last executing test programs: 16.468860613s ago: executing program 1 (id=815): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "2af01c3d0040fbffffffffffffff00"}) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETA(r1, 0x5406, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x66, 0x0, "a0590469a322d928"}) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)) 16.368521432s ago: executing program 1 (id=816): r0 = memfd_create(&(0x7f00000006c0)='\x103q}2\x9a\xce\xaf\x03\x86\xe7\xc0\x14\x8f\xf8\xd28\xf4\x1c\xc0\xf9\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xeb\xcd\t\x00\x90k\xd6\x05\r\x84\x87\x1c\b\x8c`\xea\x13A\x90m\xb6\x02\x00\x00\x00A\xc5\xb8_\xd4\x18,\fus\xb2\x99/\xc0\x9a\xf2O\xdb\xc0\x8b\x19\x17\xb7Rvd\xcb:\b0\xc3\x93;\xcc\x14\x02\xc4\xfd{\xbb-\x80\xbf\xab\xbf\xd2\xd3\xe0Cf\xb7\x7f\x93X\'\xf5/\xf9cY\x828\xa2\x00_\xb0#w\xae\xb8L\xeb\xa1\xecF\xbd\xf0\x91$s\xd8\x80\x1a\xc4\xe5=_b\x99\xf9\x84(\xcb,Y\xe6\xf0\x13\x15J\x9f,\xa5\xf2.A\x00\x00S\x94\xe7\x05no\xee\x8b\xb0ciB\x82\t9*\a\x88\xfe\xca\xcb\xe2G\x00\xa9;q\x0f\xb4\xfa\x8e\v\xf7\xc7\x86>wHw]=rW\x01\xe3\xdb\x10G-\xf7\xacD\xd7\xfb\xa0\x96\x85u\xddDv\x9c\x8b\xab\xe3F\x1d\xd2C\xdc\x1f\x80\x005\'y8a\xd3s_\xa6\b\x90\xab\xc9_\xc9\xcb;z\xcc\x9d5\xd2j\x1d\xd9\xe1\xcb\x1c\x156\xc5\xf2d\xfe\x0er\x01\xcdyF\xc1H\r\x94\xa9\x89P|\xcff\x9e\x03\xa4:\x04\v\xfe\x04\x02.\x9e\xf5~\x00\xf2TL\xac\x87<)\x02\xbaq\xae\x87\x1a\xc0\xe5\x90', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100008f}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r4, 0x0) ftruncate(r4, 0x8001) ioctl$EVIOCGLED(0xffffffffffffffff, 0x80044501, &(0x7f0000000000)=""/85) mmap(&(0x7f00001c3000/0x3000)=nil, 0x3000, 0x4, 0x2012, r0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800008, 0x2) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xf, 0x81, 0x1, 0x9, 0x8}, 0xfffffffffffffeab) socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, 0x0) 15.433894228s ago: executing program 1 (id=817): userfaultfd(0x1) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00') bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f0000000200)={0x2020}, 0x2020) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x21408, 0x0, 0x1, 0x0, &(0x7f0000006380)) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) mount(&(0x7f0000000300), &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15) r4 = dup(r3) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_INIT(r4, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21}}, 0x50) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x0, &(0x7f0000004640)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@uname={'uname', 0x3d, '}\x81{-/}(*'}}, {@aname={'aname', 0x3d, '@#@'}}], [], 0x6b}}) syz_fuse_handle_req(r0, &(0x7f0000002240)="afaddbba376e1bba12e2f2262ec7a1f5b377313a7bcf2d9b013196c2f0f94bc244fc0dc1c1bfbd4ed45229ce0cb7ca58f4b8d430b30d6ad8e8a56099ff70f31257cbe8710542fbedf009e1a5799fb06a7e0301b43d31008caf089c4a5a49dc50ea4c476f63a8b0aa08dd78d9ff39d8dfafbe2c41ff5d2331dd2e9d784247d5272cdcd13e6d9d7a03fa6b0622e6f130e0489bf9105a2a511d6f5b7da1100ecfe5d6ce64f4aac5c00c26d636ac66f059201a3a790b946da4808f1d665484847b61faab09a5e4b45a17c4c55b64ecf6933705c22c85317cc5edeba3e9260033f6bac869ac3b08ed1c55ae3119c78761be6d934c3757d5f10079243e4f06429907163f81855b74887146d875d0e6ab4d5c7032e84c33ea24bb93b2ab6eaec0feeca93f006a0d2bc2bd601f2ede8f32b5fa2e37e0ad1460b8839676dedef30fb684f6fddfcd9a84f3efd78d076c996d92a186e921e16e5ac7aa1f70c585b3752cc1312876c758219645ad0a5540bc82074a497ffc3717c8e139c09b3d2e21fff27e12db18540448f7ff7b637f87b7a717a60a23934e4be7f55ac10d2c09098fa13c9f1c5ed9ba61cc3ddc320b5409071d2ddd25d5b8f79475e80b3b8257b25fad2c59c31c5855560f2600de1930cb1f2e57aed4fb0b79fa7aac52d54a73d62f424cbad6f82ce5d5749cce356f892488ed149283e51dfdded96136a90b5e0c63d1728a82c324b1dd756b9f9b257a9e7f4b07a007e8ed37274d686e4b1667b315b640cb610d48fbe98c07ddb82250e9399b1e705e3f805969b9a003902e2e7b85cb9e2171f5bd180fbb9bd26805fce0b2c6f87cd7d02a579ac24a5391ad2eec8868425034c5dc19dc7581bc0162ecb37a172175a859b143284e3146dfa01731b6ceca8e458cbdf8d785300d12c50c3bd9ca4b72cbb0480711b2cfe820c31887289b29fed60c04548ee3e24acaeed283a9400cbba31e1317ec6158ece4ce56af53e46e182a6d441ba04520f0e8b45b56eb378ddb17ef5d57b27941032e7c917313f555838ba5397816757da7bedb6c5ac760239455cf09861026920c2ab3119a3257d2eb61e8dac7c39ee5880cdfb7c4fcbcf28dc4fcceb81e81f5fbbc0179fe22fbac014b118ed1ec81652d34a67b53a9a8ee468d8e927a77ae79f381a249501d3055e7da0b7a8847850f4e35aaf5b5dd4338326da84d93091035bf10b80b3e79badd38fd5d2b9fdf0b0923c96193d93ae4d8753980f8c73e980934686f11acb266c161751367dc05e6ae5175bd304ae6b1fc016ff2a01eb05a1ba7ebf1b91cf25dc14852984acdfb008a5df08d5c8619c9211320b87a5f1b3902531050a147af6a7134316a7735ad310f6241258bd9b79e2dee1461840dfdd905bc2e17d55b49694a68f36bf4a64fb2f5a483b633398abaff7917d9f1216d70368ad4c8e4fcfb040040f32e8a6a534d02c4187fbd19b85f35f8c119e06e3dabaa210a649117722816b5a91c5125c84482d414edcd992c79aa80fd568a884c99d43b77a87daa96f662c53fba7367ee147daf620bc6d13d32c3d9cdf8095962a9bcb85a93b6598750cdbbf5925a2a0875afd1e58a568b89815ae420ea9553ed487a55393115a8907aaf3982827be1534576c257b8594b48d0d71fa1f56dd096a6ea3f7fa339b51585d36ef72d0bb0da4c2c84ace8d16be3ead998187df0e59045541b0a1e79e5ee5b1a55d8fcd157d49df504b6fc031c5fd1e01a8ee2ae9f84df78ef03595642a7812d737ad2595b922ee618823b53ae2594dc15193c7206591e9b16689c3d5bd4b4b8d6851c2e7f0550ba0178a64b8d3c08bfa35f064576ccac39e7936e2e10fd27785f66053580b45e9c93d666bb7d4eff042da50774049f0948b150a660e08e82fc352636cfa0fdc9409316e402440aba8ab8944840838d8121a76274a5f929101e25c2a7c0ccf84831c8981258b21679dd92b7c44a78acfd706cd25f8878873683a6f5aebc81d45375aefcb484bf517ec13dc814fdf390cd39f764a008777c9db7b22b1c7eb556a5f51fe9755916f84db7401744c015c1100b3d3cb8264b26c022d7f6441cd0f099681d7d9df8b3c9c6d153d6d0c30fefded15e74c7a9b5832032552ef6bfb3863330edac33a33df4a4839d661bf10ab6aed5d2093b57450ce6dd2fae63096d07e47b8ba3c5225625f6c8d98e007b49b907a4ca511aeefaf8ae3cf10ed63bf3a7dc0f7b0c1e48e6af2b158dc1ea12335ab91acaabacc104e79968f89999aec3b694aecc6783dfeb9a8efc140f18583d113454145bfbe1fe480bfb7de71fb394d08f453926208d5d595e09df3fa216fe78a2693c2c2a29cadb2c2e86ae09e912bd2ed18559a0f8b5f131b780fc8037081aa98eed56795f1bb5b44300f73b7ceb080d7c9b022b7246a93f7784aa3475e05e125d50b3a0cee066c609add2716ec88a70e1f0c79344b0cc80a543c28b970a186aefa24e9246882e790053d652b2175565a12916ce13f1865a40d34a9cc6555a7072b091e6e8b9c2c7137bca71cccc56e33281badaa73a30e67ff5ac9f489ab35bff85aa1daa10b23f4ca0d55f5850e6af0c5ac755364dcbd8c8cbd4bc76bfd220cb12d46361ef68dc9f90601a46a56140d19d05fe5be799c3af81340c9f07e252aa1768a5dfb4a0536481313d985d8ecb36cdbaa6891e0608ae5a842d9580400977d8a855308b85d1bd70e57523ca5c153640a2e7a778c9df5ad48e230d881c06e0222bba818738ee67ddb7cc2034d25a3ca5d259be6ad63f6cd84938be096d2ab5df0fa7249b57c7653a2c6a016d2890dbf6620c52e4594358c0711dea1bc6fbddb44f500bcbe64f269bf17e0c6c5d8e18ec56d3519706efb6c868d34643e48e5d05c91f458f8f3e0c6befc8511dfa508f5c26eafce1077a082abf8a868ddd62206f39e125cdfb52be753ac96f39341b797d23a3d173d783932271996f482fb80d8022700ab96efe2df6c19370fdf2030d784578a05594eb7905ab5125fc543713dad95d4467cd76f35de43e79a6eb5ede4edc8afb04ab682cf282ac865165329688e7a9a181cc42f9bc31c0203d5c4f8583f7f03ce0b69a5e7e5af7a87d8477dfe1ec64ec8e1132d7f36d3ce6c41dcbd347a50ba51c16340376f50f093269266f97a0b3570675d1bd54f7fccc8f99b264dcff9d057df961a6a4dc4268791091cc08208bd62e1088ca07ca5a2fa849978036554806fdfd9dcf231b28872715eb7b6f65b5ef064c49f0ad04e5bf4f50612a5f313b65eecf07c2b79f65a8b03058a043fcf4ca62a71027db9c2e5311febf53e8027d92f14ea0958000d1d388a323bdc70f6a2bffedd7d7697523b0c4add0e1234e35629014afd1789288e9ca6d65b49e5e2d31631da7674376781e7be087b9cdb58098744e4d6b9ffc2dd82d02ebe3886b869aae44f7080252dafd6d00718c5ddd1ef66d5a950ecd79a87ff35d286259e758e0a4bc552abe99a19d0abe5614e5e0474b8552c0b30cff0d44c816c7e23bec85bf466f7ab534b38e6d97fda0f42a3e2ad15d0f242b41818d7d0d99118a0c3230288a4fb7d18b19000cc58f46d26fefc703a00e6b5c592ad7e34caf29b9acf1d6cf3eec647b86ef3c5d5a8151914ec82320c546b92139e5c2ef2c7906413a0755d6bdb53441ef21a0d2d1400b4e024f4fd924a600d098f88649190cdb74a2390e497941743b87ff0d3e3016bc0f149b600232efa3a0403cbb6695520ad6aa4393c4f1cf201ac140e4a5e31bfdc1da895b0f38dd25d126cefd05fcde00f6f2afdb4e93c70cc3a6696c660c497b68072c3cfa7132d71a799cc1222c250df2aecee7d7656b888ccf61e9a572f76ba0a7d287ae7490365bd610bf9df142d131ee4324af19fb451e984a79b43026f516bec5e88a6aae9c6d37e13adfd2c99428dbd3dfab9ea008e15d01a2cada5c1e9482fd6e10de25ad362c83c27e913c6f27bed3dc5515d2e65eca95109c001782715fb897f3e572efda7196f96ec781f1e93201202a9596030d1936b25288dedde240d70dd3d01e5cd91e318a1ae3630d136e8e267deaac70079bf3282f93b08d12c9eb3f0b4617119857af8634531c922c75ca8b674e7cdf51a425fc0bb7f77c6a07e6a98293f991d7ba26e994d63cbb40becf54bdb74805006d55210e04bb31e8f97041cc9c345d8cc4783cf40a3007437872583ce7490a408f9d4d85d0fd063140e33078eb143d001f574ab412d8ab0affd504eacc1cf77ad14e2f3b7e78fb9ee66edb99fd6667e51bc522a6b61c0a7e81456097ce62b79fbf12dea8df4356f205f9ca4c0633aed65a0581952802be787bdbde12cd344f6cd0cd21cc3ce7515407051f61a8d686f25dd7dad9b3c8f9bd5ee578dd636028238eff03906b67751b275cd37d39b9c2458fa6b3bfeb9969ea1471ff982287efe8f31e3d50aa2a357c033691c78b5509c93272d674debc6a3a03a0ba7df7aa929888930de1b6a5aee0f599ea50ad079e183667142884be38b6715dbc6638c83a80f95bf9bad4e18bbd900da87964b7199ef9f49e3a1ae030d42107baba0e1170e48cd1b66d0bc63f1bded9748a2b8bea4a7d4b04e2d8dbd3b174d4a822470c2ffe4103fd2ecf0f9986935ae43cc8f2ed1e48ce542b197e6fee4ec1bd6f600a290d4e882b2fef318412aabd3fd1c9a57c313b81340bcded3505c0edd12fb88ec07e3743aaf48d93a3664a038953a3048f267c8f6b130e0d183f982cb4385dedf41e3dd68b0a00a8deb882476fe38cffce5f04c9dfd55a009051ef0608721d429b1f4731708d1c092eebe88382debdd0be1c6cb59ccf8d1951f350df8ca79972b3d35f420fd68b602ecaf29a94a0efe785042e8101d462a78ee0e215c380e7b115b74fe9b99d0762a0798d7e308d8594a158b28476dc1de2f4fa4bb68b9325d4bfb491212331eba8f2fabf611300d21fa9c7941306098a9ef3b5e66a40c3060bdc8f707956bcd95545db971d573b1cd9e4e9252b97d36a8a505855e8189b85cef25b736add58e74a67695e8f8e59a3bd97ed858a7c355ff674fd8402fa271bd3e50ccf88070408d31e76e9f166bd44f58fdfd682f8bdcc389ea33b4eee566f9a7e6174abcae98c0aacffae73c5b29fc5d210e35f7d42270b265ffde2de3d45439f8d71e371be19b0f2954bb9530ea5cc18f525c9c79990da81aac6c69550120d3c8ee98d82d8b6de6e59f86f41347d206411aa3a1cc39f841e8daf6a78f700170a140432126d3cd7c3b53cb592fd3aaaf7a45d02a8a537704cb5ea8d165315757d9477f0d52006525ef830dd7d16e82f9ef127689501ee55e2f69b79de0bab64b8325aa1f4bcae387fe84ed1baeecaa42413f684a1db7a120cb73853838f03565ade441ee66cb5f648e165fe617c539f6dec4f12a5f738171e8971184a9d6a14a123bf3cf888fc9e1253d6f98c26b3061e6358d36bdfdfdc85924b9114aec973f4d0e2d4b0c8cd66bf32fd208bb7485cb9c730c8d6e368fbf8fac16be225bcc8d320980f8f6d73ab1ed01d3db4a7e2c275da0fa6ee3eac4fb6b3831ce90b9d654a5039d0be542c3341ccae50193954a233b81e54a191e6cf1e0685ada89e21723ea1e836441d6b7d3da1d41e4e04f7cf770fdde3086c6dcc28b2bc4527b03fd5ca3fd5ce90c4ae665c34386d6bd423d391ea4a13bf62395846afd7bc8417889c02fe34373f20621d20d4912f1acef23169e7b45c7656643d1961fd1151a2a0df5b73fcb022a83d1b8b9a3669e00924a5af0d63bafb044eaaf09497f09187511254fe0d7343909f2b11ddea84191cbd14db3636c5458227ef53f8bd17bc933190958edcaf90453525b81cb0a2cc3088ae5c19fc7aa71b531ebf141a16bc11853bb82c320d21bd2ecf6556894fc586e253b659ab1545ee63e8a9a2d31765d07bc8ce446316aaf712cac59fa4e9d92e002c4421d2318e8b8dcbd67d1b9ca688d3d204a764e83e2d9b92cecd794b5f4763f482210165786b2892dd3a84b35c9348965de9f34ea2211d6062746c1053cd7d58cbef089c67209f301122fbcebd7ee15f627a78ccec7541a7b23f1f19f00238edadad3850fadea580aacf3f09261be6fd456d19c6c9b32e27f355178f0f8c4c9783b976a5555a198ad175274cbcf57ea23926fd38db0256ada2207115077ab6f0037c67a27532e68122ac57c990c581754736d72a81f4bba6d7a2ca7805873856a38c137e8a0b5741dcf16f3431d086e28ca138e2e75d129bff24137c930fb1f227083ed7055ad54d59d66fd4ec309b84767595a39d418d763b7f9c603d18d7992b2718cff68ad4975d1130b997a3a1f4fd27f583f95bf24cfdd49da653efe58d9a34703acca628938c8f395c701b1037151a3190d2eb174763fa78395b3e56bd716c8fe28d4e71d313e590561bf133c8a804c0c7f19453e0fcbf7315071120141780cf195ed34560ad38ecc7b81274768f96e37d6e655be2227eee8d0d1eea5e0c22502233377f56dab09a3f404e6216d65987066904c075bf09e39221dfc90f8c843abc9b145b9d5d7addf62d9016b8ee38b3a6c3d74f0656b3dc719782f6ea5cfb924e81e632d408d4b41c1aa56794c9a03c3527c826e2dc125b503d567536efef5c33e63507022f9615a503e52105f1357b8268a586e62a435b89f0aa4577baad3bda26c531e16ff99658f36fa86c2708d6a8142baf8db30db3fde91f51fe0ef9a19c9f4d79b16117ea59b8d92a9eb9cc4291f8fb758eea16dfffe3536ec690c02f767f36d4c1e93612dd09d6072501d5823adaa0183773b8ce6a841c1d78e97b364e527e5f2a5e185b1a9edbe425bb7c690d46fa65132d27834b0f1c06f69890fc5be997f7391da6324a2155b447470071f2435097e2ca46c0ee0dbda72d06dff6ef260934d198bad8a010023f2b8a04512732dcbb0ddc7c93cef9657dc4652789ad846958f9d696bd028d7e7f3b5876c25c01af0d252a2064c3a8663deb4d3f4692904152f758035f1746bbf8af5ced2837363de3a923a1ac1c1fb9d5258158d8f0b44e27a893820deb4f721f8cad92d7bdcfe26c098339719ce02bc54cf93b8760b36b6d8b7e2342e5ce7002dd9f46dc89fab1e878d574937e6969cb51a6f8a347ebcd48ce645aebcc2f7ed8e53c2564cdb80dad1040869650f5e16f334c19a479c4ae387648a372650d25101ba0deff30a944ca5cfefbbfaf0984687e5a2cb736b46f8df2a36784f4671f531c11c921cf4701de5b3395df8d88771326b3d7e2ff41b524abc75b9cdbdf40854f31c6a7e7847aea31900bcfe0b1311657ac591daffa773c6945c8444be06ddc0d5b49a4f713e04c7a78c423ca2177dc8c5ea898f5938105e8d5c560a4120a7d1444d546b09650b611013b9680f710cb843396aac34b91da40240098daad3672c45e35ff9bc804557d5b6ff3a46d455c7c8840e158a301b675de37558c4147c08fed3571af29da4d4a9ed9747f3c44a6f2cdfc7ac2be01b4180feb1997638a6fbd86227a0cec71b47312c0e3db7675f5939278008b93eaee1c09d7df8abf9e4d973c22c2b8a5743bec84fca15c855f231f15427b9e7d23f52b74e95577883322224a9cbdaf312afd780982666848d5e6e3dc403fa1061cc2c8914672e963909c14fb3612bca05aec976495c621f7fdb96ecb6714f966e3a44849ec256dbc9656d2d3166764a9608b6a91c9145367e764749d57a58d8e0b196921aa0e4520d6be238ccf9bdc462b63d02f95b36d62b93783f33bc56cb9cb224fccdadba782363b558985bedc9f079fb7bcb7cf91402bfbd8ece7e2840421fd2c1319728022ed81b4f24a9de307b127e09542fbfdf37e320dcf33c701f07cd1a64dfdf1bb3b34f303dff533b1ffa1abd7babc08395039b0f1165f132f5b131a47f51fab324d9502a3266a35cf6dfff372557b73bfb685ea46d2c38375231300ba10c6e16fcc873dc366f1cb7550659ccba00767bee15485c91aeee4a97d7af962d2f44e96e620bb2208410ef8aeb32c024e289668cad3c4e82e9fb0d76bd8d0343bd6fbd3460818594cca97be3d3140a244089b2ef22414b1fe8a4c1cd337532ed215bd7b73bb03753dbf26ec8e6d664dff003797bd34fc72fb6fcfdc916bd62b2ccb7193aee70869499b2349e6a4fcb35a9cba8dd8998de8afa734b854dc71e47f0103b0ff1c38562190def665509c76f037e393f8fe7ae05d8a4030640d99fda6f6e70d08709277e315e35e51a78dd3e1e47ee9cb06b9279989b97f42dae2cfd85296b570c3fe0f2615fadc33b09176b6e8c41978aa118ae407c3d8d12474d1aaab08b4067615d77c4373ac50715d9e9384461eb373790bbfe1b38976047eabb6ba9ecb4950110ceb95fbd11b32ed0b22b6d0c40bdcb44e9a08cca1e29dcf35da2db25606186a000bf157554ba7c55530dc3281336a272d9bc76814e2335db48c9980246214475f4dbc397e46d0b05cb1387d0551599ee0b67d612c085135f89472e99b275a48f7a90d2c6f377d023bc0f2ec69906856d4d05e94892d8aec469f800a76232f6b60fe170bde18df4702ae94556b976390d6aec61e6d017ebabe20fe7d0469b72207aff967865cc8dec893596449c640f486b2a8829d2973f65aadbd8b001f065b43ad57665887e1919f87a7e4d6e16b9beaf6099afffe31dca58f2869e707fa5f04d581ebcb8af9050a14a5a9fb333884e50a444563282118ab9c843f8152a7765901f392b32b22db3867bef3ef05fa41286bffc556e5357ae22bcde91e5a0d80dab8d0d83aa1d60f25b14dec69dcf15f3dc48e677b684c61d51c124bff09702d8e1e663cb87a7efefdbcf3576178e7dd614e3266b7f83f338250ffcf64260c7ca621c4750fe0345483202adab46eeb42779759e4974707b23e12bcc63371a9c1a39e681dd2bb6d2d304f3baefc9b38e16aeb4b33df166c0e19186b0fc8269bd9cd96d5b3adda68ccb9be58963a3865291d767fd6f8f133f30b9404ed1231cfa93d21d5f16941252650f6684b6499adef0aeae110ba35f9c611a08b57e3f219c2bd7bd5ffff509aa7cddd73bc62e681dabd8f15b24fd924f6ab00fbb2b16cc6af67fbeea2960ab6f5f98f1a6d0a870ccf10e3ba73d48e0ef1b38bfd7463b30309683e65dbf90776ab30cbf0e762c86c9864e27ca9a95e15a7b9d0b902f3dff2c8db81373ab7edc5eaf45a6230ff72837bed6fd2f0b3bcf829b5b75bbfa1b18af3c9f7490381eae64b553921c4da40db5a17afee6658acaf6a2eb1d381e1ccd9ec4e68eeae2f3e0d5de21a453ef99d99d65d6a067dff051822b9cacf5f1110e2972e2724c979b0c6c8bf5295716022c47c8f4af702bcfe1060602ba8f4be94815dd22ba2ee0d76f46eb4fd816d7e7b88a37a9cb65f1ef32e6cc6d101de6e94050eed22f6c0299a7cfb74a5f5f6ef4683f071839943017e0b58c8cc5a77251909888ab6f69b0e18b8ed8905654578f1604c620f7d8bcb0a0010a2b71a1b8d11e34f7c674912fbb61fad795b6fd455cf4feeff71d865d92ae41c3a5935d7ee5c28706de5cd4733a26320bc5e79b4352b63d7d320c69a63d9057187799ae483a6e9dc7ce101851cd598319173ab4ac49bf3b25ec8bd9fe8b664c87722223f1ee8c1b613e78729072ebcd51b7b9e3c5dd22b17b0dccf6a177b9fe279f56644476acb27f5c4a7bff77d0416dead2231d8f8ee44e6618ddcc2b9e34919bf21fa986d9e6b9d54c007e2f15293808b065c62aad7f9f42b0f39361528328071c4b5df273d2b41e2b9881a8c215fbb0280fd79a77570f93855d5d795a89613e0b4be1d8b1f50864637471d694ac417216294b08a4226fe098dee8d410bc3828ef27777489b9e6e3701e6ccf13151070b027fb53b00ee3a5e780348f47d314d04b353c76f920c69d571d7b674d2b1f9ad1597bd6f36e5ff82981d2158990e21b7102b20fbdbcbd2c2c25da51aceff00a1e7a56c8f75f9bf3655d6142ac74cbc8ee70ffec7a45bf1c4a3b6a65f629494670a84088a802598909031871dd576a5d47d911b509b0799e7178657dd66943ddc2666b7cae6b996c8b55b7cf0a6b9ce396cc3e262ebb83c2f640ec6a80538823a83fb3b74c8b51a8cbb18b4925b8045530ce8283c962561e3da3f7843720b4dc6afbe5278fe9a964860b88e33aedb298b61910e5c3ea4971e02cf869d5e68e8a95215e0e207af9b7e48f3452dc9aaf0bf15202932e71552a1f79a6482afc0c104fc70f3ffeb153a249620dafb5ef82308e97113ba4aee10301ea19ec5f0f2d643fba39a4a5f039003187255c1cd9a7d54253ab0c6f8c09cf51ea635d945231386fd891d80483ddb4f4d8e68a62a71b61bbd75b74fdff1610949508d33d740a72c633dde4db6a4cdc92a7de18a7b9ceec93ef8e130fbee0b66d7c4d3eb3d92d41f89b3bc7f276f275f827a5f5d4eee0ed7c0a90ca0a6639a974ed1311422372d7a84305ed6154a80f9cf4dc52a717c5ba57aa2e4fc2adb9da2b5c246706777fce38f6aba54534701314df2bb1725ec00b40bf6281ea0f45f3d085836934a8c884bbc3a89fca0240525fbc58969e7772709a3eb827e4da5035c852be598c14a36f71c78ca002bdc4161da2daf8db5303185b9dc97302a2df8f3adb1acfc5a19faa3066318892b44276606f537475b03d28b01182eba9be649c74b35dca086e4bbe0e9d6c5f3edf6c929e3ace7419cc7b106fe74d1b81eb675dd361a8099f8327cb99a72b1b83e194fd90c92450a6525445b7f2aac705920793ea1e0f1b33c754a0460fc681716fa70a383f81c6cf95f49e54baaae984bf931e9bd28942e5c4e90f57d2d398299669af06e62fcf860dec6158982f80331060f24af75ac27bf05e3652a822d6421c26c2dd33ddf1ce60d4c7a74abba565bec2e18b7a5cf21ac63c8271ac2c00ed736bc14998448dc4c19c5f50f9f9c75b4dc546a33c26e8ea26ab2ab05de5f4a346831bf743abd4119079d42df45b461258cbf1ca05370229802f7e0430c5496cac07658ac3ce55ad783a55b3414c0572dc3632a368c9395af43ad25a0e1fa3569366492bb9063a64b77a4d0001208ad093f98c1c3482e97015dcbae76f173bdce59db0bfd1015de911b3b652bae2dfba64f496e7bab5735fc3b683ffe19750b73ea2491b1f7a2be4db9ca703f11c360d7b2ef8f49b9d262900de5476f682bf7d526497f7825cebf9f136a4d6b347d1874fa6fe441fb95d338080b2a5268cfaea8fed039a1900028c4aecf225e0bb328522c2944f2a7281daebb2dd52d312be1c5824cb19317021d10ba3b89d02763677172ce0ae6ca996b147a934a266e75b2bf35d523b7f9eddf0afe102d4ee9db8926d10be781bbaa25b815ea2dad9a9908a827be0c0e5b6b960e99b702d76b2af58a2afe7eb1e2cf30e660cf6296bd11607c33e85fefbff67b0dd74c5110236048da6d92eabda02925f0816ec048cb1333894aa172ee73d5e3c833e3858a0e219debc74d89bda90c70f88bbe41c943375840ceb55064b2f2b239cfc769582cd410f1bdb26fc78d9728a30899b3460405b157a1dcd33b31fb6e2a4113e4bb41214aae4a037f99f8", 0x2000, &(0x7f0000007080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(r0, &(0x7f0000007100)={0x2020}, 0x941f) 15.267951562s ago: executing program 1 (id=818): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008802, &(0x7f0000000280), 0x9, 0x5f2, &(0x7f0000002540)="$eJzs3c9vVNUeAPDvmf6gpbzXQl7ee7iQJsZAorS0gCHGBWwNafBH3Lix0kKQAg2t0aIJJcGNiXFjjIkrF+J/oUS2rHTlwo0rQ0LUsDRxzJ3eKZ32Tkt/TKf2fj7J0HvPmTvn3JbvnHPPnHMngNIazP6pRByMiOkU0Z/mF/M6I88cXHjeoz8+PJ89UlSrr/2WIuVp9een/GdffnBPRPzwfYoDHSvLnZm7cXl8amryer4/PHtlenhm7sbRS1fGL05enLw6+sLoqZMnTp4aObah87pZkHb29jvv9X889ubXX/6ZRr75eSzF6Xg5f+LS89gqgzFY+52klVl9p7a6sDbqXLafliewY3Xkf7+uiPhf9EfHkr9mf3z0SlsrB7RUNUVUgZJK64j/rLfQyroA26neD6hf2y+/Dq60pVcCbIeHZxYGAFbGf+fC2GD01MYG9j5KDeM8KSI2NjLXaF9E3L83dvvCvbHb0aJxOKDY/K2I+H9R/Kda/A9ETwzU4r/SEP9Zv+Bc/jNLf3WDPYXlQ8XiH7bPQvz3rBr/0ST+31oS/29vog75pcjN3ob4793EKwIAAAAAAEA53T0TEc8Xff5fWZz/EwXzf/oi4vQWlD+4bH/l5/+VB1tQDFDg4ZmIlwrn/1bqs38HOvKtf9XmA3SlC5emJo9FxL8j4kh07cn2R1Yp4+gnB75oljeYz/+rP7Ly7+dzAfN6POjc03jMxPjg+GbPG4h4eCviqcL5v2mx/U8F7X/2fjD9hGUcePbOuWZ5a8c/0CrVryIOF7b/j+9akVa/P8dwrT8wXO8VrPT0B59+26z8jca/W0zA5mXt/97V438gLb1fz8z6yzg+11ltlrex/v/seHd6vXZXoe487f3x2dnrIxHd6WxHltqQPrr+OsNuVI+Herxk8X/kmdXH/4r6/70RMb/stdPvjWuK6/77V98vzeqj/w/tk8X/xLra//VvjN4Z+K5Z+U/W/p+otfVH8pSs/W/dbwT+OT6vh2l3Y3pBOHYWZW13fQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgN6hExL5IlaHF7UplaCiiLyL+E3srU9dmZp+7cO3dqxNZXu37/yv1b/rtX9hPte//r2Tbj/dHo3H/eETsj4jPOnpr+0Pnr01NtPvkAQAAAAAAAAAAAAAAAAAAYIfoa7L+P/NrR7trB7RcZ7srALRNQfz/2I56ANtP+w/ltaH4T/NbXxFg22n/obzEP5SX+IfyEv9QXuIfyso4PgAAAAAA7DL7D939KUXE/Iu9tUemO8/ramvNgFartLsCQNu4xQ+Ul6l/UF6u8YG0Rn5P04PWOnI10+c3cTAAAAAAAAAAAAAAlM7hg9b/Q1lZ/w/lZf0/lFd9/f+hNtcD2H6u8YFYYyV/4fr/NY8CAAAAAAAAAAAAALbSzNyNy+NTU5PXbbyxM6pRtNHboleuVqs3s/8FbT/B3bFRnwq/U+qzbKO+1u/JjmrfexIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDo7wAAAP//sg0n+g==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) fallocate(r0, 0x0, 0x0, 0x8001) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000), 0x2}}, 0x20) 13.955983479s ago: executing program 1 (id=821): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000100), 0x38) 13.81975018s ago: executing program 1 (id=822): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x40000000004) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)=0x33) 5.108000422s ago: executing program 3 (id=870): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x498, 0x4) syz_emit_ethernet(0x83, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000280)={0xa, 0x2, 0x0, @loopback}, 0x1c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) sendto$inet6(r1, &(0x7f00000000c0)="04", 0x1, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) shutdown(r1, 0x1) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000840)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)=""/68, 0x44}, {0x0}], 0x5}, 0x40000110) 5.059491596s ago: executing program 3 (id=872): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000980)='sys_enter\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1810714, &(0x7f0000000280)={[{@jqfmt_vfsold}, {@noblock_validity}, {@usrquota}, {@prjquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}, {@jqfmt_vfsold}, {@usrjquota, 0x5}, {@min_batch_time={'min_batch_time', 0x3d, 0xa9f}}, {@nodiscard}]}, 0xff, 0x467, &(0x7f0000000780)="$eJzs289vFFUcAPDvzG7LL6EVEQVBqmhs/NHSgsrBi0YTD5qY6AGPtS0EWaihNRFCtBqDR0Pi3Xg08S/w5MmoJxOvejckRIkJ6IU1szvTdpfd0h9blnQ/n2S67+28nXnfvnkzb+btBtCzhrI/ScR9EfF7RAzUs40FhuovN69fmvz3+qXJJKrVt//qr5W7cf3SZFG0+NyOPDOcRqSfJ/lOGs1euHhmolKZPp/nR+fOfjA6e+Hic6fPTpyaPjV9bvz48WNHx158Yfz5jsSZxXdj/8czB/a9/u6VNydPXHnv5++y+u49WF+/NI5OGcoC/7ta07zuyU7vrMtuVRfjTMrdrg0rVYqIrLn6av1/IEqx2HgD8dpnXa0csKGyc/aWFm/nr/NVYBNLots1ALqjuOBn97/FcheHH1137eX6DVAW9818qa8pR5qX6dvA/Q9FxIn5/77Olmh6DrHQPv0bWAEAoOf8kI1/nm01/ktj75Jyu/K5ocGIuD8idkfEAxGxJyIejKiVfSgiHl7l/punhm4ff6ZX1xTYCmXjv5fyua3G8V8x+ovBUp7bWYu/Lzl5ujJ9JP+fDEffliw/1mrjxSZe/e3LdvtfOv7Llmz/xVgw38jVctMDuqmJuYlODUqvfRqxv9wq/mRhJiCJiH0RsX91m95VJE4//e2BdoXuHP8yOjDPVP0m4ql6+89HU/yFZPn5ydGtUZk+MlocFbf75dfLb7Xbf8v4b+1cf2ArlLX/9sbjf2FdqfZ34J9k6XztbKz6huTyH1+0vacsr/H470/eqc3pFjX5aGJu7vxYRH/yRkTz++OLny3yRfks/uHDrfv/7vwzWfyPRER2EB+MiEcj4lDedo9FxOMRcXiZ+H965Yn3261b1/EfsW2F5drK4p9qef5bOP4HG9t/9YnSmR+/X3v8Wfsfq6WG83dq5787aF+drXmJxaMZAAAANru09t34JB1ZSKfpyEj9O/x7YntamZmde+bkzIfnpurfoR+MvrR40jWw5HnoWDKfb7GeH8+fFRfrj+bPjb8qbavlRyZnKlNdjh163Y7G/n+o6P+ZP0vdrh2w4fxeC3pXc/9Pu1QP4O5z/Yfepf9D79L/oXe16v+fNOXNBcDm5PoPvUv/h96l/0Pv0v+hJ63nd/0blSgv8+t9iXslEek9UQ2JFonsgr5lnb2722cmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAzvg/AAD//7K/8i4=") fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) 4.782888188s ago: executing program 3 (id=873): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xb8}}, 0x0) 4.677140957s ago: executing program 4 (id=874): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) syz_emit_ethernet(0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="f60db9be9ce2aaaadcaaaaaa8100000088a8"], 0x0) 4.531903339s ago: executing program 3 (id=875): syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x2010400, &(0x7f0000000380)={[{@nouid32}, {@block_validity}]}, 0x1, 0x4c1, &(0x7f0000000940)="$eJzs3MtvG8UfAPDvrpO06eOX/Ep5tBQwFEQEImlTHj1woAgkLkggOBSJS0jSqtRtURMkWkUiINQeUSVuHBA3kPgLOMEFAReQQOICd1QJoV4onIzs3U1s13bzTok/H8n2jHe8M9/dnc3ujOMAela59pRE7IqIXyNiKMs2FyhnL9evzU3+fW1uMolq9ZU/k3q5v67NTRZFi8/tzDMjaUT6QVIs6Gtc7cyFi6cnKpXp83l+bPbMW2MzFy4+durMxMnpk9Nnx48effzI4aeeHH9ilRH+Un8eynMH9r3w2pUXJ49feeO7Ly7vzuKOljhWLm3KlaPcvC0bPLT6ym4puxvSSd8mNoRlKeUds7/e/4ei1NBNh+L597t+ePsGNBBYN9Vqtbqt8+L5aia2V4GtJ4n8tS9is9sCbKTiD33t/rd4bNClxy3hj2PZDVAt7uv5I1vSt3A3399yf7uWyhFxfP6fT2qPaB2HGFinSgGAnvbVsYj5PN18/ZfGHRHxcr7sf/kcynBE/D8i9kTEbRGxNyJuH4x62Tsj4q5l1l9uyZdirmVUOb26osCWqHb993Q+t9V8/Zdf/Q3EcCnP7c6GypMTpyrTh/JtMhL95Vr+cFa6ZbqnPhMWXz/304ed6m+8/qs9avXXrwUHixLp1b6WAbqpidmJNYv/vYj9fe3iTxZmAmpB7YuI/e1W8MzN6zj1yOcHOi3rGP9SrME8U/XTiIez/T8fefzZZffirky6z0+ObY/K9KGx4qi40fc/XnqpU/2rin8N1Pb/jrbHfxH/cD21MF87k707uIw6Lv12ebK+vvkbl7WNv9RYov3xP5C8Wk8PNDzXGlu0q3jnnYnZ2fPji58t8vXXw1n8Iwfb9/89sbgl7o6I2kF8T0TcGxH35W2/PyIeiIiDXeL/9tkH32zI3jC9fjyJTd3/U9n+39Z+/8dw8/5ffqJ0+psvO9WfzZB3O/7Tn1/PUyP56xLOf+XK9Pni7NC1gSvcbAAAAPCfkkbErkjS0YV0mo6OZiOXe2NHWjk3M/voiXNvn53Kvis/HP1pMdKVjQf3J8X453BDfrwlfyQfN/6oNFjPj06eq0xtdvDQ43Z26P81v5c2u3XAuvP/WtC79H/oXfo/9K6++Ljb95eALerdmxfp34h2AJsibffmEs4LwBbg/h96l/4PvUv/h97Vvf/7FiBsUTPVlf9ff6UYOOywqPmdZLFM8SMNK6q0OZG2X1Scs1ax5hUnPst/K3BDK11Corq2K4y046LB1i2fbHbsi4nq0guna3OIrnWiOLa7lPlhFVVU88RGn4kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADWx78BAAD//9i3vyI=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f00000001c0)='./file0\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 4.329317496s ago: executing program 3 (id=877): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wg1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000180)=@ipv4_newaddr={0x20, 0x14, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r4}, [@IFA_LOCAL={0x8, 0x2, @remote}]}, 0x20}}, 0x0) 4.298889318s ago: executing program 4 (id=878): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001800)={&(0x7f00000017c0)='kfree\x00', r0}, 0x10) syz_clone(0x40000700, 0x0, 0x0, 0x0, 0x0, 0x0) 3.932474308s ago: executing program 4 (id=881): syz_emit_ethernet(0x46, &(0x7f0000000200)={@local, @random="d451299de494", @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@ssrr={0x89, 0x7, 0xe2, [@empty]}, @cipso={0x86, 0x6}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) 3.819867477s ago: executing program 4 (id=882): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000180)={0x1f, 0xffff}, 0x6) close_range(r1, 0xffffffffffffffff, 0x0) 3.762857362s ago: executing program 4 (id=884): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$unix(0x1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r4}, 0x10) syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'wg1\x00'}) 3.270297872s ago: executing program 4 (id=885): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac14140000000000000000000000000000000000000000000a"], 0xb8}}, 0x0) 2.667871731s ago: executing program 3 (id=890): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r5}, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wg1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000180)=@ipv4_newaddr={0x20, 0x14, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r6}, [@IFA_LOCAL={0x8, 0x2, @remote}]}, 0x20}}, 0x0) 1.21914562s ago: executing program 0 (id=895): r0 = fanotify_init(0x0, 0x0) r1 = memfd_create(&(0x7f0000000180)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3', 0x0) r2 = dup(r1) fanotify_mark(r0, 0x1, 0x1029, r2, 0x0) write$FUSE_INIT(r2, &(0x7f0000000040)={0x50}, 0x50) 1.063903623s ago: executing program 0 (id=897): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000200)={'#! ', './file0'}, 0xb) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4000005, 0x10012, r0, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x2, 0x9, 0x0, 0x0, 0x0, {}, [@NFCTH_QUEUE_NUM={0x8}]}, 0x1c}}, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) r1 = socket(0xa, 0x6, 0x0) getsockopt$inet6_mreq(r1, 0x10d, 0x9f, 0x0, &(0x7f0000000000)) 1.063614303s ago: executing program 0 (id=899): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x8, 0x7, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000046000200000000000700000000000000050001000000000085100000faffffff95"], &(0x7f0000000180)='GPL\x00'}, 0x90) 990.859619ms ago: executing program 0 (id=900): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x0, 0x0}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) 901.925616ms ago: executing program 0 (id=901): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000003100), r1) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f0000003240)={0x0, 0x0, &(0x7f0000003200)={&(0x7f0000000340)={0x14, r2, 0x1}, 0x14}}, 0x0) 791.902445ms ago: executing program 0 (id=902): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x2}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) memfd_create(&(0x7f0000000240)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+ \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xaf\x14\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97', 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b18, &(0x7f0000000000)={'wlan1\x00'}) 527.579276ms ago: executing program 2 (id=903): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x328000, 0x800}, 0x20) 228.401481ms ago: executing program 2 (id=904): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000240)={'bridge_slave_0\x00', 0x0}) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) munmap(&(0x7f0000ba0000/0x2000)=nil, 0x2000) munmap(&(0x7f000045e000/0x1000)=nil, 0x1000) mremap(&(0x7f00006bd000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000721000/0x4000)=nil) munmap(&(0x7f0000b45000/0x1000)=nil, 0x1000) madvise(&(0x7f0000ad2000/0x4000)=nil, 0x4000, 0x10) mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil) mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil) mremap(&(0x7f000046b000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000769000/0x1000)=nil) mremap(&(0x7f0000ccc000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000b0e000/0x2000)=nil) 139.990128ms ago: executing program 2 (id=905): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 111.636211ms ago: executing program 2 (id=906): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x13012, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) munmap(&(0x7f0000ba0000/0x2000)=nil, 0x2000) munmap(&(0x7f000045e000/0x1000)=nil, 0x1000) mremap(&(0x7f0000dde000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000bb3000/0x1000)=nil) 64.352964ms ago: executing program 2 (id=907): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x1a, 0x0, &(0x7f0000000080)) 0s ago: executing program 2 (id=908): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a"], 0x3c}}, 0x0) kernel console output (not intermixed with test programs): HANGE): bridge0: link becomes ready [ 45.536334][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.538977][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.541610][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 45.544300][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 45.547541][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 45.550173][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 45.552867][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 45.555929][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 45.558464][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.560937][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 45.563517][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.566992][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.569583][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.572184][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.574777][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.577370][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 45.580368][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 45.582812][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.585431][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.589979][ T3978] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 45.621244][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 45.623806][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 45.626772][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 45.646330][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.648976][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.672135][ T3976] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.680142][ T3968] device veth0_macvtap entered promiscuous mode [ 45.692454][ T3968] device veth1_macvtap entered promiscuous mode [ 45.725248][ T4018] Bluetooth: hci1: command 0x041b tx timeout [ 45.740769][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 45.743302][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 45.746260][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 45.748916][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.751518][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 45.751766][ T4015] Bluetooth: hci0: command 0x041b tx timeout [ 45.753593][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 45.763354][ T3968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 45.767558][ T3968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.771312][ T3968] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 45.777463][ T3980] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.790178][ T3968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 45.792920][ T3968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.805842][ T3968] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 45.808697][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.811331][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.813991][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.815943][ T4015] Bluetooth: hci2: command 0x041b tx timeout [ 45.818256][ T4015] Bluetooth: hci4: command 0x041b tx timeout [ 45.818687][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.819926][ T4015] Bluetooth: hci3: command 0x041b tx timeout [ 45.828318][ T3976] device veth0_vlan entered promiscuous mode [ 45.834433][ T3976] device veth1_vlan entered promiscuous mode [ 45.852944][ T3968] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.855765][ T3968] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.858171][ T3968] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.860390][ T3968] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.864309][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.867910][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.870792][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 45.873316][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 45.878607][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 45.881266][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.883914][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.887947][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.897082][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.905030][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.911550][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 45.936015][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.938551][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.943555][ T3980] device veth0_vlan entered promiscuous mode [ 45.951073][ T3976] device veth0_macvtap entered promiscuous mode [ 45.954625][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.957612][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.959944][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.962525][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.966595][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 45.976874][ T3976] device veth1_macvtap entered promiscuous mode [ 45.983283][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 45.986333][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 45.988422][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 45.994679][ T3978] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.005993][ T3980] device veth1_vlan entered promiscuous mode [ 46.017747][ T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.019984][ T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.035233][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 46.037795][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 46.040336][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 46.050445][ T3980] device veth0_macvtap entered promiscuous mode [ 46.054599][ T3980] device veth1_macvtap entered promiscuous mode [ 46.086445][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.088575][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.098814][ T3976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.101578][ T3976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.104241][ T3976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.113113][ T3976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.118895][ T3976] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.121171][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 46.123825][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.135655][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 46.138240][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 46.140746][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 46.143429][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.161723][ T3980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.164518][ T3980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.170285][ T3980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.173027][ T3980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.178654][ T3980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.181427][ T3980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.186330][ T3980] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.196660][ T3976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.199421][ T3976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.202068][ T3976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.204687][ T3976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.220799][ T3976] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.222952][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 46.226508][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 46.229944][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.235741][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.241224][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 46.245964][ T335] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.246840][ T3980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.248328][ T335] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.250965][ T3980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.270168][ T3980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.273257][ T3980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.276198][ T3980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.278925][ T3980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.294940][ T3980] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.314618][ T3976] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.318765][ T3976] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.321083][ T3976] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.323326][ T3976] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.328597][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 46.331866][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.334557][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 46.340881][ T3980] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.343156][ T3980] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.359226][ T3980] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.361568][ T3980] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.411051][ T26] audit: type=1326 audit(46.360:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4052 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf567e28 code=0x7ffc0000 [ 46.437295][ T26] audit: type=1326 audit(46.390:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4052 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffaf567e28 code=0x7ffc0000 [ 46.442911][ T26] audit: type=1326 audit(46.390:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4052 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf567e28 code=0x7ffc0000 [ 46.462193][ T26] audit: type=1326 audit(46.390:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4052 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffaf567e28 code=0x7ffc0000 [ 46.481261][ T26] audit: type=1326 audit(46.390:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4052 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf567e28 code=0x7ffc0000 [ 46.536220][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.538447][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.578249][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 46.590919][ T26] audit: type=1326 audit(46.540:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4061 comm="syz.1.10" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb7cb6e28 code=0x7ffc0000 [ 46.618616][ T26] audit: type=1326 audit(46.570:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4061 comm="syz.1.10" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=14 compat=0 ip=0xffffb7cb6e28 code=0x7ffc0000 [ 46.637747][ T26] audit: type=1326 audit(46.570:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4061 comm="syz.1.10" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb7cb6e28 code=0x7ffc0000 [ 46.655520][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 46.658230][ T4017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.664997][ T335] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.667164][ T335] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.671328][ T335] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.673508][ T335] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.683246][ T4064] loop2: detected capacity change from 0 to 2048 [ 46.706300][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 46.708785][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 46.711379][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 46.713900][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.732525][ T3978] device veth0_vlan entered promiscuous mode [ 46.737366][ T4064] UDF-fs: warning (device loop2): udf_fill_super: No partition found (2) [ 46.745168][ T335] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.747265][ T335] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.781473][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.784033][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.795385][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 46.804663][ T3978] device veth1_vlan entered promiscuous mode [ 46.877971][ T3978] device veth0_macvtap entered promiscuous mode [ 46.882726][ T3978] device veth1_macvtap entered promiscuous mode [ 46.922486][ T26] audit: type=1326 audit(46.870:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4073 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb491ae28 code=0x7ffc0000 [ 46.930150][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 46.933979][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 46.940070][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 46.942914][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.955288][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 46.957496][ T26] audit: type=1326 audit(46.910:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4073 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb491ae28 code=0x7ffc0000 [ 46.973195][ T3978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.979798][ T3978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.982413][ T3978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.987484][ T3978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.990150][ T3978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.993030][ T3978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.005984][ T3978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.013750][ T3978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.018397][ T3978] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.035359][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 47.038016][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 47.041120][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 47.043908][ T4077] netlink: 8 bytes leftover after parsing attributes in process `syz.1.14'. [ 47.072436][ T4079] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14'. [ 47.096636][ T3978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.099524][ T3978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.102184][ T3978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.107514][ T4083] netlink: 'syz.0.17': attribute type 1 has an invalid length. [ 47.123485][ T3978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.132028][ T3978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.144829][ T3978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.147518][ T3978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.151151][ T3978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.154415][ T4085] netlink: 20 bytes leftover after parsing attributes in process `syz.3.18'. [ 47.185871][ T3978] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.195546][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 47.198250][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 47.212552][ T3978] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.245426][ T3978] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.247764][ T3978] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.257387][ T3978] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.465367][ T379] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.467607][ T379] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.660236][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 48.895775][ T4115] loop3: detected capacity change from 0 to 8 [ 49.062081][ T4116] loop1: detected capacity change from 0 to 8 [ 49.898741][ T4015] Bluetooth: hci0: command 0x040f tx timeout [ 49.900463][ T4015] Bluetooth: hci3: command 0x040f tx timeout [ 49.904524][ T4015] Bluetooth: hci4: command 0x040f tx timeout [ 49.906309][ T4015] Bluetooth: hci2: command 0x040f tx timeout [ 49.908454][ T4029] Bluetooth: hci5: command 0x0409 tx timeout [ 49.947578][ T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.950583][ T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.954863][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 51.018943][ T4130] loop0: detected capacity change from 0 to 8 [ 51.382272][ T4091] chnl_net:caif_netlink_parms(): no params data found [ 51.647032][ T4157] Zero length message leads to an empty skb [ 51.661846][ T4091] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.663882][ T4091] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.675590][ T4091] device bridge_slave_0 entered promiscuous mode [ 51.698379][ T4091] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.703658][ T4091] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.713196][ T4091] device bridge_slave_1 entered promiscuous mode [ 51.802534][ T4091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 51.832284][ T4091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 51.917503][ T4091] team0: Port device team_slave_0 added [ 51.933796][ T4091] team0: Port device team_slave_1 added [ 51.965478][ T4117] Bluetooth: hci0: command 0x0419 tx timeout [ 52.438362][ T4091] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 52.448279][ T4091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 52.489371][ T4091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 52.512269][ T4091] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 52.523034][ T4091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 52.585059][ T4091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 52.638009][ T4029] Bluetooth: hci5: command 0x041b tx timeout [ 52.639974][ T4029] Bluetooth: hci2: command 0x0419 tx timeout [ 52.645816][ T4029] Bluetooth: hci4: command 0x0419 tx timeout [ 52.647452][ T4029] Bluetooth: hci3: command 0x0419 tx timeout [ 52.827116][ T4091] device hsr_slave_0 entered promiscuous mode [ 52.895862][ T4091] device hsr_slave_1 entered promiscuous mode [ 52.916776][ T4091] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 52.918912][ T4091] Cannot create hsr debugfs directory [ 53.048131][ T4183] capability: warning: `syz.4.46' uses deprecated v2 capabilities in a way that may be insecure [ 53.225280][ T4091] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.315387][ T4091] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.346619][ T4191] syz.0.49 uses obsolete (PF_INET,SOCK_PACKET) [ 53.472001][ T4195] loop3: detected capacity change from 0 to 512 [ 53.526748][ T4195] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.51: invalid indirect mapped block 256 (level 2) [ 53.548157][ T4195] EXT4-fs (loop3): 2 truncates cleaned up [ 53.558888][ T4195] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 53.601946][ T4191] team0: Device ipvlan2 failed to register rx_handler [ 53.741251][ T4091] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.847059][ T4091] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.076186][ T4091] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.140522][ T4221] loop4: detected capacity change from 0 to 512 [ 54.183343][ T4091] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.189650][ T4221] ======================================================= [ 54.189650][ T4221] WARNING: The mand mount option has been deprecated and [ 54.189650][ T4221] and is ignored by this kernel. Remove the mand [ 54.189650][ T4221] option from the mount to silence this warning. [ 54.189650][ T4221] ======================================================= [ 54.243167][ T4221] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 54.243199][ T4221] EXT4-fs (loop4): Couldn't mount because of unsupported optional features (800) [ 54.272081][ T4091] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.316222][ T4091] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 54.586861][ T4232] netlink: 12 bytes leftover after parsing attributes in process `syz.3.63'. [ 54.684969][ T4016] Bluetooth: hci5: command 0x040f tx timeout [ 54.757090][ T4091] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.805038][ T1529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.807477][ T1529] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.829259][ T4091] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.210092][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 55.227966][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 55.231590][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 55.659285][ T3271] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.662023][ T3271] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.665906][ T3271] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.667841][ T3271] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.678829][ T4013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.681409][ T4013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.684045][ T4013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.712067][ T4013] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.714096][ T4013] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.730481][ T4013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.764492][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.767687][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.771602][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.793029][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.813152][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.859405][ T4245] loop0: detected capacity change from 0 to 64 [ 55.860212][ T4091] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.864110][ T4091] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.868621][ T4242] udc-core: couldn't find an available UDC or it's busy [ 55.870589][ T4242] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 55.884988][ T4013] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.887468][ T4013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.890031][ T4013] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.892896][ T4013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.911054][ T4013] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.913647][ T4013] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.947151][ T4245] netlink: 'syz.0.68': attribute type 3 has an invalid length. [ 55.949294][ T4245] netlink: 8 bytes leftover after parsing attributes in process `syz.0.68'. [ 56.212609][ T4091] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.313463][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 56.322915][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 56.325626][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 56.334594][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 56.364334][ T4091] device veth0_vlan entered promiscuous mode [ 56.394150][ T136] device hsr_slave_0 left promiscuous mode [ 56.906876][ T136] device hsr_slave_1 left promiscuous mode [ 57.081819][ T3271] Bluetooth: hci5: command 0x0419 tx timeout [ 57.145291][ T136] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 57.147568][ T136] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 57.153951][ T136] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 57.156801][ T136] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 57.162736][ T136] device bridge_slave_1 left promiscuous mode [ 57.165189][ T136] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.218049][ T136] device bridge_slave_0 left promiscuous mode [ 57.219937][ T136] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.345209][ T136] device veth1_macvtap left promiscuous mode [ 57.347091][ T136] device veth0_macvtap left promiscuous mode [ 57.348809][ T136] device veth1_vlan left promiscuous mode [ 57.350781][ T136] device veth0_vlan left promiscuous mode [ 57.589532][ T136] team0 (unregistering): Port device team_slave_1 removed [ 57.603718][ T136] team0 (unregistering): Port device team_slave_0 removed [ 57.617577][ T136] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 57.662596][ T136] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 57.811218][ T136] bond0 (unregistering): Released all slaves [ 57.918505][ T4091] device veth1_vlan entered promiscuous mode [ 57.930913][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 57.933475][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 57.943557][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 57.946589][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 57.950029][ T4273] netlink: 12 bytes leftover after parsing attributes in process `syz.4.79'. [ 57.952534][ T4283] netlink: 17 bytes leftover after parsing attributes in process `syz.0.81'. [ 57.958591][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 57.962251][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 57.964316][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 58.071395][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 58.073928][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 58.085386][ T4013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 58.088229][ T4013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 58.118768][ T4289] loop1: detected capacity change from 0 to 2048 [ 58.126925][ T4287] netlink: 248 bytes leftover after parsing attributes in process `syz.3.83'. [ 58.131856][ T4091] device veth0_macvtap entered promiscuous mode [ 58.159842][ T4091] device veth1_macvtap entered promiscuous mode [ 58.194353][ T4091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.206050][ T4289] UDF-fs: warning (device loop1): udf_fill_super: No fileset found [ 58.210856][ T4091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.218702][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 58.218713][ T26] audit: type=1326 audit(58.170:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4294 comm="syz.3.87" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb491ae28 code=0x0 [ 58.220567][ T4091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.238890][ T4091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.241961][ T4091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.244665][ T4091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.252583][ T4091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.255823][ T4091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.259836][ T4091] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.262150][ T3271] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 58.266533][ T3271] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 58.268933][ T3271] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 58.271623][ T3271] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 58.286240][ T4091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.289159][ T4091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.291735][ T4091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.304504][ T4091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.307744][ T4091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.312060][ T4091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.316198][ T4299] loop4: detected capacity change from 0 to 2048 [ 58.322412][ T4091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.325642][ T4091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.329576][ T4091] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.332107][ T4013] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 58.333397][ T4301] loop3: detected capacity change from 0 to 2048 [ 58.342849][ T4013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 58.348650][ T4091] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.351131][ T4091] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.353375][ T4091] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.356877][ T4091] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.442413][ T4301] EXT4-fs (loop3): mounted filesystem without journal. Opts: stripe=0x0000000000000401,errors=remount-ro,. Quota mode: none. [ 58.496672][ T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.510635][ T4119] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 58.517541][ T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.538898][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 58.541521][ T4119] EXT4-fs (loop3): Remounting filesystem read-only [ 58.562488][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.565814][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.569057][ T3271] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 58.593163][ T4314] loop1: detected capacity change from 0 to 512 [ 58.709433][ T4314] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 58.712238][ T4314] EXT4-fs (loop1): orphan cleanup on readonly fs [ 58.719175][ T4314] EXT4-fs warning (device loop1): ext4_enable_quotas:6431: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 58.723296][ T4314] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 58.742988][ T4314] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.94: bg 0: block 40: padding at end of block bitmap is not set [ 58.762912][ T4314] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6186: Corrupt filesystem [ 58.773294][ T4314] EXT4-fs (loop1): 1 truncate cleaned up [ 58.793367][ T4314] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 58.883497][ T4327] netlink: 248 bytes leftover after parsing attributes in process `syz.4.98'. [ 59.200353][ T4333] udc-core: couldn't find an available UDC or it's busy [ 59.202411][ T4333] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 60.079830][ T4305] loop0: detected capacity change from 0 to 40427 [ 60.150771][ T4305] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 60.152983][ T4305] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 60.174889][ T4316] loop3: detected capacity change from 0 to 40427 [ 60.230843][ T4305] F2FS-fs (loop0): Found nat_bits in checkpoint [ 60.236994][ T4316] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 60.239106][ T4316] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 60.244215][ T4316] F2FS-fs (loop3): invalid crc value [ 60.282734][ T4316] F2FS-fs (loop3): Found nat_bits in checkpoint [ 60.395224][ T4305] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 60.397735][ T4305] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 60.410629][ T4316] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 60.412559][ T4316] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 61.529963][ T4362] loop1: detected capacity change from 0 to 256 [ 61.589162][ T4362] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 61.657066][ T4366] netlink: 248 bytes leftover after parsing attributes in process `syz.2.109'. [ 61.770856][ T4331] loop4: detected capacity change from 0 to 40427 [ 61.869468][ T4331] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 61.871758][ T4331] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 61.884502][ T4369] exFAT-fs (loop1): error, tried to truncate zeroed cluster. [ 61.887266][ T4369] exFAT-fs (loop1): Filesystem has been set read-only [ 61.903572][ T4331] F2FS-fs (loop4): invalid crc value [ 61.979545][ T4331] F2FS-fs (loop4): Found nat_bits in checkpoint [ 62.706231][ T4393] loop0: detected capacity change from 0 to 1024 [ 65.288887][ T4474] netlink: 76 bytes leftover after parsing attributes in process `syz.0.148'. [ 65.615793][ T4485] netlink: 'syz.1.153': attribute type 1 has an invalid length. [ 65.759095][ T4445] loop2: detected capacity change from 0 to 40427 [ 65.798257][ T4445] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 65.800607][ T4445] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 65.852584][ T4445] F2FS-fs (loop2): Found nat_bits in checkpoint [ 65.887802][ T4502] loop1: detected capacity change from 0 to 512 [ 65.910222][ T4445] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 65.912018][ T4445] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 65.940661][ T4489] udc-core: couldn't find an available UDC or it's busy [ 65.942694][ T4489] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 65.961585][ T4502] EXT4-fs (loop1): Unrecognized mount option "context=root" or missing value [ 65.979308][ T4505] loop3: detected capacity change from 0 to 164 [ 66.239179][ T4489] udc-core: couldn't find an available UDC or it's busy [ 66.241167][ T4489] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 66.249136][ T4489] udc-core: couldn't find an available UDC or it's busy [ 66.258378][ T4489] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 66.269868][ T4489] udc-core: couldn't find an available UDC or it's busy [ 66.277696][ T4489] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 67.658912][ T4550] loop2: detected capacity change from 0 to 512 [ 67.660862][ T4552] udc-core: couldn't find an available UDC or it's busy [ 67.662863][ T4552] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 67.723518][ T4550] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 67.736847][ T4550] EXT4-fs (loop2): orphan cleanup on readonly fs [ 67.770146][ T4550] EXT4-fs warning (device loop2): ext4_enable_quotas:6431: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 67.774012][ T4550] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 67.805968][ T4550] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.178: bg 0: block 40: padding at end of block bitmap is not set [ 67.829916][ T4550] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6186: Corrupt filesystem [ 67.837571][ T4550] EXT4-fs (loop2): 1 truncate cleaned up [ 67.839097][ T4550] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 68.115397][ T4117] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 69.099977][ T4546] loop3: detected capacity change from 0 to 40427 [ 69.159224][ T4546] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 69.161513][ T4546] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 69.217518][ T4546] F2FS-fs (loop3): Found nat_bits in checkpoint [ 69.254231][ T4546] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 69.265431][ T4546] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 69.315122][ T4117] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 69.318291][ T4117] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 69.320894][ T4117] usb 1-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 69.323237][ T4117] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.333199][ T4576] udc-core: couldn't find an available UDC or it's busy [ 69.347075][ T4117] usb 1-1: config 0 descriptor?? [ 69.348630][ T4576] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 69.412084][ T4578] device pim6reg1 entered promiscuous mode [ 69.559336][ T3975] Bluetooth: hci0: ACL packet for unknown connection handle 2248 [ 69.648452][ T13] cfg80211: failed to load regulatory.db [ 69.652455][ T2047] ieee802154 phy0 wpan0: encryption failed: -22 [ 69.654546][ T2047] ieee802154 phy1 wpan1: encryption failed: -22 [ 69.713515][ T4590] loop4: detected capacity change from 0 to 1024 [ 69.760106][ T4590] EXT4-fs (loop4): INFO: recovery required on readonly filesystem [ 69.762397][ T4590] EXT4-fs (loop4): write access will be enabled during recovery [ 69.771227][ T4590] JBD2: no valid journal superblock found [ 69.772763][ T4590] EXT4-fs (loop4): error loading journal [ 69.823417][ T4592] loop3: detected capacity change from 0 to 512 [ 69.839186][ T4117] logitech-djreceiver 0003:046D:C71B.0001: unknown main item tag 0x0 [ 69.841508][ T4117] logitech-djreceiver 0003:046D:C71B.0001: unknown main item tag 0x0 [ 69.843698][ T4117] logitech-djreceiver 0003:046D:C71B.0001: unknown main item tag 0x0 [ 69.845947][ T4117] logitech-djreceiver 0003:046D:C71B.0001: unknown main item tag 0x0 [ 69.848030][ T4117] logitech-djreceiver 0003:046D:C71B.0001: unknown main item tag 0x0 [ 69.850257][ T4117] logitech-djreceiver 0003:046D:C71B.0001: unknown main item tag 0x0 [ 69.852305][ T4117] logitech-djreceiver 0003:046D:C71B.0001: unknown main item tag 0x0 [ 69.896487][ T4592] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 69.899300][ T4592] EXT4-fs (loop3): orphan cleanup on readonly fs [ 69.901480][ T4592] EXT4-fs warning (device loop3): ext4_enable_quotas:6431: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 69.917346][ T4592] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 69.923815][ T4592] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.192: bg 0: block 40: padding at end of block bitmap is not set [ 69.936558][ T4592] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6186: Corrupt filesystem [ 69.939619][ T4592] EXT4-fs (loop3): 1 truncate cleaned up [ 69.941120][ T4592] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 70.062543][ T13] usb 1-1: USB disconnect, device number 2 [ 71.076218][ T4602] loop2: detected capacity change from 0 to 512 [ 71.106162][ T4602] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz.2.200: casefold flag without casefold feature [ 71.116219][ T4602] EXT4-fs (loop2): Remounting filesystem read-only [ 71.117988][ T4602] EXT4-fs error (device loop2): ext4_orphan_get:1423: comm syz.2.200: bad orphan inode 15 [ 71.124100][ T4602] ext4_test_bit(bit=14, block=18) = 1 [ 71.127127][ T4602] is_bad_inode(inode)=0 [ 71.128331][ T4602] NEXT_ORPHAN(inode)=1023 [ 71.129475][ T4602] max_ino=32 [ 71.130274][ T4602] i_nlink=0 [ 71.144383][ T4602] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,. Quota mode: none. [ 71.277299][ T4618] netlink: 16 bytes leftover after parsing attributes in process `syz.1.208'. [ 71.360012][ T4628] loop1: detected capacity change from 0 to 512 [ 71.378249][ T4627] device pim6reg1 entered promiscuous mode [ 71.418058][ T4628] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 71.580862][ T4622] netlink: 20 bytes leftover after parsing attributes in process `syz.1.209'. [ 71.646532][ T4653] netlink: 24 bytes leftover after parsing attributes in process `syz.4.215'. [ 71.900257][ T4672] netlink: 12 bytes leftover after parsing attributes in process `syz.4.223'. [ 72.052840][ T4680] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 72.062909][ T4679] loop3: detected capacity change from 0 to 256 [ 72.105968][ T4679] exfat: Deprecated parameter 'namecase' [ 72.119525][ T4679] exFAT-fs (loop3): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 72.218560][ T4686] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.230'. [ 72.224903][ T4684] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.230'. [ 72.338877][ T4689] loop2: detected capacity change from 0 to 1024 [ 72.429607][ T4689] EXT4-fs (loop2): mounted filesystem without journal. Opts: user_xattr,noquota,barrier=0x0000000000000006,jqfmt=vfsv1,block_validity,max_dir_size_kb=0x00000000000007b1,stripe=0x0000000000000020,bsdgroups,max_batch_time=0x00000000000003fe,user_xattr,nodiscard,,errors=continue. Quota mode: none. [ 72.567718][ T4699] loop0: detected capacity change from 0 to 4096 [ 72.602301][ T4699] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512) [ 72.622392][ T4699] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 72.923928][ T9] ntfs3: loop0: ntfs3_write_inode r=5 failed, -22. [ 72.934091][ T3976] ntfs3: loop0: ntfs_evict_inode r=5 failed, -22. [ 73.035885][ T4727] loop0: detected capacity change from 0 to 1024 [ 73.099496][ T4727] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 73.280365][ T4727] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 73.282401][ T4727] EXT4-fs (loop0): changing journal_checksum during remount not supported; ignoring [ 73.294778][ T4727] EXT4-fs (loop0): can't enable nombcache during remount [ 73.645819][ T4014] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 73.648326][ T4014] Bluetooth: hci0: Injecting HCI hardware error event [ 73.651006][ T3975] Bluetooth: hci0: hardware error 0x00 [ 75.127103][ T4780] netlink: 12 bytes leftover after parsing attributes in process `syz.3.267'. [ 75.183200][ T4784] netlink: 16 bytes leftover after parsing attributes in process `syz.3.271'. [ 75.445234][ T4798] netlink: 4 bytes leftover after parsing attributes in process `syz.3.278'. [ 75.491107][ T4799] sctp: [Deprecated]: syz.1.274 (pid 4799) Use of int in maxseg socket option. [ 75.491107][ T4799] Use struct sctp_assoc_value instead [ 77.814703][ C0] sched: RT throttling activated [ 78.256145][ T4811] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 78.258851][ T4811] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 78.294065][ T4823] loop1: detected capacity change from 0 to 512 [ 78.554934][ T26] audit: type=1326 audit(78.480:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4834 comm="syz.3.290" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb491ae28 code=0x7ffc0000 [ 78.560793][ T26] audit: type=1326 audit(78.490:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4834 comm="syz.3.290" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffb491ae28 code=0x7ffc0000 [ 78.581482][ T4823] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 78.632854][ T26] audit: type=1326 audit(78.490:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4834 comm="syz.3.290" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb491ae28 code=0x7ffc0000 [ 78.650095][ T4837] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 78.652650][ T4837] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 78.666565][ T4839] loop2: detected capacity change from 0 to 256 [ 78.696029][ T26] audit: type=1326 audit(78.490:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4834 comm="syz.3.290" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=200 compat=0 ip=0xffffb491ae28 code=0x7ffc0000 [ 78.734387][ T26] audit: type=1326 audit(78.490:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4834 comm="syz.3.290" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb491ae28 code=0x7ffc0000 [ 78.807109][ T26] audit: type=1326 audit(78.490:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4834 comm="syz.3.290" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=243 compat=0 ip=0xffffb491ae28 code=0x7ffc0000 [ 78.852230][ T26] audit: type=1326 audit(78.490:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4834 comm="syz.3.290" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb491ae28 code=0x7ffc0000 [ 78.915920][ T26] audit: type=1326 audit(78.490:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4834 comm="syz.3.290" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=206 compat=0 ip=0xffffb491ae28 code=0x7ffc0000 [ 78.961309][ T26] audit: type=1326 audit(78.490:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4834 comm="syz.3.290" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb491ae28 code=0x7ffc0000 [ 79.112217][ T4845] loop1: detected capacity change from 0 to 256 [ 79.410042][ T4857] udc-core: couldn't find an available UDC or it's busy [ 79.419138][ T4857] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 79.422866][ T26] audit: type=1326 audit(79.370:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4851 comm="syz.4.298" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c408e28 code=0x7ffc0000 [ 79.683504][ T4868] netlink: 8 bytes leftover after parsing attributes in process `syz.0.303'. [ 80.651811][ T4897] loop2: detected capacity change from 0 to 2048 [ 80.738842][ T4906] loop0: detected capacity change from 0 to 256 [ 80.796850][ T4897] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 81.019966][ T4919] loop3: detected capacity change from 0 to 512 [ 81.051413][ T4923] loop1: detected capacity change from 0 to 512 [ 81.087028][ T4919] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 81.214639][ T4923] EXT4-fs (loop1): 1 truncate cleaned up [ 81.219435][ T4923] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 81.393393][ T4914] loop2: detected capacity change from 0 to 32768 [ 81.424944][ T4943] netlink: 16 bytes leftover after parsing attributes in process `syz.1.331'. [ 81.537816][ T4914] ERROR: (device loop2): xtTruncate: XT_GETPAGE: xtree page corrupt [ 81.537816][ T4914] [ 81.563245][ T4914] ERROR: (device loop2): remounting filesystem as read-only [ 82.680774][ T4971] netlink: 40 bytes leftover after parsing attributes in process `syz.3.341'. [ 83.124279][ T4996] loop2: detected capacity change from 0 to 512 [ 83.885431][ T4996] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 83.931128][ T4996] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 3: comm syz.2.351: path /59/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 83.968998][ T5003] loop1: detected capacity change from 0 to 2048 [ 83.981853][ T4996] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 12: comm syz.2.351: path /59/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 84.003865][ T4996] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 13: comm syz.2.351: path /59/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 84.022648][ T5003] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 84.025310][ T4996] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 14: comm syz.2.351: path /59/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 84.044956][ T4996] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 15: comm syz.2.351: path /59/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 84.052876][ T5003] attempt to access beyond end of device [ 84.052876][ T5003] loop1: rw=524288, want=33554432, limit=2048 [ 84.061005][ T5005] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 84.098117][ T4996] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 16: comm syz.2.351: path /59/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 84.116913][ T4996] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 17: comm syz.2.351: path /59/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 84.136993][ T4996] EXT4-fs error (device loop2): ext4_map_blocks:601: inode #2: block 18: comm syz.2.351: lblock 23 mapped to illegal pblock 18 (length 1) [ 84.182775][ T4973] loop4: detected capacity change from 0 to 32768 [ 84.306390][ T4973] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.343 (4973) [ 84.337789][ T4993] loop3: detected capacity change from 0 to 32768 [ 84.358537][ T5009] loop1: detected capacity change from 0 to 512 [ 84.381242][ T4973] BTRFS info (device loop4): using sha256 (sha256-ce) checksum algorithm [ 84.383794][ T4973] BTRFS info (device loop4): using free space tree [ 84.424647][ T4973] BTRFS info (device loop4): has skinny extents [ 85.240361][ T5009] EXT4-fs (loop1): Ignoring removed nobh option [ 85.242836][ T5009] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 85.336772][ T5009] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,nobh,max_batch_time=0x00000000000003ff,nojournal_checksum,usrquota,dioread_nolock,nodiscard,. Quota mode: writeback. [ 85.367570][ T4993] ERROR: (device loop3): xtTruncate: XT_GETPAGE: xtree page corrupt [ 85.367570][ T4993] [ 85.371441][ T4993] ERROR: (device loop3): remounting filesystem as read-only [ 85.565598][ T5042] loop3: detected capacity change from 0 to 256 [ 85.568477][ T4973] BTRFS info (device loop4): enabling ssd optimizations [ 85.710487][ T5042] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 85.714167][ T5042] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 86.216483][ T5029] loop2: detected capacity change from 0 to 32768 [ 86.263804][ T5039] loop0: detected capacity change from 0 to 40427 [ 86.321610][ T5039] F2FS-fs (loop0): invalid crc value [ 86.372944][ T5029] XFS (loop2): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 86.388897][ T5039] F2FS-fs (loop0): Found nat_bits in checkpoint [ 86.408582][ T5029] XFS (loop2): Quotacheck needed: Please wait. [ 86.419028][ T153] XFS (loop2): Metadata CRC error detected at xfs_rmapbt_read_verify+0x54/0x434, xfs_rmapbt block 0x14 [ 86.422264][ T153] XFS (loop2): Unmount and run xfs_repair [ 86.424083][ T153] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 86.464240][ T153] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff RMB3............ [ 86.471481][ T5039] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 86.477427][ T153] 00000010: 00 00 02 00 00 00 00 14 00 00 00 01 00 00 00 80 ................ [ 86.479858][ T153] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 86.482196][ T153] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01 ....[.;......... [ 86.521099][ T153] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00 ................ [ 86.523474][ T153] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb ................ [ 86.538849][ T153] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02 ................ [ 86.558012][ T3976] attempt to access beyond end of device [ 86.558012][ T3976] loop0: rw=2049, want=45104, limit=40427 [ 86.569612][ T153] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00 ................ [ 86.572301][ T153] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x1f4/0x2f8" at daddr 0x14 len 4 error 74 [ 86.625210][ T153] XFS (loop2): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x81c/0x12f4 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 86.632872][ T153] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 86.669485][ T5101] loop1: detected capacity change from 0 to 128 [ 86.669515][ T5029] XFS (loop2): Quotacheck: Unsuccessful (Error -117): Disabling quotas. [ 86.704601][ T5029] XFS (loop2): ro->rw transition prohibited on norecovery mount [ 86.713161][ T5106] udc-core: couldn't find an available UDC or it's busy [ 86.728465][ T5101] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 86.733019][ T4091] XFS (loop2): Unmounting Filesystem [ 86.745467][ T5106] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 86.790647][ T5101] EXT4-fs warning (device loop1): verify_group_input:147: Cannot add at group 9 (only 1 groups) [ 86.919025][ T5112] netlink: 'syz.0.375': attribute type 13 has an invalid length. [ 86.922309][ T5112] device veth0_macvtap left promiscuous mode [ 87.003262][ T5112] macvtap0: refused to change device tx_queue_len [ 88.389803][ T5142] netlink: 28 bytes leftover after parsing attributes in process `syz.4.395'. [ 88.394850][ T5142] netlink: 28 bytes leftover after parsing attributes in process `syz.4.395'. [ 88.448129][ T5142] device netdevsim0 entered promiscuous mode [ 88.498631][ T5142] device syz_tun entered promiscuous mode [ 88.588776][ T4016] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 88.598841][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 88.764502][ T5132] loop3: detected capacity change from 0 to 32768 [ 88.781313][ T5157] loop2: detected capacity change from 0 to 256 [ 88.842089][ T5157] tipc: Failed to remove unknown binding: 66,1,1/0:2844712791/2844712793 [ 88.858066][ T5157] tipc: Failed to remove unknown binding: 66,1,1/0:2844712791/2844712793 [ 88.860103][ T5132] XFS (loop3): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 88.867708][ T5132] XFS (loop3): Quotacheck needed: Please wait. [ 88.875515][ T4019] XFS (loop3): Metadata CRC error detected at xfs_rmapbt_read_verify+0x54/0x434, xfs_rmapbt block 0x14 [ 88.879468][ T4019] XFS (loop3): Unmount and run xfs_repair [ 88.881215][ T4019] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 88.882666][ T5157] tipc: Failed to remove unknown binding: 66,1,1/0:2844712791/2844712793 [ 88.883377][ T4019] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff RMB3............ [ 88.893619][ T4019] 00000010: 00 00 02 00 00 00 00 14 00 00 00 01 00 00 00 80 ................ [ 88.896439][ T4019] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 88.898957][ T4019] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01 ....[.;......... [ 88.902172][ T4019] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00 ................ [ 88.905331][ T4019] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb ................ [ 88.907612][ T4019] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02 ................ [ 88.910077][ T4019] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00 ................ [ 88.912779][ T4119] XFS (loop3): metadata I/O error in "xfs_btree_read_buf_block+0x1f4/0x2f8" at daddr 0x14 len 4 error 74 [ 88.920158][ T4119] XFS (loop3): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x81c/0x12f4 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 88.928896][ T4119] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 88.939509][ T5132] XFS (loop3): Quotacheck: Unsuccessful (Error -117): Disabling quotas. [ 88.953345][ T4016] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 88.956595][ T4016] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 88.959069][ T4016] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.968383][ T4016] usb 1-1: config 0 descriptor?? [ 88.981561][ T5132] XFS (loop3): ro->rw transition prohibited on norecovery mount [ 88.997704][ T3980] XFS (loop3): Unmounting Filesystem [ 89.100420][ T5169] udc-core: couldn't find an available UDC or it's busy [ 89.102519][ T5169] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 89.110581][ T5169] udc-core: couldn't find an available UDC or it's busy [ 89.112689][ T5169] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 89.149505][ T5171] udc-core: couldn't find an available UDC or it's busy [ 89.151579][ T5171] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 89.449879][ T4016] keytouch 0003:0926:3333.0002: fixing up Keytouch IEC report descriptor [ 89.456199][ T5177] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.458689][ T5177] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.461755][ T4016] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0002/input/input2 [ 89.607275][ T5181] loop1: detected capacity change from 0 to 2048 [ 89.671373][ T4016] keytouch 0003:0926:3333.0002: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 89.730166][ T5181] EXT4-fs (loop1): mounted filesystem without journal. Opts: stripe=0x0000000000000401,errors=remount-ro,. Quota mode: none. [ 89.739943][ T5181] process 'syz.1.410' launched './file1' with NULL argv: empty string added [ 90.767129][ T25] usb 1-1: USB disconnect, device number 3 [ 91.910892][ T5214] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.420'. [ 91.913888][ T5212] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.420'. [ 92.008095][ T5220] ieee802154 phy0 wpan0: encryption failed: -22 [ 92.090047][ T5226] netlink: 'syz.2.427': attribute type 29 has an invalid length. [ 92.108006][ T5222] xt_recent: hitcount (14045) is larger than allowed maximum (255) [ 92.110904][ T5226] netlink: 'syz.2.427': attribute type 29 has an invalid length. [ 92.131586][ T5226] netlink: 'syz.2.427': attribute type 29 has an invalid length. [ 92.134310][ T5226] netlink: 'syz.2.427': attribute type 29 has an invalid length. [ 92.137025][ T5226] netlink: 'syz.2.427': attribute type 29 has an invalid length. [ 92.139762][ T5226] netlink: 'syz.2.427': attribute type 29 has an invalid length. [ 92.142210][ T5226] netlink: 'syz.2.427': attribute type 29 has an invalid length. [ 92.513037][ T5239] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 93.805345][ T5243] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 94.170590][ T5253] netlink: 24 bytes leftover after parsing attributes in process `syz.3.438'. [ 94.211749][ T5255] device xfrm0 entered promiscuous mode [ 94.221844][ T5255] bond0: (slave vlan2): Enslaving as an active interface with an up link [ 94.329852][ T5260] loop3: detected capacity change from 0 to 512 [ 94.459350][ T5260] EXT4-fs error (device loop3): ext4_init_orphan_info:586: comm syz.3.440: inode #0: comm syz.3.440: iget: illegal inode # [ 94.464472][ T5260] EXT4-fs (loop3): get orphan inode failed [ 94.483467][ T5260] EXT4-fs (loop3): mount failed [ 94.503780][ T5247] loop4: detected capacity change from 0 to 32768 [ 94.540481][ T5247] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.435 (5247) [ 94.601151][ T5247] BTRFS info (device loop4): using sha256 (sha256-ce) checksum algorithm [ 94.603854][ T5247] BTRFS info (device loop4): using free space tree [ 94.606316][ T5247] BTRFS info (device loop4): has skinny extents [ 94.808089][ T4125] BTRFS warning (device loop4): checksum verify failed on 5332992 wanted 0x1335c47d3f94e85552e31a8ecc9dd4db4dece1445f3fbef1d5b0b5e8324c15d5 found 0xc6f2b3acfdf6858fc3399af66fc1fb8e8960cb8820e92f373ee29f27921d8fa4 level 0 [ 94.821939][ T5294] usb usb8: usbfs: process 5294 (syz.3.443) did not claim interface 0 before use [ 94.835156][ T5247] BTRFS warning (device loop4): couldn't read tree root [ 94.907028][ T5247] BTRFS error (device loop4): open_ctree failed [ 94.966945][ T5291] loop0: detected capacity change from 0 to 4096 [ 95.021070][ T5300] loop2: detected capacity change from 0 to 16 [ 95.097935][ T5300] erofs: (device loop2): mounted with root inode @ nid 36. [ 95.106180][ T5291] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 95.108385][ T5291] UDF-fs: Scanning with blocksize 512 failed [ 95.137190][ T5291] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 95.198089][ T5310] device pim6reg1 entered promiscuous mode [ 95.402596][ T5321] loop3: detected capacity change from 0 to 2048 [ 95.524159][ T5321] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 97.096146][ T4024] Bluetooth: hci2: command 0x0409 tx timeout [ 97.204411][ T5362] netlink: 'syz.0.470': attribute type 4 has an invalid length. [ 97.357544][ T5363] netlink: 'syz.0.470': attribute type 4 has an invalid length. [ 97.797186][ T5395] netlink: 12 bytes leftover after parsing attributes in process `syz.2.481'. [ 97.960766][ T5404] udc-core: couldn't find an available UDC or it's busy [ 97.962791][ T5404] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 97.998014][ T5404] netlink: 652 bytes leftover after parsing attributes in process `syz.4.484'. [ 98.091832][ T5408] udc-core: couldn't find an available UDC or it's busy [ 98.102481][ T5408] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 98.494181][ T5417] loop2: detected capacity change from 0 to 512 [ 98.570201][ T5417] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 98.573150][ T5417] EXT4-fs (loop2): orphan cleanup on readonly fs [ 98.579660][ T5417] EXT4-fs warning (device loop2): ext4_enable_quotas:6431: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 98.583800][ T5417] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 98.586986][ T5417] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.489: bg 0: block 40: padding at end of block bitmap is not set [ 98.596371][ T5417] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6186: Corrupt filesystem [ 98.605735][ T5417] EXT4-fs (loop2): 1 truncate cleaned up [ 98.607365][ T5417] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 99.971331][ T5437] netlink: 12 bytes leftover after parsing attributes in process `syz.4.495'. [ 101.343828][ T5456] loop4: detected capacity change from 0 to 512 [ 101.453056][ T5456] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 101.456027][ T5456] EXT4-fs (loop4): orphan cleanup on readonly fs [ 101.458157][ T5456] EXT4-fs warning (device loop4): ext4_enable_quotas:6431: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 101.462766][ T5456] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 101.555757][ T5456] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.503: bg 0: block 40: padding at end of block bitmap is not set [ 101.584931][ T5456] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6186: Corrupt filesystem [ 101.602633][ T5456] EXT4-fs (loop4): 1 truncate cleaned up [ 101.604208][ T5456] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 102.489353][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 102.489365][ T26] audit: type=1326 audit(102.440:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5461 comm="syz.2.505" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ac17e28 code=0x7ffc0000 [ 102.518977][ T26] audit: type=1326 audit(102.470:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5461 comm="syz.2.505" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff9ac17e28 code=0x7ffc0000 [ 102.537717][ T26] audit: type=1326 audit(102.480:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5461 comm="syz.2.505" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ac17e28 code=0x7ffc0000 [ 102.543601][ T26] audit: type=1326 audit(102.480:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5461 comm="syz.2.505" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=203 compat=0 ip=0xffff9ac17e28 code=0x7ffc0000 [ 102.585043][ T5472] udc-core: couldn't find an available UDC or it's busy [ 102.586920][ T5472] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 102.608414][ T26] audit: type=1326 audit(102.480:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5461 comm="syz.2.505" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ac17e28 code=0x7ffc0000 [ 102.622812][ T26] audit: type=1326 audit(102.510:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5461 comm="syz.2.505" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=269 compat=0 ip=0xffff9ac17e28 code=0x7ffc0000 [ 102.644850][ T4024] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 103.916399][ T4024] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 103.919608][ T4024] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 103.926381][ T4024] usb 1-1: New USB device found, idVendor=1020, idProduct=0006, bcdDevice= 0.00 [ 103.928924][ T4024] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.956946][ T4024] usb 1-1: config 0 descriptor?? [ 103.994489][ T5476] device syzkaller0 entered promiscuous mode [ 104.000779][ T5477] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 104.003428][ T5477] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 104.449854][ T4024] belkin 0003:1020:0006.0003: invalid report_size 6656 [ 104.451967][ T4024] belkin 0003:1020:0006.0003: item 0 2 1 7 parsing failed [ 104.454397][ T4024] belkin 0003:1020:0006.0003: parse failed [ 105.328377][ T4024] belkin: probe of 0003:1020:0006.0003 failed with error -22 [ 105.387973][ T4024] usb 1-1: USB disconnect, device number 4 [ 105.426941][ T5497] netlink: 'syz.3.518': attribute type 9 has an invalid length. [ 105.429244][ T5497] netlink: 'syz.3.518': attribute type 7 has an invalid length. [ 105.431244][ T5497] netlink: 'syz.3.518': attribute type 8 has an invalid length. [ 105.622094][ T5510] netlink: 32 bytes leftover after parsing attributes in process `syz.3.521'. [ 105.709202][ T26] audit: type=1326 audit(105.660:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5511 comm="syz.4.523" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c408e28 code=0x0 [ 105.920767][ T5521] netlink: 20 bytes leftover after parsing attributes in process `syz.3.527'. [ 105.932736][ T5521] netlink: 20 bytes leftover after parsing attributes in process `syz.3.527'. [ 105.939876][ T5521] netlink: 4 bytes leftover after parsing attributes in process `syz.3.527'. [ 106.145960][ T5495] loop1: detected capacity change from 0 to 32768 [ 106.146177][ T5488] loop2: detected capacity change from 0 to 40427 [ 107.053239][ T5488] F2FS-fs (loop2): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 107.059806][ T5488] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 107.067332][ T5488] F2FS-fs (loop2): invalid crc value [ 107.075574][ T5495] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 107.083746][ T5495] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 107.086488][ T5488] F2FS-fs (loop2): Found nat_bits in checkpoint [ 107.122553][ T5495] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 107.166846][ T5538] tmpfs: Bad value for 'mpol' [ 107.207786][ T4024] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 107.210786][ T4024] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 107.221095][ T5488] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 107.223226][ T5488] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 107.251049][ T5543] netlink: 4 bytes leftover after parsing attributes in process `syz.4.536'. [ 107.347319][ T4024] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 136ms [ 107.350157][ T4024] gfs2: fsid=syz:syz.0: jid=0: Done [ 107.352757][ T5495] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 107.443455][ T5495] gfs2: fsid=syz:syz.0: can't start logd thread: -4 [ 108.768406][ T5572] loop2: detected capacity change from 0 to 512 [ 108.888735][ T5572] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 108.891820][ T5572] EXT4-fs (loop2): orphan cleanup on readonly fs [ 108.894201][ T5572] EXT4-fs warning (device loop2): ext4_enable_quotas:6431: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 109.044933][ T5572] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 109.047838][ T5572] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.537: bg 0: block 40: padding at end of block bitmap is not set [ 109.072299][ T5572] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6186: Corrupt filesystem [ 109.092641][ T5572] EXT4-fs (loop2): 1 truncate cleaned up [ 109.094244][ T5572] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 110.709157][ T5610] loop1: detected capacity change from 0 to 256 [ 110.923420][ T5582] loop4: detected capacity change from 0 to 32768 [ 110.977187][ T5582] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.552 (5582) [ 111.032533][ T5582] BTRFS info (device loop4): using crc32c (crc32c-generic) checksum algorithm [ 111.036564][ T5582] BTRFS info (device loop4): using free space tree [ 111.038594][ T5582] BTRFS info (device loop4): has skinny extents [ 111.422024][ T5582] BTRFS info (device loop4): enabling ssd optimizations [ 111.492374][ T5653] device pim6reg1 entered promiscuous mode [ 111.598121][ T5663] device pim6reg1 entered promiscuous mode [ 112.360143][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 112.413821][ T5710] udc-core: couldn't find an available UDC or it's busy [ 112.425250][ T5710] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 112.693584][ T5729] fuse: Bad value for 'fd' [ 112.712484][ T5732] fuse: Bad value for 'fd' [ 113.110165][ T5753] netlink: 248 bytes leftover after parsing attributes in process `syz.0.616'. [ 113.312880][ T5769] loop2: detected capacity change from 0 to 512 [ 113.453707][ T5769] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 113.456782][ T5769] EXT4-fs (loop2): orphan cleanup on readonly fs [ 113.458928][ T5769] EXT4-fs warning (device loop2): ext4_enable_quotas:6431: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 113.730442][ T5769] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 114.176430][ T5769] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.624: bg 0: block 40: padding at end of block bitmap is not set [ 114.192075][ T5769] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6186: Corrupt filesystem [ 114.212522][ T5769] EXT4-fs (loop2): 1 truncate cleaned up [ 114.214118][ T5769] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 114.610155][ T5794] netlink: 164 bytes leftover after parsing attributes in process `syz.0.633'. [ 114.612748][ T5794] netlink: 'syz.0.633': attribute type 2 has an invalid length. [ 114.618565][ T5792] EXT4-fs warning (device nvme0n1p2): verify_group_input:147: Cannot add at group 1 (only 8 groups) [ 114.643793][ T5794] netlink: 'syz.0.633': attribute type 2 has an invalid length. [ 114.650872][ T5794] netlink: 'syz.0.633': attribute type 1 has an invalid length. [ 114.656617][ T5794] netlink: 12 bytes leftover after parsing attributes in process `syz.0.633'. [ 116.110782][ T5817] loop0: detected capacity change from 0 to 16 [ 116.177187][ T5817] erofs: Unknown parameter 'ÿÿÿÿ01777777777777777777777ÿÿÿÿÿÿ0xffffffffffffffff01777777777777777777777ÿ00000000000000000005' [ 116.769975][ T26] audit: type=1326 audit(116.720:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5828 comm="syz.4.646" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c408e28 code=0x7ffc0000 [ 116.777127][ T26] audit: type=1326 audit(116.720:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5828 comm="syz.4.646" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c408e28 code=0x7ffc0000 [ 116.822573][ T26] audit: type=1326 audit(116.730:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5828 comm="syz.4.646" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=291 compat=0 ip=0xffff8c408e28 code=0x7ffc0000 [ 116.864860][ T26] audit: type=1326 audit(116.730:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5828 comm="syz.4.646" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c408e28 code=0x7ffc0000 [ 116.870622][ T26] audit: type=1326 audit(116.730:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5828 comm="syz.4.646" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c408e28 code=0x7ffc0000 [ 116.888921][ T5833] netlink: 164 bytes leftover after parsing attributes in process `syz.0.648'. [ 116.891259][ T5833] netlink: 'syz.0.648': attribute type 2 has an invalid length. [ 116.919894][ T5833] netlink: 'syz.0.648': attribute type 2 has an invalid length. [ 116.922053][ T5833] netlink: 'syz.0.648': attribute type 1 has an invalid length. [ 116.924139][ T5833] netlink: 12 bytes leftover after parsing attributes in process `syz.0.648'. [ 116.926255][ T26] audit: type=1326 audit(116.730:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5828 comm="syz.4.646" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=177 compat=0 ip=0xffff8c408e28 code=0x7ffc0000 [ 116.952541][ T26] audit: type=1326 audit(116.730:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5828 comm="syz.4.646" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c408e28 code=0x7ffc0000 [ 116.972817][ T26] audit: type=1326 audit(116.730:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5828 comm="syz.4.646" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c408e28 code=0x7ffc0000 [ 117.994365][ T5847] loop1: detected capacity change from 0 to 512 [ 118.186126][ T5847] EXT4-fs (loop1): mounted filesystem without journal. Opts: quota,barrier=0x0000000000001000,grpjquota=,norecovery,dioread_lock,,errors=continue. Quota mode: writeback. [ 118.238557][ T5864] netlink: 8 bytes leftover after parsing attributes in process `syz.0.659'. [ 118.401966][ T5873] netlink: 164 bytes leftover after parsing attributes in process `syz.4.663'. [ 118.404489][ T5873] netlink: 'syz.4.663': attribute type 2 has an invalid length. [ 118.422214][ T5873] netlink: 'syz.4.663': attribute type 2 has an invalid length. [ 118.424204][ T5873] netlink: 'syz.4.663': attribute type 1 has an invalid length. [ 118.434945][ T5873] netlink: 12 bytes leftover after parsing attributes in process `syz.4.663'. [ 118.594173][ T5882] netlink: 16 bytes leftover after parsing attributes in process `syz.3.666'. [ 118.858456][ T5900] device bridge0 entered promiscuous mode [ 118.876308][ T5900] device ip6gretap0 entered promiscuous mode [ 118.885223][ T26] audit: type=1326 audit(118.840:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5901 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb491ae28 code=0x7ffc0000 [ 118.896251][ T26] audit: type=1326 audit(118.850:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5901 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=235 compat=0 ip=0xffffb491ae28 code=0x7ffc0000 [ 118.926005][ T5900] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 118.928927][ T5900] Cannot create hsr debugfs directory [ 118.931803][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 119.007085][ T5907] loop2: detected capacity change from 0 to 512 [ 119.055925][ T5907] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 119.058805][ T5907] EXT4-fs (loop2): orphan cleanup on readonly fs [ 119.061226][ T5907] EXT4-fs warning (device loop2): ext4_enable_quotas:6431: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 119.071217][ T5907] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 119.080079][ T5907] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.678: bg 0: block 40: padding at end of block bitmap is not set [ 119.082600][ T5916] loop4: detected capacity change from 0 to 256 [ 119.085876][ T5907] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6186: Corrupt filesystem [ 119.107389][ T5907] EXT4-fs (loop2): 1 truncate cleaned up [ 119.109052][ T5907] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 119.246503][ T5922] xt_CT: You must specify a L4 protocol and not use inversions on it [ 119.969262][ T5938] netlink: 28 bytes leftover after parsing attributes in process `syz.0.687'. [ 120.044494][ T5945] loop0: detected capacity change from 0 to 512 [ 120.117955][ T5945] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 120.183345][ T5945] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz.0.691: iget: bad extended attribute block 19 [ 120.196270][ T5945] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.691: couldn't read orphan inode 15 (err -117) [ 120.198592][ T5944] loop3: detected capacity change from 0 to 8192 [ 120.201248][ T5945] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 120.281236][ T5945] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.691: bg 0: block 65: padding at end of block bitmap is not set [ 120.331564][ T5945] EXT4-fs error (device loop0): ext4_acquire_dquot:6196: comm syz.0.691: Failed to acquire dquot type 0 [ 120.893311][ T5950] loop4: detected capacity change from 0 to 32768 [ 121.045585][ T5950] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.693 (5950) [ 121.271406][ T5949] loop1: detected capacity change from 0 to 32768 [ 121.347841][ T5949] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.694 (5949) [ 121.353685][ T5950] BTRFS info (device loop4): using sha256 (sha256-ce) checksum algorithm [ 121.359365][ T5950] BTRFS info (device loop4): using free space tree [ 121.361167][ T5950] BTRFS info (device loop4): has skinny extents [ 121.449651][ T5949] BTRFS info (device loop1): using crc32c (crc32c-generic) checksum algorithm [ 121.452140][ T5949] BTRFS info (device loop1): setting nodatacow, compression disabled [ 121.461253][ T5949] BTRFS info (device loop1): enabling auto defrag [ 121.463087][ T5949] BTRFS info (device loop1): max_inline at 0 [ 121.471383][ T5949] BTRFS info (device loop1): using free space tree [ 121.473343][ T5949] BTRFS info (device loop1): has skinny extents [ 121.589809][ T5950] BTRFS info (device loop4): enabling ssd optimizations [ 122.871203][ T6023] loop3: detected capacity change from 0 to 512 [ 122.905328][ T6023] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 123.035500][ T6023] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz.3.706: iget: bad extended attribute block 19 [ 123.041994][ T6023] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.706: couldn't read orphan inode 15 (err -117) [ 123.071056][ T6023] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 123.172638][ T6023] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.706: bg 0: block 65: padding at end of block bitmap is not set [ 123.182650][ T6023] __quota_error: 3 callbacks suppressed [ 123.182663][ T6023] Quota error (device loop3): write_blk: dquota write failed [ 123.249730][ T6038] xt_CT: You must specify a L4 protocol and not use inversions on it [ 123.342528][ T6023] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 123.345799][ T6023] EXT4-fs error (device loop3): ext4_acquire_dquot:6196: comm syz.3.706: Failed to acquire dquot type 0 [ 123.898450][ T6066] udc-core: couldn't find an available UDC or it's busy [ 123.901537][ T6066] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 123.911343][ T6066] udc-core: couldn't find an available UDC or it's busy [ 123.913460][ T6066] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 123.937776][ T6069] loop0: detected capacity change from 0 to 512 [ 123.995116][ T6069] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 124.101361][ T6069] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz.0.723: iget: bad extended attribute block 19 [ 124.105518][ T6069] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.723: couldn't read orphan inode 15 (err -117) [ 124.111230][ T6069] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 124.131823][ T6074] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 65: padding at end of block bitmap is not set [ 124.187482][ T6069] Quota error (device loop0): write_blk: dquota write failed [ 124.207430][ T6069] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 124.239935][ T6069] EXT4-fs error (device loop0): ext4_acquire_dquot:6196: comm syz.0.723: Failed to acquire dquot type 0 [ 124.463769][ T6070] loop2: detected capacity change from 0 to 40427 [ 124.499331][ T6085] loop1: detected capacity change from 0 to 2048 [ 124.502321][ T6090] netlink: 8 bytes leftover after parsing attributes in process `syz.0.732'. [ 124.505637][ T6090] netlink: 20 bytes leftover after parsing attributes in process `syz.0.732'. [ 124.511290][ T6090] netlink: 20 bytes leftover after parsing attributes in process `syz.0.732'. [ 124.531215][ T6070] F2FS-fs (loop2): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 124.533255][ T6070] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 124.543490][ T6070] F2FS-fs (loop2): invalid crc value [ 124.563484][ T6070] F2FS-fs (loop2): Found nat_bits in checkpoint [ 124.653531][ T6101] xt_CT: You must specify a L4 protocol and not use inversions on it [ 124.805330][ T6085] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 125.038085][ T6070] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 125.040229][ T6070] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 125.185171][ T6112] loop0: detected capacity change from 0 to 512 [ 125.221611][ T6112] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 125.370057][ T6112] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz.0.736: iget: bad extended attribute block 19 [ 125.374054][ T6112] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.736: couldn't read orphan inode 15 (err -117) [ 125.390421][ T6112] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 126.246228][ T6112] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.736: bg 0: block 65: padding at end of block bitmap is not set [ 126.260210][ T6112] Quota error (device loop0): write_blk: dquota write failed [ 126.332667][ T6112] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 126.356932][ T6112] EXT4-fs error (device loop0): ext4_acquire_dquot:6196: comm syz.0.736: Failed to acquire dquot type 0 [ 127.666145][ T6142] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 128.382906][ T6150] loop1: detected capacity change from 0 to 128 [ 128.401000][ T6152] loop2: detected capacity change from 0 to 256 [ 128.582495][ T6152] FAT-fs (loop2): Unrecognized mount option "sh¨P¦@" or missing value [ 129.343640][ T6162] loop4: detected capacity change from 0 to 2048 [ 129.655007][ T4029] Bluetooth: hci1: command 0x1003 tx timeout [ 129.657146][ T3975] Bluetooth: hci1: sending frame failed (-49) [ 129.702242][ T6162] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 130.795474][ T6178] loop1: detected capacity change from 0 to 16 [ 130.858601][ T6160] loop0: detected capacity change from 0 to 40427 [ 130.891304][ T6160] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 130.893422][ T6160] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 130.900202][ T6160] F2FS-fs (loop0): invalid crc value [ 130.928312][ T6160] F2FS-fs (loop0): Found nat_bits in checkpoint [ 130.980386][ T6160] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 130.982304][ T6160] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 131.087761][ T2047] ieee802154 phy0 wpan0: encryption failed: -22 [ 131.089551][ T2047] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.161599][ T4231] Bluetooth: hci1: command 0x1001 tx timeout [ 132.163372][ T3975] Bluetooth: hci1: sending frame failed (-49) [ 132.245087][ T6198] netlink: 4 bytes leftover after parsing attributes in process `syz.2.765'. [ 132.512684][ T6207] loop2: detected capacity change from 0 to 512 [ 132.592265][ T6207] EXT4-fs (loop2): mounted filesystem without journal. Opts: user_xattr,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 132.632784][ T6190] loop1: detected capacity change from 0 to 32768 [ 132.668901][ T6190] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.762 (6190) [ 132.788549][ T6190] BTRFS info (device loop1): using sha256 (sha256-ce) checksum algorithm [ 132.791020][ T6190] BTRFS info (device loop1): using free space tree [ 132.792820][ T6190] BTRFS info (device loop1): has skinny extents [ 132.989267][ T6238] loop0: detected capacity change from 0 to 128 [ 133.026021][ T6190] BTRFS info (device loop1): enabling ssd optimizations [ 134.530899][ T7] Bluetooth: hci1: command 0x1009 tx timeout [ 134.772378][ T6293] binder: 6291:6293 tried to acquire reference to desc 0, got 1 instead [ 134.776604][ T7] binder: release 6291:6293 transaction 5 out, still active [ 134.778900][ T7] binder: undelivered TRANSACTION_COMPLETE [ 134.787104][ T7] binder: send failed reply for transaction 5, target dead [ 134.861075][ T149] block nbd1: Attempted send on invalid socket [ 134.863609][ T149] blk_update_request: I/O error, dev nbd1, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 134.869985][ T6300] qnx6: unable to read the first superblock [ 134.872045][ T149] block nbd1: Attempted send on invalid socket [ 134.873654][ T149] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 134.892922][ T6300] qnx6: unable to read the first superblock [ 134.895135][ T6300] qnx6: unable to read the first superblock [ 134.911856][ T6276] chnl_net:caif_netlink_parms(): no params data found [ 135.134365][ T6276] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.152316][ T6276] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.177460][ T6276] device bridge_slave_0 entered promiscuous mode [ 135.181229][ T6276] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.183194][ T6276] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.186604][ T6276] device bridge_slave_1 entered promiscuous mode [ 136.260251][ T6333] udc-core: couldn't find an available UDC or it's busy [ 136.262165][ T6333] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 136.363905][ T6276] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 136.382967][ T6276] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 136.410556][ T4119] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.463575][ T6276] team0: Port device team_slave_0 added [ 136.476589][ T6276] team0: Port device team_slave_1 added [ 136.553365][ T4119] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.570840][ T6276] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 136.572958][ T6276] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 136.584735][ T6276] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 136.589396][ T6276] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 136.591423][ T6276] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 136.605607][ T6276] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 136.643232][ T4119] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.684939][ T4200] Bluetooth: hci6: command 0x0409 tx timeout [ 136.707046][ T6276] device hsr_slave_0 entered promiscuous mode [ 136.745077][ T6276] device hsr_slave_1 entered promiscuous mode [ 136.853597][ T4119] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.051429][ T6354] chnl_net:caif_netlink_parms(): no params data found [ 138.811070][ T4200] Bluetooth: hci6: command 0x041b tx timeout [ 138.846647][ T6354] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.848873][ T6354] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.851496][ T6354] device bridge_slave_0 entered promiscuous mode [ 138.937923][ T6354] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.940120][ T6354] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.942943][ T6354] device bridge_slave_1 entered promiscuous mode [ 138.999924][ T6354] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 139.030431][ T6354] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 139.144254][ T6353] loop4: detected capacity change from 0 to 40427 [ 139.208614][ T6353] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 139.210781][ T6353] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 139.213891][ T6354] team0: Port device team_slave_0 added [ 139.218508][ T6354] team0: Port device team_slave_1 added [ 139.241348][ T6353] F2FS-fs (loop4): invalid crc value [ 139.270464][ T6353] F2FS-fs (loop4): Found nat_bits in checkpoint [ 139.310902][ T6353] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 139.312873][ T6353] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 139.320575][ T6276] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 139.367054][ T6276] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 139.485388][ T6393] loop1: detected capacity change from 0 to 1024 [ 139.535306][ T6354] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 139.537330][ T6354] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.580897][ T6354] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 139.586090][ T6393] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 140.485240][ T4200] Bluetooth: hci5: command 0x0409 tx timeout [ 140.505121][ T6399] loop0: detected capacity change from 0 to 1024 [ 140.509230][ T6354] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 140.511274][ T6354] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 140.548290][ T6354] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 140.555447][ T6276] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 140.563441][ T3978] attempt to access beyond end of device [ 140.563441][ T3978] loop4: rw=2049, want=45104, limit=40427 [ 140.607122][ T6276] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 140.844498][ T6410] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 140.852482][ T4125] hfsplus: b-tree write err: -5, ino 4 [ 140.859902][ T6354] device hsr_slave_0 entered promiscuous mode [ 140.865134][ T4200] Bluetooth: hci6: command 0x040f tx timeout [ 140.895788][ T6354] device hsr_slave_1 entered promiscuous mode [ 140.925047][ T6354] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 140.927231][ T6354] Cannot create hsr debugfs directory [ 141.362808][ T6276] 8021q: adding VLAN 0 to HW filter on device bond0 [ 141.422126][ T6354] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.456263][ T4200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 141.458841][ T4200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 141.610490][ T6276] 8021q: adding VLAN 0 to HW filter on device team0 [ 141.632437][ T6354] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.641898][ T4200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 141.644662][ T4200] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 141.648283][ T4200] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.650284][ T4200] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.680262][ T4200] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 141.682724][ T4200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 141.699536][ T4200] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 141.725706][ T4200] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.727684][ T4200] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.762036][ T6354] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.785544][ T1532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 141.788580][ T1532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 141.793044][ T1532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 141.797662][ T1532] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 141.849441][ T4119] device hsr_slave_0 left promiscuous mode [ 141.896069][ T6428] loop0: detected capacity change from 0 to 40427 [ 141.899119][ T4119] device hsr_slave_1 left promiscuous mode [ 141.931873][ T6428] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 141.934041][ T6428] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 141.943487][ T6428] F2FS-fs (loop0): invalid crc value [ 141.951515][ T6428] F2FS-fs (loop0): Found nat_bits in checkpoint [ 141.965523][ T4119] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 141.967707][ T4119] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 141.978348][ T4119] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 141.980769][ T4119] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 141.981765][ T6428] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 141.991991][ T6428] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 142.004596][ T4119] device bridge_slave_1 left promiscuous mode [ 142.006491][ T4119] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.107857][ T4119] device bridge_slave_0 left promiscuous mode [ 142.109723][ T4119] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.718428][ T4119] device veth1_macvtap left promiscuous mode [ 143.115983][ T1529] Bluetooth: hci5: command 0x041b tx timeout [ 143.121908][ T4119] device veth0_macvtap left promiscuous mode [ 143.123634][ T4119] device veth1_vlan left promiscuous mode [ 143.133048][ T4119] device veth0_vlan left promiscuous mode [ 143.182275][ T5060] Bluetooth: hci1: command 0x1003 tx timeout [ 143.185705][ T3973] Bluetooth: hci1: sending frame failed (-49) [ 143.185821][ T5060] Bluetooth: hci6: command 0x0419 tx timeout [ 143.190831][ T3976] attempt to access beyond end of device [ 143.190831][ T3976] loop0: rw=2049, want=45104, limit=40427 [ 143.589608][ T4119] team0 (unregistering): Port device team_slave_1 removed [ 143.600204][ T4119] team0 (unregistering): Port device team_slave_0 removed [ 143.611228][ T4119] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 143.653909][ T4119] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 143.792458][ T4119] bond0 (unregistering): Released all slaves [ 143.890022][ T1532] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 143.901561][ T6354] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.913373][ T6450] netlink: 12 bytes leftover after parsing attributes in process `syz.0.835'. [ 143.917486][ T1532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 143.920541][ T1532] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 143.933852][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 143.936865][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 143.956756][ T6276] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 143.963654][ T6276] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 143.981475][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 143.984121][ T4019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 144.182451][ T5060] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 144.184642][ T5060] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 144.191831][ T6354] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 144.246933][ T6354] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 144.290852][ T6276] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 144.308895][ T6354] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 144.338526][ T6354] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 145.280527][ T4200] Bluetooth: hci5: command 0x040f tx timeout [ 145.282379][ T4200] Bluetooth: hci1: command 0x1001 tx timeout [ 145.284123][ T3975] Bluetooth: hci1: sending frame failed (-49) [ 145.299748][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 145.302536][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 145.361464][ T6276] device veth0_vlan entered promiscuous mode [ 145.401551][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 145.404240][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 145.416069][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 145.418531][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 145.427150][ T6276] device veth1_vlan entered promiscuous mode [ 145.483149][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 145.486017][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 145.488622][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 145.491404][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 145.499212][ T6483] udc-core: couldn't find an available UDC or it's busy [ 145.501145][ T6483] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 145.502751][ T6276] device veth0_macvtap entered promiscuous mode [ 145.528084][ T6354] 8021q: adding VLAN 0 to HW filter on device bond0 [ 145.536828][ T6276] device veth1_macvtap entered promiscuous mode [ 145.560830][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 145.563462][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 145.566444][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 145.569406][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 145.574265][ T6276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 145.579652][ T6276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.582433][ T6276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 145.586558][ T6276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.589260][ T6276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 145.596833][ T6276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.599410][ T6276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 145.602143][ T6276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.608110][ T6276] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 145.612733][ T6354] 8021q: adding VLAN 0 to HW filter on device team0 [ 145.616804][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 145.619613][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 145.640195][ T6487] loop0: detected capacity change from 0 to 2048 [ 145.695270][ T6276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 145.698275][ T6276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.700801][ T6276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 145.703567][ T6276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.708987][ T6276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 145.711843][ T6276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.714553][ T6276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 145.718856][ T6276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.721497][ T6488] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 145.726195][ T6276] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 145.728343][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 145.731069][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 145.733609][ T4117] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.735633][ T4117] bridge0: port 1(bridge_slave_0) entered forwarding state [ 145.739244][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 145.741874][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 145.744410][ T4117] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.746368][ T4117] bridge0: port 2(bridge_slave_1) entered forwarding state [ 145.750504][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 145.753298][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 145.756708][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 145.759409][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 145.767366][ T6276] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.769745][ T6276] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.772105][ T6276] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.786244][ T6276] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.796147][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 145.798749][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 145.801711][ T6487] attempt to access beyond end of device [ 145.801711][ T6487] loop0: rw=0, want=343245196361802, limit=2048 [ 145.803219][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 145.810736][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 145.813517][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 145.816863][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 145.819468][ T6487] NILFS (loop0): I/O error reading meta-data file (ino=6, block-offset=1) [ 145.819520][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 145.832254][ T6354] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 145.838391][ T6354] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 145.846500][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 145.849158][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 145.853111][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 145.956477][ T4125] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 145.958687][ T4125] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 145.963758][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 146.166996][ T4125] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 146.169396][ T4125] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 146.176124][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 147.017804][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 147.020247][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 147.028288][ T6354] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 147.066110][ T6496] loop4: detected capacity change from 0 to 4096 [ 147.110570][ T4200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 147.116690][ T4200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 147.123692][ T6496] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 147.243511][ T4200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 147.246709][ T4200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 147.249433][ T4200] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 147.251952][ T4200] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 147.272258][ T6354] device veth0_vlan entered promiscuous mode [ 147.296535][ T6354] device veth1_vlan entered promiscuous mode [ 147.320237][ T3978] ntfs3: loop4: ntfs_sync_fs r=1a failed, -22. [ 147.326159][ T4200] Bluetooth: hci1: command 0x1009 tx timeout [ 147.328215][ T4200] Bluetooth: hci5: command 0x0419 tx timeout [ 147.344218][ T3978] ntfs3: loop4: ntfs_evict_inode r=1a failed, -22. [ 147.353279][ T3978] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 147.371860][ T6252] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 147.374443][ T6252] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 147.377601][ T6252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 147.380312][ T6252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 147.386000][ T6354] device veth0_macvtap entered promiscuous mode [ 147.400662][ T6511] loop0: detected capacity change from 0 to 2048 [ 147.401244][ T6354] device veth1_macvtap entered promiscuous mode [ 147.417259][ T6509] loop2: detected capacity change from 0 to 4096 [ 147.461027][ T6354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 147.463227][ T6511] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 147.463802][ T6354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.474852][ T6354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 147.477685][ T6354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.478671][ T6511] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 147.480166][ T6354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 147.490107][ T6513] loop4: detected capacity change from 0 to 256 [ 147.491898][ T6354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.494543][ T6354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 147.497869][ T6354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.500354][ T6354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 147.503008][ T6354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.509076][ T6354] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 147.511828][ T1532] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 147.514401][ T1532] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 147.525202][ T1532] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 147.529986][ T1532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 147.534228][ T6354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.546640][ T6354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.552805][ T6354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.556471][ T6354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.559138][ T6354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.560658][ T6513] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 147.562149][ T6354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.568092][ T6354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.571219][ T6354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.575117][ T6354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.577909][ T6354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.581865][ T6354] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 147.585586][ T4200] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 147.588387][ T4200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 147.601761][ T6354] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.611188][ T6513] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 147.611598][ T6354] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.620905][ T6515] loop0: detected capacity change from 0 to 256 [ 147.622965][ T6354] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.625440][ T6354] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.749466][ T6515] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xc14df490, utbl_chksum : 0xe619d30d) [ 147.972928][ T6515] overlayfs: filesystem on './file0' not supported [ 147.985310][ T4125] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 147.987755][ T4125] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 148.003224][ T4231] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 148.090104][ T6523] deleting an unspecified loop device is not supported. [ 148.704551][ T4125] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 148.707173][ T4125] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 148.712933][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 148.872619][ T6531] udc-core: couldn't find an available UDC or it's busy [ 148.874615][ T6531] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 149.094638][ T6535] loop2: detected capacity change from 0 to 4096 [ 149.155069][ T6535] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 149.305518][ T6276] ntfs3: loop2: ntfs_sync_fs r=1a failed, -22. [ 149.308786][ T6276] ntfs3: loop2: ntfs_evict_inode r=1a failed, -22. [ 149.310520][ T6276] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 149.316131][ T6526] loop4: detected capacity change from 0 to 32768 [ 149.383302][ T6526] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.862 (6526) [ 149.419173][ T6526] BTRFS info (device loop4): using crc32c (crc32c-generic) checksum algorithm [ 149.421611][ T6526] BTRFS info (device loop4): using free space tree [ 149.455869][ T6526] BTRFS info (device loop4): has skinny extents [ 149.603542][ T6555] loop3: detected capacity change from 0 to 512 [ 149.683152][ T6526] BTRFS info (device loop4): enabling ssd optimizations [ 149.715182][ T6555] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 149.745457][ T6555] EXT4-fs (loop3): Errors on filesystem, clearing orphan list. [ 149.747568][ T6555] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,noblock_validity,usrquota,prjquota,debug_want_extra_isize=0x0000000000000006,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9f,nodiscard,,errors=continue. Quota mode: writeback. [ 150.058379][ T6575] loop3: detected capacity change from 0 to 512 [ 150.129004][ T6575] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #15: comm syz.3.875: corrupted in-inode xattr [ 150.133326][ T6575] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.875: couldn't read orphan inode 15 (err -117) [ 150.146307][ T6575] EXT4-fs (loop3): mounted filesystem without journal. Opts: nouid32,block_validity,,errors=continue. Quota mode: writeback. [ 150.186929][ T6575] EXT4-fs warning (device loop3): __ext4fs_dirhash:283: invalid/unsupported hash tree version 135 [ 150.189954][ T6575] EXT4-fs warning (device loop3): __ext4fs_dirhash:283: invalid/unsupported hash tree version 135 [ 150.192885][ T6575] EXT4-fs error (device loop3): ext4_inlinedir_to_tree:1439: inode #12: block 7: comm syz.3.875: path /: bad entry in directory: rec_len is smaller than minimal - offset=4, inode=67108877, rec_len=0, size=60 fake=0 [ 150.237350][ T6354] EXT4-fs warning (device loop3): __ext4fs_dirhash:283: invalid/unsupported hash tree version 135 [ 150.371023][ T6588] loop0: detected capacity change from 0 to 512 [ 150.383823][ T6588] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 150.387763][ T6588] EXT4-fs (loop0): Errors on filesystem, clearing orphan list. [ 150.389939][ T6588] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,noblock_validity,usrquota,prjquota,debug_want_extra_isize=0x0000000000000006,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9f,nodiscard,,errors=continue. Quota mode: writeback. [ 151.095904][ T3978] device syz_tun left promiscuous mode [ 151.351730][ T6598] chnl_net:caif_netlink_parms(): no params data found [ 151.526076][ T6598] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.528007][ T6598] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.536571][ T6598] device bridge_slave_0 entered promiscuous mode [ 151.554348][ T6598] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.570017][ T6598] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.572764][ T6598] device bridge_slave_1 entered promiscuous mode [ 151.744767][ T6598] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 151.751800][ T6598] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 151.821009][ T6620] loop2: detected capacity change from 0 to 1024 [ 151.879787][ T6598] team0: Port device team_slave_0 added [ 151.883459][ T6598] team0: Port device team_slave_1 added [ 151.916262][ T6620] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback. [ 152.055925][ T6598] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 152.057844][ T6598] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 152.065511][ T6598] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 152.086275][ T6598] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 152.088130][ T6598] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 152.096447][ T6598] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 152.379462][ T6598] device hsr_slave_0 entered promiscuous mode [ 152.428001][ T6598] device hsr_slave_1 entered promiscuous mode [ 153.324458][ T6252] Bluetooth: hci4: command 0x0409 tx timeout [ 153.414999][ T6598] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 153.417161][ T6598] Cannot create hsr debugfs directory [ 153.577396][ T4119] device hsr_slave_0 left promiscuous mode [ 153.615015][ T4119] device hsr_slave_1 left promiscuous mode [ 153.695280][ T4119] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 153.697421][ T4119] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 153.709583][ T4119] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 153.711777][ T4119] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 153.725152][ T7] Bluetooth: hci0: command 0x0409 tx timeout [ 153.745388][ T4119] device bridge_slave_1 left promiscuous mode [ 153.747551][ T4119] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.783917][ T6645] loop2: detected capacity change from 0 to 32768 [ 153.796202][ T4119] device bridge_slave_0 left promiscuous mode [ 153.798151][ T4119] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.896525][ T6645] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.898 (6645) [ 153.903354][ T6645] BTRFS info (device loop2): using sha256 (sha256-ce) checksum algorithm [ 153.907351][ T6645] BTRFS info (device loop2): using free space tree [ 153.909118][ T6645] BTRFS info (device loop2): has skinny extents [ 153.935022][ T4119] device veth1_macvtap left promiscuous mode [ 153.936768][ T4119] device veth0_macvtap left promiscuous mode [ 153.938395][ T4119] device veth1_vlan left promiscuous mode [ 153.940451][ T4119] device veth0_vlan left promiscuous mode [ 153.989728][ T6645] BTRFS info (device loop2): enabling ssd optimizations [ 154.045022][ T21] Bluetooth: hci1: command 0x0409 tx timeout [ 154.423648][ T6679] mmap: syz.2.905 (6679) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 154.451308][ T4119] team0 (unregistering): Port device team_slave_1 removed [ 154.486430][ T4119] team0 (unregistering): Port device team_slave_0 removed [ 154.505001][ T4119] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 154.554247][ T4119] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 154.702613][ T4119] bond0 (unregistering): Released all slaves [ 154.804278][ T6654] ================================================================== [ 154.806869][ T6654] BUG: KASAN: slab-out-of-bounds in cfg80211_wext_freq+0x170/0x1ac [ 154.809065][ T6654] Read of size 2 at addr ffff0000e33ead40 by task syz.0.902/6654 [ 154.811174][ T6654] [ 154.811781][ T6654] CPU: 1 PID: 6654 Comm: syz.0.902 Not tainted 5.15.161-syzkaller #0 [ 154.814014][ T6654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 154.816813][ T6654] Call trace: [ 154.817757][ T6654] dump_backtrace+0x0/0x530 [ 154.818983][ T6654] show_stack+0x2c/0x3c [ 154.820100][ T6654] dump_stack_lvl+0x108/0x170 [ 154.821407][ T6654] print_address_description+0x7c/0x3f0 [ 154.822920][ T6654] kasan_report+0x174/0x1e4 [ 154.824145][ T6654] __asan_report_load2_noabort+0x44/0x50 [ 154.825653][ T6654] cfg80211_wext_freq+0x170/0x1ac [ 154.827041][ T6654] cfg80211_wext_siwscan+0x45c/0xe0c [ 154.828462][ T6654] ioctl_standard_iw_point+0x82c/0xe24 [ 154.829961][ T6654] ioctl_standard_call+0xcc/0x264 [ 154.831248][ T6654] wext_ioctl_dispatch+0x16c/0x3ec SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 154.832610][ T6654] wext_handle_ioctl+0x224/0x448 [ 154.833898][ T6654] sock_ioctl+0x140/0x8ac [ 154.835056][ T6654] __arm64_sys_ioctl+0x14c/0x1c8 [ 154.836325][ T6654] invoke_syscall+0x98/0x2b8 [ 154.837459][ T6654] el0_svc_common+0x138/0x258 [ 154.838785][ T6654] do_el0_svc+0x58/0x14c [ 154.839967][ T6654] el0_svc+0x7c/0x1f0 [ 154.841045][ T6654] el0t_64_sync_handler+0x84/0xe4 [ 154.842402][ T6654] el0t_64_sync+0x1a0/0x1a4 [ 154.843553][ T6654] [ 154.844168][ T6654] Allocated by task 6654: [ 154.845296][ T6654] ____kasan_kmalloc+0xbc/0xfc [ 154.846522][ T6654] __kasan_kmalloc+0x10/0x1c [ 154.847753][ T6654] __kmalloc+0x29c/0x4c8 [ 154.848927][ T6654] ioctl_standard_iw_point+0x3b8/0xe24 [ 154.850364][ T6654] ioctl_standard_call+0xcc/0x264 [ 154.851719][ T6654] wext_ioctl_dispatch+0x16c/0x3ec [ 154.853052][ T6654] wext_handle_ioctl+0x224/0x448 [ 154.854304][ T6654] sock_ioctl+0x140/0x8ac [ 154.855452][ T6654] __arm64_sys_ioctl+0x14c/0x1c8 [ 154.856758][ T6654] invoke_syscall+0x98/0x2b8 [ 154.857980][ T6654] el0_svc_common+0x138/0x258 [ 154.859191][ T6654] do_el0_svc+0x58/0x14c [ 154.860345][ T6654] el0_svc+0x7c/0x1f0 [ 154.861390][ T6654] el0t_64_sync_handler+0x84/0xe4 [ 154.862756][ T6654] el0t_64_sync+0x1a0/0x1a4 [ 154.863912][ T6654] [ 154.864498][ T6654] The buggy address belongs to the object at ffff0000e33eac00 [ 154.864498][ T6654] which belongs to the cache kmalloc-512 of size 512 [ 154.868126][ T6654] The buggy address is located 320 bytes inside of [ 154.868126][ T6654] 512-byte region [ffff0000e33eac00, ffff0000e33eae00) [ 154.871601][ T6654] The buggy address belongs to the page: [ 154.873120][ T6654] page:000000005170f865 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1233e8 [ 154.875955][ T6654] head:000000005170f865 order:2 compound_mapcount:0 compound_pincount:0 [ 154.878206][ T6654] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 154.880368][ T6654] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002600 [ 154.882630][ T6654] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 154.884898][ T6654] page dumped because: kasan: bad access detected [ 154.886625][ T6654] [ 154.887229][ T6654] Memory state around the buggy address: [ 154.888708][ T6654] ffff0000e33eac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 154.890833][ T6654] ffff0000e33eac80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 154.892971][ T6654] >ffff0000e33ead00: 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc [ 154.895072][ T6654] ^ [ 154.896714][ T6654] ffff0000e33ead80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 154.898863][ T6654] ffff0000e33eae00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 154.901066][ T6654] ================================================================== [ 154.903230][ T6654] Disabling lock debugging due to kernel taint [ 154.908241][ T6654] ================================================================================ [ 154.910834][ T6654] UBSAN: array-index-out-of-bounds in net/wireless/scan.c:2829:8 [ 154.912973][ T6654] index 33 is out of range for type 'struct iw_freq[32]' [ 154.918759][ T6654] CPU: 0 PID: 6654 Comm: syz.0.902 Tainted: G B 5.15.161-syzkaller #0 [ 154.921358][ T6654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 154.924044][ T6654] Call trace: [ 154.924911][ T6654] dump_backtrace+0x0/0x530 [ 154.926186][ T6654] show_stack+0x2c/0x3c [ 154.927259][ T6654] dump_stack_lvl+0x108/0x170 [ 154.928475][ T6654] dump_stack+0x1c/0x58 [ 154.929598][ T6654] __ubsan_handle_out_of_bounds+0x108/0x15c [ 154.931258][ T6654] cfg80211_wext_siwscan+0x4cc/0xe0c [ 154.932715][ T6654] ioctl_standard_iw_point+0x82c/0xe24 [ 154.934189][ T6654] ioctl_standard_call+0xcc/0x264 [ 154.935555][ T6654] wext_ioctl_dispatch+0x16c/0x3ec [ 154.936917][ T6654] wext_handle_ioctl+0x224/0x448 [ 154.938260][ T6654] sock_ioctl+0x140/0x8ac [ 154.939429][ T6654] __arm64_sys_ioctl+0x14c/0x1c8 [ 154.940788][ T6654] invoke_syscall+0x98/0x2b8 [ 154.942036][ T6654] el0_svc_common+0x138/0x258 [ 154.943262][ T6654] do_el0_svc+0x58/0x14c [ 154.944361][ T6654] el0_svc+0x7c/0x1f0 [ 154.945441][ T6654] el0t_64_sync_handler+0x84/0xe4 [ 154.946782][ T6654] el0t_64_sync+0x1a0/0x1a4 [ 154.953015][ T6654] ================================================================================ [ 155.025461][ T6685] device bridge_slave_1 left promiscuous mode [ 155.027213][ T6685] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.124848][ T1532] Bluetooth: hci1: command 0x041b tx timeout [ 157.233033][ T4119] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.272704][ T4119] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.311663][ T4119] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.360559][ T4119] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.517235][ T4119] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.563527][ T4119] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.610166][ T4119] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.674931][ T4119] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.818017][ T4119] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.879912][ T4119] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.925088][ T4119] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.960826][ T4119] device netdevsim0 left promiscuous mode [ 158.050089][ T4119] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.085951][ T4119] device hsr_slave_0 left promiscuous mode [ 163.135050][ T4119] device hsr_slave_1 left promiscuous mode [ 163.214928][ T4119] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.216983][ T4119] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 163.222192][ T4119] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 163.224377][ T4119] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.229004][ T4119] device bridge_slave_0 left promiscuous mode [ 163.230697][ T4119] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.266815][ T4119] device hsr_slave_0 left promiscuous mode [ 163.305109][ T4119] device hsr_slave_1 left promiscuous mode [ 163.384911][ T4119] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 163.389367][ T4119] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.393823][ T4119] device bridge_slave_1 left promiscuous mode [ 163.396029][ T4119] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.455614][ T4119] device bridge_slave_0 left promiscuous mode [ 163.457341][ T4119] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.489402][ T4119] device hsr_slave_0 left promiscuous mode [ 163.535030][ T4119] device hsr_slave_1 left promiscuous mode [ 163.654955][ T4119] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.656975][ T4119] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 163.661490][ T4119] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 163.663492][ T4119] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.669241][ T4119] device bridge_slave_1 left promiscuous mode [ 163.671038][ T4119] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.705664][ T4119] device bridge_slave_0 left promiscuous mode [ 163.707434][ T4119] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.758943][ T4119] device hsr_slave_0 left promiscuous mode [ 163.794996][ T4119] device hsr_slave_1 left promiscuous mode [ 163.884989][ T4119] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.887259][ T4119] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 163.892811][ T4119] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 163.895244][ T4119] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.899635][ T4119] device bridge_slave_1 left promiscuous mode [ 163.901367][ T4119] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.935701][ T4119] device bridge_slave_0 left promiscuous mode [ 163.937472][ T4119] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.085071][ T4119] device veth1_macvtap left promiscuous mode [ 164.086824][ T4119] device veth0_macvtap left promiscuous mode [ 164.088434][ T4119] device veth1_vlan left promiscuous mode [ 164.090057][ T4119] device veth0_vlan left promiscuous mode [ 164.175431][ T4119] device veth1_macvtap left promiscuous mode [ 164.177162][ T4119] device veth0_macvtap left promiscuous mode [ 164.178839][ T4119] device veth1_vlan left promiscuous mode [ 164.180371][ T4119] device veth0_vlan left promiscuous mode [ 164.264969][ T4119] device veth1_macvtap left promiscuous mode [ 164.266628][ T4119] device veth0_macvtap left promiscuous mode [ 164.268251][ T4119] device veth1_vlan left promiscuous mode [ 164.269840][ T4119] device veth0_vlan left promiscuous mode [ 164.618187][ T4119] team0 (unregistering): Port device team_slave_1 removed [ 164.627797][ T4119] team0 (unregistering): Port device team_slave_0 removed [ 164.634041][ T4119] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 164.701505][ T4119] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface