last executing test programs: 7.239837545s ago: executing program 1 (id=4028): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180)) sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000040001"], 0x54}}, 0x0) 6.770637704s ago: executing program 1 (id=4030): r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x68200, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = socket(0x10, 0x80000, 0x4) r3 = socket$kcm(0x10, 0x2, 0x0) r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r5 = syz_open_dev$vbi(&(0x7f0000000080), 0x0, 0x2) ioctl$VIDIOC_QUERYSTD(r5, 0x8008563f, 0x0) write$UHID_GET_REPORT_REPLY(r4, 0x0, 0x0) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x0) sendmsg$AUDIT_ADD_RULE(r2, 0x0, 0x4000041) sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x2c00, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x25000000) process_vm_readv(0x0, &(0x7f0000000b80)=[{&(0x7f0000000880)=""/129, 0x81}, {&(0x7f0000000980)=""/149, 0x95}], 0x2, &(0x7f0000000e00), 0x0, 0x0) r6 = dup(0xffffffffffffffff) ioctl$VIDIOC_QUERYBUF_DMABUF(r6, 0xc0585609, 0x0) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000001380), 0xc, &(0x7f0000001480)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0) syz_genetlink_get_family_id$nl80211(0x0, r2) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="03c91540"], 0x4) r7 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001600)=ANY=[@ANYBLOB="850000002f000000d7000000100000009500000000000000423d19f1e4e058f160906b507e5120a0425f48f9550dcf76fc596696e6f89a4a2b1d29eadfdabd5217ba2d02d98d17b488d5437e04555f3dc719afc000"], &(0x7f0000000240)='GPL\x00', 0x1, 0x473, &(0x7f0000000280)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) setuid(0xee01) socket$inet6(0xa, 0x2, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="0200000008"], 0xfe44, 0x0) 5.336094468s ago: executing program 1 (id=4035): syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0) r0 = syz_usb_connect$cdc_ncm(0x2, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0xfea7) socket$inet_tcp(0x2, 0x1, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x1, 0x36, &(0x7f0000000040)=ANY=[], 0x0) 4.992697393s ago: executing program 3 (id=4036): r0 = syz_open_dev$dri(0x0, 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) r2 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000100)={0x0, 0xffffffffffffff3d, r3, 0x0}) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000200)={r1, r1, r4, 0xffff, 0x3ff, 0x7, 0x8, 0x0, 0x5, 0x0, 0x40, 0x8}) 4.876201416s ago: executing program 0 (id=4037): socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6(0xa, 0x40000080806, 0x0) socket$kcm(0x10, 0x2, 0x0) socket$rds(0x15, 0x5, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket(0xa, 0x3, 0x3a) socket$inet6_udp(0xa, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x18, 0x18, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r0 = syz_io_uring_setup(0x24f9, &(0x7f0000000180)={0x0, 0x0, 0x10100, 0x0, 0x1000000}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='rdma.current\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 4.450603286s ago: executing program 0 (id=4039): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) socket$inet6_sctp(0xa, 0x5, 0x84) getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14) ioctl$PPPIOCSFLAGS1(r2, 0x4004743a, &(0x7f0000000300)) ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001f00)) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x3a, &(0x7f00000000c0)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@timestamp={0x44, 0x4, 0x7f}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x10}}}}}}, 0x0) sendmmsg(r0, &(0x7f0000003900)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f00000007c0)="17fa2bd6f580883e4e2c5d2852f8633c2c38a0ae9bd5a351caac646236d8121922a96395e3721a0de33b7bcdf53d90df07319af9d65fd6c09b4ee0e338f8a52e1d6331d8783a89a3c6535b9054a1bfd0c520ac7e132e5c028dc98b9684a2637897eb8b231384f4d6aedc4378de09f5eefa0a5a2fc38da8e9a48e00294537892bf60abe3d50bf9b7789b28c6394b1d7ca6d819cc92dc5b47ce85a8ad5eeb9416761f104e1766d2cfce67b3fb859c6fa3c07bc627255c2b45ff9e2cccae1364fd087c26771eac077ae59eb9e3a8d4c9cc45e2d66983b14be70cade6acdb94d14d2fa9ebdb6fd4cadc7ba5737934122f758677414b4b880f25279188281d765aff9a918cea85b229af1fbec85dc29cab7d6e4bb745464cce005545b7478", 0x11c}, {0x0}], 0x2, &(0x7f00000017c0)}}, {{0x0, 0x0, &(0x7f0000003300)=[{&(0x7f0000002fc0)="5799bd91723799bc907f", 0xa}], 0x1}}], 0x2, 0x0) 4.396207598s ago: executing program 3 (id=4040): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180)) sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000040001"], 0x54}}, 0x0) 4.057850753s ago: executing program 2 (id=4042): creat(&(0x7f0000000000)='./file1\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x40, 0x22ce5cf0a1c62340) 3.938301234s ago: executing program 3 (id=4043): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) set_mempolicy(0x4005, &(0x7f0000000240)=0x6, 0x402) socket(0x40000000015, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x20000000000000f4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'syztnl0\x00', &(0x7f0000000000)={'ip6_vti0\x00', 0x0, 0x29, 0x5, 0x2, 0xc22, 0x10, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x40, 0x7800, 0x2, 0xfff}}) dup(0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'veth0_vlan\x00', 0x0}) unshare(0x62040200) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x759, &(0x7f00000004c0)={[{@noload}, {@noblock_validity}, {@discard}, {@errors_remount}, {@inode_readahead_blks, 0x0}, {@noauto_da_alloc}, {@noload}, {@journal_checksum}, {@mblk_io_submit}, {@minixdf}, {@usrjquota}, {@nolazytime}, {@journal_dev={'journal_dev', 0x3d, 0x765}}, {@norecovery}, {@nobarrier}, {@data_writeback}, {@resgid}], [{@audit}, {@uid_lt={'uid<', 0xee01}}], 0x2c}, 0xa, 0x4f8, &(0x7f0000000700)="$eJzs3EtvVGUfAPD/mbaUvtC3fXm9cVFG0dhopLRcFy6AaMLGxERjcFnbQpAChtYESCPFGEhcaPgEXnYmfgJXujFqXGjcStwaE2K6AV2YY87MmTrt6fTGtGPp75fM8JzbPM//nPMwz2VOA9iwytlbErE1In6OiJ7q4uwdytV/7k5PDv8xPTmcRJq+8ntS2e/O9ORwbdfacVvyhb5SROm9JHYWs+0cv3zl7NDY2OjFfEX/RClPnRs6PXp69PzgkSMH9ncdPjR4sClxZmW6s+OdC7u2n3j95kvDJ2++8e3nWXnTfHt9HFW9lfdNS86hrbCmHOXZ57LOU0sv+rrQXZdO2rP3UusKw5Jld212uToq9b8n2ipLVT3x4rstLRywqtI0TTsLa2e+y6bSeklSPSBNr6XAfSCJVpcAaI3aF/2d6aynOjlc7Aff324fi0oPKIv7bv6qbmmv9GDLvdW+Uccq5f9ARJyc+vOj7BXzjkMAADTXl8cibhyvtjtqr+qWUjxUt99/87mh3oj4X0Rsi4j/5+2XByMq+z4cEY/UHdO9hFmA8pzlYvvnx648Ud9cbZqs/fd8Prc1u/03U/LetnypuxJ/R3LqzNjovvyc9EVHZ7Y8UPzomWG1r1746cNG+Zfr2n/ZK8u/1hbMy/Fb+5wBupGhiaF7jbvm9rXKib1ajD+J9qSWitgeETtW8PnZOTvzzGe7Gm2fFX8WZyH+Dxp/ePsKCjRH+knE09XrPxVz4o98/i+pzE+ee6t//PKV587Uz08OHD40eLB/c4yN7uuv3RVF3/1w/eU8WehGLHD9a1VjVSfSsuv/n3nv/5mZy94sNTNfO778PK7futGwT7PS+39T8molXZufvTQ0MXFxIGJTMlVcP/jPsZeGumbtn8Xft2f++r8t4q+P8+N2RkR2Ez8aEY9FxO687I9HxBMRsWeB+L85/uSbjbqQi8e/urL4R5Z1/Rsljn4fMf+mtrNff1HI+P1yIf6OaHT9D1RSffmakaGJzYvFtVBJ6xP3fAIBAABgHdgdEVsjKe3NB5q2Rqm0d2/ElpkRlPGJZ09dePv8SPUZgd7oKNVGunrqxkMH8rHhbDk7arBuOdu+vzJunKZp2pUtZ/33se7Whg4b3pYG9T/za/GRFuB+s6x5tEZPtAHr0tz6f2vJRzb/BxnA2mrC72iAdUr9h41ryfV/tZ6CA1pmvvp/NeJuC4oCrLH56v9rhTVH16QswNrS/4eNa+X1348BYL3z/Q8b0pIekl9BYtuJBfZJ2lcn08aJUiz8VwB6I2pram2ahT/wl1JEc0rY1tRIu2Zd09K8+2yOZuQVpUX3aV/GH2JY20Tp31GMaqIzIha5e2dutqu1xJXVLlilEnza2v+dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7t3fAQAA///tUdPr") r3 = gettid() bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r2, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r3], 0x28}}, 0x0) 3.747936993s ago: executing program 4 (id=4044): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_QUERYBUF_DMABUF(r0, 0xc0585609, &(0x7f0000000100)={0x3ff, 0x7, 0x4, 0x100000, 0x2, {0x77359400}, {0x5, 0x2, 0x80, 0x4, 0x0, 0xc7, "ef4fba9e"}, 0x915c, 0x4, {}, 0xfffffff2}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendto$inet6(r1, &(0x7f0000000340)='l', 0x1, 0x0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}], 0x10) sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r2 = socket$netlink(0x10, 0x3, 0x4) writev(r2, &(0x7f0000000080)=[{&(0x7f0000000000)="480000001400190d09004beafd0d36020a8429000b4e230f00000000a2bc5603ca00000f7f89004e002050da742dac0000000101ff05020003000200000000000100000000005839", 0x48}], 0x1) 3.68544866s ago: executing program 0 (id=4045): r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x68200, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = socket(0x10, 0x80000, 0x4) r3 = socket$kcm(0x10, 0x2, 0x0) r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r5 = syz_open_dev$vbi(&(0x7f0000000080), 0x0, 0x2) ioctl$VIDIOC_QUERYSTD(r5, 0x8008563f, 0x0) write$UHID_GET_REPORT_REPLY(r4, 0x0, 0x0) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x0) sendmsg$AUDIT_ADD_RULE(r2, 0x0, 0x4000041) sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x2c00, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x25000000) process_vm_readv(0x0, &(0x7f0000000b80)=[{&(0x7f0000000880)=""/129, 0x81}, {&(0x7f0000000980)=""/149, 0x95}], 0x2, &(0x7f0000000e00), 0x0, 0x0) r6 = dup(0xffffffffffffffff) ioctl$VIDIOC_QUERYBUF_DMABUF(r6, 0xc0585609, 0x0) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000001380), 0xc, &(0x7f0000001480)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0) syz_genetlink_get_family_id$nl80211(0x0, r2) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="03c91540"], 0x4) r7 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001600)=ANY=[@ANYBLOB="850000002f000000d7000000100000009500000000000000423d19f1e4e058f160906b507e5120a0425f48f9550dcf76fc596696e6f89a4a2b1d29eadfdabd5217ba2d02d98d17b488d5437e04555f3dc719afc000"], &(0x7f0000000240)='GPL\x00', 0x1, 0x473, &(0x7f0000000280)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) setuid(0xee01) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, 0x0, 0x1000000) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="0200000008"], 0xfe44, 0x0) 3.551529907s ago: executing program 2 (id=4046): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x1a, 0x1, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, 0x0, 0x1}}, 0x1c}}, 0x0) 2.866206109s ago: executing program 4 (id=4047): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 2.710706541s ago: executing program 2 (id=4048): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x40000082, 0x0, 0x2842}]}) 2.287126194s ago: executing program 4 (id=4049): socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6(0xa, 0x40000080806, 0x0) socket$kcm(0x10, 0x2, 0x0) socket$rds(0x15, 0x5, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket(0xa, 0x3, 0x3a) socket$inet6_udp(0xa, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x18, 0x18, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r0 = syz_io_uring_setup(0x24f9, &(0x7f0000000180)={0x0, 0x0, 0x10100, 0x0, 0x1000000}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='rdma.current\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 1.855903372s ago: executing program 3 (id=4050): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) r2 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000100)={0x0, 0xffffffffffffff3d, r3, 0x0}) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000200)={r1, r1, r4, 0xffff, 0x3ff, 0x7, 0x8, 0x0, 0x5, 0x0, 0x40, 0x8}) 1.671505877s ago: executing program 1 (id=4051): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000800)={'bridge0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) 1.671141163s ago: executing program 2 (id=4052): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0xa, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 1.665269004s ago: executing program 0 (id=4053): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180)) sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000040001"], 0x54}}, 0x0) 1.210955914s ago: executing program 4 (id=4054): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r0, 0x0) r1 = memfd_secret(0x0) fremovexattr(r1, &(0x7f0000000000)=@known='system.posix_acl_access\x00') 1.137555586s ago: executing program 3 (id=4055): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) socket$inet6_sctp(0xa, 0x5, 0x84) getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14) ioctl$PPPIOCSFLAGS1(r2, 0x4004743a, &(0x7f0000000300)) ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001f00)) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x3a, &(0x7f00000000c0)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@timestamp={0x44, 0x4, 0x7f}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x10}}}}}}, 0x0) sendmmsg(r0, &(0x7f0000003900)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f00000007c0)="17fa2bd6f580883e4e2c5d2852f8633c2c38a0ae9bd5a351caac646236d8121922a96395e3721a0de33b7bcdf53d90df07319af9d65fd6c09b4ee0e338f8a52e1d6331d8783a89a3c6535b9054a1bfd0c520ac7e132e5c028dc98b9684a2637897eb8b231384f4d6aedc4378de09f5eefa0a5a2fc38da8e9a48e00294537892bf60abe3d50bf9b7789b28c6394b1d7ca6d819cc92dc5b47ce85a8ad5eeb9416761f104e1766d2cfce67b3fb859c6fa3c07bc627255c2b45ff9e2cccae1364fd087c26771eac077ae59eb9e3a8d4c9cc45e2d66983b14be70cade6acdb94d14d2fa9ebdb6fd4cadc7ba5737934122f758677414b4b880f25279188281d765aff9a918cea85b229af1fbec85dc29cab7d6e4bb745464cce005545b7478fa7428", 0x11f}, {0x0}], 0x2, &(0x7f00000017c0)}}, {{0x0, 0x0, &(0x7f0000003300)=[{&(0x7f0000002fc0)="5799bd91723799bc907f", 0xa}], 0x1}}], 0x2, 0x0) 978.949488ms ago: executing program 1 (id=4056): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000000000820000000000000000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000280)='netlink_extack\x00', r0}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x5}, 0x0) 968.163446ms ago: executing program 2 (id=4057): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_QUERYBUF_DMABUF(r0, 0xc0585609, &(0x7f0000000100)={0x3ff, 0x7, 0x4, 0x100000, 0x2, {0x77359400}, {0x5, 0x2, 0x80, 0x4, 0x0, 0xc7, "ef4fba9e"}, 0x915c, 0x4, {}, 0xfffffff2}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendto$inet6(r1, &(0x7f0000000340)='l', 0x1, 0x0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}], 0x10) sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r2 = socket$netlink(0x10, 0x3, 0x4) writev(r2, &(0x7f0000000080)=[{&(0x7f0000000000)="480000001400190d09004beafd0d36020a8429000b4e230f00000000a2bc5603ca00000f7f89004e002050da742dac0000000101ff05020003000200000000000100000000005839", 0x48}], 0x1) 838.898757ms ago: executing program 0 (id=4058): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0x1a, r0, 0x80000001, 0x0) 635.754186ms ago: executing program 4 (id=4059): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200"/131], 0x119) writev(r0, &(0x7f0000000240)=[{&(0x7f00000001c0)='\b\x00\x00\x00', 0x4}, {0x0}], 0x2) 617.554791ms ago: executing program 3 (id=4060): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) set_mempolicy(0x4005, &(0x7f0000000240)=0x6, 0x402) socket(0x40000000015, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x20000000000000f4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'syztnl0\x00', &(0x7f0000000000)={'ip6_vti0\x00', 0x0, 0x29, 0x5, 0x2, 0xc22, 0x10, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x40, 0x7800, 0x2, 0xfff}}) dup(0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'veth0_vlan\x00', 0x0}) unshare(0x62040200) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x759, &(0x7f00000004c0)={[{@noload}, {@noblock_validity}, {@discard}, {@errors_remount}, {@inode_readahead_blks, 0x0}, {@noauto_da_alloc}, {@noload}, {@journal_checksum}, {@mblk_io_submit}, {@minixdf}, {@usrjquota}, {@nolazytime}, {@journal_dev={'journal_dev', 0x3d, 0x765}}, {@norecovery}, {@nobarrier}, {@data_writeback}, {@resgid}], [{@audit}, {@uid_lt={'uid<', 0xee01}}], 0x2c}, 0xa, 0x4f8, &(0x7f0000000700)="$eJzs3EtvVGUfAPD/mbaUvtC3fXm9cVFG0dhopLRcFy6AaMLGxERjcFnbQpAChtYESCPFGEhcaPgEXnYmfgJXujFqXGjcStwaE2K6AV2YY87MmTrt6fTGtGPp75fM8JzbPM//nPMwz2VOA9iwytlbErE1In6OiJ7q4uwdytV/7k5PDv8xPTmcRJq+8ntS2e/O9ORwbdfacVvyhb5SROm9JHYWs+0cv3zl7NDY2OjFfEX/RClPnRs6PXp69PzgkSMH9ncdPjR4sClxZmW6s+OdC7u2n3j95kvDJ2++8e3nWXnTfHt9HFW9lfdNS86hrbCmHOXZ57LOU0sv+rrQXZdO2rP3UusKw5Jld212uToq9b8n2ipLVT3x4rstLRywqtI0TTsLa2e+y6bSeklSPSBNr6XAfSCJVpcAaI3aF/2d6aynOjlc7Aff324fi0oPKIv7bv6qbmmv9GDLvdW+Uccq5f9ARJyc+vOj7BXzjkMAADTXl8cibhyvtjtqr+qWUjxUt99/87mh3oj4X0Rsi4j/5+2XByMq+z4cEY/UHdO9hFmA8pzlYvvnx648Ud9cbZqs/fd8Prc1u/03U/LetnypuxJ/R3LqzNjovvyc9EVHZ7Y8UPzomWG1r1746cNG+Zfr2n/ZK8u/1hbMy/Fb+5wBupGhiaF7jbvm9rXKib1ajD+J9qSWitgeETtW8PnZOTvzzGe7Gm2fFX8WZyH+Dxp/ePsKCjRH+knE09XrPxVz4o98/i+pzE+ee6t//PKV587Uz08OHD40eLB/c4yN7uuv3RVF3/1w/eU8WehGLHD9a1VjVSfSsuv/n3nv/5mZy94sNTNfO778PK7futGwT7PS+39T8molXZufvTQ0MXFxIGJTMlVcP/jPsZeGumbtn8Xft2f++r8t4q+P8+N2RkR2Ez8aEY9FxO687I9HxBMRsWeB+L85/uSbjbqQi8e/urL4R5Z1/Rsljn4fMf+mtrNff1HI+P1yIf6OaHT9D1RSffmakaGJzYvFtVBJ6xP3fAIBAABgHdgdEVsjKe3NB5q2Rqm0d2/ElpkRlPGJZ09dePv8SPUZgd7oKNVGunrqxkMH8rHhbDk7arBuOdu+vzJunKZp2pUtZ/33se7Whg4b3pYG9T/za/GRFuB+s6x5tEZPtAHr0tz6f2vJRzb/BxnA2mrC72iAdUr9h41ryfV/tZ6CA1pmvvp/NeJuC4oCrLH56v9rhTVH16QswNrS/4eNa+X1348BYL3z/Q8b0pIekl9BYtuJBfZJ2lcn08aJUiz8VwB6I2pram2ahT/wl1JEc0rY1tRIu2Zd09K8+2yOZuQVpUX3aV/GH2JY20Tp31GMaqIzIha5e2dutqu1xJXVLlilEnza2v+dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7t3fAQAA///tUdPr") r3 = gettid() bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r2, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r3], 0x28}}, 0x0) 367.978944ms ago: executing program 1 (id=4061): socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$setstatus(r1, 0x4, 0x2800) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1e00000005000000020000000400000005000000", @ANYRES32, @ANYBLOB="004000a4a900"/20, @ANYRES32=0x0, @ANYRES32], 0x50) r2 = syz_open_dev$tty1(0xc, 0x4, 0x2) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000140)={[{@noload}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@lazytime}, {@quota}, {@quota}]}, 0x3, 0x443, &(0x7f0000000940)="$eJzs3MtvG0UYAPBv10mgLxJKefQBBMqj4pE0aYEeuIBA4gASEhzKMSRpVeo2qAkSrSoICJUjqsQdcUTiL+BELwg4IXGFAzdUqUK9tHAyWnu3cYztNsbuQv37SevM7I4182V37JmdbAIYWpPZSxKxNSJ+iYjxRnZ9gcnGj6uXz87/efnsfBK12ht/JPVyVy6fnS+KFu/bkmf2pRHpJ0nsblPv8ukzx+eq1cVTeX565cS708unzzx97MTc0cWjiydnDx06eGDmuWdnn+lLnFlcV3Z9sLRn5ytvnX9t/vD5t3/4Oinib4mjTya7HXy0VutzdeXa1pRORkpsCBtSiYjsdI3W+/94VGLt5I3Hyx+X2jhgoGq5DodXa8AtLImyWwCUo/iiz+a/xXbzRh/lu/RCYwKUxX013xpHRiLNy4y2zG/7aTIiDq/+9UW2xWDuQwAArPNtNv55qt34L417msrdka+hTETEnRGxPSLuiogdEXF3RL3svRFx3wbrb10k+ef4J73YU2A3KBv/PZ+vba0f/xWjv5io5Llt9fhHkyPHqov7G8dWs5csP9Oljgsv/fxZp2PN479sy+ovxoJ5Oy6O3Lb+PQtzK3O9xtvq0kcRu0baxZ9cWwlIImJnROzqsY5jT3y1p9Ox68ffRR/WmWpfRjzeOP+r0RJ/Iem+Pjl9e1QX9083XRUtfvzp3Oud6v9X8fdBdv43t73+r8U/kTSv1y5vvI5zv37acU7T6/U/lrxZT4/l+96fW1k5NRMxlrzaaHTz/tm19xb5onwW/7697fv/9lj7TeyOiOwivj8iHoiIB/O2PxQRD0fE3i7xf//iI+/0Hv9gZfEvbOj8ryXGonVP+0Tl+HffrKt0YiPxZ+f/YD21L99T//xLusd1I+3q7WoGAACA/580IrZGkk5dS6fp1FTjb/h3xOa0urS88uSRpfdOLjSeEZiI0bS40zXedD90Jp/WF/nZlvyB/L7x55VN9fzU/FJ1oezgYcht6dD/M79Xym4dMHCe14Lhpf/D8NL/YXjp/zC82vT/TWW0A7j52n3/fxgRFx4roTHATdXS/y37wRAx/4fhpf/D8LqB/v/brfXvqoGIWN4U139IfrCJSpRZu0SPiUj/E82QGFCi7E8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg7AAD//9aZ7PU=") prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) r4 = dup(r3) r5 = open(&(0x7f0000000100)='./bus\x00', 0x40542, 0x0) ftruncate(r5, 0xee72) sendfile(r4, r5, 0x0, 0x8000fffffffe) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@acquire={0x16c, 0x17, 0x1, 0x0, 0x0, {{@in6=@mcast2, 0x0, 0x3c}, @in=@multicast2, {@in6=@private2, @in6=@local, 0x0, 0x0, 0x0, 0xfffe}, {{@in=@local, @in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x0, 0x3, 0x0, 0x0, 0x2, 0x0, 0x20}, {}, {}, 0x0, 0x6e6bb8}}, [@tmpl={0x44, 0x8, [{{@in=@remote}, 0x0, @in=@loopback}]}]}, 0x16c}}, 0x0) write(r5, &(0x7f0000000400)="a7324b42c7e83a2ed9696e60a6e03b2dc7138fc380e73eb85bcadf2fe5e2ed47f4b2bf2acd51deda079f9da7d878b948570ce48baa2b61c2ca44f8559244f43aafe3e8a2d0bb37e0658ec33cee098f1f6c8aceaa8fcdb250b08b7078a29620ceeb4c3f9c35247831d2063dbca5fefd3643ae717a8b5f433344eabe5f50e154b1d58978845dbcdc41ebffce070ab9895c9e36e6a0a112", 0x96) ioctl$GIO_UNISCRNMAP(r2, 0x4b48, &(0x7f0000003d40)=""/175) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r7 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r6, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000100)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x800, 0x0, 0x0, 0x0, 0xffff}, 0x20) 167.443623ms ago: executing program 2 (id=4062): socket$inet6_tcp(0xa, 0x1, 0x0) open_tree(0xffffffffffffffff, &(0x7f0000001540)='./file0\x00', 0x8000) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r3, 0x40047438, &(0x7f0000000180)=""/246) r4 = dup(r3) ioctl$PPPIOCCONNECT(r4, 0x40047435, &(0x7f00000002c0)=0x2) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000001f00)) sendmmsg(r1, &(0x7f0000009140)=[{{0x0, 0x0, &(0x7f0000001480)}}, {{0x0, 0x0, &(0x7f0000001cc0)}}], 0x2, 0x0) 77.098563ms ago: executing program 0 (id=4063): r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x68200, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = socket(0x10, 0x80000, 0x4) r3 = socket$kcm(0x10, 0x2, 0x0) r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r5 = syz_open_dev$vbi(&(0x7f0000000080), 0x0, 0x2) ioctl$VIDIOC_QUERYSTD(r5, 0x8008563f, 0x0) write$UHID_GET_REPORT_REPLY(r4, 0x0, 0x0) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x0) sendmsg$AUDIT_ADD_RULE(r2, 0x0, 0x4000041) sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x2c00, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x25000000) process_vm_readv(0x0, &(0x7f0000000b80)=[{&(0x7f0000000880)=""/129, 0x81}, {&(0x7f0000000980)=""/149, 0x95}], 0x2, &(0x7f0000000e00), 0x0, 0x0) r6 = dup(0xffffffffffffffff) ioctl$VIDIOC_QUERYBUF_DMABUF(r6, 0xc0585609, 0x0) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000001380), 0xc, &(0x7f0000001480)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0) syz_genetlink_get_family_id$nl80211(0x0, r2) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="03c91540"], 0x4) r7 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001600)=ANY=[@ANYBLOB="850000002f000000d7000000100000009500000000000000423d19f1e4e058f160906b507e5120a0425f48f9550dcf76fc596696e6f89a4a2b1d29eadfdabd5217ba2d02d98d17b488d5437e04555f3dc719afc000"], &(0x7f0000000240)='GPL\x00', 0x1, 0x473, &(0x7f0000000280)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) setuid(0xee01) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, 0x0, 0x1000000) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="0200000008"], 0xfe44, 0x0) 0s ago: executing program 4 (id=4064): socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6(0xa, 0x40000080806, 0x0) socket$kcm(0x10, 0x2, 0x0) socket$rds(0x15, 0x5, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket(0xa, 0x3, 0x3a) socket$inet6_udp(0xa, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x18, 0x18, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r0 = syz_io_uring_setup(0x24f9, &(0x7f0000000180)={0x0, 0x0, 0x10100, 0x0, 0x1000000}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='rdma.current\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): ] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 985.994164][T14233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 986.004983][T14233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 986.015128][T14233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 986.026081][T14233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 986.036244][T14233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 986.047098][T14233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 986.057557][T14233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 986.068370][T14233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 986.089843][T14233] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 986.144088][T14233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 986.156268][T14233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 986.166983][T14233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 986.181759][T14233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 986.193077][T14233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 986.203989][T14233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 986.214261][T14233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 986.225078][T14233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 986.235394][T14233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 986.246485][T14233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 986.256650][T14233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 986.267501][T14233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 986.282966][T14233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 986.294951][T14233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 986.305169][T14233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 986.315965][T14233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 986.332127][T14233] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 986.367714][ T3333] bridge_slave_1: left allmulticast mode [ 986.373649][ T3333] bridge_slave_1: left promiscuous mode [ 986.392718][ T3333] bridge0: port 2(bridge_slave_1) entered disabled state [ 986.403543][ T3274] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 986.412175][ T3274] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 986.448272][ T3333] bridge_slave_0: left allmulticast mode [ 986.454182][ T3333] bridge_slave_0: left promiscuous mode [ 986.460913][ T3333] bridge0: port 1(bridge_slave_0) entered disabled state [ 986.984255][ T3333] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 987.036043][ T3333] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 987.070652][ T3333] bond0 (unregistering): Released all slaves [ 987.434420][T14233] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 987.444388][T14233] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 987.457133][T14233] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 987.466571][T14233] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 987.472393][T10533] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 987.491067][T10533] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 987.519719][T10533] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 987.533616][T10533] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 987.546273][T10533] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 987.555918][T10533] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 987.776962][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 987.785102][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 988.485859][ T3333] hsr_slave_0: left promiscuous mode [ 988.518181][ T3333] hsr_slave_1: left promiscuous mode [ 988.542576][ T3333] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 988.550571][ T3333] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 988.568252][ T3333] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 988.576432][ T3333] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 988.622111][ T3333] veth1_macvtap: left promiscuous mode [ 988.622876][T14413] ptrace attach of "./syz-executor exec"[14066] was attempted by "./syz-executor exec"[14413] [ 988.627964][ T3333] veth0_macvtap: left promiscuous mode [ 988.628254][ T3333] veth1_vlan: left promiscuous mode [ 988.657613][ T3333] veth0_vlan: left promiscuous mode [ 989.424418][ T3333] team0 (unregistering): Port device team_slave_1 removed [ 989.469829][ T3333] team0 (unregistering): Port device team_slave_0 removed [ 989.725942][ T5199] Bluetooth: hci3: command tx timeout [ 989.816545][T14411] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3086'. [ 989.826241][T14411] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3086'. [ 989.837065][T14411] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 990.236260][T14423] loop2: detected capacity change from 0 to 1024 [ 990.254546][T14423] EXT4-fs: Ignoring removed nomblk_io_submit option [ 990.316467][T14423] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 990.514792][T14423] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 990.932106][T14431] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 990.941879][T14431] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 990.950772][T14431] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 991.210753][T14295] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 991.618208][T14402] chnl_net:caif_netlink_parms(): no params data found [ 991.824576][ T5199] Bluetooth: hci3: command tx timeout [ 991.929357][T14198] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 992.032946][ T3333] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 992.246032][ T3333] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 992.445152][ T3333] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 992.679534][ T3333] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 993.054805][T14452] loop0: detected capacity change from 0 to 512 [ 993.066284][T14452] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 993.114492][T14452] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 993.123952][T14452] EXT4-fs (loop0): write access unavailable, skipping orphan cleanup [ 993.134234][T14452] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 993.197386][T14402] bridge0: port 1(bridge_slave_0) entered blocking state [ 993.205111][T14402] bridge0: port 1(bridge_slave_0) entered disabled state [ 993.216831][T14402] bridge_slave_0: entered allmulticast mode [ 993.226434][T14402] bridge_slave_0: entered promiscuous mode [ 993.393996][T14402] bridge0: port 2(bridge_slave_1) entered blocking state [ 993.402938][T14402] bridge0: port 2(bridge_slave_1) entered disabled state [ 993.411062][T14402] bridge_slave_1: entered allmulticast mode [ 993.420422][T14402] bridge_slave_1: entered promiscuous mode [ 993.636425][T14448] veth0_vlan: left promiscuous mode [ 993.648996][T14448] veth0_vlan: entered promiscuous mode [ 993.876632][ T5199] Bluetooth: hci3: command tx timeout [ 994.002224][T14402] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 994.047896][T14402] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 994.078149][ T3333] bridge_slave_1: left allmulticast mode [ 994.084071][ T3333] bridge_slave_1: left promiscuous mode [ 994.091185][ T3333] bridge0: port 2(bridge_slave_1) entered disabled state [ 994.150749][T14066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 994.177189][ T3333] bridge_slave_0: left allmulticast mode [ 994.183101][ T3333] bridge_slave_0: left promiscuous mode [ 994.189886][ T3333] bridge0: port 1(bridge_slave_0) entered disabled state [ 994.799320][ T3333] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 994.848550][ T3333] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 994.877000][ T3333] bond0 (unregistering): Released all slaves [ 994.910892][T10533] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 994.959608][T10533] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 994.996995][T10533] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 995.110461][T10533] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 995.124841][T10533] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 995.134536][T10533] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 995.180015][T14295] veth0_vlan: entered promiscuous mode [ 995.306557][T14402] team0: Port device team_slave_0 added [ 995.327792][T14468] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3139'. [ 995.337255][T14468] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3139'. [ 995.413990][T14468] bond1: entered allmulticast mode [ 995.422716][T14468] 8021q: adding VLAN 0 to HW filter on device bond1 [ 995.453553][T14402] team0: Port device team_slave_1 added [ 995.503729][T14295] veth1_vlan: entered promiscuous mode [ 995.969639][T14402] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 995.977198][T14402] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 996.004078][T14402] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 996.016162][T10533] Bluetooth: hci3: command tx timeout [ 996.038402][T14402] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 996.045750][T14402] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 996.072505][T14402] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 996.231871][ T3274] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 996.240047][ T3274] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 996.311857][ T3333] hsr_slave_0: left promiscuous mode [ 996.332212][ T3333] hsr_slave_1: left promiscuous mode [ 996.354779][ T3333] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 996.364550][ T3333] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 996.376800][ T3333] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 996.384648][ T3333] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 996.405085][ T3333] veth1_macvtap: left promiscuous mode [ 996.411417][ T3333] veth0_macvtap: left promiscuous mode [ 996.422139][ T3333] veth1_vlan: left promiscuous mode [ 996.427912][ T3333] veth0_vlan: left promiscuous mode [ 997.046856][ T3333] team0 (unregistering): Port device team_slave_1 removed [ 997.107497][ T3333] team0 (unregistering): Port device team_slave_0 removed [ 997.246005][T10533] Bluetooth: hci4: command tx timeout [ 997.807534][T14402] hsr_slave_0: entered promiscuous mode [ 997.827486][T14402] hsr_slave_1: entered promiscuous mode [ 997.837028][T14402] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 997.844808][T14402] Cannot create hsr debugfs directory [ 997.911430][T14477] loop0: detected capacity change from 0 to 1024 [ 997.913574][ T3274] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 997.920837][T14477] EXT4-fs: Ignoring removed nomblk_io_submit option [ 997.926402][ T3274] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 998.086404][T14477] loop0: detected capacity change from 0 to 164 [ 998.134901][T14477] ISOFS: primary root directory is empty. Disabling Rock Ridge and switching to Joliet. [ 998.230091][T14295] veth0_macvtap: entered promiscuous mode [ 998.328488][T14295] veth1_macvtap: entered promiscuous mode [ 998.561214][T14295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 998.581141][T14295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 998.593963][T14295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 998.604853][T14295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 998.615005][T14295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 998.625835][T14295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 998.636037][T14295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 998.646863][T14295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 998.657052][T14295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 998.675681][T14295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 998.688910][T14295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 998.699711][T14295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 998.709937][T14295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 998.720722][T14295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 998.737347][T14295] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 998.961970][T14295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 998.972811][T14295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 998.990970][T14295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 999.013603][T14295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 999.023829][T14295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 999.036222][T14295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 999.047593][T14295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 999.059511][T14295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 999.071164][T14295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 999.082990][T14295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 999.102043][T14295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 999.116528][T14295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 999.127772][T14295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 999.140250][T14295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 999.173875][T14295] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 999.197210][T14483] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 999.206038][T14483] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 999.214719][T14483] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 999.227400][T14463] chnl_net:caif_netlink_parms(): no params data found [ 999.332252][T10533] Bluetooth: hci4: command tx timeout [ 999.360672][T14295] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 999.369915][T14295] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 999.379134][T14295] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 999.394636][T14295] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1000.594433][T14491] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3143'. [ 1000.630567][T14491] geneve2: entered promiscuous mode [ 1000.809912][T14463] bridge0: port 1(bridge_slave_0) entered blocking state [ 1000.827284][T14463] bridge0: port 1(bridge_slave_0) entered disabled state [ 1000.835997][T14463] bridge_slave_0: entered allmulticast mode [ 1000.846994][T14463] bridge_slave_0: entered promiscuous mode [ 1000.863746][T14463] bridge0: port 2(bridge_slave_1) entered blocking state [ 1000.871715][T14463] bridge0: port 2(bridge_slave_1) entered disabled state [ 1000.880036][T14463] bridge_slave_1: entered allmulticast mode [ 1000.889442][T14463] bridge_slave_1: entered promiscuous mode [ 1001.308475][T14463] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1001.416715][T10533] Bluetooth: hci4: command tx timeout [ 1001.508346][T14463] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1001.731162][T14501] loop0: detected capacity change from 0 to 512 [ 1001.749466][T14402] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1001.802933][T14402] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1001.815102][T14501] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1001.894132][T14463] team0: Port device team_slave_0 added [ 1001.904162][T14501] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 1001.913522][T14402] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1001.959024][T14501] EXT4-fs (loop0): write access unavailable, skipping orphan cleanup [ 1001.969363][T14501] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 1002.132187][T14463] team0: Port device team_slave_1 added [ 1002.143738][T14402] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1002.326623][ T3333] bridge_slave_1: left allmulticast mode [ 1002.332517][ T3333] bridge_slave_1: left promiscuous mode [ 1002.339117][ T3333] bridge0: port 2(bridge_slave_1) entered disabled state [ 1002.405058][ T3333] bridge_slave_0: left allmulticast mode [ 1002.411361][ T3333] bridge_slave_0: left promiscuous mode [ 1002.418645][ T3333] bridge0: port 1(bridge_slave_0) entered disabled state [ 1002.955793][ T3333] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1003.001996][ T3333] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1003.018750][ T3333] bond0 (unregistering): Released all slaves [ 1003.251026][T14463] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1003.258479][T14463] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1003.291931][T14463] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1003.360914][ T3333] IPVS: stopping backup sync thread 11492 ... [ 1003.477190][T10533] Bluetooth: hci4: command tx timeout [ 1003.567369][T14463] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1003.575025][T14463] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1003.611126][T14463] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1004.042514][ T3333] hsr_slave_0: left promiscuous mode [ 1004.066621][ T3333] hsr_slave_1: left promiscuous mode [ 1004.102431][ T3333] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1004.110571][ T3333] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1004.154844][ T3333] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1004.158006][T14066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 1004.162798][ T3333] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1004.255222][ T3333] veth1_macvtap: left promiscuous mode [ 1004.261109][ T3333] veth0_macvtap: left promiscuous mode [ 1004.580663][T14519] loop0: detected capacity change from 0 to 1024 [ 1004.648754][T14519] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1004.835228][T14519] loop0: detected capacity change from 0 to 164 [ 1004.878052][T14519] ISOFS: primary root directory is empty. Disabling Rock Ridge and switching to Joliet. [ 1004.955041][ T3333] team0 (unregistering): Port device team_slave_1 removed [ 1004.985104][ T3333] team0 (unregistering): Port device team_slave_0 removed [ 1005.509753][T14463] hsr_slave_0: entered promiscuous mode [ 1005.526392][T14463] hsr_slave_1: entered promiscuous mode [ 1005.595383][T14463] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1005.603685][T14463] Cannot create hsr debugfs directory [ 1005.613635][T14523] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 1005.622579][T14523] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 1005.638607][T14523] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 1005.740503][T14526] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3151'. [ 1005.762971][T14526] geneve2: entered promiscuous mode [ 1006.116651][ T3333] IPVS: stop unused estimator thread 0... [ 1006.366068][T14402] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1006.509413][T14402] 8021q: adding VLAN 0 to HW filter on device team0 [ 1006.746824][ T3274] bridge0: port 1(bridge_slave_0) entered blocking state [ 1006.754516][ T3274] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1007.009683][ T3274] bridge0: port 2(bridge_slave_1) entered blocking state [ 1007.017439][ T3274] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1007.453497][T14544] loop0: detected capacity change from 0 to 512 [ 1007.469270][T14544] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1007.539207][ T3274] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1007.547585][ T3274] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1007.673551][T14544] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 1007.706872][T14544] EXT4-fs (loop0): write access unavailable, skipping orphan cleanup [ 1007.718000][T14544] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 1008.022383][ T3068] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1008.032055][ T3068] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1008.049266][T14463] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1008.301216][T14463] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1008.358400][T14463] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1008.476771][T14463] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1008.957345][T14554] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3102'. [ 1009.178696][T14066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 1009.381657][T14562] loop0: detected capacity change from 0 to 1024 [ 1009.391633][T14562] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1009.442110][T14562] loop0: detected capacity change from 0 to 164 [ 1009.516655][T14562] ISOFS: primary root directory is empty. Disabling Rock Ridge and switching to Joliet. [ 1009.761679][T14402] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1009.882356][T14565] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 1009.892128][T14565] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 1009.902243][T14565] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 1010.046033][T14463] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1010.266249][T14402] veth0_vlan: entered promiscuous mode [ 1010.276203][T14567] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3160'. [ 1010.299683][T14567] geneve2: entered promiscuous mode [ 1010.410200][T14463] 8021q: adding VLAN 0 to HW filter on device team0 [ 1010.440472][ T3333] bridge0: port 1(bridge_slave_0) entered blocking state [ 1010.448216][ T3333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1010.585206][T14463] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1010.596686][T14463] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1010.660810][T14402] veth1_vlan: entered promiscuous mode [ 1010.686469][ T3333] bridge0: port 2(bridge_slave_1) entered blocking state [ 1010.694161][ T3333] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1011.181502][T14402] veth0_macvtap: entered promiscuous mode [ 1011.286417][T14402] veth1_macvtap: entered promiscuous mode [ 1011.457225][T14402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1011.474161][T14402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.486167][T14402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1011.501166][T14402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.512669][T14402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1011.523478][T14402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.533647][T14402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1011.544457][T14402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.554634][T14402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1011.567553][T14402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.583853][T14402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1011.596392][T14402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.606588][T14402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1011.617360][T14402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.633546][T14402] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1011.647647][T14577] netlink: 144 bytes leftover after parsing attributes in process `syz.4.3165'. [ 1011.752152][T14402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1011.763091][T14402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.773283][T14402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1011.792085][T14402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.804482][T14402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1011.815362][T14402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.825688][T14402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1011.836508][T14402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.846914][T14402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1011.857711][T14402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.868389][T14402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1011.887059][T14402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.899452][T14402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1011.910179][T14402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.925821][T14402] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1011.972121][T14580] can0: slcan on ttyS3. [ 1012.197904][T14402] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1012.204335][T14579] can0 (unregistered): slcan off ttyS3. [ 1012.208525][T14402] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1012.221765][T14402] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1012.230965][T14402] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1012.333032][T14463] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1012.780225][T14463] veth0_vlan: entered promiscuous mode [ 1013.000804][T14463] veth1_vlan: entered promiscuous mode [ 1013.364814][T14463] veth0_macvtap: entered promiscuous mode [ 1013.368435][T14595] loop0: detected capacity change from 0 to 512 [ 1013.508013][T14463] veth1_macvtap: entered promiscuous mode [ 1013.546128][T14595] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1013.588518][T14463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1013.600472][T14463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1013.610766][T14463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1013.629355][T14463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1013.645222][T14463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1013.656016][T14463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1013.666419][T14463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1013.677157][T14463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1013.687299][T14463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1013.698504][T14463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1013.708655][T14463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1013.722331][T14463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1013.740874][T14463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1013.753914][T14463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1013.764052][T14463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1013.774773][T14463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1013.790734][T14463] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1013.858932][T14595] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 1013.901323][T14595] EXT4-fs (loop0): write access unavailable, skipping orphan cleanup [ 1013.911870][T14595] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 1013.949288][T14463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1013.973879][T14463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1013.984220][T14463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1013.995084][T14463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1014.005244][T14463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1014.016233][T14463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1014.026425][T14463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1014.066736][T14463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1014.084398][T14463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1014.095244][T14463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1014.105566][T14463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1014.118403][T14463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1014.129000][T14463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1014.145821][T14463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1014.157736][T14463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1014.168959][T14463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1014.184365][T14463] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1014.305316][T14591] loop4: detected capacity change from 0 to 8192 [ 1014.493562][T14463] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1014.502815][T14463] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1014.512007][T14463] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1014.521167][T14463] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1014.707976][T14066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 1015.384358][T14609] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 1015.393213][T14609] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 1015.403525][T14609] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 1016.189977][T14624] loop0: detected capacity change from 0 to 512 [ 1016.538807][T14628] netlink: 144 bytes leftover after parsing attributes in process `syz.4.3175'. [ 1016.564210][ T29] kauditd_printk_skb: 32 callbacks suppressed [ 1016.564292][ T29] audit: type=1326 audit(1727684139.180:3844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14629 comm="syz.1.3176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748d579 code=0x7ffc0000 [ 1016.740200][ T29] audit: type=1326 audit(1727684139.230:3845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14629 comm="syz.1.3176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf748d579 code=0x7ffc0000 [ 1016.763543][ T29] audit: type=1326 audit(1727684139.230:3846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14629 comm="syz.1.3176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748d579 code=0x7ffc0000 [ 1016.786264][ T29] audit: type=1326 audit(1727684139.240:3847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14629 comm="syz.1.3176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf748d579 code=0x7ffc0000 [ 1016.813363][ T29] audit: type=1326 audit(1727684139.240:3848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14629 comm="syz.1.3176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748d579 code=0x7ffc0000 [ 1016.838612][ T29] audit: type=1326 audit(1727684139.260:3849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14629 comm="syz.1.3176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=356 compat=1 ip=0xf748d579 code=0x7ffc0000 [ 1016.862557][ T29] audit: type=1326 audit(1727684139.260:3850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14629 comm="syz.1.3176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf748d579 code=0x7ffc0000 [ 1016.885184][ T29] audit: type=1326 audit(1727684139.260:3851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14629 comm="syz.1.3176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf748d579 code=0x7ffc0000 [ 1016.912042][ T29] audit: type=1326 audit(1727684139.530:3852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14629 comm="syz.1.3176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=91 compat=1 ip=0xf748d579 code=0x7ffc0000 [ 1016.913930][T14630] loop1: detected capacity change from 0 to 1024 [ 1016.937428][ T29] audit: type=1326 audit(1727684139.530:3853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14629 comm="syz.1.3176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf748d579 code=0x7ffc0000 [ 1017.420559][T14630] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1017.774641][T14646] loop4: detected capacity change from 0 to 2048 [ 1017.831959][T14630] EXT4-fs (loop1): shut down requested (0) [ 1017.883781][ T3204] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 1017.900767][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 1017.909319][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 1017.950594][ T3204] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 404 with error 28 [ 1017.964322][ T3204] EXT4-fs (loop1): This should not happen!! Data will be lost [ 1017.964322][ T3204] [ 1017.976115][ T3204] EXT4-fs (loop1): Total free blocks count 0 [ 1017.982457][ T3204] EXT4-fs (loop1): Free/Dirty block details [ 1017.988760][ T3204] EXT4-fs (loop1): free_blocks=68451041280 [ 1017.994810][ T3204] EXT4-fs (loop1): dirty_blocks=416 [ 1018.000357][ T3204] EXT4-fs (loop1): Block reservation details [ 1018.006721][ T3204] EXT4-fs (loop1): i_reserved_data_blocks=26 [ 1018.006694][T14646] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1018.391462][T14295] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1018.976042][ T3013] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1018.984123][ T3013] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1019.275856][ T3384] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1019.287508][ T3384] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1019.688189][T14673] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 1019.697853][T14673] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 1019.706719][T14673] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 1020.374938][ T3103] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1020.390473][ T3103] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1020.460460][T14680] loop3: detected capacity change from 0 to 1024 [ 1020.611598][ T3103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1020.620560][ T3103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1020.703684][T14680] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1020.837161][T14680] EXT4-fs error (device loop3): ext4_lookup:1813: inode #15: comm syz.3.3128: iget: bad extended attribute block 8388352 [ 1020.899566][T14680] EXT4-fs (loop3): Remounting filesystem read-only [ 1021.473841][T14700] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1021.672230][T14700] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1021.938060][T14700] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1022.071834][T14709] loop0: detected capacity change from 0 to 512 [ 1022.139897][T14700] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1022.509399][T14700] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1022.549679][T14700] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1022.580259][T14700] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1022.609562][T14700] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1022.654125][T14707] loop0: detected capacity change from 0 to 1024 [ 1023.291489][T14402] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1023.337892][T14716] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 1023.358267][T14716] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 1023.367181][T14716] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 1023.392183][T14715] loop1: detected capacity change from 0 to 512 [ 1023.458620][T14718] netlink: 144 bytes leftover after parsing attributes in process `syz.0.3198'. [ 1023.671777][T14715] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1023.685195][T14715] ext4 filesystem being mounted at /20/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1023.741337][ T29] kauditd_printk_skb: 65 callbacks suppressed [ 1023.741416][ T29] audit: type=1800 audit(1727684146.360:3919): pid=14715 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3196" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 1023.797821][ T29] audit: type=1800 audit(1727684146.410:3920): pid=14725 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3196" name="file2" dev="loop1" ino=16 res=0 errno=0 [ 1024.150862][T14233] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1024.225236][T14728] loop4: detected capacity change from 0 to 2048 [ 1024.529151][T14728] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1025.068598][T14295] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1025.234715][T14750] loop3: detected capacity change from 0 to 256 [ 1025.358349][T14750] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 1025.370838][T14750] FAT-fs (loop3): Filesystem has been set read-only [ 1025.377919][T14750] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 1025.388455][T14750] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 1025.434483][ T29] audit: type=1800 audit(1727684148.030:3921): pid=14750 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3209" name="file1" dev="loop3" ino=1048692 res=0 errno=0 [ 1025.564327][T14750] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 1025.625007][T14750] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 1025.920990][T14750] syz.3.3209 (14750) used greatest stack depth: 3992 bytes left [ 1026.147589][ T29] audit: type=1326 audit(1727684148.600:3922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14758 comm="syz.0.3212" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd579 code=0x7ffc0000 [ 1026.170276][ T29] audit: type=1326 audit(1727684148.610:3923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14758 comm="syz.0.3212" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd579 code=0x7ffc0000 [ 1026.193393][ T29] audit: type=1326 audit(1727684148.630:3924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14758 comm="syz.0.3212" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf73fd579 code=0x7ffc0000 [ 1026.228759][ T29] audit: type=1326 audit(1727684148.640:3925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14758 comm="syz.0.3212" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd579 code=0x7ffc0000 [ 1026.251833][ T29] audit: type=1326 audit(1727684148.640:3926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14758 comm="syz.0.3212" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf73fd579 code=0x7ffc0000 [ 1026.274516][ T29] audit: type=1326 audit(1727684148.640:3927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14758 comm="syz.0.3212" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd579 code=0x7ffc0000 [ 1026.298688][ T29] audit: type=1326 audit(1727684148.650:3928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14758 comm="syz.0.3212" exe="/root/syz-executor" sig=0 arch=40000003 syscall=266 compat=1 ip=0xf73fd579 code=0x7ffc0000 [ 1026.497914][T14765] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 1026.506776][T14765] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 1026.516281][T14765] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 1028.856654][T14800] netlink: 'syz.3.3227': attribute type 39 has an invalid length. [ 1028.857312][T14799] loop1: detected capacity change from 0 to 1024 [ 1028.864888][T14800] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3227'. [ 1028.912368][T14800] bridge0: port 2(bridge_slave_1) entered disabled state [ 1028.912399][T14799] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1028.915154][T14799] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1028.922127][T14800] bridge0: port 1(bridge_slave_0) entered disabled state [ 1028.965334][T14798] loop0: detected capacity change from 0 to 512 [ 1028.997777][T14799] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1029.077971][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 1029.078049][ T29] audit: type=1326 audit(1727684151.690:3930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14804 comm="syz.2.3229" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x7ffc0000 [ 1029.117343][ T29] audit: type=1326 audit(1727684151.690:3931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14804 comm="syz.2.3229" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x7ffc0000 [ 1029.140408][ T29] audit: type=1326 audit(1727684151.700:3932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14804 comm="syz.2.3229" exe="/root/syz-executor" sig=0 arch=40000003 syscall=186 compat=1 ip=0xf740d579 code=0x7ffc0000 [ 1029.163326][ T29] audit: type=1326 audit(1727684151.710:3933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14804 comm="syz.2.3229" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x7ffc0000 [ 1029.193541][ T29] audit: type=1326 audit(1727684151.710:3934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14804 comm="syz.2.3229" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x7ffc0000 [ 1029.617157][T14809] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 1029.626451][T14809] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 1029.635376][T14809] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 1029.893342][T14815] loop2: detected capacity change from 0 to 512 [ 1029.965714][T14815] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1030.139461][T14815] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 1030.295675][T14815] EXT4-fs (loop2): 1 truncate cleaned up [ 1030.303285][T14815] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1030.977424][T14830] loop4: detected capacity change from 0 to 128 [ 1031.012342][T14830] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1031.057860][ T34] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1031.087250][T14233] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1031.119373][ T34] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1031.189672][T14463] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1032.133302][ T34] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1032.191496][T14832] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3242'. [ 1032.214677][T14832] geneve2: entered promiscuous mode [ 1032.286777][ T29] audit: type=1326 audit(1727684154.900:3935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14833 comm="syz.2.3241" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x7ffc0000 [ 1032.309863][ T29] audit: type=1326 audit(1727684154.900:3936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14833 comm="syz.2.3241" exe="/root/syz-executor" sig=0 arch=40000003 syscall=225 compat=1 ip=0xf740d579 code=0x7ffc0000 [ 1032.332678][ T29] audit: type=1326 audit(1727684154.900:3937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14833 comm="syz.2.3241" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x7ffc0000 [ 1032.357327][ T29] audit: type=1326 audit(1727684154.900:3938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14833 comm="syz.2.3241" exe="/root/syz-executor" sig=0 arch=40000003 syscall=310 compat=1 ip=0xf740d579 code=0x7ffc0000 [ 1032.518219][ T29] audit: type=1326 audit(1727684155.040:3939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14833 comm="syz.2.3241" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x7ffc0000 [ 1032.864401][ T34] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1033.459217][ T34] bridge_slave_1: left allmulticast mode [ 1033.465149][ T34] bridge_slave_1: left promiscuous mode [ 1033.471921][ T34] bridge0: port 2(bridge_slave_1) entered disabled state [ 1033.493752][ T5199] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1033.618442][ T5199] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1033.709334][ T5199] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1033.822475][ T34] bridge_slave_0: left allmulticast mode [ 1033.828613][ T34] bridge_slave_0: left promiscuous mode [ 1033.835324][ T34] bridge0: port 1(bridge_slave_0) entered disabled state [ 1033.846002][ T5199] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1033.869397][ T5199] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1033.890872][ T5199] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1034.068440][T14845] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 1034.153446][ T29] kauditd_printk_skb: 28 callbacks suppressed [ 1034.153526][ T29] audit: type=1326 audit(1727684156.770:3968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14837 comm="syz.4.3245" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1034.333289][ T29] audit: type=1326 audit(1727684156.810:3969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14837 comm="syz.4.3245" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1034.356452][ T29] audit: type=1326 audit(1727684156.860:3970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14837 comm="syz.4.3245" exe="/root/syz-executor" sig=0 arch=40000003 syscall=26 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1034.379120][ T29] audit: type=1326 audit(1727684156.860:3971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14837 comm="syz.4.3245" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1034.401822][ T29] audit: type=1326 audit(1727684156.860:3972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14837 comm="syz.4.3245" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1034.549930][ T34] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1034.624926][ T29] audit: type=1326 audit(1727684157.140:3973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14850 comm="syz.0.3249" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd579 code=0x7ffc0000 [ 1034.647697][ T29] audit: type=1326 audit(1727684157.140:3974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14850 comm="syz.0.3249" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd579 code=0x7ffc0000 [ 1034.670603][ T29] audit: type=1326 audit(1727684157.200:3975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14850 comm="syz.0.3249" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf73fd579 code=0x7ffc0000 [ 1034.693239][ T29] audit: type=1326 audit(1727684157.200:3976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14850 comm="syz.0.3249" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd579 code=0x7ffc0000 [ 1034.722022][ T29] audit: type=1326 audit(1727684157.200:3977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14850 comm="syz.0.3249" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd579 code=0x7ffc0000 [ 1034.833129][ T34] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1034.871341][ T34] bond0 (unregistering): Released all slaves [ 1035.234807][T14856] loop2: detected capacity change from 0 to 512 [ 1035.266313][T14856] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1035.309182][T14860] loop0: detected capacity change from 0 to 164 [ 1035.361475][T14860] Unable to read rock-ridge attributes [ 1035.449051][T14856] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 1035.485063][T14860] Unable to read rock-ridge attributes [ 1035.486864][T14861] loop4: detected capacity change from 0 to 128 [ 1035.508064][T14856] EXT4-fs (loop2): 1 truncate cleaned up [ 1035.516211][T14856] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1035.560448][T14866] loop3: detected capacity change from 0 to 128 [ 1035.617106][T14866] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1035.702398][T14861] syz.4.3252: attempt to access beyond end of device [ 1035.702398][T14861] loop4: rw=2049, sector=145, nr_sectors = 72 limit=128 [ 1035.864177][T14861] syz.4.3252: attempt to access beyond end of device [ 1035.864177][T14861] loop4: rw=524288, sector=145, nr_sectors = 72 limit=128 [ 1035.977915][T14861] syz.4.3252: attempt to access beyond end of device [ 1035.977915][T14861] loop4: rw=0, sector=145, nr_sectors = 8 limit=128 [ 1035.991908][T14861] syz.4.3252: attempt to access beyond end of device [ 1035.991908][T14861] loop4: rw=0, sector=145, nr_sectors = 8 limit=128 [ 1036.121028][ T5199] Bluetooth: hci1: command tx timeout [ 1036.407703][ T34] hsr_slave_0: left promiscuous mode [ 1036.482713][ T34] hsr_slave_1: left promiscuous mode [ 1036.503891][ T34] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1036.512145][ T34] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1036.543993][T14463] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1036.552744][ T34] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1036.569670][ T34] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1036.595836][ T34] veth1_macvtap: left promiscuous mode [ 1036.601608][ T34] veth0_macvtap: left promiscuous mode [ 1036.607665][ T34] veth1_vlan: left promiscuous mode [ 1036.613263][ T34] veth0_vlan: left promiscuous mode [ 1037.842666][ T34] team0 (unregistering): Port device team_slave_1 removed [ 1037.900370][ T34] team0 (unregistering): Port device team_slave_0 removed [ 1038.216321][ T5199] Bluetooth: hci1: command tx timeout [ 1038.322713][T14875] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3255'. [ 1038.346250][T14877] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3256'. [ 1038.985672][T14891] loop4: detected capacity change from 0 to 2048 [ 1039.183626][T14841] chnl_net:caif_netlink_parms(): no params data found [ 1039.283283][T14896] loop2: detected capacity change from 0 to 128 [ 1039.310694][T14896] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1039.338525][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 1039.338606][ T29] audit: type=1326 audit(1727684161.930:3980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14890 comm="+}[@" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1039.367643][ T29] audit: type=1326 audit(1727684161.950:3981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14890 comm="+}[@" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1039.389794][ T29] audit: type=1326 audit(1727684161.960:3982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14890 comm="+}[@" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1039.406814][T14891] Alternate GPT is invalid, using primary GPT. [ 1039.429182][T14891] loop4: p1 p2 p3 [ 1039.531184][T14900] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 0, id = 0 [ 1039.654169][T14891] IPVS: stopping master sync thread 14900 ... [ 1039.695546][ T29] audit: type=1326 audit(1727684162.030:3983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14890 comm="+}[@" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1039.718261][ T29] audit: type=1326 audit(1727684162.040:3984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14890 comm="+}[@" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1039.746561][ T29] audit: type=1326 audit(1727684162.040:3985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14890 comm="+}[@" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1039.770765][ T29] audit: type=1326 audit(1727684162.040:3986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14890 comm="+}[@" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1039.792913][ T29] audit: type=1326 audit(1727684162.060:3987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14890 comm="+}[@" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1039.815019][ T29] audit: type=1326 audit(1727684162.060:3988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14890 comm="+}[@" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1039.842991][ T29] audit: type=1326 audit(1727684162.080:3989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14890 comm="+}[@" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1040.102386][T14904] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3266'. [ 1040.175879][T14905] loop2: detected capacity change from 0 to 512 [ 1040.220446][T14905] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1040.313875][ T5199] Bluetooth: hci1: command tx timeout [ 1040.488571][T14905] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 1040.542112][T14905] EXT4-fs (loop2): 1 truncate cleaned up [ 1040.558800][T14905] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1040.797174][T14914] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3271'. [ 1040.820776][T14914] geneve2: entered promiscuous mode [ 1041.122118][T14841] bridge0: port 1(bridge_slave_0) entered blocking state [ 1041.130520][T14841] bridge0: port 1(bridge_slave_0) entered disabled state [ 1041.139068][T14841] bridge_slave_0: entered allmulticast mode [ 1041.148509][T14841] bridge_slave_0: entered promiscuous mode [ 1041.230124][T14841] bridge0: port 2(bridge_slave_1) entered blocking state [ 1041.238498][T14841] bridge0: port 2(bridge_slave_1) entered disabled state [ 1041.246730][T14841] bridge_slave_1: entered allmulticast mode [ 1041.256217][T14841] bridge_slave_1: entered promiscuous mode [ 1041.492794][T14924] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3273'. [ 1041.511539][T14463] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1041.662392][T14841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1041.776797][T14841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1041.922848][T14930] loop4: detected capacity change from 0 to 128 [ 1041.962437][T14930] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1042.114010][T14841] team0: Port device team_slave_0 added [ 1042.175909][T14931] loop3: detected capacity change from 0 to 512 [ 1042.228515][T14841] team0: Port device team_slave_1 added [ 1042.324982][T14931] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1042.439440][ T5199] Bluetooth: hci1: command tx timeout [ 1042.510319][T14931] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 1042.519682][T14841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1042.520019][T14931] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1042.527073][T14841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1042.559925][T14841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1042.640811][T14931] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3274: bg 0: block 361: padding at end of block bitmap is not set [ 1042.698616][T14841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1042.715619][T14841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1042.743256][T14841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1042.776196][T14931] EXT4-fs (loop3): Remounting filesystem read-only [ 1042.812735][T14940] loop2: detected capacity change from 0 to 1024 [ 1042.826121][T14931] EXT4-fs (loop3): 1 truncate cleaned up [ 1042.833936][T14931] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 1042.996658][T14940] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1043.332301][T14948] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 1043.508234][T14928] veth0_vlan: left promiscuous mode [ 1043.530868][T14928] veth0_vlan: entered promiscuous mode [ 1043.571505][T14841] hsr_slave_0: entered promiscuous mode [ 1043.608083][T14841] hsr_slave_1: entered promiscuous mode [ 1043.640498][T14841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1043.648917][T14841] Cannot create hsr debugfs directory [ 1043.854793][T14402] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 1044.157660][T14954] loop0: detected capacity change from 0 to 512 [ 1045.298643][T14965] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3286'. [ 1045.888593][T14463] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1046.041461][T14968] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3288'. [ 1046.142859][T14975] netlink: 'syz.3.3292': attribute type 1 has an invalid length. [ 1046.151766][T14975] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1046.159269][T14975] IPv6: NLM_F_CREATE should be set when creating new route [ 1046.733388][T14841] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1046.861420][T14841] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1046.924015][T14841] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1046.954247][T14841] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1047.231561][T14991] loop4: detected capacity change from 0 to 512 [ 1047.286240][T14991] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 1047.372161][T14991] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 1047.444569][T14991] EXT4-fs (loop4): 1 truncate cleaned up [ 1047.452336][T14991] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1047.562892][T14994] loop3: detected capacity change from 0 to 1024 [ 1047.838114][T14994] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1048.154846][T14841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1048.284866][T14841] 8021q: adding VLAN 0 to HW filter on device team0 [ 1048.319507][T14402] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1048.507459][ T34] bridge0: port 1(bridge_slave_0) entered blocking state [ 1048.515144][ T34] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1048.533624][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 1048.541411][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1048.821366][T14295] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1049.345043][T15022] capability: warning: `syz.2.3306' uses 32-bit capabilities (legacy support in use) [ 1049.661388][T15019] loop4: detected capacity change from 0 to 1024 [ 1049.773052][T15019] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 1049.783309][T15019] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 1049.831889][T15019] EXT4-fs error (device loop4): ext4_get_journal_inode:5762: inode #32: comm syz.4.3304: iget: special inode unallocated [ 1049.894818][T15019] EXT4-fs (loop4): no journal found [ 1049.900610][T15019] EXT4-fs (loop4): can't get journal size [ 1049.990424][T15019] EXT4-fs error (device loop4): ext4_protect_reserved_inode:160: inode #32: comm syz.4.3304: iget: special inode unallocated [ 1050.040486][T15019] EXT4-fs (loop4): failed to initialize system zone (-117) [ 1050.048637][T15019] EXT4-fs (loop4): mount failed [ 1050.111177][T14841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1050.318437][T14841] veth0_vlan: entered promiscuous mode [ 1050.648845][T15040] loop2: detected capacity change from 0 to 512 [ 1050.697815][T15040] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1050.720154][T14841] veth1_vlan: entered promiscuous mode [ 1050.865900][T14841] veth0_macvtap: entered promiscuous mode [ 1050.890683][T14841] veth1_macvtap: entered promiscuous mode [ 1050.956847][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1050.968920][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1050.979278][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1050.990015][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1051.008163][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1051.021050][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1051.031213][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1051.042028][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1051.052228][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1051.063051][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1051.073230][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1051.085003][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1051.095127][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1051.113712][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1051.126195][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1051.137147][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1051.153429][T14841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1051.173739][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1051.189588][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1051.207555][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1051.221050][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1051.231171][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1051.243943][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1051.254797][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1051.265712][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1051.276003][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1051.286847][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1051.296969][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1051.315759][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1051.328037][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1051.338789][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1051.341878][T15040] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, [ 1051.348815][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1051.348920][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1051.354414][T14841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1051.357409][T15040] block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 1051.528551][T14841] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1051.537766][T14841] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1051.546981][T14841] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1051.558814][T14841] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1051.575802][T15040] EXT4-fs (loop2): 1 truncate cleaned up [ 1051.583383][T15040] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1051.934416][T15053] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3314'. [ 1052.732862][T14463] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1054.827802][T15091] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3327'. [ 1054.894899][T15092] netlink: 'syz.0.3326': attribute type 9 has an invalid length. [ 1054.903110][T15092] netlink: 399 bytes leftover after parsing attributes in process `syz.0.3326'. [ 1055.576645][T15100] loop2: detected capacity change from 0 to 512 [ 1055.626066][T15100] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1055.665901][ T4903] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 1055.677675][T15100] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 1055.698314][T15100] EXT4-fs (loop2): 1 truncate cleaned up [ 1055.713086][T15100] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1055.845908][ T4903] usb 5-1: Using ep0 maxpacket: 32 [ 1055.867857][ T4903] usb 5-1: config 253 has an invalid interface number: 197 but max is 0 [ 1055.876691][ T4903] usb 5-1: config 253 has no interface number 0 [ 1055.922668][ T4903] usb 5-1: New USB device found, idVendor=046d, idProduct=08b0, bcdDevice=fd.b7 [ 1055.933030][ T4903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1055.942563][ T4903] usb 5-1: Product: syz [ 1055.947831][ T4903] usb 5-1: Manufacturer: syz [ 1055.952681][ T4903] usb 5-1: SerialNumber: syz [ 1056.263148][ T4903] usb 5-1: USB disconnect, device number 8 [ 1056.444370][T14463] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1057.309577][T15121] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_bridge, syncid = 0, id = 0 [ 1057.735943][ T3068] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1057.744152][ T3068] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1057.800944][T15127] fuse: root generation should be zero [ 1057.913094][ T3068] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1057.921659][ T3068] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1058.097983][T15132] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3339'. [ 1058.713064][T15138] loop4: detected capacity change from 0 to 512 [ 1058.759567][T15138] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 1058.901525][T15138] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 1059.019712][T15147] af_packet: tpacket_rcv: packet too big, clamped from 57 to 4294967272. macoff=96 [ 1059.176079][T15138] EXT4-fs (loop4): 1 truncate cleaned up [ 1059.183587][T15138] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1059.453835][T15154] netlink: 'syz.3.3347': attribute type 10 has an invalid length. [ 1059.468078][T15154] bridge0: port 2(bridge_slave_1) entered blocking state [ 1059.475973][T15154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1059.484765][T15154] bridge0: port 1(bridge_slave_0) entered blocking state [ 1059.492735][T15154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1059.528885][T15154] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 1059.622946][T15152] loop1: detected capacity change from 0 to 1024 [ 1059.649174][T15154] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3347'. [ 1059.658565][T15154] bridge_slave_1: left allmulticast mode [ 1059.664446][T15154] bridge_slave_1: left promiscuous mode [ 1059.671711][T15154] bridge0: port 2(bridge_slave_1) entered disabled state [ 1059.754425][T15152] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1059.761542][T15154] bridge_slave_0: left allmulticast mode [ 1059.773362][T15154] bridge_slave_0: left promiscuous mode [ 1059.780378][T15154] bridge0: port 1(bridge_slave_0) entered disabled state [ 1059.978231][T14841] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1060.141246][T15154] bond0: (slave bridge0): Releasing backup interface [ 1060.566299][T14298] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 1060.746948][T14298] usb 4-1: config 223 has too many interfaces: 178, using maximum allowed: 32 [ 1060.759825][T14298] usb 4-1: config 223 has an invalid descriptor of length 182, skipping remainder of the config [ 1060.771147][T14298] usb 4-1: config 223 has 0 interfaces, different from the descriptor's value: 178 [ 1060.823861][T14295] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1060.878132][T14298] usb 4-1: New USB device found, idVendor=05d1, idProduct=2021, bcdDevice=31.00 [ 1060.888466][T14298] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1060.896922][T14298] usb 4-1: Product: syz [ 1060.901330][T14298] usb 4-1: Manufacturer: syz [ 1060.906350][T14298] usb 4-1: SerialNumber: syz [ 1060.916465][ T1921] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 1061.116134][ T1921] usb 3-1: Using ep0 maxpacket: 16 [ 1061.153680][ T1921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1061.165196][ T1921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1061.175714][ T1921] usb 3-1: New USB device found, idVendor=05ac, idProduct=026c, bcdDevice= 0.00 [ 1061.185074][ T1921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1061.274196][ T1921] usb 3-1: config 0 descriptor?? [ 1061.373717][T14298] usb 4-1: USB disconnect, device number 10 [ 1061.779451][ T1921] apple 0003:05AC:026C.0025: unknown main item tag 0x0 [ 1061.821379][ T1921] apple 0003:05AC:026C.0025: hidraw0: USB HID v0.00 Device [HID 05ac:026c] on usb-dummy_hcd.2-1/input0 [ 1062.042366][T14298] usb 3-1: USB disconnect, device number 4 [ 1062.848373][T15185] loop1: detected capacity change from 0 to 1024 [ 1063.057632][T15185] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1063.353357][T14841] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1063.525748][T15199] loop4: detected capacity change from 0 to 512 [ 1063.561775][T15199] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 1063.856879][T15199] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 1063.893310][T15199] EXT4-fs (loop4): 1 truncate cleaned up [ 1063.910475][T15199] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1064.665214][T14295] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1064.951943][T15228] loop1: detected capacity change from 0 to 1024 [ 1065.086191][T15228] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1065.578288][T14841] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1065.664135][T15241] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3382'. [ 1065.673643][T15241] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3382'. [ 1065.749594][T15241] bond1: entered allmulticast mode [ 1065.759128][T15241] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1066.040325][T10533] Bluetooth: hci7: command 0x0406 tx timeout [ 1066.454053][T15253] loop0: detected capacity change from 0 to 512 [ 1067.128767][T15265] loop0: detected capacity change from 0 to 1024 [ 1067.522642][ T29] kauditd_printk_skb: 53 callbacks suppressed [ 1067.522718][ T29] audit: type=1326 audit(1727684190.140:4043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15273 comm="syz.0.3392" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd579 code=0x7ffc0000 [ 1067.803400][ T29] audit: type=1326 audit(1727684190.190:4044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15273 comm="syz.0.3392" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf73fd579 code=0x7ffc0000 [ 1067.825851][ C1] vkms_vblank_simulate: vblank timer overrun [ 1067.833204][ T29] audit: type=1326 audit(1727684190.190:4045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15273 comm="syz.0.3392" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd579 code=0x7ffc0000 [ 1067.856489][ T29] audit: type=1326 audit(1727684190.190:4046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15273 comm="syz.0.3392" exe="/root/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf73fd579 code=0x7ffc0000 [ 1067.881051][ T29] audit: type=1326 audit(1727684190.190:4047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15273 comm="syz.0.3392" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd579 code=0x7ffc0000 [ 1068.018558][T15284] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3396'. [ 1068.028049][T15284] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3396'. [ 1068.170274][T15284] bond2: entered allmulticast mode [ 1068.176786][T15284] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1068.794421][T15296] loop4: detected capacity change from 0 to 1024 [ 1068.954781][T15296] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1069.067312][T15299] loop0: detected capacity change from 0 to 512 [ 1069.322581][T14295] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1069.727795][ T29] audit: type=1326 audit(1727684192.310:4048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15305 comm="syz.1.3406" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 1069.881509][ T29] audit: type=1326 audit(1727684192.430:4049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15305 comm="syz.1.3406" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 1069.904273][ T29] audit: type=1326 audit(1727684192.430:4050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15305 comm="syz.1.3406" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 1069.929291][ T29] audit: type=1326 audit(1727684192.440:4051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15305 comm="syz.1.3406" exe="/root/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 1069.961450][ T29] audit: type=1326 audit(1727684192.440:4052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15305 comm="syz.1.3406" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 1070.724347][T15321] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3411'. [ 1070.734548][T15321] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3411'. [ 1070.924573][T15321] bond3: entered allmulticast mode [ 1070.931114][T15321] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1071.629513][T15329] loop2: detected capacity change from 0 to 1024 [ 1071.738104][T15331] loop0: detected capacity change from 0 to 128 [ 1071.898641][T15337] loop3: detected capacity change from 0 to 512 [ 1072.059990][T15337] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 1072.079391][T15329] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1072.137260][T15337] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 1072.243080][T15337] EXT4-fs (loop3): 1 truncate cleaned up [ 1072.250896][T15337] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1072.344348][T15347] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3421'. [ 1072.475023][T14463] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1073.621511][T14402] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1073.712659][T15371] loop2: detected capacity change from 0 to 256 [ 1074.174358][T15378] loop1: detected capacity change from 0 to 164 [ 1074.195318][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 1074.221263][ T29] audit: type=1326 audit(1727684196.810:4059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15374 comm="syz.4.3432" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1074.231053][T15379] netlink: 'syz.3.3431': attribute type 10 has an invalid length. [ 1074.255264][ T29] audit: type=1326 audit(1727684196.810:4060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15374 comm="syz.4.3432" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1074.299810][T15380] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3431'. [ 1074.317241][T15378] Unable to read rock-ridge attributes [ 1074.408480][ T29] audit: type=1326 audit(1727684197.030:4061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15374 comm="syz.4.3432" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1074.431673][ T29] audit: type=1326 audit(1727684197.030:4062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15374 comm="syz.4.3432" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1074.460074][ T29] audit: type=1326 audit(1727684197.030:4063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15374 comm="syz.4.3432" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1074.509554][T15378] Unable to read rock-ridge attributes [ 1074.666166][ T29] audit: type=1326 audit(1727684197.120:4064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15374 comm="syz.4.3432" exe="/root/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1074.689006][ T29] audit: type=1326 audit(1727684197.120:4065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15374 comm="syz.4.3432" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1074.711737][ T29] audit: type=1326 audit(1727684197.120:4066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15374 comm="syz.4.3432" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 1075.346116][T15399] loop0: detected capacity change from 0 to 512 [ 1075.461392][T15401] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3440'. [ 1075.478454][T15401] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3440'. [ 1076.245927][ T29] audit: type=1326 audit(1727684198.850:4067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15414 comm="syz.1.3447" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 1076.269151][ T29] audit: type=1326 audit(1727684198.850:4068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15414 comm="syz.1.3447" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 1076.420344][T15419] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3449'. [ 1076.895115][ T5199] Bluetooth: hci1: unexpected subevent 0x0e length: 244 > 15 [ 1078.935798][T14298] usb 2-1: new low-speed USB device number 11 using dummy_hcd [ 1079.198012][T14298] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 1079.206230][T14298] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 1079.218253][T14298] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1079.228754][T14298] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1079.240408][T14298] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1079.307702][T14298] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 1079.322980][T14298] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 1079.333684][T14298] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1079.344715][T14298] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1079.356501][T14298] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1079.393736][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 1079.400753][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 1079.546019][T15461] loop3: detected capacity change from 0 to 164 [ 1079.579140][T14298] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 1079.586997][T14298] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 1079.597475][T14298] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1079.600170][T15461] Unable to read rock-ridge attributes [ 1079.607793][T14298] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1079.624983][T14298] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1079.718275][T14298] usb 2-1: string descriptor 0 read error: -22 [ 1079.725199][T14298] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1079.734850][T14298] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1079.748893][T15461] Unable to read rock-ridge attributes [ 1079.818148][T14298] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1080.024947][T14298] usb 2-1: USB disconnect, device number 11 [ 1086.548435][T15585] loop0: detected capacity change from 0 to 512 [ 1087.823460][T15599] loop2: detected capacity change from 0 to 164 [ 1087.852292][T15599] Unable to read rock-ridge attributes [ 1088.615274][T15609] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3524'. [ 1089.016484][T15618] loop6: detected capacity change from 0 to 524287999 [ 1089.047996][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1089.057652][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1089.067757][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1089.077190][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1089.095524][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1089.104913][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1089.124054][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1089.133637][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1089.148631][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1089.158117][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1089.168851][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1089.178249][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1089.250494][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1089.260119][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1089.278448][T15618] ldm_validate_partition_table(): Disk read failed. [ 1089.287519][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1089.297132][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1089.416310][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1089.426060][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1089.447631][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1089.457174][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1089.480924][T15618] Dev loop6: unable to read RDB block 0 [ 1089.526760][T15618] loop6: unable to read partition table [ 1089.536595][T15618] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 1089.992845][T15629] loop3: detected capacity change from 0 to 512 [ 1090.071228][T15631] loop1: detected capacity change from 0 to 164 [ 1090.086215][T15629] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 1090.149107][T15631] Unable to read rock-ridge attributes [ 1090.206151][T15629] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 1090.367317][T15629] EXT4-fs (loop3): 1 truncate cleaned up [ 1090.375105][T15629] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1091.628318][T14402] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1092.294774][T15673] loop4: detected capacity change from 0 to 164 [ 1092.388924][T15673] Unable to read rock-ridge attributes [ 1093.373309][T15687] loop2: detected capacity change from 0 to 512 [ 1093.431044][T15687] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1093.525286][T15687] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 1093.546475][T15687] EXT4-fs (loop2): 1 truncate cleaned up [ 1093.553989][T15687] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1095.455876][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 1095.455936][ T29] audit: type=1326 audit(1727684217.990:4079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15701 comm="syz.4.3556" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x0 [ 1095.591808][T14463] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1097.097878][T10533] Bluetooth: hci6: command 0x0406 tx timeout [ 1097.881180][T15730] loop2: detected capacity change from 0 to 512 [ 1097.943262][T15730] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1097.985687][T15730] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 1098.052889][T15730] EXT4-fs (loop2): 1 truncate cleaned up [ 1098.060856][T15730] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1098.481381][T15742] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=536871936 (1073743872 ns) > initial count (88 ns). Using initial count to start timer. [ 1098.847022][T14463] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1099.784907][T15765] trusted_key: encrypted_key: insufficient parameters specified [ 1100.401894][T15778] loop2: detected capacity change from 0 to 512 [ 1100.505922][T15778] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1100.638158][T15778] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 1100.820091][T15778] EXT4-fs (loop2): 1 truncate cleaned up [ 1100.827891][T15778] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1101.652487][T14463] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1101.835021][T15804] trusted_key: encrypted_key: insufficient parameters specified [ 1101.841505][T15803] warning: `syz.3.3595' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 1102.232922][T15812] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3596'. [ 1102.791161][T15826] vivid-007: disconnect [ 1102.828896][T15820] vivid-007: reconnect [ 1103.551501][T15838] loop1: detected capacity change from 0 to 512 [ 1103.620264][T15838] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1103.785240][T15838] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 1103.830390][T15838] EXT4-fs (loop1): 1 truncate cleaned up [ 1103.847305][T15838] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1103.871651][T15842] trusted_key: encrypted_key: insufficient parameters specified [ 1104.730783][T15856] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3613'. [ 1104.943415][T14841] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1105.100205][T15862] loop4: detected capacity change from 0 to 128 [ 1105.146234][T15862] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1106.008230][T15877] netlink: 200 bytes leftover after parsing attributes in process `syz.2.3622'. [ 1106.072008][T15879] trusted_key: encrypted_key: master key parameter 'us' is invalid [ 1106.508162][T15887] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3626'. [ 1106.693699][T15890] loop0: detected capacity change from 0 to 512 [ 1106.938493][T15892] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3628'. [ 1107.659765][T15911] trusted_key: encrypted_key: master key parameter 'us' is invalid [ 1107.803372][T15897] loop1: detected capacity change from 0 to 128 [ 1107.997047][T15897] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1108.561433][T15923] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3642'. [ 1108.915876][T15934] loop0: detected capacity change from 0 to 512 [ 1109.150036][T15937] trusted_key: encrypted_key: master key parameter 'us' is invalid [ 1109.830196][T15951] loop3: detected capacity change from 0 to 128 [ 1109.914110][T15951] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1110.522251][T15960] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3658'. [ 1110.706527][T15957] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3657'. [ 1110.731337][T15957] dummy0: entered promiscuous mode [ 1110.856190][T15957] dummy0: left promiscuous mode [ 1110.924605][T15967] loop4: detected capacity change from 0 to 512 [ 1110.971849][T15967] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 1111.094297][T15967] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 1111.152377][T15967] EXT4-fs (loop4): 1 truncate cleaned up [ 1111.160168][T15967] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1111.766282][ T1921] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1111.857483][ T1921] hid-generic 0000:0000:0000.0026: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1112.042004][ T4903] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 1112.115307][T14295] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1112.117903][T10533] Bluetooth: hci3: command 0x0406 tx timeout [ 1112.179060][T15988] loop1: detected capacity change from 0 to 128 [ 1112.227927][ T4903] usb 4-1: Using ep0 maxpacket: 32 [ 1112.347150][T15988] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1112.516968][ T4903] usb 4-1: New USB device found, idVendor=2040, idProduct=4901, bcdDevice=47.77 [ 1112.526737][ T4903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1112.535018][ T4903] usb 4-1: Product: syz [ 1112.545705][ T4903] usb 4-1: Manufacturer: syz [ 1112.550573][ T4903] usb 4-1: SerialNumber: syz [ 1112.577453][ T4903] usb 4-1: config 0 descriptor?? [ 1112.597463][ T4903] hdpvr 4-1:0.0: Could not find bulk-in endpoint [ 1112.604262][ T4903] hdpvr 4-1:0.0: probe with driver hdpvr failed with error -12 [ 1113.034932][ T4903] usb 4-1: USB disconnect, device number 11 [ 1114.217203][T16025] loop2: detected capacity change from 0 to 128 [ 1114.274759][T16025] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1114.298886][T16029] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3684'. [ 1114.748039][T16033] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3686'. [ 1115.963489][T16060] loop2: detected capacity change from 0 to 128 [ 1115.983902][T16060] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1116.752879][T16075] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3701'. [ 1117.928440][T16098] loop3: detected capacity change from 0 to 128 [ 1117.985959][T16098] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1119.844163][T16130] loop2: detected capacity change from 0 to 128 [ 1119.891501][T16130] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1121.587189][T16151] netlink: 108 bytes leftover after parsing attributes in process `syz.3.3732'. [ 1122.357791][T10533] Bluetooth: hci4: command 0x0406 tx timeout [ 1123.023130][T16167] loop3: detected capacity change from 0 to 128 [ 1123.107420][T16167] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1123.886201][ T4903] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 1124.105652][ T4903] usb 1-1: Using ep0 maxpacket: 16 [ 1124.177001][ T4903] usb 1-1: config 0 has no interfaces? [ 1124.248076][ T4903] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55 [ 1124.257693][ T4903] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1124.266311][ T4903] usb 1-1: Product: syz [ 1124.270723][ T4903] usb 1-1: Manufacturer: syz [ 1124.275749][ T4903] usb 1-1: SerialNumber: syz [ 1124.348129][ T4903] usb 1-1: config 0 descriptor?? [ 1124.601682][T14298] usb 1-1: USB disconnect, device number 12 [ 1125.774320][T16212] loop0: detected capacity change from 0 to 128 [ 1128.234298][T16252] loop4: detected capacity change from 0 to 128 [ 1128.445295][T16252] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1130.922385][T16294] tipc: Started in network mode [ 1130.927839][T16294] tipc: Node identity ffffffff, cluster identity 4711 [ 1130.935010][T16294] tipc: Node number set to 4294967295 [ 1131.543262][T16301] loop0: detected capacity change from 0 to 128 [ 1131.777870][T16305] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3785'. [ 1132.393957][T16311] loop2: detected capacity change from 0 to 1024 [ 1132.428550][T16311] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 1132.476914][T16311] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 1132.524237][T16311] EXT4-fs (loop2): too many log groups per flexible block group [ 1132.533049][T16311] EXT4-fs (loop2): failed to initialize mballoc (-12) [ 1132.574541][T16311] EXT4-fs (loop2): mount failed [ 1133.396511][T16329] loop0: detected capacity change from 0 to 128 [ 1134.712911][T16352] loop2: detected capacity change from 0 to 1024 [ 1134.796450][T16352] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 1134.917598][T16352] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 1134.947317][T16352] EXT4-fs (loop2): too many log groups per flexible block group [ 1134.959394][T16352] EXT4-fs (loop2): failed to initialize mballoc (-12) [ 1135.037792][T16352] EXT4-fs (loop2): mount failed [ 1135.657594][T16365] loop3: detected capacity change from 0 to 128 [ 1135.713870][T16365] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1137.256667][T16388] loop4: detected capacity change from 0 to 1024 [ 1137.325746][T16388] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 1137.444372][T16388] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 1137.501508][T16388] EXT4-fs (loop4): too many log groups per flexible block group [ 1137.510393][T16388] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 1137.518164][T16388] EXT4-fs (loop4): mount failed [ 1137.585316][T16387] loop1: detected capacity change from 0 to 2048 [ 1137.902837][T16387] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1137.968992][T16408] loop0: detected capacity change from 0 to 128 [ 1138.230357][T14841] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1139.349246][ T5243] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 1139.664210][ T5243] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 1139.683626][ T5243] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1139.694508][ T5243] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1139.715898][ T5243] usb 5-1: config 0 descriptor?? [ 1139.731418][ T5243] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 1139.976495][ T5243] usb 5-1: USB disconnect, device number 9 [ 1140.273205][T16438] loop2: detected capacity change from 0 to 1024 [ 1140.421868][T16438] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 1140.482028][T16438] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 1140.503841][T16438] EXT4-fs (loop2): too many log groups per flexible block group [ 1140.520390][T16438] EXT4-fs (loop2): failed to initialize mballoc (-12) [ 1140.536597][T16438] EXT4-fs (loop2): mount failed [ 1140.545107][T16444] loop3: detected capacity change from 0 to 128 [ 1140.561916][T16444] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1140.775806][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 1140.782479][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 1141.098481][T16454] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3844'. [ 1141.809908][T16468] netlink: 'syz.3.3849': attribute type 10 has an invalid length. [ 1141.914760][T16468] batman_adv: batadv0: Adding interface: team0 [ 1141.921567][T16468] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1141.952062][T16468] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 1142.175647][T16468] netlink: 'syz.3.3849': attribute type 10 has an invalid length. [ 1142.183731][T16468] netlink: 2 bytes leftover after parsing attributes in process `syz.3.3849'. [ 1142.193629][T16468] team0: entered promiscuous mode [ 1142.201339][T16468] team_slave_0: entered promiscuous mode [ 1142.208782][T16468] team_slave_1: entered promiscuous mode [ 1142.222350][T16468] 8021q: adding VLAN 0 to HW filter on device team0 [ 1142.230576][T16468] batman_adv: batadv0: Interface activated: team0 [ 1142.248143][T16468] batman_adv: batadv0: Interface deactivated: team0 [ 1142.255287][T16468] batman_adv: batadv0: Removing interface: team0 [ 1143.034527][T16487] loop3: detected capacity change from 0 to 128 [ 1143.135996][T16487] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1144.187833][T16507] netlink: 'syz.0.3866': attribute type 10 has an invalid length. [ 1144.266388][T16507] batman_adv: batadv0: Adding interface: team0 [ 1144.272800][T16507] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1144.307971][T16507] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 1144.423262][T16509] netlink: 'syz.0.3866': attribute type 10 has an invalid length. [ 1144.431718][T16509] netlink: 2 bytes leftover after parsing attributes in process `syz.0.3866'. [ 1144.441856][T16509] team0: entered promiscuous mode [ 1144.447332][T16509] team_slave_0: entered promiscuous mode [ 1144.454133][T16509] team_slave_1: entered promiscuous mode [ 1144.467970][T16509] 8021q: adding VLAN 0 to HW filter on device team0 [ 1144.476050][T16509] batman_adv: batadv0: Interface activated: team0 [ 1144.483146][T16509] batman_adv: batadv0: Interface deactivated: team0 [ 1144.500152][T16509] batman_adv: batadv0: Removing interface: team0 [ 1144.546998][T16509] bridge0: port 3(team0) entered blocking state [ 1144.555687][T16509] bridge0: port 3(team0) entered disabled state [ 1144.562912][T16509] team0: entered allmulticast mode [ 1144.568472][T16509] team_slave_0: entered allmulticast mode [ 1144.574437][T16509] team_slave_1: entered allmulticast mode [ 1144.597705][T16509] bridge0: port 3(team0) entered blocking state [ 1144.604747][T16509] bridge0: port 3(team0) entered forwarding state [ 1145.270151][T16524] loop3: detected capacity change from 0 to 128 [ 1145.376649][T16524] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1147.162771][T16562] loop4: detected capacity change from 0 to 128 [ 1147.276495][T16562] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1149.323968][T16593] loop3: detected capacity change from 0 to 128 [ 1149.364330][T16593] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1152.012527][T16633] loop3: detected capacity change from 0 to 128 [ 1152.097096][T16635] dccp_invalid_packet: P.type (SYNC) not Data || [Data]Ack, while P.X == 0 [ 1152.199540][T16633] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 1155.145902][T16691] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3944'. [ 1155.163515][T16691] fuse: Unknown parameter 'rootmodËZ00' [ 1155.728536][T16698] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3947'. [ 1156.146413][ T5243] usb 2-1: new low-speed USB device number 12 using dummy_hcd [ 1156.432890][ T5243] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 1156.441740][ T5243] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 32, setting to 8 [ 1156.454041][ T5243] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 1156.465722][ T5243] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1156.553464][ T5243] usb 2-1: string descriptor 0 read error: -22 [ 1156.560680][ T5243] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice= 0.6e [ 1156.577839][ T5243] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1156.718670][ T5243] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1156.989733][T16700] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1157.051390][T16700] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1157.070279][ T5243] usb 2-1: USB disconnect, device number 12 [ 1157.144116][ T29] audit: type=1326 audit(1727684279.740:4080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16712 comm="syz.4.3954" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x0 [ 1157.399614][ T29] audit: type=1326 audit(1727684279.990:4081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16712 comm="syz.4.3954" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x0 [ 1157.778209][T16737] loop0: detected capacity change from 0 to 512 [ 1157.848262][T16737] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1157.934333][T16737] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 1157.944815][T16737] EXT4-fs (loop0): write access unavailable, skipping orphan cleanup [ 1157.955108][T16737] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 1158.277483][ T5199] Bluetooth: hci1: command 0x0406 tx timeout [ 1158.285016][T16744] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3961'. [ 1158.611782][T14066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 1159.997659][T16771] loop1: detected capacity change from 0 to 512 [ 1160.037236][T16771] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1160.088334][T16771] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 1160.121532][T16771] EXT4-fs (loop1): 1 truncate cleaned up [ 1160.130195][T16771] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1160.818971][T14841] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1160.862613][T16783] loop0: detected capacity change from 0 to 512 [ 1161.122548][T16783] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1161.159011][T16783] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 1161.175324][T16783] EXT4-fs (loop0): write access unavailable, skipping orphan cleanup [ 1161.197270][T16783] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 1161.598011][T14066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 1162.427530][T16812] loop4: detected capacity change from 0 to 512 [ 1162.526344][T16812] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 1162.880790][T16812] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 1163.038304][T16812] EXT4-fs (loop4): 1 truncate cleaned up [ 1163.048402][T16812] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1163.713337][T14295] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1163.802052][T16834] loop2: detected capacity change from 0 to 512 [ 1163.890220][T16834] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1164.019647][T16834] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 1164.069608][T16834] EXT4-fs (loop2): orphan cleanup on readonly fs [ 1164.169133][T16834] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3993: bg 0: block 361: padding at end of block bitmap is not set [ 1164.216301][T16834] EXT4-fs (loop2): Remounting filesystem read-only [ 1164.237704][T16834] EXT4-fs (loop2): 1 truncate cleaned up [ 1164.245821][T16834] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 1164.529616][T16832] veth0_vlan: left promiscuous mode [ 1164.538389][T16832] veth0_vlan: entered promiscuous mode [ 1165.111295][T14463] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 1165.803644][T16868] loop3: detected capacity change from 0 to 512 [ 1166.031045][T16868] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 1166.089816][T16868] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 1166.123716][T16868] EXT4-fs (loop3): 1 truncate cleaned up [ 1166.131743][T16868] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1167.214570][T14402] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1167.514522][T16894] loop0: detected capacity change from 0 to 512 [ 1167.596897][T16894] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1167.640688][T16894] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 1167.654535][T16894] EXT4-fs (loop0): write access unavailable, skipping orphan cleanup [ 1167.666103][T16894] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 1168.307626][T14066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 1168.930031][T16915] gretap0: entered promiscuous mode [ 1168.951500][T16915] erspan0: entered promiscuous mode [ 1169.965060][ T4903] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 1170.261189][T16938] loop2: detected capacity change from 0 to 512 [ 1170.333759][ T4903] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 1170.346129][ T4903] usb 4-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 1170.356633][ T4903] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1170.378266][T16938] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1170.388070][ T4903] usb 4-1: config 0 descriptor?? [ 1170.550748][T16938] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 1170.563702][T16938] EXT4-fs (loop2): orphan cleanup on readonly fs [ 1170.659960][T16944] netlink: 'syz.1.4030': attribute type 10 has an invalid length. [ 1170.690799][ T4903] usb 4-1: USB disconnect, device number 12 [ 1170.718461][T16938] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.4027: bg 0: block 361: padding at end of block bitmap is not set [ 1170.748151][T16938] EXT4-fs (loop2): Remounting filesystem read-only [ 1170.762271][T16938] EXT4-fs (loop2): 1 truncate cleaned up [ 1170.769473][T16938] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 1170.855632][T16944] batman_adv: batadv0: Adding interface: team0 [ 1170.862043][T16944] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1170.887770][T16944] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 1171.127913][ T5199] Bluetooth: hci1: SCO packet for unknown connection handle 1481 [ 1171.177738][T16950] netlink: 'syz.1.4030': attribute type 10 has an invalid length. [ 1171.194082][T16950] netlink: 2 bytes leftover after parsing attributes in process `syz.1.4030'. [ 1171.203947][T16950] team0: entered promiscuous mode [ 1171.209380][T16950] team_slave_0: entered promiscuous mode [ 1171.231881][T16950] team_slave_1: entered promiscuous mode [ 1171.248482][T16950] 8021q: adding VLAN 0 to HW filter on device team0 [ 1171.256625][T16950] batman_adv: batadv0: Interface activated: team0 [ 1171.263607][T16950] batman_adv: batadv0: Interface deactivated: team0 [ 1171.271428][T16950] batman_adv: batadv0: Removing interface: team0 [ 1171.409541][T16950] bridge0: port 3(team0) entered blocking state [ 1171.428231][T16950] bridge0: port 3(team0) entered disabled state [ 1171.435190][T16950] team0: entered allmulticast mode [ 1171.440680][T16950] team_slave_0: entered allmulticast mode [ 1171.446747][T16950] team_slave_1: entered allmulticast mode [ 1171.458475][T16950] bridge0: port 3(team0) entered blocking state [ 1171.465148][T16950] bridge0: port 3(team0) entered forwarding state [ 1171.657376][T14463] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 1172.175928][T14298] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 1172.392562][T14298] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1172.403292][T14298] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1172.412769][T14298] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 1172.424262][T14298] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1172.433704][T14298] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1172.587083][T16957] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1172.597916][T14298] hub 2-1:1.0: bad descriptor, ignoring hub [ 1172.604104][T14298] hub 2-1:1.0: probe with driver hub failed with error -5 [ 1172.616134][T14298] cdc_wdm 2-1:1.0: skipping garbage [ 1172.621711][T14298] cdc_wdm 2-1:1.0: skipping garbage [ 1172.727332][T14298] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 1172.733520][T14298] cdc_wdm 2-1:1.0: Unknown control protocol [ 1172.946259][T14175] usb 2-1: USB disconnect, device number 13 [ 1173.325754][ T4903] usb 2-1: new low-speed USB device number 14 using dummy_hcd [ 1173.655001][T16982] loop3: detected capacity change from 0 to 512 [ 1173.694023][ T4903] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1173.704535][ T4903] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1173.713785][ T4903] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8 [ 1173.725710][ T4903] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1173.735179][ T4903] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1173.793868][T16982] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1173.867875][T16957] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1173.899240][ T4903] hub 2-1:1.0: bad descriptor, ignoring hub [ 1173.905563][ T4903] hub 2-1:1.0: probe with driver hub failed with error -5 [ 1173.914023][ T4903] cdc_wdm 2-1:1.0: skipping garbage [ 1173.920013][ T4903] cdc_wdm 2-1:1.0: skipping garbage [ 1173.933462][T16986] netlink: 'syz.0.4045': attribute type 10 has an invalid length. [ 1173.943575][ T4903] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 1173.950318][ T4903] cdc_wdm 2-1:1.0: Unknown control protocol [ 1173.974191][T16982] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 1174.032651][T16986] bridge0: port 3(team0) entered disabled state [ 1174.035117][T16982] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1174.105925][T16982] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.4043: bg 0: block 361: padding at end of block bitmap is not set [ 1174.132758][T16986] team0: left allmulticast mode [ 1174.139551][T16986] team_slave_0: left allmulticast mode [ 1174.146008][T16986] team_slave_1: left allmulticast mode [ 1174.151736][T16986] team0: left promiscuous mode [ 1174.156925][T16986] team_slave_0: left promiscuous mode [ 1174.163494][T16986] team_slave_1: left promiscuous mode [ 1174.171143][T16986] bridge0: port 3(team0) entered disabled state [ 1174.236623][T16986] batman_adv: batadv0: Adding interface: team0 [ 1174.243029][T16986] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1174.255793][T16982] EXT4-fs (loop3): Remounting filesystem read-only [ 1174.268669][T16986] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 1174.271508][ T5243] usb 2-1: USB disconnect, device number 14 [ 1174.278411][T16991] netlink: 'syz.0.4045': attribute type 10 has an invalid length. [ 1174.309594][T16991] netlink: 2 bytes leftover after parsing attributes in process `syz.0.4045'. [ 1174.319327][T16991] team0: entered promiscuous mode [ 1174.324869][T16991] team_slave_0: entered promiscuous mode [ 1174.331955][T16991] team_slave_1: entered promiscuous mode [ 1174.345284][T16991] 8021q: adding VLAN 0 to HW filter on device team0 [ 1174.353260][T16991] batman_adv: batadv0: Interface activated: team0 [ 1174.360758][T16991] batman_adv: batadv0: Interface deactivated: team0 [ 1174.367937][T16991] batman_adv: batadv0: Removing interface: team0 [ 1174.420538][T16982] EXT4-fs (loop3): 1 truncate cleaned up [ 1174.428553][T16982] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 1174.482160][T16991] bridge0: port 3(team0) entered blocking state [ 1174.499623][T16991] bridge0: port 3(team0) entered disabled state [ 1174.506930][T16991] team0: entered allmulticast mode [ 1174.512347][T16991] team_slave_0: entered allmulticast mode [ 1174.518585][T16991] team_slave_1: entered allmulticast mode [ 1174.530136][T16991] bridge0: port 3(team0) entered blocking state [ 1174.537402][T16991] bridge0: port 3(team0) entered forwarding state [ 1174.546432][ T5199] Bluetooth: hci7: SCO packet for unknown connection handle 1481 [ 1175.119309][T14402] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 1175.777923][T17003] binder_alloc: 17001: binder_alloc_buf, no vma [ 1177.092258][T17030] loop3: detected capacity change from 0 to 512 [ 1177.104722][T17030] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1177.119446][T17030] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 1177.195235][T17030] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1177.220776][T17028] loop1: detected capacity change from 0 to 512 [ 1177.298783][T17033] ===================================================== [ 1177.306219][T17033] BUG: KMSAN: uninit-value in ppp_async_push+0xb4f/0x2660 [ 1177.313684][T17033] ppp_async_push+0xb4f/0x2660 [ 1177.318783][T17033] ppp_async_send+0x130/0x1b0 [ 1177.323689][T17033] ppp_input+0x1f1/0xe60 [ 1177.328247][T17033] pppoe_rcv_core+0x1d3/0x720 [ 1177.333126][T17033] sk_backlog_rcv+0x13b/0x420 [ 1177.338070][T17033] __release_sock+0x1da/0x330 [ 1177.342964][T17033] release_sock+0x6b/0x250 [ 1177.347750][T17033] pppoe_sendmsg+0x2b8/0xb90 [ 1177.352692][T17033] __sock_sendmsg+0x30f/0x380 [ 1177.357697][T17033] ____sys_sendmsg+0x903/0xb60 [ 1177.362674][T17033] ___sys_sendmsg+0x28d/0x3c0 [ 1177.367655][T17033] __sys_sendmmsg+0x4df/0x960 [ 1177.372529][T17033] __ia32_compat_sys_sendmmsg+0xc8/0x140 [ 1177.378483][T17033] ia32_sys_call+0x406a/0x40d0 [ 1177.383565][T17033] __do_fast_syscall_32+0xb0/0x110 [ 1177.389024][T17033] do_fast_syscall_32+0x38/0x80 [ 1177.394081][T17033] do_SYSENTER_32+0x1f/0x30 [ 1177.398921][T17033] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1177.405660][T17033] [ 1177.408085][T17033] Uninit was created at: [ 1177.412603][T17033] kmem_cache_alloc_node_noprof+0x6bf/0xb80 [ 1177.418887][T17033] kmalloc_reserve+0x13d/0x4a0 [ 1177.423843][T17033] __alloc_skb+0x363/0x7b0 [ 1177.428531][T17033] sock_wmalloc+0xfe/0x1a0 [ 1177.433151][T17033] pppoe_sendmsg+0x3a7/0xb90 [ 1177.438042][T17033] __sock_sendmsg+0x30f/0x380 [ 1177.442944][T17033] ____sys_sendmsg+0x903/0xb60 [ 1177.447956][T17033] ___sys_sendmsg+0x28d/0x3c0 [ 1177.452825][T17033] __sys_sendmmsg+0x4df/0x960 [ 1177.453422][T17030] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.4060: bg 0: block 361: padding at end of block bitmap is not set [ 1177.457763][T17033] __ia32_compat_sys_sendmmsg+0xc8/0x140 [ 1177.457915][T17033] ia32_sys_call+0x406a/0x40d0 [ 1177.458057][T17033] __do_fast_syscall_32+0xb0/0x110 [ 1177.458187][T17033] do_fast_syscall_32+0x38/0x80 [ 1177.458313][T17033] do_SYSENTER_32+0x1f/0x30 [ 1177.458433][T17033] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1177.458559][T17033] [ 1177.458617][T17033] CPU: 0 UID: 0 PID: 17033 Comm: syz.2.4062 Tainted: G W 6.11.0-syzkaller-12113-ge7ed34365879 #0 [ 1177.458761][T17033] Tainted: [W]=WARN [ 1177.458804][T17033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1177.458864][T17033] ===================================================== [ 1177.458896][T17033] Disabling lock debugging due to kernel taint [ 1177.458943][T17033] Kernel panic - not syncing: kmsan.panic set ... [ 1177.459003][T17033] CPU: 0 UID: 0 PID: 17033 Comm: syz.2.4062 Tainted: G B W 6.11.0-syzkaller-12113-ge7ed34365879 #0 [ 1177.459154][T17033] Tainted: [B]=BAD_PAGE, [W]=WARN [ 1177.459197][T17033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1177.459256][T17033] Call Trace: [ 1177.459294][T17033] [ 1177.459331][T17033] dump_stack_lvl+0x216/0x2d0 [ 1177.459461][T17033] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 1177.459579][T17033] dump_stack+0x1e/0x30 [ 1177.459700][T17033] panic+0x4e2/0xcf0 [ 1177.459831][T17033] ? kmsan_get_metadata+0x41/0x1c0 [ 1177.459953][T17033] kmsan_report+0x2c7/0x2d0 [ 1177.460055][T17033] ? __module_address+0x4d/0x630 [ 1177.460162][T17033] ? kmsan_get_metadata+0x13e/0x1c0 [ 1177.460265][T17033] ? __msan_warning+0x95/0x120 [ 1177.460407][T17033] ? ppp_async_push+0xb4f/0x2660 [ 1177.460557][T17033] ? ppp_async_send+0x130/0x1b0 [ 1177.460702][T17033] ? ppp_input+0x1f1/0xe60 [ 1177.460823][T17033] ? pppoe_rcv_core+0x1d3/0x720 [ 1177.460946][T17033] ? sk_backlog_rcv+0x13b/0x420 [ 1177.461047][T17033] ? __release_sock+0x1da/0x330 [ 1177.461177][T17033] ? release_sock+0x6b/0x250 [ 1177.461274][T17033] ? pppoe_sendmsg+0x2b8/0xb90 [ 1177.461399][T17033] ? __sock_sendmsg+0x30f/0x380 [ 1177.461543][T17033] ? ____sys_sendmsg+0x903/0xb60 [ 1177.461663][T17033] ? ___sys_sendmsg+0x28d/0x3c0 [ 1177.461790][T17033] ? __sys_sendmmsg+0x4df/0x960 [ 1177.461912][T17033] ? __ia32_compat_sys_sendmmsg+0xc8/0x140 [ 1177.462059][T17033] ? ia32_sys_call+0x406a/0x40d0 [ 1177.462207][T17033] ? __do_fast_syscall_32+0xb0/0x110 [ 1177.462342][T17033] ? do_fast_syscall_32+0x38/0x80 [ 1177.462471][T17033] ? do_SYSENTER_32+0x1f/0x30 [ 1177.462597][T17033] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1177.462743][T17033] ? __raise_softirq_irqoff+0x37/0x130 [ 1177.462908][T17033] ? __napi_schedule_irqoff+0x2ec/0x3d0 [ 1177.463033][T17033] ? kmsan_get_metadata+0x13e/0x1c0 [ 1177.463134][T17033] ? kmsan_get_metadata+0x13e/0x1c0 [ 1177.463236][T17033] ? kmsan_get_metadata+0x13e/0x1c0 [ 1177.463339][T17033] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 1177.463494][T17033] ? kmsan_get_metadata+0x13e/0x1c0 [ 1177.463599][T17033] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 1177.463713][T17033] __msan_warning+0x95/0x120 [ 1177.463861][T17033] ppp_async_push+0xb4f/0x2660 [ 1177.464061][T17033] ppp_async_send+0x130/0x1b0 [ 1177.464216][T17033] ? __pfx_ppp_async_send+0x10/0x10 [ 1177.464368][T17033] ppp_input+0x1f1/0xe60 [ 1177.464500][T17033] pppoe_rcv_core+0x1d3/0x720 [ 1177.464624][T17033] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 1177.464736][T17033] ? __pfx_pppoe_rcv_core+0x10/0x10 [ 1177.464869][T17033] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 1177.465009][T17033] sk_backlog_rcv+0x13b/0x420 [ 1177.465110][T17033] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 1177.465227][T17033] __release_sock+0x1da/0x330 [ 1177.465372][T17033] release_sock+0x6b/0x250 [ 1177.465478][T17033] pppoe_sendmsg+0x2b8/0xb90 [ 1177.465621][T17033] ? __pfx_pppoe_sendmsg+0x10/0x10 [ 1177.465751][T17033] ? __pfx_pppoe_sendmsg+0x10/0x10 [ 1177.465887][T17033] __sock_sendmsg+0x30f/0x380 [ 1177.466038][T17033] ____sys_sendmsg+0x903/0xb60 [ 1177.466186][T17033] ___sys_sendmsg+0x28d/0x3c0 [ 1177.466307][T17033] ? kmsan_get_metadata+0x13e/0x1c0 [ 1177.466415][T17033] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 1177.466531][T17033] ? __rcu_read_unlock+0x7b/0xe0 [ 1177.466662][T17033] ? __fget_files+0x4f5/0x5c0 [ 1177.466812][T17033] ? kmsan_get_metadata+0x13e/0x1c0 [ 1177.466917][T17033] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 1177.467032][T17033] __sys_sendmmsg+0x4df/0x960 [ 1177.467162][T17033] ? do_futex+0x380/0x4a0 [ 1177.467284][T17033] ? kmsan_get_metadata+0x13e/0x1c0 [ 1177.467392][T17033] ? kmsan_get_metadata+0x13e/0x1c0 [ 1177.467507][T17033] __ia32_compat_sys_sendmmsg+0xc8/0x140 [ 1177.467654][T17033] ia32_sys_call+0x406a/0x40d0 [ 1177.467808][T17033] __do_fast_syscall_32+0xb0/0x110 [ 1177.467941][T17033] ? irqentry_exit+0x16/0x60 [ 1177.468056][T17033] do_fast_syscall_32+0x38/0x80 [ 1177.468184][T17033] do_SYSENTER_32+0x1f/0x30 [ 1177.468309][T17033] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1177.468436][T17033] RIP: 0023:0xf740d579 [ 1177.468513][T17033] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1177.468616][T17033] RSP: 002b:00000000f56f656c EFLAGS: 00000206 ORIG_RAX: 0000000000000159 [ 1177.468711][T17033] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020009140 [ 1177.468792][T17033] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 [ 1177.468853][T17033] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1177.468916][T17033] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1177.468981][T17033] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1177.469060][T17033] [ 1177.481511][T17033] Kernel Offset: disabled