last executing test programs: 1.903704216s ago: executing program 3 (id=482): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8930, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) 1.800691793s ago: executing program 0 (id=483): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x22400049, &(0x7f00000002c0)={[{@dioread_nolock}, {@noinit_itable}, {@nomblk_io_submit}, {@noblock_validity}, {@data_err_abort}, {@jqfmt_vfsold}, {@jqfmt_vfsv0}, {@barrier_val={'barrier', 0x3d, 0xd95a}}, {@debug}]}, 0x84, 0x471, &(0x7f0000000bc0)="$eJzs3M9vFFUcAPDvzLZFfpQuiD9AlFUkNqItLagcvGg04WJiogc91lIJsoChNRFCBI3Bo/EvUI8m/gWe9GLUk8ar3o0JMVxED2bN7M7Att3WdrfLgvP5JNN9b3699+bN67yZt7MBlFYt+5NEbIuIXyJirBVdvEKt9XH92sXZv65dnE2i0Xjlj6S53p/XLs4Wq27LP7fm+xxPI9IPk7jcId358xdOzdTrc+fy+OTC6bcn589fePLk6ZkTcyfmzkwfPXrk8NQzT08/tSHlHM3yuue9s3t3H3v9k5dmG/HG919m+a/ky9vL0VLtOc1a1KLRaDTSRXNHmn8P9Lz328toWzgZGmBGWJfs/M+qa7jZ/seiEjcrbyxe/GCgmQP6Krs+7Vg2t3VVTA8kzeXA/5U2DmVVXPGz+99iurU9kMG6+lzrBigr9/V8ai0Ziuy+Pam27tgrfUp/W0S8dvnvT7MpOj6HAADYWF9n/Z8nOvX/0ri3bb3t+dhQNSIORsTOiLg7InZFxD0RzXXvi4j715l+bUl8ef/np81dFWyNsv7fs/nY1uL+341Rm2olj402yz+cvHmyPncoPybjMbwpi0+tksY3L/z88UrLam39v2zK0i/6gnk+fh/atHib4zMLM72Uud3V9yP2DHUqf3JjJCCJiN0RsaeL/WfH7OTjX+zNwtu3Ll/+3+VfxQaMMzU+j3isVf+XY0n5C0krpZXGJyfvivrcocnirFjuhx+vvNweH24L91T+DZDV/5aO539e/qIZFOO18+tP48qvH614T9Pt+T+SvNoMj+Tz3p1ZWDg3FTGSz1g0f/rmtkW8WD8r//j+zu1/Z8Q/n+XbPRAR2Un8YEQ8FBH78rw/HBGPRMT+Vcr/3fOPvrX6ERps/R9frf4jqkn7eH0Xgcqpb79aKf211f+RZmg8n7OW/39rzWAvxw4AAADuFGlzDDpJJ26E03RiovUd/l2xJa2fnV84WIt3zhxvjVVXYzgtnnSNtT0PncqfDRfx6SXxwxGxo/lNo83N+MTs2frooAsPJbd1hfaf+a1fX3oBbh/rGkdL+pcP4NbzviaUl/YP5aX9Q3lp/1Bendr/pYjrA8gKcIu5/kN5af9QXto/lJf2D6W0/JX44udWunnT/2Zg57GeNi9RoNKnPUf7j3b0IRDpwA9d94H0dsjGvjywKSLWutWlvtbp0vMHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgzvdvAAAA//+bHeQQ") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0) 1.683982247s ago: executing program 3 (id=485): r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x0) ioctl$VIDIOC_SUBDEV_S_CROP(r0, 0xc0305602, &(0x7f00000000c0)={0x0, 0x9}) 1.581304941s ago: executing program 3 (id=487): r0 = socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b40)=@raw={'raw\x00', 0x8, 0x3, 0x590, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x2c0, 0xffffffff, 0xffffffff, 0x2c0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote, [], [], 'batadv_slave_0\x00', 'pimreg\x00'}, 0x0, 0xfffffffffffffea0, 0x1c0, 0x60030000, {0x0, 0xff000000}}, @common=@unspec=@NFQUEUE2}, {{@uncond, 0x0, 0x298, 0x300, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}, @common=@srh]}, @unspec}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x627) 1.355782367s ago: executing program 3 (id=492): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000038c0), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) 1.186936235s ago: executing program 3 (id=496): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)="d80000001c0081044e81f782db44b9040a1d080214000000020003a118000c000300000000000e1208000f0100810401a8001600200001400300000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c11503c6bbace8017cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0) 1.063993475s ago: executing program 0 (id=497): r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000000)=ANY=[], &(0x7f0000000080)=0x28) 1.063674067s ago: executing program 2 (id=498): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="020d00001000000000000000000000000800120002000200000000000000000012003c0004000000000000000000000000000000000000000000000000000000fc020000000800000000000000000000030005000000000002000000ac1414aa0000000000000000030006000000000002"], 0x80}}, 0x0) 1.063422599s ago: executing program 4 (id=499): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x1b, 0x0, &(0x7f00000001c0)=0x37) 1.028349314s ago: executing program 3 (id=500): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f00009bc000/0x1000)=nil, 0x1000, 0x3, &(0x7f0000000200)=0x6, 0x7, 0x3) 895.999236ms ago: executing program 4 (id=502): r0 = openat$iommufd(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_HWPT_INVALIDATE$TEST(r0, 0x3b8d, &(0x7f00000010c0)={0x20, 0x0, &(0x7f0000001080)=[{}], 0xdeadbeef, 0x8, 0x1}) 831.905581ms ago: executing program 0 (id=503): r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/time_for_children\x00') setns(r0, 0x0) 818.134259ms ago: executing program 2 (id=504): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$bt_hci(r0, 0x0, 0x1, 0x0, &(0x7f0000000080)=0x2) 723.711608ms ago: executing program 4 (id=506): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000003100), 0x0, 0x0) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000000)) 690.609573ms ago: executing program 1 (id=507): r0 = syz_open_dev$sndpcmc(&(0x7f0000000480), 0x1, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r0, 0xc1004110, &(0x7f0000000000)={0x0, [0x6, 0xffff133a, 0x3], [{0x0, 0x0, 0x0, 0x1}, {0x35, 0x35}, {0x0, 0x7}], 0x8}) 642.98863ms ago: executing program 4 (id=508): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000fc0)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000f00)={0x10, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_STA_WME={0x28, 0x81, [@NL80211_STA_WME_MAX_SP={0x5}, @NL80211_STA_WME_MAX_SP={0x3}]}]}, 0x28}}, 0x0) 600.002652ms ago: executing program 0 (id=509): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f0000000000)={0x28}) 599.730194ms ago: executing program 2 (id=510): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, 0x0) 592.150232ms ago: executing program 1 (id=511): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x48f, &(0x7f0000000080)={0x84, @local, 0x4e24, 0x1, 'nq\x00', 0x12, 0x5, 0xe}, 0x2c) 489.888074ms ago: executing program 0 (id=512): syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./bus\x00', 0x2218050, &(0x7f0000000140)=ANY=[], 0x1, 0x1528, &(0x7f0000001800)="$eJzs3Au4TtX2MPAx5pyLTS5vkvsacyze5DJJklwScqkkSUjuCUmSJKnEJrckJEmuO8l1h9zTTu73W+6hnSNJkpCQZH7PTn061fn6n/PvHH1nj9/zrGfPsdYac421x/u+a633efb+suvQGo1qVq3PzPCv0D8P8OKPRABIAIABAJAdAAIAKJOjTI607Zk0Jv5LBxH/Jg2mXe4KxOUk/U/fpP/pm/Q/fZP+p2/S//RN+p++Sf/TN+m/EOlact4rZUm/i3z///859b9Jluv/fx/E3676R/tK///b6H9qb+l/upHh91ZK/9OL378ESP/TN+l/ehZc7gLEZSbv//RN+i9Euvanf6e87uw/s3/wb6nhP7xouPw1/KuLEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgjxH3DWX2IA4Ofx5a5LCCGEEEIIIYQQfx7/zuWuQAghhBBCCCGEEP9+CAo0GAggA2SEBMgEmeEKyAJZIRtkhxhcCTngKsgJV0MuyA15IC/kg/xQAEIgsMAQQUEoBHG4BgrDtVAEikIxKA4OSkBJuA5KwfVQGm6AMnAjlIWboByUhwpQEW6GSnALVIYqUBVuhWpQHWpATbgNboc7oBbcCbXhLqgDd0NduAfqwb1QHxpAQ7gPGsH90BiaQFNoBs2hBbT8g/yk7L+X/yx0h+egB/SEROgFveF56AN9oR/0hwHwAgyEF2EQvASDYQgMhZdhGLwCw+FVGAGvwUh4HUbBaBgDY2EcjIckeAMmwJswEd66PytMhikwFabBdEiGt2EGzIRZ8A7MhjkwF5IyzYcFsBDehUXwHqTA+7AYPoAlsBSWwXJYASthFayGNbAW1sF62AAbYRNshi3wIWyFbbAddsBO2AW74SPYA3thH3wMqfjJP5l/5u/zoRsCAipUaNBgBsyACZiAmTEzZsEsmA2zYQxjmANzYE7MibkwF+bBPJgP82EBLICEhIyMBbEgxjGOhbEwFsEiWAyLoUOHJbEklsLrsTSWxjJYBstiWSyH5bE8VsSKWAkrYWWsjFWxKlbDalgDa+BteBvegbWwFtbG2lgH62BdrIv1sB7Wx/rYEBtiI2yEjbExNsWm2BybY0tsia2wFbbG1tgW22I7bIftsT12wA7YETtiJ+yEnbEzdsEu2BW7Yjd8Gp/GZ/FZfA6fw55YTfXC3tgb+2Af7If9sT++gAPxRXwRX8LBOASH4sv4Mr6Cw/E0jsDXcCSOxEpqNI7BschqPCZhEmaECTgRJ+IknIyTcSpOw+mYjMk4A2fiTHwHZ+McnIPzcB4uwIW4EBfhe5iCKbgYz+ASXIrLcDmuwJW4AlfjGlyN63A9rsONuBE342b8ED/EbbgNd+AO3IW78CP8CPfiXhyMqZiK+3E/HsADeBAP4iE8hIfxMB7BI3gUj+IxPIbH8QSexBN4Ck/haTyDZwHgHJ7D83geL+CFtDe/SmOUURlUBpWgElRmlVllUVlUNpVNxVRM5VA5VE6VU+VSuVQelUflU/lUAVVAkSLFKlIFVUEVV3FVWBVWRVQRVUwVU045VVKVVKVUKVValVZl1I1ny6qbVDlVXrVxFVVFVUm1dZVVFVVVVVXVVHVVQ9VUNdXt6nZVS9VStVVtVUfVUXXVPaqe6oX9sIFK60wjNQQbq6HYVDVTzVUL9Qo+oFqp4dhatVFt1UPqNRyB7VUr10E9qjqqMdhJPa7G4hOqixqPXdVTqpt6Wj2jnlXdVWvXQ/VUk7CX6q2mYh/VV/VT/dUMrK7SOlZDvaQGqyFqqHpZLcBX1HD16l68+IGpRqnRaowaq8ap8SpJvaEmqDfVRPWWmqQmqylqqpqmpqtk9baaoWaqWeodNVvNUXPVPDVfLVAL1btqkXpPpaj31WL1gVqilqplarlaoVaqVWq1WqPWqnVqvdqgNqpNarPaoj5UW9U2tV3tUDvVLrVbfaT2qL1qn/pYpapP1H71N3VAfaoOqs/UIfW5Oqy+UEfUl+qo+kodU1+r4+qEOqm+UafUt+q0OqPOqu/UOfW9Oq9+UBeUV6BRK6210YHOoDPqBJ1JZ9ZX6Cw6q86ms+uYvlLn0FfpnPpqnUvn1nlMXp1P59cFdKhJW8060gV1IR3X1+jC+lpdRBfVxXRx7XQJXVJfp0vp63VpfYMuo2/UZfVNupwuryt40DfrSvoWXVlX0VX1rbqarq5r6Jr6Nn27vkPX0nfq2vouXUffrevqe3Q9fa+urxvohvo+3UjfrxvrJrqpbqab6xa6pX5At9IP6kC30W31Q7qdfli314/oDvpR3VE/pjvpx3Vn/YTuop/UXfVTupuuAgA/6Ava6x66p07UvXRv/bzuo/vqfrq/HqBf0AP1i3qQfkkP1kP0UP2yHqZf0cP1q3qEfk2P1K/rUXq0HqPH6nF6vE7Sb+gJ+k09Ub+lJ+nJeoqeqqfp6bpf2kygLr5i/iD/zd/JH/Tj0TfrLfpDvVVv09v1Dr1T79K79W69R+/R+/Q+napT9X69Xx/QB/RBfVAf0of0YX1YH9FH9FF9VB/Tx/RxfUJ/p7/Rp/S3+rQ+o8/o7/Q5fU6f1xd/B2DQKKONMYHJYDKaBJPJZDZXmCwmq8lmspuYudLkMFeZnOZqk8vkNnlMXpPP5DcFTGjIWMMmMgVNIRM315jC5lpTxBQ1xUxx40wJU9Jc97/O/6P6WpqWppVpZVqb1qataWvamXamvWlvOpgOpqPpaDqZTqaz6Wy6mC6mq+lquplu5hnzjOluupsepodJNImmt3ne9DF9TT/T3wwwL5iBZqAZZAaZwWawGWqGmmFmmBluhpsRCT/dMplRZowZY8aZcSbJZzcTzAQz0Uw0k8wkM2VAdjPNTDPJJtnMMDPMLDPLzDazzVwz18w3881Cs9AsMotMikkxi81is8QsNUvNcrPcrDQrzWqz2qw1a816s95sNBvNErPFbDFbzVaz3Ww3O81Os9vsNnvMHrPP7DOpJtXsN/vNAXPAHDQHzSFzyBw2h80Rc8QcNUfNMXPMHDfHzUlz0pwyp8xpc9qcNWfNOXPOnDfnzQVzIe22L1CBCkxgggxBhiAhSAgyB5mDLEGWIFuQLYgFsSBHkCPIGVwd5ApyB3mCvEG+IH9QIAgDCmzAQRQUDAoF8eCaoHBwbVAkKBoUC4oHLigRlAyuC0oF1welgxuCMsGNQdngpqBcUD6oEFQMbg4qBbcElYMqQdXg1qBaUD2oEdQMbgtuD+4IagV3BrWDu4I6wd1B3eCeoF5wb1A/aBA0DO4LGgX3B42DJkHToFnQPGgRtPxT5/f+dO4HXY+wZ5gY9gp7h8+HfcK+Yb+wfzggfCEcGL4YDgpfCgeHQ8Kh4cvhsPCVcHj4ajgifC0cGb4ejgpHh2PCseG4cHyYFL4RTgjfDCeGb4WTwsnhlGBqOC2cHiaHb4czwpnhrPCdcHY4J5wbzgvnhwtC/OnikhK+Hy4OPwiXhEvDZeHycEW4MlwVrg7XhGvDdeH6cEO4sczAi7uGW8Nt4fZwR7gz3BXuDj8K94R7w33hx2Fq+Em4P/xbeCD8NDwYfhYeCj8PD4dfhEfCL8Oj4VfhsfDr8Hh4IhOE34Snwm/D0+GZ8Gz4XXgu/D48H/4QXgh92s192uWdDBnKQBkogRIoM2WmLJSFslE2ilGMclAOykk5KRflojyUh/JRPipABSgNE1NBKkhxilNhKkxFqAgVo2LkyFFJKkmlqBSVptJUhspQWSpL5chSBapAN9PNdAvdQlWoCt1Kt1J1qk41qSYh3k61qBbVptpUh+pQXapL9age1af61JAaUiNqRI2pMTWlptScmlNLakmtqBW1ptbUltpSO2pH7ak9daAO1JE6UifqRJ2pM3WhLtSVulI36kbP0DPUnbpTD+pBiZRIvak39aE+1I/60QAaQANpIA2iQTSYBtNQGkrDaBgNp+E0gl6jkfQ6jaLRNIbG0jgaT0mURBNoAk2kiTSJJtEUmkLTaBolUzLNoBk0i2bRbJpNc2kuzaf5tJAW0iJaRCmUQotpMS2hJbSMltEKWkGraBWtoTW0jtbRBtpAm2gTbaEttJW20nbaTjtpJ+2m3bSH9tA+2keplEr7aT8doAN0kA7SITpEh+kwHaEjdJSO0jE6RsfpOJ2kk3SKTtFpOk1n6Sydo+/pPP1AF8hTgs1kM9srbBab1Waz2e2v4zw2r81n89sCNrS5bG6bCQB+jslaW8QWtcVscetsCVvSXvebuJwtbyvYivZmW8neYivbcjYT/DK+3d5ha9k7bW17l61pb/u7uI6929a199t6tomtb5vZhraFbWTvt41tE9vUNrPNbQvbzj5s29tHbAf7qO1oH/tNvMi+Z9fYtXadXW/32L32rP3OHrFf2nP2e9vD9rQD7At2oH3RDrIv2cF2yN/HAHakfd2OsqPtGDvWjrPjfxNPsVPtNDvdJtu37Qw78zfxQvuunW1T7Fw7z863C36M02pKse/bxfYD7723y+xyu8KutKvs6v9b63K70W6ym+1u+5HdarfZ7XaH3Wl3/Rinncc++7FNtZ/Yw/YLe8B+ag/ao/aQ/fzHOO38jtqv7DH7tT1uT9iT9ht7yn5rT9szP55/2rl/Y3+wF6y3wMiKNRsOOANn5ATOxJn5Cs7CWTkbZ+cYX8k5+CrOyVdzLs7NeTgv5+P8XIBDJrbMHHFBLsRxvoYL87VchItyMS7OjktwSb6OS/H1XJpv4DJ8I5flm7gcl+cKXJFv5kp8C1fmKlyVb+VqXH3bHRc/7fgOrsV3cm2+i+vw3VyX7+F6fC/X5wbckO/jRnw/N+Ym3JSbcXNuwS35AW7FD3JrbsNt+SFuxw9ze36EO/Cj3JEf4078OHfmJ7gLP8ld+Snuxk/zM/wsd+fnuAf35ETuxb35ee7Dfbkf9+cB/AIP5Bd5EL/Eg3kID+WXmfkVHs6v8gh+jUfy6zyKR/MYHsvjeDwn8Rs8gd/kifwWT+LJPIWn8jSezsn8Ns/gmTyL3+HZPIfn8jyezwt4Ib/Li/g9TuH3eTF/wEt4KS/j5byCV/IqXs1reC2v4/W8gTfyJt7MW/hD3srbeDvv4J28i3fzR7yH9/I+/phT+RPez3/jA/wpH+TP+BB/zof5Cz7CX/JR/oqP8dd8nE/wSf6GT/G3fJrP8Fn+js/x93yef+AL7BkijFSkIxMFUYYoY5QQZYoyR1dEWaKsUbYoexSLroxyRFdFOaOro1xR7ihPlDfKF+WPCkRhRJGNOIqiglGhKB5dExWOro2KREWjYlHxyEUlopLRdVGp6PqodHRDVCa6MSob3RSVi8pHFaKK0c1RpeiWqHJUJaoa3RpVi6pHNaKa0W3R7dEdUa3ozqh2dFdUOro7qhvdE9WL7o3qRw2ihtF9UaPo/qhx1CRqGjWLmkctopbRA1Gr6MGoddQmahs9FLWLHo7aR49EHaJHo47RY5e2Fw0uvr5+tT0x6hXpn2737tTz4wviC+PvxhfF34unxN+PL45/EF8SXxpfFl8eXxFfGV8VXx1fE18bXxdfH98Q3xjfFN8c975mRnCY9iAMxgUug8voElwml9ld4bK4rC6by+5i7kqXw13lcrqrXS6X2+VxeV0+l98VcKEjZx27yBV0hVzcXeMKu2tdEVfUFXPFnXMlXEnXwrV0LV0r96Br7dq4tu4h95B72D3sHnGPuEddR/eY6+Qed53dE66Le9I96Z5y3dzT7hn3rOvunnM9XE+X6BJdb9fb9XF9XD/Xzw1wA9xAN9ANcoPcYDfYDXVD3TA3zA13w90IN8KNdCPdKDfKjXFj3Dg3ziW5JDfBTXAT3UQ3yU1yU9wUN81Nc8ku2c1wM9wsN8vNdrPdXDfXzXfz3UK30C1yi1yKS3GL3WK3xC1xy9wyt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcVvdVrfdbXc73U632+12e9wet8/tc6ku1e13+90Bd8AddJ+5Q+5zd9h94Y64L91R95U75r52x90Jd9J94065b91pd8addd+5c+57d9794C4475Jib8QmxN6MTYy9FZsUmxybEpsamxabHkuOvR2bEZsZmxV7JzY7Nic2NzYvNj+2ILYw9m5sUey9WErs/dji2AexJbGlsWWx5bEVsZUx7/NvjXxBX8jH/TW+sL/WF/FFfTFf3Dtfwpf01/lS/npf2t/gy/gbfVl/ky/ny/sKvolv6pv55r6Fb+kf8K38g761b+Pb+od8O/+wb+8f8R38o76jf8x38o/7zv4J38U/6bv6p+b89PL03f1zvofv6RN9L9/bP+/7+L6+n+/vB/gX/ED/oh/kX/KD/RA/1L/sh/lX/HD/qh/hX/Mj/et+lB/tx/ixfpwf75P8G36Cf9NP9G/5SX6yn+Kn+ml+uk/2b/sZfqaf5d/xs/0cP9fP8/P9Ar/Qv+sX+fd8in/fL/Yf+CV+qV/ml/sVfqVf5Vf7NX6tX+fX+w1+o9/kN/stPiNs9dv8dr/D7/S7/G7/kd/j9/p9/mOf6j/x+/3f/AH/qT/oP/OH/Of+sP/CH/Ff+qP+K3/Mf+2P+xP+pP/Gn/Lf+tP+jD/rv/Pn/Pf+vP/BX5C/WRNCCCGE+B9J/IPtvX5nnfppMQDQGwCybst76Jfb056bNuS6OO6r9nSMAcCjPbs2+Hlp0CAx8efjLtEQFJoHALFL+RngUrwU2sLDP45K/W59fVUF5F/NH/xie9r88RsBMgNk+nldAvwY/2L+DtAGrv8H8zd599fz/7r++DyAIoUu5aQd6Of40vyl/8H8u9r9wfyZPk0CaP2LnCxwKb40f0l4EB6DDn+3pxBCCCGEEEIIcVFfda7bHz3fpj2f5zOXcjLCpfjS8+fvP5//gcp/xjkIIYQQQgghhBDi/+2Jp5955IEOHdp0/m8eZPxrlPEXGCAA/AXKkMFff3C5P5mEEEIIIYQQf7ZLN/2XuxIhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEECL9+tf/Q5j6H+/8y+Ppy3eqQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxGXzfwIAAP//mQVHMg==") mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) 489.614155ms ago: executing program 1 (id=513): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0xd}]}}}]}, 0x3c}}, 0x0) 489.463921ms ago: executing program 4 (id=514): r0 = syz_open_dev$video4linux(&(0x7f00000000c0), 0x0, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) 367.969371ms ago: executing program 2 (id=515): r0 = syz_open_dev$vim2m(&(0x7f0000000300), 0x102, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x0, 0x8, 0x4}) 244.279219ms ago: executing program 1 (id=516): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) read$sequencer(r0, &(0x7f0000000340)=""/219, 0xdb) 243.948198ms ago: executing program 4 (id=517): syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000240)='./file1\x00', 0x10, &(0x7f0000000980)=ANY=[@ANYBLOB="005901e3fd18fb9c322293c67dcde48bfeffd1843c336e09b34af65ad26aafded7da5cfeeda2b8d8d900c2195f00f646f699eeb47813177405a6a6baf786c0d14f2079a9efa9db8973bcca25eb2973856c6760a483c41d0980c78a4cb096a5affa6b980600000000000000a1eacd2c820176737d4eb55dca564820dd769d8742f6d9ab243775a67afcdf845f978e95365cdf6f30aa43423b381881433e00ccbe6353b21300d8f0ca972589398eef9487db78486fcf174990c488031f8b39cc01bb509f3ea4bcde33d4c9e305ecb4dd88204c5d7bb5e469cabfda0feca3ce70c0acbc34d13e5a5c796eab23abfe3b717834f8e9d7120e1e925c4e210b4152c75210b3e979fbe8ddf23eef2d53733209b22206e0a4afc354c33d7ca2a00116a14d686e4aa86b6ec6a4130178c3ad8c723c0d8506bd7bff780000000000000000004b2ec61cfde813cc124715aaaf5508b93d8cf0860042108b660b74f94b1e4851eeec09fdb7a617eabeeeff8ce8bb99f4b1f9c2896cf31e19c3c24155b0ea7dc3cae1b56acb1946830cad94af3f1caf43ea03b38fc08a7e19480e283a4c0d", @ANYRES64=0x0, @ANYRES16=0x0, @ANYRES32, @ANYRES64=0x0, @ANYRES32, @ANYBLOB="013f5e0c4eaa6035b286a05ad2cbf6ceb6b4f8857887209c639f55bd4ca21768b42eeee1fe270b10650dec195399e97b5c92203937a3783cb425f2e75f5b798de95c5127ab7b7d5dcc5a7d075fa0c84271bd431467c0a9182239a790"], 0x1, 0x1fb, &(0x7f0000000280)="$eJzskk9rE08Yxz+zu0n296OlQaKiCEUtWg9tNqnGPwcFLwb1JBVqQTAkaQ2m/mkCNaGHCEIRL4JVaBEPoqSIB/ENmIOn3hSKt1LouYcevEjryuxOtpN34GE+h/3uzDzP99nn2blbe1RLALvb80VIInFI8V0IHGBQBFuU7FBdpdeVxtX5FSvUjtLfSnfPNicmQVSOreeszsHSUZGkL/VrdYMiA7c5//bapx83Yotr+7Y+fJXxV282viBOlgbevfn84vJSf2Avbk3qPnbnyLIrjYCXOxPrG84hUl2vyuLafvfPgdWn7Y+5Z7KD11MIb9kFRr+NLF30+p9byrPWaN4rVKvl2dqlJxZbQamf2/NF+XInAb7v+0HvQB7QY2T7K+zFHHZgHLDxoxiHPdL1mYfpWqM5UpkpTJeny/ez2bGcd9rzzmTTU5Xq+1fyWfaEVkJNEKmnAPmb/tPOY8COivkfWlo1hPZp6lzouXHt1w0fpwdLy+2qoBPlJlScHME4J5CjnWsJbXcocHEIWsojsOfCRcbRvi+s5QYHo8UH1dICAtFNa+NEHplNYtEiqy/GzkVtLygdUppX2la6qXTQ7b2pTuBgqfs83II4jwv1+mwmDit9KkvtZeXgwrdkSx+YrJq0e5u7YGMwGAwGg8FgMBgM/wx/AwAA//+2K50Q") openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) 185.610689ms ago: executing program 1 (id=518): r0 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0x58}}, 0x1c) 119.973057ms ago: executing program 2 (id=519): r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r0, 0x0, 0x486, &(0x7f0000000100), &(0x7f00000003c0)=0xc) 96.260952ms ago: executing program 0 (id=520): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x12}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x5c}}, 0x0) 75.941975ms ago: executing program 1 (id=521): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=@newtaction={0x68, 0x30, 0x871a15abc695fa1d, 0x0, 0x0, {}, [{0x54, 0x1, [@m_ctinfo={0x50, 0x1, 0x0, 0x0, {{0x6}, {0x24, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) 0s ago: executing program 2 (id=522): r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net\x00') getdents64(r0, 0x0, 0xffb8) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.84' (ED25519) to the list of known hosts. [ 50.665660][ T5214] cgroup: Unknown subsys name 'net' [ 50.860238][ T5214] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 52.164979][ T5214] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 55.527963][ T5237] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 55.531477][ T5242] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 55.543924][ T5242] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 55.553241][ T5242] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 55.553578][ T5237] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 55.561248][ T5242] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 55.576063][ T5243] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 55.576668][ T5242] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 55.592136][ T5243] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 55.600621][ T5242] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 55.615540][ T5244] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 55.615582][ T5242] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 55.629937][ T5243] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 55.631836][ T5242] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 55.643781][ T5244] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 55.647171][ T5242] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 55.652910][ T5245] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 55.659243][ T5242] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 55.666588][ T5245] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 55.672291][ T5246] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 55.682188][ T5242] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 55.688755][ T5241] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 55.693402][ T5242] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 55.699855][ T5246] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 55.706653][ T5245] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 55.714210][ T5241] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 55.723819][ T5242] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 55.735645][ T5242] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 55.735811][ T5241] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 55.750796][ T5241] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 56.127564][ T5225] chnl_net:caif_netlink_parms(): no params data found [ 56.251499][ T5224] chnl_net:caif_netlink_parms(): no params data found [ 56.300742][ T5235] chnl_net:caif_netlink_parms(): no params data found [ 56.315878][ T5228] chnl_net:caif_netlink_parms(): no params data found [ 56.336962][ T5225] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.344968][ T5225] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.352248][ T5225] bridge_slave_0: entered allmulticast mode [ 56.359812][ T5225] bridge_slave_0: entered promiscuous mode [ 56.370304][ T5225] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.378371][ T5225] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.385856][ T5225] bridge_slave_1: entered allmulticast mode [ 56.392354][ T5225] bridge_slave_1: entered promiscuous mode [ 56.421286][ T5227] chnl_net:caif_netlink_parms(): no params data found [ 56.493371][ T5225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.533662][ T5225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.602126][ T5224] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.611345][ T5224] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.620038][ T5224] bridge_slave_0: entered allmulticast mode [ 56.628409][ T5224] bridge_slave_0: entered promiscuous mode [ 56.663120][ T5228] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.670546][ T5228] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.678518][ T5228] bridge_slave_0: entered allmulticast mode [ 56.685855][ T5228] bridge_slave_0: entered promiscuous mode [ 56.693156][ T5224] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.700565][ T5224] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.708214][ T5224] bridge_slave_1: entered allmulticast mode [ 56.715206][ T5224] bridge_slave_1: entered promiscuous mode [ 56.724211][ T5225] team0: Port device team_slave_0 added [ 56.730142][ T5235] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.737381][ T5235] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.744621][ T5235] bridge_slave_0: entered allmulticast mode [ 56.751167][ T5235] bridge_slave_0: entered promiscuous mode [ 56.775288][ T5228] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.782404][ T5228] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.790236][ T5228] bridge_slave_1: entered allmulticast mode [ 56.797383][ T5228] bridge_slave_1: entered promiscuous mode [ 56.812907][ T5225] team0: Port device team_slave_1 added [ 56.819413][ T5235] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.826591][ T5235] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.833803][ T5235] bridge_slave_1: entered allmulticast mode [ 56.840370][ T5235] bridge_slave_1: entered promiscuous mode [ 56.847476][ T5227] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.854800][ T5227] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.862085][ T5227] bridge_slave_0: entered allmulticast mode [ 56.869131][ T5227] bridge_slave_0: entered promiscuous mode [ 56.914643][ T5227] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.921808][ T5227] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.929363][ T5227] bridge_slave_1: entered allmulticast mode [ 56.936449][ T5227] bridge_slave_1: entered promiscuous mode [ 56.944960][ T5228] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.955925][ T5224] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.967572][ T5224] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.997878][ T5228] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.022005][ T5225] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.029230][ T5225] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.055309][ T5225] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.069394][ T5235] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.108352][ T5225] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.115440][ T5225] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.145390][ T5225] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.159926][ T5235] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.178406][ T5227] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.191916][ T5228] team0: Port device team_slave_0 added [ 57.199749][ T5228] team0: Port device team_slave_1 added [ 57.208235][ T5224] team0: Port device team_slave_0 added [ 57.216180][ T5224] team0: Port device team_slave_1 added [ 57.242805][ T5227] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.273374][ T5224] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.281158][ T5224] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.307269][ T5224] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.319655][ T5224] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.326739][ T5224] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.353217][ T5224] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.369439][ T5235] team0: Port device team_slave_0 added [ 57.392113][ T5228] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.399158][ T5228] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.425456][ T5228] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.443082][ T5235] team0: Port device team_slave_1 added [ 57.461320][ T5228] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.471105][ T5228] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.498519][ T5228] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.526633][ T5227] team0: Port device team_slave_0 added [ 57.545047][ T5225] hsr_slave_0: entered promiscuous mode [ 57.551166][ T5225] hsr_slave_1: entered promiscuous mode [ 57.572945][ T5227] team0: Port device team_slave_1 added [ 57.603212][ T5235] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.610583][ T5235] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.639485][ T5235] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.672363][ T5227] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.679530][ T5227] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.706254][ T5227] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.721740][ T5224] hsr_slave_0: entered promiscuous mode [ 57.728613][ T5224] hsr_slave_1: entered promiscuous mode [ 57.737417][ T5224] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 57.746184][ T5224] Cannot create hsr debugfs directory [ 57.746199][ T5241] Bluetooth: hci3: command tx timeout [ 57.762355][ T5235] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.769748][ T5235] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.796229][ T5235] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.809627][ T5228] hsr_slave_0: entered promiscuous mode [ 57.818791][ T5228] hsr_slave_1: entered promiscuous mode [ 57.824558][ T5241] Bluetooth: hci2: command tx timeout [ 57.830966][ T5228] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 57.834133][ T4620] Bluetooth: hci1: command tx timeout [ 57.838724][ T54] Bluetooth: hci4: command tx timeout [ 57.848991][ T5241] Bluetooth: hci0: command tx timeout [ 57.850117][ T5228] Cannot create hsr debugfs directory [ 57.876989][ T5227] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.884207][ T5227] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.910330][ T5227] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.024774][ T5227] hsr_slave_0: entered promiscuous mode [ 58.031915][ T5227] hsr_slave_1: entered promiscuous mode [ 58.038404][ T5227] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.046349][ T5227] Cannot create hsr debugfs directory [ 58.106220][ T5235] hsr_slave_0: entered promiscuous mode [ 58.112698][ T5235] hsr_slave_1: entered promiscuous mode [ 58.119406][ T5235] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.127108][ T5235] Cannot create hsr debugfs directory [ 58.278944][ T5228] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 58.320040][ T5228] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 58.347950][ T5228] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 58.360346][ T5228] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 58.414981][ T5225] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 58.441610][ T5225] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 58.450931][ T5225] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 58.474528][ T5225] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 58.499199][ T5224] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 58.513051][ T5224] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 58.538937][ T5224] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 58.548877][ T5224] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 58.630594][ T5228] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.638138][ T5227] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 58.650015][ T5227] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 58.675244][ T5227] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 58.703477][ T5227] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 58.729690][ T5228] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.767973][ T5235] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 58.782168][ T5225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.799496][ T5235] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 58.810191][ T5235] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 58.827119][ T5235] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 58.838790][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.846074][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.884523][ T3027] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.891646][ T3027] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.911346][ T5225] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.987270][ T1311] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.994423][ T1311] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.006220][ T1311] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.013305][ T1311] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.070478][ T5224] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.080566][ T5228] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.166963][ T5224] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.181043][ T5227] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.221299][ T5235] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.232948][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.240124][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.266816][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.274010][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.322573][ T5227] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.367944][ T221] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.375104][ T221] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.395607][ T5235] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.420932][ T221] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.428103][ T221] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.471608][ T221] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.478768][ T221] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.547241][ T5225] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.559333][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.566436][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.601092][ T5228] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.646723][ T5227] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.708140][ T5224] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.732963][ T5225] veth0_vlan: entered promiscuous mode [ 59.747638][ T5225] veth1_vlan: entered promiscuous mode [ 59.827903][ T5241] Bluetooth: hci3: command tx timeout [ 59.846818][ T5225] veth0_macvtap: entered promiscuous mode [ 59.887486][ T5225] veth1_macvtap: entered promiscuous mode [ 59.903958][ T5241] Bluetooth: hci4: command tx timeout [ 59.904092][ T54] Bluetooth: hci2: command tx timeout [ 59.909374][ T5241] Bluetooth: hci0: command tx timeout [ 59.915141][ T54] Bluetooth: hci1: command tx timeout [ 59.969591][ T5225] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.990937][ T5224] veth0_vlan: entered promiscuous mode [ 60.002337][ T5227] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.015174][ T5225] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.030996][ T5224] veth1_vlan: entered promiscuous mode [ 60.066842][ T5225] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.085039][ T5225] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.105099][ T5225] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.114816][ T5225] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.215973][ T5228] veth0_vlan: entered promiscuous mode [ 60.243515][ T5235] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.268616][ T5227] veth0_vlan: entered promiscuous mode [ 60.278941][ T5228] veth1_vlan: entered promiscuous mode [ 60.291563][ T3027] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.300327][ T5227] veth1_vlan: entered promiscuous mode [ 60.312840][ T3027] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.327617][ T5224] veth0_macvtap: entered promiscuous mode [ 60.367606][ T5224] veth1_macvtap: entered promiscuous mode [ 60.400370][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.409520][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.417174][ T5224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.430371][ T5224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.441349][ T5224] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.452587][ T5227] veth0_macvtap: entered promiscuous mode [ 60.477693][ T5224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.502449][ T5224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.522510][ T5224] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.531052][ T5227] veth1_macvtap: entered promiscuous mode [ 60.543293][ T5228] veth0_macvtap: entered promiscuous mode [ 60.562664][ T5224] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.571969][ T5224] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.581334][ T5224] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.590479][ T5224] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.606083][ T5235] veth0_vlan: entered promiscuous mode [ 60.619011][ T5235] veth1_vlan: entered promiscuous mode [ 60.647685][ T5228] veth1_macvtap: entered promiscuous mode [ 60.672431][ T5235] veth0_macvtap: entered promiscuous mode [ 60.693088][ T5227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.710739][ T5227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.727231][ T5227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.738848][ T5227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.757628][ T5227] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.793118][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.804244][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.815125][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.826518][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.837296][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.848119][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.872251][ T5228] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.882670][ T5227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.895638][ T5227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.905817][ T5227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.916619][ T5227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.928170][ T5227] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.937079][ T5235] veth1_macvtap: entered promiscuous mode [ 60.987812][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.002168][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.012907][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.025051][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.042293][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.058797][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.070703][ T5228] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.090144][ T5227] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.102806][ T5227] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.112591][ T5227] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.121637][ T5227] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.144329][ T5228] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.153074][ T5228] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.163367][ T5228] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.189709][ T5228] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.201813][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.215524][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.225822][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.236963][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.247709][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.258209][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.268630][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.279505][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.290579][ T5235] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.305567][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.316952][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.328081][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.339121][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.349854][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.360719][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.371054][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.382330][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.393440][ T5235] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.422599][ T5235] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.442188][ T5235] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.466821][ T5235] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.476254][ T5235] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.495207][ T3027] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.503365][ T3027] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.519504][ T5321] netlink: 'syz.1.11': attribute type 10 has an invalid length. [ 61.532883][ T5321] team0: Device veth0_macvtap failed to register rx_handler [ 61.676328][ T221] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.686010][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.699192][ T221] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.704604][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.749783][ T5325] capability: warning: `syz.1.13' uses deprecated v2 capabilities in a way that may be insecure [ 61.789579][ T221] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.800453][ T221] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.861943][ T221] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.884844][ T221] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.904432][ T54] Bluetooth: hci3: command tx timeout [ 61.907673][ T5329] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 61.979240][ T5329] No such timeout policy "syz1" [ 61.984565][ T54] Bluetooth: hci1: command tx timeout [ 61.984614][ T5242] Bluetooth: hci0: command tx timeout [ 61.989965][ T54] Bluetooth: hci2: command tx timeout [ 61.995365][ T5241] Bluetooth: hci4: command tx timeout [ 62.036201][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.052878][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.092430][ T5332] netlink: 24 bytes leftover after parsing attributes in process `syz.1.16'. [ 62.146620][ T3027] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.174096][ T3027] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.183157][ T3027] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.215877][ T3027] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.707838][ T5326] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 62.753191][ T5357] loop4: detected capacity change from 0 to 512 [ 62.778606][ T5359] loop0: detected capacity change from 0 to 8 [ 62.859892][ T5357] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 62.904276][ T5326] usb 2-1: Using ep0 maxpacket: 8 [ 62.915247][ T5326] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 62.942316][ T5326] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 62.954586][ T5326] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 239, changing to 11 [ 62.966627][ T5326] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 9059, setting to 1024 [ 62.972402][ T5357] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 62.979268][ T5326] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 63.006940][ T5368] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT [ 63.027645][ T5326] usb 2-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 63.053529][ T5326] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 63.082357][ T5326] usb 2-1: Product: syz [ 63.105492][ T5326] usb 2-1: Manufacturer: syz [ 63.110168][ T5326] usb 2-1: SerialNumber: syz [ 63.154770][ T5326] usb 2-1: config 0 descriptor?? [ 63.171231][ T5228] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 63.191518][ T5326] input: KB Gear Tablet as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input5 [ 63.208451][ T5370] loop0: detected capacity change from 0 to 1764 [ 63.286063][ T5370] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 63.346242][ T5378] loop2: detected capacity change from 0 to 8 [ 63.392746][ T29] audit: type=1400 audit(1724333227.144:2): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3A21D01A0B978D2F2F262D2A83D1 pid=5379 comm="syz.3.34" [ 63.734285][ T5278] usb 2-1: USB disconnect, device number 2 [ 63.989515][ T54] Bluetooth: hci3: command tx timeout [ 64.021722][ T5402] loop0: detected capacity change from 0 to 164 [ 64.037180][ T5402] rock: directory entry would overflow storage [ 64.043663][ T5402] rock: sig=0x4543, size=28, remaining=18 [ 64.064148][ T54] Bluetooth: hci0: command tx timeout [ 64.064663][ T4620] Bluetooth: hci4: command tx timeout [ 64.069602][ T5242] Bluetooth: hci2: command tx timeout [ 64.075209][ T4620] Bluetooth: hci1: command tx timeout [ 64.116910][ T5404] loop2: detected capacity change from 0 to 64 [ 64.322171][ T5410] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 64.392498][ T5412] loop3: detected capacity change from 0 to 256 [ 64.412287][ T5414] netlink: 'syz.0.50': attribute type 2 has an invalid length. [ 64.452033][ T5414] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.50'. [ 65.046411][ T5435] xt_connbytes: Forcing CT accounting to be enabled [ 65.053206][ T5435] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 65.089598][ T5435] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 65.105706][ T5437] libceph: resolve '0..' (ret=-3): failed [ 65.231240][ T5395] loop4: detected capacity change from 0 to 32768 [ 65.347032][ T5395] jfs_lookup: dtSearch returned -5 [ 65.822684][ T5475] netlink: 'syz.0.79': attribute type 3 has an invalid length. [ 65.882658][ T5475] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.79'. [ 66.233767][ T5500] netlink: 12 bytes leftover after parsing attributes in process `syz.2.91'. [ 66.286569][ T5501] Illegal XDP return value 4294967274 on prog (id 5) dev N/A, expect packet loss! [ 66.323815][ T2630] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 66.387242][ T5505] loop2: detected capacity change from 0 to 8192 [ 66.422453][ T5505] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 66.435300][ T5507] vcan0 speed is unknown, defaulting to 1000 [ 66.443459][ T5507] vcan0 speed is unknown, defaulting to 1000 [ 66.460660][ T5505] FAT-fs (loop2): error, clusters badly computed (1 != 0) [ 66.486412][ T5505] FAT-fs (loop2): Filesystem has been set read-only [ 66.495578][ T5507] vcan0 speed is unknown, defaulting to 1000 [ 66.503655][ T5505] FAT-fs (loop2): error, clusters badly computed (2 != 1) [ 66.533793][ T2630] usb 4-1: Using ep0 maxpacket: 32 [ 66.542390][ T2630] usb 4-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 66.565553][ T2630] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 66.577415][ T5511] netlink: 'syz.1.97': attribute type 1 has an invalid length. [ 66.590723][ T2630] usb 4-1: Product: syz [ 66.598241][ T5511] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.97'. [ 66.613493][ T2630] usb 4-1: Manufacturer: syz [ 66.618627][ T2630] usb 4-1: SerialNumber: syz [ 66.646728][ T2630] usb 4-1: config 0 descriptor?? [ 66.782616][ T5517] netlink: 24 bytes leftover after parsing attributes in process `syz.1.100'. [ 66.872586][ T5507] infiniband syz1: set active [ 66.879741][ T5238] vcan0 speed is unknown, defaulting to 1000 [ 66.895905][ T5507] infiniband syz1: added vcan0 [ 66.977034][ T5519] loop2: detected capacity change from 0 to 2048 [ 66.989712][ T5519] ======================================================= [ 66.989712][ T5519] WARNING: The mand mount option has been deprecated and [ 66.989712][ T5519] and is ignored by this kernel. Remove the mand [ 66.989712][ T5519] option from the mount to silence this warning. [ 66.989712][ T5519] ======================================================= [ 66.994687][ T5507] RDS/IB: syz1: added [ 67.024717][ C0] vkms_vblank_simulate: vblank timer overrun [ 67.052999][ T2630] rtl8150 4-1:0.0: couldn't reset the device [ 67.063180][ T5519] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 67.064126][ T2630] rtl8150 4-1:0.0: probe with driver rtl8150 failed with error -5 [ 67.116749][ T5519] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 67.130551][ T2630] usb 4-1: USB disconnect, device number 2 [ 67.188046][ T5507] smc: adding ib device syz1 with port count 1 [ 67.249479][ T5507] smc: ib device syz1 port 1 has pnetid [ 67.267496][ T5238] vcan0 speed is unknown, defaulting to 1000 [ 67.297942][ T5507] vcan0 speed is unknown, defaulting to 1000 [ 67.394737][ T5531] 9pnet_fd: Insufficient options for proto=fd [ 67.444586][ T5535] netlink: 12 bytes leftover after parsing attributes in process `syz.1.108'. [ 67.799468][ T5513] loop0: detected capacity change from 0 to 32768 [ 67.839764][ T5555] netlink: 'syz.1.118': attribute type 1 has an invalid length. [ 67.848003][ T5555] netlink: 'syz.1.118': attribute type 2 has an invalid length. [ 67.856636][ T5555] netlink: 4 bytes leftover after parsing attributes in process `syz.1.118'. [ 67.863206][ T5513] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.98 (5513) [ 67.866668][ T5555] netlink: 8 bytes leftover after parsing attributes in process `syz.1.118'. [ 67.909953][ T5507] vcan0 speed is unknown, defaulting to 1000 [ 68.018043][ T5564] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 68.072060][ T5566] loop1: detected capacity change from 0 to 256 [ 68.098673][ T5513] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 68.149582][ T5513] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 68.185331][ T5513] BTRFS info (device loop0): using free-space-tree [ 68.363500][ T5581] netlink: 9 bytes leftover after parsing attributes in process `syz.3.128'. [ 68.372901][ T5581] 0·: renamed from hsr0 (while UP) [ 68.405331][ T5581] 0·: entered allmulticast mode [ 68.410238][ T5581] hsr_slave_0: entered allmulticast mode [ 68.428618][ T5581] hsr_slave_1: entered allmulticast mode [ 68.435292][ T5581] A link change request failed with some changes committed already. Interface 70· may have been left with an inconsistent configuration, please check. [ 68.564990][ T5507] vcan0 speed is unknown, defaulting to 1000 [ 68.805878][ T35] BTRFS error (device loop0): bad fsid on logical 5341184 mirror 1 [ 68.830434][ T5513] BTRFS error (device loop0): failed to load root free space [ 68.877550][ T5513] BTRFS error (device loop0): open_ctree failed [ 69.041333][ T5507] vcan0 speed is unknown, defaulting to 1000 [ 69.254010][ T5623] netlink: 'syz.1.144': attribute type 1 has an invalid length. [ 69.279180][ T5623] netlink: 224 bytes leftover after parsing attributes in process `syz.1.144'. [ 69.458868][ T5635] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 69.609987][ T5507] vcan0 speed is unknown, defaulting to 1000 [ 69.612924][ T5641] overlayfs: missing 'lowerdir' [ 69.701165][ T5647] netlink: 'syz.3.157': attribute type 1 has an invalid length. [ 69.708951][ T5647] netlink: 'syz.3.157': attribute type 2 has an invalid length. [ 69.760099][ T29] audit: type=1326 audit(1724333233.514:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5648 comm="syz.0.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0169779e79 code=0x7ffc0000 [ 69.826281][ T29] audit: type=1326 audit(1724333233.544:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5648 comm="syz.0.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=195 compat=0 ip=0x7f0169779e79 code=0x7ffc0000 [ 69.925702][ T29] audit: type=1326 audit(1724333233.554:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5648 comm="syz.0.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0169779e79 code=0x7ffc0000 [ 69.983489][ T5657] netlink: 'syz.3.161': attribute type 11 has an invalid length. [ 70.037121][ T29] audit: type=1326 audit(1724333233.554:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5648 comm="syz.0.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0169779e79 code=0x7ffc0000 [ 70.218241][ T5666] netlink: 8 bytes leftover after parsing attributes in process `syz.3.166'. [ 70.238374][ T5670] loop4: detected capacity change from 0 to 256 [ 70.300024][ T5670] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d) [ 70.361617][ T5670] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 70.407771][ T5678] bond0: (slave netdevsim0): Error: Device can not be enslaved while up [ 70.557788][ T8] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 70.606319][ T5685] loop0: detected capacity change from 0 to 1024 [ 70.657041][ T5685] syz.0.175: attempt to access beyond end of device [ 70.657041][ T5685] loop0: rw=0, sector=201326592, nr_sectors = 2 limit=1024 [ 70.744129][ T5685] Buffer I/O error on dev loop0, logical block 100663296, async page read [ 70.763808][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 70.763942][ T5685] hfsplus: unable to mark blocks free: error -5 [ 70.776609][ T8] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 70.792762][ T8] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 70.806740][ T5685] hfsplus: can't free extent [ 70.837683][ T8] usb 2-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice=f4.95 [ 70.847099][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.863888][ T8] usb 2-1: Product: syz [ 70.876141][ T8] usb 2-1: Manufacturer: syz [ 70.885586][ T8] usb 2-1: SerialNumber: syz [ 70.904852][ T8] usb 2-1: config 0 descriptor?? [ 70.910518][ T5672] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 70.919039][ T5672] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 71.104407][ T25] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 71.205838][ T5672] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 71.231110][ T5672] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 71.302053][ T25] usb 3-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice=e9.34 [ 71.311422][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 71.327955][ T25] usb 3-1: Product: syz [ 71.354046][ T25] usb 3-1: Manufacturer: syz [ 71.358678][ T25] usb 3-1: SerialNumber: syz [ 71.374727][ T25] usb 3-1: config 0 descriptor?? [ 71.464860][ T8] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 71.494310][ T8] asix 2-1:0.0: probe with driver asix failed with error -71 [ 71.529546][ T8] usb 2-1: USB disconnect, device number 3 [ 71.604832][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.611390][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.655183][ T941] usb 3-1: USB disconnect, device number 2 [ 71.761651][ T5698] loop4: detected capacity change from 0 to 32768 [ 71.819516][ T5698] ERROR: (device loop4): diAllocBit: iag inconsistent [ 71.819516][ T5698] [ 71.868672][ T5698] ERROR: (device loop4): remounting filesystem as read-only [ 71.899856][ T5698] ialloc: diAlloc returned -5! [ 72.175709][ T5731] loop1: detected capacity change from 0 to 256 [ 72.238257][ T5731] FAT-fs (loop1): Directory bread(block 64) failed [ 72.262345][ T5731] FAT-fs (loop1): Directory bread(block 65) failed [ 72.279823][ T5731] FAT-fs (loop1): Directory bread(block 66) failed [ 72.295110][ T5731] FAT-fs (loop1): Directory bread(block 67) failed [ 72.314230][ T5731] FAT-fs (loop1): Directory bread(block 68) failed [ 72.340279][ T5731] FAT-fs (loop1): Directory bread(block 69) failed [ 72.375757][ T5731] FAT-fs (loop1): Directory bread(block 70) failed [ 72.390843][ T5731] FAT-fs (loop1): Directory bread(block 71) failed [ 72.408357][ T5731] FAT-fs (loop1): Directory bread(block 72) failed [ 72.423872][ T5731] FAT-fs (loop1): Directory bread(block 73) failed [ 73.025419][ T25] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 73.253905][ T25] usb 1-1: Using ep0 maxpacket: 8 [ 73.267232][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 73.289417][ T25] usb 1-1: New USB device found, idVendor=05ac, idProduct=9219, bcdDevice=61.da [ 73.303891][ T25] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 73.322128][ T25] usb 1-1: Manufacturer: syz [ 73.334938][ T5762] loop2: detected capacity change from 0 to 32768 [ 73.361687][ T25] usb 1-1: config 0 descriptor?? [ 73.396846][ T25] appledisplay 1-1:0.0: Could not find int-in endpoint [ 73.413496][ T25] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 73.483969][ T5762] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.210 (5762) [ 73.505323][ T5772] netlink: 4 bytes leftover after parsing attributes in process `syz.4.213'. [ 73.643617][ T25] usb 1-1: USB disconnect, device number 2 [ 73.723465][ T5783] tmpfs: Bad value for 'mpol' [ 73.832686][ T5789] netlink: 16 bytes leftover after parsing attributes in process `syz.1.223'. [ 73.885584][ T5734] loop3: detected capacity change from 0 to 40427 [ 73.910129][ T5762] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 73.943882][ T5762] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 73.959948][ T5762] BTRFS info (device loop2): using free-space-tree [ 73.964751][ T5734] F2FS-fs (loop3): Corrupted extension count (64 + 1 > 64) [ 74.009660][ T5734] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 74.036230][ T5796] xt_hashlimit: Unknown mode mask 2000, kernel too old? [ 74.119362][ T5734] F2FS-fs (loop3): Found nat_bits in checkpoint [ 74.251936][ T5734] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 74.296193][ T5734] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 74.459255][ T5224] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 74.651360][ T5837] netlink: 'syz.1.239': attribute type 64 has an invalid length. [ 74.684094][ T5835] (unnamed net_device) (uninitialized): option downdelay: invalid value (18446744073709551615) [ 74.709211][ T5835] (unnamed net_device) (uninitialized): option downdelay: allowed values 0 - 2147483647 [ 74.897200][ T941] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 75.144539][ T5857] loop1: detected capacity change from 0 to 764 [ 75.171145][ T941] usb 5-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 75.181259][ T941] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.189824][ T941] usb 5-1: Product: syz [ 75.194395][ T941] usb 5-1: Manufacturer: syz [ 75.199030][ T941] usb 5-1: SerialNumber: syz [ 75.355664][ T5866] loop1: detected capacity change from 0 to 512 [ 75.488670][ T941] RobotFuzz Open Source InterFace, OSIF 5-1:25.0: version d4.15 found at bus 005 address 002 [ 75.634367][ T5866] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.252: bad orphan inode 768 [ 75.652942][ T5866] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.691936][ T941] usb 5-1: USB disconnect, device number 2 [ 75.717171][ T5866] ext4 filesystem being mounted at /89/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 75.821190][ T5866] Quota error (device loop1): find_block_dqentry: Quota for id 0 referenced but not present [ 75.862103][ T5866] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 75.878156][ T5886] netlink: 4 bytes leftover after parsing attributes in process `syz.3.258'. [ 75.884427][ T5866] EXT4-fs error (device loop1): ext4_acquire_dquot:6855: comm syz.1.252: Failed to acquire dquot type 0 [ 76.001686][ T5225] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.029137][ T5892] netlink: 24 bytes leftover after parsing attributes in process `syz.3.261'. [ 76.066761][ T5892] netlink: 24 bytes leftover after parsing attributes in process `syz.3.261'. [ 76.092495][ T5892] netlink: 292 bytes leftover after parsing attributes in process `syz.3.261'. [ 76.358791][ T5914] netlink: 24 bytes leftover after parsing attributes in process `syz.0.272'. [ 76.415252][ T5918] xt_policy: output policy not valid in PREROUTING and INPUT [ 76.521208][ T5922] cgroup: subsys name conflicts with all [ 76.533806][ T5907] syz.1.271: attempt to access beyond end of device [ 76.533806][ T5907] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 76.739734][ T1175] cfg80211: failed to load regulatory.db [ 76.772041][ T5937] netlink: 8 bytes leftover after parsing attributes in process `syz.4.283'. [ 77.165355][ T5961] netlink: 32 bytes leftover after parsing attributes in process `syz.4.293'. [ 77.277111][ T5961] netlink: 32 bytes leftover after parsing attributes in process `syz.4.293'. [ 77.454529][ T8] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 77.619921][ T5986] No such timeout policy "syz0" [ 77.705117][ T8] usb 2-1: config 0 has an invalid interface number: 199 but max is 0 [ 77.714036][ T8] usb 2-1: config 0 has no interface number 0 [ 77.720334][ T8] usb 2-1: New USB device found, idVendor=0506, idProduct=00df, bcdDevice=9e.c3 [ 77.784908][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.821923][ T8] usb 2-1: config 0 descriptor?? [ 77.839612][ T8] gspca_main: spca501-2.14.0 probing 0506:00df [ 78.081606][ T6005] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: invalid value (0) [ 78.101228][ T6005] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: allowed values 1 - 65535 [ 78.200890][ T5996] loop3: detected capacity change from 0 to 40427 [ 78.232471][ T5996] F2FS-fs (loop3): Invalid log sectors per block(3) log sectorsize(10) [ 78.240960][ T5996] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 78.245143][ T8] gspca_spca501: reg write: error -71 [ 78.262200][ T8] spca501 2-1:0.199: Reg write failed for 0x00,0x02,0x01 [ 78.272446][ T5996] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045589454292453) [ 78.279933][ T8] spca501 2-1:0.199: probe with driver spca501 failed with error -22 [ 78.342784][ T8] usb 2-1: USB disconnect, device number 4 [ 78.389916][ T5996] F2FS-fs (loop3): Try to recover 1th superblock, ret: -30 [ 78.397568][ T5996] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 78.730308][ T6021] netlink: 'syz.3.317': attribute type 10 has an invalid length. [ 78.739570][ T6021] __nla_validate_parse: 1 callbacks suppressed [ 78.739586][ T6021] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.317'. [ 78.821345][ T6025] netlink: 72 bytes leftover after parsing attributes in process `syz.4.323'. [ 78.832205][ T6026] delete_channel: no stack [ 78.862027][ T6025] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check. [ 79.123386][ T6041] netlink: 80 bytes leftover after parsing attributes in process `syz.1.330'. [ 79.143846][ T6041] netlink: 36 bytes leftover after parsing attributes in process `syz.1.330'. [ 79.577568][ T6029] loop3: detected capacity change from 0 to 32768 [ 79.594443][ T6029] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.324 (6029) [ 79.676322][ T6029] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 79.686700][ T6029] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 79.695602][ T6029] BTRFS info (device loop3): using free-space-tree [ 80.068123][ T6035] loop0: detected capacity change from 0 to 32768 [ 80.116495][ T6035] BTRFS: device /dev/loop0 (7:0) using temp-fsid cc77730e-9609-4837-b1ac-cd510ee43c92 [ 80.169195][ T6035] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.326 (6035) [ 80.238238][ T6035] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 80.255595][ T6029] BTRFS info (device loop3): balance: start -f -slimit=8388608 [ 80.285974][ T6029] BTRFS info (device loop3): balance: ended with status: 0 [ 80.290175][ T6035] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 80.343890][ T6035] BTRFS info (device loop0): using free-space-tree [ 80.429528][ T6038] loop4: detected capacity change from 0 to 32768 [ 80.528872][ T6061] loop1: detected capacity change from 0 to 32768 [ 80.539653][ T6061] BTRFS: device /dev/loop1 (7:1) using temp-fsid 9b9914ea-2ee2-45f0-96c3-9d718b9508a4 [ 80.555981][ T6061] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.337 (6061) [ 80.589900][ T5235] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 80.634506][ T6038] BTRFS: device /dev/loop4 (7:4) using temp-fsid 5445e4c8-1134-4c8b-bb31-32a4d967d149 [ 80.639869][ T6061] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 80.647626][ T6038] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.328 (6038) [ 80.665840][ T6061] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 80.681710][ T6061] BTRFS info (device loop1): using free-space-tree [ 80.710027][ T6038] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 80.726332][ T6038] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 80.787873][ T6038] BTRFS info (device loop4): using free-space-tree [ 81.075034][ T5225] BTRFS info (device loop1): last unmount of filesystem 9b9914ea-2ee2-45f0-96c3-9d718b9508a4 [ 81.129439][ T6124] /dev/sg0: Can't lookup blockdev [ 81.187977][ T5227] BTRFS info (device loop0): last unmount of filesystem cc77730e-9609-4837-b1ac-cd510ee43c92 [ 81.188048][ T5228] BTRFS info (device loop4): last unmount of filesystem 5445e4c8-1134-4c8b-bb31-32a4d967d149 [ 81.431315][ T6131] tmpfs: Bad value for 'mpol' [ 81.688815][ T6133] loop3: detected capacity change from 0 to 1024 [ 81.888800][ T6151] sctp: [Deprecated]: syz.1.353 (pid 6151) Use of struct sctp_assoc_value in delayed_ack socket option. [ 81.888800][ T6151] Use struct sctp_sack_info instead [ 81.955658][ T6153] tmpfs: Bad value for 'mpol' [ 82.056778][ T6155] loop0: detected capacity change from 0 to 4096 [ 82.084435][ T6155] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 82.173431][ T6155] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 82.221256][ T6155] ntfs3: loop0: Failed to initialize $Extend/$ObjId. [ 82.488442][ T6169] loop4: detected capacity change from 0 to 1024 [ 82.520008][ T6169] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only. [ 82.618771][ T6169] hfsplus: xattr searching failed [ 82.701848][ T6157] loop1: detected capacity change from 0 to 32768 [ 82.747522][ T6157] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.356 (6157) [ 82.769250][ T6157] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 82.779913][ T6157] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 82.789327][ T6157] BTRFS info (device loop1): using free-space-tree [ 83.161086][ T6211] loop0: detected capacity change from 0 to 64 [ 83.286936][ T6217] netlink: 8 bytes leftover after parsing attributes in process `syz.3.375'. [ 83.422512][ T5225] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 83.505987][ T6228] netlink: 'syz.2.380': attribute type 13 has an invalid length. [ 83.626981][ T6232] loop0: detected capacity change from 0 to 8 [ 83.701524][ T6236] loop3: detected capacity change from 0 to 64 [ 84.113944][ T6249] IPv6: NLM_F_REPLACE set, but no existing node found! [ 84.393571][ T6267] netlink: 'syz.0.399': attribute type 1 has an invalid length. [ 84.423939][ T6267] netlink: 112860 bytes leftover after parsing attributes in process `syz.0.399'. [ 84.446759][ T6267] netlink: 5 bytes leftover after parsing attributes in process `syz.0.399'. [ 84.938918][ T6294] x_tables: duplicate entry at hook 3 [ 85.073356][ T6306] openvswitch: netlink: IP tunnel attribute has 2 unknown bytes. [ 85.121894][ T6310] xt_TPROXY: Can be used only with -p tcp or -p udp [ 85.144204][ T6308] ieee802154 phy0 wpan0: encryption failed: -22 [ 85.206417][ T6314] netlink: 28 bytes leftover after parsing attributes in process `syz.3.422'. [ 85.370529][ T6325] loop1: detected capacity change from 0 to 1024 [ 85.453263][ T6325] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.600414][ T6335] loop0: detected capacity change from 0 to 4096 [ 85.608251][ T5225] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.624460][ T6335] ntfs3: Bad value for 'gid' [ 85.629098][ T6335] ntfs3: Bad value for 'gid' [ 85.797390][ T6345] team0: Port device team_slave_0 removed [ 85.803582][ T6345] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 85.813665][ T6347] netlink: 'syz.3.438': attribute type 1 has an invalid length. [ 85.898548][ T6347] netlink: 8 bytes leftover after parsing attributes in process `syz.3.438'. [ 85.950355][ T6351] netlink: 'syz.2.440': attribute type 7 has an invalid length. [ 85.992492][ T6351] netlink: 140 bytes leftover after parsing attributes in process `syz.2.440'. [ 86.743581][ T6384] netlink: 'syz.2.456': attribute type 4 has an invalid length. [ 87.013141][ T6403] xt_l2tp: missing protocol rule (udp|l2tpip) [ 87.067858][ T6335] loop0: detected capacity change from 0 to 32768 [ 87.147223][ T6410] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.471'. [ 87.294137][ T5278] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 87.520414][ T5278] usb 3-1: Using ep0 maxpacket: 32 [ 87.534883][ T6424] loop1: detected capacity change from 0 to 1024 [ 87.540573][ T5278] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 219 [ 87.563015][ T6424] EXT4-fs: Ignoring removed nobh option [ 87.571050][ T5278] usb 3-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 87.586529][ T6424] EXT4-fs: Ignoring removed orlov option [ 87.607891][ T5278] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.629916][ T6424] EXT4-fs: Ignoring removed nomblk_io_submit option [ 87.633727][ T5278] usb 3-1: Product: syz [ 87.656125][ T5278] usb 3-1: Manufacturer: syz [ 87.671172][ T5278] usb 3-1: SerialNumber: syz [ 87.688810][ T6431] loop0: detected capacity change from 0 to 512 [ 87.699700][ T5278] usb 3-1: config 0 descriptor?? [ 87.705833][ T6424] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.723065][ T6401] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 87.738326][ T6431] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 87.767613][ T5278] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 87.769598][ T6424] EXT4-fs error (device loop1): __ext4_remount:6498: comm syz.1.477: Abort forced by user [ 87.798785][ T6424] EXT4-fs (loop1): Remounting filesystem read-only [ 87.808756][ T6431] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.479: corrupted xattr block 33: overlapping e_value [ 87.900189][ T6441] syz.4.481: attempt to access beyond end of device [ 87.900189][ T6441] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0 [ 87.921417][ T6441] hpfs: hpfs_map_sector(): read error [ 87.971464][ T5278] usb 3-1: USB disconnect, device number 3 [ 87.992756][ T5227] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.046639][ T5225] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.132431][ T6445] loop0: detected capacity change from 0 to 512 [ 88.174446][ T6445] EXT4-fs: Ignoring removed nomblk_io_submit option [ 88.222866][ T6445] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 88.283884][ T6445] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=1842c01c, mo2=0002] [ 88.292113][ T6445] EXT4-fs (loop0): couldn't mount RDWR because of unsupported optional features (80) [ 88.302302][ T6445] EXT4-fs (loop0): Skipping orphan cleanup due to unknown ROCOMPAT features [ 88.438467][ T6445] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 88.468379][ T6464] loop1: detected capacity change from 0 to 256 [ 88.502790][ T6445] EXT4-fs warning (device loop0): dx_probe:893: inode #2: comm syz.0.483: dx entry: limit 65535 != root limit 120 [ 88.573446][ T6445] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.483: Corrupt directory, running e2fsck is recommended [ 88.581199][ T6464] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d) [ 88.624660][ T6470] netlink: 'syz.3.496': attribute type 12 has an invalid length. [ 88.629592][ T6464] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 88.653995][ T6470] netlink: 132 bytes leftover after parsing attributes in process `syz.3.496'. [ 88.682035][ T5227] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.712751][ T6464] syz.1.493 (6464) used greatest stack depth: 18864 bytes left [ 89.392053][ T6505] loop0: detected capacity change from 0 to 256 [ 89.529801][ T6505] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d) [ 89.572696][ T6505] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 89.687745][ T6520] loop4: detected capacity change from 0 to 8 [ 89.803427][ T6527] netlink: 68 bytes leftover after parsing attributes in process `syz.1.521'. [ 89.832605][ T6520] ================================================================== [ 89.840709][ T6520] BUG: KASAN: slab-use-after-free in squashfs_readahead+0x210c/0x2680 [ 89.848886][ T6520] Read of size 4 at addr ffff88801c7f1fc0 by task syz.4.517/6520 [ 89.856611][ T6520] [ 89.858954][ T6520] CPU: 0 UID: 0 PID: 6520 Comm: syz.4.517 Not tainted 6.11.0-rc4-next-20240822-syzkaller #0 [ 89.869037][ T6520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 89.879107][ T6520] Call Trace: [ 89.882398][ T6520] [ 89.885340][ T6520] dump_stack_lvl+0x241/0x360 [ 89.890041][ T6520] ? __pfx_dump_stack_lvl+0x10/0x10 [ 89.895258][ T6520] ? __pfx__printk+0x10/0x10 [ 89.899866][ T6520] ? _printk+0xd5/0x120 [ 89.904037][ T6520] ? __virt_addr_valid+0x183/0x530 [ 89.909159][ T6520] ? __virt_addr_valid+0x183/0x530 [ 89.914288][ T6520] print_report+0x169/0x550 [ 89.918811][ T6520] ? __virt_addr_valid+0x183/0x530 [ 89.923933][ T6520] ? __virt_addr_valid+0x183/0x530 [ 89.929055][ T6520] ? __virt_addr_valid+0x45f/0x530 [ 89.934179][ T6520] ? __phys_addr+0xba/0x170 [ 89.938695][ T6520] ? squashfs_readahead+0x210c/0x2680 [ 89.944088][ T6520] kasan_report+0x143/0x180 [ 89.947025][ T6534] loop0: detected capacity change from 0 to 256 [ 89.948593][ T6520] ? squashfs_readahead+0x210c/0x2680 [ 89.948625][ T6520] squashfs_readahead+0x210c/0x2680 [ 89.948657][ T6520] ? squashfs_readahead+0x6f0/0x2680 [ 89.970720][ T6520] ? __pfx_squashfs_readahead+0x10/0x10 [ 89.976298][ T6520] ? blk_start_plug+0x70/0x1b0 [ 89.981081][ T6520] read_pages+0x17e/0x840 [ 89.985425][ T6520] ? percpu_ref_put+0x19/0x180 [ 89.990215][ T6520] ? __pfx_read_pages+0x10/0x10 [ 89.995074][ T6520] ? filemap_add_folio+0x26d/0x650 [ 90.000182][ T6520] ? __pfx_filemap_add_folio+0x10/0x10 [ 90.005646][ T6520] page_cache_ra_unbounded+0x6ce/0x7f0 [ 90.011106][ T6520] filemap_get_pages+0x543/0x2330 [ 90.016136][ T6520] ? __pfx_filemap_get_pages+0x10/0x10 [ 90.021583][ T6520] ? __pfx___might_resched+0x10/0x10 [ 90.026860][ T6520] ? unwind_next_frame+0x18e6/0x22d0 [ 90.032141][ T6520] filemap_read+0x457/0xfa0 [ 90.036642][ T6520] ? __pfx_filemap_read+0x10/0x10 [ 90.041664][ T6520] ? iov_iter_kvec+0x4e/0x180 [ 90.046331][ T6520] __kernel_read+0x532/0x9f0 [ 90.050906][ T6520] ? do_sys_openat2+0x13e/0x1d0 [ 90.055760][ T6520] ? __x64_sys_openat+0x247/0x2a0 [ 90.060787][ T6520] ? __pfx___kernel_read+0x10/0x10 [ 90.065889][ T6520] integrity_kernel_read+0xb0/0x100 [ 90.071082][ T6520] ? __pfx_integrity_kernel_read+0x10/0x10 [ 90.076882][ T6520] ? ima_calc_file_hash+0xab7/0x1b30 [ 90.082167][ T6520] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 90.087706][ T6520] ima_calc_file_hash+0xaef/0x1b30 [ 90.092816][ T6520] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 90.099137][ T6520] ? lockdep_hardirqs_on+0x99/0x150 [ 90.104325][ T6520] ? __pfx_ima_calc_file_hash+0x10/0x10 [ 90.109859][ T6520] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 90.115748][ T6520] ? __x64_sys_openat+0x247/0x2a0 [ 90.120771][ T6520] ? do_syscall_64+0xf3/0x230 [ 90.125439][ T6520] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.131494][ T6520] ? mark_lock+0x9a/0x360 [ 90.135814][ T6520] ? make_vfsgid+0x46/0x90 [ 90.140217][ T6520] ? generic_fillattr+0x59c/0x840 [ 90.145254][ T6520] ima_collect_measurement+0x526/0xb20 [ 90.150723][ T6520] ? __pfx_ima_collect_measurement+0x10/0x10 [ 90.156710][ T6520] ? squashfs_xattr_handler_get+0x585/0x900 [ 90.162624][ T6520] ? trace_contention_end+0x3c/0x120 [ 90.167918][ T6520] ? __mutex_lock+0x2ef/0xd70 [ 90.172626][ T6520] ? ima_get_hash_algo+0x156/0x4d0 [ 90.177776][ T6520] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 90.183241][ T6520] process_measurement+0x1357/0x1fb0 [ 90.188592][ T6520] ? __pfx_process_measurement+0x10/0x10 [ 90.194246][ T6520] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 90.200769][ T6520] ? __pfx_apparmor_file_open+0x10/0x10 [ 90.206309][ T6520] ? tomoyo_file_open+0x168/0x220 [ 90.211330][ T6520] ? inode_to_bdi+0x69/0xf0 [ 90.215868][ T6520] ? apparmor_current_getsecid_subj+0xde/0x1b0 [ 90.222040][ T6520] ima_file_check+0xf2/0x170 [ 90.226637][ T6520] ? __pfx_ima_file_check+0x10/0x10 [ 90.231841][ T6520] security_file_post_open+0xb9/0x280 [ 90.237213][ T6520] path_openat+0x2cd0/0x3590 [ 90.241805][ T6520] ? __pfx_path_openat+0x10/0x10 [ 90.246737][ T6520] do_filp_open+0x235/0x490 [ 90.251233][ T6520] ? __pfx_do_filp_open+0x10/0x10 [ 90.256254][ T6520] ? _raw_spin_unlock+0x28/0x50 [ 90.261091][ T6520] ? alloc_fd+0x5a1/0x640 [ 90.265416][ T6520] do_sys_openat2+0x13e/0x1d0 [ 90.270092][ T6520] ? __pfx_do_sys_openat2+0x10/0x10 [ 90.275303][ T6520] __x64_sys_openat+0x247/0x2a0 [ 90.280164][ T6520] ? __pfx___x64_sys_openat+0x10/0x10 [ 90.285587][ T6520] ? do_syscall_64+0x100/0x230 [ 90.290361][ T6520] ? do_syscall_64+0xb6/0x230 [ 90.295029][ T6520] do_syscall_64+0xf3/0x230 [ 90.299541][ T6520] ? clear_bhb_loop+0x35/0x90 [ 90.304229][ T6520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.310132][ T6520] RIP: 0033:0x7fec3f379e79 [ 90.314555][ T6520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.334170][ T6520] RSP: 002b:00007fec40214038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 90.342586][ T6520] RAX: ffffffffffffffda RBX: 00007fec3f515f80 RCX: 00007fec3f379e79 [ 90.350554][ T6520] RDX: 0000000000000000 RSI: 0000000020000100 RDI: ffffffffffffff9c [ 90.358517][ T6520] RBP: 00007fec3f3e7916 R08: 0000000000000000 R09: 0000000000000000 [ 90.366474][ T6520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 90.374433][ T6520] R13: 0000000000000000 R14: 00007fec3f515f80 R15: 00007ffd7015cbb8 [ 90.382399][ T6520] [ 90.385407][ T6520] [ 90.387716][ T6520] Allocated by task 6520: [ 90.392033][ T6520] kasan_save_track+0x3f/0x80 [ 90.396704][ T6520] __kasan_kmalloc+0x98/0xb0 [ 90.401284][ T6520] __kmalloc_cache_noprof+0x19c/0x2c0 [ 90.406652][ T6520] squashfs_page_actor_init_special+0x64/0x440 [ 90.412797][ T6520] squashfs_readahead+0x188f/0x2680 [ 90.417984][ T6520] read_pages+0x17e/0x840 [ 90.422298][ T6520] page_cache_ra_unbounded+0x6ce/0x7f0 [ 90.427832][ T6520] filemap_get_pages+0x543/0x2330 [ 90.432844][ T6520] filemap_read+0x457/0xfa0 [ 90.437337][ T6520] __kernel_read+0x532/0x9f0 [ 90.441911][ T6520] integrity_kernel_read+0xb0/0x100 [ 90.447357][ T6520] ima_calc_file_hash+0xaef/0x1b30 [ 90.452461][ T6520] ima_collect_measurement+0x526/0xb20 [ 90.457910][ T6520] process_measurement+0x1357/0x1fb0 [ 90.463184][ T6520] ima_file_check+0xf2/0x170 [ 90.467764][ T6520] security_file_post_open+0xb9/0x280 [ 90.473128][ T6520] path_openat+0x2cd0/0x3590 [ 90.477706][ T6520] do_filp_open+0x235/0x490 [ 90.482203][ T6520] do_sys_openat2+0x13e/0x1d0 [ 90.486881][ T6520] __x64_sys_openat+0x247/0x2a0 [ 90.491739][ T6520] do_syscall_64+0xf3/0x230 [ 90.496231][ T6520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.502113][ T6520] [ 90.504421][ T6520] Freed by task 6520: [ 90.508384][ T6520] kasan_save_track+0x3f/0x80 [ 90.513047][ T6520] kasan_save_free_info+0x40/0x50 [ 90.518064][ T6520] __kasan_slab_free+0x59/0x70 [ 90.522814][ T6520] kfree+0x196/0x3e0 [ 90.526703][ T6520] squashfs_readahead+0x195b/0x2680 [ 90.531895][ T6520] read_pages+0x17e/0x840 [ 90.536214][ T6520] page_cache_ra_unbounded+0x6ce/0x7f0 [ 90.541659][ T6520] filemap_get_pages+0x543/0x2330 [ 90.546672][ T6520] filemap_read+0x457/0xfa0 [ 90.551165][ T6520] __kernel_read+0x532/0x9f0 [ 90.555746][ T6520] integrity_kernel_read+0xb0/0x100 [ 90.560931][ T6520] ima_calc_file_hash+0xaef/0x1b30 [ 90.566040][ T6520] ima_collect_measurement+0x526/0xb20 [ 90.571490][ T6520] process_measurement+0x1357/0x1fb0 [ 90.576764][ T6520] ima_file_check+0xf2/0x170 [ 90.581345][ T6520] security_file_post_open+0xb9/0x280 [ 90.586745][ T6520] path_openat+0x2cd0/0x3590 [ 90.591326][ T6520] do_filp_open+0x235/0x490 [ 90.595816][ T6520] do_sys_openat2+0x13e/0x1d0 [ 90.600485][ T6520] __x64_sys_openat+0x247/0x2a0 [ 90.605329][ T6520] do_syscall_64+0xf3/0x230 [ 90.609825][ T6520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.615707][ T6520] [ 90.618017][ T6520] The buggy address belongs to the object at ffff88801c7f1f80 [ 90.618017][ T6520] which belongs to the cache kmalloc-96 of size 96 [ 90.631979][ T6520] The buggy address is located 64 bytes inside of [ 90.631979][ T6520] freed 96-byte region [ffff88801c7f1f80, ffff88801c7f1fe0) [ 90.645586][ T6520] [ 90.647895][ T6520] The buggy address belongs to the physical page: [ 90.654296][ T6520] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c7f1 [ 90.663045][ T6520] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 90.670608][ T6520] page_type: 0xfdffffff(slab) [ 90.675277][ T6520] raw: 00fff00000000000 ffff888015841280 ffffea000072a980 dead000000000005 [ 90.683848][ T6520] raw: 0000000000000000 0000000080200020 00000001fdffffff 0000000000000000 [ 90.692416][ T6520] page dumped because: kasan: bad access detected [ 90.698824][ T6520] page_owner tracks the page as allocated [ 90.704525][ T6520] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 3027, tgid 3027 (kworker/u8:7), ts 63651454030, free_ts 63646720536 [ 90.725174][ T6520] post_alloc_hook+0x1f3/0x230 [ 90.729928][ T6520] get_page_from_freelist+0x3131/0x3280 [ 90.735463][ T6520] __alloc_pages_noprof+0x29e/0x780 [ 90.740652][ T6520] alloc_slab_page+0x5f/0x120 [ 90.745338][ T6520] allocate_slab+0x5a/0x2f0 [ 90.749847][ T6520] ___slab_alloc+0xcd1/0x14b0 [ 90.754523][ T6520] __slab_alloc+0x58/0xa0 [ 90.758844][ T6520] __kmalloc_noprof+0x25a/0x400 [ 90.763695][ T6520] cfg80211_inform_single_bss_data+0xaff/0x2030 [ 90.769931][ T6520] cfg80211_inform_bss_data+0x3dd/0x5a70 [ 90.775555][ T6520] cfg80211_inform_bss_frame_data+0x3b8/0x720 [ 90.781609][ T6520] ieee80211_bss_info_update+0x8a7/0xbc0 [ 90.787423][ T6520] ieee80211_ibss_rx_queued_mgmt+0x1962/0x2d70 [ 90.793595][ T6520] ieee80211_iface_work+0x8a5/0xf20 [ 90.798794][ T6520] cfg80211_wiphy_work+0x2db/0x490 [ 90.803920][ T6520] process_scheduled_works+0xa63/0x1850 [ 90.809464][ T6520] page last free pid 5224 tgid 5224 stack trace: [ 90.815773][ T6520] free_unref_page+0xc07/0xd90 [ 90.820523][ T6520] vfree+0x186/0x2e0 [ 90.824403][ T6520] zlib_free+0x44/0x60 [ 90.828459][ T6520] squashfs_decompressor_destroy+0x9c/0xc0 [ 90.834267][ T6520] squashfs_put_super+0x14b/0x250 [ 90.839282][ T6520] generic_shutdown_super+0x139/0x2d0 [ 90.844642][ T6520] kill_block_super+0x44/0x90 [ 90.849306][ T6520] deactivate_locked_super+0xc4/0x130 [ 90.854665][ T6520] cleanup_mnt+0x41f/0x4b0 [ 90.859261][ T6520] task_work_run+0x24f/0x310 [ 90.863838][ T6520] syscall_exit_to_user_mode+0x168/0x370 [ 90.869468][ T6520] do_syscall_64+0x100/0x230 [ 90.874070][ T6520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.879963][ T6520] [ 90.882274][ T6520] Memory state around the buggy address: [ 90.887885][ T6520] ffff88801c7f1e80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 90.895937][ T6520] ffff88801c7f1f00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 90.903983][ T6520] >ffff88801c7f1f80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 90.912023][ T6520] ^ [ 90.918173][ T6520] ffff88801c7f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 90.926226][ T6520] ffff88801c7f2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 90.934275][ T6520] ================================================================== [ 90.963824][ T6527] netlink: 68 bytes leftover after parsing attributes in process `syz.1.521'. [ 91.083809][ T6520] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 91.091043][ T6520] CPU: 1 UID: 0 PID: 6520 Comm: syz.4.517 Not tainted 6.11.0-rc4-next-20240822-syzkaller #0 [ 91.101117][ T6520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 91.111183][ T6520] Call Trace: [ 91.114457][ T6520] [ 91.117385][ T6520] dump_stack_lvl+0x241/0x360 [ 91.122051][ T6520] ? __pfx_dump_stack_lvl+0x10/0x10 [ 91.127239][ T6520] ? __pfx__printk+0x10/0x10 [ 91.131816][ T6520] ? preempt_schedule+0xe1/0xf0 [ 91.136665][ T6520] ? vscnprintf+0x5d/0x90 [ 91.140997][ T6520] panic+0x349/0x880 [ 91.144893][ T6520] ? check_panic_on_warn+0x21/0xb0 [ 91.150004][ T6520] ? __pfx_panic+0x10/0x10 [ 91.154417][ T6520] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 91.160416][ T6520] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 91.166836][ T6520] ? print_report+0x502/0x550 [ 91.171505][ T6520] check_panic_on_warn+0x86/0xb0 [ 91.176447][ T6520] ? squashfs_readahead+0x210c/0x2680 [ 91.181862][ T6520] end_report+0x77/0x160 [ 91.186105][ T6520] kasan_report+0x154/0x180 [ 91.190602][ T6520] ? squashfs_readahead+0x210c/0x2680 [ 91.195993][ T6520] squashfs_readahead+0x210c/0x2680 [ 91.201222][ T6520] ? squashfs_readahead+0x6f0/0x2680 [ 91.206517][ T6520] ? __pfx_squashfs_readahead+0x10/0x10 [ 91.212073][ T6520] ? blk_start_plug+0x70/0x1b0 [ 91.216832][ T6520] read_pages+0x17e/0x840 [ 91.221155][ T6520] ? percpu_ref_put+0x19/0x180 [ 91.225915][ T6520] ? __pfx_read_pages+0x10/0x10 [ 91.230755][ T6520] ? filemap_add_folio+0x26d/0x650 [ 91.235854][ T6520] ? __pfx_filemap_add_folio+0x10/0x10 [ 91.241305][ T6520] page_cache_ra_unbounded+0x6ce/0x7f0 [ 91.246776][ T6520] filemap_get_pages+0x543/0x2330 [ 91.251807][ T6520] ? __pfx_filemap_get_pages+0x10/0x10 [ 91.257260][ T6520] ? __pfx___might_resched+0x10/0x10 [ 91.262545][ T6520] ? unwind_next_frame+0x18e6/0x22d0 [ 91.267825][ T6520] filemap_read+0x457/0xfa0 [ 91.272329][ T6520] ? __pfx_filemap_read+0x10/0x10 [ 91.277358][ T6520] ? iov_iter_kvec+0x4e/0x180 [ 91.282028][ T6520] __kernel_read+0x532/0x9f0 [ 91.286612][ T6520] ? do_sys_openat2+0x13e/0x1d0 [ 91.291460][ T6520] ? __x64_sys_openat+0x247/0x2a0 [ 91.296484][ T6520] ? __pfx___kernel_read+0x10/0x10 [ 91.301595][ T6520] integrity_kernel_read+0xb0/0x100 [ 91.306791][ T6520] ? __pfx_integrity_kernel_read+0x10/0x10 [ 91.312590][ T6520] ? ima_calc_file_hash+0xab7/0x1b30 [ 91.317872][ T6520] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 91.323414][ T6520] ima_calc_file_hash+0xaef/0x1b30 [ 91.328521][ T6520] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 91.334851][ T6520] ? lockdep_hardirqs_on+0x99/0x150 [ 91.340040][ T6520] ? __pfx_ima_calc_file_hash+0x10/0x10 [ 91.345584][ T6520] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 91.351475][ T6520] ? __x64_sys_openat+0x247/0x2a0 [ 91.356492][ T6520] ? do_syscall_64+0xf3/0x230 [ 91.361162][ T6520] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.367222][ T6520] ? mark_lock+0x9a/0x360 [ 91.371542][ T6520] ? make_vfsgid+0x46/0x90 [ 91.375949][ T6520] ? generic_fillattr+0x59c/0x840 [ 91.380971][ T6520] ima_collect_measurement+0x526/0xb20 [ 91.386430][ T6520] ? __pfx_ima_collect_measurement+0x10/0x10 [ 91.392405][ T6520] ? squashfs_xattr_handler_get+0x585/0x900 [ 91.398385][ T6520] ? trace_contention_end+0x3c/0x120 [ 91.403663][ T6520] ? __mutex_lock+0x2ef/0xd70 [ 91.408780][ T6520] ? ima_get_hash_algo+0x156/0x4d0 [ 91.413975][ T6520] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 91.419431][ T6520] process_measurement+0x1357/0x1fb0 [ 91.424814][ T6520] ? __pfx_process_measurement+0x10/0x10 [ 91.430536][ T6520] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 91.436956][ T6520] ? __pfx_apparmor_file_open+0x10/0x10 [ 91.442500][ T6520] ? tomoyo_file_open+0x168/0x220 [ 91.447521][ T6520] ? inode_to_bdi+0x69/0xf0 [ 91.452019][ T6520] ? apparmor_current_getsecid_subj+0xde/0x1b0 [ 91.458169][ T6520] ima_file_check+0xf2/0x170 [ 91.462756][ T6520] ? __pfx_ima_file_check+0x10/0x10 [ 91.467951][ T6520] security_file_post_open+0xb9/0x280 [ 91.473316][ T6520] path_openat+0x2cd0/0x3590 [ 91.477913][ T6520] ? __pfx_path_openat+0x10/0x10 [ 91.482845][ T6520] do_filp_open+0x235/0x490 [ 91.487345][ T6520] ? __pfx_do_filp_open+0x10/0x10 [ 91.492364][ T6520] ? _raw_spin_unlock+0x28/0x50 [ 91.497204][ T6520] ? alloc_fd+0x5a1/0x640 [ 91.501530][ T6520] do_sys_openat2+0x13e/0x1d0 [ 91.506206][ T6520] ? __pfx_do_sys_openat2+0x10/0x10 [ 91.511407][ T6520] __x64_sys_openat+0x247/0x2a0 [ 91.516258][ T6520] ? __pfx___x64_sys_openat+0x10/0x10 [ 91.522147][ T6520] ? do_syscall_64+0x100/0x230 [ 91.526903][ T6520] ? do_syscall_64+0xb6/0x230 [ 91.531571][ T6520] do_syscall_64+0xf3/0x230 [ 91.536068][ T6520] ? clear_bhb_loop+0x35/0x90 [ 91.540735][ T6520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.546621][ T6520] RIP: 0033:0x7fec3f379e79 [ 91.551032][ T6520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.570625][ T6520] RSP: 002b:00007fec40214038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 91.579030][ T6520] RAX: ffffffffffffffda RBX: 00007fec3f515f80 RCX: 00007fec3f379e79 [ 91.586994][ T6520] RDX: 0000000000000000 RSI: 0000000020000100 RDI: ffffffffffffff9c [ 91.594955][ T6520] RBP: 00007fec3f3e7916 R08: 0000000000000000 R09: 0000000000000000 [ 91.602916][ T6520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 91.610878][ T6520] R13: 0000000000000000 R14: 00007fec3f515f80 R15: 00007ffd7015cbb8 [ 91.618849][ T6520] [ 91.621968][ T6520] Kernel Offset: disabled [ 91.626275][ T6520] Rebooting in 86400 seconds..