last executing test programs: 2m14.349197393s ago: executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000006000000000000000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000e80)=ANY=[@ANYBLOB="44010000100001000000000000000000ac141400"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0200000000000000000000000000000000000032000000ac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f100000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000004c0012006d6f7275733634302d737365320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fdffffffffffffff00080016"], 0x144}}, 0x0) 2m12.550739075s ago: executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) setuid(r2) bind$bt_hci(r0, &(0x7f0000000100), 0x6) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0xd) 2m11.518479228s ago: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a9646", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x8a, &(0x7f00000002c0)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a9646", 0x54, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x15, 0x2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @md5sig={0x13, 0x12, "ca0c734891a263a2ef1df715fb24b095"}, @timestamp={0x8, 0xa}, @md5sig={0x13, 0x12, "2bdd4b74a1f6aa675459bc4d77085aa8"}, @fastopen={0x22, 0x3, 'l'}, @generic={0x0, 0x2}]}}}}}}}}, 0x0) 2m10.610375416s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000010018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0) 2m3.998121381s ago: executing program 0: r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) socket$inet6(0xa, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x3ffffffffffffda, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1m59.060424027s ago: executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000e8ff0000000000ff000022850000000e0000003f0001000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = io_uring_setup(0x5ed4, &(0x7f00000002c0)) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r1, 0xd, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x2}, 0x20) 1m56.970477662s ago: executing program 4: r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xb, &(0x7f0000000c00)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1) 1m56.037267755s ago: executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a9646", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) syz_emit_ethernet(0x8a, &(0x7f00000002c0)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a9646", 0x54, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x15, 0x2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @md5sig={0x13, 0x12, "ca0c734891a263a2ef1df715fb24b095"}, @timestamp={0x8, 0xa}, @md5sig={0x13, 0x12, "2bdd4b74a1f6aa675459bc4d77085aa8"}, @fastopen={0x22, 0x3, 'l'}, @generic={0x0, 0x2}]}}}}}}}}, 0x0) 1m55.311325038s ago: executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x4}, 0x8) sendto$inet6(0xffffffffffffffff, &(0x7f00000000c0)="03", 0x1a000, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) 1m54.635628769s ago: executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001540)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 1m44.846293399s ago: executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x4}, 0x8) sendto$inet6(0xffffffffffffffff, &(0x7f00000000c0)="03", 0x1a000, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) 1m44.376932317s ago: executing program 1: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x44, r0, 0x0, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x1c, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "f2dc1e4c7c"}, @NL80211_KEY_IDX={0x5, 0x2, 0x4}, @NL80211_KEY_DEFAULT_MGMT={0x4}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x44}}, 0x0) 1m43.807617111s ago: executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a4"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000e80)=ANY=[@ANYBLOB="44010000100001000000000000000000ac141400"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0200000000000000000000000000000000000032000000ac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f100000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000004c0012006d6f7275733634302d737365320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fdffffffffffffff00080016"], 0x144}}, 0x0) 1m43.315459173s ago: executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000e8ff0000000000ff000022850000000e0000003f0001000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = io_uring_setup(0x5ed4, &(0x7f00000002c0)) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r1, 0xd, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x2}, 0x20) 1m42.616453599s ago: executing program 1: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={0x0, r0}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000300)={[{@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@jqfmt_vfsold}, {@usrquota}, {@data_err_abort}]}, 0x1, 0x5e7, &(0x7f0000000600)="$eJzs3c9vVNUeAPDvmf6gpe+9FkLee7iQJsZAorS0gCHGBWwNafBH3Lix0oJIgYbWaNGEEnFjYtwYY+LKhfhfKJEtK125cOPKkBA1LE0cc2fmlk57p79oO5X7+SRDzz1nLudMp9+55557zp0ASmsw+6cSsT8iplNEf5pfKOuMRuFg/XkP/vjgbPZIUa2+8luK1MjLn58aP/saO/dExA/fp9jbsbzemblrF8enpiavNraHZy9ND8/MXTt84dL4+cnzk5dHnxs9cfzY8RMjRzb0uq4X5J2++fa7/R+Pvf71l3+mkW9+HktxMl5sPHHx69gsgzFY+52k5UV9Jza7sjbpaPydLH6LU2fhUz/s3bZWsVb5+9cVEf+L/uiIh29ef3z0UlsbB2ypaoqoAiWVxD+UVN4PyM/tl54HV9rSKwG2w/1T9QGA5fHfWR8bjJ7a2MDuBykWD+ukiNjYyFyzfRFx987YzXN3xm7GFo3DAcXmb0TE/4viP9XifyB6YqAW/5Wm+M/6BWcaP7P8lzdY/9KhYvEP26ce/z0rxn+0iP83FsX/mxusf/Bh8q3epvh3tQgAAAAAAADW6/apiHi26Pp/ZWH+TxTM/+mLiJObUP/gku3l1/8r9zahGqDA/VMRLxTM/91Vu7Jfm/070NFI/bs2H6ArnbswNXkkIv4TEYeia1e2PbJCHYc/2ftFq7LBxvy//JHVf7cxF7Cucq9zV/M+E+Oz44/+yoH7NyKeKJz/mxaO/6ng+J99HkyvsY69T98606ps9fgHtkr1q4iDhet/Ht61Iq18f47hWn9gOO8VLPfk+59+26r+jcZ/8S0mgPXIjv+7V47/gbT4fj0z66/j6FxntVXZRvv/3enV2i1nuht5743Pzl4diehOpzuy3Kb80fW3GR5HeTzk8ZLF/6GnVh7/K+r/90bE/JL/O/3evKY499+/+n5p1R79f2ifLP4n1nX8X39i9NbAd63qX9vx/1jtWH+okWP8D+o+z8O0uzm/IBw7i4q2u70AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DioRMS/IlWGFtKVytBQRF9E7IvdlakrM7PPnLvyzuWJrKz2/f+V/Jt+++vbKf/+/4FF26NLto9GxJ6I+Kyjt7Y9dPbK1ES7XzwAAAAAAAAAAAAAAAAAAADsEH0t1v9nfu1od+uALdfZ7gYAbVMQ/z+2ox3A9nP8h/IS/1Be4h/KS/xDeYl/KC/xD+Ul/qG8xD8AAAAAADxW9hy4/VOKiPnne2uPTHejrKutLQO2WqXdDQDaxi1+oLxM/YHyco4PpFXKe1rutNqeK5k++wg7AwAAAAAAAAAAAEDpHNxv/T+UlfX/UF7W/0N55ev/D7S5HcD2c44PxCor+QvX/6+6FwAAAAAAAAAAAACwmWbmrl0cn5qavCrx2s5oxpYlumNZUbVavZ79FeyQFv7TE/lU+J3SniWJfK3f2vZq32cSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ7O8AAAD//x2MJI4=") 1m33.861445374s ago: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x3bc6, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x3, 0x8, 0x1}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000400)={{r1}, &(0x7f0000000380), &(0x7f00000003c0)='%-010d \x00'}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 1m24.168312027s ago: executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) bind$bt_hci(r0, 0x0, 0x0) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0xd) 1m12.479092795s ago: executing program 1: read$FUSE(0xffffffffffffffff, &(0x7f00000000c0)={0x2020}, 0x2020) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x2}) r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgsnd(r0, &(0x7f00000000c0)=ANY=[], 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) mlock2(&(0x7f0000ff6000/0x2000)=nil, 0x2000, 0x0) mincore(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0) 12.227620238s ago: executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockname(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, &(0x7f0000000080)=0x80) dup2(r0, r1) r2 = socket$nl_route(0x10, 0x3, 0x0) recvmsg(r2, &(0x7f0000000140)={&(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0, 0x0, 0x0, 0x41}, 0x0) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000008140)={0x0, @loopback, @multicast1}, &(0x7f0000008180)=0xc) 10.036395962s ago: executing program 3: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x40, r0, 0x801, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x18, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "f2dc1e4c7c"}, @NL80211_KEY_IDX={0x5, 0x2, 0x4}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x40}}, 0x0) 8.428211151s ago: executing program 3: syz_mount_image$udf(&(0x7f0000000400), &(0x7f0000000100)='./file0\x00', 0x800048, &(0x7f00000001c0)=ANY=[], 0x1, 0x4b1, &(0x7f0000000740)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==") open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x145142, 0x0) ftruncate(r0, 0x2007ffb) r1 = open(&(0x7f0000000000)='./bus\x00', 0x64942, 0x0) r2 = open(&(0x7f0000007f80)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x1000200201005) 4.617677577s ago: executing program 2: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000000e00)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x20050800) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @empty}, 0x10) syz_emit_ethernet(0xfc, &(0x7f0000000500)=ANY=[@ANYBLOB="aa"], 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000000)={0x0, 0x0}) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x4, &(0x7f0000000300)={0x6, &(0x7f00000001c0)=[{0x20, 0x9, 0x0, 0x1}, {0x4, 0x1f, 0x1f, 0xacb1}, {0x2, 0x9, 0x7, 0xfa}, {0xff, 0x8, 0x15, 0x5d9}, {0x9, 0xff, 0x0, 0x5}, {0x2, 0xc3, 0x40, 0x800}]}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x4040804}, 0x4040010) r3 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) r4 = add_key$fscrypt_v1(&(0x7f0000000200), &(0x7f0000000240)={'fscrypt:', @desc4}, &(0x7f0000000280)={0x0, "ff00153a2a84a80c589209d7e4f293b71351c305e674b376080cc96f20713face67677c51ad8c662d926c788ba49379fdf72b153f1e770ca64eff6a4c318201b"}, 0x48, r3) keyctl$KEYCTL_MOVE(0x1e, r4, 0xfffffffffffffffb, r3, 0x0) 4.510859714s ago: executing program 3: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x0, 0x7}, 0x10) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) 4.087132816s ago: executing program 2: r0 = socket(0x11, 0x3, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000300)=0x16, 0x4) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6tnl0\x00', 0x0}) sendto$packet(r0, &(0x7f00000000c0)='?', 0x1, 0x0, &(0x7f0000000540)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) 3.007683813s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = socket$inet_udplite(0x2, 0x2, 0x88) bind$inet(r0, &(0x7f0000000400)={0x2, 0x0, @multicast1}, 0x10) connect$unix(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket(0x10, 0x2, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x4) socket$netlink(0x10, 0x3, 0x0) bind$packet(r1, &(0x7f0000000400)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @remote}, 0x14) sendto$packet(r1, &(0x7f0000000080)="1555f6acfd136f8ed06375bd86dd", 0xe, 0x0, 0x0, 0x0) 1.8578159s ago: executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) poll(0x0, 0x0, 0x401) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) rt_sigreturn() r1 = socket$inet6(0xa, 0x1, 0x0) openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000011c0)={0xffffffffffffffff}) getsockname(r2, &(0x7f0000000100)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, &(0x7f0000000080)=0x80) close(r3) ioctl$BTRFS_IOC_DEV_REPLACE(r1, 0x5450, 0x0) 1.809073678s ago: executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket(0x10, 0x3, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x5a523}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_DPORT={0x6}]}}}]}, 0x44}}, 0x0) socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4e, 0x0, 0x0) syz_emit_ethernet(0x66, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) sendto$packet(r1, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @random="5dc413dd9f96"}, 0x14) 895.567531ms ago: executing program 2: gettid() timer_create(0x0, &(0x7f0000533fa0), 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000000940)={'filter\x00', 0x7, 0x4, 0x4c8, 0x0, 0xe8, 0xe8, 0x3e0, 0x3e0, 0x3e0, 0x4, 0x0, {[{{@arp={@private, @empty, 0x0, 0x0, 0x0, 0x0, {@mac=@multicast}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'ipvlan1\x00', 'pimreg1\x00', {}, {}, 0x2}, 0xc0, 0xe8}, @unspec=@STANDARD={0x28}}, {{@uncond, 0xc0, 0x1e8}, @unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:devpts_t:s0\x00'}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @remote, @dev}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x518) 164.295921ms ago: executing program 2: setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8ab8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000006900000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000013c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(0xffffffffffffffff, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)={&(0x7f0000000d40)={0x16c, 0x0, 0xf0a7f0384afb92c5, 0x0, 0x4, {{0x60}, {@void, @val={0xc, 0x99, {0x0, 0x33}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_IE={0x104, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0x9a}}, @preq={0x82, 0x30, {{}, 0x0, 0x7, 0x7ff, @device_a, 0x100, @void, 0xda, 0x704, 0x2, [{{}, @broadcast, 0x5}, {{0x0, 0x0, 0x1}, @broadcast, 0x7}]}}, @preq={0x82, 0x41, {{0x1, 0x1, 0x0, 0x0, 0x1}, 0xce, 0x7f, 0x1, @broadcast, 0xaf46, @value, 0x1, 0x8, 0x3, [{{0x0, 0x0, 0x1}, @device_b, 0xfffffff8}, {{0x0, 0x0, 0x1}, @device_b, 0x5}, {{0x0, 0x0, 0x1}, @device_b, 0xfff}]}}, @chsw_timing={0x68, 0x0, {0x1}}, @prep={0x83, 0x25, {{0x0, 0x1}, 0x5, 0x1, @device_b, 0x8, @value, 0x9, 0x1, @device_a, 0x30b8}}, @channel_switch={0x25, 0x3, {0x0, 0xa, 0x81}}, @rann={0x7e, 0x15, {{0x0, 0x36}, 0x3, 0x5d, @broadcast, 0x6, 0xffff8001, 0xfffff0bf}}, @ext_channel_switch={0x3c, 0x4, {0x0, 0x40, 0xaf, 0x6}}]}, @NL80211_ATTR_IE={0x3a, 0x2a, [@mic={0x8c, 0x18, {0x7ea, "0473dbfd0d5d", @long="16dfcf072d77799e3909f7c53a52768e"}}, @ssid={0x0, 0x6, @default_ibss_ssid}, @mesh_config={0x71, 0x7, {0x1, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x1, 0x8}}, @dsss={0x3, 0x1, 0x6c}, @gcr_ga={0xbd, 0x6, @device_b}]}]}, 0x16c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, 0xfffffffffffffffc, 0x0) 0s ago: executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a9646", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x86, &(0x7f00000002c0)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a9646", 0x50, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x14, 0x2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @md5sig={0x13, 0x12, "ca0c734891a263a2ef1df715fb24b095"}, @timestamp={0x8, 0xa}, @md5sig={0x13, 0x12, "2bdd4b74a1f6aa675459bc4d77085aa8"}, @fastopen={0x22, 0x3, 'l'}]}}}}}}}}, 0x0) kernel console output (not intermixed with test programs): 36.431398][ T29] audit: type=1800 audit(1717302282.358:2): pid=5244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=33 res=0 errno=0 [ 236.590142][ T5252] loop2: detected capacity change from 0 to 4096 [ 236.913710][ T5262] process 'syz-executor.3' launched './file0' with NULL argv: empty string added [ 237.474276][ T29] audit: type=1800 audit(1717302283.328:3): pid=5252 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=34 res=0 errno=0 [ 237.523734][ T5269] loop0: detected capacity change from 0 to 8 [ 237.577737][ T5269] Filesystem uses "unknown" compression. This is not supported [ 237.862449][ T5269] loop0: detected capacity change from 0 to 128 [ 237.937383][ T5269] FAT-fs (loop0): bogus sectors per cluster 0 [ 237.946643][ T5269] FAT-fs (loop0): Can't find a valid FAT filesystem [ 237.966176][ T4282] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 237.974659][ T4282] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 238.170092][ T5129] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 238.178361][ T5129] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 238.483125][ T5270] loop1: detected capacity change from 0 to 4096 [ 238.589023][ T5270] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 238.660773][ T5281] loop3: detected capacity change from 0 to 64 [ 238.858474][ T5284] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 239.053614][ T5129] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 239.113407][ T5270] ntfs3: loop1: failed to convert "c46c" to cp869 [ 239.395775][ T780] kernel write not supported for file bpf-prog (pid: 780 comm: kworker/0:2) [ 239.459968][ T29] audit: type=1326 audit(1717302285.348:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5268 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc17967cee9 code=0x0 [ 239.684766][ T5129] usb 3-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd [ 239.694396][ T5129] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 239.702830][ T5129] usb 3-1: Product: syz [ 239.707228][ T5129] usb 3-1: Manufacturer: syz [ 239.712213][ T5129] usb 3-1: SerialNumber: syz [ 239.750597][ T5129] usb 3-1: config 0 descriptor?? [ 239.823851][ T5081] Bluetooth: hci5: urb ffff88804897f480 submission failed (2) [ 240.459284][ T5297] loop3: detected capacity change from 0 to 2048 [ 240.554910][ T5297] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 240.642187][ T5307] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 240.654634][ T5297] syz-executor.3: attempt to access beyond end of device [ 240.654634][ T5297] loop3: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 240.773626][ T5308] loop1: detected capacity change from 0 to 8 [ 240.919490][ T5308] SQUASHFS error: zlib decompression failed, data probably corrupt [ 240.928208][ T5308] SQUASHFS error: Failed to read block 0x9b: -5 [ 240.934716][ T29] audit: type=1326 audit(1717302286.798:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5294 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf9747cee9 code=0x7ffc0000 [ 240.935149][ T29] audit: type=1326 audit(1717302286.818:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5294 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf9747cee9 code=0x7ffc0000 [ 240.935370][ T29] audit: type=1326 audit(1717302286.838:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5294 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7faf9747a667 code=0x7ffc0000 [ 240.935596][ T29] audit: type=1326 audit(1717302286.848:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5294 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7faf97440329 code=0x7ffc0000 [ 240.935817][ T29] audit: type=1326 audit(1717302286.848:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5294 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7faf9747a667 code=0x7ffc0000 [ 240.936030][ T29] audit: type=1326 audit(1717302286.848:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5294 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7faf97440329 code=0x7ffc0000 [ 240.944656][ T29] audit: type=1326 audit(1717302286.868:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5294 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf9747cee9 code=0x7ffc0000 [ 240.961977][ T5308] SQUASHFS error: Unable to read metadata cache entry [99] [ 241.118768][ T5308] SQUASHFS error: Unable to read inode 0x127 [ 241.527643][ T5129] usb 3-1: USB disconnect, device number 2 [ 241.774424][ T5308] loop1: detected capacity change from 0 to 512 [ 241.845224][ T5308] EXT4-fs (loop1): invalid inodes per group: 0 [ 241.845224][ T5308] [ 242.174518][ T5312] loop0: detected capacity change from 0 to 4096 [ 242.208546][ T5312] ======================================================= [ 242.208546][ T5312] WARNING: The mand mount option has been deprecated and [ 242.208546][ T5312] and is ignored by this kernel. Remove the mand [ 242.208546][ T5312] option from the mount to silence this warning. [ 242.208546][ T5312] ======================================================= [ 242.571499][ T5323] loop1: detected capacity change from 0 to 64 [ 242.633114][ T5130] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 242.894717][ T5130] usb 3-1: Using ep0 maxpacket: 32 [ 243.084619][ T5130] usb 3-1: config 0 has an invalid interface number: 6 but max is 0 [ 243.093366][ T5130] usb 3-1: config 0 descriptor has 1 excess byte, ignoring [ 243.100859][ T5130] usb 3-1: config 0 has 2 interfaces, different from the descriptor's value: 1 [ 243.110181][ T5130] usb 3-1: config 0 has no interface number 1 [ 243.116643][ T5130] usb 3-1: config 0 interface 6 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 7 [ 243.130389][ T5130] usb 3-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=a1.f5 [ 243.139891][ T5130] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.188681][ T5130] usb 3-1: config 0 descriptor?? [ 243.307314][ T5324] loop4: detected capacity change from 0 to 4096 [ 243.327271][ T5324] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 243.442128][ T5320] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 243.490623][ T5330] loop1: detected capacity change from 0 to 1024 [ 243.668409][ T5330] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.1'. [ 243.682983][ T5330] netlink: 100 bytes leftover after parsing attributes in process `syz-executor.1'. [ 243.697683][ T5324] ntfs3: loop4: failed to convert "c46c" to cp869 [ 243.748355][ T5334] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 243.805543][ T5130] usb 3-1: USB disconnect, device number 3 [ 243.948733][ T29] kauditd_printk_skb: 21 callbacks suppressed [ 243.948805][ T29] audit: type=1326 audit(1717302289.878:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5322 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fddc747cee9 code=0x0 [ 243.968641][ T5341] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 244.813785][ T29] audit: type=1800 audit(1717302290.668:34): pid=5349 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1955 res=0 errno=0 [ 245.001844][ T5358] loop0: detected capacity change from 0 to 8 [ 245.083304][ T5358] SQUASHFS error: zlib decompression failed, data probably corrupt [ 245.091491][ T5358] SQUASHFS error: Failed to read block 0x9b: -5 [ 245.098146][ T5358] SQUASHFS error: Unable to read metadata cache entry [99] [ 245.105762][ T5358] SQUASHFS error: Unable to read inode 0x127 [ 245.177031][ T5360] loop3: detected capacity change from 0 to 8 [ 245.262153][ T5360] SQUASHFS error: zlib decompression failed, data probably corrupt [ 245.270858][ T5360] SQUASHFS error: Failed to read block 0x9b: -5 [ 245.277511][ T5360] SQUASHFS error: Unable to read metadata cache entry [99] [ 245.285111][ T5360] SQUASHFS error: Unable to read inode 0x127 [ 245.321296][ T5358] loop0: detected capacity change from 0 to 512 [ 245.383597][ T5358] EXT4-fs (loop0): invalid inodes per group: 0 [ 245.383597][ T5358] [ 245.560283][ T5360] loop3: detected capacity change from 0 to 512 [ 245.598103][ T5360] EXT4-fs (loop3): invalid inodes per group: 0 [ 245.598103][ T5360] [ 246.327899][ T5380] loop3: detected capacity change from 0 to 256 [ 246.630582][ T5387] fuse: Unknown parameter 'group_½ñ›mr ílRŠ¢›£ËLU²ù*ÂåÁÆäц·¤' [ 246.813006][ T5130] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 247.274511][ T5388] loop0: detected capacity change from 0 to 4096 [ 247.295903][ T5130] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 247.307082][ T5130] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 64, changing to 10 [ 247.318695][ T5130] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 247.332039][ T5130] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 247.341430][ T5130] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.395031][ T5388] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 247.451333][ T5130] usb 4-1: invalid MIDI out EP 0 [ 247.722016][ T5130] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 247.751169][ T5130] usb 4-1: USB disconnect, device number 2 [ 247.783783][ T5388] ntfs3: loop0: failed to convert "c46c" to cp869 [ 247.843946][ T5396] loop4: detected capacity change from 0 to 512 [ 247.879000][ T5396] EXT4-fs: Ignoring removed oldalloc option [ 247.921605][ T5396] EXT4-fs error (device loop4): ext4_xattr_inode_iget:436: comm syz-executor.4: Parent and EA inode have the same ino 15 [ 247.964441][ T5396] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2847: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 247.983441][ T5396] EXT4-fs error (device loop4): ext4_xattr_inode_iget:436: comm syz-executor.4: Parent and EA inode have the same ino 15 [ 248.033651][ T5396] EXT4-fs (loop4): 1 orphan inode deleted [ 248.039663][ T5396] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 248.164295][ T5395] loop1: detected capacity change from 0 to 4096 [ 248.195797][ T29] audit: type=1326 audit(1717302294.088:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5385 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffb15e7cee9 code=0x0 [ 248.856794][ T5075] EXT4-fs error (device loop4): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz-executor.4: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 248.920069][ T5075] EXT4-fs error (device loop4): ext4_lookup:1858: inode #2: comm syz-executor.4: deleted inode referenced: 15 [ 248.939021][ T5075] EXT4-fs error (device loop4): ext4_lookup:1858: inode #2: comm syz-executor.4: deleted inode referenced: 15 [ 249.390330][ T5075] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.416025][ T4195] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.578989][ T4195] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.598001][ T5413] loop3: detected capacity change from 0 to 8 [ 249.699597][ T5413] SQUASHFS error: zlib decompression failed, data probably corrupt [ 249.708636][ T5413] SQUASHFS error: Failed to read block 0x9b: -5 [ 249.719936][ T5413] SQUASHFS error: Unable to read metadata cache entry [99] [ 249.728695][ T5413] SQUASHFS error: Unable to read inode 0x127 [ 249.762451][ T4195] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.873549][ T4195] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.951591][ T5413] loop3: detected capacity change from 0 to 512 [ 249.968383][ T5413] EXT4-fs (loop3): invalid inodes per group: 0 [ 249.968383][ T5413] [ 250.161170][ T4195] bridge_slave_1: left allmulticast mode [ 250.167480][ T4195] bridge_slave_1: left promiscuous mode [ 250.174129][ T4195] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.246158][ T4195] bridge_slave_0: left allmulticast mode [ 250.252050][ T4195] bridge_slave_0: left promiscuous mode [ 250.258719][ T4195] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.320725][ T5419] loop1: detected capacity change from 0 to 8 [ 250.449695][ T5419] SQUASHFS error: zlib decompression failed, data probably corrupt [ 250.466446][ T5419] SQUASHFS error: Failed to read block 0x9b: -5 [ 250.473351][ T5419] SQUASHFS error: Unable to read metadata cache entry [99] [ 250.480760][ T5419] SQUASHFS error: Unable to read inode 0x127 [ 250.678359][ T5421] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 250.730969][ T5421] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 250.905299][ T5419] loop1: detected capacity change from 0 to 512 [ 250.927195][ T5419] EXT4-fs (loop1): invalid inodes per group: 0 [ 250.927195][ T5419] [ 250.942124][ T4195] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 251.019975][ T4195] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 251.043974][ T4195] bond0 (unregistering): Released all slaves [ 251.165343][ T5130] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 251.753074][ T5130] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 251.762434][ T5130] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.774485][ T5130] usb 4-1: Product: syz [ 251.778873][ T5130] usb 4-1: Manufacturer: syz [ 251.783754][ T5130] usb 4-1: SerialNumber: syz [ 251.842279][ T5130] usb 4-1: config 0 descriptor?? [ 252.027469][ T4195] hsr_slave_0: left promiscuous mode [ 252.093458][ T4195] hsr_slave_1: left promiscuous mode [ 252.099277][ T10] usb 4-1: USB disconnect, device number 3 [ 252.152352][ T4195] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 252.160847][ T4195] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 252.314975][ T4195] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 252.322846][ T4195] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 252.397233][ T5432] loop0: detected capacity change from 0 to 256 [ 252.494338][ T4195] veth1_macvtap: left promiscuous mode [ 252.500185][ T4195] veth0_macvtap: left promiscuous mode [ 252.506244][ T4195] veth1_vlan: left promiscuous mode [ 252.511803][ T4195] veth0_vlan: left promiscuous mode [ 253.255410][ T5077] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 253.271906][ T5077] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 253.282050][ T5077] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 253.297753][ T5077] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 253.338595][ T5077] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 253.350812][ T5077] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 253.644856][ T5432] FAT-fs (loop0): Directory bread(block 64) failed [ 253.651798][ T5432] FAT-fs (loop0): Directory bread(block 65) failed [ 253.666709][ T5432] FAT-fs (loop0): Directory bread(block 66) failed [ 253.676984][ T5432] FAT-fs (loop0): Directory bread(block 67) failed [ 253.683987][ T5432] FAT-fs (loop0): Directory bread(block 68) failed [ 253.690732][ T5432] FAT-fs (loop0): Directory bread(block 69) failed [ 253.697793][ T5432] FAT-fs (loop0): Directory bread(block 70) failed [ 253.707639][ T5432] FAT-fs (loop0): Directory bread(block 71) failed [ 253.717557][ T5432] FAT-fs (loop0): Directory bread(block 72) failed [ 253.725223][ T5432] FAT-fs (loop0): Directory bread(block 73) failed [ 254.203575][ T5445] Process accounting resumed [ 254.602238][ T4195] team0 (unregistering): Port device team_slave_1 removed [ 254.685890][ T4195] team0 (unregistering): Port device team_slave_0 removed [ 255.497815][ T5077] Bluetooth: hci2: command tx timeout [ 256.585920][ T5439] chnl_net:caif_netlink_parms(): no params data found [ 256.756959][ T5463] loop0: detected capacity change from 0 to 2048 [ 256.793123][ T5154] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 256.919659][ T5463] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 256.932390][ T5463] ext4 filesystem being mounted at /root/syzkaller-testdir2150944346/syzkaller.lFz9jy/16/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 257.265525][ T5069] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 257.383190][ T5154] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 257.392660][ T5154] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.403433][ T5154] usb 3-1: Product: syz [ 257.407826][ T5154] usb 3-1: Manufacturer: syz [ 257.413548][ T5154] usb 3-1: SerialNumber: syz [ 257.450265][ T5154] usb 3-1: config 0 descriptor?? [ 257.578188][ T5081] Bluetooth: hci2: command tx timeout [ 257.729423][ T5154] usb 3-1: USB disconnect, device number 4 [ 257.874772][ T5479] loop3: detected capacity change from 0 to 64 [ 258.078356][ T5439] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.086278][ T5439] bridge0: port 1(bridge_slave_0) entered disabled state [ 258.094221][ T5439] bridge_slave_0: entered allmulticast mode [ 258.103419][ T5439] bridge_slave_0: entered promiscuous mode [ 258.207918][ T5439] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.222034][ T5439] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.230105][ T5439] bridge_slave_1: entered allmulticast mode [ 258.239323][ T5439] bridge_slave_1: entered promiscuous mode [ 258.491040][ T5439] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 258.576199][ T5439] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 258.781600][ T5439] team0: Port device team_slave_0 added [ 258.815232][ T5439] team0: Port device team_slave_1 added [ 259.028208][ T5439] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 259.041200][ T5439] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 259.069101][ T5439] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 259.200530][ T5439] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 259.209098][ T5439] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 259.235784][ T5439] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 259.673398][ T5081] Bluetooth: hci2: command tx timeout [ 259.780361][ T5439] hsr_slave_0: entered promiscuous mode [ 259.797662][ T5439] hsr_slave_1: entered promiscuous mode [ 259.823700][ T5439] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 259.831484][ T5439] Cannot create hsr debugfs directory [ 260.133676][ T5505] netlink: 'syz-executor.0': attribute type 19 has an invalid length. [ 260.154003][ T5507] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 260.659670][ T5509] loop3: detected capacity change from 0 to 2048 [ 260.737822][ T5509] loop3: p1 < > p4 [ 260.763160][ T5509] loop3: p4 size 8388608 extends beyond EOD, truncated [ 260.818670][ T5515] netlink: 'syz-executor.0': attribute type 7 has an invalid length. [ 260.827233][ T5515] netlink: 'syz-executor.0': attribute type 39 has an invalid length. [ 261.273132][ T5518] netlink: 'syz-executor.0': attribute type 7 has an invalid length. [ 261.281471][ T5518] netlink: 'syz-executor.0': attribute type 39 has an invalid length. [ 261.732967][ T5081] Bluetooth: hci2: command tx timeout [ 261.881739][ T5439] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 262.027306][ T5439] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 262.097778][ T5439] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 262.151471][ T5439] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 262.767594][ T5537] Illegal XDP return value 4294967274 on prog (id 13) dev N/A, expect packet loss! [ 263.141134][ T5439] 8021q: adding VLAN 0 to HW filter on device bond0 [ 263.449367][ T5439] 8021q: adding VLAN 0 to HW filter on device team0 [ 264.442260][ T5552] loop1: detected capacity change from 0 to 64 [ 264.581924][ T5541] net_ratelimit: 44 callbacks suppressed [ 264.581998][ T5541] sctp: failed to load transform for md5: -2 [ 264.656575][ T5130] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.664375][ T5130] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.319533][ T5130] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.327298][ T5130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 265.884964][ T5439] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 266.378036][ T5563] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 266.387762][ T5563] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 266.398112][ T5563] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 266.409865][ T5563] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 266.466700][ T5563] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 266.475851][ T5563] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 267.693621][ T5439] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 267.980395][ T5591] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 269.050903][ T5610] loop3: detected capacity change from 0 to 512 [ 269.124362][ T5613] loop1: detected capacity change from 0 to 1024 [ 269.159187][ T5613] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 269.200888][ T5613] EXT4-fs (loop1): can't mount with journal_checksum, fs mounted w/o journal [ 269.240517][ T5610] Quota error (device loop3): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 269.251862][ T5610] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 269.262381][ T5610] EXT4-fs error (device loop3): ext4_acquire_dquot:6882: comm syz-executor.3: Failed to acquire dquot type 1 [ 269.305042][ T5610] EXT4-fs (loop3): Remounting filesystem read-only [ 269.312022][ T5610] EXT4-fs (loop3): 1 truncate cleaned up [ 269.318083][ T5610] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 269.331319][ T5610] ext4 filesystem being mounted at /root/syzkaller-testdir2190243232/syzkaller.OvIdvL/28/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 269.445390][ T5074] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 270.084782][ T5439] veth0_vlan: entered promiscuous mode [ 270.258213][ T5439] veth1_vlan: entered promiscuous mode [ 270.571964][ T5439] veth0_macvtap: entered promiscuous mode [ 270.674240][ T5439] veth1_macvtap: entered promiscuous mode [ 270.827421][ T5439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 270.838587][ T5439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.848848][ T5439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 270.861035][ T5439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.872113][ T5439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 270.882819][ T5439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.892907][ T5439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 270.903642][ T5439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.922920][ T5439] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 271.073615][ T5439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 271.084785][ T5439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.096637][ T5439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 271.107828][ T5439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.121127][ T5439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 271.133069][ T5439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.143231][ T5439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 271.154076][ T5439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.169532][ T5439] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 271.367163][ T5439] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.376841][ T5439] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.385807][ T5439] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.394774][ T5439] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.473726][ T5648] loop3: detected capacity change from 0 to 1024 [ 272.515640][ T5648] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 272.572342][ T5648] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=f04cc01c, mo2=0002] [ 272.581401][ T5648] System zones: 0-1, 3-36 [ 272.608697][ T5653] veth1_macvtap: left promiscuous mode [ 272.633456][ T5648] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 272.657700][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 273.139532][ T5074] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 273.191282][ T5081] Bluetooth: hci4: unexpected cc 0x080c length: 0 < 5 [ 274.697102][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 276.105122][ T5130] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 276.506913][ T5130] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 276.516430][ T5130] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.617643][ T5130] usb 2-1: config 0 descriptor?? [ 276.781663][ T5705] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.3'. [ 276.959028][ T5130] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00 [ 276.968152][ T5130] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 277.013497][ T5130] [drm:udl_init] *ERROR* Selecting channel failed [ 277.090162][ T5130] [drm] Initialized udl 0.0.1 20120220 for 2-1:0.0 on minor 2 [ 277.100820][ T5130] [drm] Initialized udl on minor 2 [ 277.153344][ T5130] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 277.166845][ T5130] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 277.203257][ T5154] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 277.243492][ T5154] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 277.252202][ T5154] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 277.253568][ T5081] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 277.266228][ T5130] usb 2-1: USB disconnect, device number 2 [ 277.271377][ T5081] Bluetooth: hci4: Injecting HCI hardware error event [ 277.282139][ T5077] Bluetooth: hci4: hardware error 0x00 [ 277.337195][ T4282] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.345695][ T4282] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 277.496268][ T5154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.504488][ T5154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 278.343969][ T5125] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 278.599945][ T5718] loop1: detected capacity change from 0 to 2048 [ 278.720130][ T5718] loop1: p1 < > p4 [ 278.748630][ T5718] loop1: p4 size 8388608 extends beyond EOD, truncated [ 278.763241][ T5125] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 278.953953][ T5125] usb 5-1: Dual-Role OTG device on HNP port [ 278.984171][ T5125] usb 5-1: New USB device found, idVendor=1a0a, idProduct=0102, bcdDevice=7a.b1 [ 278.993949][ T5125] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.006520][ T5125] usb 5-1: Product: syz [ 279.010931][ T5125] usb 5-1: Manufacturer: syz [ 279.017304][ T5125] usb 5-1: SerialNumber: syz [ 279.069627][ T5125] usb 5-1: config 0 descriptor?? [ 279.167494][ T5125] usb_ehset_test 5-1:0.0: probe with driver usb_ehset_test failed with error -32 [ 279.333006][ T5077] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 279.343264][ T5125] usb 5-1: USB disconnect, device number 2 [ 280.547481][ T1218] ieee802154 phy0 wpan0: encryption failed: -22 [ 280.554296][ T1218] ieee802154 phy1 wpan1: encryption failed: -22 [ 280.835616][ T5125] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 281.234104][ T5125] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 281.243769][ T5125] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.316594][ T5125] usb 2-1: config 0 descriptor?? [ 281.613691][ T5125] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00 [ 281.622466][ T5125] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 281.687679][ T5125] [drm:udl_init] *ERROR* Selecting channel failed [ 281.743816][ T5125] [drm] Initialized udl 0.0.1 20120220 for 2-1:0.0 on minor 2 [ 281.751566][ T5125] [drm] Initialized udl on minor 2 [ 281.838224][ T5125] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 281.849434][ T5125] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 281.883496][ T5119] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 281.930062][ T5125] usb 2-1: USB disconnect, device number 3 [ 281.937398][ T5119] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 281.946517][ T5119] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 282.611410][ T5753] loop3: detected capacity change from 0 to 2048 [ 282.756229][ T5753] loop3: p1 < > p4 [ 282.796831][ T5753] loop3: p4 size 8388608 extends beyond EOD, truncated [ 285.304749][ T0] NOHZ tick-stop error: local softirq work is pending, handler #41!!! [ 285.393018][ T5119] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 285.491944][ T5787] loop3: detected capacity change from 0 to 1024 [ 285.544273][ T5787] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 285.606054][ T5787] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=f04cc01c, mo2=0002] [ 285.647203][ T5787] System zones: 0-1, 3-36 [ 285.742146][ T5787] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 285.873763][ T5119] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 285.883617][ T5119] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.945591][ T5119] usb 5-1: config 0 descriptor?? [ 286.235612][ T5119] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00 [ 286.244760][ T5119] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 286.251460][ T5074] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 286.325299][ T5119] [drm:udl_init] *ERROR* Selecting channel failed [ 286.366501][ T5119] [drm] Initialized udl 0.0.1 20120220 for 5-1:0.0 on minor 2 [ 286.380725][ T5119] [drm] Initialized udl on minor 2 [ 286.416679][ T5119] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 286.426312][ T5119] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 286.449871][ T5119] usb 5-1: USB disconnect, device number 3 [ 286.462443][ T5125] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 286.472023][ T5125] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 286.485668][ T5125] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 291.003402][ T29] audit: type=1800 audit(1717302336.858:36): pid=5840 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=1944 res=0 errno=0 [ 292.450633][ T5852] netlink: 'syz-executor.1': attribute type 7 has an invalid length. [ 292.459572][ T5852] netlink: 'syz-executor.1': attribute type 39 has an invalid length. [ 292.589118][ T5852] netlink: 'syz-executor.1': attribute type 7 has an invalid length. [ 292.598593][ T5852] netlink: 'syz-executor.1': attribute type 39 has an invalid length. [ 295.373977][ T5872] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 297.063123][ T5896] netlink: 'syz-executor.4': attribute type 7 has an invalid length. [ 297.071452][ T5896] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 297.151393][ T5896] netlink: 'syz-executor.4': attribute type 7 has an invalid length. [ 297.160070][ T5896] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 297.473909][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 297.489554][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 297.501405][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 298.256378][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 298.564347][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 299.774976][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 299.792077][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 300.174151][ T5924] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. [ 308.892666][ C0] hrtimer: interrupt took 162857 ns [ 309.396441][ T29] audit: type=1804 audit(1717302355.068:37): pid=6027 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/file0/root/syzkaller-testdir1581112947/syzkaller.TkH9rs/53/bus" dev="sda1" ino=1965 res=1 errno=0 [ 311.799679][ T6031] loop1: detected capacity change from 0 to 512 [ 312.044931][ T6031] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 312.450526][ T6031] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz-executor.1: bg 0: block 248: padding at end of block bitmap is not set [ 312.775425][ T6031] Quota error (device loop1): write_blk: dquota write failed [ 312.783956][ T6031] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 312.802123][ T6031] EXT4-fs error (device loop1): ext4_acquire_dquot:6882: comm syz-executor.1: Failed to acquire dquot type 1 [ 312.978456][ T6036] loop4: detected capacity change from 0 to 512 [ 313.095187][ T6036] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 313.117466][ T6031] EXT4-fs (loop1): 1 truncate cleaned up [ 313.123623][ T6031] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 313.136714][ T6031] ext4 filesystem being mounted at /root/syzkaller-testdir3076339018/syzkaller.mhSN0k/63/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 313.386962][ T6036] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz-executor.4: bg 0: block 248: padding at end of block bitmap is not set [ 313.544566][ T6036] Quota error (device loop4): write_blk: dquota write failed [ 313.552798][ T6036] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 313.563277][ T6036] EXT4-fs error (device loop4): ext4_acquire_dquot:6882: comm syz-executor.4: Failed to acquire dquot type 1 [ 313.787737][ T6036] EXT4-fs (loop4): 1 truncate cleaned up [ 313.794729][ T6036] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 313.890580][ T6041] loop0: detected capacity change from 0 to 512 [ 314.029261][ T781] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 314.983402][ T6031] syz-executor.1 (6031) used greatest stack depth: 3344 bytes left [ 315.063095][ T781] usb 2-1: device descriptor read/all, error -71 [ 315.283873][ T5073] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 315.341986][ T6036] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 315.433391][ T6041] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 315.441638][ T6041] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=1843c01c, mo2=0002] [ 315.920289][ T6041] EXT4-fs (loop0): couldn't mount RDWR because of unsupported optional features (80) [ 315.930444][ T6041] EXT4-fs (loop0): Skipping orphan cleanup due to unknown ROCOMPAT features [ 315.939439][ T6041] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 316.088497][ T6041] EXT4-fs (loop0): Online resizing not supported with sparse_super2 [ 316.474995][ T5069] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 320.470063][ T6063] loop3: detected capacity change from 0 to 128 [ 320.574661][ T6063] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 320.793235][ T6063] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 321.697804][ T29] audit: type=1804 audit(1717302367.518:38): pid=6063 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2190243232/syzkaller.OvIdvL/66/file0/bus" dev="loop3" ino=115 res=1 errno=0 [ 323.000338][ T6074] loop1: detected capacity change from 0 to 2048 [ 323.073912][ T6074] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found! [ 323.608110][ T6074] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 325.252290][ T6082] loop0: detected capacity change from 0 to 2048 [ 325.530643][ T6082] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 325.811360][ T6086] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 325.944209][ T6085] loop3: detected capacity change from 0 to 512 [ 326.133132][ T29] audit: type=1800 audit(1717302371.958:39): pid=6082 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 326.245660][ T6085] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 326.653414][ T6085] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz-executor.3: bg 0: block 248: padding at end of block bitmap is not set [ 326.834550][ T6085] Quota error (device loop3): write_blk: dquota write failed [ 326.842692][ T6085] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 326.853102][ T6085] EXT4-fs error (device loop3): ext4_acquire_dquot:6882: comm syz-executor.3: Failed to acquire dquot type 1 [ 327.223768][ T6085] EXT4-fs (loop3): 1 truncate cleaned up [ 327.229788][ T6085] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 327.249107][ T6085] ext4 filesystem being mounted at /root/syzkaller-testdir2190243232/syzkaller.OvIdvL/68/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 328.186387][ T781] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 328.764126][ T781] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 328.778923][ T781] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.022008][ T781] usb 4-1: config 0 descriptor?? [ 329.636580][ T781] usb 4-1: can't set config #0, error -71 [ 329.785391][ T5074] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 329.806456][ T781] usb 4-1: USB disconnect, device number 4 [ 330.605994][ T6103] loop4: detected capacity change from 0 to 128 [ 330.863285][ T6103] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 331.316711][ T6103] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 332.153117][ T29] audit: type=1804 audit(1717302377.848:40): pid=6111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3593695103/syzkaller.9KQdUE/30/file0/bus" dev="loop4" ino=115 res=1 errno=0 [ 333.984868][ T6118] loop0: detected capacity change from 0 to 2048 [ 334.354207][ T6118] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 334.613600][ T6118] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 335.807816][ T6127] loop3: detected capacity change from 0 to 2048 [ 336.067833][ T6127] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 336.517491][ T6134] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 336.996842][ T29] audit: type=1800 audit(1717302382.688:41): pid=6127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 338.831188][ T6150] loop1: detected capacity change from 0 to 128 [ 338.918563][ T6150] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 338.939188][ T4428] Bluetooth: hci1: command 0x0406 tx timeout [ 338.946594][ T4428] Bluetooth: hci3: command 0x0406 tx timeout [ 338.953072][ T4428] Bluetooth: hci0: command 0x0406 tx timeout [ 339.049468][ T6150] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 339.393407][ T29] audit: type=1804 audit(1717302385.158:42): pid=6150 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3076339018/syzkaller.mhSN0k/73/file0/bus" dev="loop1" ino=115 res=1 errno=0 [ 342.068560][ T1218] ieee802154 phy0 wpan0: encryption failed: -22 [ 342.075673][ T1218] ieee802154 phy1 wpan1: encryption failed: -22 [ 344.197486][ T29] audit: type=1800 audit(1717302389.918:43): pid=6180 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file2" dev="sda1" ino=1946 res=0 errno=0 [ 345.251959][ T6189] loop0: detected capacity change from 0 to 2048 [ 345.570325][ T6189] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 345.797673][ T6193] loop3: detected capacity change from 0 to 128 [ 345.839158][ T6189] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 345.999638][ T6193] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 346.333245][ T6193] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 346.845588][ T29] audit: type=1804 audit(1717302392.578:44): pid=6197 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2190243232/syzkaller.OvIdvL/76/file0/bus" dev="loop3" ino=115 res=1 errno=0 [ 353.072280][ T6226] loop1: detected capacity change from 0 to 2048 [ 353.431732][ T6226] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found! [ 353.793387][ T6226] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 354.124998][ T6231] loop3: detected capacity change from 0 to 128 [ 354.295211][ T6231] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 354.419577][ T6231] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 354.659902][ T29] audit: type=1804 audit(1717302400.498:45): pid=6231 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2190243232/syzkaller.OvIdvL/79/file0/bus" dev="loop3" ino=115 res=1 errno=0 [ 356.754852][ T6253] kvm: kvm [6245]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0xc00000000800 [ 356.810752][ T6253] kvm: kvm [6245]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xc10000000000 [ 356.958370][ T6253] kvm: kvm [6245]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x1d0000000000 [ 357.829226][ T6266] loop0: detected capacity change from 0 to 128 [ 357.923775][ T6266] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 357.980104][ T6266] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 358.043152][ T781] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 358.358606][ T29] audit: type=1804 audit(1717302404.228:46): pid=6266 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir2150944346/syzkaller.lFz9jy/75/file0/bus" dev="loop0" ino=115 res=1 errno=0 [ 358.583193][ T781] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 358.595046][ T781] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 358.605199][ T781] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 358.614669][ T781] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 358.763083][ T781] usb 2-1: config 0 descriptor?? [ 360.022333][ T781] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0001/input/input5 [ 360.159401][ T781] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0001/input/input6 [ 360.280962][ T781] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0001/input/input7 [ 360.471083][ T781] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0001/input/input8 [ 360.730022][ T781] uclogic 0003:256C:006D.0001: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.1-1/input0 [ 360.839311][ T781] usb 2-1: USB disconnect, device number 6 [ 361.463417][ T43] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 361.487347][ T6289] loop1: detected capacity change from 0 to 128 [ 361.609028][ T6289] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 361.732445][ T6289] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 361.962411][ T43] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 361.972086][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.023053][ T29] audit: type=1804 audit(1717302407.838:47): pid=6289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3076339018/syzkaller.mhSN0k/84/file0/bus" dev="loop1" ino=115 res=1 errno=0 [ 362.058874][ T6289] UDF-fs: error (device loop1): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 362.124977][ T43] usb 4-1: config 0 descriptor?? [ 362.425332][ T6296] syz-executor.2 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 365.244609][ T43] usb 4-1: Cannot set autoneg [ 365.250025][ T43] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 365.396074][ T43] usb 4-1: USB disconnect, device number 5 [ 365.689495][ T29] audit: type=1800 audit(1717302411.528:48): pid=6323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1952 res=0 errno=0 [ 365.711079][ T29] audit: type=1800 audit(1717302411.558:49): pid=6323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1952 res=0 errno=0 [ 365.732300][ T29] audit: type=1804 audit(1717302411.588:50): pid=6323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/file0/root/syzkaller-testdir1581112947/syzkaller.TkH9rs/80/bus" dev="sda1" ino=1952 res=1 errno=0 [ 368.981439][ T29] audit: type=1800 audit(1717302414.428:51): pid=6323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="bus" dev="sda1" ino=1952 res=0 errno=0 [ 369.204398][ T6348] loop4: detected capacity change from 0 to 2048 [ 369.396075][ T6348] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found! [ 370.023241][ T6348] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 373.358385][ T29] audit: type=1800 audit(1717302419.288:52): pid=6383 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1957 res=0 errno=0 [ 373.532115][ T6386] loop0: detected capacity change from 0 to 256 [ 373.541992][ T29] audit: type=1800 audit(1717302419.338:53): pid=6383 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1957 res=0 errno=0 [ 373.563090][ T29] audit: type=1804 audit(1717302419.408:54): pid=6383 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/file0/root/syzkaller-testdir1581112947/syzkaller.TkH9rs/83/bus" dev="sda1" ino=1957 res=1 errno=0 [ 373.650914][ T6387] loop3: detected capacity change from 0 to 8 [ 373.860002][ T6387] SQUASHFS error: Failed to read block 0x4e8: -5 [ 373.872761][ T6386] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 373.971937][ T29] audit: type=1800 audit(1717302419.798:55): pid=6387 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 374.248720][ T6390] loop4: detected capacity change from 0 to 2048 [ 374.359708][ T6390] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found! [ 374.499534][ T6390] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 375.511393][ T6396] loop3: detected capacity change from 0 to 512 [ 375.679685][ T6397] loop0: detected capacity change from 0 to 1024 [ 375.694549][ T6396] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz-executor.3: invalid indirect mapped block 256 (level 2) [ 375.784096][ T6396] EXT4-fs (loop3): 2 truncates cleaned up [ 375.790195][ T6396] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 376.048229][ T29] audit: type=1800 audit(1717302421.888:56): pid=6396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 376.230372][ T29] audit: type=1800 audit(1717302422.068:57): pid=6383 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="bus" dev="sda1" ino=1957 res=0 errno=0 [ 376.947569][ T5074] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 377.575911][ T2500] hfsplus: b-tree write err: -5, ino 4 [ 378.711570][ T6415] kvm: kvm [6410]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0xc00000000800 [ 378.764716][ T6415] kvm: kvm [6410]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xc10000000000 [ 378.858835][ T6415] kvm: kvm [6410]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x1d0000000000 [ 378.957838][ T6415] kvm: kvm [6410]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x850000000000 [ 379.065214][ T6416] loop1: detected capacity change from 0 to 4096 [ 379.166546][ T6416] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 379.546503][ T6416] ntfs3: loop1: Failed to initialize $Extend/$Reparse. [ 379.894297][ T5078] Bluetooth: hci2: command 0x0406 tx timeout [ 380.675264][ T5073] ntfs3: loop1: ino=1a, ntfs_sync_fs failed, -22. [ 381.032323][ T6428] loop3: detected capacity change from 0 to 128 [ 381.134199][ T6428] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 381.253090][ T6428] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 381.466831][ T29] audit: type=1800 audit(1717302427.298:58): pid=6428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=115 res=0 errno=0 [ 381.488367][ T29] audit: type=1800 audit(1717302427.318:59): pid=6428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=115 res=0 errno=0 [ 381.514781][ T29] audit: type=1804 audit(1717302427.338:60): pid=6428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2190243232/syzkaller.OvIdvL/92/file0/bus" dev="loop3" ino=115 res=1 errno=0 [ 382.480397][ T6435] fuseblk: Unknown parameter 'smackfsroot' [ 383.973912][ T29] audit: type=1800 audit(1717302429.798:61): pid=6428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="bus" dev="loop3" ino=115 res=0 errno=0 [ 385.580619][ T43] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 386.033468][ T43] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 386.042898][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.148920][ T43] usb 4-1: config 0 descriptor?? [ 389.060083][ T29] audit: type=1804 audit(1717302434.898:62): pid=6466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3076339018/syzkaller.mhSN0k/98/bus" dev="sda1" ino=1960 res=1 errno=0 [ 389.385758][ T43] usb 4-1: Cannot set autoneg [ 389.399849][ T43] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 389.543897][ T43] usb 4-1: USB disconnect, device number 6 [ 390.902896][ T6477] loop4: detected capacity change from 0 to 8 [ 391.110960][ T6477] SQUASHFS error: Failed to read block 0x4e8: -5 [ 391.210447][ T6475] loop3: detected capacity change from 0 to 2048 [ 391.219859][ T29] audit: type=1800 audit(1717302437.048:63): pid=6477 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.4" name="file1" dev="loop4" ino=5 res=0 errno=0 [ 391.318129][ T6475] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found! [ 391.466932][ T6475] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 391.508990][ T6473] loop1: detected capacity change from 0 to 4096 [ 391.632768][ T6473] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 392.096283][ T6473] ntfs3: loop1: Failed to initialize $Extend/$Reparse. [ 392.704521][ T5073] ntfs3: loop1: ino=1a, ntfs_sync_fs failed, -22. [ 394.428415][ T29] audit: type=1804 audit(1717302440.238:64): pid=6499 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/file0/root/syzkaller-testdir1581112947/syzkaller.TkH9rs/94/bus" dev="sda1" ino=1965 res=1 errno=0 [ 394.958242][ T29] audit: type=1800 audit(1717302440.798:65): pid=6502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="sda1" ino=1956 res=0 errno=0 [ 395.448030][ T6504] loop1: detected capacity change from 0 to 2048 [ 395.570577][ T6504] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 396.691684][ T29] audit: type=1800 audit(1717302442.498:66): pid=6511 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file2" dev="sda1" ino=1948 res=0 errno=0 [ 397.157449][ T6516] loop1: detected capacity change from 0 to 256 [ 397.213720][ T6517] loop0: detected capacity change from 0 to 128 [ 398.906516][ T6523] loop0: detected capacity change from 0 to 164 [ 399.093121][ T6523] rock: corrupted directory entry. extent=28, offset=0, size=16777216 [ 399.223839][ T6523] rock: corrupted directory entry. extent=28, offset=0, size=16777216 [ 400.190545][ T6525] loop1: detected capacity change from 0 to 4096 [ 400.414857][ T6527] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 400.700307][ T6531] loop0: detected capacity change from 0 to 256 [ 401.422644][ T29] audit: type=1800 audit(1717302447.268:67): pid=6535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1946 res=0 errno=0 [ 401.795635][ T6537] loop3: detected capacity change from 0 to 256 [ 402.077520][ T6528] loop4: detected capacity change from 0 to 8192 [ 402.113422][ T6537] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 402.276558][ T6528] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 403.717864][ T1218] ieee802154 phy0 wpan0: encryption failed: -22 [ 403.729065][ T1218] ieee802154 phy1 wpan1: encryption failed: -22 [ 405.761526][ T6554] loop4: detected capacity change from 0 to 2048 [ 405.943132][ T6554] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found! [ 406.063387][ T6554] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 406.171973][ T6556] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 406.994768][ T5078] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 407.012357][ T5078] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 407.022757][ T5078] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 407.055825][ T5078] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 407.067146][ T5078] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 407.076897][ T5078] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 407.572705][ T6567] loop1: detected capacity change from 0 to 164 [ 407.796286][ T6567] rock: corrupted directory entry. extent=28, offset=0, size=16777216 [ 407.881993][ T6566] loop0: detected capacity change from 0 to 2048 [ 407.933199][ T6567] rock: corrupted directory entry. extent=28, offset=0, size=16777216 [ 408.005686][ T6566] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 408.182881][ T6571] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 409.173912][ T5078] Bluetooth: hci5: command tx timeout [ 409.797065][ T6583] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 409.861303][ T6581] loop4: detected capacity change from 0 to 2048 [ 409.933169][ T6581] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found! [ 410.043002][ T6581] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 410.944998][ T6560] chnl_net:caif_netlink_parms(): no params data found [ 411.263678][ T5078] Bluetooth: hci5: command tx timeout [ 411.334788][ T3716] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.895608][ T3716] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.981725][ T6609] loop0: detected capacity change from 0 to 164 [ 413.115672][ T6609] rock: corrupted directory entry. extent=28, offset=0, size=16777216 [ 413.223854][ T6608] loop4: detected capacity change from 0 to 2048 [ 413.233141][ T6609] rock: corrupted directory entry. extent=28, offset=0, size=16777216 [ 413.272089][ T6608] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 413.333953][ T5078] Bluetooth: hci5: command tx timeout [ 413.389854][ T3716] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.434097][ T6611] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 414.331489][ T3716] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.866061][ T6617] loop0: detected capacity change from 0 to 256 [ 415.139068][ T6560] bridge0: port 1(bridge_slave_0) entered blocking state [ 415.146908][ T6560] bridge0: port 1(bridge_slave_0) entered disabled state [ 415.154853][ T6560] bridge_slave_0: entered allmulticast mode [ 415.164093][ T6560] bridge_slave_0: entered promiscuous mode [ 415.363366][ T6620] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 415.375917][ T6618] loop1: detected capacity change from 0 to 2048 [ 415.413930][ T5078] Bluetooth: hci5: command tx timeout [ 415.485640][ T6560] bridge0: port 2(bridge_slave_1) entered blocking state [ 415.493556][ T6560] bridge0: port 2(bridge_slave_1) entered disabled state [ 415.508043][ T6560] bridge_slave_1: entered allmulticast mode [ 415.517342][ T6560] bridge_slave_1: entered promiscuous mode [ 415.559787][ T6618] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found! [ 415.700439][ T6618] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 417.137420][ T6560] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 417.301873][ T6560] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 417.644503][ T6632] loop4: detected capacity change from 0 to 1024 [ 417.759821][ T6632] EXT4-fs: Ignoring removed nobh option [ 417.774073][ T3716] bridge_slave_1: left allmulticast mode [ 417.779964][ T3716] bridge_slave_1: left promiscuous mode [ 417.786611][ T3716] bridge0: port 2(bridge_slave_1) entered disabled state [ 417.842277][ T6632] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 418.001174][ T6632] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #11: comm syz-executor.4: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 418.100499][ T6632] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz-executor.4: couldn't read orphan inode 11 (err -117) [ 418.176241][ T6632] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 418.361157][ T6632] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz-executor.4: Invalid block bitmap block 0 in block_group 0 [ 418.385022][ T3716] bridge_slave_0: left allmulticast mode [ 418.390907][ T3716] bridge_slave_0: left promiscuous mode [ 418.400470][ T3716] bridge0: port 1(bridge_slave_0) entered disabled state [ 418.537956][ T6632] Quota error (device loop4): write_blk: dquota write failed [ 418.545999][ T6632] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 418.556357][ T6632] EXT4-fs error (device loop4): ext4_acquire_dquot:6882: comm syz-executor.4: Failed to acquire dquot type 0 [ 419.015248][ T6635] loop1: detected capacity change from 0 to 8192 [ 419.269985][ T5439] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 419.311975][ T6635] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 419.563233][ T4282] Quota error (device loop4): do_check_range: Getting block 0 out of range 1-8 [ 419.574079][ T4282] EXT4-fs error (device loop4): ext4_release_dquot:6905: comm kworker/u8:24: Failed to release dquot type 0 [ 420.647039][ T6651] loop4: detected capacity change from 0 to 256 [ 420.671887][ T3716] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 420.905375][ T6651] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 421.832096][ T6655] loop1: detected capacity change from 0 to 2048 [ 421.902161][ T6655] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found! [ 422.001060][ T3716] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 422.045042][ T6655] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 422.217426][ T3716] bond0 (unregistering): Released all slaves [ 422.703008][ T6560] team0: Port device team_slave_0 added [ 422.754864][ T6560] team0: Port device team_slave_1 added [ 423.785962][ T6560] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 423.793209][ T6560] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 423.824453][ T6560] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 424.060905][ T6669] loop0: detected capacity change from 0 to 2048 [ 424.166869][ T6669] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 424.330579][ T6560] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 424.338337][ T6560] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 424.364627][ T6560] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 424.423655][ T6672] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 424.623452][ T6669] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 424.634328][ T6669] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 424.713700][ T3716] hsr_slave_0: left promiscuous mode [ 424.787007][ T6669] Remounting filesystem read-only [ 424.851720][ T6669] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 424.862841][ T6669] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 424.979043][ T6669] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 424.990070][ T6669] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 425.053505][ T3716] hsr_slave_1: left promiscuous mode [ 425.106760][ T3716] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 425.114791][ T3716] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 425.141476][ T6669] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 425.152336][ T6669] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 425.277091][ T6669] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 425.288101][ T6669] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 425.402950][ T6669] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 425.414148][ T6669] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 425.522099][ T6669] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 425.533633][ T6669] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 425.591021][ T3716] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 425.598881][ T3716] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 425.689118][ T6669] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 425.700257][ T6669] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 425.788057][ T6669] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 425.799065][ T6669] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 425.897630][ T6669] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 425.908652][ T6669] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 426.039834][ T6669] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 426.059977][ T6669] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 426.195024][ T6669] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 426.205942][ T6669] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 426.315137][ T6669] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 426.326090][ T6669] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 426.418296][ T6669] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 426.429236][ T6669] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 426.523743][ T6669] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 426.534774][ T6669] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 426.624127][ T3716] veth1_macvtap: left promiscuous mode [ 426.629991][ T3716] veth0_macvtap: left promiscuous mode [ 426.636004][ T3716] veth1_vlan: left promiscuous mode [ 426.641551][ T3716] veth0_vlan: left promiscuous mode [ 426.660123][ T6669] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 426.680028][ T6669] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 426.775020][ T29] audit: type=1800 audit(1717302472.628:68): pid=6669 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.0" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 426.830237][ T6695] Zero length message leads to an empty skb [ 428.497359][ T6708] syz-executor.1[6708] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 428.497995][ T6708] syz-executor.1[6708] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 429.978136][ T3716] team0 (unregistering): Port device team_slave_1 removed [ 430.120732][ T3716] team0 (unregistering): Port device team_slave_0 removed [ 432.518803][ T6560] hsr_slave_0: entered promiscuous mode [ 433.007505][ T6560] hsr_slave_1: entered promiscuous mode [ 433.326925][ T6560] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 433.334927][ T6560] Cannot create hsr debugfs directory [ 433.768097][ T6743] loop1: detected capacity change from 0 to 1024 [ 433.900592][ T6743] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 433.982340][ T6743] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 434.045997][ T6743] EXT4-fs (loop1): orphan cleanup on readonly fs [ 434.184309][ T6743] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz-executor.1: Invalid block bitmap block 0 in block_group 0 [ 434.290756][ T6747] loop0: detected capacity change from 0 to 2048 [ 434.325669][ T6743] Quota error (device loop1): write_blk: dquota write failed [ 434.333814][ T6743] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 434.351270][ T6743] EXT4-fs error (device loop1): ext4_acquire_dquot:6882: comm syz-executor.1: Failed to acquire dquot type 0 [ 434.409321][ T6747] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 434.553940][ T6752] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 434.581293][ T6743] EXT4-fs error (device loop1): ext4_free_blocks:6576: comm syz-executor.1: Freeing blocks not in datazone - block = 0, count = 4096 [ 434.684059][ T6753] syz-executor.2[6753] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 434.684679][ T6753] syz-executor.2[6753] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 434.697680][ T6743] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz-executor.1: Invalid inode bitmap blk 0 in block_group 0 [ 434.745215][ T6747] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 434.764790][ T6747] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 434.881985][ T6743] EXT4-fs error (device loop1) in ext4_free_inode:362: Corrupt filesystem [ 434.923923][ T2500] Quota error (device loop1): do_check_range: Getting block 0 out of range 1-8 [ 434.934169][ T2500] EXT4-fs error (device loop1): ext4_release_dquot:6905: comm kworker/u8:6: Failed to release dquot type 0 [ 434.981486][ T6747] Remounting filesystem read-only [ 434.987920][ T6743] EXT4-fs (loop1): 1 orphan inode deleted [ 435.053906][ T6747] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 435.074148][ T6747] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 435.104972][ T6743] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 435.244606][ T6747] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 435.256162][ T6747] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 435.444891][ T6747] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 435.455785][ T6747] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 435.580358][ T6747] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 435.591313][ T6747] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 435.688553][ T6747] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 435.699518][ T6747] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 435.798968][ T6747] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 435.810138][ T6747] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 435.918034][ T6747] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 435.929037][ T6747] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 436.025628][ T6747] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 436.036857][ T6747] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 436.105248][ T5073] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 436.222773][ T6747] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 436.233884][ T6747] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 436.365478][ T6747] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 436.376381][ T6747] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 436.576592][ T6747] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 436.587637][ T6747] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 436.783888][ T6747] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 436.795602][ T6747] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 436.949667][ T6747] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 436.960693][ T6747] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 437.103251][ T6747] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 437.124198][ T6747] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 437.247952][ T6747] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 437.258996][ T6747] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 437.371823][ T29] audit: type=1800 audit(1717302483.198:69): pid=6747 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.0" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 438.675316][ T6779] loop1: detected capacity change from 0 to 128 [ 438.789969][ T6779] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 439.595650][ T29] audit: type=1326 audit(1717302485.438:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6784 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67f467cee9 code=0x7ffc0000 [ 439.618891][ T29] audit: type=1326 audit(1717302485.458:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6784 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67f467cee9 code=0x7ffc0000 [ 439.642265][ T29] audit: type=1326 audit(1717302485.458:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6784 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67f467cee9 code=0x7ffc0000 [ 439.667182][ T29] audit: type=1326 audit(1717302485.468:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6784 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67f467cee9 code=0x7ffc0000 [ 439.694608][ T29] audit: type=1326 audit(1717302485.488:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6784 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67f467cee9 code=0x7ffc0000 [ 439.718960][ T29] audit: type=1326 audit(1717302485.488:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6784 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67f467cee9 code=0x7ffc0000 [ 439.742439][ T29] audit: type=1326 audit(1717302485.508:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6784 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67f467cee9 code=0x7ffc0000 [ 439.765753][ T29] audit: type=1326 audit(1717302485.528:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6784 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67f467cee9 code=0x7ffc0000 [ 440.016057][ T29] audit: type=1326 audit(1717302485.738:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6784 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f67f467cee9 code=0x7ffc0000 [ 440.039616][ T29] audit: type=1326 audit(1717302485.738:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6784 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67f467cee9 code=0x7ffc0000 [ 440.622672][ T6560] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 440.927178][ T6792] loop4: detected capacity change from 0 to 2048 [ 440.994932][ T6560] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 441.080083][ T6792] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 441.181804][ T6560] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 441.217316][ T6801] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 441.389127][ T6560] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 443.547722][ T6560] 8021q: adding VLAN 0 to HW filter on device bond0 [ 443.943992][ T6560] 8021q: adding VLAN 0 to HW filter on device team0 [ 444.050974][ T781] bridge0: port 1(bridge_slave_0) entered blocking state [ 444.058772][ T781] bridge0: port 1(bridge_slave_0) entered forwarding state [ 444.281803][ T781] bridge0: port 2(bridge_slave_1) entered blocking state [ 444.289700][ T781] bridge0: port 2(bridge_slave_1) entered forwarding state [ 444.888446][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 444.888518][ T29] audit: type=1326 audit(1717302490.818:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6818 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e8047cee9 code=0x7ffc0000 [ 444.928920][ T29] audit: type=1326 audit(1717302490.818:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6818 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e8047cee9 code=0x7ffc0000 [ 445.135718][ T29] audit: type=1326 audit(1717302490.898:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6818 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f8e8047cee9 code=0x7ffc0000 [ 445.159123][ T29] audit: type=1326 audit(1717302490.898:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6818 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e8047cee9 code=0x7ffc0000 [ 446.903418][ T29] audit: type=1800 audit(1717302492.688:86): pid=6827 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file2" dev="sda1" ino=1949 res=0 errno=0 [ 448.424326][ T6560] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 450.152076][ T6560] veth0_vlan: entered promiscuous mode [ 450.550383][ T6560] veth1_vlan: entered promiscuous mode [ 451.264383][ T6560] veth0_macvtap: entered promiscuous mode [ 451.441905][ T6560] veth1_macvtap: entered promiscuous mode [ 451.779696][ T6560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 451.790807][ T6560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 451.801920][ T6560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 451.812801][ T6560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 451.823043][ T6560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 451.833760][ T6560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 451.843871][ T6560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 451.861100][ T6560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 451.877687][ T6560] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 452.214905][ T6870] loop4: detected capacity change from 0 to 2048 [ 452.290129][ T6870] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 452.425438][ T6874] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 452.528820][ T6560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 452.540540][ T6560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 452.550717][ T6560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 452.561452][ T6560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 452.578222][ T6560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 452.590361][ T6560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 452.600704][ T6560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 452.611399][ T6560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 452.626315][ T6560] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 452.808414][ T29] audit: type=1800 audit(1717302498.628:87): pid=6870 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file2" dev="loop4" ino=16 res=0 errno=0 [ 453.238651][ T6560] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.247810][ T6560] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.257090][ T6560] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.266168][ T6560] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 458.537194][ T6914] loop1: detected capacity change from 0 to 2048 [ 458.653027][ T6914] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 458.749882][ T6920] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 458.916178][ T29] audit: type=1800 audit(1717302504.788:88): pid=6914 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file2" dev="loop1" ino=16 res=0 errno=0 [ 459.604088][ T6925] syz-executor.2 (pid 6925) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 460.588226][ T6927] fscrypt (sda1, inode 1952): Missing crypto API support for AES-128-CBC-CTS (API name: "cts(cbc(aes))") [ 460.604240][ T6927] fscrypt (sda1, inode 1952): Missing crypto API support for AES-128-CBC-CTS (API name: "cts(cbc(aes))") [ 465.741625][ T1218] ieee802154 phy0 wpan0: encryption failed: -22 [ 465.749088][ T1218] ieee802154 phy1 wpan1: encryption failed: -22 [ 468.003561][ T6959] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 469.088033][ T29] audit: type=1800 audit(1717302514.938:89): pid=6963 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file2" dev="sda1" ino=1940 res=0 errno=0 [ 469.651300][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.123868][ T6969] syz-executor.2[6969] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 470.143229][ T6969] syz-executor.2[6969] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 470.273431][ T6972] loop1: detected capacity change from 0 to 1024 [ 470.384229][ T6972] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 470.647581][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.703467][ T6972] EXT4-fs error (device loop1): ext4_quota_enable:7052: comm syz-executor.1: Bad quota inum: 9, type: 2 [ 470.742934][ T6972] EXT4-fs warning (device loop1): ext4_enable_quotas:7100: Failed to enable quota tracking (type=2, err=-117, ino=9). Please run e2fsck to fix. [ 470.784298][ T6972] EXT4-fs (loop1): mount failed [ 470.928397][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.292168][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.374314][ T6980] fuse: Bad value for 'fd' [ 471.685140][ T5081] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 471.695279][ T5081] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 471.704989][ T5081] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 471.729160][ T5081] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 471.743087][ T5081] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 471.752661][ T5081] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 471.777444][ T11] bridge_slave_1: left allmulticast mode [ 471.784950][ T11] bridge_slave_1: left promiscuous mode [ 471.792589][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 471.865685][ T11] bridge_slave_0: left allmulticast mode [ 471.871662][ T11] bridge_slave_0: left promiscuous mode [ 471.880492][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 472.688497][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 472.781049][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 472.808070][ T11] bond0 (unregistering): Released all slaves [ 473.587161][ T6990] syz-executor.2[6990] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 473.587703][ T6990] syz-executor.2[6990] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 474.287172][ T11] hsr_slave_0: left promiscuous mode [ 474.344908][ T6991] xt_TCPMSS: Only works on TCP SYN packets [ 474.351330][ T11] hsr_slave_1: left promiscuous mode [ 474.371957][ T5081] Bluetooth: hci3: command tx timeout [ 474.403490][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 474.411181][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 474.430075][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 474.437917][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 474.549371][ T11] veth1_macvtap: left promiscuous mode [ 474.555269][ T11] veth0_macvtap: left promiscuous mode [ 474.561153][ T11] veth1_vlan: left promiscuous mode [ 474.567053][ T11] veth0_vlan: left promiscuous mode [ 475.958920][ T11] team0 (unregistering): Port device team_slave_1 removed [ 476.041956][ T11] team0 (unregistering): Port device team_slave_0 removed [ 476.452767][ T5081] Bluetooth: hci3: command tx timeout [ 477.415400][ T6981] chnl_net:caif_netlink_parms(): no params data found [ 478.446678][ T29] audit: type=1800 audit(1717302524.298:90): pid=6997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file2" dev="sda1" ino=1956 res=0 errno=0 [ 478.543669][ T5081] Bluetooth: hci3: command tx timeout [ 480.249315][ T6981] bridge0: port 1(bridge_slave_0) entered blocking state [ 480.257167][ T6981] bridge0: port 1(bridge_slave_0) entered disabled state [ 480.265178][ T6981] bridge_slave_0: entered allmulticast mode [ 480.274324][ T6981] bridge_slave_0: entered promiscuous mode [ 480.420789][ T6981] bridge0: port 2(bridge_slave_1) entered blocking state [ 480.437215][ T6981] bridge0: port 2(bridge_slave_1) entered disabled state [ 480.445064][ T6981] bridge_slave_1: entered allmulticast mode [ 480.454041][ T6981] bridge_slave_1: entered promiscuous mode [ 480.613177][ T5081] Bluetooth: hci3: command tx timeout [ 480.887617][ T6981] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 481.025510][ T6981] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 481.341766][ T5078] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 481.358538][ T5078] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 481.368325][ T5078] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 481.396086][ T5078] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 481.407689][ T5078] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 481.420691][ T5078] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 481.473660][ T6981] team0: Port device team_slave_0 added [ 481.563694][ T6981] team0: Port device team_slave_1 added [ 482.022558][ T6981] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 482.029736][ T6981] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 482.056225][ T6981] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 482.419912][ T6981] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 482.427162][ T6981] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 482.453406][ T6981] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 483.104408][ T6981] hsr_slave_0: entered promiscuous mode [ 483.185035][ T6981] hsr_slave_1: entered promiscuous mode [ 483.253727][ T6981] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 483.261522][ T6981] Cannot create hsr debugfs directory [ 483.502841][ T5078] Bluetooth: hci5: command tx timeout [ 483.540057][ T7009] chnl_net:caif_netlink_parms(): no params data found [ 485.229777][ T7009] bridge0: port 1(bridge_slave_0) entered blocking state [ 485.246089][ T7009] bridge0: port 1(bridge_slave_0) entered disabled state [ 485.254159][ T7009] bridge_slave_0: entered allmulticast mode [ 485.263236][ T7009] bridge_slave_0: entered promiscuous mode [ 485.432186][ T7009] bridge0: port 2(bridge_slave_1) entered blocking state [ 485.446120][ T7009] bridge0: port 2(bridge_slave_1) entered disabled state [ 485.454118][ T7009] bridge_slave_1: entered allmulticast mode [ 485.463497][ T7009] bridge_slave_1: entered promiscuous mode [ 485.557902][ T6981] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 485.573062][ T5078] Bluetooth: hci5: command tx timeout [ 485.688542][ T6981] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 485.743622][ T7009] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 485.783044][ T6981] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 485.874949][ T7009] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 485.895291][ T6981] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 486.191322][ T7009] team0: Port device team_slave_0 added [ 486.277044][ T7009] team0: Port device team_slave_1 added [ 486.560597][ T7009] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 486.575309][ T7009] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 486.603014][ T7009] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 486.656579][ T29] audit: type=1800 audit(1717302532.458:91): pid=7029 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file2" dev="sda1" ino=1959 res=0 errno=0 [ 486.897684][ T7009] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 486.904963][ T7009] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 486.931326][ T7009] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 487.607885][ T7009] hsr_slave_0: entered promiscuous mode [ 487.643527][ T7009] hsr_slave_1: entered promiscuous mode [ 487.652868][ T5078] Bluetooth: hci5: command tx timeout [ 487.700653][ T7009] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 487.708739][ T7009] Cannot create hsr debugfs directory [ 487.832015][ T6981] 8021q: adding VLAN 0 to HW filter on device bond0 [ 488.284286][ T6981] 8021q: adding VLAN 0 to HW filter on device team0 [ 488.865152][ T5129] bridge0: port 1(bridge_slave_0) entered blocking state [ 488.872971][ T5129] bridge0: port 1(bridge_slave_0) entered forwarding state [ 489.013274][ T5129] bridge0: port 2(bridge_slave_1) entered blocking state [ 489.020974][ T5129] bridge0: port 2(bridge_slave_1) entered forwarding state [ 489.863154][ T5078] Bluetooth: hci5: command tx timeout [ 490.139075][ T7009] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 491.294111][ T5081] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 491.303697][ T5081] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 491.313034][ T5081] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 491.330906][ T5081] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 491.342258][ T5081] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 491.355789][ T5081] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 493.412993][ T5078] Bluetooth: hci6: command tx timeout [ 495.492791][ T5078] Bluetooth: hci6: command tx timeout [ 497.572998][ T5078] Bluetooth: hci6: command tx timeout [ 499.653382][ T5078] Bluetooth: hci6: command tx timeout [ 500.627422][ T5081] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 500.636817][ T5081] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 500.646255][ T5081] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 500.659454][ T5081] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 500.675315][ T5081] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 500.684507][ T5081] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 502.774861][ T5081] Bluetooth: hci7: command tx timeout [ 504.227809][ T7009] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 504.855750][ T5081] Bluetooth: hci7: command tx timeout [ 505.968897][ T7009] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 506.386092][ T29] audit: type=1800 audit(1717302552.268:92): pid=7057 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file2" dev="sda1" ino=1948 res=0 errno=0 [ 506.926832][ T6981] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 506.962768][ T5081] Bluetooth: hci7: command tx timeout [ 508.349268][ T6981] veth0_vlan: entered promiscuous mode [ 508.500207][ T6981] veth1_vlan: entered promiscuous mode [ 508.707368][ T7046] chnl_net:caif_netlink_parms(): no params data found [ 509.031785][ T5081] Bluetooth: hci7: command tx timeout [ 509.488634][ T6981] veth0_macvtap: entered promiscuous mode [ 509.520981][ T7035] chnl_net:caif_netlink_parms(): no params data found [ 509.673072][ T6981] veth1_macvtap: entered promiscuous mode [ 509.851279][ T7009] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.671243][ T6981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 510.682864][ T6981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 510.695859][ T6981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 510.709281][ T6981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 510.720774][ T6981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 510.732818][ T6981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 510.750929][ T6981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 510.764432][ T6981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 510.780986][ T6981] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 511.724970][ T7009] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 512.407247][ T6981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 512.418032][ T6981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.428149][ T6981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 512.438895][ T6981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.448977][ T6981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 512.461817][ T6981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.472324][ T6981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 512.491218][ T6981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.507685][ T6981] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 512.543585][ T7046] bridge0: port 1(bridge_slave_0) entered blocking state [ 512.551285][ T7046] bridge0: port 1(bridge_slave_0) entered disabled state [ 512.559246][ T7046] bridge_slave_0: entered allmulticast mode [ 512.568578][ T7046] bridge_slave_0: entered promiscuous mode [ 512.606726][ T7009] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 512.746442][ T7046] bridge0: port 2(bridge_slave_1) entered blocking state [ 512.754261][ T7046] bridge0: port 2(bridge_slave_1) entered disabled state [ 512.762070][ T7046] bridge_slave_1: entered allmulticast mode [ 512.771478][ T7046] bridge_slave_1: entered promiscuous mode [ 512.796016][ T7009] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 512.944166][ T7009] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 513.445711][ T6981] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 513.454839][ T6981] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 513.463989][ T6981] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 513.473106][ T6981] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 513.536129][ T7046] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 513.800659][ T7046] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 514.404500][ T7035] bridge0: port 1(bridge_slave_0) entered blocking state [ 514.412374][ T7035] bridge0: port 1(bridge_slave_0) entered disabled state [ 514.428531][ T7035] bridge_slave_0: entered allmulticast mode [ 514.437830][ T7035] bridge_slave_0: entered promiscuous mode [ 514.736627][ T7035] bridge0: port 2(bridge_slave_1) entered blocking state [ 514.744523][ T7035] bridge0: port 2(bridge_slave_1) entered disabled state [ 514.752342][ T7035] bridge_slave_1: entered allmulticast mode [ 514.761636][ T7035] bridge_slave_1: entered promiscuous mode [ 514.802243][ T7046] team0: Port device team_slave_0 added [ 514.929761][ T7046] team0: Port device team_slave_1 added [ 515.196267][ T7096] netlink: 277 bytes leftover after parsing attributes in process `syz-executor.2'. [ 515.898830][ T7046] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 515.907241][ T7046] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 515.934805][ T7046] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 515.995929][ T7035] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 516.158544][ T7035] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 516.312467][ T7046] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 516.319809][ T7046] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 516.346155][ T7046] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 516.445719][ T29] audit: type=1800 audit(1717302562.208:93): pid=7099 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file2" dev="sda1" ino=1935 res=0 errno=0 [ 517.088998][ T7035] team0: Port device team_slave_0 added [ 517.267845][ T7035] team0: Port device team_slave_1 added [ 517.316520][ T7046] hsr_slave_0: entered promiscuous mode [ 517.404554][ T7046] hsr_slave_1: entered promiscuous mode [ 517.508090][ T7046] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 517.515977][ T7046] Cannot create hsr debugfs directory [ 518.060183][ T7035] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 518.067435][ T7035] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 518.093963][ T7035] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 518.385868][ T7009] 8021q: adding VLAN 0 to HW filter on device bond0 [ 518.468325][ T7035] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 518.475561][ T7035] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 518.502067][ T7035] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 519.085799][ T7009] 8021q: adding VLAN 0 to HW filter on device team0 [ 519.457959][ T7091] bridge0: port 1(bridge_slave_0) entered blocking state [ 519.465767][ T7091] bridge0: port 1(bridge_slave_0) entered forwarding state [ 519.706177][ T7035] hsr_slave_0: entered promiscuous mode [ 519.804958][ T7035] hsr_slave_1: entered promiscuous mode [ 519.854801][ T7035] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 519.862709][ T7035] Cannot create hsr debugfs directory [ 519.879288][ T7091] bridge0: port 2(bridge_slave_1) entered blocking state [ 519.887054][ T7091] bridge0: port 2(bridge_slave_1) entered forwarding state [ 521.161613][ T29] audit: type=1326 audit(1717302566.978:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e8047cee9 code=0x7ffc0000 [ 521.196859][ T29] audit: type=1326 audit(1717302567.008:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=326 compat=0 ip=0x7f8e8047cee9 code=0x7ffc0000 [ 521.223025][ T29] audit: type=1326 audit(1717302567.088:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e8047cee9 code=0x7ffc0000 [ 521.246209][ T29] audit: type=1326 audit(1717302567.088:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e8047cee9 code=0x7ffc0000 [ 521.354332][ T7046] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 521.416689][ T29] audit: type=1326 audit(1717302567.208:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=276 compat=0 ip=0x7f8e8047cee9 code=0x7ffc0000 [ 521.829389][ T7046] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 522.241882][ T7046] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 522.569015][ T7046] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 524.834245][ T7009] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 525.506457][ T7009] veth0_vlan: entered promiscuous mode [ 525.719939][ T7009] veth1_vlan: entered promiscuous mode [ 526.171312][ T7009] veth0_macvtap: entered promiscuous mode [ 526.250282][ T3716] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 526.259942][ T3716] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 526.427995][ T1218] ieee802154 phy0 wpan0: encryption failed: -22 [ 526.435077][ T1218] ieee802154 phy1 wpan1: encryption failed: -22 [ 526.458132][ T7009] veth1_macvtap: entered promiscuous mode [ 526.692432][ T3716] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 526.702674][ T3716] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 526.786254][ T7009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 526.796993][ T7009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.807082][ T7009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 526.829099][ T7009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.841274][ T7009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 526.852008][ T7009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.862181][ T7009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 526.872938][ T7009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.883046][ T7009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 526.893761][ T7009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.909597][ T7009] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 527.443683][ T7009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.454501][ T7009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.464647][ T7009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.475403][ T7009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.485604][ T7009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.497347][ T7009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.508024][ T7009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.518787][ T7009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.538860][ T7009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.551675][ T7009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.567272][ T7009] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 528.036356][ T29] audit: type=1804 audit(1717302573.858:99): pid=7159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3587522216/syzkaller.DHzRUz/0/bus" dev="sda1" ino=1943 res=1 errno=0 [ 528.161432][ T7009] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 528.170883][ T7009] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 528.180011][ T7009] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 528.189128][ T7009] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 531.948751][ T7190] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 531.957347][ T7190] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 531.967750][ T7190] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 531.977217][ T7190] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 532.760524][ T7196] loop3: detected capacity change from 0 to 128 [ 532.823788][ T7196] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 532.928186][ T7196] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 533.152881][ T29] audit: type=1800 audit(1717302579.008:100): pid=7196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=115 res=0 errno=0 [ 533.179793][ T29] audit: type=1800 audit(1717302579.038:101): pid=7196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=115 res=0 errno=0 [ 533.202680][ T29] audit: type=1804 audit(1717302579.038:102): pid=7196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3587522216/syzkaller.DHzRUz/6/file0/bus" dev="loop3" ino=115 res=1 errno=0 [ 533.528519][ T7200] ip6gretap1: entered promiscuous mode [ 535.739707][ T7211] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 535.750516][ T29] audit: type=1800 audit(1717302581.568:103): pid=7196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="bus" dev="loop3" ino=115 res=0 errno=0 [ 538.127931][ T6931] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 538.137774][ T6931] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 538.297826][ T7227] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 538.476904][ T6931] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 538.493038][ T6931] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 539.068684][ T7035] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 539.644658][ T7035] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.069644][ T7035] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 541.088369][ T7243] loop3: detected capacity change from 0 to 128 [ 541.167020][ T7243] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 541.221937][ T7243] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 541.414278][ T29] audit: type=1800 audit(1717302587.258:104): pid=7243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=115 res=0 errno=0 [ 541.435969][ T29] audit: type=1800 audit(1717302587.268:105): pid=7243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=115 res=0 errno=0 [ 541.467446][ T29] audit: type=1804 audit(1717302587.298:106): pid=7243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3587522216/syzkaller.DHzRUz/12/file0/bus" dev="loop3" ino=115 res=1 errno=0 [ 541.837501][ T7035] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 541.957116][ T7244] tipc: Started in network mode [ 541.963768][ T7244] tipc: Node identity aaaaaaaaaa3, cluster identity 4711 [ 541.988077][ T7244] tipc: Enabled bearer , priority 0 [ 543.112958][ T7084] tipc: Node number set to 10136234 [ 543.347587][ T7046] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 543.464455][ T7035] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 544.593287][ T29] audit: type=1800 audit(1717302590.278:107): pid=7243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="bus" dev="loop3" ino=115 res=0 errno=0 [ 544.808364][ T6931] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.056441][ T7046] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 545.464228][ T7046] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 545.604430][ T7035] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 545.774480][ T6931] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.887679][ T7046] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 545.924815][ T7035] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 546.241841][ T6931] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 546.463442][ T7035] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 546.766114][ T6931] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.653757][ T5078] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 547.663331][ T5078] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 547.684536][ T5078] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 547.733565][ T5078] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 547.744931][ T5078] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 547.754955][ T5078] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 548.337840][ T6931] bridge_slave_1: left allmulticast mode [ 548.343896][ T6931] bridge_slave_1: left promiscuous mode [ 548.350432][ T6931] bridge0: port 2(bridge_slave_1) entered disabled state [ 549.059605][ T6931] bridge_slave_0: left allmulticast mode [ 549.065820][ T6931] bridge_slave_0: left promiscuous mode [ 549.072371][ T6931] bridge0: port 1(bridge_slave_0) entered disabled state [ 549.844404][ T29] audit: type=1800 audit(1717302595.778:108): pid=7283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1945 res=0 errno=0 [ 549.896012][ T5078] Bluetooth: hci0: command tx timeout [ 550.071567][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 550.120530][ T29] audit: type=1800 audit(1717302595.838:109): pid=7283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1945 res=0 errno=0 [ 550.223725][ T29] audit: type=1804 audit(1717302596.118:110): pid=7285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/file0/root/syzkaller-testdir1581112947/syzkaller.TkH9rs/225/bus" dev="sda1" ino=1945 res=1 errno=0 [ 550.591709][ T6931] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 550.759773][ T6931] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 550.907988][ T6931] bond0 (unregistering): Released all slaves [ 552.023985][ T5078] Bluetooth: hci0: command tx timeout [ 552.595181][ T7046] 8021q: adding VLAN 0 to HW filter on device bond0 [ 552.841174][ T29] audit: type=1800 audit(1717302598.688:111): pid=7285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="bus" dev="sda1" ino=1945 res=0 errno=0 [ 553.654718][ T6931] hsr_slave_0: left promiscuous mode [ 553.763382][ T6931] hsr_slave_1: left promiscuous mode [ 553.865300][ T6931] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 553.873279][ T6931] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 554.486500][ T6931] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 554.494412][ T6931] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 554.733133][ T5078] Bluetooth: hci0: command tx timeout [ 554.820397][ T6931] veth1_macvtap: left promiscuous mode [ 554.827009][ T6931] veth0_macvtap: left promiscuous mode [ 554.833049][ T6931] veth1_vlan: left promiscuous mode [ 554.838595][ T6931] veth0_vlan: left promiscuous mode [ 556.085245][ T5081] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 556.094939][ T5081] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 556.117785][ T5081] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 556.132043][ T5081] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 556.153734][ T5081] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 556.163061][ T5081] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 556.800135][ T5081] Bluetooth: hci0: command tx timeout [ 556.902580][ T6931] team0 (unregistering): Port device team_slave_1 removed [ 557.115646][ T6931] team0 (unregistering): Port device team_slave_0 removed [ 558.088785][ T7046] 8021q: adding VLAN 0 to HW filter on device team0 [ 558.127066][ T7267] chnl_net:caif_netlink_parms(): no params data found [ 558.384753][ T5081] Bluetooth: hci1: command tx timeout [ 558.536008][ T7125] bridge0: port 1(bridge_slave_0) entered blocking state [ 558.543805][ T7125] bridge0: port 1(bridge_slave_0) entered forwarding state [ 558.845270][ T7125] bridge0: port 2(bridge_slave_1) entered blocking state [ 558.853069][ T7125] bridge0: port 2(bridge_slave_1) entered forwarding state [ 560.482812][ T5078] Bluetooth: hci1: command tx timeout [ 562.237398][ T7300] chnl_net:caif_netlink_parms(): no params data found [ 562.567449][ T5078] Bluetooth: hci1: command tx timeout [ 563.455983][ T7267] bridge0: port 1(bridge_slave_0) entered blocking state [ 563.463844][ T7267] bridge0: port 1(bridge_slave_0) entered disabled state [ 563.483427][ T7267] bridge_slave_0: entered allmulticast mode [ 563.492812][ T7267] bridge_slave_0: entered promiscuous mode [ 563.876045][ T7267] bridge0: port 2(bridge_slave_1) entered blocking state [ 563.895425][ T7267] bridge0: port 2(bridge_slave_1) entered disabled state [ 563.903522][ T7267] bridge_slave_1: entered allmulticast mode [ 563.912910][ T7267] bridge_slave_1: entered promiscuous mode [ 564.337367][ T7339] loop3: detected capacity change from 0 to 128 [ 564.625774][ T7339] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 564.654725][ T5078] Bluetooth: hci1: command tx timeout [ 564.763301][ T7339] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 564.923364][ T7267] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 565.193413][ T29] audit: type=1800 audit(1717302610.928:112): pid=7339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=115 res=0 errno=0 [ 565.223293][ T29] audit: type=1800 audit(1717302610.968:113): pid=7339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=115 res=0 errno=0 [ 565.246250][ T29] audit: type=1804 audit(1717302611.008:114): pid=7339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3587522216/syzkaller.DHzRUz/26/file0/bus" dev="loop3" ino=115 res=1 errno=0 [ 565.287981][ T7267] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 567.193365][ T7267] team0: Port device team_slave_0 added [ 567.342635][ T29] audit: type=1800 audit(1717302613.078:115): pid=7339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="bus" dev="loop3" ino=115 res=0 errno=0 [ 568.203192][ T7267] team0: Port device team_slave_1 added [ 568.889661][ T7300] bridge0: port 1(bridge_slave_0) entered blocking state [ 568.911012][ T7300] bridge0: port 1(bridge_slave_0) entered disabled state [ 568.919090][ T7300] bridge_slave_0: entered allmulticast mode [ 568.928313][ T7300] bridge_slave_0: entered promiscuous mode [ 569.133607][ T5081] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 569.153676][ T5081] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 569.164153][ T5081] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 569.189147][ T5081] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 569.215903][ T5081] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 569.225981][ T5081] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 569.610823][ T7267] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 569.626206][ T7267] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 569.654391][ T7267] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 569.731921][ T7300] bridge0: port 2(bridge_slave_1) entered blocking state [ 569.742862][ T7300] bridge0: port 2(bridge_slave_1) entered disabled state [ 569.752088][ T7300] bridge_slave_1: entered allmulticast mode [ 569.761939][ T7300] bridge_slave_1: entered promiscuous mode [ 570.606354][ T7267] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 570.613821][ T7267] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 570.648782][ T7267] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 570.692265][ T7300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 570.976017][ T7300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 571.336880][ T5081] Bluetooth: hci2: command tx timeout [ 572.234901][ T7374] ===================================================== [ 572.242103][ T7374] BUG: KMSAN: uninit-value in __bpf_strtoull+0x245/0x5b0 [ 572.249402][ T7374] __bpf_strtoull+0x245/0x5b0 [ 572.254339][ T7374] bpf_strtol+0x7c/0x270 [ 572.258776][ T7374] ___bpf_prog_run+0x13fe/0xe0f0 [ 572.263982][ T7374] __bpf_prog_run96+0xb5/0xe0 [ 572.268845][ T7374] bpf_test_run+0x43e/0xc30 [ 572.273630][ T7374] bpf_prog_test_run_xdp+0xeaa/0x1a40 [ 572.279235][ T7374] bpf_prog_test_run+0x6b7/0xad0 [ 572.284448][ T7374] __sys_bpf+0x6aa/0xd90 [ 572.288948][ T7374] __x64_sys_bpf+0xa0/0xe0 [ 572.293615][ T7374] x64_sys_call+0x96b/0x3b50 [ 572.298403][ T7374] do_syscall_64+0xcf/0x1e0 [ 572.303213][ T7374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 572.309319][ T7374] [ 572.311731][ T7374] Local variable stack created at: [ 572.317021][ T7374] __bpf_prog_run96+0x45/0xe0 [ 572.321884][ T7374] bpf_test_run+0x43e/0xc30 [ 572.326693][ T7374] [ 572.329133][ T7374] CPU: 1 PID: 7374 Comm: syz-executor.2 Not tainted 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 572.339376][ T7374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 572.349674][ T7374] ===================================================== [ 572.356801][ T7374] Disabling lock debugging due to kernel taint [ 572.363162][ T7374] Kernel panic - not syncing: kmsan.panic set ... [ 572.369701][ T7374] CPU: 1 PID: 7374 Comm: syz-executor.2 Tainted: G B 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 572.381359][ T7374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 572.391566][ T7374] Call Trace: [ 572.394959][ T7374] [ 572.397998][ T7374] dump_stack_lvl+0x216/0x2d0 [ 572.402900][ T7374] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 572.408912][ T7374] dump_stack+0x1e/0x30 [ 572.413272][ T7374] panic+0x4e2/0xcd0 [ 572.417365][ T7374] ? kmsan_get_metadata+0xf1/0x1d0 [ 572.422674][ T7374] kmsan_report+0x2d5/0x2e0 [ 572.427360][ T7374] ? __msan_warning+0x95/0x120 [ 572.432283][ T7374] ? __bpf_strtoull+0x245/0x5b0 [ 572.437319][ T7374] ? bpf_strtol+0x7c/0x270 [ 572.441936][ T7374] ? ___bpf_prog_run+0x13fe/0xe0f0 [ 572.447238][ T7374] ? __bpf_prog_run96+0xb5/0xe0 [ 572.452268][ T7374] ? bpf_test_run+0x43e/0xc30 [ 572.457149][ T7374] ? bpf_prog_test_run_xdp+0xeaa/0x1a40 [ 572.462912][ T7374] ? bpf_prog_test_run+0x6b7/0xad0 [ 572.468222][ T7374] ? __sys_bpf+0x6aa/0xd90 [ 572.472811][ T7374] ? __x64_sys_bpf+0xa0/0xe0 [ 572.477569][ T7374] ? x64_sys_call+0x96b/0x3b50 [ 572.482535][ T7374] ? do_syscall_64+0xcf/0x1e0 [ 572.487414][ T7374] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 572.493702][ T7374] ? kmsan_get_metadata+0x146/0x1d0 [ 572.499090][ T7374] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 572.505579][ T7374] ? kmsan_get_metadata+0x146/0x1d0 [ 572.510970][ T7374] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 572.517068][ T7374] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 572.523075][ T7374] ? stack_depot_save_flags+0x66d/0x6e0 [ 572.528797][ T7374] ? kmsan_get_metadata+0x146/0x1d0 [ 572.534181][ T7374] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 572.540659][ T7374] ? kmsan_get_metadata+0x146/0x1d0 [ 572.546038][ T7374] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 572.552052][ T7374] __msan_warning+0x95/0x120 [ 572.556815][ T7374] __bpf_strtoull+0x245/0x5b0 [ 572.561698][ T7374] ? bpf_strtol+0x5c/0x270 [ 572.566314][ T7374] ? ___bpf_prog_run+0x13fe/0xe0f0 [ 572.571623][ T7374] bpf_strtol+0x7c/0x270 [ 572.576068][ T7374] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 572.582080][ T7374] ___bpf_prog_run+0x13fe/0xe0f0 [ 572.587213][ T7374] ? kmsan_get_metadata+0x146/0x1d0 [ 572.592611][ T7374] __bpf_prog_run96+0xb5/0xe0 [ 572.597489][ T7374] ? ktime_get+0x4c7/0x530 [ 572.602114][ T7374] ? __pfx___bpf_prog_run96+0x10/0x10 [ 572.607684][ T7374] bpf_test_run+0x43e/0xc30 [ 572.612398][ T7374] ? bpf_test_run+0x388/0xc30 [ 572.617296][ T7374] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 572.623302][ T7374] bpf_prog_test_run_xdp+0xeaa/0x1a40 [ 572.628934][ T7374] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 572.634969][ T7374] bpf_prog_test_run+0x6b7/0xad0 [ 572.640126][ T7374] __sys_bpf+0x6aa/0xd90 [ 572.644578][ T7374] __x64_sys_bpf+0xa0/0xe0 [ 572.649172][ T7374] x64_sys_call+0x96b/0x3b50 [ 572.653964][ T7374] do_syscall_64+0xcf/0x1e0 [ 572.658675][ T7374] ? clear_bhb_loop+0x25/0x80 [ 572.663557][ T7374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 572.669667][ T7374] RIP: 0033:0x7f8e8047cee9 [ 572.674226][ T7374] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 572.694026][ T7374] RSP: 002b:00007f8e812a50c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 572.702630][ T7374] RAX: ffffffffffffffda RBX: 00007f8e805b3fa0 RCX: 00007f8e8047cee9 [ 572.710754][ T7374] RDX: 0000000000000050 RSI: 0000000020000640 RDI: 000000000000000a [ 572.718865][ T7374] RBP: 00007f8e804c947f R08: 0000000000000000 R09: 0000000000000000 [ 572.726976][ T7374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 572.735097][ T7374] R13: 000000000000000b R14: 00007f8e805b3fa0 R15: 00007ffd04eb4ca8 [ 572.743232][ T7374] [ 572.746589][ T7374] Kernel Offset: disabled [ 572.750979][ T7374] Rebooting in 86400 seconds..