last executing test programs: 7.655506557s ago: executing program 2: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read(r0, &(0x7f0000000000), 0x2002) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000200)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB="04030000", @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r3, @ANYBLOB="0c005a80040003800400"], 0x304}}, 0x0) 6.435374171s ago: executing program 2: mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbfs(0x0, 0x74, 0x101301) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) 6.035686141s ago: executing program 2: syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000140)='./bus\x00', 0x14000, &(0x7f0000000000)=ANY=[], 0x4, 0x299, &(0x7f0000002400)="$eJzs3c1q1F4Yx/HfyeTfpn9LTV9EEEGoFlxJWzfiRpFu3bsStTNC6VBBK6ir6lq8APfeghfhSryBunLlBRQEI+ckaTPTZDIvzWRGvx/QSWfynDzP5ExznoESAfhn3ds6/HTzh/1npIYakm5LnqRA8iVd0MXg5d7+zn671ew1UMNF2BATP7jHTtt7rbxQG+cirLtSaH/yNX/8HCoTRFH0ve4kUDv36c/hSbPJp9O9How9s2oc1J1AzcyRjvRKC3XnAQCoV3L995Lr/Hyyfvc8aS257P9V1/+juhOoWeb670uHiow9v+fdSyf9nmvh7NrPS7vEYY41o3hmdSwwTVlX6XLx5p7utFs3tp+1m57e6U4is9uKViU146mbymb79vTQqzm96WmNvNEGc87V8J+tYbMg/+W8uFHe7TLmi/lqHppQH9U8Xv/5kbGnyZ2psOtMxfmvF4/oqgzjvQqqXHQHuZQcIVFSZZDfkSidUYvq/IIgLMvTRS11RcXVbZRELedGbZZErXRHnczm4siqmQ/mgVnVT33WVmb979l3e039fDLtPm7PZGb0rMd3e4aSfkcxHVzO3dMboSgM6r2e6JYWXrx+s/u43W5FRjqwG8/TZ4yMdjueGWDjylBRA2/4w2c4+Ru+KjtEOgkmpNL+N2YlDRc+J2lSqqhuw67Pz2jAen89YTxOTnq/EferTQjjZtddJu7/Mv3KumuR7H9hj3V6VDZ4ZsSNgt5gyY3zf3EHlxEcD1vYwfXbc129Ll0rP2IqdHlqrqzgKWG29E2P+P4fAAAAAAAAAAAAAAAAAABg2ozjzxLqrhEAAAAAAAAAAAAAAAAAAAAAgGn3K7kpy1nd/zcY9f6/6uf+vzODFQkg158AAAD//3kDgxs=") openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.log\x00', 0x140, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='rdma.current\x00', 0x275a, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000540)=""/239, 0xef) 5.399220777s ago: executing program 2: mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6}]}) 3.944729728s ago: executing program 0: socket$kcm(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x38, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN={0x10}]}]}]}, 0x38}}, 0x0) 3.487666773s ago: executing program 0: sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x58}}, 0x0) syz_io_uring_setup(0x7d32, &(0x7f0000000040)={0x0, 0x0, 0x32}, &(0x7f00000000c0), &(0x7f0000000000)) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010400000000000000000100000008000240000000020900010073797a300000000014000000110001"], 0x50}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ_RESET(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000640)=ANY=[@ANYBLOB="28000000150a"], 0x28}}, 0x0) 3.166031511s ago: executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c0000001a0a01030000e6ff0000000002"], 0x7c}}, 0x0) 3.131288765s ago: executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000850000009e00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000a80)='ext4_writepages\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000000), 0x9) 2.927052211s ago: executing program 0: r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = syz_io_uring_setup(0xf3d, &(0x7f0000000480), &(0x7f0000000080)=0x0, &(0x7f0000000540)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0) 2.824632244s ago: executing program 1: mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x0, 0x101301) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) 2.664603619s ago: executing program 3: io_uring_setup(0x1951, &(0x7f00000000c0)={0x0, 0xf3d0}) r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) read$usbmon(r0, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 2.485685998s ago: executing program 4: pipe2$9p(&(0x7f0000000580), 0x80880) ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, 0x0) mount$9p_rdma(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', 0x0, 0x284000, 0x0) openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = mq_open(&(0x7f0000000440)='127.0.0.1\x00', 0x40, 0x0, 0x0) ioctl$EXT4_IOC_GETSTATE(0xffffffffffffffff, 0x5451, 0x0) openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8901, &(0x7f0000000080)) 2.465602321s ago: executing program 1: socket$inet6_udp(0xa, 0x2, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000340)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "018100", 0x10, 0x11, 0x0, @private0, @empty, {[], {0x0, 0xe22, 0x10, 0x0, @gue={{0x2}}}}}}}}, 0x0) 2.230576455s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0040, &(0x7f0000000200)={[{@nombcache}, {@resgid={'resgid', 0x3d, 0xee00}}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7f}}, {@noload}, {@nobarrier}, {@nodiscard}]}, 0xfe, 0x476, &(0x7f00000004c0)="$eJzs3E1sVEUcAPD/225Ly4dFxA8QtIpG4kdLy4ccvGg08aDRRA8YT3VbCLJQQ2sihCh6wBgPhsS78WjixasnvRj1ZOIV74bEGC6gpzWz+x60y27tx7Zb3d8veTDz3tud+e+82Z03s9sAetZI+ieL2BoRVyJiOCLKzSeMNP67ce1C5a9rFypZ1Gqv/Zmlh8X1axcq+VPUt2RLY0etluc3tSj30psRk9Xq9Nk8PzZ3+p2x2XPnnzp5evLE9InpMxNHjx46uHfgyMThjsSZ4rq++/2ZPbtefOPyy5Vjl9/66etU36358SKOThppvLotPdrpwrps27x0Vu5iRViW1G79+XYlhqMvhm4eG44XPupq5YA1VavVaq0+n3MXa8D/WBbdrgHQHcUHfbr/LbZ1GnpsCH8825jwSHHfyLfGkXKU8nP6m+5vO2kwIo5d/PuLtMUazUMAAMz3XRr/PNlq/FeKe+add0e+hrI9Iu6MiB0RcVdE7IyIuyPq594bEfcts/zmFZLbxz+lqysKbInS+O+ZfG1r4fivGP3F9r48t60ef392/GR1+kD+muyP/k0pP77gIQt9//yvnzXv+zSfZh+ZN/5LWyq/GAvm9bhabpqgm5qcm+xI8Cn+DyN2l1vFn91cB8wiYldE7F5hGScf/2pPu2P/Hv8iOrDOVPsy4rFG+1+MpvgLWdv1yfGnj0wcHhuM6vSBseKquN3Pv1x6tV35q4q/A1L7b255/TfiT/eI2WDE7Lnzp+rrtbPLL+PSbx9XsjbHdq7w+h/IXq+nB/J9703OzZ0djxjIXkrZoQX7J249tsgX56f49+9r3f93NG7P6q/E/RGRLuK9EfFARDyYt91DEfFwROxbJP4fn3vk7XbH2rf/IrPyHZTin1qk/dNbXkrdav/lJ/pO/fBtu/JrS2r/Q/XU/nzPUt7/llrB1bx2AAAA8F9Rqn8HPiuN3kyXSqOjje/w74zNperM7NwTx2fePTPV+K789ugvFTNdw/PmQ8fzueEiP9GUP5jPG3/eN1TPj1ZmqlPdDh563JY2/T/5va/btQPWnN9rQe/S/6F36f/Qu/R/6F36P/Sogda7P1jvegBdsfzP/8E1qQew/oz/oXfp/9C79H/oSW1/G19a1U/+1znxTR7Nqp+wvCHCaZ0Y2hjVKBJR2hDV6FzilU8aF9FGqU+RKC/5j1msMLGp5aFuvisBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0zj8BAAD//w1w47w=") 2.066604975s ago: executing program 1: socket$kcm(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x38, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN={0x10}]}]}]}, 0x38}}, 0x0) 2.018844081s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000200)='ext4_journal_start\x00', r1}, 0x10) unlink(&(0x7f0000000140)='./cgroup\x00') 1.536397018s ago: executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x8, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0x74, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 1.404218907s ago: executing program 3: bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_es_find_extent_range_enter\x00', r0}, 0x10) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) 1.367232705s ago: executing program 1: sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x58}}, 0x0) syz_io_uring_setup(0x7d32, &(0x7f0000000040)={0x0, 0x0, 0x32}, &(0x7f00000000c0), &(0x7f0000000000)) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010400000000000000000100000008000240000000020900010073797a300000000014000000110001"], 0x50}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ_RESET(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000640)=ANY=[@ANYBLOB="28000000150a"], 0x28}}, 0x0) 1.242671908s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x5, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15) r4 = dup(r3) write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) 1.075320932s ago: executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c0000001a0a01030000e6ff0000000002"], 0x7c}}, 0x0) 744.975086ms ago: executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000ac0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x23}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r1, &(0x7f0000000340), &(0x7f00000000c0)=""/109}, 0x20) 734.808456ms ago: executing program 4: mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x0, 0x101301) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) 624.757273ms ago: executing program 2: r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = syz_io_uring_setup(0xf3d, &(0x7f0000000480), &(0x7f0000000080)=0x0, &(0x7f0000000540)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0) 485.067591ms ago: executing program 3: bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x46, &(0x7f0000000340)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "018100", 0x10, 0x11, 0x0, @private0, @empty, {[], {0x0, 0xe22, 0x10, 0x0, @gue={{0x2}}}}}}}}, 0x0) 405.326022ms ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x10, &(0x7f0000000740), 0xfe, 0x499, &(0x7f0000001780)="$eJzs3M1vVFUbAPDn3umUb9qXF78ApYrGxo+WFlQWbjS608REF7gxqW0hlYEaWhIhRKsxuDQk7o0rY/QvcKUbo65M3OrekBAlJqALM+bO3NtOS6ftlClTnN8vueWc3jNzzjPnnrnn3sNtAF1rIPuRROyMiF8ioq+eXVxgoP7PjWsXx/+6dnE8iWr11d+TWrnr1y6OF0WL1+3IM4NpRPphkley2Mz5C6fGKpXJs3l+ePb028Mz5y88OXV67GQyFzF67NjRIyPPPD36VFvizOK6vu/d6QNJz+uXXx4/fvnNH77qbdjfGMctSXfMJweywP+o1iwt9khbKts8djWkk54ONoSWlCIi665ybfz3RSkWOq8vXvygo40DNlR2btrSfPdcFfgPS6LTLQA6ozjRZ9e/xXabph6bwtXn6hdAWdw38q2+pyfSvEx5A+u/NyKOz/39abZF3g//7NzACgGArvdNNv95Yrn5Xxp3N5Tbna+h9EfE/yJiT0T8PyL2RsRdEbWy9+TzmVbUl4ZK8/mb55/plXUHtwbZ/O/ZfG1r8fyvmP1FfynP7arFX05OTFUmD+efyWCUt2T5kRXq+PaFnz9utm+gYf6XbVn9xVwwb8eVniU36CbGZsfaNSm9+n7Evp7l4k/mVwKSiLgvIva19ta7i8TUY18caFZo9fhX0IZ1pupnEY/W+38ulsRfSJauT06enDyzsD45vDUqk4eHi6PiZj/+dOmV5Wvfemvxt0HW/9sXH/9LSvT9mTSu1860XselXz9qek253uO/N3mtNiaLNdx3xmZnz45E9CYv1fKLfj+68NoiX5TP4h88tBB/NIz/Pflrsvj3R0R2EN8fEQ9ExMG87Q9GxEMRcWiF+L9//uG3Wop/6vb2/8Sy33/zx3//4v5vPVE69d3XzepfW/8fraUG89/Uvv9W0bw5UZmMqFbXfTQDAADAnSeNiJ2RpEPz6TQdGqr/H/69sT2tTM/MPn5i+tyZifozAv1RTos7XX35/dDsanskmcvfsX5/dDS/V1zcLz2S3zf+pLStlh8an65MdDh26HY7moz/zG+lTrcO2HCe14LutXT8px1qB3D7Of9D9zL+oXsZ/9C9Gsb/l+cu7a8l3qv9PDi/Y9m1gBX+cghwZ3D+h+5l/EP3Mv6hexn/0JXW/hR/eV3P/rc/sS1v+WqFe1d+n2SThHNz4vPypmjGaolIVyrzRiy/ayAiNqhhsSk+lnYnkjUc6mtNnDiZD521FO7ktxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED7/BsAAP//1ELiOQ==") mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000280)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 309.334271ms ago: executing program 1: bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000002c0)={0x0, 0x304}, 0x1, 0x0, 0x0, 0x4040095}, 0x4000004) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdc8}, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x181) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x952c, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000300)='qdisc_dequeue\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00"/2566], &(0x7f0000000340)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x8, 0x60000000}, 0x1e) syz_genetlink_get_family_id$ipvs(&(0x7f0000005880), 0xffffffffffffffff) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x10, &(0x7f0000000040)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x14) signalfd(0xffffffffffffffff, &(0x7f0000000340)={[0x400]}, 0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00'}, 0x10) 241.986971ms ago: executing program 4: io_uring_setup(0x1951, &(0x7f00000000c0)={0x0, 0xf3d0}) r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) read$usbmon(r0, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 4.620776ms ago: executing program 3: r0 = socket$kcm(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'veth1_to_team\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x38, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN={0x10}]}]}]}, 0x38}}, 0x0) 0s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0040, &(0x7f0000000200)={[{@nombcache}, {@resgid={'resgid', 0x3d, 0xee00}}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7f}}, {@noload}, {@nobarrier}, {@nodiscard}]}, 0xfe, 0x476, &(0x7f00000004c0)="$eJzs3E1sVEUcAPD/225Ly4dFxA8QtIpG4kdLy4ccvGg08aDRRA8YT3VbCLJQQ2sihCh6wBgPhsS78WjixasnvRj1ZOIV74bEGC6gpzWz+x60y27tx7Zb3d8veTDz3tud+e+82Z03s9sAetZI+ieL2BoRVyJiOCLKzSeMNP67ce1C5a9rFypZ1Gqv/Zmlh8X1axcq+VPUt2RLY0etluc3tSj30psRk9Xq9Nk8PzZ3+p2x2XPnnzp5evLE9InpMxNHjx46uHfgyMThjsSZ4rq++/2ZPbtefOPyy5Vjl9/66etU36358SKOThppvLotPdrpwrps27x0Vu5iRViW1G79+XYlhqMvhm4eG44XPupq5YA1VavVaq0+n3MXa8D/WBbdrgHQHcUHfbr/LbZ1GnpsCH8825jwSHHfyLfGkXKU8nP6m+5vO2kwIo5d/PuLtMUazUMAAMz3XRr/PNlq/FeKe+add0e+hrI9Iu6MiB0RcVdE7IyIuyPq594bEfcts/zmFZLbxz+lqysKbInS+O+ZfG1r4fivGP3F9r48t60ef392/GR1+kD+muyP/k0pP77gIQt9//yvnzXv+zSfZh+ZN/5LWyq/GAvm9bhabpqgm5qcm+xI8Cn+DyN2l1vFn91cB8wiYldE7F5hGScf/2pPu2P/Hv8iOrDOVPsy4rFG+1+MpvgLWdv1yfGnj0wcHhuM6vSBseKquN3Pv1x6tV35q4q/A1L7b255/TfiT/eI2WDE7Lnzp+rrtbPLL+PSbx9XsjbHdq7w+h/IXq+nB/J9703OzZ0djxjIXkrZoQX7J249tsgX56f49+9r3f93NG7P6q/E/RGRLuK9EfFARDyYt91DEfFwROxbJP4fn3vk7XbH2rf/IrPyHZTin1qk/dNbXkrdav/lJ/pO/fBtu/JrS2r/Q/XU/nzPUt7/llrB1bx2AAAA8F9Rqn8HPiuN3kyXSqOjje/w74zNperM7NwTx2fePTPV+K789ugvFTNdw/PmQ8fzueEiP9GUP5jPG3/eN1TPj1ZmqlPdDh563JY2/T/5va/btQPWnN9rQe/S/6F36f/Qu/R/6F36P/Sogda7P1jvegBdsfzP/8E1qQew/oz/oXfp/9C79H/oSW1/G19a1U/+1znxTR7Nqp+wvCHCaZ0Y2hjVKBJR2hDV6FzilU8aF9FGqU+RKC/5j1msMLGp5aFuvisBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0zj8BAAD//w1w47w=") kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.236' (ED25519) to the list of known hosts. 2024/06/01 12:14:00 fuzzer started 2024/06/01 12:14:01 dialing manager at 10.128.0.169:30026 [ 163.555674][ T5055] cgroup: Unknown subsys name 'net' [ 163.795948][ T5055] cgroup: Unknown subsys name 'rlimit' 2024/06/01 12:14:48 starting 5 executor processes [ 210.005011][ T5062] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 212.806144][ T5089] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 212.814688][ T5089] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 212.826835][ T5089] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 212.835224][ T5089] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 212.847958][ T5089] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 212.861359][ T5089] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 212.869770][ T5092] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 212.877740][ T5092] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 212.893356][ T5092] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 212.902800][ T5089] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 212.913028][ T5095] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 212.934780][ T5089] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 212.936241][ T5095] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 212.951683][ T5092] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 212.960776][ T5095] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 213.012185][ T50] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 213.037930][ T5095] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 213.047279][ T5095] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 213.362837][ T5088] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 213.414763][ T5088] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 213.476605][ T50] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 213.485803][ T4435] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 213.500767][ T4435] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 213.512378][ T4435] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 213.523195][ T4435] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 213.558444][ T5095] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 213.571240][ T5095] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 213.586169][ T5095] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 213.605105][ T5095] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 213.614513][ T5095] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 214.372624][ T5084] chnl_net:caif_netlink_parms(): no params data found [ 214.707060][ T5087] chnl_net:caif_netlink_parms(): no params data found [ 214.888300][ T5083] chnl_net:caif_netlink_parms(): no params data found [ 215.075900][ T5095] Bluetooth: hci1: command tx timeout [ 215.081552][ T5095] Bluetooth: hci0: command tx timeout [ 215.144346][ T5095] Bluetooth: hci2: command tx timeout [ 215.172620][ T5098] chnl_net:caif_netlink_parms(): no params data found [ 215.637118][ T5095] Bluetooth: hci3: command tx timeout [ 215.698125][ T5101] chnl_net:caif_netlink_parms(): no params data found [ 215.734088][ T5095] Bluetooth: hci4: command tx timeout [ 215.775340][ T5087] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.783119][ T5087] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.793533][ T5087] bridge_slave_0: entered allmulticast mode [ 215.802828][ T5087] bridge_slave_0: entered promiscuous mode [ 215.821210][ T5084] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.832341][ T5084] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.840457][ T5084] bridge_slave_0: entered allmulticast mode [ 215.849621][ T5084] bridge_slave_0: entered promiscuous mode [ 215.936292][ T5087] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.945868][ T5087] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.953589][ T5087] bridge_slave_1: entered allmulticast mode [ 215.962826][ T5087] bridge_slave_1: entered promiscuous mode [ 215.994706][ T5084] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.002416][ T5084] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.010258][ T5084] bridge_slave_1: entered allmulticast mode [ 216.019365][ T5084] bridge_slave_1: entered promiscuous mode [ 216.218346][ T5083] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.228653][ T5083] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.236643][ T5083] bridge_slave_0: entered allmulticast mode [ 216.245833][ T5083] bridge_slave_0: entered promiscuous mode [ 216.329041][ T5098] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.337065][ T5098] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.344990][ T5098] bridge_slave_0: entered allmulticast mode [ 216.354279][ T5098] bridge_slave_0: entered promiscuous mode [ 216.384028][ T5084] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 216.394389][ T5083] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.402115][ T5083] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.412235][ T5083] bridge_slave_1: entered allmulticast mode [ 216.425822][ T5083] bridge_slave_1: entered promiscuous mode [ 216.447499][ T5087] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 216.468091][ T5084] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 216.479008][ T5098] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.487052][ T5098] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.495100][ T5098] bridge_slave_1: entered allmulticast mode [ 216.504487][ T5098] bridge_slave_1: entered promiscuous mode [ 216.566291][ T5087] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 216.745506][ T5084] team0: Port device team_slave_0 added [ 216.797814][ T5083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 216.821764][ T5083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 216.883461][ T5084] team0: Port device team_slave_1 added [ 216.914921][ T5087] team0: Port device team_slave_0 added [ 216.932071][ T5098] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 217.059630][ T5087] team0: Port device team_slave_1 added [ 217.144618][ T5095] Bluetooth: hci0: command tx timeout [ 217.150267][ T5095] Bluetooth: hci1: command tx timeout [ 217.177088][ T5098] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 217.224736][ T5095] Bluetooth: hci2: command tx timeout [ 217.228299][ T5083] team0: Port device team_slave_0 added [ 217.309427][ T5101] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.319850][ T5101] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.327735][ T5101] bridge_slave_0: entered allmulticast mode [ 217.336820][ T5101] bridge_slave_0: entered promiscuous mode [ 217.440164][ T5087] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 217.447533][ T5087] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.474179][ T5087] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 217.492118][ T5083] team0: Port device team_slave_1 added [ 217.501878][ T5087] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 217.509169][ T5087] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.535543][ T5087] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 217.550706][ T5084] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 217.558065][ T5084] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.585370][ T5084] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 217.598774][ T5101] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.606703][ T5101] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.614730][ T5101] bridge_slave_1: entered allmulticast mode [ 217.623657][ T5101] bridge_slave_1: entered promiscuous mode [ 217.639596][ T5098] team0: Port device team_slave_0 added [ 217.714296][ T5095] Bluetooth: hci3: command tx timeout [ 217.737842][ T5084] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 217.745095][ T5084] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.771307][ T5084] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 217.794294][ T5095] Bluetooth: hci4: command tx timeout [ 217.820628][ T5098] team0: Port device team_slave_1 added [ 217.834411][ T5083] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 217.841580][ T5083] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.869063][ T5083] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 217.996619][ T5083] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 218.003777][ T5083] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.030442][ T5083] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 218.069537][ T5101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 218.115342][ T5098] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 218.122497][ T5098] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.148976][ T5098] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 218.200031][ T5098] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 218.207617][ T5098] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.234298][ T5098] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 218.273977][ T5101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 218.370692][ T5087] hsr_slave_0: entered promiscuous mode [ 218.384363][ T5087] hsr_slave_1: entered promiscuous mode [ 218.630632][ T5101] team0: Port device team_slave_0 added [ 218.650815][ T5083] hsr_slave_0: entered promiscuous mode [ 218.664324][ T5083] hsr_slave_1: entered promiscuous mode [ 218.673613][ T5083] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 218.681488][ T5083] Cannot create hsr debugfs directory [ 218.701439][ T5084] hsr_slave_0: entered promiscuous mode [ 218.710826][ T5084] hsr_slave_1: entered promiscuous mode [ 218.721301][ T5084] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 218.729154][ T5084] Cannot create hsr debugfs directory [ 218.764598][ T5098] hsr_slave_0: entered promiscuous mode [ 218.773470][ T5098] hsr_slave_1: entered promiscuous mode [ 218.781534][ T5098] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 218.789490][ T5098] Cannot create hsr debugfs directory [ 218.802441][ T5101] team0: Port device team_slave_1 added [ 219.112716][ T5101] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 219.120096][ T5101] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.147074][ T5101] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 219.167494][ T5101] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 219.174779][ T5101] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.186632][ T1217] ieee802154 phy0 wpan0: encryption failed: -22 [ 219.201148][ T5101] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 219.207576][ T1217] ieee802154 phy1 wpan1: encryption failed: -22 [ 219.226930][ T5095] Bluetooth: hci1: command tx timeout [ 219.232669][ T4435] Bluetooth: hci0: command tx timeout [ 219.304173][ T4435] Bluetooth: hci2: command tx timeout [ 219.697241][ T5101] hsr_slave_0: entered promiscuous mode [ 219.707843][ T5101] hsr_slave_1: entered promiscuous mode [ 219.717097][ T5101] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 219.725001][ T5101] Cannot create hsr debugfs directory [ 219.790129][ T4435] Bluetooth: hci3: command tx timeout [ 219.877193][ T4435] Bluetooth: hci4: command tx timeout [ 220.424738][ T5087] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 220.449796][ T5087] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 220.496992][ T5087] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 220.560968][ T5087] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 220.704092][ T5098] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 220.763057][ T5098] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 220.829732][ T5098] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 220.852236][ T5084] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 220.875342][ T5084] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 220.898213][ T5098] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 220.954291][ T5084] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 221.003509][ T5084] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 221.249001][ T5101] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 221.301087][ T5083] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 221.311786][ T4435] Bluetooth: hci0: command tx timeout [ 221.318166][ T5095] Bluetooth: hci1: command tx timeout [ 221.336796][ T5083] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 221.361595][ T5101] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 221.393412][ T5101] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 221.394937][ T4435] Bluetooth: hci2: command tx timeout [ 221.439099][ T5083] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 221.463052][ T5101] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 221.505527][ T5083] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 221.864287][ T4435] Bluetooth: hci3: command tx timeout [ 221.945199][ T4435] Bluetooth: hci4: command tx timeout [ 222.008083][ T5087] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.139689][ T5087] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.257742][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.265618][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.391452][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.399051][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.553207][ T5098] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.791508][ T5084] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.990571][ T5098] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.054376][ T5101] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.131565][ T780] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.139511][ T780] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.156825][ T5084] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.192395][ T5083] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.279224][ T780] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.287096][ T780] bridge0: port 2(bridge_slave_1) entered forwarding state [ 223.356882][ T5101] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.411456][ T780] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.419277][ T780] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.518887][ T780] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.526701][ T780] bridge0: port 2(bridge_slave_1) entered forwarding state [ 223.552208][ T780] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.560041][ T780] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.582530][ T780] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.590322][ T780] bridge0: port 2(bridge_slave_1) entered forwarding state [ 223.657111][ T5083] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.880568][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.888337][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.913178][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.920953][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.076553][ T5084] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 224.087297][ T5084] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 224.303747][ T5101] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 225.362797][ T5087] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 225.920730][ T5098] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 226.002627][ T5084] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 226.435448][ T5083] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 226.555197][ T5101] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 226.574449][ T5098] veth0_vlan: entered promiscuous mode [ 226.699054][ T5098] veth1_vlan: entered promiscuous mode [ 226.867786][ T5084] veth0_vlan: entered promiscuous mode [ 227.030563][ T5084] veth1_vlan: entered promiscuous mode [ 227.164611][ T5098] veth0_macvtap: entered promiscuous mode [ 227.267663][ T5083] veth0_vlan: entered promiscuous mode [ 227.300992][ T5098] veth1_macvtap: entered promiscuous mode [ 227.337918][ T5101] veth0_vlan: entered promiscuous mode [ 227.502434][ T5083] veth1_vlan: entered promiscuous mode [ 227.537479][ T5084] veth0_macvtap: entered promiscuous mode [ 227.565979][ T5101] veth1_vlan: entered promiscuous mode [ 227.602005][ T5084] veth1_macvtap: entered promiscuous mode [ 227.630258][ T5098] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 227.770615][ T5098] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 227.849776][ T5084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 227.861859][ T5084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.878298][ T5084] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 227.893555][ T5098] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.902782][ T5098] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.915229][ T5098] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.926726][ T5098] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.021898][ T5084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 228.034878][ T5084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.049802][ T5084] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 228.139315][ T5083] veth0_macvtap: entered promiscuous mode [ 228.252491][ T5084] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.263058][ T5084] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.272360][ T5084] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.281521][ T5084] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.318454][ T5101] veth0_macvtap: entered promiscuous mode [ 228.334178][ T5083] veth1_macvtap: entered promiscuous mode [ 228.379731][ T5101] veth1_macvtap: entered promiscuous mode [ 228.590651][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 228.601459][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.611709][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 228.622546][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.637894][ T5101] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 228.651974][ T5083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 228.664182][ T5083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.676958][ T5083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 228.689237][ T5083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.699336][ T5083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 228.710186][ T5083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.725643][ T5083] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 228.785655][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 228.796580][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.806784][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 228.817498][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.833988][ T5101] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 228.895611][ T5083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 228.908517][ T5083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.919354][ T5083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 228.930101][ T5083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.940232][ T5083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 228.951012][ T5083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.966526][ T5083] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 229.011583][ T5101] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.020716][ T5101] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.029893][ T5101] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.038959][ T5101] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.090254][ T5083] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.099516][ T5083] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.108755][ T5083] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.117875][ T5083] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.152775][ T5087] veth0_vlan: entered promiscuous mode [ 229.309354][ T5087] veth1_vlan: entered promiscuous mode [ 229.837242][ T5087] veth0_macvtap: entered promiscuous mode [ 229.956048][ T5087] veth1_macvtap: entered promiscuous mode [ 230.142059][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.152977][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.163391][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.174147][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.186731][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.198463][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.208594][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.219354][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.235066][ T5087] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 230.521392][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 230.533766][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.544948][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 230.555772][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.565867][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 230.576669][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.588712][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 230.599972][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.615473][ T5087] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 230.901798][ T5087] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.915429][ T5087] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.927704][ T5087] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.937610][ T5087] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.721499][ T3628] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.729901][ T3628] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.969970][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.978429][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 235.459838][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 235.468826][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 235.605153][ T5145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 235.613130][ T5145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 235.811208][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 235.819582][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 235.946785][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 235.954968][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 236.198946][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 236.210335][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 236.554489][ T5147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 236.562569][ T5147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 237.665260][ T5285] mmap: syz-executor.2 (5285) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 238.229645][ T4362] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 238.238360][ T4362] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 238.420299][ T3155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 238.429139][ T3155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 238.928438][ T5294] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 239.326137][ T5302] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 239.515061][ T5302] bond0: (slave bond_slave_0): Releasing backup interface [ 239.591402][ T5303] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 239.923075][ T5308] loop3: detected capacity change from 0 to 64 [ 240.790058][ T5315] loop1: detected capacity change from 0 to 512 [ 240.934496][ T5315] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 240.946468][ T5315] EXT4-fs (loop1): orphan cleanup on readonly fs [ 240.971153][ T5315] EXT4-fs error (device loop1): ext4_orphan_get:1420: comm syz-executor.1: bad orphan inode 15 [ 241.064684][ T5315] ext4_test_bit(bit=14, block=2) = 0 [ 241.070349][ T5315] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 241.229950][ T5321] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 241.249724][ T5315] EXT4-fs error (device loop1): ext4_map_blocks:580: inode #2: block 3: comm syz-executor.1: lblock 0 mapped to illegal pblock 3 (length 1) [ 241.694866][ T5083] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 242.426951][ T5332] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 242.427500][ T29] audit: type=1804 audit(1717244121.059:2): pid=5332 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2455014147/syzkaller.v7kePP/6/.log" dev="sda1" ino=1960 res=1 errno=0 [ 242.573224][ T5335] loop2: detected capacity change from 0 to 128 [ 243.141548][ T5337] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 243.319706][ T5340] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 243.406785][ T5340] bond0: (slave bond_slave_0): Releasing backup interface [ 243.555170][ T5343] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 244.556130][ T5355] loop4: detected capacity change from 0 to 512 [ 244.597028][ T5356] netlink: 732 bytes leftover after parsing attributes in process `syz-executor.1'. [ 244.658409][ T5355] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 244.717486][ T5355] EXT4-fs (loop4): orphan cleanup on readonly fs [ 244.729412][ T5355] EXT4-fs error (device loop4): ext4_orphan_get:1420: comm syz-executor.4: bad orphan inode 15 [ 244.795014][ T5355] ext4_test_bit(bit=14, block=2) = 0 [ 244.800765][ T5355] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 244.991576][ T5355] EXT4-fs error (device loop4): ext4_map_blocks:580: inode #2: block 3: comm syz-executor.4: lblock 0 mapped to illegal pblock 3 (length 1) [ 245.348004][ T5087] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 245.662790][ T5368] netlink: 732 bytes leftover after parsing attributes in process `syz-executor.3'. [ 245.719891][ T5369] netlink: 732 bytes leftover after parsing attributes in process `syz-executor.1'. [ 245.961493][ T5371] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 246.694588][ T5145] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 246.926581][ T5383] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 247.007233][ T5376] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 247.045729][ T5385] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 247.110236][ T5385] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.253608][ T5385] bridge_slave_1 (unregistering): left allmulticast mode [ 247.267038][ T5385] bridge_slave_1 (unregistering): left promiscuous mode [ 247.274890][ T5385] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.355478][ T5145] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 247.368488][ T5145] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.378168][ T5145] usb 2-1: Product: syz [ 247.382584][ T5145] usb 2-1: Manufacturer: syz [ 247.387570][ T5145] usb 2-1: SerialNumber: syz [ 247.438134][ T5384] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 247.486950][ T5145] usb 2-1: config 0 descriptor?? [ 247.529122][ T5145] ch341 2-1:0.0: ch341-uart converter detected [ 247.632950][ T5391] netlink: 732 bytes leftover after parsing attributes in process `syz-executor.4'. [ 247.659028][ T5384] bond1: entered promiscuous mode [ 247.705028][ T5392] loop2: detected capacity change from 0 to 128 [ 247.839648][ T5392] FAT-fs (loop2): Directory bread(block 11554) failed [ 247.846861][ T5392] FAT-fs (loop2): Directory bread(block 11555) failed [ 247.854108][ T5392] FAT-fs (loop2): Directory bread(block 11556) failed [ 247.861162][ T5392] FAT-fs (loop2): Directory bread(block 11557) failed [ 247.868585][ T5392] FAT-fs (loop2): Directory bread(block 11558) failed [ 247.881847][ T5392] FAT-fs (loop2): Directory bread(block 11559) failed [ 247.890824][ T5392] FAT-fs (loop2): Directory bread(block 11560) failed [ 247.898007][ T5392] FAT-fs (loop2): Directory bread(block 11561) failed [ 247.905733][ T5392] FAT-fs (loop2): Directory bread(block 11562) failed [ 247.912805][ T5392] FAT-fs (loop2): Directory bread(block 11563) failed [ 248.874763][ T5145] ch341-uart ttyUSB0: failed to read break control: -71 [ 248.882161][ T5145] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 249.016349][ T5145] usb 2-1: USB disconnect, device number 2 [ 249.025019][ T5145] ch341 2-1:0.0: device disconnected [ 250.068664][ T5418] loop1: detected capacity change from 0 to 512 [ 250.363682][ T5418] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 250.377313][ T5418] ext4 filesystem being mounted at /root/syzkaller-testdir2649481593/syzkaller.i1FLMe/11/w5T)`)YFnA@T<3ڂ$rcnHwC" -8 supports timestamps until 2038-01-19 (0x7fffffff) [ 250.441900][ T5422] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 250.610342][ T5418] capability: warning: `syz-executor.1' uses deprecated v2 capabilities in a way that may be insecure [ 250.765055][ T5427] EXT4-fs error (device loop1): ext4_do_update_inode:5082: inode #2: comm syz-executor.1: corrupted inode contents [ 250.828897][ T5427] EXT4-fs error (device loop1): ext4_dirty_inode:5942: inode #2: comm syz-executor.1: mark_inode_dirty error [ 250.923027][ T5427] EXT4-fs error (device loop1): ext4_do_update_inode:5082: inode #2: comm syz-executor.1: corrupted inode contents [ 251.020251][ T5427] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #2: comm syz-executor.1: mark_inode_dirty error [ 251.448125][ T5434] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 251.448872][ T5083] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.558306][ T5434] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 251.573361][ T5434] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 251.844154][ T5434] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 252.236016][ T29] audit: type=1326 audit(1717244130.799:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5437 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749c579 code=0x7ffc0000 [ 252.259085][ T29] audit: type=1326 audit(1717244130.799:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5437 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749c579 code=0x7ffc0000 [ 252.285507][ T29] audit: type=1326 audit(1717244130.849:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5437 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf749c579 code=0x7ffc0000 [ 252.309268][ T29] audit: type=1326 audit(1717244130.869:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5437 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749c579 code=0x7ffc0000 [ 252.332591][ T29] audit: type=1326 audit(1717244130.869:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5437 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf749c579 code=0x7ffc0000 [ 252.526606][ T29] audit: type=1326 audit(1717244131.049:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5437 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749c579 code=0x7ffc0000 [ 252.549564][ T29] audit: type=1326 audit(1717244131.089:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5437 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=40000003 syscall=288 compat=1 ip=0xf749c579 code=0x7ffc0000 [ 252.572349][ T29] audit: type=1326 audit(1717244131.099:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5437 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf749c579 code=0x7ffc0000 [ 252.598170][ T29] audit: type=1326 audit(1717244131.099:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5437 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf749c5a7 code=0x7ffc0000 [ 252.622259][ T29] audit: type=1326 audit(1717244131.149:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5437 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749c579 code=0x7ffc0000 [ 253.114853][ T5135] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 253.664569][ T5135] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 253.674114][ T5135] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.682382][ T5135] usb 4-1: Product: syz [ 253.686974][ T5135] usb 4-1: Manufacturer: syz [ 253.691820][ T5135] usb 4-1: SerialNumber: syz [ 253.747897][ T5135] usb 4-1: config 0 descriptor?? [ 253.788976][ T5135] ch341 4-1:0.0: ch341-uart converter detected [ 255.171084][ T5135] ch341-uart ttyUSB0: failed to read break control: -71 [ 255.178862][ T5135] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 255.210748][ T5135] usb 4-1: USB disconnect, device number 2 [ 255.218835][ T5135] ch341 4-1:0.0: device disconnected [ 257.041679][ T5505] loop4: detected capacity change from 0 to 512 [ 257.102141][ T5505] EXT4-fs: Ignoring removed i_version option [ 257.155716][ T5505] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 257.169333][ T5505] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 257.339589][ T29] kauditd_printk_skb: 25 callbacks suppressed [ 257.339668][ T29] audit: type=1326 audit(1717244135.959:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5508 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 257.420654][ T5505] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2847: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 257.466041][ T29] audit: type=1326 audit(1717244136.019:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5508 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 257.474781][ T5505] EXT4-fs (loop4): 1 truncate cleaned up [ 257.488901][ T29] audit: type=1326 audit(1717244136.039:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5508 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 257.494639][ T5505] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 257.536358][ T29] audit: type=1326 audit(1717244136.069:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5508 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf749d5a7 code=0x7ffc0000 [ 257.566970][ T29] audit: type=1326 audit(1717244136.069:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5508 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=40000003 syscall=288 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 257.592420][ T29] audit: type=1326 audit(1717244136.079:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5508 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 257.619830][ T29] audit: type=1326 audit(1717244136.089:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5508 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf749d5a7 code=0x7ffc0000 [ 257.644341][ T29] audit: type=1326 audit(1717244136.099:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5508 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 257.717612][ T29] audit: type=1326 audit(1717244136.309:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5508 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 257.740516][ T29] audit: type=1326 audit(1717244136.309:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5508 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf749d5a7 code=0x7ffc0000 [ 258.446650][ T5145] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 258.636176][ T5087] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 259.085744][ T5145] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 259.095670][ T5145] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.104098][ T5145] usb 2-1: Product: syz [ 259.108549][ T5145] usb 2-1: Manufacturer: syz [ 259.113386][ T5145] usb 2-1: SerialNumber: syz [ 259.164962][ T5145] usb 2-1: config 0 descriptor?? [ 259.335044][ T5145] ch341 2-1:0.0: ch341-uart converter detected [ 260.306825][ T5547] loop2: detected capacity change from 0 to 1024 [ 260.584941][ T5145] ch341-uart ttyUSB0: failed to read break control: -71 [ 260.592504][ T5145] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 260.672207][ T5145] usb 2-1: USB disconnect, device number 3 [ 260.683246][ T5145] ch341 2-1:0.0: device disconnected [ 260.724407][ T3118] hfsplus: b-tree write err: -5, ino 4 [ 262.355460][ T5559] loop2: detected capacity change from 0 to 4096 [ 262.425484][ T5559] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 262.738755][ T5559] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 263.594735][ T29] kauditd_printk_skb: 16 callbacks suppressed [ 263.594812][ T29] audit: type=1800 audit(1717244142.219:64): pid=5567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name=".pending_reads" dev="sda1" ino=1949 res=0 errno=0 [ 264.814126][ T5147] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 265.435863][ T5147] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 265.445401][ T5147] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.453674][ T5147] usb 4-1: Product: syz [ 265.458448][ T5147] usb 4-1: Manufacturer: syz [ 265.463282][ T5147] usb 4-1: SerialNumber: syz [ 265.509873][ T5147] usb 4-1: config 0 descriptor?? [ 265.575725][ T5147] ch341 4-1:0.0: ch341-uart converter detected [ 266.064582][ T5592] netlink: 732 bytes leftover after parsing attributes in process `syz-executor.1'. [ 266.774174][ T5605] loop0: detected capacity change from 0 to 512 [ 266.843000][ T5605] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 266.852643][ T5605] EXT4-fs (loop0): blocks per group (64) and clusters per group (32768) inconsistent [ 266.993299][ T5147] ch341-uart ttyUSB0: failed to read break control: -71 [ 267.001111][ T5147] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 267.018697][ T5147] usb 4-1: USB disconnect, device number 3 [ 267.031635][ T5147] ch341 4-1:0.0: device disconnected [ 267.154594][ T5609] loop4: detected capacity change from 0 to 256 [ 267.307318][ T5609] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 268.221586][ T29] audit: type=1804 audit(1717244146.789:65): pid=5613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir127456920/syzkaller.a8HKNF/20/file0" dev="sda1" ino=1948 res=1 errno=0 [ 269.015780][ T5629] netlink: 732 bytes leftover after parsing attributes in process `syz-executor.4'. [ 269.839467][ T5634] Zero length message leads to an empty skb [ 269.884296][ T5135] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 269.981922][ T5636] loop3: detected capacity change from 0 to 512 [ 270.019336][ T5636] EXT4-fs (loop3): invalid inodes per group: 1 [ 270.019336][ T5636] [ 270.244534][ T5135] usb 5-1: config index 0 descriptor too short (expected 45, got 36) [ 270.252815][ T5135] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 270.264274][ T5135] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 270.275686][ T5135] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 270.288938][ T5135] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 270.298230][ T5135] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.311430][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 270.377381][ T5135] usb 5-1: config 0 descriptor?? [ 270.406233][ T5632] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 270.774923][ T5638] loop3: detected capacity change from 0 to 256 [ 270.928960][ T5135] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 270.936879][ T5135] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 270.944707][ T5135] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 270.952386][ T5135] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 270.960299][ T5135] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 270.968094][ T5135] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 270.975886][ T5135] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 270.983564][ T5135] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 270.991442][ T5135] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 270.999225][ T5135] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 271.007013][ T5135] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 271.015089][ T5135] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 271.028327][ T5135] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 271.088767][ T5638] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 271.113446][ T5135] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 271.168614][ T5135] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 271.220025][ T5135] usb 5-1: USB disconnect, device number 2 [ 271.469838][ T29] audit: type=1326 audit(1717244150.059:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5640 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x0 [ 271.814569][ T5145] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 272.214680][ T5145] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 272.225360][ T5145] usb 3-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 272.235961][ T5145] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.312157][ T5145] usb 3-1: config 0 descriptor?? [ 272.388608][ T5145] usb 3-1: Found UVC 149.00 device (046d:08c1) [ 272.396114][ T5145] usb 3-1: No valid video chain found. [ 274.626094][ T5145] usb 3-1: USB disconnect, device number 2 [ 275.144324][ T5668] loop2: detected capacity change from 0 to 512 [ 275.221666][ T5668] EXT4-fs (loop2): invalid inodes per group: 1 [ 275.221666][ T5668] [ 276.177426][ T5676] netlink: 'syz-executor.2': attribute type 10 has an invalid length. [ 276.208680][ T5676] batman_adv: batadv0: Adding interface: team0 [ 276.215134][ T5676] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.245136][ T5676] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 277.206305][ T5683] hub 6-0:1.0: USB hub found [ 277.211806][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 277.238256][ T5683] hub 6-0:1.0: 1 port detected [ 278.750594][ T5699] loop3: detected capacity change from 0 to 512 [ 278.794407][ T5699] EXT4-fs (loop3): invalid inodes per group: 1 [ 278.794407][ T5699] [ 280.617620][ T1217] ieee802154 phy0 wpan0: encryption failed: -22 [ 280.624754][ T1217] ieee802154 phy1 wpan1: encryption failed: -22 [ 281.364443][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 281.655221][ T5718] hub 6-0:1.0: USB hub found [ 281.704633][ T5718] hub 6-0:1.0: 1 port detected [ 281.899353][ T5721] loop2: detected capacity change from 0 to 256 [ 282.870835][ T5729] loop2: detected capacity change from 0 to 512 [ 282.952557][ T5729] EXT4-fs (loop2): invalid inodes per group: 1 [ 282.952557][ T5729] [ 282.981406][ T5727] loop3: detected capacity change from 0 to 4096 [ 283.032054][ T5727] ======================================================= [ 283.032054][ T5727] WARNING: The mand mount option has been deprecated and [ 283.032054][ T5727] and is ignored by this kernel. Remove the mand [ 283.032054][ T5727] option from the mount to silence this warning. [ 283.032054][ T5727] ======================================================= [ 283.105180][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 283.113761][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 283.194131][ C1] hrtimer: interrupt took 453966 ns [ 283.378666][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 283.412027][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 285.362929][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 285.388244][ T29] audit: type=1800 audit(1717244163.969:67): pid=5744 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1964 res=0 errno=0 [ 286.418264][ T5748] loop4: detected capacity change from 0 to 1024 [ 286.550948][ T5748] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 286.714144][ T5756] hub 6-0:1.0: USB hub found [ 286.720282][ T5756] hub 6-0:1.0: 1 port detected [ 286.745212][ T5755] loop2: detected capacity change from 0 to 64 [ 286.751810][ T29] audit: type=1800 audit(1717244165.279:68): pid=5748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 286.772903][ T29] audit: type=1800 audit(1717244165.289:69): pid=5748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 287.017440][ T5087] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 287.254237][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 287.262954][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 289.198481][ T5764] loop4: detected capacity change from 0 to 4096 [ 292.173336][ T5783] hub 6-0:1.0: USB hub found [ 292.207389][ T5783] hub 6-0:1.0: 1 port detected [ 294.925805][ T5801] loop1: detected capacity change from 0 to 4096 [ 296.593329][ T5816] hub 6-0:1.0: USB hub found [ 296.613532][ T5816] hub 6-0:1.0: 1 port detected [ 297.653509][ T5825] loop4: detected capacity change from 0 to 1764 [ 300.420040][ T5851] loop4: detected capacity change from 0 to 4096 [ 301.641325][ T5873] loop3: detected capacity change from 0 to 1024 [ 301.866156][ T5095] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 301.883611][ T5095] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 301.899243][ T5095] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 301.918721][ T5873] syz-executor.3: attempt to access beyond end of device [ 301.918721][ T5873] loop3: rw=0, sector=201326592, nr_sectors = 2 limit=1024 [ 301.933374][ T5873] Buffer I/O error on dev loop3, logical block 100663296, async page read [ 301.947462][ T5873] syz-executor.3: attempt to access beyond end of device [ 301.947462][ T5873] loop3: rw=0, sector=201326592, nr_sectors = 2 limit=1024 [ 301.963026][ T5873] Buffer I/O error on dev loop3, logical block 100663296, async page read [ 302.050729][ T5095] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 302.076608][ T5095] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 302.086564][ T5095] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 303.714793][ T5875] chnl_net:caif_netlink_parms(): no params data found [ 304.184339][ T5095] Bluetooth: hci5: command tx timeout [ 305.570442][ T5875] bridge0: port 1(bridge_slave_0) entered blocking state [ 305.578365][ T5875] bridge0: port 1(bridge_slave_0) entered disabled state [ 305.586864][ T5875] bridge_slave_0: entered allmulticast mode [ 305.596273][ T5875] bridge_slave_0: entered promiscuous mode [ 305.897119][ T5875] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.904984][ T5875] bridge0: port 2(bridge_slave_1) entered disabled state [ 305.912823][ T5875] bridge_slave_1: entered allmulticast mode [ 305.923019][ T5875] bridge_slave_1: entered promiscuous mode [ 306.119102][ T5875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 306.216464][ T5875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 306.277880][ T5095] Bluetooth: hci5: command tx timeout [ 306.607256][ T5875] team0: Port device team_slave_0 added [ 306.713469][ T5875] team0: Port device team_slave_1 added [ 307.028810][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 307.036012][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.065489][ T5875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 307.187696][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 307.195057][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.221416][ T5875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 307.698453][ T5875] hsr_slave_0: entered promiscuous mode [ 307.756840][ T5875] hsr_slave_1: entered promiscuous mode [ 307.844329][ T5875] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 307.852101][ T5875] Cannot create hsr debugfs directory [ 308.344903][ T5095] Bluetooth: hci5: command tx timeout [ 308.908908][ T5875] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.091445][ T5875] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.318405][ T5875] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.551270][ T5875] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 310.196313][ T5965] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 310.424262][ T5095] Bluetooth: hci5: command tx timeout [ 310.431818][ T5875] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 310.524828][ T5875] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 310.644212][ T5875] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 310.826972][ T5875] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 311.335359][ T5980] net_ratelimit: 44 callbacks suppressed [ 311.335461][ T5980] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 311.750517][ T5986] netlink: 'syz-executor.2': attribute type 11 has an invalid length. [ 311.759686][ T5986] netlink: 'syz-executor.2': attribute type 11 has an invalid length. [ 311.768122][ T5986] netlink: 193500 bytes leftover after parsing attributes in process `syz-executor.2'. [ 311.933546][ T5984] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 312.500093][ T5875] 8021q: adding VLAN 0 to HW filter on device bond0 [ 312.689125][ T5875] 8021q: adding VLAN 0 to HW filter on device team0 [ 312.834478][ T5142] bridge0: port 1(bridge_slave_0) entered blocking state [ 312.842174][ T5142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 312.994999][ T5142] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.002719][ T5142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 314.520841][ T6020] netlink: 752 bytes leftover after parsing attributes in process `syz-executor.1'. [ 314.714214][ T5147] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 315.124575][ T5147] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 315.134400][ T5147] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.205903][ T5147] usb 4-1: config 0 descriptor?? [ 315.536620][ T5875] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 316.193210][ T5875] veth0_vlan: entered promiscuous mode [ 316.395348][ T5147] pegasus 4-1:0.0: probe with driver pegasus failed with error -32 [ 316.431257][ T5875] veth1_vlan: entered promiscuous mode [ 316.455395][ T5147] usb 4-1: USB disconnect, device number 4 [ 316.958844][ T5875] veth0_macvtap: entered promiscuous mode [ 317.025970][ T5875] veth1_macvtap: entered promiscuous mode [ 317.282797][ T5875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 317.293651][ T5875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.308481][ T5875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 317.321028][ T5875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.331183][ T5875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 317.341996][ T5875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.352375][ T5875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 317.364900][ T5875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.380315][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 317.823132][ T29] audit: type=1326 audit(1717244196.349:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6034 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7461579 code=0x0 [ 317.912821][ T5875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 317.928925][ T5875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.940356][ T5875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 317.954149][ T5875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.965275][ T5875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 317.976080][ T5875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.986186][ T5875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 317.998256][ T5875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.009258][ T5875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 318.024572][ T5875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.040565][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 318.605042][ T5875] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.614208][ T5875] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.623242][ T5875] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.632358][ T5875] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.582022][ T6056] loop2: detected capacity change from 0 to 512 [ 321.492321][ T6056] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 321.508565][ T6056] ext4 filesystem being mounted at /root/syzkaller-testdir2455014147/syzkaller.v7kePP/74/w5T)`)YFnA@T<3ڂ$rcnHwC" -8 supports timestamps until 2038-01-19 (0x7fffffff) [ 321.877889][ T6056] EXT4-fs error (device loop2): ext4_do_update_inode:5082: inode #2: comm syz-executor.2: corrupted inode contents [ 322.074152][ T6056] EXT4-fs error (device loop2): ext4_dirty_inode:5942: inode #2: comm syz-executor.2: mark_inode_dirty error [ 322.204577][ T6056] EXT4-fs error (device loop2): ext4_do_update_inode:5082: inode #2: comm syz-executor.2: corrupted inode contents [ 322.254566][ T4435] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 322.277468][ T4435] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 322.290371][ T6056] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz-executor.2: mark_inode_dirty error [ 322.304118][ T4435] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 322.365731][ T4435] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 322.383728][ T4435] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 322.405850][ T4435] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 323.027902][ T5098] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 323.728390][ T3628] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.910674][ T3628] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.928374][ T6074] netlink: 752 bytes leftover after parsing attributes in process `syz-executor.2'. [ 324.143143][ T3628] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.317054][ T3628] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.439904][ T6062] chnl_net:caif_netlink_parms(): no params data found [ 324.505672][ T5095] Bluetooth: hci6: command tx timeout [ 324.865368][ T3628] bridge_slave_1: left allmulticast mode [ 324.871287][ T3628] bridge_slave_1: left promiscuous mode [ 324.878125][ T3628] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.014773][ T3628] bridge_slave_0: left allmulticast mode [ 325.020679][ T3628] bridge_slave_0: left promiscuous mode [ 325.027301][ T3628] bridge0: port 1(bridge_slave_0) entered disabled state [ 325.488983][ T6086] syz-executor.4 (pid 6086) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 325.717370][ T3628] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 325.822592][ T3628] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 325.895917][ T3628] bond0 (unregistering): Released all slaves [ 326.059912][ T6086] fscrypt (sda1, inode 1950): Missing crypto API support for Adiantum (API name: "adiantum(xchacha12,aes)") [ 326.078339][ T6086] fscrypt (sda1, inode 1950): Missing crypto API support for Adiantum (API name: "adiantum(xchacha12,aes)") [ 326.090513][ T6086] overlayfs: failed to create directory ./file0/work (errno: 65); mounting read-only [ 326.615023][ T5095] Bluetooth: hci6: command tx timeout [ 326.987369][ T3628] hsr_slave_0: left promiscuous mode [ 327.045981][ T3628] hsr_slave_1: left promiscuous mode [ 327.079246][ T3628] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 327.088928][ T3628] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 327.142344][ T3628] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 327.150396][ T3628] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 327.239474][ T3628] veth1_macvtap: left promiscuous mode [ 327.245327][ T3628] veth0_macvtap: left promiscuous mode [ 327.251217][ T3628] veth1_vlan: left promiscuous mode [ 327.256915][ T3628] veth0_vlan: left promiscuous mode [ 328.253156][ T3628] team0 (unregistering): Port device team_slave_1 removed [ 328.300178][ T3628] team0 (unregistering): Port device team_slave_0 removed [ 328.672153][ T5095] Bluetooth: hci6: command tx timeout [ 329.022346][ T6062] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.030294][ T6062] bridge0: port 1(bridge_slave_0) entered disabled state [ 329.038376][ T6062] bridge_slave_0: entered allmulticast mode [ 329.047932][ T6062] bridge_slave_0: entered promiscuous mode [ 329.353067][ T6114] overlayfs: failed to resolve './file1': -2 [ 329.358804][ T6062] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.366952][ T6062] bridge0: port 2(bridge_slave_1) entered disabled state [ 329.374624][ T6062] bridge_slave_1: entered allmulticast mode [ 329.382639][ T6062] bridge_slave_1: entered promiscuous mode [ 329.813402][ T6062] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 329.934542][ T6062] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 330.302956][ T6062] team0: Port device team_slave_0 added [ 330.400993][ T6062] team0: Port device team_slave_1 added [ 330.712737][ T6062] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 330.722691][ T6062] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 330.749190][ T5095] Bluetooth: hci6: command tx timeout [ 330.755554][ T6062] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 330.916102][ T6126] hub 6-0:1.0: USB hub found [ 330.997567][ T6126] hub 6-0:1.0: 1 port detected [ 331.102136][ T6062] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 331.109564][ T6062] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 331.123236][ T6128] netlink: 684 bytes leftover after parsing attributes in process `syz-executor.4'. [ 331.139391][ T6062] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 331.806610][ T6062] hsr_slave_0: entered promiscuous mode [ 331.832533][ T6134] loop0: detected capacity change from 0 to 16384 [ 331.896131][ T6062] hsr_slave_1: entered promiscuous mode [ 331.929690][ T6062] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 331.929769][ T6062] Cannot create hsr debugfs directory [ 332.396681][ T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 332.405129][ T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 332.673665][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 332.682008][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 333.820269][ T6062] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 333.923676][ T6062] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 334.017274][ T6062] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 334.101024][ T6062] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 334.541492][ T3628] bridge_slave_0: left allmulticast mode [ 334.547763][ T3628] bridge_slave_0: left promiscuous mode [ 334.555229][ T3628] bridge0: port 1(bridge_slave_0) entered disabled state [ 335.225022][ T3628] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 335.277139][ T3628] bond0 (unregistering): Released all slaves [ 335.297362][ T3628] bond1 (unregistering): Released all slaves [ 336.120171][ T3628] hsr_slave_0: left promiscuous mode [ 336.161435][ T3628] hsr_slave_1: left promiscuous mode [ 336.194795][ T3628] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 336.202587][ T3628] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 336.251377][ T3628] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 336.259344][ T3628] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 336.324784][ T3628] veth1_macvtap: left promiscuous mode [ 336.330568][ T3628] veth0_macvtap: left promiscuous mode [ 336.336837][ T3628] veth1_vlan: left promiscuous mode [ 336.342397][ T3628] veth0_vlan: left promiscuous mode [ 337.159212][ T6159] hub 6-0:1.0: USB hub found [ 337.199527][ T6159] hub 6-0:1.0: 1 port detected [ 337.367631][ T3628] team0 (unregistering): Port device team_slave_1 removed [ 337.450801][ T3628] team0 (unregistering): Port device team_slave_0 removed [ 337.943734][ T6062] 8021q: adding VLAN 0 to HW filter on device bond0 [ 338.203492][ T6062] 8021q: adding VLAN 0 to HW filter on device team0 [ 338.281109][ T29] audit: type=1804 audit(1717244216.879:71): pid=6163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2455014147/syzkaller.v7kePP/83/bus" dev="sda1" ino=1957 res=1 errno=0 [ 338.372966][ T780] bridge0: port 1(bridge_slave_0) entered blocking state [ 338.380849][ T780] bridge0: port 1(bridge_slave_0) entered forwarding state [ 338.401377][ T780] bridge0: port 2(bridge_slave_1) entered blocking state [ 338.409182][ T780] bridge0: port 2(bridge_slave_1) entered forwarding state [ 338.987274][ T5092] Bluetooth: hci2: command 0x0406 tx timeout [ 338.993747][ T5092] Bluetooth: hci3: command 0x0406 tx timeout [ 339.000172][ T5092] Bluetooth: hci4: command 0x0406 tx timeout [ 339.073246][ T6167] loop0: detected capacity change from 0 to 16384 [ 340.476840][ T6180] loop3: detected capacity change from 0 to 512 [ 340.581158][ T6183] loop2: detected capacity change from 0 to 64 [ 340.682987][ T6062] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 340.709255][ T6183] hfs: unable to locate alternate MDB [ 340.715721][ T6183] hfs: continuing without an alternate MDB [ 340.768760][ T6180] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 340.782646][ T6180] ext4 filesystem being mounted at /root/syzkaller-testdir127456920/syzkaller.a8HKNF/70/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 341.012176][ T6188] hub 6-0:1.0: USB hub found [ 341.063178][ T6188] hub 6-0:1.0: 1 port detected [ 341.120517][ T6062] veth0_vlan: entered promiscuous mode [ 341.281653][ T6062] veth1_vlan: entered promiscuous mode [ 341.359820][ T5101] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 341.632449][ T6062] veth0_macvtap: entered promiscuous mode [ 341.728323][ T6062] veth1_macvtap: entered promiscuous mode [ 341.761904][ T6193] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 341.950762][ T6193] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 342.023558][ T6062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 342.067374][ T6062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 342.072483][ T1217] ieee802154 phy0 wpan0: encryption failed: -22 [ 342.081877][ T6062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 342.086605][ T1217] ieee802154 phy1 wpan1: encryption failed: -22 [ 342.105612][ T6062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 342.115716][ T6062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 342.126432][ T6062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 342.142441][ T6062] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 342.216711][ T6062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 342.228928][ T6062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 342.239095][ T6062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 342.249976][ T6062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 342.260458][ T6062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 342.271298][ T6062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 342.281497][ T6062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 342.295679][ T6062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 342.311745][ T6062] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 342.593717][ T6062] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.603335][ T6062] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.616100][ T6062] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.626304][ T6062] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.708773][ T6200] loop0: detected capacity change from 0 to 16384 [ 343.134472][ T6204] loop2: detected capacity change from 0 to 512 [ 343.270135][ T6204] EXT4-fs error (device loop2): ext4_get_branch:178: inode #11: block 4294967295: comm syz-executor.2: invalid block [ 343.336990][ T6204] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz-executor.2: invalid indirect mapped block 4294967295 (level 1) [ 343.448681][ T6204] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz-executor.2: invalid indirect mapped block 4294967295 (level 1) [ 343.515061][ T6204] EXT4-fs (loop2): 2 truncates cleaned up [ 343.524524][ T6204] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 343.886468][ T5098] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 344.145752][ T6218] loop4: detected capacity change from 0 to 64 [ 344.215526][ T6218] hfs: unable to locate alternate MDB [ 344.221126][ T6218] hfs: continuing without an alternate MDB [ 344.825649][ T6226] hub 6-0:1.0: USB hub found [ 344.845550][ T6226] hub 6-0:1.0: 1 port detected [ 345.639395][ T6239] netlink: 744 bytes leftover after parsing attributes in process `syz-executor.2'. [ 345.922162][ T6242] loop0: detected capacity change from 0 to 16384 [ 347.650551][ T6260] loop0: detected capacity change from 0 to 64 [ 347.728847][ T6260] hfs: unable to locate alternate MDB [ 347.734815][ T6260] hfs: continuing without an alternate MDB [ 347.892912][ T4429] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 347.901440][ T4429] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 348.090353][ T6262] hub 6-0:1.0: USB hub found [ 348.111127][ T6262] hub 6-0:1.0: 1 port detected [ 348.114520][ T4511] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 348.127580][ T4511] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 348.934979][ T6270] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 349.094875][ T6272] loop0: detected capacity change from 0 to 16384 [ 349.298410][ T6274] netlink: 744 bytes leftover after parsing attributes in process `syz-executor.3'. [ 349.962675][ T6286] loop2: detected capacity change from 0 to 64 [ 350.026761][ T6286] hfs: unable to locate alternate MDB [ 350.032502][ T6286] hfs: continuing without an alternate MDB [ 350.166628][ T6288] hub 6-0:1.0: USB hub found [ 350.198486][ T6288] hub 6-0:1.0: 1 port detected [ 350.881447][ T6300] loop2: detected capacity change from 0 to 256 [ 350.924504][ T6300] FAT-fs (loop2): Unrecognized mount option "time_offset=0x" or missing value [ 351.159230][ T6306] loop0: detected capacity change from 0 to 16384 [ 351.210769][ T6307] netlink: 744 bytes leftover after parsing attributes in process `syz-executor.3'. [ 352.230720][ T6321] loop3: detected capacity change from 0 to 64 [ 352.344436][ T6321] hfs: unable to locate alternate MDB [ 352.350252][ T6321] hfs: continuing without an alternate MDB [ 353.211482][ T6336] loop0: detected capacity change from 0 to 16384 [ 353.238992][ T6335] netlink: 744 bytes leftover after parsing attributes in process `syz-executor.3'. [ 354.541239][ T6360] loop1: detected capacity change from 0 to 64 [ 354.571733][ T6360] hfs: unable to locate alternate MDB [ 354.581530][ T6360] hfs: continuing without an alternate MDB [ 355.257476][ T6373] loop0: detected capacity change from 0 to 16384 [ 355.996306][ T6382] loop1: detected capacity change from 0 to 512 [ 356.082421][ T6382] EXT4-fs (loop1): failed to initialize system zone (-117) [ 356.132240][ T6382] EXT4-fs (loop1): mount failed [ 356.571443][ T6396] loop2: detected capacity change from 0 to 64 [ 356.612971][ T6396] hfs: unable to locate alternate MDB [ 356.619318][ T6396] hfs: continuing without an alternate MDB [ 357.152217][ T29] audit: type=1800 audit(1717244235.779:72): pid=6406 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1945 res=0 errno=0 [ 357.173712][ T29] audit: type=1800 audit(1717244235.779:73): pid=6406 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1945 res=0 errno=0 [ 357.490627][ T6413] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 358.238859][ T6421] loop4: detected capacity change from 0 to 512 [ 358.294832][ T6421] EXT4-fs (loop4): failed to initialize system zone (-117) [ 358.314694][ T6421] EXT4-fs (loop4): mount failed [ 358.948515][ T6430] 9pnet_fd: Insufficient options for proto=fd [ 359.519785][ T6441] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 360.539639][ T6456] loop0: detected capacity change from 0 to 512 [ 360.597121][ T6456] EXT4-fs (loop0): failed to initialize system zone (-117) [ 360.628543][ T6456] EXT4-fs (loop0): mount failed [ 361.227938][ T6466] 9pnet_fd: Insufficient options for proto=fd [ 361.596126][ T6472] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 362.289249][ T6483] loop0: detected capacity change from 0 to 512 [ 362.412669][ T6483] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2250: inode #15: comm syz-executor.0: corrupted in-inode xattr: invalid ea_ino [ 362.455992][ T6483] EXT4-fs error (device loop0): ext4_orphan_get:1399: comm syz-executor.0: couldn't read orphan inode 15 (err -117) [ 362.534986][ T6492] loop2: detected capacity change from 0 to 512 [ 362.546970][ T6483] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 362.624993][ T6492] EXT4-fs (loop2): failed to initialize system zone (-117) [ 362.632633][ T6492] EXT4-fs (loop2): mount failed [ 362.695282][ T6483] EXT4-fs warning (device loop0): __ext4fs_dirhash:270: inode #20: comm syz-executor.0: Siphash requires key [ 362.707288][ T6483] ===================================================== [ 362.714778][ T6483] BUG: KMSAN: uninit-value in ext4_inlinedir_to_tree+0xde2/0x15a0 [ 362.722817][ T6483] ext4_inlinedir_to_tree+0xde2/0x15a0 [ 362.728640][ T6483] ext4_htree_fill_tree+0x1941/0x1cd0 [ 362.734342][ T6483] ext4_readdir+0x4bbf/0x5b00 [ 362.739210][ T6483] iterate_dir+0x688/0x870 [ 362.746395][ T6483] ovl_dir_read+0x14d/0x840 [ 362.751131][ T6483] ovl_check_d_type_supported+0x6a/0x110 [ 362.757664][ T6483] ovl_get_workdir+0x9c8/0x2780 [ 362.762695][ T6483] ovl_fill_super+0x153c/0x62a0 [ 362.772123][ T6483] get_tree_nodev+0x180/0x340 [ 362.779249][ T6483] ovl_get_tree+0x34/0x40 [ 362.783760][ T6483] vfs_get_tree+0xa7/0x570 [ 362.788529][ T6483] do_new_mount+0x71f/0x15e0 [ 362.793325][ T6483] path_mount+0x742/0x1f20 [ 362.798102][ T6483] __se_sys_mount+0x725/0x810 [ 362.802984][ T6483] __ia32_sys_mount+0xe3/0x150 [ 362.808958][ T6483] ia32_sys_call+0x3a9a/0x40a0 [ 362.814113][ T6483] __do_fast_syscall_32+0xb4/0x120 [ 362.819471][ T6483] do_fast_syscall_32+0x38/0x80 [ 362.824668][ T6483] do_SYSENTER_32+0x1f/0x30 [ 362.829371][ T6483] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 362.836490][ T6483] [ 362.838911][ T6483] Local variable hinfo created at: [ 362.844262][ T6483] ext4_htree_fill_tree+0x52/0x1cd0 [ 362.849658][ T6483] ext4_readdir+0x4bbf/0x5b00 [ 362.854775][ T6483] [ 362.857200][ T6483] CPU: 1 PID: 6483 Comm: syz-executor.0 Not tainted 6.9.0-syzkaller-02339-g101b7a97143a #0 [ 362.867595][ T6483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 362.882287][ T6483] ===================================================== [ 362.890618][ T6483] Disabling lock debugging due to kernel taint 2024/06/01 12:17:21 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 362.897016][ T6483] Kernel panic - not syncing: kmsan.panic set ... [ 362.903544][ T6483] CPU: 1 PID: 6483 Comm: syz-executor.0 Tainted: G B 6.9.0-syzkaller-02339-g101b7a97143a #0 [ 362.915192][ T6483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 362.925405][ T6483] Call Trace: [ 362.928814][ T6483] [ 362.931849][ T6483] dump_stack_lvl+0x216/0x2d0 [ 362.936752][ T6483] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 362.942765][ T6483] dump_stack+0x1e/0x30 [ 362.947131][ T6483] panic+0x4e2/0xcd0 [ 362.951222][ T6483] ? kmsan_get_metadata+0xf1/0x1d0 [ 362.956541][ T6483] kmsan_report+0x2d5/0x2e0 [ 362.961234][ T6483] ? __msan_warning+0x95/0x120 [ 362.966159][ T6483] ? ext4_inlinedir_to_tree+0xde2/0x15a0 [ 362.972019][ T6483] ? ext4_htree_fill_tree+0x1941/0x1cd0 [ 362.977776][ T6483] ? ext4_readdir+0x4bbf/0x5b00 [ 362.982817][ T6483] ? iterate_dir+0x688/0x870 [ 362.987620][ T6483] ? ovl_dir_read+0x14d/0x840 [ 362.992513][ T6483] ? ovl_check_d_type_supported+0x6a/0x110 [ 362.998546][ T6483] ? ovl_get_workdir+0x9c8/0x2780 [ 363.003758][ T6483] ? ovl_fill_super+0x153c/0x62a0 [ 363.008960][ T6483] ? get_tree_nodev+0x180/0x340 [ 363.014026][ T6483] ? ovl_get_tree+0x34/0x40 [ 363.018692][ T6483] ? vfs_get_tree+0xa7/0x570 [ 363.023497][ T6483] ? do_new_mount+0x71f/0x15e0 [ 363.028473][ T6483] ? path_mount+0x742/0x1f20 [ 363.033264][ T6483] ? __se_sys_mount+0x725/0x810 [ 363.038332][ T6483] ? __ia32_sys_mount+0xe3/0x150 [ 363.043487][ T6483] ? ia32_sys_call+0x3a9a/0x40a0 [ 363.048661][ T6483] ? __do_fast_syscall_32+0xb4/0x120 [ 363.054165][ T6483] ? do_fast_syscall_32+0x38/0x80 [ 363.059390][ T6483] ? do_SYSENTER_32+0x1f/0x30 [ 363.064279][ T6483] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 363.071022][ T6483] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 363.077024][ T6483] ? stack_depot_save_flags+0x66d/0x6e0 [ 363.082771][ T6483] ? kmsan_get_metadata+0x146/0x1d0 [ 363.088199][ T6483] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 363.094683][ T6483] ? kmsan_get_metadata+0x146/0x1d0 [ 363.100080][ T6483] ? kmsan_get_metadata+0x146/0x1d0 [ 363.105468][ T6483] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 363.111472][ T6483] __msan_warning+0x95/0x120 [ 363.116227][ T6483] ext4_inlinedir_to_tree+0xde2/0x15a0 [ 363.121903][ T6483] ? sget+0x90e/0xe50 [ 363.126066][ T6483] ? ovl_get_tree+0x34/0x40 [ 363.130742][ T6483] ? vfs_get_tree+0xa7/0x570 [ 363.135549][ T6483] ? do_new_mount+0x71f/0x15e0 [ 363.140569][ T6483] ? path_mount+0x742/0x1f20 [ 363.145360][ T6483] ? __se_sys_mount+0x725/0x810 [ 363.150427][ T6483] ? __ia32_sys_mount+0xe3/0x150 [ 363.155572][ T6483] ? ia32_sys_call+0x3a9a/0x40a0 [ 363.160728][ T6483] ? __do_fast_syscall_32+0xb4/0x120 [ 363.166264][ T6483] ? do_fast_syscall_32+0x38/0x80 [ 363.171512][ T6483] ? do_SYSENTER_32+0x1f/0x30 [ 363.176383][ T6483] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 363.183115][ T6483] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 363.189110][ T6483] ? kmsan_get_metadata+0x146/0x1d0 [ 363.194521][ T6483] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 363.200996][ T6483] ? kmsan_get_metadata+0x146/0x1d0 [ 363.206389][ T6483] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 363.212601][ T6483] ext4_htree_fill_tree+0x1941/0x1cd0 [ 363.218181][ T6483] ? kmsan_get_metadata+0x146/0x1d0 [ 363.223575][ T6483] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 363.230055][ T6483] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 363.236460][ T6483] ? kmsan_get_metadata+0x146/0x1d0 [ 363.241841][ T6483] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 363.247846][ T6483] ext4_readdir+0x4bbf/0x5b00 [ 363.252712][ T6483] ? aa_file_perm+0x3e4/0x17a0 [ 363.257686][ T6483] ? kmsan_get_metadata+0x146/0x1d0 [ 363.263070][ T6483] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 363.269064][ T6483] ? kmsan_get_metadata+0x146/0x1d0 [ 363.274447][ T6483] ? kmsan_get_metadata+0x146/0x1d0 [ 363.279836][ T6483] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 363.286341][ T6483] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 363.292394][ T6483] ? __pfx_ext4_readdir+0x10/0x10 [ 363.297718][ T6483] iterate_dir+0x688/0x870 [ 363.302362][ T6483] ovl_dir_read+0x14d/0x840 [ 363.307087][ T6483] ? kmsan_internal_memmove_metadata+0x91/0x230 [ 363.313614][ T6483] ovl_check_d_type_supported+0x6a/0x110 [ 363.319482][ T6483] ? __pfx_ovl_check_d_type+0x10/0x10 [ 363.325085][ T6483] ovl_get_workdir+0x9c8/0x2780 [ 363.330292][ T6483] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 363.336773][ T6483] ? kmsan_get_metadata+0x146/0x1d0 [ 363.342154][ T6483] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 363.348621][ T6483] ? kmsan_get_metadata+0x146/0x1d0 [ 363.354002][ T6483] ? kmsan_get_metadata+0x146/0x1d0 [ 363.359396][ T6483] ovl_fill_super+0x153c/0x62a0 [ 363.364437][ T6483] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 363.370999][ T6483] ? kmsan_get_metadata+0x146/0x1d0 [ 363.376377][ T6483] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 363.382386][ T6483] ? sget_fc+0xf44/0x1360 [ 363.386998][ T6483] ? __pfx_set_anon_super_fc+0x10/0x10 [ 363.392679][ T6483] ? kmsan_get_metadata+0x146/0x1d0 [ 363.398074][ T6483] get_tree_nodev+0x180/0x340 [ 363.402969][ T6483] ? __pfx_ovl_fill_super+0x10/0x10 [ 363.408357][ T6483] ? __pfx_ovl_get_tree+0x10/0x10 [ 363.413564][ T6483] ovl_get_tree+0x34/0x40 [ 363.418158][ T6483] vfs_get_tree+0xa7/0x570 [ 363.422792][ T6483] ? mount_capable+0xe1/0x120 [ 363.427930][ T6483] do_new_mount+0x71f/0x15e0 [ 363.432759][ T6483] ? kmsan_get_metadata+0x146/0x1d0 [ 363.438205][ T6483] path_mount+0x742/0x1f20 [ 363.442852][ T6483] ? user_path_at_empty+0x325/0x3a0 [ 363.448306][ T6483] __se_sys_mount+0x725/0x810 [ 363.453241][ T6483] ? kmsan_get_metadata+0x146/0x1d0 [ 363.458667][ T6483] __ia32_sys_mount+0xe3/0x150 [ 363.463669][ T6483] ia32_sys_call+0x3a9a/0x40a0 [ 363.468657][ T6483] __do_fast_syscall_32+0xb4/0x120 [ 363.474004][ T6483] ? irqentry_exit+0x16/0x60 [ 363.478821][ T6483] do_fast_syscall_32+0x38/0x80 [ 363.483991][ T6483] do_SYSENTER_32+0x1f/0x30 [ 363.488711][ T6483] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 363.495296][ T6483] RIP: 0023:0xf7423579 [ 363.499523][ T6483] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 363.519448][ T6483] RSP: 002b:00000000f5eac5ac EFLAGS: 00000206 ORIG_RAX: 0000000000000015 [ 363.528080][ T6483] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200000c0 [ 363.536270][ T6483] RDX: 0000000020000340 RSI: 0000000000000000 RDI: 0000000020000280 [ 363.544400][ T6483] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 363.552525][ T6483] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 363.560649][ T6483] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 363.568793][ T6483] [ 363.572162][ T6483] Kernel Offset: disabled [ 363.576550][ T6483] Rebooting in 86400 seconds..