_cpumask_backtrace+0x2c1/0x3f0 [ 502.126483][ T28] ? memcpy_page_flushcache+0xfc/0xfc [ 502.131863][ T28] ? nmi_trigger_cpumask_backtrace+0x2c1/0x3f0 [ 502.138027][ T28] ? nmi_trigger_cpumask_backtrace+0x33a/0x3f0 [ 502.140830][ T9728] syz.4.2054: attempt to access beyond end of device [ 502.140830][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 502.143137][ T9728] syz.4.2054: attempt to access beyond end of device [ 502.143137][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 502.143738][ T9728] syz.4.2054: attempt to access beyond end of device [ 502.143738][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 502.146032][ T9728] syz.4.2054: attempt to access beyond end of device [ 502.146032][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 502.146635][ T9728] syz.4.2054: attempt to access beyond end of device [ 502.146635][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 502.148924][ T9728] syz.4.2054: attempt to access beyond end of device [ 502.148924][ T9728] loop4: rw=524288, sector=57344, nr_sectors = 8 limit=40427 [ 502.149525][ T9728] syz.4.2054: attempt to access beyond end of device [ 502.149525][ T9728] loop4: rw=0, sector=57344, nr_sectors = 8 limit=40427 [ 502.239576][ T28] ? nmi_trigger_cpumask_backtrace+0x33f/0x3f0 [ 502.245729][ T28] watchdog+0xfc7/0xfd0 [ 502.249875][ T28] ? watchdog+0x1f8/0xfd0 [ 502.254191][ T28] kthread+0x28d/0x320 [ 502.258246][ T28] ? hungtask_pm_notify+0x50/0x50 [ 502.263253][ T28] ? kthread_blkcg+0xd0/0xd0 [ 502.267828][ T28] ret_from_fork+0x1f/0x30 [ 502.272239][ T28] [ 502.275458][ T28] Kernel Offset: disabled [ 502.279766][ T28] Rebooting in 86400 seconds..