last executing test programs: 1m57.715400569s ago: executing program 2 (id=1563): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xa) 1m37.358766613s ago: executing program 2 (id=1563): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xa) 1m11.926372992s ago: executing program 2 (id=1563): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xa) 52.133250779s ago: executing program 2 (id=1563): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xa) 35.889259387s ago: executing program 2 (id=1563): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xa) 12.581855572s ago: executing program 2 (id=1563): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xa) 10.731340363s ago: executing program 3 (id=2058): pipe2$9p(&(0x7f0000002180), 0x0) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x2200050, &(0x7f0000000140)=ANY=[], 0x1, 0x1516, &(0x7f0000003140)="$eJzs3Am4T+X2OPC13vfdHDJ8k8x7vWvzTYaXJMmQJEOSJCGZE5IkSZLEIVMSkpDxJJlD5nTSMc9D5qSTK0mSkJDk/T+n4e823H/33l/3r9896/M8+znv2nu/a6991vmePTzPOV90HVa9UY0q9ZkZ/h365wH++CURABIAYCAAZAeAAADK5CiTI217Jo2J/9ZBxH9IgxmXuwJxOUn/0zfpf/om/U/fpP/pm/Q/fZP+p2/S//RN+i9EujYr75WypN9F3v//L6f+J5Pl+v/fB/G3q/7RvtL//zb6X9pb+p9uZPi9ldL/9OL3LwHS//RN+p+eBZe7AHGZyec/fZP+C5Gu/envlDecu9zvtGX5FxYhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEOL/g3P+EgMAP48vd11CCCGEEEIIIYT48/i3LncFQgghhBBCCCGE+M9DUKDBQAAZICMkQCbIDFdAFsgK2SA7xOBKyAFXQU64GnJBbsgDeSEf5IcCEAKBBYYICkIhiMM1UBiuhSJQFIpBcXBQAkrCdVAKrofScAOUgRuhLNwE5aA8VICKcDNUglugMtwKVeA2qArVoDrUgNuhJtwBteBOqA13QR24G+rCPVAP7oX60AAawn3QCO6HxtAEmkIzaA4toOUfzE/K/nvzn4Ee8Cz0hF6QCL2hDzwHfaEf9IcBMBCeh0HwAgyGF2EIDIVh8BIMh5dhBLwCI2EUjIZXYQyMhXEwHibAREiC12ASvA6T4Y37s8JUmAbTYQbMhFnwJsyGOTAX3oJ5MB8WQFKmRbAYlsDbsBTegWR4F5bBe5ACy2EFrIRVsBrWwFpYB+thA2yETbAZtsBW2Abvw3bYATthF+yGPbAXPoB98CHsh48gFT/+F+ef/eV86IaAgAoVGjSYATNgAiZgZsyMWTALZsNsGMMY5sAcmBNzYi7MhXkwD+bDfFgACyAhISNjQSyIcYxjYSyMRbAIFsNi6NBhSSyJpfB6LI2lsQyWwbJYFstheSyPFbEiVsJKWBkrYxWsglWxKlbH6ng73o53YC2shbWxNtbBOlgX62I9rIf1sT42xIbYCBthY2yMTbEpNsfm2BJbYitsha2xNbbFttgO22F7bI8dsAN2xI7YCTthZ+yMXbALdsWu2A2fxqfxGXwGn8VnsRdWVb2xD/bBvtgX++MAHIDP4yB8AV/AF3EIDsVh+BK+hC/jCDyDI3EUjsbRWEmNxXE4HllNxCRMwowwCSfjZJyCU3EqTscZOBNn4SycjXNwDr6F83A+zseFuBAX4xJcgkvxHUzGZFyGZzEFl+MKXImrcDWuwrW4DtfiBtyIG3AzbsatuBXfx/dxB+7AXbgL9+Ae/AA/wA/xQxyCqZiKB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5wDgPJ7HC3gBL+LFtA+/SmOUURlUBpWgElRmlVllUVlUNpVNxVRM5VA5VE6VU+VSuVQelUflU/lUAVVAkSLFKlIFVUEVV3FVWBVWRVQRVUwVU045VVKVVKVUKVValVZl1I2qrLpJlVPlVRtXUVVUlVRbV1ndqqqoKqqqqqaqqxqqhqqpaqpaqpaqrWqrOqqOqqvuUfVUb+yPDVRaZxqpodhYDcOmqplqrlqol/EB1UqNwNaqjWqrHlKjcCS2V61cB/Wo6qjGYSf1uBqPT6guaiJ2VU+pbupp1V09o3qo1q6n6qWmYG/VR03Hvqqf6q8GqNlYTaV1rLp6UQ1RQ9Uw9ZJajC+rEeoVNVKNUqPVq2qMGqvGqfFqgpqoktRrapJ6XU1Wb6gpaqqapqarGWqmmqXeVLPVHDVXvaXmqflqgVqoFqnFaol6Wy1V76hk9a5apt5TKWq5WqFWqlVqtVqj1qp1ar3aoDaqTWqz2qK2qm3qfbVd7VA71S61W+1Re9UHap/6UO1XH6lU9bE6oP6mDqpP1CH1qTqsPlNH1OfqqPpCHVNfquPqK3VCnVSn1NfqtPpGnVFn1Tn1rTqvvlMX1PfqovIKNGqltTY60Bl0Rp2gM+nM+gqdRWfV2XR2HdNX6hz6Kp1TX61z6dw6j8mr8+n8uoAONWmrWUe6oC6k4/oaXVhfq4voorqYLq6dLqFL6ut0KX29Lq1v0GX0jbqsvkmX0+V1BQ/6Zl1J36Ir61t1FX2brqqr6eq6hr5d19R36Fr6Tl1b36Xr6Lt1XX2Prqfv1fV1A91Q36cb6ft1Y91EN9XNdHPdQrfUD+hW+kHdWrfRbfVDup1+WLfXj+gO+lHdUT+mO+nHdWf9hO6in9Rd9VO6m35ad9ff64va6566l07UvXUf/Zzuq/vp/nqAHqif14P0C3qwflEP0UP1MP2SHq5f1iP0K3qkHqVH61f1GD1Wj9Pj9QQ9USfp1/Qk/bqerN/QU/RUPU1P1zP0TN3/p0xz/4n5r//O/ME/HH2r3qbf19v1Dr1T79K79R69V+/V+/Q+vV/v16k6VR/QB/RBfVAf0of0YX1YH9FH9FF9VB/Tx/RxfVyf0Cf1t/prfVp/o8/os/qs/laf1+f1hZ++B2DQKKONMYHJYDKaBJPJZDZXmCwmq8lmspuYudLkMFeZnOZqk8vkNnlMXpPP5DcFTGjIWMMmMgVNIRM315jC5lpTxBQ1xUxx40wJU9Jc9z+e/0f1tTQtTSvTyrQ2rU1b09a0M+1Me9PedDAdTEfT0XQynUxn09l0MV1MV9PVdDPdTHfT3fQwPUxP09MkmkTTxzxn+pp+pr8ZYAaa580gM8gMNoPNEDPEDDPDzHAz3IwwI8xIM9KMNqPNGDPGjDPjzAQzwST57GaSmWQmm8lmiplipg3MbmaYGWaWmWVmm9lmrplr5pl5ZoFZYBaZRWaJWWKWmqUm2SSbZWaZSTHLzXKz0qw0q81qs9asNevNerPRbDSbzWaTYraZbWa72W52mp1mt9lt9pq9Zp/ZZ/ab/SbVpJoD5oA5aA6aQ+aQOWwOmyPmiDlqjppj5pg5bo6bE+aEOWVOmdPmtDljzphz5pw5b86bC+aCuWgupt32BSpQgQlMkCHIECQECUHmIHOQJcgSZAuyBbEgFuQIcgQ5g6uDXEHuIE+QN8gX5A8KBGFAgQ04iIKCQaEgHlwTFA6uDYoERYNiQfHABSWCksF1Qang+qB0cENQJrgxKBvcFJQLygcVgorBzUGl4JagcnBrUCW4LagaVAuqBzWC24OawR1BreDOoHZwV1AnuDuoG9wT1AvuDeoHDYKGwX1Bo+D+oHHQJGgaNAuaBy2Cln9qfu/P5H7Q9Qx7hYlh77BP+FzYN+wX9g8HhAPD58NB4Qvh4PDFcEg4NBwWvhQOD18OR4SvhCPDUeHo8NVwTDg2HBeODyeEE8Ok8LVwUvh6ODl8I5wSTg2nBdPDGeHMcFb4Zjg7nBPODd8K54XzwwXhwnBRuDhE/PFuPDl8N1wWvhemhMvDFeHKcFW4OlwTrg3XhevDDeHGcFO4ucygH3cNt4c7wp3hrnB3uCfcG34Q7gs/DPeHH4Wp4cfhgfBv4cHwk/BQ+Gl4OPwsPBJ+Hh4NvwiPhV+Gx8OvwhPhyUwQfh2eDr8Jz4Rnw3Pht+H58LvwQvh9eDH0aTf3aZd3MmQoA2WgBEqgzJSZslAWykbZKEYxykE5KCflpFyUi/JQHspH+agAFaA0TEwFqSDFKU6FqTAVoSJUjIqRI0clqSSVolJUmkpTGSpDZakslSNLFagC3Uw30y10C91Kt9JtdBtVo2pUg2oQYk2qRbWoNtWmOlSH6lJdqkf1qD7Vp4bUkBpRI2pMjakpNaXm1JxaUktqRa2oNbWmttSW2lE7ak/tqQN1oI7UkTpRJ+pMnakLdaGu1JW6UTfqTt2pB/WgntSTEimR+lAf6kt9qT/1p4E0kAbRIBpMg2kIDaFhNIyG03AaQSNoJI2i0fQqjaGxNI7G0wSaSEmURJNoEk2myTSFptA0mkYzaAbNolk0m2bTXJpL82geLaAFtIgW0RJaQktpKSVTMi2jZZRCKbSCVtAqWkVraA2to3W0gTbQJtpEW2gLbaNttJ22007aSbtpN+2lvbSP9tF+2k+plEoH6AAdpIN0iA7RYTpMR+gIHaWjdIyO0XE6TifoBJ2iU3SaTtMZOkPn6Bydp+/oAn1PF8lTgs1kM9srbBab1Waz2e2v4zw2r81n89sCNrS5bO5fxGStLWKL2mK2uHW2hC1pr/tNXM6WtxVsRXuzrWRvsZVtOZsJ/j6uae+wteydtra9y9awt/8irmPvtnXt/baebWLr22a2oW1hG9n7bWPbxDa1zWxz28K2sw/b9vYR28E+ajvax34TL7Xv2HV2vd1gN9p99kN7zn5rj9ov7Hn7ne1pe9mB9nk7yL5gB9sX7RA79JcxgB1tX7Vj7Fg7zo63E+zE38TT7HQ7w860s+ybdrad85t4iX3bzrPJdoFdaBfZxT/EaTUl23ftMvueTbHL7Qq70q6yq+0au/b/1rrSbrZb7Fa7135gt9sddqfdZXfbPT/Eaeex335kU+3H9oj93B60n9hD9pg9bD/7IU47v2P2S3vcfmVP2JP2lP3anrbf2DP27A/nn3buX9vv7UXrLTCyYs2GA87AGTmBM3FmvoKzcFbOxtk5xldyDr6Kc/LVnItzcx7Oy/k4PxfgkIktM0dckAtxnK/hwnwtF+GiXIyLs+MSXJKv41J8PZfmG7gM38hl+SYux+W5Alfkm7kS38KV+VauwrdxVa7G1bkG3841+Q6uxXdybb6L6/DdXJfv4Xp8L9fnBtyQ7+NGfD835ibclJtxc27BLfkBbsUPcmtuw235IW7HD3N7foQ78KPckR/jTvw4d+YnuAs/yV35Ke7GT3N3foZ78LPck3txIvfmPvwc9+V+3J8H8EB+ngfxCzyYX+QhPJSH8Us8nF/mEfwKj+RRPJpf5TE8lsfxeJ7AEzmJX+NJ/DpP5jd4Ck/laTydZ/BMnsVv8myew3P5LZ7H83kBL+RFvJiX8Nu8lN/hZH6Xl/F7nMLLeQWv5FW8mtfwWl7H63kDb+RNvJm38Fbexu/zdt7BO3kX7+Y9vJc/4H38Ie/njziVP+YD/Dc+yJ/wIf6UD/NnfIQ/56P8BR/jL/k4f8Un+CSf4q/5NH/DZ/gsn+Nv+Tx/xxf4e77IniHCSEU6MlEQZYgyRglRpihzdEWUJcoaZYuyR7HoyihHdFWUM7o6yhXljvJEeaN8Uf6oQBRGFNmIoygqGBWK4tE1UeHo2qhIVDQqFhWPXFQiKhldF5WKro9KRzdEZaIbo7LRTVG5qHxUIaoY3RxVim6JKke3RlWi26KqUbWoelQjuj2qGd0R1YrujGpHd0Wlo7ujutE9Ub3o3qh+1CBqGN0XNYrujxpHTaKmUbOoedQiahk9ELWKHoxaR22ittFDUbvo4ah99EjUIXo06hg9dml70eDHq+mvtidGvSP90xuyO/Wi+OL4kvjb8aXxd+LJ8Xfjy+LvxVPiy+Mr4ivjq+Kr42via+Pr4uvjG+Ib45vim+Nb4lvj3tfICA7THoTBuMBlcBldgsvkMrsrXBaX1WVz2V3MXelyuKtcTne1y+Vyuzwur8vn8rsCLnTkrGMXuYKukIu7a1xhd60r4oq6Yq64c66EK+lauJaupWvlHnStXRvX1j3kHnIPu4fdI+4R96jr6B5zndzjrrN7wnVxT7on3VOum3vadXfPuB7uWdfT9XKJLtH1cX1cX9fX9Xf93UA30A1yg9xgN9gNcUPcMDfMDXfD3Qg3wo10I91oN9qNcWPcODfOTXATXJJLcpPcJDfZTXZT3BQ3zU1zM9wMN8vNcrPdbDfXzXXz3Dy3wC1wi9wit8QtcUvdUpfskt0yt8yluBS3wq1wq9wqt8atcevcOrfBbXCb3Ca3xW1x29w2t91tdzvdTrfb7XZ73V63z+1z+91+l+pS3QF3wB10B90h96k77D5zR9zn7qj7wh1zX7rj7it3wp10p9zX7rT7xp1xZ9059607775zF9z37qLzLin2WmxS7PXY5NgbsSmxqbFpsemxGbGZsVmxN2OzY3Nic2NvxebF5scWxBbGFsUWx5bE3o4tjb0TS469G1sWey+WElseWxFbGVsVWx3zPv/2yBf0hXzcX+ML+2t9EV/UF/PFvfMlfEl/nS/lr/el/Q2+jL/Rl/U3+XK+vK/gm/imvplv7lv4lv4B38o/6Fv7Nr6tf8i38w/79v4R38E/6jv6x3wn/7jv7J/wXfyTvqt/av5PP56+h3/W9/S9fKLv7fv453xf38/39wP8QP+8H+Rf8IP9i36IH+qH+Zf8cP+yH+Ff8SP9KD/av+rH+LF+nB/vJ/iJPsm/5if51/1k/4af4qf6aX66n+Fn+ln+TT/bz/Fz/Vt+np/vF/iFfpFf7Jf4t/1S/45P9u/6Zf49n+KX+xV+pV/lV/s1fq1f59f7DX6j3+Q3+y1+q9/mM8J2v8Pv9Lv8br/H7/Uf+H3+Q7/ff+RT/cf+gP+bP+g/8Yf8p/6w/8wf8Z/7o/4Lf8x/6Y/7r/wJf9Kf8l/70/4bf8af9ef8t/68/85f8N/7i/I3a0IIIYQQ/xT9B9t7/8469dNiAKAPAGTdkffwr3NuyvXjuJ/a1zEGAI/26trg56VBg8TExJ/2TdEQFFoIALFL8zPApXg5tIWHoQO0gVK/W18/VQH5V/mDv9uelj9+I0BmgEw/r0uAH+Jf5b/+H+Rv8vav8/+6/vhCgCKFLs1JO9DP8aX8pf9B/j3t/iB/pk+SAFr/3ZwscCm+lL8kPAiPQYdf7CmEEEIIIYQQQvyonzrf7Y+eb9Oez/OZS3MywqX4j57P/0DlP+MchBBCCCGEEEII8f/2xNPdH3mgQ4c2nf+bBxn/GmX8BQYIAH+BMmTw1x9c7t9MQgghhBBCiD/bpZv+y12JEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgiRfv37/yFM/dM7X+5zFEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIS63/xMAAP//gUVOqg==") bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)={0x38, r4, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x5, 0x2}]}]}]}, 0x38}}, 0x0) sendmsg$TIPC_NL_NET_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x20, r4, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xf0}]}]}, 0x20}}, 0x0) 10.0382957s ago: executing program 3 (id=2061): bpf$MAP_CREATE(0x0, &(0x7f0000000ec0)=@base={0x0, 0x0, 0xf1}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1}, 0x48) bind$xdp(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) setsockopt$inet6_group_source_req(r3, 0x29, 0x2f, &(0x7f0000000480)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @local}}}, 0x108) setsockopt$inet6_group_source_req(r3, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x8d3, @mcast1={0xff, 0x7}}}, {{0xa, 0x4e21, 0x80, @private2, 0x2}}}, 0x108) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000000)={@rand_addr, @empty, 0x0}, &(0x7f00000000c0)=0xc) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f8, &(0x7f0000000100)={'tunl0\x00', &(0x7f0000000300)={'syztnl2\x00', r4, 0x7800, 0x40, 0xd657, 0x5, {{0x4b, 0x4, 0x1, 0x15, 0x12c, 0x65, 0x0, 0xe4, 0x29, 0x0, @private=0xa010101, @empty, {[@timestamp_prespec={0x44, 0x24, 0x1a, 0x3, 0xa, [{@empty}, {@rand_addr=0x64010100, 0x10000}, {@dev={0xac, 0x14, 0x14, 0x16}, 0x400}, {@multicast1, 0x7}]}, @cipso={0x86, 0x49, 0x2, [{0x0, 0xf, "d37b7b54d152dc24249a5593a6"}, {0x7, 0x2}, {0x0, 0x10, "f09a36dfff77ff0fb4b7391337c2"}, {0x2, 0x12, "6cf1eea16534e56bf03fe5ab5cc426a3"}, {0x6, 0x10, "30f600c9a3dacd47c6142cab296b"}]}, @timestamp_prespec={0x44, 0xc, 0x79, 0x3, 0x7, [{@multicast2, 0x9}]}, @timestamp={0x44, 0x1c, 0xa8, 0x0, 0x4, [0x3, 0x0, 0xc, 0x6, 0x8, 0xd75b]}, @timestamp_prespec={0x44, 0x4c, 0x9b, 0x3, 0xc, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x2}, {@remote, 0x2}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x80}, {@dev={0xac, 0x14, 0x14, 0x20}, 0x36303f62}, {@broadcast, 0x4}, {@private=0xa010101, 0xa5}, {@dev={0xac, 0x14, 0x14, 0x25}, 0x5}, {@private=0xa010102, 0xffffff7f}, {@loopback, 0x4}]}, @timestamp={0x44, 0x1c, 0x2b, 0x0, 0x3, [0x8, 0x6, 0x9, 0x3, 0x6, 0x1]}, @lsrr={0x83, 0x1b, 0x0, [@remote, @remote, @dev={0xac, 0x14, 0x14, 0x22}, @dev={0xac, 0x14, 0x14, 0x3c}, @multicast1, @broadcast]}]}}}}}) r5 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_PASTESEL(r5, 0x4b52, &(0x7f0000000040)) 7.968586239s ago: executing program 4 (id=2063): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000000)={0x0, {{0x2, 0x0, @multicast1}}}, 0x88) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000100000000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], &(0x7f0000000440)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x4) write(r2, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) 6.507568128s ago: executing program 0 (id=2067): syz_usb_connect(0x0, 0x3d, &(0x7f0000000740)={{0x12, 0x1, 0x0, 0xf2, 0x68, 0x32, 0x40, 0x1266, 0x1002, 0xef1e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0xff, 0xb, 0xe6, 0x0, [], [{{0x9, 0x5, 0x9, 0x3}}, {{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "82d74b57ec"}]}}]}}]}}]}}, 0x0) 6.202528283s ago: executing program 4 (id=2069): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00'}, 0x10) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001418) ioctl$TUNSETOFFLOAD(r0, 0x4004743c, 0x0) 6.197915173s ago: executing program 1 (id=2070): r0 = dup(0xffffffffffffffff) write$FUSE_BMAP(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x2200050, &(0x7f0000000140)=ANY=[], 0x1, 0x1516, &(0x7f0000003140)="$eJzs3Am4T+X2OPC13vfdHDJ8k8x7vWvzTYaXJMmQJEOSJCGZE5IkSZLEIVMSkpDxJJlD5nTSMc9D5qSTK0mSkJDk/T+n4e823H/33l/3r9896/M8+znv2nu/a6991vmePTzPOV90HVa9UY0q9ZkZ/h365wH++CURABIAYCAAZAeAAADK5CiTI217Jo2J/9ZBxH9IgxmXuwJxOUn/0zfpf/om/U/fpP/pm/Q/fZP+p2/S//RN+i9EujYr75WypN9F3v//L6f+J5Pl+v/fB/G3q/7RvtL//zb6X9pb+p9uZPi9ldL/9OL3LwHS//RN+p+eBZe7AHGZyec/fZP+C5Gu/envlDecu9zvtGX5FxYhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEOL/g3P+EgMAP48vd11CCCGEEEIIIYT48/i3LncFQgghhBBCCCGE+M9DUKDBQAAZICMkQCbIDFdAFsgK2SA7xOBKyAFXQU64GnJBbsgDeSEf5IcCEAKBBYYICkIhiMM1UBiuhSJQFIpBcXBQAkrCdVAKrofScAOUgRuhLNwE5aA8VICKcDNUglugMtwKVeA2qArVoDrUgNuhJtwBteBOqA13QR24G+rCPVAP7oX60AAawn3QCO6HxtAEmkIzaA4toOUfzE/K/nvzn4Ee8Cz0hF6QCL2hDzwHfaEf9IcBMBCeh0HwAgyGF2EIDIVh8BIMh5dhBLwCI2EUjIZXYQyMhXEwHibAREiC12ASvA6T4Y37s8JUmAbTYQbMhFnwJsyGOTAX3oJ5MB8WQFKmRbAYlsDbsBTegWR4F5bBe5ACy2EFrIRVsBrWwFpYB+thA2yETbAZtsBW2Abvw3bYATthF+yGPbAXPoB98CHsh48gFT/+F+ef/eV86IaAgAoVGjSYATNgAiZgZsyMWTALZsNsGMMY5sAcmBNzYi7MhXkwD+bDfFgACyAhISNjQSyIcYxjYSyMRbAIFsNi6NBhSSyJpfB6LI2lsQyWwbJYFstheSyPFbEiVsJKWBkrYxWsglWxKlbH6ng73o53YC2shbWxNtbBOlgX62I9rIf1sT42xIbYCBthY2yMTbEpNsfm2BJbYitsha2xNbbFttgO22F7bI8dsAN2xI7YCTthZ+yMXbALdsWu2A2fxqfxGXwGn8VnsRdWVb2xD/bBvtgX++MAHIDP4yB8AV/AF3EIDsVh+BK+hC/jCDyDI3EUjsbRWEmNxXE4HllNxCRMwowwCSfjZJyCU3EqTscZOBNn4SycjXNwDr6F83A+zseFuBAX4xJcgkvxHUzGZFyGZzEFl+MKXImrcDWuwrW4DtfiBtyIG3AzbsatuBXfx/dxB+7AXbgL9+Ae/AA/wA/xQxyCqZiKB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5wDgPJ7HC3gBL+LFtA+/SmOUURlUBpWgElRmlVllUVlUNpVNxVRM5VA5VE6VU+VSuVQelUflU/lUAVVAkSLFKlIFVUEVV3FVWBVWRVQRVUwVU045VVKVVKVUKVValVZl1I2qrLpJlVPlVRtXUVVUlVRbV1ndqqqoKqqqqqaqqxqqhqqpaqpaqpaqrWqrOqqOqqvuUfVUb+yPDVRaZxqpodhYDcOmqplqrlqol/EB1UqNwNaqjWqrHlKjcCS2V61cB/Wo6qjGYSf1uBqPT6guaiJ2VU+pbupp1V09o3qo1q6n6qWmYG/VR03Hvqqf6q8GqNlYTaV1rLp6UQ1RQ9Uw9ZJajC+rEeoVNVKNUqPVq2qMGqvGqfFqgpqoktRrapJ6XU1Wb6gpaqqapqarGWqmmqXeVLPVHDVXvaXmqflqgVqoFqnFaol6Wy1V76hk9a5apt5TKWq5WqFWqlVqtVqj1qp1ar3aoDaqTWqz2qK2qm3qfbVd7VA71S61W+1Re9UHap/6UO1XH6lU9bE6oP6mDqpP1CH1qTqsPlNH1OfqqPpCHVNfquPqK3VCnVSn1NfqtPpGnVFn1Tn1rTqvvlMX1PfqovIKNGqltTY60Bl0Rp2gM+nM+gqdRWfV2XR2HdNX6hz6Kp1TX61z6dw6j8mr8+n8uoAONWmrWUe6oC6k4/oaXVhfq4voorqYLq6dLqFL6ut0KX29Lq1v0GX0jbqsvkmX0+V1BQ/6Zl1J36Ir61t1FX2brqqr6eq6hr5d19R36Fr6Tl1b36Xr6Lt1XX2Prqfv1fV1A91Q36cb6ft1Y91EN9XNdHPdQrfUD+hW+kHdWrfRbfVDup1+WLfXj+gO+lHdUT+mO+nHdWf9hO6in9Rd9VO6m35ad9ff64va6566l07UvXUf/Zzuq/vp/nqAHqif14P0C3qwflEP0UP1MP2SHq5f1iP0K3qkHqVH61f1GD1Wj9Pj9QQ9USfp1/Qk/bqerN/QU/RUPU1P1zP0TN3/p0xz/4n5r//O/ME/HH2r3qbf19v1Dr1T79K79R69V+/V+/Q+vV/v16k6VR/QB/RBfVAf0of0YX1YH9FH9FF9VB/Tx/RxfVyf0Cf1t/prfVp/o8/os/qs/laf1+f1hZ++B2DQKKONMYHJYDKaBJPJZDZXmCwmq8lmspuYudLkMFeZnOZqk8vkNnlMXpPP5DcFTGjIWMMmMgVNIRM315jC5lpTxBQ1xUxx40wJU9Jc9z+e/0f1tTQtTSvTyrQ2rU1b09a0M+1Me9PedDAdTEfT0XQynUxn09l0MV1MV9PVdDPdTHfT3fQwPUxP09MkmkTTxzxn+pp+pr8ZYAaa580gM8gMNoPNEDPEDDPDzHAz3IwwI8xIM9KMNqPNGDPGjDPjzAQzwST57GaSmWQmm8lmiplipg3MbmaYGWaWmWVmm9lmrplr5pl5ZoFZYBaZRWaJWWKWmqUm2SSbZWaZSTHLzXKz0qw0q81qs9asNevNerPRbDSbzWaTYraZbWa72W52mp1mt9lt9pq9Zp/ZZ/ab/SbVpJoD5oA5aA6aQ+aQOWwOmyPmiDlqjppj5pg5bo6bE+aEOWVOmdPmtDljzphz5pw5b86bC+aCuWgupt32BSpQgQlMkCHIECQECUHmIHOQJcgSZAuyBbEgFuQIcgQ5g6uDXEHuIE+QN8gX5A8KBGFAgQ04iIKCQaEgHlwTFA6uDYoERYNiQfHABSWCksF1Qang+qB0cENQJrgxKBvcFJQLygcVgorBzUGl4JagcnBrUCW4LagaVAuqBzWC24OawR1BreDOoHZwV1AnuDuoG9wT1AvuDeoHDYKGwX1Bo+D+oHHQJGgaNAuaBy2Cln9qfu/P5H7Q9Qx7hYlh77BP+FzYN+wX9g8HhAPD58NB4Qvh4PDFcEg4NBwWvhQOD18OR4SvhCPDUeHo8NVwTDg2HBeODyeEE8Ok8LVwUvh6ODl8I5wSTg2nBdPDGeHMcFb4Zjg7nBPODd8K54XzwwXhwnBRuDhE/PFuPDl8N1wWvhemhMvDFeHKcFW4OlwTrg3XhevDDeHGcFO4ucygH3cNt4c7wp3hrnB3uCfcG34Q7gs/DPeHH4Wp4cfhgfBv4cHwk/BQ+Gl4OPwsPBJ+Hh4NvwiPhV+Gx8OvwhPhyUwQfh2eDr8Jz4Rnw3Pht+H58LvwQvh9eDH0aTf3aZd3MmQoA2WgBEqgzJSZslAWykbZKEYxykE5KCflpFyUi/JQHspH+agAFaA0TEwFqSDFKU6FqTAVoSJUjIqRI0clqSSVolJUmkpTGSpDZakslSNLFagC3Uw30y10C91Kt9JtdBtVo2pUg2oQYk2qRbWoNtWmOlSH6lJdqkf1qD7Vp4bUkBpRI2pMjakpNaXm1JxaUktqRa2oNbWmttSW2lE7ak/tqQN1oI7UkTpRJ+pMnakLdaGu1JW6UTfqTt2pB/WgntSTEimR+lAf6kt9qT/1p4E0kAbRIBpMg2kIDaFhNIyG03AaQSNoJI2i0fQqjaGxNI7G0wSaSEmURJNoEk2myTSFptA0mkYzaAbNolk0m2bTXJpL82geLaAFtIgW0RJaQktpKSVTMi2jZZRCKbSCVtAqWkVraA2to3W0gTbQJtpEW2gLbaNttJ22007aSbtpN+2lvbSP9tF+2k+plEoH6AAdpIN0iA7RYTpMR+gIHaWjdIyO0XE6TifoBJ2iU3SaTtMZOkPn6Bydp+/oAn1PF8lTgs1kM9srbBab1Waz2e2v4zw2r81n89sCNrS5bO5fxGStLWKL2mK2uHW2hC1pr/tNXM6WtxVsRXuzrWRvsZVtOZsJ/j6uae+wteydtra9y9awt/8irmPvtnXt/baebWLr22a2oW1hG9n7bWPbxDa1zWxz28K2sw/b9vYR28E+ajvax34TL7Xv2HV2vd1gN9p99kN7zn5rj9ov7Hn7ne1pe9mB9nk7yL5gB9sX7RA79JcxgB1tX7Vj7Fg7zo63E+zE38TT7HQ7w860s+ybdrad85t4iX3bzrPJdoFdaBfZxT/EaTUl23ftMvueTbHL7Qq70q6yq+0au/b/1rrSbrZb7Fa7135gt9sddqfdZXfbPT/Eaeex335kU+3H9oj93B60n9hD9pg9bD/7IU47v2P2S3vcfmVP2JP2lP3anrbf2DP27A/nn3buX9vv7UXrLTCyYs2GA87AGTmBM3FmvoKzcFbOxtk5xldyDr6Kc/LVnItzcx7Oy/k4PxfgkIktM0dckAtxnK/hwnwtF+GiXIyLs+MSXJKv41J8PZfmG7gM38hl+SYux+W5Alfkm7kS38KV+VauwrdxVa7G1bkG3841+Q6uxXdybb6L6/DdXJfv4Xp8L9fnBtyQ7+NGfD835ibclJtxc27BLfkBbsUPcmtuw235IW7HD3N7foQ78KPckR/jTvw4d+YnuAs/yV35Ke7GT3N3foZ78LPck3txIvfmPvwc9+V+3J8H8EB+ngfxCzyYX+QhPJSH8Us8nF/mEfwKj+RRPJpf5TE8lsfxeJ7AEzmJX+NJ/DpP5jd4Ck/laTydZ/BMnsVv8myew3P5LZ7H83kBL+RFvJiX8Nu8lN/hZH6Xl/F7nMLLeQWv5FW8mtfwWl7H63kDb+RNvJm38Fbexu/zdt7BO3kX7+Y9vJc/4H38Ie/njziVP+YD/Dc+yJ/wIf6UD/NnfIQ/56P8BR/jL/k4f8Un+CSf4q/5NH/DZ/gsn+Nv+Tx/xxf4e77IniHCSEU6MlEQZYgyRglRpihzdEWUJcoaZYuyR7HoyihHdFWUM7o6yhXljvJEeaN8Uf6oQBRGFNmIoygqGBWK4tE1UeHo2qhIVDQqFhWPXFQiKhldF5WKro9KRzdEZaIbo7LRTVG5qHxUIaoY3RxVim6JKke3RlWi26KqUbWoelQjuj2qGd0R1YrujGpHd0Wlo7ujutE9Ub3o3qh+1CBqGN0XNYrujxpHTaKmUbOoedQiahk9ELWKHoxaR22ittFDUbvo4ah99EjUIXo06hg9dml70eDHq+mvtidGvSP90xuyO/Wi+OL4kvjb8aXxd+LJ8Xfjy+LvxVPiy+Mr4ivjq+Kr42via+Pr4uvjG+Ib45vim+Nb4lvj3tfICA7THoTBuMBlcBldgsvkMrsrXBaX1WVz2V3MXelyuKtcTne1y+Vyuzwur8vn8rsCLnTkrGMXuYKukIu7a1xhd60r4oq6Yq64c66EK+lauJaupWvlHnStXRvX1j3kHnIPu4fdI+4R96jr6B5zndzjrrN7wnVxT7on3VOum3vadXfPuB7uWdfT9XKJLtH1cX1cX9fX9Xf93UA30A1yg9xgN9gNcUPcMDfMDXfD3Qg3wo10I91oN9qNcWPcODfOTXATXJJLcpPcJDfZTXZT3BQ3zU1zM9wMN8vNcrPdbDfXzXXz3Dy3wC1wi9wit8QtcUvdUpfskt0yt8yluBS3wq1wq9wqt8atcevcOrfBbXCb3Ca3xW1x29w2t91tdzvdTrfb7XZ73V63z+1z+91+l+pS3QF3wB10B90h96k77D5zR9zn7qj7wh1zX7rj7it3wp10p9zX7rT7xp1xZ9059607775zF9z37qLzLin2WmxS7PXY5NgbsSmxqbFpsemxGbGZsVmxN2OzY3Nic2NvxebF5scWxBbGFsUWx5bE3o4tjb0TS469G1sWey+WElseWxFbGVsVWx3zPv/2yBf0hXzcX+ML+2t9EV/UF/PFvfMlfEl/nS/lr/el/Q2+jL/Rl/U3+XK+vK/gm/imvplv7lv4lv4B38o/6Fv7Nr6tf8i38w/79v4R38E/6jv6x3wn/7jv7J/wXfyTvqt/av5PP56+h3/W9/S9fKLv7fv453xf38/39wP8QP+8H+Rf8IP9i36IH+qH+Zf8cP+yH+Ff8SP9KD/av+rH+LF+nB/vJ/iJPsm/5if51/1k/4af4qf6aX66n+Fn+ln+TT/bz/Fz/Vt+np/vF/iFfpFf7Jf4t/1S/45P9u/6Zf49n+KX+xV+pV/lV/s1fq1f59f7DX6j3+Q3+y1+q9/mM8J2v8Pv9Lv8br/H7/Uf+H3+Q7/ff+RT/cf+gP+bP+g/8Yf8p/6w/8wf8Z/7o/4Lf8x/6Y/7r/wJf9Kf8l/70/4bf8af9ef8t/68/85f8N/7i/I3a0IIIYQQ/xT9B9t7/8469dNiAKAPAGTdkffwr3NuyvXjuJ/a1zEGAI/26trg56VBg8TExJ/2TdEQFFoIALFL8zPApXg5tIWHoQO0gVK/W18/VQH5V/mDv9uelj9+I0BmgEw/r0uAH+Jf5b/+H+Rv8vav8/+6/vhCgCKFLs1JO9DP8aX8pf9B/j3t/iB/pk+SAFr/3ZwscCm+lL8kPAiPQYdf7CmEEEIIIYQQQvyonzrf7Y+eb9Oez/OZS3MywqX4j57P/0DlP+MchBBCCCGEEEII8f/2xNPdH3mgQ4c2nf+bBxn/GmX8BQYIAH+BMmTw1x9c7t9MQgghhBBCiD/bpZv+y12JEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgiRfv37/yFM/dM7X+5zFEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIS63/xMAAP//gUVOqg==") bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)={0x38, r5, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x5, 0x2}]}]}]}, 0x38}}, 0x0) sendmsg$TIPC_NL_NET_SET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x20, r5, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xf0}]}]}, 0x20}}, 0x0) 5.122060271s ago: executing program 3 (id=2071): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000800000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) timer_settime(0x0, 0x0, 0x0, 0x0) clock_adjtime(0xffffffd3, &(0x7f00000001c0)) 4.862741803s ago: executing program 4 (id=2072): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x5, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000008000000850000002e000000a50000007d000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 4.844676064s ago: executing program 1 (id=2073): sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6) ioctl$sock_bt_hci(r0, 0x400448c9, &(0x7f0000000000)="d7afa1a62119a2") r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYBLOB="0000000000000000b7080000020040007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_usb_connect$hid(0x0, 0x0, 0x0, &(0x7f0000000400)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x0, 0xc4, 0x4}, 0x15, 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file2\x00', 0x0, &(0x7f0000000140)=ANY=[], 0x1, 0x1217, &(0x7f00000006c0)="$eJzs3E1rY1UYB/CnmY7ptPZFHUdnFvqgG1dh2oULEaRIB6QBZZwKM4KQsamGXJPShEoG8WXl1g/hSly6E8Qv0I2fwV03LmchXpnEcSY1aoWYCv5+m/OQ8/xzz82FwA335PjlLz5o752LiH5U5uaish+RdzMyKnHfM9uj8eat7c16fet65rXNG+svZubKs9+9/dHXz33fX3rrm5Vvq3G09s7xTxs/Hl06unz8y433W71s9bLT7Wcjb3e7/cbtopm7rV67lvlG0Wz0mtnq9JoHY/N7RXd/f5CNzu7y4v5Bs9fLRmeQ7eYg+93sHwyy8V6j1clarZbLi8GfOv/3LTtf3S3LMqIsz8cjUZZleSEWYykejeVYiU8j4rF4PJ6Ii/FkXIqn4um4POyaxfIBAAAAAAAAAAAAAAAAAADg/+Ov9v+vxpr9/wAAAAAAAAAAAAAAAAAAADADb968tb1Zr29dz1yIKD4/3DmM0Tia39yLVhTRjKuxGj/HcPf/yKi+9lp962oOrcVnxSeHO/eS98Zz4/n14d8J/JafH87dz6+P8jmer8biw/mNWI2Lk4+/MTG/EC88/1C+Fqvxw7vRjSJ2h8d+kP94PfPV1+sn8leGfWOqM744AAAAMCW1/N3E+/daLT9cmjg/yv+D3wdO3F/Px5X5sz13InqDO+1GUTQPxouFP7yiuNOOudM1V/6lZVTiP/AhKKZTlNVhcWEKb1iNiKmv8Ky/mZiFBxf9FM1zM1gQAAAAAAAAAAAApzKVRwVf+jJi8tR8THiy7JWzOVUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5lB44FAAAAAIT5W6fRsQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwVAAD//+6hyEk=") 4.64613114s ago: executing program 4 (id=2074): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff85000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) gettid() r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0xdc) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x2, 0x7fe2, 0x1}, 0x48) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000800000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) 4.495628053s ago: executing program 0 (id=2075): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) close(0xffffffffffffffff) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x6, &(0x7f00000000c0)=0x20008) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bind$inet6(0xffffffffffffffff, &(0x7f0000d84000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000011c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000001200)={0x1d, r2}, 0x18) connect$can_j1939(r1, &(0x7f0000000080)={0x1d, r2}, 0x18) writev(r1, &(0x7f0000000240)=[{&(0x7f0000000000)='h', 0xfdef}], 0x1) 2.382034706s ago: executing program 3 (id=2076): syz_open_procfs$namespace(0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getrlimit(0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0xa, 0x0, 0x3a) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x100000d, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ceb000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) munmap(&(0x7f000063c000/0x2000)=nil, 0x2000) munlock(&(0x7f00001f1000/0x2000)=nil, 0x2000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) 1.530051815s ago: executing program 1 (id=2077): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000100)) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4040845) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000580)='net/tcp6\x00') r6 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r6, 0xfff) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) preadv(r5, &(0x7f0000000780)=[{&(0x7f0000000000)=""/65, 0x41}], 0x1, 0x1f3, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) 1.180934554s ago: executing program 0 (id=2078): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x22701, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000001e40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a505000000007751e841cca555077e3a159110193dd2ff1fa7c3205bfedbe9d8f3bd23cd78a07e32fe0231368b2264f9c504b2f1f65515b2e1"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x90) syz_emit_ethernet(0x9a, 0x0, 0x0) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "db8f2d2b3b7596160c6981acf8805944823a7f"}) write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[], 0xff2e) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000ffff00"}) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x7, 0x0, "e315bc1cc24ff7b7cdb242e1ff0aa6905446b3"}) r2 = syz_open_pts(r1, 0x0) r3 = dup3(r2, r1, 0x0) read$FUSE(r3, &(0x7f00000041c0)={0x2020}, 0x2020) read$FUSE(r3, &(0x7f0000006200)={0x2020}, 0x2020) 1.164232855s ago: executing program 4 (id=2079): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000000)={0x0, {{0x2, 0x0, @multicast1}}}, 0x88) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000100000000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], &(0x7f0000000440)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x4) write(r2, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) 934.239314ms ago: executing program 3 (id=2080): socket$inet_tcp(0x2, 0x1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000180)) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x0, 0x0, 0x0, 0x4, 0xbe, &(0x7f000000cf3d)=""/190, 0x41100, 0x0, '\x00', 0x0, 0x21}, 0x90) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0xc7, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0x800}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) fcntl$setownex(0xffffffffffffffff, 0xf, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000440)='wlan0\x00', 0x10) sendto$inet(r1, 0x0, 0x0, 0x400c8c6, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10) sendto$inet(r1, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) close(0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10) 908.214426ms ago: executing program 1 (id=2081): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000180)=@name, 0x46) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) close(r0) sched_setscheduler(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) 581.873932ms ago: executing program 1 (id=2082): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00'}, 0x10) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001418) ioctl$TUNSETOFFLOAD(r0, 0x4004743c, 0x0) 576.189273ms ago: executing program 3 (id=2083): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180300000005000000000000000000001801000011af000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000838500000071000000180100002020752500000000806020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close(r2) socket(0x10, 0x803, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000180)={@empty, @empty, @val, {@arp={0x806, @generic={0x0, 0x0, 0x6, 0x0, 0x0, @link_local, "", @remote}}}}, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) write$cgroup_subtree(r1, &(0x7f0000000180)=ANY=[], 0x14) 474.027452ms ago: executing program 0 (id=2084): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x5, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000008000000850000002e000000a50000007d000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 357.296611ms ago: executing program 0 (id=2085): r0 = socket$tipc(0x1e, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000000000000130, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000005000000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) 189.179934ms ago: executing program 1 (id=2086): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b703000000006c288500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = socket(0x11, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'gre0\x00', 0x0}) bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r2, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000480)=ANY=[@ANYBLOB="0301140001296d290e3580009f0001140000002f0600ac141414e0000003808a8972bd0b72e410820c520f061fecfd00000000a4fe942a31f48597e36e039b1c599db6e466749c2d05f64c8303a0f7fbda34fb8825f80200e3e46304f7ff00ffffca88"], 0xdd12}, {&(0x7f0000000600)=ANY=[], 0x94}, {&(0x7f0000004d40)=ANY=[], 0x2264}], 0x3}, 0x0) 66.053785ms ago: executing program 0 (id=2087): sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6) ioctl$sock_bt_hci(r0, 0x400448c9, &(0x7f0000000000)="d7afa1a62119a2") r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYBLOB="0000000000000000b7080000020040007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_usb_connect$hid(0x0, 0x0, 0x0, &(0x7f0000000400)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x0, 0xc4, 0x4}, 0x15, 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file2\x00', 0x0, &(0x7f0000000140)=ANY=[], 0x1, 0x1217, &(0x7f00000006c0)="$eJzs3E1rY1UYB/CnmY7ptPZFHUdnFvqgG1dh2oULEaRIB6QBZZwKM4KQsamGXJPShEoG8WXl1g/hSly6E8Qv0I2fwV03LmchXpnEcSY1aoWYCv5+m/OQ8/xzz82FwA335PjlLz5o752LiH5U5uaish+RdzMyKnHfM9uj8eat7c16fet65rXNG+svZubKs9+9/dHXz33fX3rrm5Vvq3G09s7xTxs/Hl06unz8y433W71s9bLT7Wcjb3e7/cbtopm7rV67lvlG0Wz0mtnq9JoHY/N7RXd/f5CNzu7y4v5Bs9fLRmeQ7eYg+93sHwyy8V6j1clarZbLi8GfOv/3LTtf3S3LMqIsz8cjUZZleSEWYykejeVYiU8j4rF4PJ6Ii/FkXIqn4um4POyaxfIBAAAAAAAAAAAAAAAAAADg/+Ov9v+vxpr9/wAAAAAAAAAAAAAAAAAAADADb968tb1Zr29dz1yIKD4/3DmM0Tia39yLVhTRjKuxGj/HcPf/yKi+9lp962oOrcVnxSeHO/eS98Zz4/n14d8J/JafH87dz6+P8jmer8biw/mNWI2Lk4+/MTG/EC88/1C+Fqvxw7vRjSJ2h8d+kP94PfPV1+sn8leGfWOqM744AAAAMCW1/N3E+/daLT9cmjg/yv+D3wdO3F/Px5X5sz13InqDO+1GUTQPxouFP7yiuNOOudM1V/6lZVTiP/AhKKZTlNVhcWEKb1iNiKmv8Ky/mZiFBxf9FM1zM1gQAAAAAAAAAAAApzKVRwVf+jJi8tR8THiy7JWzOVUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5lB44FAAAAAIT5W6fRsQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwVAAD//+6hyEk=") 0s ago: executing program 4 (id=2088): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) close(0xffffffffffffffff) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x6, &(0x7f00000000c0)=0x20008) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bind$inet6(0xffffffffffffffff, &(0x7f0000d84000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000011c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000001200)={0x1d, r2}, 0x18) connect$can_j1939(r1, &(0x7f0000000080)={0x1d, r2}, 0x18) writev(r1, &(0x7f0000000240)=[{&(0x7f0000000000)='h', 0xfdef}], 0x1) kernel console output (not intermixed with test programs): 4][ T4276] usb 1-1: Product: syz [ 532.461154][ T4276] usb 1-1: Manufacturer: syz [ 532.474901][ T4276] usb 1-1: SerialNumber: syz [ 532.496139][ T4276] usb 1-1: config 0 descriptor?? [ 532.567998][ T4276] option 1-1:0.0: GSM modem (1-port) converter detected [ 532.771302][ T8247] usb 1-1: USB disconnect, device number 17 [ 532.785702][ T8247] option 1-1:0.0: device disconnected [ 533.058542][T11424] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 533.163208][T11424] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 533.200506][T11424] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 533.241845][T11424] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 533.620336][T11030] device hsr_slave_0 left promiscuous mode [ 533.630949][T11030] device hsr_slave_1 left promiscuous mode [ 533.644850][T11030] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 533.652983][T11030] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 533.669397][T11030] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 533.680947][T11030] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 533.719250][T11560] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1825'. [ 533.849430][T11030] device bridge_slave_1 left promiscuous mode [ 533.952905][T11030] bridge0: port 2(bridge_slave_1) entered disabled state [ 534.126757][T11030] device bridge_slave_0 left promiscuous mode [ 534.143991][ T3642] Bluetooth: hci0: command tx timeout [ 534.232072][T11030] bridge0: port 1(bridge_slave_0) entered disabled state [ 534.382818][T11030] device veth1_macvtap left promiscuous mode [ 534.399328][T11030] device veth0_macvtap left promiscuous mode [ 534.415690][T11030] device veth1_vlan left promiscuous mode [ 534.430208][T11030] device veth0_vlan left promiscuous mode [ 534.776542][ T3642] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 534.790834][ T3642] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 534.806665][ T3642] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 534.814791][ T3642] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 534.822502][ T3642] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 534.831307][ T3642] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 535.720293][T11030] team0 (unregistering): Port device team_slave_1 removed [ 535.811828][T11030] team0 (unregistering): Port device team_slave_0 removed [ 535.853539][T11577] loop4: detected capacity change from 0 to 512 [ 535.876781][T11030] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 535.925896][T11030] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 535.928908][T11577] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 535.956648][T11577] ext4 filesystem being mounted at /134/file0 supports timestamps until 2038 (0x7fffffff) [ 536.657429][T11030] bond0 (unregistering): Released all slaves [ 536.768421][T11558] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1826'. [ 536.894395][ T3642] Bluetooth: hci4: command tx timeout [ 536.917455][T11424] 8021q: adding VLAN 0 to HW filter on device bond0 [ 537.023401][T11424] 8021q: adding VLAN 0 to HW filter on device team0 [ 537.038705][ T4466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 537.050685][ T4466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 537.106633][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 537.123308][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 537.132178][ T3683] bridge0: port 1(bridge_slave_0) entered blocking state [ 537.139332][ T3683] bridge0: port 1(bridge_slave_0) entered forwarding state [ 537.158502][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 537.169606][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 537.186250][ T3683] bridge0: port 2(bridge_slave_1) entered blocking state [ 537.193390][ T3683] bridge0: port 2(bridge_slave_1) entered forwarding state [ 537.242991][ T3679] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 537.258133][ T3679] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 537.270832][ T3679] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 537.290310][ T3679] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 537.301741][ T3679] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 537.361211][ T4466] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 537.371854][ T4466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 537.403110][ T4466] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 537.528713][T11424] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 537.549725][T11424] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 537.563582][ T4276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 537.582862][ T4276] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 537.591967][ T4276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 537.593395][ T8036] EXT4-fs (loop4): unmounting filesystem. [ 537.610818][ T4276] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 537.619624][ T4276] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 537.701150][T11586] loop3: detected capacity change from 0 to 32768 [ 537.755094][T11586] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.1831 (11586) [ 537.830333][T11586] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 537.866792][T11569] chnl_net:caif_netlink_parms(): no params data found [ 537.894050][T11586] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 537.902761][T11586] BTRFS info (device loop3): setting nodatacow, compression disabled [ 537.967082][T11586] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8) [ 538.079149][T11586] BTRFS info (device loop3): force lzo compression, level 0 [ 538.106969][T11586] BTRFS info (device loop3): metadata ratio 8 [ 538.113100][T11586] BTRFS info (device loop3): doing ref verification [ 538.194146][T11586] BTRFS info (device loop3): metadata ratio 32769 [ 538.215931][T11586] BTRFS info (device loop3): turning off barriers [ 538.223675][T11586] BTRFS info (device loop3): enabling ssd optimizations [ 538.331823][T11586] BTRFS info (device loop3): using spread ssd allocation scheme [ 538.548723][T11586] BTRFS info (device loop3): turning on barriers [ 538.612303][T11569] bridge0: port 1(bridge_slave_0) entered blocking state [ 538.705051][T11586] BTRFS info (device loop3): using free space tree [ 538.781908][T11569] bridge0: port 1(bridge_slave_0) entered disabled state [ 538.895362][T11569] device bridge_slave_0 entered promiscuous mode [ 538.932833][T11569] bridge0: port 2(bridge_slave_1) entered blocking state [ 538.974099][ T3642] Bluetooth: hci4: command tx timeout [ 538.990606][T11569] bridge0: port 2(bridge_slave_1) entered disabled state [ 539.043652][T11569] device bridge_slave_1 entered promiscuous mode [ 539.158088][T11569] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 539.213670][T11569] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 539.303929][ T3731] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 539.311430][ T3731] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 539.443582][ T26] audit: type=1804 audit(1722071847.117:312): pid=11586 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1831" name="/newroot/121/bus/bus" dev="loop3" ino=263 res=1 errno=0 [ 539.501970][T11424] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 539.524255][ T26] audit: type=1804 audit(1722071847.157:313): pid=11586 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1831" name="/newroot/121/bus/bus" dev="loop3" ino=263 res=1 errno=0 [ 539.567617][T11569] team0: Port device team_slave_0 added [ 539.627485][T11569] team0: Port device team_slave_1 added [ 539.639030][ T26] audit: type=1804 audit(1722071847.157:314): pid=11586 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1831" name="/newroot/121/bus/bus" dev="loop3" ino=263 res=1 errno=0 [ 539.763258][ T26] audit: type=1804 audit(1722071847.207:315): pid=11586 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1831" name="/newroot/121/bus/bus" dev="loop3" ino=263 res=1 errno=0 [ 539.776068][ T8127] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 539.798557][T11569] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 539.822546][T11569] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 539.903998][T11569] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 540.145259][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 540.184614][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 540.194969][T11569] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 540.201937][T11569] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 540.284025][T11569] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 540.345511][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 540.362741][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 540.486216][T11424] device veth0_vlan entered promiscuous mode [ 540.526502][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 540.541916][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 540.609457][T11569] device hsr_slave_0 entered promiscuous mode [ 540.645305][T11569] device hsr_slave_1 entered promiscuous mode [ 540.666344][T11424] device veth1_vlan entered promiscuous mode [ 540.853981][ T4276] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 540.877370][T11424] device veth0_macvtap entered promiscuous mode [ 540.905202][T11424] device veth1_macvtap entered promiscuous mode [ 540.930866][T11424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 540.962760][T11424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.036099][T11424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 541.063259][ T3642] Bluetooth: hci4: command tx timeout [ 541.069392][T11424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.118530][T11424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 541.160034][T11424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.214400][T11424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 541.258811][T11424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.306192][T11424] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 541.331617][T11424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 541.376280][T11424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.427277][T11424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 541.455152][T11424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.465225][T11424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 541.476256][T11424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.486275][ T4276] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 0, changing to 7 [ 541.497132][ T4276] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 541.498962][T11424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 541.506871][ T4276] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 541.506896][ T4276] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 5, skipping [ 541.506918][ T4276] usb 1-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 541.705008][T11424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.862550][T11638] loop4: detected capacity change from 0 to 8192 [ 541.875549][T11424] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 541.957063][ T8247] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 542.001033][ T8247] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 542.014976][ T4276] usb 1-1: New USB device found, idVendor=1266, idProduct=1002, bcdDevice=ef.1e [ 542.089391][ T4276] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 542.167462][T11638] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 542.188482][ T4276] usb 1-1: Product: syz [ 542.192870][ T4276] usb 1-1: Manufacturer: syz [ 542.219646][ T4276] usb 1-1: SerialNumber: syz [ 542.279890][ T4276] usb 1-1: config 0 descriptor?? [ 542.324969][ T8247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 542.345948][ T4276] option 1-1:0.0: GSM modem (1-port) converter detected [ 542.354609][ T8247] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 542.376987][ T8247] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 542.386835][ T8247] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 542.399881][ T8247] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 542.410776][ T8247] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 542.422672][ T8247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 542.443114][T11424] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.488723][T11424] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.512727][T11424] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.530702][T11424] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.565549][ T3731] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 542.615965][ T4276] usb 1-1: USB disconnect, device number 18 [ 542.624617][ T4276] option 1-1:0.0: device disconnected [ 542.884074][T11569] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 543.118148][T11569] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 543.135449][ T3645] Bluetooth: hci4: command tx timeout [ 543.170189][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 543.191710][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 543.223378][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 543.351259][T11569] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 543.470981][ T9900] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 543.528679][ T9900] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 543.588183][T11569] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 543.640884][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 544.064426][T11569] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 544.115772][T11653] loop1: detected capacity change from 0 to 512 [ 544.194395][T11569] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 544.222342][T11569] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 544.285247][T11653] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 544.298640][T11653] ext4 filesystem being mounted at /1/file0 supports timestamps until 2038 (0x7fffffff) [ 544.311323][T11569] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 545.104317][T11424] EXT4-fs (loop1): unmounting filesystem. [ 545.788711][T11569] 8021q: adding VLAN 0 to HW filter on device bond0 [ 545.800484][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 545.824094][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 546.014566][T11569] 8021q: adding VLAN 0 to HW filter on device team0 [ 546.170685][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 546.199951][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 546.246661][ T3681] bridge0: port 1(bridge_slave_0) entered blocking state [ 546.253851][ T3681] bridge0: port 1(bridge_slave_0) entered forwarding state [ 546.340543][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 546.418151][T11681] syz.3.1848[11681] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 546.418607][T11681] syz.3.1848[11681] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 546.970202][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 546.974627][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88801835d400: rx timeout, send abort [ 546.982369][ T3681] bridge0: port 2(bridge_slave_1) entered blocking state [ 547.005091][ T3681] bridge0: port 2(bridge_slave_1) entered forwarding state [ 547.179893][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 547.192413][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 547.210469][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 547.221794][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 547.240096][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 547.374461][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 547.384964][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 547.401042][T11569] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 547.415684][T11569] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 547.467739][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 547.485670][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 547.489645][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88801835d400: abort rx timeout. Force session deactivation [ 547.498091][T11671] loop4: detected capacity change from 0 to 32768 [ 547.524813][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 547.564403][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 547.580722][T11671] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.1845 (11671) [ 547.642067][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 547.688657][T11671] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 547.714160][T11671] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 547.738188][T11671] BTRFS info (device loop4): setting nodatacow, compression disabled [ 547.749489][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 547.781662][T11671] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_LZO (0x8) [ 547.849641][T11671] BTRFS info (device loop4): force lzo compression, level 0 [ 547.875829][T11671] BTRFS info (device loop4): metadata ratio 8 [ 547.882155][T11671] BTRFS info (device loop4): doing ref verification [ 547.889266][T11671] BTRFS info (device loop4): metadata ratio 32769 [ 547.901919][T11671] BTRFS info (device loop4): turning off barriers [ 547.914060][ T8248] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 547.918201][T11697] loop0: detected capacity change from 0 to 512 [ 547.941887][T11671] BTRFS info (device loop4): enabling ssd optimizations [ 547.968686][T11671] BTRFS info (device loop4): using spread ssd allocation scheme [ 547.979473][T11671] BTRFS info (device loop4): turning on barriers [ 547.988444][T11697] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 547.997519][T11697] ext4 filesystem being mounted at /417/bus supports timestamps until 2038 (0x7fffffff) [ 548.062043][T11671] BTRFS info (device loop4): using free space tree [ 548.284291][ T8248] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 0, changing to 7 [ 548.346361][ T8248] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 548.372374][ T8248] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 548.420353][ T8248] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 5, skipping [ 548.441854][ T8248] usb 4-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 548.479342][ T8036] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 548.495276][T11030] device hsr_slave_0 left promiscuous mode [ 548.507574][T11030] device hsr_slave_1 left promiscuous mode [ 548.524889][T11030] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 548.532559][T11030] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 548.551884][T11030] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 548.564619][T11030] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 548.670513][ T8248] usb 4-1: New USB device found, idVendor=1266, idProduct=1002, bcdDevice=ef.1e [ 548.686886][ T8248] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 548.710777][ T8248] usb 4-1: Product: syz [ 548.727069][ T8248] usb 4-1: Manufacturer: syz [ 548.742887][ T8248] usb 4-1: SerialNumber: syz [ 548.773013][ T8248] usb 4-1: config 0 descriptor?? [ 548.794652][T11030] device bridge_slave_1 left promiscuous mode [ 548.807726][T11030] bridge0: port 2(bridge_slave_1) entered disabled state [ 548.815091][ T3641] EXT4-fs (loop0): unmounting filesystem. [ 548.830734][T11030] device bridge_slave_0 left promiscuous mode [ 548.838904][ T8248] option 4-1:0.0: GSM modem (1-port) converter detected [ 548.856477][T11030] bridge0: port 1(bridge_slave_0) entered disabled state [ 548.981411][T11030] device veth1_macvtap left promiscuous mode [ 549.000194][T11030] device veth0_macvtap left promiscuous mode [ 549.010812][T11030] device veth1_vlan left promiscuous mode [ 549.023822][T11030] device veth0_vlan left promiscuous mode [ 549.051548][ T8247] usb 4-1: USB disconnect, device number 20 [ 549.073742][ T8247] option 4-1:0.0: device disconnected [ 549.186174][T11731] loop4: detected capacity change from 0 to 8192 [ 549.209228][T11731] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 551.243226][T11030] team0 (unregistering): Port device team_slave_1 removed [ 551.384259][T11030] team0 (unregistering): Port device team_slave_0 removed [ 551.507368][T11030] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 551.625158][T11030] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 551.723389][T11754] loop0: detected capacity change from 0 to 32768 [ 551.752855][T11754] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.1863 (11754) [ 551.841333][T11754] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 551.860168][T11754] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 551.876173][T11754] BTRFS info (device loop0): setting nodatacow, compression disabled [ 551.889645][T11754] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 551.901603][T11754] BTRFS info (device loop0): force lzo compression, level 0 [ 551.913590][T11754] BTRFS info (device loop0): metadata ratio 8 [ 551.928848][T11754] BTRFS info (device loop0): doing ref verification [ 551.937750][T11754] BTRFS info (device loop0): metadata ratio 32769 [ 551.950572][T11754] BTRFS info (device loop0): turning off barriers [ 551.960638][T11754] BTRFS info (device loop0): enabling ssd optimizations [ 551.973708][T11754] BTRFS info (device loop0): using spread ssd allocation scheme [ 551.983087][T11754] BTRFS info (device loop0): turning on barriers [ 551.996596][T11754] BTRFS info (device loop0): using free space tree [ 552.238289][ T26] audit: type=1804 audit(1722071859.917:316): pid=11754 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1863" name="/newroot/425/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 552.311186][ T26] audit: type=1804 audit(1722071859.987:317): pid=11754 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1863" name="/newroot/425/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 552.387084][ T26] audit: type=1804 audit(1722071860.057:318): pid=11754 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1863" name="/newroot/425/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 552.442283][ T26] audit: type=1804 audit(1722071860.107:319): pid=11754 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1863" name="/newroot/425/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 552.672456][ T3641] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 553.395183][T11030] bond0 (unregistering): Released all slaves [ 553.774125][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 553.781710][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 553.808048][T11569] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 553.873420][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 553.890558][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 553.952722][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 553.964908][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 553.992922][T11569] device veth0_vlan entered promiscuous mode [ 554.010134][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 554.028202][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 554.062746][T11569] device veth1_vlan entered promiscuous mode [ 554.108550][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 554.132516][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 554.142035][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 554.168471][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 554.203591][T11569] device veth0_macvtap entered promiscuous mode [ 554.272217][T11569] device veth1_macvtap entered promiscuous mode [ 554.313412][T11569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 554.333520][T11569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 554.358724][T11569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 554.376024][T11569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 554.392368][T11569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 554.410115][T11569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 554.420741][T11569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 554.439624][T11569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 554.459159][T11569] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 554.516684][T11797] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 554.535916][ T4466] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 554.574907][ T4466] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 554.698645][ T8248] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 555.135295][ T8248] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 0, changing to 7 [ 555.168373][ T8248] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 555.227246][ T4466] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 555.236094][ T4466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 555.264306][ T8248] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 555.281624][ T8248] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 6, skipping [ 555.293989][ T8248] usb 4-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 555.333165][T11569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 555.356587][T11569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 555.373413][T11569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 555.403952][T11569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 555.426634][T11569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 555.440034][T11569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 555.452361][T11569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 555.471517][T11569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 555.491637][T11569] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 555.514241][ T8248] usb 4-1: New USB device found, idVendor=1266, idProduct=1002, bcdDevice=ef.1e [ 555.526482][ T8248] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.546230][ T8248] usb 4-1: Product: syz [ 555.554069][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 555.554968][ T8248] usb 4-1: Manufacturer: syz [ 555.562766][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 555.580075][ T8248] usb 4-1: SerialNumber: syz [ 555.626740][ T8248] usb 4-1: config 0 descriptor?? [ 555.633255][T11569] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 555.662049][T11811] syz.0.1872 (11811) used obsolete PPPIOCDETACH ioctl [ 555.676358][T11795] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 555.707442][T11569] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 555.717188][ T8248] option 4-1:0.0: GSM modem (1-port) converter detected [ 555.744921][T11569] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 555.767940][T11569] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 555.955597][ T8247] usb 4-1: USB disconnect, device number 21 [ 555.994428][ T8247] option 4-1:0.0: device disconnected [ 556.075385][ T3785] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 556.098322][ T3785] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 556.167252][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 556.185003][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 556.205744][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 556.247748][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 556.478320][T11814] loop4: detected capacity change from 0 to 32768 [ 556.544445][T11814] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.1876 (11814) [ 556.632495][T11814] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 556.663076][T11817] loop0: detected capacity change from 0 to 8192 [ 556.694550][T11814] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 556.703260][T11814] BTRFS info (device loop4): setting nodatacow, compression disabled [ 556.710025][T11817] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 556.746229][T11814] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_LZO (0x8) [ 556.780674][T11814] BTRFS info (device loop4): force lzo compression, level 0 [ 556.798594][T11814] BTRFS info (device loop4): metadata ratio 8 [ 556.850431][T11814] BTRFS info (device loop4): doing ref verification [ 556.881930][T11814] BTRFS info (device loop4): metadata ratio 32769 [ 556.915532][T11814] BTRFS info (device loop4): turning off barriers [ 556.941246][T11814] BTRFS info (device loop4): enabling ssd optimizations [ 556.969285][T11814] BTRFS info (device loop4): using spread ssd allocation scheme [ 556.995989][T11814] BTRFS info (device loop4): turning on barriers [ 557.028785][T11814] BTRFS info (device loop4): using free space tree [ 557.370811][ T26] audit: type=1804 audit(1722071865.037:320): pid=11814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1876" name="/newroot/146/bus/bus" dev="loop4" ino=263 res=1 errno=0 [ 557.732535][ T26] audit: type=1804 audit(1722071865.107:321): pid=11814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1876" name="/newroot/146/bus/bus" dev="loop4" ino=263 res=1 errno=0 [ 557.895869][ T26] audit: type=1804 audit(1722071865.107:322): pid=11814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1876" name="/newroot/146/bus/bus" dev="loop4" ino=263 res=1 errno=0 [ 557.992725][ T26] audit: type=1804 audit(1722071865.137:323): pid=11814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1876" name="/newroot/146/bus/bus" dev="loop4" ino=263 res=1 errno=0 [ 558.042236][ T8036] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 558.113764][ T26] audit: type=1804 audit(1722071865.207:324): pid=11841 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1876" name="/newroot/146/bus/bus" dev="loop4" ino=263 res=1 errno=0 [ 558.424298][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.430936][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.437541][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.444090][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.450598][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.457146][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.463658][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.470205][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.476766][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.483297][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.489831][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.496367][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.502968][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.509496][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.516030][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.522538][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.529066][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.535599][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.542107][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.548632][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.555160][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.561697][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.568267][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.574842][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.581380][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.587918][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.594476][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.600989][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.607519][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.614059][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.620570][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 558.627095][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 559.383603][ C1] vxcan0: j1939_tp_rxtimer: 0xffff888075481000: rx timeout, send abort [ 559.891981][ C1] vxcan0: j1939_tp_rxtimer: 0xffff888075481000: abort rx timeout. Force session deactivation [ 559.941203][T11030] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.990771][ T3645] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 560.014717][ T3645] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 560.025811][ T3645] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 560.037986][ T3645] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 560.047376][ T3645] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 560.055160][ T3645] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 560.177911][T11030] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 560.327535][T11030] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 560.394052][ T3888] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 560.528302][T11030] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 560.826050][ T3888] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 0, changing to 7 [ 560.840765][ T3888] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 560.850995][ T3888] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 560.862033][ T3888] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 6, skipping [ 560.873443][ T3888] usb 4-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 561.035018][T11870] chnl_net:caif_netlink_parms(): no params data found [ 561.064176][ T3888] usb 4-1: New USB device found, idVendor=1266, idProduct=1002, bcdDevice=ef.1e [ 561.084844][ T3888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 561.113977][ T3888] usb 4-1: Product: syz [ 561.118403][ T3888] usb 4-1: Manufacturer: syz [ 561.123010][ T3888] usb 4-1: SerialNumber: syz [ 561.196247][ T3888] usb 4-1: config 0 descriptor?? [ 561.244363][T11876] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 561.295657][ T3888] option 4-1:0.0: GSM modem (1-port) converter detected [ 561.514447][ T3888] usb 4-1: USB disconnect, device number 22 [ 561.544451][ T3888] option 4-1:0.0: device disconnected [ 561.740302][T11870] bridge0: port 1(bridge_slave_0) entered blocking state [ 561.754268][T11870] bridge0: port 1(bridge_slave_0) entered disabled state [ 561.762421][T11870] device bridge_slave_0 entered promiscuous mode [ 561.806758][T11870] bridge0: port 2(bridge_slave_1) entered blocking state [ 561.843372][T11870] bridge0: port 2(bridge_slave_1) entered disabled state [ 561.875715][T11870] device bridge_slave_1 entered promiscuous mode [ 561.980406][T11870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 562.076435][T11870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 562.095258][ T3642] Bluetooth: hci4: command tx timeout [ 562.340176][T11870] team0: Port device team_slave_0 added [ 562.374603][T11870] team0: Port device team_slave_1 added [ 562.490834][T11896] loop4: detected capacity change from 0 to 32768 [ 562.503252][T11870] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 562.522312][T11896] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.1892 (11896) [ 562.531214][T11870] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 562.597645][T11896] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 562.627395][T11896] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 562.647251][T11870] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 562.671083][T11896] BTRFS info (device loop4): setting nodatacow, compression disabled [ 562.690708][T11908] loop1: detected capacity change from 0 to 8192 [ 562.718056][T11896] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_LZO (0x8) [ 562.751861][T11870] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 562.766971][T11896] BTRFS info (device loop4): force lzo compression, level 0 [ 562.782560][T11870] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 562.788902][T11908] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 562.820248][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.826666][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.854331][T11896] BTRFS info (device loop4): metadata ratio 8 [ 562.875419][T11896] BTRFS info (device loop4): doing ref verification [ 562.899135][T11896] BTRFS info (device loop4): metadata ratio 32769 [ 562.931652][T11896] BTRFS info (device loop4): turning off barriers [ 562.939586][T11870] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 562.973767][T11896] BTRFS info (device loop4): enabling ssd optimizations [ 563.001185][T11896] BTRFS info (device loop4): using spread ssd allocation scheme [ 563.053650][T11896] BTRFS info (device loop4): turning on barriers [ 563.084055][T11896] BTRFS info (device loop4): using free space tree [ 563.305926][T11870] device hsr_slave_0 entered promiscuous mode [ 563.337455][T11870] device hsr_slave_1 entered promiscuous mode [ 563.425833][T11870] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 563.433443][T11870] Cannot create hsr debugfs directory [ 563.540566][ T26] audit: type=1804 audit(1722071871.217:325): pid=11896 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1892" name="/newroot/148/bus/bus" dev="loop4" ino=263 res=1 errno=0 [ 563.644126][ T26] audit: type=1804 audit(1722071871.267:326): pid=11896 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1892" name="/newroot/148/bus/bus" dev="loop4" ino=263 res=1 errno=0 [ 563.754002][ T26] audit: type=1804 audit(1722071871.267:327): pid=11896 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1892" name="/newroot/148/bus/bus" dev="loop4" ino=263 res=1 errno=0 [ 563.836331][ T26] audit: type=1804 audit(1722071871.287:328): pid=11896 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1892" name="/newroot/148/bus/bus" dev="loop4" ino=263 res=1 errno=0 [ 563.849605][ T8036] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 564.174153][ T3642] Bluetooth: hci4: command tx timeout [ 564.591691][T11030] device hsr_slave_0 left promiscuous mode [ 564.632904][T11030] device hsr_slave_1 left promiscuous mode [ 564.660932][T11030] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 564.694097][T11030] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 564.720241][T11030] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 564.755471][T11030] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 564.784122][T11030] device bridge_slave_1 left promiscuous mode [ 564.809257][T11030] bridge0: port 2(bridge_slave_1) entered disabled state [ 564.841218][T11030] device bridge_slave_0 left promiscuous mode [ 564.869499][T11030] bridge0: port 1(bridge_slave_0) entered disabled state [ 564.995993][T11030] device veth1_macvtap left promiscuous mode [ 565.018671][T11030] device veth0_macvtap left promiscuous mode [ 565.054257][T11030] device veth1_vlan left promiscuous mode [ 565.082660][T11030] device veth0_vlan left promiscuous mode [ 566.160827][ T3683] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 566.268912][ T3642] Bluetooth: hci4: command tx timeout [ 566.646333][ T3683] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 0, changing to 7 [ 566.663193][ T3683] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 566.698912][ T3683] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 566.725270][ T3683] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 6, skipping [ 566.750568][ T3683] usb 1-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 567.062631][ T3683] usb 1-1: New USB device found, idVendor=1266, idProduct=1002, bcdDevice=ef.1e [ 567.082406][ T3683] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.093200][ T3683] usb 1-1: Product: syz [ 567.106606][ T3683] usb 1-1: Manufacturer: syz [ 567.126815][ T3683] usb 1-1: SerialNumber: syz [ 567.137788][ T3683] usb 1-1: config 0 descriptor?? [ 567.177151][T11980] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 567.209963][ T3683] option 1-1:0.0: GSM modem (1-port) converter detected [ 567.381411][T11030] team0 (unregistering): Port device team_slave_1 removed [ 567.461179][ T3888] usb 1-1: USB disconnect, device number 19 [ 567.484103][ T3888] option 1-1:0.0: device disconnected [ 567.512734][T11030] team0 (unregistering): Port device team_slave_0 removed [ 567.651617][T11998] loop4: detected capacity change from 0 to 32768 [ 567.675180][T11030] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 567.693055][T11998] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.1912 (11998) [ 567.761722][T11998] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 567.802161][T11030] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 567.835353][T11998] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 567.865950][T11998] BTRFS info (device loop4): setting nodatacow, compression disabled [ 567.886069][T11998] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_LZO (0x8) [ 567.909373][T11998] BTRFS info (device loop4): force lzo compression, level 0 [ 567.923439][T11998] BTRFS info (device loop4): metadata ratio 8 [ 567.945048][T11998] BTRFS info (device loop4): doing ref verification [ 567.962892][T11998] BTRFS info (device loop4): metadata ratio 32769 [ 567.971154][T11998] BTRFS info (device loop4): turning off barriers [ 567.992676][T11998] BTRFS info (device loop4): enabling ssd optimizations [ 568.005281][T11998] BTRFS info (device loop4): using spread ssd allocation scheme [ 568.027916][T11998] BTRFS info (device loop4): turning on barriers [ 568.036871][T11998] BTRFS info (device loop4): using free space tree [ 568.250182][T12008] loop3: detected capacity change from 0 to 8192 [ 568.261704][T12008] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 568.334051][ T3642] Bluetooth: hci4: command tx timeout [ 568.378851][ T26] audit: type=1804 audit(1722071876.057:329): pid=11998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1912" name="/newroot/153/bus/bus" dev="loop4" ino=263 res=1 errno=0 [ 568.470489][ T26] audit: type=1804 audit(1722071876.117:330): pid=11998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1912" name="/newroot/153/bus/bus" dev="loop4" ino=263 res=1 errno=0 [ 568.497006][ T26] audit: type=1804 audit(1722071876.117:331): pid=11998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1912" name="/newroot/153/bus/bus" dev="loop4" ino=263 res=1 errno=0 [ 568.522294][ T26] audit: type=1804 audit(1722071876.167:332): pid=12032 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1912" name="/newroot/153/bus/bus" dev="loop4" ino=263 res=1 errno=0 [ 568.780632][ T8036] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 569.246446][T11030] bond0 (unregistering): Released all slaves [ 571.113320][T11870] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 571.155781][T11870] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 571.226131][T11870] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 571.275405][T11870] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 571.323985][ T3683] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 571.594841][T11870] 8021q: adding VLAN 0 to HW filter on device bond0 [ 571.636761][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 571.655048][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 571.666132][T11870] 8021q: adding VLAN 0 to HW filter on device team0 [ 571.735203][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 571.748984][ T3683] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 571.756508][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 571.782108][ T3683] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 236, changing to 11 [ 571.794388][ T3680] bridge0: port 1(bridge_slave_0) entered blocking state [ 571.801525][ T3680] bridge0: port 1(bridge_slave_0) entered forwarding state [ 571.829752][ T3683] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 18251, setting to 1024 [ 571.846838][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 571.871135][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 571.873937][ T3683] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 571.934926][ T3680] bridge0: port 2(bridge_slave_1) entered blocking state [ 571.942060][ T3680] bridge0: port 2(bridge_slave_1) entered forwarding state [ 571.978766][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 571.996911][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 572.067881][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 572.078047][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 572.097710][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 572.119673][ T3683] usb 5-1: New USB device found, idVendor=1266, idProduct=1002, bcdDevice=ef.1e [ 572.124691][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 572.133918][ T3683] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 572.173932][ T3683] usb 5-1: Product: syz [ 572.176220][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 572.178168][ T3683] usb 5-1: Manufacturer: syz [ 572.214717][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 572.222332][ T3683] usb 5-1: SerialNumber: syz [ 572.223175][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 572.268569][ T3683] usb 5-1: config 0 descriptor?? [ 572.295011][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 572.303602][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 572.314471][T12073] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 572.338484][ T3683] option 5-1:0.0: GSM modem (1-port) converter detected [ 572.345555][T11870] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 572.350605][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 572.494672][T12080] loop3: detected capacity change from 0 to 32768 [ 572.548948][T12080] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.1929 (12080) [ 572.590614][ T3683] usb 5-1: USB disconnect, device number 18 [ 572.602287][ T3683] option 5-1:0.0: device disconnected [ 572.701760][T12080] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 572.760734][T12080] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 572.791725][T12080] BTRFS info (device loop3): setting nodatacow, compression disabled [ 572.834113][T12080] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8) [ 572.889276][T12080] BTRFS info (device loop3): force lzo compression, level 0 [ 572.937576][T12080] BTRFS info (device loop3): metadata ratio 8 [ 572.943772][T12080] BTRFS info (device loop3): doing ref verification [ 572.981635][T12080] BTRFS info (device loop3): metadata ratio 32769 [ 572.988425][T12080] BTRFS info (device loop3): turning off barriers [ 573.012037][T12080] BTRFS info (device loop3): enabling ssd optimizations [ 573.033402][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 573.044809][T12080] BTRFS info (device loop3): using spread ssd allocation scheme [ 573.052493][T12080] BTRFS info (device loop3): turning on barriers [ 573.061437][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 573.098793][T11870] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 573.111216][T12080] BTRFS info (device loop3): using free space tree [ 573.236172][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 573.269744][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 573.351436][T11870] device veth0_vlan entered promiscuous mode [ 573.373034][T11870] device veth1_vlan entered promiscuous mode [ 573.385469][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 573.397797][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 573.406542][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 573.417767][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 573.427247][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 573.452381][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 573.462177][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 573.492665][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 573.511205][T11870] device veth0_macvtap entered promiscuous mode [ 573.541884][T11870] device veth1_macvtap entered promiscuous mode [ 573.651318][ T26] audit: type=1804 audit(1722071881.327:333): pid=12080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1929" name="/newroot/145/bus/bus" dev="loop3" ino=263 res=1 errno=0 [ 573.659947][T11870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 573.719563][T11870] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 573.744594][T11870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 573.760983][T11870] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 573.772674][T11870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 573.788009][ T26] audit: type=1804 audit(1722071881.387:334): pid=12125 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1929" name="/newroot/145/bus/bus" dev="loop3" ino=263 res=1 errno=0 [ 573.831859][T11870] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 573.883223][T11870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 573.899642][ T26] audit: type=1804 audit(1722071881.387:335): pid=12080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1929" name="/newroot/145/bus/bus" dev="loop3" ino=263 res=1 errno=0 [ 573.921615][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 574.074656][T11870] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 574.115483][T11870] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 574.122780][ T26] audit: type=1804 audit(1722071881.437:336): pid=12125 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1929" name="/newroot/145/bus/bus" dev="loop3" ino=263 res=1 errno=0 [ 574.211442][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 574.214884][ T8127] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 574.224913][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 574.249922][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 574.279990][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 574.301988][T11870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 574.353947][T11870] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 574.363831][T11870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 574.487528][T11870] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 574.498531][T11870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 574.509354][T11870] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 574.519975][T11870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 574.531248][T11870] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 574.569562][T11870] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 574.597845][T11870] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 574.639309][T11870] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 574.664601][T11870] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 574.678232][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88805a188800: rx timeout, send abort [ 574.729321][T11870] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 574.807705][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 574.838733][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 575.156443][ T102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 575.183285][ T102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 575.186623][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88805a188800: abort rx timeout. Force session deactivation [ 575.272130][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 575.301406][ T4078] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 575.329262][ T4078] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 575.407632][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 575.550190][T12146] loop4: detected capacity change from 0 to 8192 [ 575.702254][T12146] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 575.804297][ T3686] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 576.394151][ T3686] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 576.424246][ T3686] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 236, changing to 11 [ 576.464100][ T3686] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 18251, setting to 1024 [ 576.504842][ T3686] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 576.726161][ T3686] usb 1-1: New USB device found, idVendor=1266, idProduct=1002, bcdDevice=ef.1e [ 576.747415][ T3686] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 576.765796][ T3686] usb 1-1: Product: syz [ 576.770785][ T3686] usb 1-1: Manufacturer: syz [ 576.790322][ T3686] usb 1-1: SerialNumber: syz [ 576.826715][ T3686] usb 1-1: config 0 descriptor?? [ 576.854694][T12161] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 576.890784][ T3686] option 1-1:0.0: GSM modem (1-port) converter detected [ 577.108200][ T3680] usb 1-1: USB disconnect, device number 20 [ 577.128057][ T3680] option 1-1:0.0: device disconnected [ 577.604583][ T3904] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 577.619319][T12185] loop3: detected capacity change from 0 to 32768 [ 577.700798][T12185] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.1946 (12185) [ 577.806984][T12185] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 577.858122][T12185] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 577.888475][T12185] BTRFS info (device loop3): setting nodatacow, compression disabled [ 577.918776][T12185] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8) [ 577.959240][T12185] BTRFS info (device loop3): force lzo compression, level 0 [ 577.979558][T12185] BTRFS info (device loop3): metadata ratio 8 [ 577.995281][T12185] BTRFS info (device loop3): doing ref verification [ 578.003369][T12185] BTRFS info (device loop3): metadata ratio 32769 [ 578.023572][T12185] BTRFS info (device loop3): turning off barriers [ 578.050309][T12185] BTRFS info (device loop3): enabling ssd optimizations [ 578.067811][T12185] BTRFS info (device loop3): using spread ssd allocation scheme [ 578.086054][T12185] BTRFS info (device loop3): turning on barriers [ 578.092595][T12185] BTRFS info (device loop3): using free space tree [ 578.160842][ T3904] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 578.274376][ T3904] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 578.414553][ T3904] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 578.470347][ T26] audit: type=1804 audit(1722071886.147:337): pid=12185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1946" name="/newroot/149/bus/bus" dev="loop3" ino=263 res=1 errno=0 [ 578.570564][ T26] audit: type=1804 audit(1722071886.187:338): pid=12185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1946" name="/newroot/149/bus/bus" dev="loop3" ino=263 res=1 errno=0 [ 578.703954][ T26] audit: type=1804 audit(1722071886.187:339): pid=12185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1946" name="/newroot/149/bus/bus" dev="loop3" ino=263 res=1 errno=0 [ 578.774305][ T26] audit: type=1804 audit(1722071886.227:340): pid=12185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1946" name="/newroot/149/bus/bus" dev="loop3" ino=263 res=1 errno=0 [ 578.852618][ T8127] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 579.826983][ T3642] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 579.842384][ T3642] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 579.851239][ T3642] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 579.866201][ T3642] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 579.874384][ T3642] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 579.892710][ T3642] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 580.299275][ T3681] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 580.694668][ T3681] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 580.734050][ T3681] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 236, changing to 11 [ 580.957126][ T3681] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 18251, setting to 1024 [ 580.968380][ T3681] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 581.105703][T12261] chnl_net:caif_netlink_parms(): no params data found [ 581.194202][ T3681] usb 4-1: New USB device found, idVendor=1266, idProduct=1002, bcdDevice=ef.1e [ 581.203294][ T3681] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 581.231807][ T3681] usb 4-1: Product: syz [ 581.243975][ T3681] usb 4-1: Manufacturer: syz [ 581.258843][ T3681] usb 4-1: SerialNumber: syz [ 581.271519][ T3904] device hsr_slave_0 left promiscuous mode [ 581.304751][ T3681] usb 4-1: config 0 descriptor?? [ 581.324284][T12270] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 581.346054][ T3681] option 4-1:0.0: GSM modem (1-port) converter detected [ 581.374410][ T3904] device hsr_slave_1 left promiscuous mode [ 581.414329][ T3904] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 581.443165][ T3904] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 581.452278][ T3904] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 581.467620][ T3904] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 581.496994][ T3904] device bridge_slave_1 left promiscuous mode [ 581.517884][ T3904] bridge0: port 2(bridge_slave_1) entered disabled state [ 581.555434][ T3904] device bridge_slave_0 left promiscuous mode [ 581.560496][ T3681] usb 4-1: USB disconnect, device number 23 [ 581.567267][ T3904] bridge0: port 1(bridge_slave_0) entered disabled state [ 581.584008][ T3681] option 4-1:0.0: device disconnected [ 581.666565][T12279] loop4: detected capacity change from 0 to 32768 [ 581.703224][ T3627] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by udevd (3627) [ 581.715654][ T3904] device veth1_macvtap left promiscuous mode [ 581.721799][ T3904] device veth0_macvtap left promiscuous mode [ 581.744553][ T3904] device veth1_vlan left promiscuous mode [ 581.763202][ T3904] device veth0_vlan left promiscuous mode [ 581.773209][T12279] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 581.802443][T12279] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 581.838577][T12279] BTRFS info (device loop4): setting nodatacow, compression disabled [ 581.882729][T12279] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_LZO (0x8) [ 581.895017][T12279] BTRFS info (device loop4): force lzo compression, level 0 [ 581.912718][T12279] BTRFS info (device loop4): metadata ratio 8 [ 581.932926][T12279] BTRFS info (device loop4): doing ref verification [ 581.963327][T12279] BTRFS info (device loop4): metadata ratio 32769 [ 581.979664][T12297] loop0: detected capacity change from 0 to 8192 [ 581.996724][T12279] BTRFS info (device loop4): turning off barriers [ 582.025452][T12279] BTRFS info (device loop4): enabling ssd optimizations [ 582.037511][T12279] BTRFS info (device loop4): using spread ssd allocation scheme [ 582.074282][T12297] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 582.086352][T12279] BTRFS info (device loop4): turning on barriers [ 582.095389][T12279] BTRFS info (device loop4): using free space tree [ 582.114014][ T3645] Bluetooth: hci4: command tx timeout [ 582.523320][ T26] audit: type=1804 audit(1722071890.197:341): pid=12279 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1961" name="/newroot/164/bus/bus" dev="loop4" ino=263 res=1 errno=0 [ 582.669455][ T26] audit: type=1804 audit(1722071890.287:342): pid=12329 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1961" name="/newroot/164/bus/bus" dev="loop4" ino=263 res=1 errno=0 [ 582.768373][ T26] audit: type=1804 audit(1722071890.287:343): pid=12279 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1961" name="/newroot/164/bus/bus" dev="loop4" ino=263 res=1 errno=0 [ 582.824157][T12279] loop4: detected capacity change from 32768 to 0 [ 582.883599][ T26] audit: type=1804 audit(1722071890.337:344): pid=12329 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1961" name="/newroot/164/bus/bus" dev="loop4" ino=263 res=1 errno=0 [ 583.182939][ T8036] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 584.175976][ T3645] Bluetooth: hci4: command tx timeout [ 584.210138][ T3904] team0 (unregistering): Port device team_slave_1 removed [ 584.391039][ T3904] team0 (unregistering): Port device team_slave_0 removed [ 584.491585][ T3904] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 584.591853][ T3904] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 585.253351][ T3904] bond0 (unregistering): Released all slaves [ 585.778376][T12261] bridge0: port 1(bridge_slave_0) entered blocking state [ 585.802715][T12261] bridge0: port 1(bridge_slave_0) entered disabled state [ 585.842444][T12261] device bridge_slave_0 entered promiscuous mode [ 585.859232][T12261] bridge0: port 2(bridge_slave_1) entered blocking state [ 585.878398][T12261] bridge0: port 2(bridge_slave_1) entered disabled state [ 585.895105][T12261] device bridge_slave_1 entered promiscuous mode [ 585.924149][ T3788] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 585.975699][T12261] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 586.016695][T12261] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 586.183007][T12261] team0: Port device team_slave_0 added [ 586.256511][ T3645] Bluetooth: hci4: command tx timeout [ 586.273460][T12261] team0: Port device team_slave_1 added [ 586.284356][ T3788] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 586.300725][ T3788] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 586.311446][ T3788] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 236, changing to 11 [ 586.322807][ T3788] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 18251, setting to 1024 [ 586.342776][ T3788] usb 2-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 586.368250][T12261] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 586.383086][T12261] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 586.428005][T12261] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 586.432357][T12363] loop0: detected capacity change from 0 to 32768 [ 586.450856][T12261] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 586.480239][T12261] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 586.510307][T12363] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.1976 (12363) [ 586.547471][ T3788] usb 2-1: New USB device found, idVendor=1266, idProduct=1002, bcdDevice=ef.1e [ 586.566842][T12261] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 586.580248][ T3788] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 586.607109][ T3788] usb 2-1: Product: syz [ 586.611605][ T3788] usb 2-1: Manufacturer: syz [ 586.626166][ T3788] usb 2-1: SerialNumber: syz [ 586.643358][ T3788] usb 2-1: config 0 descriptor?? [ 586.682930][T12359] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 586.700442][T12363] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 586.716171][ T3788] option 2-1:0.0: GSM modem (1-port) converter detected [ 586.731829][T12363] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 586.805891][T12363] BTRFS info (device loop0): setting nodatacow, compression disabled [ 586.834192][T12363] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 586.864200][T12363] BTRFS info (device loop0): force lzo compression, level 0 [ 586.892399][T12363] BTRFS info (device loop0): metadata ratio 8 [ 586.902518][T12363] BTRFS info (device loop0): doing ref verification [ 586.931051][ T4274] usb 2-1: USB disconnect, device number 10 [ 586.938189][T12261] device hsr_slave_0 entered promiscuous mode [ 586.964997][ T4274] option 2-1:0.0: device disconnected [ 586.970747][T12363] BTRFS info (device loop0): metadata ratio 32769 [ 586.987185][T12363] BTRFS info (device loop0): turning off barriers [ 587.004412][T12261] device hsr_slave_1 entered promiscuous mode [ 587.024044][T12363] BTRFS info (device loop0): enabling ssd optimizations [ 587.054218][T12363] BTRFS info (device loop0): using spread ssd allocation scheme [ 587.089938][T12363] BTRFS info (device loop0): turning on barriers [ 587.120770][T12363] BTRFS info (device loop0): using free space tree [ 587.417310][ T26] audit: type=1804 audit(1722071895.097:345): pid=12363 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1976" name="/newroot/455/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 587.528702][ T26] audit: type=1804 audit(1722071895.147:346): pid=12363 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1976" name="/newroot/455/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 587.643948][ T26] audit: type=1804 audit(1722071895.147:347): pid=12363 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1976" name="/newroot/455/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 587.699667][T12363] loop0: detected capacity change from 32768 to 0 [ 587.722294][ T26] audit: type=1804 audit(1722071895.197:348): pid=12406 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1976" name="/newroot/455/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 587.979230][ T3641] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 588.334073][ T3645] Bluetooth: hci4: command tx timeout [ 588.522987][T12261] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 588.596490][T12261] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 588.646956][T12261] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 588.666761][T12261] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 589.031590][T12261] 8021q: adding VLAN 0 to HW filter on device bond0 [ 589.116356][ T8353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 589.133583][ T8353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 589.177904][T12261] 8021q: adding VLAN 0 to HW filter on device team0 [ 589.215896][ T8353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 589.256513][ T8353] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 589.296499][ T8353] bridge0: port 1(bridge_slave_0) entered blocking state [ 589.303645][ T8353] bridge0: port 1(bridge_slave_0) entered forwarding state [ 589.382824][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 589.393503][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 589.430407][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 589.439071][T12424] loop3: detected capacity change from 0 to 8192 [ 589.464447][ T3890] bridge0: port 2(bridge_slave_1) entered blocking state [ 589.471611][ T3890] bridge0: port 2(bridge_slave_1) entered forwarding state [ 589.514474][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 589.580953][T12424] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 589.584859][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 589.717402][T12261] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 589.761005][T12261] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 589.822336][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 589.842626][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 589.872314][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 589.923365][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 589.973606][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 589.991606][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 590.031944][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 590.072430][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 590.103162][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 590.153833][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 590.708073][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 590.719079][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 590.769973][T12261] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 590.889818][ T8353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 590.901801][ T8353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 590.953242][ T8353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 590.995589][ T8353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 591.031878][T12261] device veth0_vlan entered promiscuous mode [ 591.053185][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 591.062806][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 591.103996][T12261] device veth1_vlan entered promiscuous mode [ 591.200985][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 591.238020][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 591.265153][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 591.300102][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 591.345474][T12261] device veth0_macvtap entered promiscuous mode [ 591.376810][T12261] device veth1_macvtap entered promiscuous mode [ 591.461583][T12261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 591.489397][T12261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 591.527400][T12261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 591.596226][T12261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 591.643516][T12261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 591.672012][T12261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 591.724829][T12261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 591.810809][T12261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 591.871254][T12261] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 591.911023][ T8353] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 591.926089][ T8353] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 591.956578][ T8353] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 591.990832][ T8353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 592.008793][T12261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 592.039853][T12261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.064999][T12261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 592.093922][T12261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.129238][T12261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 592.149399][T12261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.172223][T12261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 592.203409][T12261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.245663][T12261] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 592.276048][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 592.295572][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 592.317416][T12261] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 592.336957][T12261] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 592.361489][T12261] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 592.385004][T12261] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 592.442794][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88807c24f400: rx timeout, send abort [ 592.587710][ T3904] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 592.623853][ T3904] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 592.669852][ T4077] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 592.683406][ T8353] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 592.707400][ T4077] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 592.746133][ T8353] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 592.951167][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88807c24f400: abort rx timeout. Force session deactivation [ 593.537444][ T8248] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 593.607820][T12471] loop0: detected capacity change from 0 to 32768 [ 593.640591][T12471] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.1992 (12471) [ 593.673507][T12471] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 593.696751][T12471] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 593.714022][T12471] BTRFS info (device loop0): setting nodatacow, compression disabled [ 593.732353][T12471] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 593.782952][T12471] BTRFS info (device loop0): force lzo compression, level 0 [ 593.794820][T12471] BTRFS info (device loop0): metadata ratio 8 [ 593.802022][T12471] BTRFS info (device loop0): doing ref verification [ 593.845572][T12471] BTRFS info (device loop0): metadata ratio 32769 [ 593.852040][T12471] BTRFS info (device loop0): turning off barriers [ 593.870685][ T4078] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 593.904079][T12471] BTRFS info (device loop0): enabling ssd optimizations [ 593.911067][T12471] BTRFS info (device loop0): using spread ssd allocation scheme [ 593.917208][ T8248] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 593.947393][ T8248] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 593.969259][T12471] BTRFS info (device loop0): turning on barriers [ 593.981203][ T8248] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 236, changing to 11 [ 593.999291][T12471] BTRFS info (device loop0): using free space tree [ 594.023384][ T8248] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 18251, setting to 1024 [ 594.071788][ T8248] usb 4-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 594.264172][ T8248] usb 4-1: New USB device found, idVendor=1266, idProduct=1002, bcdDevice=ef.1e [ 594.304709][ T26] audit: type=1804 audit(1722071901.987:349): pid=12471 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1992" name="/newroot/459/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 594.309572][ T8248] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 594.357062][ T8248] usb 4-1: Product: syz [ 594.361632][ T8248] usb 4-1: Manufacturer: syz [ 594.368858][ T8248] usb 4-1: SerialNumber: syz [ 594.391603][ T8248] usb 4-1: config 0 descriptor?? [ 594.402183][ T26] audit: type=1804 audit(1722071902.037:350): pid=12471 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1992" name="/newroot/459/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 594.424596][T12475] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 594.447732][ T8248] option 4-1:0.0: GSM modem (1-port) converter detected [ 594.484287][T12471] loop0: detected capacity change from 32768 to 0 [ 594.487305][ T26] audit: type=1804 audit(1722071902.037:351): pid=12471 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1992" name="/newroot/459/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 594.542017][ T4078] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 594.566350][ T26] audit: type=1804 audit(1722071902.067:352): pid=12471 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1992" name="/newroot/459/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 594.655852][ T3641] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 594.678993][ T5631] usb 4-1: USB disconnect, device number 24 [ 594.705936][ T5631] option 4-1:0.0: device disconnected [ 595.016438][ T4078] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 595.122146][ T4078] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 595.870447][ T3642] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 595.880388][ T3642] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 595.948848][ T3642] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 595.963128][ T3642] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 595.984718][ T3642] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 595.993255][ T3642] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 597.167168][T12513] chnl_net:caif_netlink_parms(): no params data found [ 597.559732][T12536] loop1: detected capacity change from 0 to 512 [ 597.657094][T12536] EXT4-fs error (device loop1): ext4_orphan_get:1396: inode #15: comm syz.1.1999: casefold flag without casefold feature [ 597.695543][T12536] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #2: comm syz.1.1999: missing EA_INODE flag [ 597.774091][T12536] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.1999: error while reading EA inode 2 err=-117 [ 597.806971][T12536] EXT4-fs (loop1): 1 orphan inode deleted [ 597.813458][T12513] bridge0: port 1(bridge_slave_0) entered blocking state [ 597.825461][T12513] bridge0: port 1(bridge_slave_0) entered disabled state [ 597.841396][T12536] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 597.846128][T12544] loop4: detected capacity change from 0 to 8192 [ 597.871361][T12536] EXT4-fs (loop1): unmounting filesystem. [ 597.874018][T12513] device bridge_slave_0 entered promiscuous mode [ 597.910232][T12544] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 598.008303][T12536] loop1: detected capacity change from 0 to 128 [ 598.092545][T12513] bridge0: port 2(bridge_slave_1) entered blocking state [ 598.094201][ T3645] Bluetooth: hci4: command tx timeout [ 598.109107][T12513] bridge0: port 2(bridge_slave_1) entered disabled state [ 598.119099][ T3627] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 598.129298][T12536] loop1: detected capacity change from 0 to 512 [ 598.132687][T12513] device bridge_slave_1 entered promiscuous mode [ 598.197485][T12536] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 598.228569][T12536] EXT4-fs (loop1): 1 orphan inode deleted [ 598.234540][T12536] EXT4-fs (loop1): 1 truncate cleaned up [ 598.240202][T12536] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 598.257325][T12536] EXT4-fs (loop1): unmounting filesystem. [ 598.323429][ T4078] device hsr_slave_0 left promiscuous mode [ 598.366832][ T4078] device hsr_slave_1 left promiscuous mode [ 598.373607][ T4078] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 598.411006][ T4078] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 598.428420][ T4078] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 598.445215][ T4078] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 598.481498][ T4078] device bridge_slave_1 left promiscuous mode [ 598.536501][ T4078] bridge0: port 2(bridge_slave_1) entered disabled state [ 598.585409][ T4078] device bridge_slave_0 left promiscuous mode [ 598.602382][ T4078] bridge0: port 1(bridge_slave_0) entered disabled state [ 598.721788][ T4078] device veth1_macvtap left promiscuous mode [ 598.729768][ T4078] device veth0_macvtap left promiscuous mode [ 598.757879][ T4078] device veth1_vlan left promiscuous mode [ 598.783183][ T4078] device veth0_vlan left promiscuous mode [ 599.999208][T12567] loop0: detected capacity change from 0 to 32768 [ 600.017747][T12567] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.2004 (12567) [ 600.050671][T12567] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 600.080719][T12567] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 600.104662][T12567] BTRFS info (device loop0): setting nodatacow, compression disabled [ 600.113183][T12567] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 600.161892][T12567] BTRFS info (device loop0): force lzo compression, level 0 [ 600.174201][ T3645] Bluetooth: hci4: command tx timeout [ 600.204194][ T3731] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 600.213741][T12567] BTRFS info (device loop0): metadata ratio 8 [ 600.231960][T12567] BTRFS info (device loop0): doing ref verification [ 600.267289][T12567] BTRFS info (device loop0): metadata ratio 32769 [ 600.294420][T12567] BTRFS info (device loop0): turning off barriers [ 600.321749][T12567] BTRFS info (device loop0): enabling ssd optimizations [ 600.353662][T12567] BTRFS info (device loop0): using spread ssd allocation scheme [ 600.384734][T12567] BTRFS info (device loop0): turning on barriers [ 600.413574][T12567] BTRFS info (device loop0): using free space tree [ 600.674841][ T3731] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 600.768601][ T3731] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 600.856927][ T3731] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 236, changing to 11 [ 600.984327][ T3731] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 18251, setting to 1024 [ 601.043828][ T3731] usb 2-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 601.232251][ T26] audit: type=1804 audit(1722071908.907:353): pid=12567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2004" name="/newroot/463/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 601.295885][ T3731] usb 2-1: New USB device found, idVendor=1266, idProduct=1002, bcdDevice=ef.1e [ 601.305639][ T3731] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 601.352874][ T26] audit: type=1804 audit(1722071908.947:354): pid=12567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2004" name="/newroot/463/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 601.391616][ T3731] usb 2-1: Product: syz [ 601.404073][ T3731] usb 2-1: Manufacturer: syz [ 601.410731][ T3731] usb 2-1: SerialNumber: syz [ 601.430346][ T3731] usb 2-1: config 0 descriptor?? [ 601.444778][T12567] loop0: detected capacity change from 32768 to 0 [ 601.455226][ T26] audit: type=1804 audit(1722071908.947:355): pid=12567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2004" name="/newroot/463/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 601.478585][T12573] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 601.510892][ T3731] option 2-1:0.0: GSM modem (1-port) converter detected [ 601.534782][ T26] audit: type=1804 audit(1722071909.007:356): pid=12603 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2004" name="/newroot/463/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 601.634243][ T4465] usb 4-1: new full-speed USB device number 25 using dummy_hcd [ 601.685404][ T4078] team0 (unregistering): Port device team_slave_1 removed [ 601.697678][ T3641] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 601.721841][ T8248] usb 2-1: USB disconnect, device number 11 [ 601.731595][ T8248] option 2-1:0.0: device disconnected [ 601.944150][ T4078] team0 (unregistering): Port device team_slave_0 removed [ 602.025742][ T4465] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 602.130337][ T4078] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 602.156591][T12606] loop0: detected capacity change from 0 to 512 [ 602.171318][T12606] EXT4-fs: Ignoring removed orlov option [ 602.187075][T12606] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 602.204394][T12606] EXT4-fs (loop0): can't mount with commit=3, fs mounted w/o journal [ 602.214968][ T4465] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 602.233461][ T4465] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 602.252106][ T4465] usb 4-1: Product: syz [ 602.256558][ T4465] usb 4-1: Manufacturer: syz [ 602.257519][ T3642] Bluetooth: hci4: command tx timeout [ 602.261143][ T4465] usb 4-1: SerialNumber: syz [ 602.319860][T12604] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 602.425276][ T4078] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 602.624196][ T4465] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 25 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 602.839594][ T4465] usb 4-1: USB disconnect, device number 25 [ 602.867537][ T4465] usblp0: removed [ 603.955382][ T4078] bond0 (unregistering): Released all slaves [ 604.134501][T12513] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 604.186298][T12513] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 604.283122][T12513] team0: Port device team_slave_0 added [ 604.334199][ T3642] Bluetooth: hci4: command tx timeout [ 604.356102][T12513] team0: Port device team_slave_1 added [ 604.371932][T12636] loop3: detected capacity change from 0 to 128 [ 604.497301][T12513] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 604.521003][T12513] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 604.607753][T12513] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 604.636241][T12631] loop1: detected capacity change from 0 to 8192 [ 604.717379][T12513] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 604.726248][T12513] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 604.764255][T12631] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 604.784145][ T5008] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 604.790101][T12513] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 604.984147][T12513] device hsr_slave_0 entered promiscuous mode [ 605.021060][T12513] device hsr_slave_1 entered promiscuous mode [ 605.144190][ T5008] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 605.171708][ T5008] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 605.212241][ T5008] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 236, changing to 11 [ 605.250811][ T5008] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 18251, setting to 1024 [ 605.276785][ T5008] usb 5-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 605.457963][T12643] loop0: detected capacity change from 0 to 32768 [ 605.513123][ T5008] usb 5-1: New USB device found, idVendor=1266, idProduct=1002, bcdDevice=ef.1e [ 605.524501][T12643] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.2022 (12643) [ 605.543590][ T5008] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 605.572056][ T5008] usb 5-1: Product: syz [ 605.601313][ T5008] usb 5-1: Manufacturer: syz [ 605.607421][ T5008] usb 5-1: SerialNumber: syz [ 605.628580][ T5008] usb 5-1: config 0 descriptor?? [ 605.705672][T12641] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 605.712917][T12643] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 605.727524][ T5008] option 5-1:0.0: GSM modem (1-port) converter detected [ 605.736966][T12643] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 605.791412][T12643] BTRFS info (device loop0): setting nodatacow, compression disabled [ 605.817301][T12643] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 605.873566][T12643] BTRFS info (device loop0): force lzo compression, level 0 [ 605.903954][T12643] BTRFS info (device loop0): metadata ratio 8 [ 605.910116][T12643] BTRFS info (device loop0): doing ref verification [ 605.956857][T12643] BTRFS info (device loop0): metadata ratio 32769 [ 605.967205][ T5008] usb 5-1: USB disconnect, device number 19 [ 605.983595][ T5008] option 5-1:0.0: device disconnected [ 605.993928][T12643] BTRFS info (device loop0): turning off barriers [ 606.045373][T12643] BTRFS info (device loop0): enabling ssd optimizations [ 606.052366][T12643] BTRFS info (device loop0): using spread ssd allocation scheme [ 606.113941][T12643] BTRFS info (device loop0): turning on barriers [ 606.120349][T12643] BTRFS info (device loop0): using free space tree [ 606.522517][ T26] audit: type=1804 audit(1722071914.197:357): pid=12643 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2022" name="/newroot/468/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 606.609740][ T26] audit: type=1804 audit(1722071914.287:358): pid=12683 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2022" name="/newroot/468/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 606.713296][ T26] audit: type=1804 audit(1722071914.307:359): pid=12643 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2022" name="/newroot/468/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 606.803103][ T26] audit: type=1804 audit(1722071914.347:360): pid=12643 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2022" name="/newroot/468/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 606.901605][T12643] loop0: detected capacity change from 32768 to 0 [ 606.906561][T12513] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 606.977116][T12513] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 607.026206][T12513] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 607.096448][T12513] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 607.237364][ T3641] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 607.483047][T12513] 8021q: adding VLAN 0 to HW filter on device bond0 [ 607.577026][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 607.596076][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 607.617284][T12513] 8021q: adding VLAN 0 to HW filter on device team0 [ 607.651985][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 607.676086][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 607.694408][ T3685] bridge0: port 1(bridge_slave_0) entered blocking state [ 607.701549][ T3685] bridge0: port 1(bridge_slave_0) entered forwarding state [ 607.786238][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 607.795171][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 607.826354][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 607.864477][ T3786] bridge0: port 2(bridge_slave_1) entered blocking state [ 607.871633][ T3786] bridge0: port 2(bridge_slave_1) entered forwarding state [ 607.914262][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 607.935122][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 607.984124][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 607.993607][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 608.091130][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 608.104652][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 608.113400][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 608.182219][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 608.337925][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 608.378739][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 608.404311][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 608.465271][T12513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 608.765444][T12722] overlayfs: unrecognized mount option "defcontext=user_u" or missing value [ 609.421026][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88805a7e3800: rx timeout, send abort [ 609.473956][ T3714] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 609.817558][T12751] syz.1.2039[12751] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 609.817662][T12751] syz.1.2039[12751] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 609.854610][ T3714] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 609.903987][ T3714] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 609.929452][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88805a7e3800: abort rx timeout. Force session deactivation [ 609.939976][ T3714] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 236, changing to 11 [ 609.986797][ T3714] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 18251, setting to 1024 [ 609.998585][ T3714] usb 4-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 610.185228][ T3714] usb 4-1: New USB device found, idVendor=1266, idProduct=1002, bcdDevice=ef.1e [ 610.208626][ T3714] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 610.223920][ T3714] usb 4-1: Product: syz [ 610.228190][ T3714] usb 4-1: Manufacturer: syz [ 610.243993][ T3714] usb 4-1: SerialNumber: syz [ 610.265091][ T3714] usb 4-1: config 0 descriptor?? [ 610.306902][T12738] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 610.345547][ T3714] option 4-1:0.0: GSM modem (1-port) converter detected [ 610.567165][ T3714] usb 4-1: USB disconnect, device number 26 [ 610.584617][ T3714] option 4-1:0.0: device disconnected [ 610.978484][T12766] loop0: detected capacity change from 0 to 32768 [ 611.037675][T12766] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.2040 (12766) [ 611.079472][T12766] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 611.109099][T12766] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 611.126796][T12766] BTRFS info (device loop0): setting nodatacow, compression disabled [ 611.144018][T12766] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 611.184018][T12766] BTRFS info (device loop0): force lzo compression, level 0 [ 611.193117][T12766] BTRFS info (device loop0): metadata ratio 8 [ 611.228139][T12766] BTRFS info (device loop0): doing ref verification [ 611.257108][T12766] BTRFS info (device loop0): metadata ratio 32769 [ 611.263622][T12766] BTRFS info (device loop0): turning off barriers [ 611.290890][T12766] BTRFS info (device loop0): enabling ssd optimizations [ 611.307282][T12766] BTRFS info (device loop0): using spread ssd allocation scheme [ 611.324202][T12766] BTRFS info (device loop0): turning on barriers [ 611.330607][T12766] BTRFS info (device loop0): using free space tree [ 611.492006][T12786] loop3: detected capacity change from 0 to 8192 [ 611.526861][T12786] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 611.679903][ T26] audit: type=1804 audit(1722071919.367:361): pid=12766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2040" name="/newroot/470/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 611.764656][ T26] audit: type=1804 audit(1722071919.447:362): pid=12766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2040" name="/newroot/470/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 611.792918][ T26] audit: type=1804 audit(1722071919.467:363): pid=12766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2040" name="/newroot/470/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 611.871477][ T26] audit: type=1804 audit(1722071919.537:364): pid=12809 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2040" name="/newroot/470/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 611.940652][T12809] loop0: detected capacity change from 32768 to 0 [ 612.050230][ T3641] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 613.071907][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 613.079750][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 613.093732][T12513] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 613.234994][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 613.245044][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 613.288303][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 613.324716][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 613.347234][T12513] device veth0_vlan entered promiscuous mode [ 613.374345][ T3714] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 613.382390][ T3714] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 613.420727][T12513] device veth1_vlan entered promiscuous mode [ 613.567703][ T3714] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 613.581126][ T3714] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 613.614338][ T8353] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 613.627539][ T3714] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 613.674256][ T3714] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 613.694035][T12513] device veth0_macvtap entered promiscuous mode [ 613.716251][T12513] device veth1_macvtap entered promiscuous mode [ 613.883958][ T8353] usb 5-1: Using ep0 maxpacket: 16 [ 614.358296][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 614.384730][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 614.426228][T12513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 614.483958][T12513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 614.528972][T12513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 614.584008][T12513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 614.608425][T12513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 614.624095][ T8353] usb 5-1: New USB device found, idVendor=23a7, idProduct=fedc, bcdDevice=e0.0b [ 614.638758][ T8353] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 614.655392][T12513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 614.675021][ T8353] usb 5-1: Product: syz [ 614.679405][ T8353] usb 5-1: Manufacturer: syz [ 614.699747][T12513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 614.716912][ T8353] usb 5-1: SerialNumber: syz [ 614.730420][ T8353] usb 5-1: config 0 descriptor?? [ 614.741200][T12513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 614.785411][T12513] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 614.817513][ T3888] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 614.828764][ T3888] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 614.847162][T12513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 614.873651][T12513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 614.929598][T12513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 614.950463][T12513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.009023][T12513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 615.040476][T12513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.071560][T12841] Driver unsupported XDP return value 0 on prog (id 328) dev N/A, expect packet loss! [ 615.091091][T12513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 615.262620][T12513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.330655][T12513] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 615.403733][ T4089] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 615.430825][ T4089] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 615.501639][T12513] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 615.531719][T12513] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 615.577497][T12513] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 615.631319][T12513] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 615.922480][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 615.969962][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 616.048007][ T4089] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 616.091833][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 616.132092][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 616.189483][ T3888] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 616.455616][ T4089] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 616.834254][ T4089] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 616.854284][ T4089] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 616.913293][ T4089] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 236, changing to 11 [ 616.933939][ T4089] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 18251, setting to 1024 [ 616.947394][ T4089] usb 2-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 616.962711][T10226] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 617.140637][ T4078] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.174753][ T4089] usb 2-1: New USB device found, idVendor=1266, idProduct=1002, bcdDevice=ef.1e [ 617.183842][ T4089] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 617.188838][ T8353] usb 5-1: MIDIStreaming interface descriptor not found [ 617.213004][ T4089] usb 2-1: Product: syz [ 617.217893][ T4089] usb 2-1: Manufacturer: syz [ 617.222513][ T4089] usb 2-1: SerialNumber: syz [ 617.274382][ T4089] usb 2-1: config 0 descriptor?? [ 617.295436][T12865] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 617.308250][ T8353] usb 5-1: USB disconnect, device number 20 [ 617.316401][ T4089] option 2-1:0.0: GSM modem (1-port) converter detected [ 617.317660][T10226] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 617.394072][T10226] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 617.409081][T10226] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 617.437264][T10226] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 617.450145][T10226] usb 1-1: config 0 descriptor?? [ 617.480165][ T4078] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.529352][ T3680] usb 2-1: USB disconnect, device number 12 [ 617.537554][ T3680] option 2-1:0.0: device disconnected [ 617.560227][ T4078] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.636861][ T3877] udevd[3877]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 617.673520][ T4078] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.934773][T10226] hid (null): bogus close delimiter [ 618.154236][T10226] usb 1-1: language id specifier not provided by device, defaulting to English [ 618.769775][T10226] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.000F/input/input5 [ 618.945612][T10226] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.000F/input/input6 [ 618.995790][T12920] loop3: detected capacity change from 0 to 256 [ 619.012606][T10226] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.000F/input/input7 [ 619.075021][T12920] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 619.080890][T10226] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.000F/input/input8 [ 619.104674][T12917] loop4: detected capacity change from 0 to 8192 [ 619.172040][T12920] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 619.176728][T12917] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 619.225292][T10226] uclogic 0003:256C:006D.000F: input,hiddev0,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.0-1/input0 [ 619.293787][T10226] usb 1-1: USB disconnect, device number 21 [ 619.460313][ T3645] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 619.471932][ T3645] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 619.490941][ T48] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 619.506579][ T48] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 619.517376][ T48] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 619.524706][ T48] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 619.951362][ T4078] device hsr_slave_0 left promiscuous mode [ 619.970929][ T4078] device hsr_slave_1 left promiscuous mode [ 619.993775][ T4078] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 620.012746][ T4078] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 620.670062][ T4078] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 620.726894][ T4078] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 620.800478][ T4078] device bridge_slave_1 left promiscuous mode [ 620.820098][ T4078] bridge0: port 2(bridge_slave_1) entered disabled state [ 620.864478][ T4078] device bridge_slave_0 left promiscuous mode [ 620.870784][ T4078] bridge0: port 1(bridge_slave_0) entered disabled state [ 620.977246][ T4078] device veth1_macvtap left promiscuous mode [ 620.990214][ T4078] device veth0_macvtap left promiscuous mode [ 621.010631][ T4078] device veth1_vlan left promiscuous mode [ 621.023331][ T4078] device veth0_vlan left promiscuous mode [ 621.623798][ T48] Bluetooth: hci4: command tx timeout [ 621.983843][ C0] vxcan0: j1939_tp_txtimer: 0xffff8880666b8000: tx aborted with unknown reason: -2 [ 622.278975][T12968] syz.0.2066[12968] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 622.279074][T12968] syz.0.2066[12968] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 623.079318][ C0] vxcan0: j1939_tp_rxtimer: 0xffff8880666b8000: abort rx timeout. Force session deactivation [ 623.465820][T12976] loop1: detected capacity change from 0 to 256 [ 623.507097][T12976] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 623.525973][T12976] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 623.594239][ T3888] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 623.635571][ T4078] team0 (unregistering): Port device team_slave_1 removed [ 623.676462][ T4078] team0 (unregistering): Port device team_slave_0 removed [ 623.698838][ T48] Bluetooth: hci4: command tx timeout [ 623.723479][ T4078] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 623.761269][ T4078] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 623.984078][ T3888] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 0, changing to 7 [ 623.995258][ T3888] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 624.005583][ T3888] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 624.024671][ T3888] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 236, changing to 11 [ 624.036303][ T3888] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 18251, setting to 1024 [ 624.047854][ T3888] usb 1-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 624.215612][ T4078] bond0 (unregistering): Released all slaves [ 624.254655][ T3888] usb 1-1: New USB device found, idVendor=1266, idProduct=1002, bcdDevice=ef.1e [ 624.264601][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.270924][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.281530][ T3888] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 624.295360][ T3888] usb 1-1: Product: syz [ 624.299609][ T3888] usb 1-1: Manufacturer: syz [ 624.308325][ T3888] usb 1-1: SerialNumber: syz [ 624.322139][ T3888] usb 1-1: config 0 descriptor?? [ 624.344522][T12973] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 624.474219][ T3888] option 1-1:0.0: GSM modem (1-port) converter detected [ 624.575797][ T3888] usb 1-1: USB disconnect, device number 22 [ 624.583701][ T3888] option 1-1:0.0: device disconnected [ 624.653202][T12976] tipc: Started in network mode [ 624.674505][T12976] tipc: Node identity f0, cluster identity 4711 [ 624.681196][T12976] tipc: Node number set to 240 [ 624.909656][T12927] chnl_net:caif_netlink_parms(): no params data found [ 625.469651][T12927] bridge0: port 1(bridge_slave_0) entered blocking state [ 625.493956][T12927] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.535966][T12927] device bridge_slave_0 entered promiscuous mode [ 625.651638][T12927] bridge0: port 2(bridge_slave_1) entered blocking state [ 625.694695][T12927] bridge0: port 2(bridge_slave_1) entered disabled state [ 625.705742][T12927] device bridge_slave_1 entered promiscuous mode [ 625.779475][ T48] Bluetooth: hci4: command tx timeout [ 625.796855][T12996] loop1: detected capacity change from 0 to 8192 [ 625.878502][T12996] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 625.920920][T12927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 625.963176][T12927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 626.142592][T12927] team0: Port device team_slave_0 added [ 626.184724][T12927] team0: Port device team_slave_1 added [ 626.311395][T12927] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 626.352680][T12927] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 626.433916][T12927] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 626.483407][T12927] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 626.514273][T12927] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 626.620335][T12927] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 626.872841][T12927] device hsr_slave_0 entered promiscuous mode [ 626.902448][T12927] device hsr_slave_1 entered promiscuous mode [ 627.864043][ T48] Bluetooth: hci4: command tx timeout [ 628.836290][T13050] tipc: Can't bind to reserved service type 0 [ 628.908098][ C1] vxcan0: j1939_tp_rxtimer: 0xffff888068206c00: rx timeout, send abort [ 629.267875][T13054] device syzkaller0 entered promiscuous mode [ 629.416595][ C1] vxcan0: j1939_tp_rxtimer: 0xffff888068206c00: abort rx timeout. Force session deactivation [ 629.521427][T13065] skb len=10605 headroom=232 headlen=10605 tailroom=21611 [ 629.521427][T13065] mac=(256,-24) net=(232,20) trans=252 [ 629.521427][T13065] shinfo(txflags=0 nr_frags=0 gso(size=0 type=0 segs=0)) [ 629.521427][T13065] csum(0x350e2a55 ip_summed=3 complete_sw=0 valid=0 level=0) [ 629.521427][T13065] hash(0x0 sw=0 l4=0) proto=0x0800 pkttype=0 iif=0 [ 629.554794][T13065] dev name=ip6gre0 feat=0x00000006401d7869 [ 629.560639][T13065] skb linear: 00000000: 45 02 29 6d ce bd 00 00 0f 2f 13 77 ac 14 14 14 [ 629.569216][T13065] skb linear: 00000010: e0 00 00 03 00 00 08 00 bd 0b 29 55 10 82 0c 52 [ 629.577784][T13065] skb linear: 00000020: 0f 06 d4 e0 fd 00 00 00 00 a4 fe 94 2a 31 f4 85 [ 629.586394][T13065] skb linear: 00000030: 97 e3 6e 03 9b 1c 59 9d b6 e4 66 74 9c 2d 05 f6 [ 629.594942][T13065] skb linear: 00000040: 4c 83 03 a0 f7 fb da 34 fb 88 25 f8 02 00 e3 e4 [ 629.603458][T13065] skb linear: 00000050: 63 04 f7 ff 00 ff ff ca 88 00 00 00 29 6c 00 00 [ 629.612014][T13065] skb linear: 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 629.620545][T13065] skb linear: 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 629.629085][T13065] skb linear: 00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 629.637643][T13065] skb linear: 00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 629.646204][T13065] skb linear: 000000a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 629.654755][T13065] skb linear: 000000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 629.663270][T13065] skb linear: 000000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 629.671851][T13065] skb linear: 000000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 629.680408][T13065] skb linear: 000000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 629.688954][T13065] skb linear: 000000f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 629.697496][T13065] skb linear: 00000100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 629.706035][T13065] skb linear: 00000110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 629.714567][T13065] skb linear: 00000120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 629.723088][T13065] ------------[ cut here ]------------ [ 629.728606][T13065] offset (10605) >= skb_headlen() (10605) [ 629.734986][T13065] WARNING: CPU: 1 PID: 13065 at net/core/dev.c:3305 skb_checksum_help+0x626/0x740 [ 629.744279][T13065] Modules linked in: [ 629.748200][T13065] CPU: 1 PID: 13065 Comm: syz.1.2086 Not tainted 6.1.101-syzkaller #0 [ 629.756424][T13065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 629.766526][T13065] RIP: 0010:skb_checksum_help+0x626/0x740 [ 629.772269][T13065] Code: ff df 48 8b 4c 24 18 0f b6 04 01 84 c0 0f 85 cd 00 00 00 48 8b 04 24 2b 18 48 c7 c7 80 cd 05 8c 44 89 fe 89 da e8 fa 7d b8 f8 <0f> 0b bb ea ff ff ff e9 59 fd ff ff e8 59 88 f0 f8 c6 05 be 59 eb [ 629.791975][T13065] RSP: 0018:ffffc9000337ef28 EFLAGS: 00010246 [ 629.798136][T13065] RAX: 282002c4881d3100 RBX: 000000000000296d RCX: 0000000000040000 [ 629.806222][T13065] RDX: ffffc900040d3000 RSI: 000000000003ffff RDI: 0000000000040000 [ 629.814247][T13065] RBP: 000000000000296d R08: ffffffff815293ae R09: fffff5200066fd85 [ 629.822234][T13065] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000002a55 [ 629.830293][T13065] R13: ffff888021ece070 R14: ffff888021ece000 R15: 000000000000296d [ 629.838332][T13065] FS: 00007f1b601186c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 629.847342][T13065] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 629.853971][T13065] CR2: 0000000000000000 CR3: 000000005cb23000 CR4: 00000000003506e0 [ 629.861960][T13065] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 629.870029][T13065] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 629.878100][T13065] Call Trace: [ 629.881412][T13065] [ 629.884416][T13065] ? __warn+0x15a/0x520 [ 629.888595][T13065] ? skb_checksum_help+0x626/0x740 [ 629.893766][T13065] ? report_bug+0x2af/0x500 [ 629.898403][T13065] ? skb_checksum_help+0x626/0x740 [ 629.903624][T13065] ? handle_bug+0x3d/0x70 [ 629.908043][T13065] ? exc_invalid_op+0x16/0x40 [ 629.912741][T13065] ? asm_exc_invalid_op+0x16/0x20 [ 629.917848][T13065] ? __warn_printk+0x28e/0x350 [ 629.922640][T13065] ? skb_checksum_help+0x626/0x740 [ 629.927834][T13065] ? skb_checksum_help+0x626/0x740 [ 629.932975][T13065] ip_do_fragment+0x209/0x1b20 [ 629.937830][T13065] ? nf_hook+0x392/0x450 [ 629.942100][T13065] ? __ip_local_out+0x4a0/0x4a0 [ 629.947035][T13065] ? ip_fragment+0x220/0x220 [ 629.951648][T13065] ? ip_frag_next+0xb10/0xb10 [ 629.956412][T13065] ? ip_fast_csum+0x1ec/0x2a0 [ 629.961121][T13065] ? __ip_finish_output+0x22f/0x4b0 [ 629.966402][T13065] ? ip_fragment+0x9a/0x220 [ 629.970934][T13065] iptunnel_xmit+0x513/0x920 [ 629.975795][T13065] ip_tunnel_xmit+0x22e4/0x2cc0 [ 629.978334][T13072] loop0: detected capacity change from 0 to 8192 [ 629.980681][T13065] ? tnl_update_pmtu+0x10b0/0x10b0 [ 629.992194][T13065] ? print_irqtrace_events+0x210/0x210 [ 629.993837][T13072] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 629.997720][T13065] ? validate_xmit_xfrm+0xb4/0x10b0 [ 630.013379][T13065] ? gre_build_header+0x25b/0x9a0 [ 630.018504][T13065] ipgre_xmit+0x866/0xc40 [ 630.022843][T13065] dev_hard_start_xmit+0x261/0x8c0 [ 630.028019][T13065] __dev_queue_xmit+0x1bb1/0x3cf0 [ 630.033068][T13065] ? __dev_queue_xmit+0x2d6/0x3cf0 [ 630.038246][T13065] ? netdev_core_pick_tx+0x320/0x320 [ 630.043541][T13065] ? virtio_net_hdr_to_skb+0x6db/0x1220 [ 630.049163][T13065] packet_sendmsg+0x4775/0x61a0 [ 630.054081][T13065] ? aa_sk_perm+0xa60/0xa60 [ 630.058614][T13065] ? aa_sk_perm+0x92d/0xa60 [ 630.063103][T13065] ? tomoyo_socket_bind_permission+0x330/0x330 [ 630.069314][T13065] ? packet_getsockopt+0xed0/0xed0 [ 630.074497][T13065] ? __import_iovec+0x316/0x4c0 [ 630.079377][T13065] ? aa_sock_msg_perm+0x91/0x150 [ 630.084433][T13065] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 630.089743][T13065] ? security_socket_sendmsg+0x7d/0xa0 [ 630.095276][T13065] ? packet_getsockopt+0xed0/0xed0 [ 630.100404][T13065] ____sys_sendmsg+0x5a5/0x8f0 [ 630.105241][T13065] ? __sys_sendmsg_sock+0x30/0x30 [ 630.110291][T13065] __sys_sendmsg+0x2a9/0x390 [ 630.114943][T13065] ? ____sys_sendmsg+0x8f0/0x8f0 [ 630.119933][T13065] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 630.125990][T13065] ? syscall_enter_from_user_mode+0x2e/0x230 [ 630.132017][T13065] ? lockdep_hardirqs_on+0x94/0x130 [ 630.137310][T13065] ? syscall_enter_from_user_mode+0x2e/0x230 [ 630.143335][T13065] do_syscall_64+0x3b/0xb0 [ 630.147863][T13065] ? clear_bhb_loop+0x45/0xa0 [ 630.152580][T13065] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 630.158567][T13065] RIP: 0033:0x7f1b5f377299 [ 630.163038][T13065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 630.182755][T13065] RSP: 002b:00007f1b60118048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 630.191269][T13065] RAX: ffffffffffffffda RBX: 00007f1b5f505f80 RCX: 00007f1b5f377299 [ 630.199348][T13065] RDX: 0000000000000000 RSI: 0000000020002ac0 RDI: 0000000000000006 [ 630.207380][T13065] RBP: 00007f1b5f3e48e6 R08: 0000000000000000 R09: 0000000000000000 [ 630.215435][T13065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 630.223424][T13065] R13: 000000000000000b R14: 00007f1b5f505f80 R15: 00007fff89402e88 [ 630.231512][T13065] [ 630.234581][T13065] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 630.241868][T13065] CPU: 1 PID: 13065 Comm: syz.1.2086 Not tainted 6.1.101-syzkaller #0 [ 630.250031][T13065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 630.260094][T13065] Call Trace: [ 630.263378][T13065] [ 630.266311][T13065] dump_stack_lvl+0x1e3/0x2cb [ 630.271015][T13065] ? nf_tcp_handle_invalid+0x642/0x642 [ 630.276498][T13065] ? panic+0x764/0x764 [ 630.280603][T13065] ? 0xffffffffa000095c [ 630.284768][T13065] ? vscnprintf+0x59/0x80 [ 630.289124][T13065] panic+0x318/0x764 [ 630.293032][T13065] ? __warn+0x169/0x520 [ 630.297204][T13065] ? memcpy_page_flushcache+0xfc/0xfc [ 630.302615][T13065] __warn+0x348/0x520 [ 630.306604][T13065] ? skb_checksum_help+0x626/0x740 [ 630.311747][T13065] report_bug+0x2af/0x500 [ 630.316100][T13065] ? skb_checksum_help+0x626/0x740 [ 630.321230][T13065] handle_bug+0x3d/0x70 [ 630.325400][T13065] exc_invalid_op+0x16/0x40 [ 630.329916][T13065] asm_exc_invalid_op+0x16/0x20 [ 630.334785][T13065] RIP: 0010:skb_checksum_help+0x626/0x740 [ 630.340523][T13065] Code: ff df 48 8b 4c 24 18 0f b6 04 01 84 c0 0f 85 cd 00 00 00 48 8b 04 24 2b 18 48 c7 c7 80 cd 05 8c 44 89 fe 89 da e8 fa 7d b8 f8 <0f> 0b bb ea ff ff ff e9 59 fd ff ff e8 59 88 f0 f8 c6 05 be 59 eb [ 630.360119][T13065] RSP: 0018:ffffc9000337ef28 EFLAGS: 00010246 [ 630.366174][T13065] RAX: 282002c4881d3100 RBX: 000000000000296d RCX: 0000000000040000 [ 630.374131][T13065] RDX: ffffc900040d3000 RSI: 000000000003ffff RDI: 0000000000040000 [ 630.382086][T13065] RBP: 000000000000296d R08: ffffffff815293ae R09: fffff5200066fd85 [ 630.390043][T13065] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000002a55 [ 630.398001][T13065] R13: ffff888021ece070 R14: ffff888021ece000 R15: 000000000000296d [ 630.405968][T13065] ? __warn_printk+0x28e/0x350 [ 630.410739][T13065] ? skb_checksum_help+0x626/0x740 [ 630.415855][T13065] ip_do_fragment+0x209/0x1b20 [ 630.420609][T13065] ? nf_hook+0x392/0x450 [ 630.424843][T13065] ? __ip_local_out+0x4a0/0x4a0 [ 630.429679][T13065] ? ip_fragment+0x220/0x220 [ 630.434257][T13065] ? ip_frag_next+0xb10/0xb10 [ 630.438922][T13065] ? ip_fast_csum+0x1ec/0x2a0 [ 630.443594][T13065] ? __ip_finish_output+0x22f/0x4b0 [ 630.448781][T13065] ? ip_fragment+0x9a/0x220 [ 630.453274][T13065] iptunnel_xmit+0x513/0x920 [ 630.457884][T13065] ip_tunnel_xmit+0x22e4/0x2cc0 [ 630.462744][T13065] ? tnl_update_pmtu+0x10b0/0x10b0 [ 630.467847][T13065] ? print_irqtrace_events+0x210/0x210 [ 630.473298][T13065] ? validate_xmit_xfrm+0xb4/0x10b0 [ 630.478488][T13065] ? gre_build_header+0x25b/0x9a0 [ 630.483512][T13065] ipgre_xmit+0x866/0xc40 [ 630.487841][T13065] dev_hard_start_xmit+0x261/0x8c0 [ 630.492953][T13065] __dev_queue_xmit+0x1bb1/0x3cf0 [ 630.497971][T13065] ? __dev_queue_xmit+0x2d6/0x3cf0 [ 630.503071][T13065] ? netdev_core_pick_tx+0x320/0x320 [ 630.508346][T13065] ? virtio_net_hdr_to_skb+0x6db/0x1220 [ 630.513905][T13065] packet_sendmsg+0x4775/0x61a0 [ 630.518756][T13065] ? aa_sk_perm+0xa60/0xa60 [ 630.523270][T13065] ? aa_sk_perm+0x92d/0xa60 [ 630.527762][T13065] ? tomoyo_socket_bind_permission+0x330/0x330 [ 630.533903][T13065] ? packet_getsockopt+0xed0/0xed0 [ 630.539007][T13065] ? __import_iovec+0x316/0x4c0 [ 630.543849][T13065] ? aa_sock_msg_perm+0x91/0x150 [ 630.548783][T13065] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 630.554083][T13065] ? security_socket_sendmsg+0x7d/0xa0 [ 630.559530][T13065] ? packet_getsockopt+0xed0/0xed0 [ 630.564636][T13065] ____sys_sendmsg+0x5a5/0x8f0 [ 630.569400][T13065] ? __sys_sendmsg_sock+0x30/0x30 [ 630.574514][T13065] __sys_sendmsg+0x2a9/0x390 [ 630.579097][T13065] ? ____sys_sendmsg+0x8f0/0x8f0 [ 630.584050][T13065] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 630.590029][T13065] ? syscall_enter_from_user_mode+0x2e/0x230 [ 630.595998][T13065] ? lockdep_hardirqs_on+0x94/0x130 [ 630.601181][T13065] ? syscall_enter_from_user_mode+0x2e/0x230 [ 630.607149][T13065] do_syscall_64+0x3b/0xb0 [ 630.611553][T13065] ? clear_bhb_loop+0x45/0xa0 [ 630.616223][T13065] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 630.622191][T13065] RIP: 0033:0x7f1b5f377299 [ 630.626597][T13065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 630.646186][T13065] RSP: 002b:00007f1b60118048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 630.654588][T13065] RAX: ffffffffffffffda RBX: 00007f1b5f505f80 RCX: 00007f1b5f377299 [ 630.662546][T13065] RDX: 0000000000000000 RSI: 0000000020002ac0 RDI: 0000000000000006 [ 630.670502][T13065] RBP: 00007f1b5f3e48e6 R08: 0000000000000000 R09: 0000000000000000 [ 630.678467][T13065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 630.686426][T13065] R13: 000000000000000b R14: 00007f1b5f505f80 R15: 00007fff89402e88 [ 630.694400][T13065] [ 630.697643][T13065] Kernel Offset: disabled [ 630.701994][T13065] Rebooting in 86400 seconds..