last executing test programs: 11.514114951s ago: executing program 4: r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r0, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ftruncate(r1, 0x81fb) r2 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) preadv(r2, &(0x7f0000000880)=[{&(0x7f0000000140)=""/156, 0x9c}], 0x1, 0x0, 0x0) r4 = dup3(r2, r3, 0x0) preadv(r4, &(0x7f0000000280)=[{&(0x7f0000000100)=""/24, 0x30}, {0x0, 0x2}], 0x2, 0x0, 0x0) read$FUSE(r4, &(0x7f00000011c0)={0x2020}, 0x2020) 11.406403378s ago: executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x38, 0x3, 0x8, 0x101, 0x0, 0x0, {}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @sctp=[@CTA_TIMEOUT_SCTP_SHUTDOWN_RECD={0x8}, @CTA_TIMEOUT_SCTP_SHUTDOWN_ACK_SENT={0x8}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}, @CTA_TIMEOUT_L3PROTO={0x6}]}, 0x38}}, 0x0) 11.344319088s ago: executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)={[{@size={'size', 0x3d, [0x6b]}}]}) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000200)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2001008, 0x0) mount$bind(&(0x7f0000000600)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f00000023c0)={0x2020}, 0x2020) 11.284609047s ago: executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x450, 0x380, 0x168, 0x9, 0x0, 0xb, 0x380, 0x250, 0x250, 0x380, 0x250, 0x3, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00', [], [], 'veth0_to_bridge\x00', 'sit0\x00', {}, {}, 0x6c}, 0x6000000, 0x230, 0x270, 0x0, {0x0, 0x28e}, [@common=@inet=@hashlimit3={{0x158}, {'veth1_to_batadv\x00', {0x0, 0x7ff, 0x0, 0x0, 0x0, 0x78771d17, 0x1000}}}, @common=@inet=@ipcomp={{0x30}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "48c01c5140d722edd3fb24545886bbd1be494201b400"}}}, {{@uncond, 0x0, 0xe0, 0x110, 0x0, {}, [@common=@unspec=@devgroup={{0x38}, {0x4}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b0) 10.009671375s ago: executing program 4: syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000080)='./bus\x00', 0x3000002, &(0x7f0000000580)={[{@uid}, {@file_umask={'file_umask', 0x3d, 0x1}}, {@part={'part', 0x3d, 0xc3}}, {@part={'part', 0x3d, 0xa5ef}}, {@creator={'creator', 0x3d, "a0a54db3"}}, {@part={'part', 0x3d, 0xfff}}, {@gid}, {@iocharset={'iocharset', 0x3d, 'cp866'}}, {@codepage={'codepage', 0x3d, 'ascii'}}, {@dir_umask={'dir_umask', 0x3d, 0x2}}, {@codepage={'codepage', 0x3d, 'cp737'}}]}, 0x1, 0x2f2, &(0x7f00000006c0)="$eJzs3T9v004cx/HPOUmT9lf15/5BSCygQiVYKgoMiCUVysrOhIAmlSqiItoiAQsFMSIeAHufAkw8ARYQTwAmJh5AN6O7XP44sdM2JHED75fU6Hy+O39PtuP7WoIIwD/rduX7wfWf9s9IOeUk3ZICSSUpL+mMzpaebu9t7dVr1X4D5VwP+2fU6Gl62mxs15K62n6uhxfarbxmO+swGlEUrf/IOghkzt39CQKp6O9Dt7805rhGZV86n3UM49Z5gs2hDvVMcxmGAwA4BfzzP/CPiYKrMgoCacU/9nuf/0Fm4Q4gim0dZhbHSNyo91RFfTt0PP/d6i4y9vz+73a18z2Xwtn9QTNLPE4wha7tKTWuldgC0xyVVbpYgunNrbxWN16pGui1yl5HsyX3WY1fjEdEu5yQm/aRPlpBd2Yas3Erym7NkDa36rWiLSTEv3iyI/4589l8NfdMqPeqttZ/+cjY0+TOVNh1poKCjf9q+oj/uV62lXzaXy6X498N8+4g5/wRvJ5ZRrFrtpSckah5Rc23XxrstyJoxPkxvdeC4q8VGrNbS5+d67WY1CtsbaX0Wor1yvkrYXXjcb3vq5TRMu/MXbOsX/qgSsf6P7Dxreg4d6Zt41r6K6Mxn6nklnnXMuzJHNu3y4VWBF5xsInhJN7qoW5qbvf5i0e5er22YwsPEgpPZneMrym8kRLbDFAoDmkcW9B+uyayXkbRcbtHwwujqO6aK0MauVGw3x+tGnv7JDW2d1mrJkgf8JN6d80NLdRhFEoJEZ6WQuWL1L3roKdmAgr2iZuyK+svKIzDrmmedF8xnXFAGDe77jKRKTVX8n5V51Ik+xH2yUb6J5nxEddaGVx8KbjgPmeSM7j1tGFTM7iOI15LyRldznXxsnSpo9Kob84V+jj/Eqaib7rP+38AAAAAAAAAAAAAAAAAAIBJM45/aZD1HAEAAAAAAAAAAAAAAAAAAAAAmHQD/f5v0v8R737/N+T3f4EJ8jsAAP//Y/x7PA==") r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r0, &(0x7f0000000300)=""/104, 0x68) 8.955412869s ago: executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@ipv4_delrule={0x44, 0x21, 0x1, 0x0, 0x0, {}, [@FRA_TUN_ID={0xc}, @FRA_GENERIC_POLICY=@FRA_IIFNAME={0x14, 0x3, 'nr0\x00'}, @FRA_GENERIC_POLICY=@FRA_PROTOCOL={0x5}]}, 0x44}}, 0x0) 3.910986902s ago: executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @multicast2}, 0x10) sendto$inet(r0, &(0x7f0000000000)="cd", 0x1, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) recvfrom$inet(r0, &(0x7f0000000140)=""/197, 0xffffffffffffff82, 0x10041, 0x0, 0x5b) 3.002447064s ago: executing program 1: socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) socket$nl_generic(0x10, 0x3, 0x10) epoll_create1(0x0) socket(0x10, 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @empty}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @private0={0xfc, 0x0, '\x00', 0x1}}}) 3.002217444s ago: executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x13, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000004000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='mm_page_free_batched\x00', r1}, 0x10) write$cgroup_int(r0, &(0x7f00000000c0), 0x12) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) 2.96587597s ago: executing program 0: mknod(&(0x7f00000000c0)='./file0\x00', 0x8001420, 0x0) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x149800, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)) ppoll(&(0x7f0000000140)=[{r0}, {r0}], 0x2, 0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) 2.870874654s ago: executing program 2: clock_adjtime(0x0, &(0x7f0000000000)={0xffff, 0x0, 0x100000000000000}) 2.83219536s ago: executing program 1: bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x20, 0x4, 0x4, 0x0, 0xc00}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x0, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="4400000010003704000000000000000000000007", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800e00010069703665727370616e00000008000280040012000500110000000000"], 0x44}}, 0x0) munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) r5 = getpgid(r1) capget(&(0x7f00000001c0)={0x20080522, r5}, &(0x7f0000000280)={0x1, 0x3ff, 0xc5d, 0x64fb, 0x0, 0x7}) quotactl$Q_GETINFO(0xffffffff80000500, &(0x7f0000000040)=@filename='./file0\x00', 0xee00, &(0x7f0000000080)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c40)={&(0x7f0000000000)=ANY=[], &(0x7f0000000f80)=""/4115, 0x3d, 0x1013, 0x1}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x13, 0x10, 0x1}, 0x48) 2.77009526s ago: executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="280000001e000101000000000000000007000000", @ANYRES32, @ANYBLOB="00f8ffffffffffff07000a"], 0x28}}, 0x0) 2.655598828s ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x10, &(0x7f00000014c0), 0x1, 0x793, &(0x7f0000001700)="$eJzs3c1rXFUbAPDnTpKmb9r3TV4QbF0FBA2UTkyNrYKLigsRLBR0bTtMpqFmkimZSWlCoBYR3AhaXAi66dqPunPrx1b/Bd2ISEvVtFhxISN3PjqTZiadtvloze8Htz3n3jM595l77zln5h7mBrBjjab/ZCL2R8R7ScRwY30SEQO1VH/E0Xq5myvL+XRJolp99bekVubGynI+2l6T2tPI7IuIb96OOJBZW295cWkmVywW5hv58crsmfHy4tLB07O56cJ0Ye7wxOTkoSPPHBncuFj/+H5p79X3X3ry86N/vfXo5Xe/TeJo7G1sa49jo4zGaOM9GUjfwlVe3OjKtlmy3TvAPUkvzb76VR77Yzj6aqne9F4SAHiQnI+IKgCwwyT6fwDYYZrfA9xYWc6nS/X89n4fsdWuvRARu+vxN+9v1rf0N+7Z7a7dBx26kay635FExMgG1D8aER9/+fqn6RKbdB8SoJM3L0TEyZHRZvvfan+SNXMW6nqfkPFUD2VGb8tr/2DrfJWOf55tjf9a11/m1vgnOox/Bjtcu/diNGJXe37t9Z+5sgHVdJWO/54faM1tu9kWf8NIXyP339qYbyA5dbpYSNu2/0XEWAwMpvmJdeoYu/739VUr+lrJ9vHf7xff+CStP/2/VSJzpf+2JncqV8ndb9xN1y5EPNbfKf7k1vFPuox/j/dYx8vPvfNRt21p/Gm8zWV1/Js/q6x6KeKJ6Bx/U7Le/MTD47XTYbx5UnTwxU8fDnWrv/34p0taf/OzwFZIj//Q+vGPJO3zNct3X8d3l4a/7rbtzvF3Pv93Ja/V0s3G41yuUpmfiNiVvLJ2/aHWa5v5Zvk0/rHHO1//653/6WfCkz3G33/118/uPf7NlcY/dVfH/+4Tl2/O9HWrv7fjP1lLjTXW9NL+9bqD9/PeAQAAAAAAAAAAAAAAAAAAAAAAAECvMhGxN5JM9lY6k8lm68/wfiSGMsVSuXLgVGlhbipqz8oeiYFM86cuh9t+D3Wi8Xv4zfyh2/JPR8T/I+KDwf/U8tl8qTi13cEDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMOeLs//T/0yuN17BwBsmt13LHG9sCU7AgBsmTv3/wDAv43+HwB2Hv0/AOw8+n8A2Hn0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGyy48eOpUv1z5XlfJqfOru4MFM6e3CqUJ7Jzi7ks/nS/JnsdKk0XSxk86XZtpf+0OnvFUulM5Mxt3BuvFIoV8bLi0snZksLc5UTp2dz04UThYEtiwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeldeXJrJFYuFeYmHJVEdrh+6B2V/Nj/x88Ef961X5qLTeOMT290yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwc/gkAAP//skMoxA==") setxattr$trusted_overlay_upper(&(0x7f0000000040)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x14553e, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) write$binfmt_script(r0, &(0x7f0000000080), 0x208e24b) rmdir(&(0x7f0000000180)='./file0/../file0\x00') 1.412344691s ago: executing program 0: syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bind$can_raw(0xffffffffffffffff, 0x0, 0x0) read$FUSE(r0, 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x800000001fe, 0x82) r2 = dup(r1) ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x2200c12, &(0x7f00000005c0)=ANY=[@ANYBLOB="757466382c696f636861727365743d69736f383835392d31332c636865636b3d72656c617865642c63727566742c6f76657272696465726f636b7065726d2c6d61703d61636f726e2c636865636b3d7374726963742c646d6f64653d3078303030303030303030303030303030392c6d6f64653d3078303030303030303030303030303030372c646d6f64653d3078303030303030303030303030303766662c756e686964652c63727566742c686964652c6d61703d6e6f726d616c2c00deb7862e98eceb563f0322b4868de378d30cbff3f04d0c6072173529bc46d554bdcb84d04625293f04fcc85a024c42f7b3e76ec2aeaba801d48be02e5f61a5a5e48b3957d79c789fa1ecc6b6b307371f16b82c6c9b9cb2469254a5138f7d50d681964d1e63099f697a9e36b112"], 0x8, 0xa0a, &(0x7f0000000940)="$eJzs3c1vHOd9B/Dv8EWiaUOSbdV1BdtayZVM2yxFUrVUQQdXIlcSXb4UJAVY6MFyLaoQxNat1QK2UcAyUPQUIwES5JDcjJySiwFf4kvgW3JLTjkECPwvGDkpJwazu6SW5C6XpClSlj8fYnfn5TfP85ud2Xm4u7PzhG+XpYOrxpaWardtjl/9+S5kzEPs4vhXn372SXn7+G72pTuvFb9M+pJUkp4kzya9Y+OzM1MdCrqdXE/yZVIk2Z/646ZcT/H9PHF//MsUPy3rbWvfZkumkyW+0/Z6/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIdRMTY+PDxS7MvE9NU3K3VJZZ2x8dmZIktL6+csL1P3Ra3X7+KLjvUmRXlLX99yV9/PHr4/+5kkleN5rj72XK1D8vTlw8efOXT+6Z6u5eXbZfON7N98sXc++PD224uLC++1D1n6qL4OO5PbQ+ZydXpibmZi6sLlamVibqZy7syZ4VNXLs1VLk1MVueuzc1Xpypjs9UL8zOzlYGxlysj586drlSHrs1cnb48PjRZXZ549u9Gh4fPVN4Y+ufqhdm5melTbwzNjV2ZmJycmL5ciylnlzFnyx3xnybmK/PVC1OVys1biwun1+TUvfbJLoNGOq1JGTTaKWh0eHR0ZGR0dOTjRu/ZKxPOvHbutbPDwz3Da2RdxAPaaXm4PNZ+M+/wERy2r6ve/ieTmch0rubNVFr+jWU8s5nJVJv5Dcvt/4lT1Q3rbW7/G618T9PsI+Xd8bzQGO1r0/63yWX3/u7kg3yY23k7i1nMQt7b84x29+9yqpnOROYyk4lM5UJtSqUxpZJzOZMzGc5buZKjmUsllzKRyVQzl2uZy3yqtT1qLLOp5kLmM5PZVDKQsbycSkZyLudyOpVUM5RrmcnVTOdyxnOhVsrN3Ko976c3yHElaGQzQaMbBK1tzMt9fWvtf/VR/U+QTdv5gzhs01Kj/d/XOXRgbDcSAgAAAHbc3/wmBw4/9es/JkWer30uf2lisvr6XqcFAAAA7KDa6XrPlQ+95dDzKcr3/8N7nRYAAACwg4rab+yKJP05Wh9a/iWUDwEAAADgEVH7/v+FFEeXJ+zz/h8AAAAeNZ2vsd8xohhcvvxv5Ub98UYjoj5W9F+amKwOjc1Mnh/JydpVBmq/NFhXWndS9NZ+fvBKjtWjjvXXH/vvl1jW2VdGjQydH8krOd5YkYEXy4cXB1pEjtYjX6pHvtQc2Z1VkafLSAB41B3foD3ebPv/SgbrEYNHak1+z5EWbfCwlhUAHhYrfez8udGlWYv2vxHxQrv2/+83eP9fRjyVm0frpxQM5Z28m8XcyGAaZxwcbVXqcm8E9dMQBjt8GtDfOGXhd2e7Mrju84C+lXVtjl3IaAZbfiJwfnyl3GI5h9P1uO4Hsw0AYLcd37Ad3lz7P9jh/X+/UwoB4KGy0oP9FgY+2krwwnt39nodAYDVtNIAAAAAAAAAAAAAAAAAAAAAAAAAAACw8zZ1Af/fnkwWFxeSbXQWsO2Bvq1kuPFAV3Yp5z0f6E6yV7W/ni0vVW7jb1DpLx77Rosb2Ghgjw9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7Ioi6W41vSvZn2Q4yandz+rBubvXCeyUyvYWK+7lXt7PgZ1OBwAAAAAAAAAAAAAAAAAAAAAAAAAAAADgu65x/f+u1B8fr09KT1dyIsn1JP+y1znupHt7ncCe+ffafdP1/7uS3iwV6alv9hS9Y+OzM1Pl5i/2l/O/+vSzT8pb57LX96pQFlDWsKpziUYNTVN6Vy/1ZG2p/vGFO7f/+93/rIxfrO2YF+cvTY5PXZ79x/uBzxSf17tAaO4GYTnf/z3xqx80Td7XqPzzck1bW1vvpVq94+vr/etWS7epdxNuLS6MljXNV9+c/5//uPV+06yncix5cSAZWF3Tv5W3NjUdW/t8rlZ8Xfx/cSA/zvXa9i+fjWKpKDfRwdr6P3bz1uLC0DvvLt5YyemjVTkdytEkN5K+zed0tHY8aam213X1lrUO14LKu8MdyttQU4kjbZ7XJ2u7TP+W1qHSfh1qOjzvjYxOt8zoh//1dE5ueUuf7FBjS8XXxR+KK/l9/q+p/4+ucvufSMtXZ4siapFNe0rzvFUvr656ZG3NR5tnvLW2zLavSh6A7+Vf8w8r27+r6fjf2Fa7czxqqrH16yLZ+uviZwfXtSj31Vqkw2tapMbRp90yjTwP16Pa5PlXeTXpObKlI8qrHY4oD+r1/5NiIH/KXf3/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD78i6W41vSs5keRQkoPleCVZWhtzdxv1dfUX20lzx2wn52+fou2KFvdyL+/nwG5nBAAAAAAAAMCDcXH8q08/+6S81b6P787fdjXmVJKeJIeKH/WOjc/OTHUoqDe5vvyVft/GoWtPNLhe3j1xf/zLcuzZDvXt7ekDAPCt9pcAAAD//4rkbfY=") socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e25, 0x0, @private2}, 0x1c) io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x17, &(0x7f0000004d00)={0x0, 0x0, 0x0, 0x2}, 0x1) 1.16386879s ago: executing program 1: syz_mount_image$udf(&(0x7f0000001200), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000280)=ANY=[], 0x1, 0xc02, &(0x7f0000001840)="$eJzs3U9sHNd9B/DfG5IiJbcVEzuK3cbFpi1SmbFc/YupWIW7qmm2AWSZCMXcAnAlrtSFqSVBUo1spC3TSw89BCiKHnIi0BoFUjQwmiLokW1dILn4UOTUE9HCRlD0wBYBcgpYzOxbcSlRlmSSEml/Pjb1nZ15b+a9mfWMLOjNCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAg4ndfvXDyVHrcrQAAHqVLk189edrzHwA+US77/38AAAAAAAAAAAAAANjvUhTxZKSYv7SepqvPHUMXW+2bt6bGxrevdjhVNfuq8uXP0KnTZ85+6cXRc9388Pq77Zl4ffLyhdorczfmF5qLi82Z2lS7dXVupvnAe9hp/TuNVCegduONmzPXri3WTr9wZsvmW8MfDD5xbPj86HMnnu2WnRobH5/sKdM/8JGPfpd7jfA4FEWciBTPf+8nqRERRez8XNznu7PXDledGKk6MTU2XnVkttVoL5UbJ7onooio9VSqd8/RI7gWO1KPWC6bXzZ4pOze5HxjoXFltlmbaCwstZZac+2J1Glt2Z9aFHEuRaxExNrg3bsbiCL6I8V3jq6nKxHR1z0PX6wGBt+7HcUe9vEBlO2sDUSsFAfgmu1jg1HEa5Hip+8WcbU8Z/knvhDxWpk/iHi7zJcjUvnFOBvxfvU9OvSYW85u6I8i/ry8/ufX00x1P+jeVy5+rfaV9rW5nrLd+8qBfz48Svv83jQURTSqO/56+ui/2QEAAAAAAAAAAAAAAABgtx2OIp6JFK/++x9W44qjGpd+9Pzo7w3/Yu+Y8afvs5+y7AsRsVw82JjcQ3kI8USaSOkxjyX+JBuKIv4oj//71uNuDAAAAAAAAAAAAAAAAAAAwCdaET+OFC+9dzytRO+c4q329drlxpXZzqyw3bl/u3Omb2xsbNRSJ+s5p3Mu51zJuZpzLWcUuX7Oes7pnMs5V3Ku5lzLGX25fs56zumcyzlXcq7mXMsZ/bl+znrO6ZzLOVdyruZcyxn7ZO5eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICPkyKK+Hmk+PY31lOkiKhHTEcnVwcfd+sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNJgKuL7kaL2+/Xb6/ojIlX/dhwvfzkb9UNlfjrqo2W+HPULORtV9te/9Rjaz84MpCJ+FCkGh965fcHz9R/ofLr9NYi3v7n56Zf7O9nX3Tj8weATx46eHx3/1afvtZy2a8DIxVb75q3a1Nj4+GTP6v589E/3rBvOxy12p+tExOKbb73RmJ1tLjzEwkZEPHwtCxYsHJyFx31n4lEon//vR4rfeu8/ug/87vP/Fzqfbj/h42d/vPn8f+nOHe3R8//JnnUv5d+NDPRHDC3dmB84FjG0+OZbJ1o3Gteb15vtsydPfnl09MtnTg4cihi61ppt9izt+FQBAAAAAAAAAAAAAAAAPFqpiN+JFI0fradaRNyqxmsNnx997sSzfdFXjbfaMm7r9cnLF2qvzN2YX2guLjZnalPt1tW5meaDHm6oGu41NTa+J525r8N73P7DQ6/Mzb+50Lr+B0vbbj8ydOHK4tJC4+r2m+NwFBH13jUjVYOnxsarRs+2Gu2q6sS2g+ke3kAq4j8jxdWztfT5vC6P/7tzhP+W8f/Ld+5oj8b/fapnXXnMlIr4WaT4zb94Oj5ftfNI3HXOcrm/iRQj5z6Xy8Whsly3DZ33CnRGBpZl/zdS/MPPt5btjod8crPsqQc+sQdEef2PRorv/9l349fyuq3vf9j++h+5c0d7dP2f6ll3ZMv7CnbcdfL1PxEpXn7ynfj1vO7D3v/RfffG8Vz49vs59uj6f6Zn3XA+7m/sTtcBAAAAAAAAAAAOtIFUxN9GimfH+9OLed2D/P2/mTt3tEd//+uzPetmPuJ8RQ+7sOOTCgAAAAD7xEAq4seR4vrSO7fHUG8d/90z/vO3N8d/jqU7tlZ/zvdL1XsDdvPP/3oN5+NO77zbAAAAAAAAAAAAAAAAAAAAsK+kVMSLeT716fvMp74aKV797+dzuXSsLNedB364+nXo0lz7xIWNjY0/aSw1rsw2a5PzjavNsu5TkWL9rz+X6xbV/Ord+eY7c7xvzsW+ECnG/65btjMXe3du8qc2y54qy34qUvzX328t253H+jObZU+XZf8qUnz9n7Yve2yz7Jmy7HcjxQ+/XuuWPVKW7b4f9bObZV+4Ojd716tQAQAAAAAAAAAAAAAAAAAA4GENpCL+NFL8z42V22P58/z/Az0fK29/s2e+/zvcqub5H67m/7/X8keZ/394d7oJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHSooi3ooU85fW0+pg+blj6GKrffPW1Nj49tUOp6pmX1W+/Bk6dfrM2S+9OHqumx9ef7c9E69PXr5Qe2XuxvxCc3GxOVObareuzs00H3gPO62/eeo6RqoTULvxxs2Za9cWa6dfOLNl863hDwafODZ8fvS5E892y06NjY9P9pTpH3iIo9+naekeWw5FEX8ZKZ7/3k/SPw9GFLHzc3Gf785eO1x1YqTqxNTYeNWR2VajvVRunOieiCKi1lOp3r2Ae34tdqgesVw2v2zwSNm9yfnGQuPKbLM20VhYai215toTqdPasj+1KOJciliJiLXBu3c3EEW8ESm+c3Q9/ctgRF/3PHzx0uRXT56+dzuKPezjAyjbWRuIWCkOwDXbxwajiH+MFD9993j862BEf3R+4gsRr5X5g4i3y3w5IpVfjLMR72/zPeJg6o8i/q+8/ufX07uD5f2ge1+5+LXaV9rX5nrKdu8rB/758Cjt83vTUBTxw+qOv57+zX/XAAAAAAAAAAAAAAAAAPtIEb8SKV5673iqxgffHlPcal+vXW5cme0M6+uO/euOmd7Y2NiopU7Wc07nXM65knM151rOKHL9nPWc0zmXc67kXM25ljP6cv2c9ZzTOZdzruRczbmWM/pz/Zz1nNM5l3Ou5FzNuZYz9snYPQAAAAAAAAAAAAAAAAAA4OOlqP5J8e1vrKeNwc780tPRyVXzgX7s/X8AAAD//5q+/48=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) symlinkat(0x0, 0xffffffffffffff9c, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0x40010) sendmsg$SMC_PNETID_FLUSH(0xffffffffffffffff, 0x0, 0x0) sendfile(r1, r0, 0x0, 0xf03afffe) 1.013735503s ago: executing program 3: syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) write$cgroup_int(r0, &(0x7f0000000200), 0x12) r2 = socket(0xa, 0x6, 0x0) getsockopt$inet6_mreq(r2, 0x10d, 0xd9, 0x0, &(0x7f0000000040)) 754.857623ms ago: executing program 0: socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000002b40)={0xffffffffffffffff}) ioctl$sock_proto_private(r0, 0x8990, &(0x7f0000000000)="4b8afec73797066c0b3a") 749.082774ms ago: executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @multicast2}, 0x10) sendto$inet(r0, &(0x7f0000000000)="cd", 0x1, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) recvfrom$inet(r0, &(0x7f0000000140)=""/197, 0xffffffffffffff82, 0x10041, 0x0, 0x5b) 630.998973ms ago: executing program 2: r0 = socket$kcm(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='batadv_slave_0\x00', 0x10) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, 0x10) r1 = socket$kcm(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)='veth1_to_team\x00', 0x10) bind$inet(r1, &(0x7f0000000140)={0x2, 0x0, @dev}, 0x10) 585.526129ms ago: executing program 3: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r0, &(0x7f0000003740)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0, 0x0, &(0x7f0000001400)=[@tclass={{0x10}}], 0x10}}], 0x1, 0x0) 460.120709ms ago: executing program 3: io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(0xffffffffffffffff, 0x10, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @target={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x4}, @NFTA_TARGET_REV={0x8}, @NFTA_TARGET_NAME={0xa, 0x1, 'quota\x00'}]}}}]}], {0x14, 0x10}}, 0xb0}}, 0x0) sendmsg$NFT_MSG_GETSET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x20, 0xa, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x0) 369.400043ms ago: executing program 1: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r0, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)='\v', 0x1}], 0x1}}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000040)={0x0, 0x0, 0x20}, &(0x7f00000003c0)=0x18) 237.715164ms ago: executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="280000001e000101000000000000000007000000", @ANYRES32, @ANYBLOB="00f8ffffffffffff07000a"], 0x28}}, 0x0) 231.120834ms ago: executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000006ec0)={0x0, 0x0, &(0x7f0000006e80)={&(0x7f00000010c0)=@newtaction={0x488, 0x30, 0x1, 0x0, 0x0, {}, [{0x474, 0x1, [@m_police={0x470, 0x1, 0x0, 0x0, {{0xb}, {0x444, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x8, 0x2, 0x0, 0x0, 0x0, 0x4}}}, @TCA_POLICE_RATE={0x404}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x488}}, 0x0) 139.436389ms ago: executing program 1: r0 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x48, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='./file0\x00'}) syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_SHUTDOWN={0x22, 0x2}) io_uring_enter(r0, 0x2e74, 0x0, 0x0, 0x0, 0x0) 100.188545ms ago: executing program 3: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c8000c00080002"], 0x11) 81.037418ms ago: executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000180)={0x28, r1, 0x30f, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0x10, 0x2, 0x0, 0x1, [{0x4, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}]}]}, @ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x28}}, 0x0) 26.745456ms ago: executing program 1: syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bind$can_raw(0xffffffffffffffff, 0x0, 0x0) read$FUSE(r0, 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x800000001fe, 0x82) r2 = dup(r1) ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x2200c12, &(0x7f00000005c0)=ANY=[@ANYBLOB="757466382c696f636861727365743d69736f383835392d31332c636865636b3d72656c617865642c63727566742c6f76657272696465726f636b7065726d2c6d61703d61636f726e2c636865636b3d7374726963742c646d6f64653d3078303030303030303030303030303030392c6d6f64653d3078303030303030303030303030303030372c646d6f64653d3078303030303030303030303030303766662c756e686964652c63727566742c686964652c6d61703d6e6f726d616c2c00deb7862e98eceb563f0322b4868de378d30cbff3f04d0c6072173529bc46d554bdcb84d04625293f04fcc85a024c42f7b3e76ec2aeaba801d48be02e5f61a5a5e48b3957d79c789fa1ecc6b6b307371f16b82c6c9b9cb2469254a5138f7d50d681964d1e63099f697a9e36b112"], 0x8, 0xa0a, &(0x7f0000000940)="$eJzs3c1vHOd9B/Dv8EWiaUOSbdV1BdtayZVM2yxFUrVUQQdXIlcSXb4UJAVY6MFyLaoQxNat1QK2UcAyUPQUIwES5JDcjJySiwFf4kvgW3JLTjkECPwvGDkpJwazu6SW5C6XpClSlj8fYnfn5TfP85ud2Xm4u7PzhG+XpYOrxpaWardtjl/9+S5kzEPs4vhXn372SXn7+G72pTuvFb9M+pJUkp4kzya9Y+OzM1MdCrqdXE/yZVIk2Z/646ZcT/H9PHF//MsUPy3rbWvfZkumkyW+0/Z6/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIdRMTY+PDxS7MvE9NU3K3VJZZ2x8dmZIktL6+csL1P3Ra3X7+KLjvUmRXlLX99yV9/PHr4/+5kkleN5rj72XK1D8vTlw8efOXT+6Z6u5eXbZfON7N98sXc++PD224uLC++1D1n6qL4OO5PbQ+ZydXpibmZi6sLlamVibqZy7syZ4VNXLs1VLk1MVueuzc1Xpypjs9UL8zOzlYGxlysj586drlSHrs1cnb48PjRZXZ549u9Gh4fPVN4Y+ufqhdm5melTbwzNjV2ZmJycmL5ciylnlzFnyx3xnybmK/PVC1OVys1biwun1+TUvfbJLoNGOq1JGTTaKWh0eHR0ZGR0dOTjRu/ZKxPOvHbutbPDwz3Da2RdxAPaaXm4PNZ+M+/wERy2r6ve/ieTmch0rubNVFr+jWU8s5nJVJv5Dcvt/4lT1Q3rbW7/G618T9PsI+Xd8bzQGO1r0/63yWX3/u7kg3yY23k7i1nMQt7b84x29+9yqpnOROYyk4lM5UJtSqUxpZJzOZMzGc5buZKjmUsllzKRyVQzl2uZy3yqtT1qLLOp5kLmM5PZVDKQsbycSkZyLudyOpVUM5RrmcnVTOdyxnOhVsrN3Ko976c3yHElaGQzQaMbBK1tzMt9fWvtf/VR/U+QTdv5gzhs01Kj/d/XOXRgbDcSAgAAAHbc3/wmBw4/9es/JkWer30uf2lisvr6XqcFAAAA7KDa6XrPlQ+95dDzKcr3/8N7nRYAAACwg4rab+yKJP05Wh9a/iWUDwEAAADgEVH7/v+FFEeXJ+zz/h8AAAAeNZ2vsd8xohhcvvxv5Ub98UYjoj5W9F+amKwOjc1Mnh/JydpVBmq/NFhXWndS9NZ+fvBKjtWjjvXXH/vvl1jW2VdGjQydH8krOd5YkYEXy4cXB1pEjtYjX6pHvtQc2Z1VkafLSAB41B3foD3ebPv/SgbrEYNHak1+z5EWbfCwlhUAHhYrfez8udGlWYv2vxHxQrv2/+83eP9fRjyVm0frpxQM5Z28m8XcyGAaZxwcbVXqcm8E9dMQBjt8GtDfOGXhd2e7Mrju84C+lXVtjl3IaAZbfiJwfnyl3GI5h9P1uO4Hsw0AYLcd37Ad3lz7P9jh/X+/UwoB4KGy0oP9FgY+2krwwnt39nodAYDVtNIAAAAAAAAAAAAAAAAAAAAAAAAAAACw8zZ1Af/fnkwWFxeSbXQWsO2Bvq1kuPFAV3Yp5z0f6E6yV7W/ni0vVW7jb1DpLx77Rosb2Ghgjw9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7Ioi6W41vSvZn2Q4yandz+rBubvXCeyUyvYWK+7lXt7PgZ1OBwAAAAAAAAAAAAAAAAAAAAAAAAAAAADgu65x/f+u1B8fr09KT1dyIsn1JP+y1znupHt7ncCe+ffafdP1/7uS3iwV6alv9hS9Y+OzM1Pl5i/2l/O/+vSzT8pb57LX96pQFlDWsKpziUYNTVN6Vy/1ZG2p/vGFO7f/+93/rIxfrO2YF+cvTY5PXZ79x/uBzxSf17tAaO4GYTnf/z3xqx80Td7XqPzzck1bW1vvpVq94+vr/etWS7epdxNuLS6MljXNV9+c/5//uPV+06yncix5cSAZWF3Tv5W3NjUdW/t8rlZ8Xfx/cSA/zvXa9i+fjWKpKDfRwdr6P3bz1uLC0DvvLt5YyemjVTkdytEkN5K+zed0tHY8aam213X1lrUO14LKu8MdyttQU4kjbZ7XJ2u7TP+W1qHSfh1qOjzvjYxOt8zoh//1dE5ueUuf7FBjS8XXxR+KK/l9/q+p/4+ucvufSMtXZ4siapFNe0rzvFUvr656ZG3NR5tnvLW2zLavSh6A7+Vf8w8r27+r6fjf2Fa7czxqqrH16yLZ+uviZwfXtSj31Vqkw2tapMbRp90yjTwP16Pa5PlXeTXpObKlI8qrHY4oD+r1/5NiIH/KXf3/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD78i6W41vSs5keRQkoPleCVZWhtzdxv1dfUX20lzx2wn52+fou2KFvdyL+/nwG5nBAAAAAAAAMCDcXH8q08/+6S81b6P787fdjXmVJKeJIeKH/WOjc/OTHUoqDe5vvyVft/GoWtPNLhe3j1xf/zLcuzZDvXt7ekDAPCt9pcAAAD//4rkbfY=") socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e25, 0x0, @private2}, 0x1c) io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x17, &(0x7f0000004d00)={0x0, 0x0, 0x0, 0x2}, 0x1) 0s ago: executing program 0: syz_mount_image$nilfs2(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1080c, &(0x7f0000000200)=ANY=[], 0x0, 0xa7a, &(0x7f0000001640)="$eJzs3UuMHEcZAODu3Z21nTh4HGxinJDYBJIIyG68a8zDgjiKL1gx4hYp4mI5TrBwDMKRIFEkbJ+4kcgyN8RDnHKJACGRC7Jy4hKJWOKSU+DAActIkThAgj1oZ6tmZ37PpGe9j97Z+T6ppqa7arqqZ3t6+1VVBTC2Jtqvjfbr5TcvHf3nQ//YtvD+8U6OZvt1qmtqIXeZpqfC8t6bXIxvvP/KyX5xWcy1X/P0ZNdn7yyK4nyxr7hSNIu9l6++9vbcU8cvHLu4/53XD19bg1UHAICx860rhw/u/ttf7t35wRv3Hym2dObn4/Nmmt6ejvuPpAP/hWiqzOcPS+cDZVfoNh3yTaUwEfJN9slXdOVr5Hxbez8Xy58Oy20MyLelovzJcI5ShvrAKMvbcbMoJ2Z6picmZmYWz8mL9nn9dDlz9vSZ587VVFFg1f37gaIo9gnCuIXWjs6PoPa61Be6vgWAWsX7hbc4H68srExnaVPDlX/9iYn+n+/VWM06Mj7We/tXflx+bz3Wu/yq9f/NhTVef8bK8FvT1jWtx2rL65V/R9vTdLyPEJ9fWu7+Jy9vMixv2AOAQfcRRuX+wqB6Tq5zPW7XoPrH7WKz+lqK8/fw9ZDe/fuJf9NR+RsD/f1nw13/37ZUudrrIgibO7Tq3PkA9ao4rY/PzbWSnB6f64vpWyrSt1akb6tIv6Mi/c6KdBhnv3/xp8WrZdG3PV6xeP7f/rEMez0sX2e7K8UfW2Z94vXI5V6Pi8/9LtdKy4/PE8NG9scTT5/68rPPXF18/r/sbP830/a+L00302/rSsqQrxfG6+qdZ/+bveVMDMh3d6jPXX3yt9/v6s1X7lpaTtG1n7mlHnt6P7djUL77evM1Q75tKcTDpXh8ckf4XD7+yPvV/H1NhfVthPWYDvXI+5WdKR6tuzFsVHl7HPT8f94+9xSN8rnTZ049lqbzdvrnycaWhfkH1rnewMoN2/5nT9Hb/md7Z35jonu/sGNpftm9X2iG+XMD5s+n6fx/7juT29rzZ05+78yzq73yMObOvfTyd0+cOXPqB9544403nTd175mAtTb74gvfnz330suPnn7hxPOnnj91dv7Qofm5uUNfmT842z6un+0+ugc2k6V/+nXXBAAAAAAAAAAAABjWD48dvfrXt7707mL7/6X2f7n9f37yN7f//0lo/x/byed28Lkd4M4+6e08oYPV6ZCvkcLHQ313hXJ2h899IsWdcfxS+/9cXOzXNdfnnjA/9t+b84XuBG7pL2U69EESxwv8dIovpvjXBdSo/Hn/2Smu6t86b+u5fwr9Uoym/HfL/Znkfkxy++9B/Trl/f/O/ov98WrXk9W1Hs0J615HoL9/bbj+v9ckLHX4WXtdus4Yaq+LsNHCjVartZ7ltVofNYqHsaaA9VP3+J/5umeOz/7pG1sXQs52/Yne/WXsvxRWou7xL2srP19YHNf1H7L81R7/szP+3dD7vzBiXvP2yv3vL66921VssXdg+VuKnvLj+ud+oHctr/wPUvl5bR4uBpXfu/6tX4Xy4w2hIX0Yyr9jyPLj+l9absGpwP+l8vPX9siDw5a/uIByorce8bpxvv8XrxtnN8L65749l7v+tztQ481UPoyzURlndrl6xv+90Fr/8X9XOMJQfA7ji2k67wjzcw5xvJPl1j8/X5H/D+wOyy8r/r8Z/3e0fTXFVb+HPP5v3h6bfaYnuqYbfb7bzbqvgVH13qrd/+t6Ym4D3EcRxieUtrnbDq1Wq9abfO4w1qvu77/u84S6y6/7+68Sx/+Nx/Bx/N+YHsf/jelx/N+Y3r6u+OHSoL3x+4rj/8b0OP5vTL8nlBvHB95Tkf7JivS9Fen3VqTfV5H+qYr0/RXp91ekP1CRfndF+oMV6Z8Jf/GY/tmKzz9Ukf7IR6fP/6ji85tdbo8yrusP4yy2z/P7h/GR7/8M+v3vqkgHRtfP3jjw5DO/+3Zzsf3/dOd6SL6PdyRNN9K5czxfitdPJlPaW2n67yF9o1/vgHES+8+I/98frkgHRld+zsvvG8ZQ2b/HnmH7rRp0nM9o+VyKP5/iL6T40RTPpHg2xQdSPLdO9WNtPPnbPxx+tVw6398R0od9njy2B4r9RM0PWZ94fWC5z7PHfvyWa6Xl32ZzMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNpMtF8PHtxTFsXlNy8dffr46dmFOY93cjTbr1NdU43O54risRRPpviX6c2N91852R3fTHFZzBVlUXbmF9+83inpzqIozhf7iitFs9h7+eprb889dfzCsYv733n98LW1+wYAAABg8/t/AAAA//9N2hwq") mount$overlay(0x0, 0x0, &(0x7f0000000340), 0x0, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000080)="09000300010001", 0x7) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) r1 = socket$tipc(0x1e, 0x0, 0x0) syz_open_procfs(0x0, 0x0) sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, 0x0, 0x0) connect$tipc(r1, &(0x7f0000000040)=@name, 0x10) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000006740), 0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) getdents64(r2, &(0x7f0000000f80)=""/4096, 0x1000) kernel console output (not intermixed with test programs): 289: inode #16: comm syz-executor.3: Deleting file 'file3' with no links [ 148.418969][ T4702] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #17: comm syz-executor.3: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 148.491236][ T4702] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #17: comm syz-executor.3: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 148.734017][ T5478] loop2: detected capacity change from 0 to 512 [ 149.021350][ T5478] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e01c, mo2=0002] [ 149.077421][ T5478] System zones: 1-12 [ 149.225181][ T5478] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz-executor.2: invalid indirect mapped block 8323072 (level 1) [ 149.474229][ T5478] EXT4-fs (loop2): 1 truncate cleaned up [ 149.482072][ T5478] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 149.601136][ T4793] EXT4-fs (loop2): unmounting filesystem. [ 149.690403][ T26] audit: type=1804 audit(1718673183.125:24): pid=5488 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1039268468/syzkaller.B63Rur/194/bus" dev="sda1" ino=1936 res=1 errno=0 [ 149.734122][ T4702] EXT4-fs (loop3): unmounting filesystem. [ 149.812691][ T5492] Option ' ­>' to dns_resolver key: bad/missing value [ 149.891173][ T62] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.078125][ T62] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.140961][ T5504] loop1: detected capacity change from 0 to 256 [ 150.150555][ T5504] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 150.205868][ T5504] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe622a5da, utbl_chksum : 0xe619d30d) [ 150.242039][ T62] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.278085][ T3612] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 150.377364][ T62] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.473249][ T5507] loop2: detected capacity change from 0 to 8192 [ 150.510044][ T5507] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 150.532432][ T5507] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 150.541930][ T5507] REISERFS (device loop2): using ordered data mode [ 150.562587][ T5507] reiserfs: using flush barriers [ 150.572443][ T5507] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 150.619997][ T5507] REISERFS (device loop2): checking transaction log (loop2) [ 150.638552][ T5507] REISERFS (device loop2): Using tea hash to sort names [ 150.653286][ T3582] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 150.657729][ T5514] loop1: detected capacity change from 0 to 512 [ 150.663469][ T3612] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 150.679076][ T3612] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 150.685007][ T5507] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 150.689384][ T3582] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 150.709418][ T3612] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 150.722517][ T3582] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 150.729912][ T3612] usb 5-1: New USB device found, idVendor=5543, idProduct=0003, bcdDevice= 0.00 [ 150.742267][ T3612] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.760971][ T3582] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 150.769816][ T3582] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 150.777414][ T3582] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 150.796528][ T3612] usb 5-1: config 0 descriptor?? [ 150.872654][ T5514] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e01c, mo2=0002] [ 150.881114][ T5514] System zones: 1-12 [ 150.904613][ T5514] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz-executor.1: invalid indirect mapped block 8323072 (level 1) [ 150.960828][ T5514] EXT4-fs (loop1): 1 truncate cleaned up [ 151.009090][ T5514] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 151.180986][ T4898] EXT4-fs (loop1): unmounting filesystem. [ 151.296177][ T3612] uclogic 0003:5543:0003.0002: unknown main item tag 0x0 [ 151.334810][ T3612] uclogic 0003:5543:0003.0002: unknown main item tag 0x0 [ 151.341909][ T3612] uclogic 0003:5543:0003.0002: unknown main item tag 0x0 [ 151.415272][ T5511] chnl_net:caif_netlink_parms(): no params data found [ 151.437761][ T3612] uclogic 0003:5543:0003.0002: unknown main item tag 0x0 [ 151.452856][ T3612] uclogic 0003:5543:0003.0002: unknown main item tag 0x0 [ 151.470211][ T3612] uclogic 0003:5543:0003.0002: unknown main item tag 0x0 [ 151.492030][ T3612] uclogic 0003:5543:0003.0002: unknown main item tag 0x0 [ 151.507313][ T3612] uclogic 0003:5543:0003.0002: No inputs registered, leaving [ 151.558546][ T3612] uclogic 0003:5543:0003.0002: hidraw0: USB HID v0.00 Device [HID 5543:0003] on usb-dummy_hcd.4-1/input0 [ 151.598655][ T5534] loop2: detected capacity change from 0 to 8 [ 151.620814][ T3612] usb 5-1: USB disconnect, device number 10 [ 151.783060][ T5534] SQUASHFS error: lzo decompression failed, data probably corrupt [ 151.792711][ T5534] SQUASHFS error: Failed to read block 0x28d: -5 [ 151.813775][ T5534] SQUASHFS error: Unable to read metadata cache entry [28b] [ 151.824710][ T5543] loop1: detected capacity change from 0 to 2048 [ 151.841868][ T5534] SQUASHFS error: Unable to read inode 0x11f [ 151.860115][ T5543] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 151.925669][ T5543] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 151.962830][ T5511] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.980257][ T5511] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.003588][ T5511] device bridge_slave_0 entered promiscuous mode [ 152.062798][ T5511] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.071281][ T26] audit: type=1804 audit(1718673185.505:25): pid=5551 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1636883282/syzkaller.7n2lnt/46/bus" dev="sda1" ino=1955 res=1 errno=0 [ 152.111320][ T5511] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.149837][ T5511] device bridge_slave_1 entered promiscuous mode [ 152.305286][ T5511] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 152.307605][ T5511] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 152.335182][ T5561] loop4: detected capacity change from 0 to 512 [ 152.365785][ T5561] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e01c, mo2=0002] [ 152.365872][ T5561] System zones: 1-12 [ 152.367293][ T5561] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz-executor.4: invalid indirect mapped block 8323072 (level 1) [ 152.368177][ T5561] EXT4-fs (loop4): 1 truncate cleaned up [ 152.368206][ T5561] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 152.437829][ T5511] team0: Port device team_slave_0 added [ 152.472071][ T4055] EXT4-fs (loop4): unmounting filesystem. [ 152.495339][ T5511] team0: Port device team_slave_1 added [ 152.596256][ T62] device hsr_slave_0 left promiscuous mode [ 152.596848][ T62] device hsr_slave_1 left promiscuous mode [ 152.597437][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 152.597476][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 152.599484][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 152.599507][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 152.602145][ T62] device bridge_slave_1 left promiscuous mode [ 152.602293][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.614958][ T62] device bridge_slave_0 left promiscuous mode [ 152.615106][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.645172][ T62] device veth1_macvtap left promiscuous mode [ 152.645218][ T62] device veth0_macvtap left promiscuous mode [ 152.646648][ T62] device veth1_vlan left promiscuous mode [ 152.646706][ T62] device veth0_vlan left promiscuous mode [ 152.748677][ T5564] loop2: detected capacity change from 0 to 8192 [ 152.811885][ T5564] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 152.811936][ T5564] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 152.812018][ T5564] REISERFS (device loop2): using ordered data mode [ 152.812028][ T5564] reiserfs: using flush barriers [ 152.814577][ T5564] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 152.814977][ T5564] REISERFS (device loop2): checking transaction log (loop2) [ 152.819203][ T5564] REISERFS (device loop2): Using tea hash to sort names [ 152.819672][ T5564] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 152.872483][ T3579] Bluetooth: hci3: command tx timeout [ 153.750928][ T62] team0 (unregistering): Port device team_slave_1 removed [ 153.766116][ T5600] loop4: detected capacity change from 0 to 8 [ 153.814141][ T5600] SQUASHFS error: lzo decompression failed, data probably corrupt [ 153.823114][ T62] team0 (unregistering): Port device team_slave_0 removed [ 153.861984][ T5600] SQUASHFS error: Failed to read block 0x28d: -5 [ 153.886478][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 153.896090][ T5600] SQUASHFS error: Unable to read metadata cache entry [28b] [ 153.905825][ T5600] SQUASHFS error: Unable to read inode 0x11f [ 153.930363][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 154.149483][ T62] bond0 (unregistering): Released all slaves [ 154.248279][ T5511] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 154.262453][ T5511] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 154.288967][ T26] audit: type=1804 audit(1718673187.705:26): pid=5612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir1153053038/syzkaller.LgN5MR/113/bus" dev="sda1" ino=1961 res=1 errno=0 [ 154.353092][ T5511] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 154.402224][ T5511] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 154.411827][ T5511] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 154.484734][ T5511] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 154.576340][ T5511] device hsr_slave_0 entered promiscuous mode [ 154.615365][ T5511] device hsr_slave_1 entered promiscuous mode [ 154.629715][ T5511] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 154.656460][ T5511] Cannot create hsr debugfs directory [ 154.952787][ T3579] Bluetooth: hci3: command tx timeout [ 155.785938][ T5670] loop2: detected capacity change from 0 to 512 [ 155.879295][ T5670] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 155.933769][ T5670] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 156.037009][ T5511] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 156.057872][ T5511] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 156.066058][ T5670] EXT4-fs (loop2): 1 truncate cleaned up [ 156.071757][ T5670] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 156.097299][ T5511] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 156.116997][ T5670] syz-executor.2 (pid 5670) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 156.138397][ T5511] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 156.172953][ T26] audit: type=1326 audit(1718673189.605:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5676 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ffafce7a6a7 code=0x7ffc0000 [ 156.255222][ T5684] loop4: detected capacity change from 0 to 8 [ 156.268186][ T4793] EXT4-fs (loop2): unmounting filesystem. [ 156.275197][ T26] audit: type=1326 audit(1718673189.655:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5676 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ffafce40379 code=0x7ffc0000 [ 156.311855][ T5684] SQUASHFS error: lzo decompression failed, data probably corrupt [ 156.342816][ T5684] SQUASHFS error: Failed to read block 0x28d: -5 [ 156.349367][ T5684] SQUASHFS error: Unable to read metadata cache entry [28b] [ 156.381304][ T26] audit: type=1326 audit(1718673189.655:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5676 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ffafce7a6a7 code=0x7ffc0000 [ 156.409522][ T5684] SQUASHFS error: Unable to read inode 0x11f [ 156.437028][ T26] audit: type=1326 audit(1718673189.655:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5676 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ffafce40379 code=0x7ffc0000 [ 156.547057][ T5511] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.551148][ T26] audit: type=1326 audit(1718673189.655:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5676 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ffafce7a6a7 code=0x7ffc0000 [ 156.574495][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 156.603772][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 156.609927][ T5511] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.623752][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 156.635424][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 156.635877][ T3657] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.635976][ T3657] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.637059][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 156.649177][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 156.649820][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 156.650264][ T3289] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.650326][ T3289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.658778][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 156.684514][ T26] audit: type=1326 audit(1718673189.655:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5676 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ffafce40379 code=0x7ffc0000 [ 156.684555][ T26] audit: type=1326 audit(1718673189.655:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5676 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ffafce7a6a7 code=0x7ffc0000 [ 156.684671][ T26] audit: type=1326 audit(1718673189.655:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5676 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ffafce40379 code=0x7ffc0000 [ 156.684701][ T26] audit: type=1326 audit(1718673189.655:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5676 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ffafce7a6a7 code=0x7ffc0000 [ 156.684729][ T26] audit: type=1326 audit(1718673189.655:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5676 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ffafce40379 code=0x7ffc0000 [ 156.693639][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 156.698149][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 156.699690][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 156.700475][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 156.726231][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 156.727017][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 156.744066][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 156.744737][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 156.764937][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 156.765557][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 156.769051][ T5511] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 156.966155][ T5696] loop2: detected capacity change from 0 to 4096 [ 157.039214][ T3579] Bluetooth: hci3: command tx timeout [ 157.130179][ T5706] loop4: detected capacity change from 0 to 2048 [ 157.218690][ T5706] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 157.311096][ T5706] EXT4-fs error (device loop4): ext4_find_extent:936: inode #2: comm syz-executor.4: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 157.325484][ T5706] EXT4-fs (loop4): Remounting filesystem read-only [ 157.422095][ T4055] EXT4-fs (loop4): unmounting filesystem. [ 157.550458][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 157.550593][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 157.582622][ T5511] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.626537][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 157.627591][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 157.710461][ T5511] device veth0_vlan entered promiscuous mode [ 157.716844][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 157.717540][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 157.718510][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 157.719025][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 157.751776][ T5511] device veth1_vlan entered promiscuous mode [ 158.446174][ T5738] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.2'. [ 158.570102][ T5511] device veth0_macvtap entered promiscuous mode [ 158.609442][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 158.621381][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 158.658950][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 158.689100][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 158.689783][ T5747] loop1: detected capacity change from 0 to 4096 [ 158.731015][ T5511] device veth1_macvtap entered promiscuous mode [ 158.758189][ T5747] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 158.767857][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 158.810718][ T5511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.848522][ T5511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.848545][ T5511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.848560][ T5511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.848574][ T5511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.848584][ T5511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.848597][ T5511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.848609][ T5511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.850262][ T5511] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 158.850778][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 158.851488][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 158.888373][ T5511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 158.888399][ T5511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.888411][ T5511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 158.888424][ T5511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.888436][ T5511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 158.888449][ T5511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.888460][ T5511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 158.888472][ T5511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.889861][ T5511] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 158.890066][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 158.890728][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 158.905827][ T5511] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.905865][ T5511] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.905891][ T5511] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.905918][ T5511] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.049686][ T5760] loop4: detected capacity change from 0 to 4096 [ 159.113723][ T3579] Bluetooth: hci3: command tx timeout [ 159.707006][ T3662] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.707066][ T3662] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.767722][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 159.832932][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.832997][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.843963][ T3289] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 160.142647][ T41] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 160.351720][ T5797] mmap: syz-executor.0 (5797) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 160.502729][ T41] usb 2-1: Using ep0 maxpacket: 8 [ 160.622738][ T41] usb 2-1: config 0 has no interfaces? [ 160.890559][ T5827] loop2: detected capacity change from 0 to 4096 [ 160.939554][ T41] usb 2-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 160.949614][ T41] usb 2-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 160.957711][ T41] usb 2-1: Product: syz [ 160.961920][ T41] usb 2-1: Manufacturer: syz [ 160.966659][ T41] usb 2-1: SerialNumber: syz [ 160.973723][ T41] usb 2-1: config 0 descriptor?? [ 161.788410][ T4202] usb 2-1: USB disconnect, device number 3 [ 162.548526][ T5884] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 163.001612][ T5887] loop3: detected capacity change from 0 to 4096 [ 164.773943][ T5957] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.2'. [ 165.196077][ T5971] kvm: pic: non byte read [ 166.642982][ T3616] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 166.720639][ T5961] loop1: detected capacity change from 0 to 32768 [ 166.836041][ T5961] XFS (loop1): Mounting V5 Filesystem [ 166.892481][ T3616] usb 3-1: Using ep0 maxpacket: 8 [ 166.936623][ T6022] 8021q: VLANs not supported on lo [ 166.995973][ T6022] loop4: detected capacity change from 0 to 512 [ 166.996899][ T6021] kvm: pic: non byte read [ 167.008306][ T5961] XFS (loop1): Ending clean mount [ 167.022980][ T6022] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 167.048063][ T3616] usb 3-1: config 0 has no interfaces? [ 167.098189][ T6022] EXT4-fs (loop4): 1 truncate cleaned up [ 167.106770][ T6022] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 167.140775][ T4898] XFS (loop1): Unmounting Filesystem [ 167.174674][ T4055] EXT4-fs (loop4): unmounting filesystem. [ 167.186040][ T6031] loop3: detected capacity change from 0 to 256 [ 167.246419][ T3616] usb 3-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 167.264733][ T3616] usb 3-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 167.273595][ T3616] usb 3-1: Product: syz [ 167.278437][ T3616] usb 3-1: Manufacturer: syz [ 167.283328][ T3616] usb 3-1: SerialNumber: syz [ 167.290613][ T3616] usb 3-1: config 0 descriptor?? [ 167.304842][ T6031] FAT-fs (loop3): Directory bread(block 64) failed [ 167.311540][ T6031] FAT-fs (loop3): Directory bread(block 65) failed [ 167.333846][ T6031] FAT-fs (loop3): Directory bread(block 66) failed [ 167.370594][ T6031] FAT-fs (loop3): Directory bread(block 67) failed [ 167.383655][ T6031] FAT-fs (loop3): Directory bread(block 68) failed [ 167.390228][ T6031] FAT-fs (loop3): Directory bread(block 69) failed [ 167.508705][ T6031] FAT-fs (loop3): Directory bread(block 70) failed [ 167.525599][ T6031] FAT-fs (loop3): Directory bread(block 71) failed [ 167.549708][ T6031] FAT-fs (loop3): Directory bread(block 72) failed [ 167.606254][ T6031] FAT-fs (loop3): Directory bread(block 73) failed [ 168.436822][ T6031] syz-executor.3: attempt to access beyond end of device [ 168.436822][ T6031] loop3: rw=524288, sector=1192, nr_sectors = 4 limit=256 [ 168.455019][ T6031] syz-executor.3: attempt to access beyond end of device [ 168.455019][ T6031] loop3: rw=0, sector=1192, nr_sectors = 4 limit=256 [ 168.477759][ T26] kauditd_printk_skb: 20 callbacks suppressed [ 168.477775][ T26] audit: type=1800 audit(1718673201.915:57): pid=6031 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="file1" dev="loop3" ino=1048617 res=0 errno=0 [ 168.546159][ T3289] usb 3-1: USB disconnect, device number 3 [ 168.625209][ T6059] 8021q: VLANs not supported on lo [ 168.644572][ T6059] loop1: detected capacity change from 0 to 512 [ 168.664604][ T6059] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 168.726341][ T6059] EXT4-fs (loop1): 1 truncate cleaned up [ 168.739384][ T6059] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 168.787549][ T4898] EXT4-fs (loop1): unmounting filesystem. [ 168.797603][ T6071] loop3: detected capacity change from 0 to 2048 [ 168.849093][ T26] audit: type=1326 audit(1718673202.285:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6076 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc58a27cf29 code=0x0 [ 168.851459][ T6071] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 169.139910][ T6093] loop2: detected capacity change from 0 to 256 [ 169.154518][ T5511] EXT4-fs (loop3): unmounting filesystem. [ 169.174804][ T6093] FAT-fs (loop2): Directory bread(block 64) failed [ 169.181599][ T6093] FAT-fs (loop2): Directory bread(block 65) failed [ 169.188975][ T6093] FAT-fs (loop2): Directory bread(block 66) failed [ 169.243815][ T6093] FAT-fs (loop2): Directory bread(block 67) failed [ 169.277116][ T6096] hub 9-0:1.0: USB hub found [ 169.282556][ T6096] hub 9-0:1.0: 8 ports detected [ 169.600419][ T6093] FAT-fs (loop2): Directory bread(block 68) failed [ 169.827160][ T6093] FAT-fs (loop2): Directory bread(block 69) failed [ 169.880257][ T6093] FAT-fs (loop2): Directory bread(block 70) failed [ 169.912729][ T6093] FAT-fs (loop2): Directory bread(block 71) failed [ 169.953934][ T6093] FAT-fs (loop2): Directory bread(block 72) failed [ 169.977928][ T6093] FAT-fs (loop2): Directory bread(block 73) failed [ 170.076499][ T6093] syz-executor.2: attempt to access beyond end of device [ 170.076499][ T6093] loop2: rw=524288, sector=1192, nr_sectors = 4 limit=256 [ 170.146519][ T6093] syz-executor.2: attempt to access beyond end of device [ 170.146519][ T6093] loop2: rw=0, sector=1192, nr_sectors = 4 limit=256 [ 170.211656][ T26] audit: type=1800 audit(1718673203.645:59): pid=6093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="file1" dev="loop2" ino=1048618 res=0 errno=0 [ 170.232130][ C0] vkms_vblank_simulate: vblank timer overrun [ 170.525113][ T6114] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 170.604864][ T6102] loop1: detected capacity change from 0 to 32768 [ 170.614209][ T6102] BTRFS: device fsid 17bca515-437c-4bbd-9eb0-5eb74df1971f devid 1 transid 8 /dev/loop1 scanned by syz-executor.1 (6102) [ 170.639126][ T6102] BTRFS info (device loop1): first mount of filesystem 17bca515-437c-4bbd-9eb0-5eb74df1971f [ 170.659947][ T6102] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 170.672252][ T6102] BTRFS info (device loop1): using free space tree [ 170.799281][ T6102] BTRFS info (device loop1): enabling ssd optimizations [ 170.872768][ T3611] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 170.955602][ T26] audit: type=1804 audit(1718673204.395:60): pid=6143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3041318717/syzkaller.mtya8C/51/file0/file1" dev="loop1" ino=260 res=1 errno=0 [ 170.981289][ C0] vkms_vblank_simulate: vblank timer overrun [ 171.111496][ T4898] BTRFS info (device loop1): last unmount of filesystem 17bca515-437c-4bbd-9eb0-5eb74df1971f [ 171.132518][ T3611] usb 3-1: Using ep0 maxpacket: 8 [ 171.262709][ T3611] usb 3-1: config 0 has no interfaces? [ 171.300906][ T6142] loop3: detected capacity change from 0 to 32768 [ 171.312509][ T6142] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz-executor.3 (6142) [ 171.328743][ T6142] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 171.355794][ T6142] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 171.366634][ T6142] BTRFS info (device loop3): metadata ratio 2 [ 171.430661][ T6142] BTRFS info (device loop3): force zlib compression, level 3 [ 171.443024][ T3611] usb 3-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 171.462509][ T3611] usb 3-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 171.497904][ T3611] usb 3-1: Product: syz [ 171.501625][ T6142] BTRFS info (device loop3): use zlib compression, level 3 [ 171.509467][ T6142] BTRFS info (device loop3): enabling auto defrag [ 171.509466][ T3611] usb 3-1: Manufacturer: syz [ 171.509489][ T3611] usb 3-1: SerialNumber: syz [ 171.516748][ T6142] BTRFS info (device loop3): max_inline at 0 [ 171.532602][ T6142] BTRFS info (device loop3): using free space tree [ 171.566612][ T3611] usb 3-1: config 0 descriptor?? [ 171.738899][ T6142] BTRFS info (device loop3): enabling ssd optimizations [ 171.784733][ T26] audit: type=1800 audit(1718673205.225:61): pid=6142 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=263 res=0 errno=0 [ 171.874299][ T26] audit: type=1804 audit(1718673205.315:62): pid=6182 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3576441629/syzkaller.BCO9gq/25/file1/file0/bus" dev="loop3" ino=264 res=1 errno=0 [ 172.000408][ T3635] usb 3-1: USB disconnect, device number 4 [ 172.028410][ T6187] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 172.031893][ T6150] loop4: detected capacity change from 0 to 32768 [ 172.056556][ T6150] XFS (loop4): Mounting V5 Filesystem [ 172.141288][ T5511] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 172.180747][ T6150] XFS (loop4): Ending clean mount [ 173.410357][ T6216] netlink: 'syz-executor.1': attribute type 8 has an invalid length. [ 173.422993][ T6216] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 173.431198][ T6216] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.1'. [ 173.432145][ T4055] XFS (loop4): Unmounting Filesystem [ 173.684099][ T26] audit: type=1326 audit(1718673207.125:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6231 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffafce7cf29 code=0x0 [ 174.319872][ T6246] hub 9-0:1.0: USB hub found [ 174.326137][ T6246] hub 9-0:1.0: 8 ports detected [ 175.922042][ T3579] Bluetooth: hci1: command 0x0406 tx timeout [ 176.033853][ T6271] loop2: detected capacity change from 0 to 128 [ 176.043742][ T6271] FAT-fs (loop2): Unrecognized mount option "º£úˆ†Ÿ@Íî-" or missing value [ 176.127526][ T6271] input: syz0 as /devices/virtual/input/input9 [ 176.232077][ T6277] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 176.516778][ T26] audit: type=1326 audit(1718673209.955:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6284 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5c6627cf29 code=0x0 [ 176.897317][ T6295] hub 9-0:1.0: USB hub found [ 176.902749][ T6295] hub 9-0:1.0: 8 ports detected [ 177.535979][ T6296] : renamed from bond0 [ 177.738192][ T6306] loop3: detected capacity change from 0 to 128 [ 177.802562][ T6306] FAT-fs (loop3): Unrecognized mount option "º£úˆ†Ÿ@Íî-" or missing value [ 177.835136][ T6310] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 177.894920][ T6306] input: syz0 as /devices/virtual/input/input10 [ 177.906170][ T6310] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 178.229461][ T6298] loop2: detected capacity change from 0 to 32768 [ 178.250202][ T6298] XFS: ikeep mount option is deprecated. [ 178.321826][ T6298] XFS: ikeep mount option is deprecated. [ 178.457880][ T6328] : renamed from bond0 [ 178.611615][ T6298] XFS (loop2): Mounting V5 Filesystem [ 178.757818][ T6298] XFS (loop2): Ending clean mount [ 178.815065][ T6298] XFS (loop2): Quotacheck needed: Please wait. [ 178.865166][ T6298] XFS (loop2): Quotacheck: Done. [ 179.023274][ T6361] loop4: detected capacity change from 0 to 128 [ 179.143768][ T6361] FAT-fs (loop4): Unrecognized mount option "º£úˆ†Ÿ@Íî-" or missing value [ 179.600442][ T4793] XFS (loop2): Unmounting Filesystem [ 179.903446][ T6361] input: syz0 as /devices/virtual/input/input11 [ 179.932949][ T6367] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 180.268021][ T6374] : renamed from bond0 [ 181.245208][ T26] audit: type=1326 audit(1718673214.685:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6394 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f205367cf29 code=0x0 [ 181.425110][ T6404] devpts: called with bogus options [ 181.447358][ T26] audit: type=1326 audit(1718673214.885:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6405 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5c6627cf29 code=0x0 [ 181.589489][ T6411] : renamed from bond0 [ 181.904632][ T6421] hub 9-0:1.0: USB hub found [ 181.910890][ T6421] hub 9-0:1.0: 8 ports detected [ 182.693510][ T6427] ALSA: mixer_oss: invalid OSS volume 'u' [ 183.245316][ T6420] loop1: detected capacity change from 0 to 32768 [ 183.308447][ T26] audit: type=1800 audit(1718673216.745:67): pid=6415 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1966 res=0 errno=0 [ 183.348293][ T6425] loop2: detected capacity change from 0 to 32768 [ 183.408444][ T26] audit: type=1804 audit(1718673216.745:68): pid=6415 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1039268468/syzkaller.B63Rur/268/bus" dev="sda1" ino=1966 res=1 errno=0 [ 183.446012][ T6420] XFS (loop1): Mounting V5 Filesystem [ 183.461297][ T6425] XFS (loop2): Mounting V5 Filesystem [ 183.522600][ T6425] XFS (loop2): Ending clean mount [ 183.584908][ T6420] XFS (loop1): Ending clean mount [ 183.639102][ T6466] loop3: detected capacity change from 0 to 512 [ 183.659297][ T6420] XFS (loop1): Quotacheck needed: Please wait. [ 183.717765][ T4793] XFS (loop2): Unmounting Filesystem [ 183.728123][ T6466] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 183.754007][ T6420] XFS (loop1): Quotacheck: Done. [ 183.830524][ T26] audit: type=1800 audit(1718673217.265:69): pid=6420 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=9291 res=0 errno=0 [ 183.909535][ T26] audit: type=1804 audit(1718673217.325:70): pid=6420 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3041318717/syzkaller.mtya8C/71/file0/bus" dev="loop1" ino=9291 res=1 errno=0 [ 184.046987][ T5511] EXT4-fs (loop3): unmounting filesystem. [ 184.471286][ T6486] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 184.681992][ T6492] devpts: called with bogus options [ 184.750115][ T6477] loop3: detected capacity change from 0 to 32768 [ 184.860165][ T6494] loop4: detected capacity change from 0 to 4096 [ 184.898022][ T6494] ntfs: (device loop4): map_mft_record_page(): Mft record 0xa is corrupt. Run chkdsk. [ 184.917886][ T6494] ntfs: (device loop4): map_mft_record(): Failed with error code 5. [ 184.929422][ T6494] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 185.046866][ T4898] XFS (loop1): Unmounting Filesystem [ 185.069870][ T6494] ntfs: (device loop4): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 186.008449][ T6504] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 186.021577][ T6503] nbd: must specify an index to disconnect [ 186.294356][ T6516] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 186.328318][ T6516] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 186.340094][ T6520] loop2: detected capacity change from 0 to 164 [ 186.379579][ T6516] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 186.389540][ T6516] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 186.398391][ T6516] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 186.406763][ T6522] loop1: detected capacity change from 0 to 4096 [ 186.407170][ T6516] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 186.440699][ T6522] __ntfs_error: 5 callbacks suppressed [ 186.440716][ T6522] ntfs: (device loop1): parse_ntfs_boot_sector(): Mft record size (65536) exceeds the PAGE_SIZE on your system (4096). This is not supported. Sorry. [ 186.465996][ T6516] device vxlan0 entered promiscuous mode [ 186.481768][ T6522] ntfs: (device loop1): ntfs_fill_super(): Unsupported NTFS filesystem. [ 186.500071][ T26] audit: type=1326 audit(1718673219.935:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6523 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc58a27cf29 code=0x0 [ 186.827216][ T6538] nbd: must specify an index to disconnect [ 187.209648][ T6539] loop1: detected capacity change from 0 to 32768 [ 187.295628][ T6539] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz-executor.1 (6539) [ 188.188905][ T6539] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 188.227626][ T6539] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 188.259313][ T6539] BTRFS info (device loop1): using free space tree [ 188.317712][ T6556] hugetlbfs: syz-executor.0 (6556): Using mlock ulimits for SHM_HUGETLB is obsolete [ 188.576546][ T6539] BTRFS info (device loop1): enabling ssd optimizations [ 188.677341][ T4898] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 188.851600][ T6558] loop2: detected capacity change from 0 to 32768 [ 188.878223][ T6558] BTRFS: device fsid 17bca515-437c-4bbd-9eb0-5eb74df1971f devid 1 transid 8 /dev/loop2 scanned by syz-executor.2 (6558) [ 188.987810][ T6558] BTRFS info (device loop2): first mount of filesystem 17bca515-437c-4bbd-9eb0-5eb74df1971f [ 189.014602][ T6558] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 189.041658][ T6558] BTRFS info (device loop2): using free space tree [ 189.793032][ T6558] BTRFS info (device loop2): enabling ssd optimizations [ 189.926831][ T26] audit: type=1804 audit(1718673223.365:72): pid=6558 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1636883282/syzkaller.7n2lnt/102/file0/file1" dev="loop2" ino=260 res=1 errno=0 [ 189.985453][ T4793] BTRFS info (device loop2): last unmount of filesystem 17bca515-437c-4bbd-9eb0-5eb74df1971f [ 190.049619][ T6627] loop4: detected capacity change from 0 to 4096 [ 190.099747][ T6627] ntfs3: loop4: Different NTFS' sector size (2048) and media sector size (512) [ 190.175422][ T6627] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 190.351543][ T6637] loop2: detected capacity change from 0 to 1764 [ 190.408090][ T6638] ntfs3: loop4: ino=1e, "file1" attr_set_size [ 190.823737][ T4055] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22. [ 191.188768][ T6661] loop3: detected capacity change from 0 to 256 [ 191.957154][ T6645] loop1: detected capacity change from 0 to 32768 [ 193.474372][ T6712] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 193.590117][ T6691] loop2: detected capacity change from 0 to 32768 [ 193.605104][ T6691] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz-executor.2 (6691) [ 193.645798][ T6691] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 193.659279][ T6691] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 193.675587][ T6691] BTRFS info (device loop2): using free space tree [ 193.685852][ T6719] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 193.910150][ T6691] BTRFS info (device loop2): enabling ssd optimizations [ 194.038485][ T4793] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 194.165761][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.172176][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.321222][ T6759] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 194.695379][ T6771] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.914446][ T6786] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 195.167766][ T6802] netlink: 116 bytes leftover after parsing attributes in process `syz-executor.1'. [ 195.929885][ T6828] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 195.983078][ T6789] loop4: detected capacity change from 0 to 40427 [ 196.005889][ T6789] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 196.030656][ T6789] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 196.068331][ T6789] F2FS-fs (loop4): invalid crc value [ 196.124537][ T6789] F2FS-fs (loop4): Found nat_bits in checkpoint [ 196.209576][ T6841] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 196.260297][ T6789] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 196.275575][ T6789] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 196.486869][ T6856] loop2: detected capacity change from 0 to 256 [ 196.499279][ T6856] exfat: Unknown parameter 'umk' [ 197.566788][ T6866] loop3: detected capacity change from 0 to 256 [ 197.708492][ T6853] loop1: detected capacity change from 0 to 32768 [ 197.737695][ T4040] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.878199][ T6875] loop4: detected capacity change from 0 to 256 [ 199.437509][ T6872] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 199.728002][ T4040] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.976775][ T26] audit: type=1326 audit(1718673233.415:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6882 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f205367cf29 code=0x0 [ 200.001394][ T4040] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.257981][ T3582] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 200.272248][ T4040] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.285649][ T3582] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 200.294983][ T3582] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 200.308213][ T3582] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 200.422559][ T6890] hub 9-0:1.0: USB hub found [ 200.428487][ T6890] hub 9-0:1.0: 8 ports detected [ 200.739435][ T3573] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 200.749592][ T3582] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 201.188105][ T6896] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 201.255675][ T6898] loop1: detected capacity change from 0 to 256 [ 201.277694][ T6898] exfat: Unknown parameter 'umk' [ 201.473428][ T6901] loop4: detected capacity change from 0 to 1764 [ 201.682039][ T6901] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 202.010050][ T6905] loop3: detected capacity change from 0 to 2048 [ 202.055158][ T6906] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 202.316042][ T6888] chnl_net:caif_netlink_parms(): no params data found [ 202.499084][ T6921] loop4: detected capacity change from 0 to 256 [ 202.612822][ T6888] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.620746][ T6888] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.687745][ T6888] device bridge_slave_0 entered promiscuous mode [ 202.758026][ T6888] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.775740][ T6888] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.798304][ T6888] device bridge_slave_1 entered promiscuous mode [ 202.892526][ T6921] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 202.959379][ T3582] Bluetooth: hci4: command tx timeout [ 202.983626][ T6888] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 203.037409][ T6888] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 203.243902][ T6919] loop3: detected capacity change from 0 to 40427 [ 203.261768][ T6888] team0: Port device team_slave_0 added [ 203.266496][ T6919] F2FS-fs (loop3): invalid crc value [ 203.272426][ T6888] team0: Port device team_slave_1 added [ 203.285939][ T3579] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 203.297226][ T6919] F2FS-fs (loop3): Found nat_bits in checkpoint [ 203.297750][ T3579] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 203.940807][ T6919] F2FS-fs (loop3): Cannot turn on quotas: -2 on 1 [ 204.001926][ T3579] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 204.009565][ T6919] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 204.015291][ T3579] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 204.028205][ T6888] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 204.035438][ T6888] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 204.064568][ T6888] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 204.077240][ T6888] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 204.084371][ T6888] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 204.118753][ T3579] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 204.129989][ T3579] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 204.180935][ T6888] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 204.245081][ T26] audit: type=1800 audit(1718673237.685:74): pid=6941 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=10 res=0 errno=0 [ 204.929049][ T6919] syz-executor.3 (6919): drop_caches: 2 [ 205.103008][ T3582] Bluetooth: hci4: command tx timeout [ 205.210771][ T5511] syz-executor.3: attempt to access beyond end of device [ 205.210771][ T5511] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 205.230639][ T6945] loop4: detected capacity change from 0 to 2048 [ 205.262035][ T6888] device hsr_slave_0 entered promiscuous mode [ 205.282683][ T6888] device hsr_slave_1 entered promiscuous mode [ 205.299519][ T6948] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 205.314136][ T6888] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 205.323869][ T6888] Cannot create hsr debugfs directory [ 205.417662][ T4040] device hsr_slave_0 left promiscuous mode [ 205.454148][ T4040] device hsr_slave_1 left promiscuous mode [ 205.464470][ T4040] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 205.482546][ T4040] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 205.511412][ T4040] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 205.553172][ T4040] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 205.573137][ T4040] device bridge_slave_1 left promiscuous mode [ 205.577903][ T6954] loop4: detected capacity change from 0 to 512 [ 205.579553][ T4040] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.603822][ T4040] device bridge_slave_0 left promiscuous mode [ 205.610139][ T4040] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.636671][ T4040] device veth1_macvtap left promiscuous mode [ 205.645313][ T4040] device veth0_macvtap left promiscuous mode [ 205.651675][ T4040] device veth1_vlan left promiscuous mode [ 205.651941][ T6954] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 205.658609][ T4040] device veth0_vlan left promiscuous mode [ 205.674159][ T6954] ext4 filesystem being mounted at /root/syzkaller-testdir1153053038/syzkaller.LgN5MR/224/file0 supports timestamps until 2038 (0x7fffffff) [ 206.234574][ T3579] Bluetooth: hci2: command tx timeout [ 206.586129][ T4055] EXT4-fs (loop4): unmounting filesystem. [ 206.645640][ T6960] loop3: detected capacity change from 0 to 40427 [ 206.659281][ T6960] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 206.682492][ T6960] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 206.707386][ T6960] F2FS-fs (loop3): Found nat_bits in checkpoint [ 206.745163][ T6960] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 206.761669][ T4040] team0 (unregistering): Port device team_slave_1 removed [ 206.777804][ T4040] team0 (unregistering): Port device team_slave_0 removed [ 206.785704][ T6960] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 206.794347][ T6960] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 206.809969][ T4040] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 206.829355][ T4040] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 206.833638][ T6960] syz-executor.3: attempt to access beyond end of device [ 206.833638][ T6960] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 206.954941][ T4040] bond0 (unregistering): Released all slaves [ 207.112411][ T3579] Bluetooth: hci4: command tx timeout [ 207.526313][ T6929] chnl_net:caif_netlink_parms(): no params data found [ 207.694326][ T6929] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.701802][ T6929] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.747271][ T6929] device bridge_slave_0 entered promiscuous mode [ 207.784948][ T6929] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.814018][ T6929] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.829053][ T6929] device bridge_slave_1 entered promiscuous mode [ 207.904238][ T3579] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 207.917922][ T3579] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 207.927723][ T3579] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 207.939518][ T3579] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 207.948393][ T3579] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 207.956817][ T3579] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 208.029809][ T6929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.147078][ T6929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.299756][ T6929] team0: Port device team_slave_0 added [ 208.312634][ T3579] Bluetooth: hci2: command tx timeout [ 208.362040][ T6929] team0: Port device team_slave_1 added [ 208.381148][ T6888] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 208.406899][ T6997] loop3: detected capacity change from 0 to 512 [ 208.465281][ T6888] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 208.473111][ T6997] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor.3: bg 0: block 393: padding at end of block bitmap is not set [ 208.509594][ T6997] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6173: Corrupt filesystem [ 208.535237][ T6997] EXT4-fs (loop3): 2 truncates cleaned up [ 208.551752][ T6888] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 208.571514][ T6997] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 208.588255][ T6888] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 208.651610][ T6997] EXT4-fs error (device loop3): ext4_find_dest_de:2112: inode #12: block 7: comm syz-executor.3: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4278190093, rec_len=255, size=56 fake=0 [ 208.699463][ T6929] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.718095][ T6929] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.775245][ T6929] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.804227][ T6929] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.811736][ T6929] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.858832][ T6929] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.950268][ T5511] EXT4-fs (loop3): unmounting filesystem. [ 208.997796][ T6929] device hsr_slave_0 entered promiscuous mode [ 209.035925][ T6929] device hsr_slave_1 entered promiscuous mode [ 209.192506][ T3579] Bluetooth: hci4: command tx timeout [ 209.280032][ T6992] chnl_net:caif_netlink_parms(): no params data found [ 210.002493][ T3579] Bluetooth: hci0: command tx timeout [ 210.234538][ T6992] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.241995][ T6992] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.259838][ T6992] device bridge_slave_0 entered promiscuous mode [ 210.278983][ T6992] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.287809][ T6992] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.296244][ T6992] device bridge_slave_1 entered promiscuous mode [ 210.336556][ T6888] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.392473][ T3579] Bluetooth: hci2: command tx timeout [ 210.416684][ T6888] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.435897][ T6992] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 210.442464][ T41] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 210.469219][ T6755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.484177][ T6755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.538835][ T6929] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.574512][ T6992] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 210.599400][ T6755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.609645][ T6755] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.619935][ T6755] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.627151][ T6755] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.687852][ T6929] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.703967][ T26] audit: type=1326 audit(1718673244.145:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7029 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc58a27cf29 code=0x0 [ 210.739881][ T6593] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.748660][ T6593] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.758916][ T6593] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.768251][ T6593] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.776845][ T6593] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.785066][ T6593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.794249][ T6593] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.803284][ T6593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.817599][ T6593] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.828849][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 210.868849][ T6992] team0: Port device team_slave_0 added [ 210.903641][ T6992] team0: Port device team_slave_1 added [ 211.023259][ T41] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 211.034652][ T41] usb 4-1: New USB device found, idVendor=0421, idProduct=026c, bcdDevice=1f.2f [ 211.053284][ T41] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.079292][ T41] usb 4-1: config 0 descriptor?? [ 211.179698][ T7033] hub 9-0:1.0: USB hub found [ 211.185859][ T7033] hub 9-0:1.0: 8 ports detected [ 211.691789][ T6929] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.726966][ T41] usb 4-1: bad CDC descriptors [ 211.741537][ T41] usb 4-1: bad CDC descriptors [ 211.754171][ T41] usb 4-1: USB disconnect, device number 2 [ 211.800000][ T6992] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 211.807514][ T6992] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.834144][ T6992] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 211.851589][ T6992] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 211.859889][ T6992] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.887762][ T6992] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 212.025209][ T6217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.039551][ T6217] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 212.048493][ T6217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 212.057339][ T6217] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 212.066065][ T6217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 212.074073][ T3579] Bluetooth: hci0: command tx timeout [ 212.082144][ T6217] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 212.431684][ T6929] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.484146][ T3579] Bluetooth: hci2: command tx timeout [ 212.595540][ T6888] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 212.869819][ T4040] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 212.880928][ T4040] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.957445][ T4040] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 212.968839][ T4040] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.004054][ T6992] device hsr_slave_0 entered promiscuous mode [ 213.019540][ T6992] device hsr_slave_1 entered promiscuous mode [ 213.030328][ T6992] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 213.046232][ T6992] Cannot create hsr debugfs directory [ 213.127723][ T4040] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 213.139741][ T4040] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.191063][ T6888] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.262127][ T6217] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 213.278200][ T6217] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 213.290196][ T6217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 213.316642][ T6217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 213.357116][ T4040] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 213.367950][ T4040] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.107569][ T6888] device veth0_vlan entered promiscuous mode [ 214.145553][ T6217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 214.153496][ T3579] Bluetooth: hci0: command tx timeout [ 214.163709][ T6217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 214.205311][ T6929] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 214.220804][ T6929] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 214.234770][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 214.250893][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 214.267026][ T6929] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 214.316115][ T6888] device veth1_vlan entered promiscuous mode [ 214.331959][ T6929] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 214.475917][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 214.498300][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 214.530904][ T6888] device veth0_macvtap entered promiscuous mode [ 214.562620][ T3579] Bluetooth: hci2: command tx timeout [ 214.596617][ T6888] device veth1_macvtap entered promiscuous mode [ 214.705880][ T6888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 214.744768][ T6888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.768037][ T6888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 214.779401][ T6888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.789839][ T7068] fscrypt: AES-128-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 214.798819][ T6888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 214.819588][ T6888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.849975][ T6888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 214.867339][ T6888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.903534][ T6888] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 214.934682][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 214.944330][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 214.962791][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 214.971783][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 215.056601][ T6888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 215.070500][ T6888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.080767][ T6888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 215.091576][ T6888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.103405][ T6888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 215.105254][ T26] audit: type=1326 audit(1718673248.545:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7091 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc58a27cf29 code=0x0 [ 215.122731][ T6888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.146878][ T6888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 215.157852][ T6888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.169766][ T6888] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 215.179416][ T7093] netlink: 766 bytes leftover after parsing attributes in process `syz-executor.0'. [ 215.208459][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 215.222697][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 215.242868][ T7093] fuse: Unknown parameter '0x0000000000000009' [ 215.253802][ T7070] fscrypt: AES-128-CBC-ESSIV using implementation "essiv(cbc-aes-aesni,sha256-avx2)" [ 215.324404][ T6888] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.335975][ T6888] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.349115][ T6888] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.358573][ T6888] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.375477][ T6929] 8021q: adding VLAN 0 to HW filter on device bond0 [ 215.420566][ T6152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 215.429976][ T6152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 215.441475][ T6929] 8021q: adding VLAN 0 to HW filter on device team0 [ 215.474330][ T6755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 215.487820][ T6755] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 215.496813][ T6755] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.504014][ T6755] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.524713][ T3635] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 215.563620][ T6152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 215.583811][ T6152] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 215.594461][ T6152] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.601603][ T6152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.658071][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 215.668783][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 215.689383][ T3635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 215.702588][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.702648][ T3635] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 215.719017][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.720275][ T3635] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 215.757237][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 215.771321][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 215.781226][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 215.903584][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 215.933123][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 215.990912][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 215.999910][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 216.011367][ T6929] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 216.021700][ T3830] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 216.026062][ T6992] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 216.048248][ T3830] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 216.071363][ T6992] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 216.084851][ T6992] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 216.096057][ T6992] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 216.170812][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 216.233496][ T3579] Bluetooth: hci0: command tx timeout [ 217.113973][ T6992] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.173299][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 217.181312][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 217.271735][ T6992] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.320978][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 217.343257][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 217.362761][ T3615] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.371756][ T3615] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.442029][ T6929] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.466362][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 217.484869][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 217.500592][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 217.512484][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.519615][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.535778][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 217.549314][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 217.557568][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 217.570547][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 217.587645][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 217.612108][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 217.629515][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 217.640017][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 217.699565][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 217.713441][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 217.729257][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 217.738163][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 217.747756][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 217.773901][ T6992] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 217.813089][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 217.833721][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 217.848691][ T7121] loop3: detected capacity change from 0 to 40427 [ 217.851631][ T7135] netlink: 766 bytes leftover after parsing attributes in process `syz-executor.2'. [ 217.870580][ T7121] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 217.879477][ T26] audit: type=1326 audit(1718673251.315:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7134 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcf4027cf29 code=0x0 [ 217.884475][ T7121] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 217.939286][ T6929] device veth0_vlan entered promiscuous mode [ 217.953092][ T7121] F2FS-fs (loop3): Found nat_bits in checkpoint [ 217.975087][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 217.991748][ T7141] loop2: detected capacity change from 0 to 256 [ 217.994997][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 218.047379][ T7121] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 218.093945][ T4040] device hsr_slave_0 left promiscuous mode [ 218.104250][ T7141] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x4f8593fa, utbl_chksum : 0xe619d30d) [ 218.116824][ T7141] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 0) [ 218.125486][ T4040] device hsr_slave_1 left promiscuous mode [ 218.129254][ T7121] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 218.131942][ T7141] exFAT-fs (loop2): failed to load alloc-bitmap [ 218.147345][ T4040] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 218.159264][ T7121] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 218.159399][ T4040] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 218.181765][ T7141] exFAT-fs (loop2): failed to recognize exfat type [ 218.212167][ T4040] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 218.220071][ T4040] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 218.229566][ T7121] syz-executor.3: attempt to access beyond end of device [ 218.229566][ T7121] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 218.230806][ T4040] device bridge_slave_1 left promiscuous mode [ 218.250556][ T4040] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.259739][ T4040] device bridge_slave_0 left promiscuous mode [ 218.272669][ T4040] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.316170][ T7141] fuse: Unknown parameter '0x0000000000000008' [ 218.319970][ T3579] Bluetooth: hci0: command tx timeout [ 218.331324][ T4040] device hsr_slave_0 left promiscuous mode [ 218.356376][ T4040] device hsr_slave_1 left promiscuous mode [ 218.365114][ T4040] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 218.391009][ T4040] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 218.459925][ T4040] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 218.467646][ T4040] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 218.507926][ T4040] device bridge_slave_1 left promiscuous mode [ 218.526278][ T4040] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.545584][ T4040] device bridge_slave_0 left promiscuous mode [ 218.563385][ T4040] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.616739][ T4040] device veth1_macvtap left promiscuous mode [ 218.635025][ T4040] device veth0_macvtap left promiscuous mode [ 218.641720][ T4040] device veth1_vlan left promiscuous mode [ 218.662576][ T4040] device veth0_vlan left promiscuous mode [ 218.692253][ T4040] device veth1_macvtap left promiscuous mode [ 218.701999][ T4040] device veth0_macvtap left promiscuous mode [ 218.740088][ T4040] device veth1_vlan left promiscuous mode [ 218.748076][ T4040] device veth0_vlan left promiscuous mode [ 218.824332][ T26] audit: type=1800 audit(1718673252.265:78): pid=7146 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1939 res=0 errno=0 [ 218.866622][ T26] audit: type=1804 audit(1718673252.285:79): pid=7146 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1039268468/syzkaller.B63Rur/337/bus" dev="sda1" ino=1939 res=1 errno=0 [ 220.353941][ T7171] loop3: detected capacity change from 0 to 512 [ 220.381665][ T7171] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters [ 220.425923][ T4040] team0 (unregistering): Port device team_slave_1 removed [ 220.441559][ T7171] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz-executor.3: invalid indirect mapped block 1 (level 1) [ 220.456746][ T4040] team0 (unregistering): Port device team_slave_0 removed [ 220.464537][ T7171] EXT4-fs (loop3): 1 truncate cleaned up [ 220.471517][ T7171] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 220.487158][ T4040]  (unregistering): (slave bond_slave_1): Releasing backup interface [ 220.510463][ T4040]  (unregistering): (slave bond_slave_0): Releasing backup interface [ 220.637572][ T4040]  (unregistering): Released all slaves [ 220.807827][ T4040] team0 (unregistering): Port device team_slave_1 removed [ 220.831237][ T4040] team0 (unregistering): Port device team_slave_0 removed [ 220.850789][ T4040]  (unregistering): (slave bond_slave_1): Releasing backup interface [ 220.873784][ T4040]  (unregistering): (slave bond_slave_0): Releasing backup interface [ 220.961814][ T4040]  (unregistering): Released all slaves [ 221.020865][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 221.029202][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 221.045221][ T6929] device veth1_vlan entered promiscuous mode [ 221.156617][ T6929] device veth0_macvtap entered promiscuous mode [ 221.189891][ T5511] EXT4-fs (loop3): unmounting filesystem. [ 221.210218][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 221.233270][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 221.245060][ T6929] device veth1_macvtap entered promiscuous mode [ 221.271960][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 221.281465][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 221.294569][ T6929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.308245][ T6929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.330059][ T6929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.350435][ T6929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.366981][ T6929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.381816][ T6929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.394135][ T6929] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 221.409041][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 221.419482][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 221.431339][ T6929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.444925][ T6929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.455997][ T6929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.469590][ T6929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.480610][ T6929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.492930][ T6929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.515045][ T6929] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.551154][ T6929] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.582458][ T6929] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.591580][ T6929] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.602466][ T6929] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.618879][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 221.639975][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 222.176273][ T6992] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 222.431848][ T6755] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 222.453395][ T6755] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 222.724388][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 222.724446][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.759041][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 222.770795][ T6880] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 222.770860][ T6880] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.777423][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 223.098802][ T7226] netlink: 766 bytes leftover after parsing attributes in process `syz-executor.3'. [ 223.101394][ T26] audit: type=1326 audit(1718673256.535:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7224 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f889907cf29 code=0x0 [ 223.106464][ T3635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 223.107184][ T3635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 223.165837][ T6992] device veth0_vlan entered promiscuous mode [ 223.189715][ T3635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 223.190508][ T3635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 223.191385][ T3635] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 223.191968][ T3635] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 223.200502][ T6992] device veth1_vlan entered promiscuous mode [ 223.242905][ T7228] loop3: detected capacity change from 0 to 256 [ 223.258441][ T7228] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x4f8593fa, utbl_chksum : 0xe619d30d) [ 223.258729][ T7228] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 0) [ 223.258749][ T7228] exFAT-fs (loop3): failed to load alloc-bitmap [ 223.258809][ T7228] exFAT-fs (loop3): failed to recognize exfat type [ 223.268242][ T3635] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 223.336201][ T7228] fuse: Unknown parameter '0x0000000000000008' [ 223.353559][ T3635] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 223.354298][ T3635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 223.354913][ T3635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 223.369429][ T6992] device veth0_macvtap entered promiscuous mode [ 223.385095][ T6992] device veth1_macvtap entered promiscuous mode [ 223.477980][ T6152] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 223.478933][ T6152] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 223.497493][ T6992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.497519][ T6992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.497532][ T6992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.497544][ T6992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.497556][ T6992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.497569][ T6992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.497579][ T6992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.497592][ T6992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.500944][ T6992] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 223.501123][ T3635] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 223.501947][ T3635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 223.516080][ T6992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.656252][ T6992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.656281][ T6992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.656298][ T6992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.656317][ T6992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.656330][ T6992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.656348][ T6992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.656360][ T6992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.657992][ T6992] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 223.660631][ T3635] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 223.661388][ T3635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 223.666603][ T6992] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.666643][ T6992] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.666669][ T6992] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.666696][ T6992] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.843432][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 223.989572][ T6880] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.011723][ T6880] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.055154][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 224.077313][ T7231] Bluetooth: MGMT ver 1.22 [ 224.123994][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.160277][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 224.373942][ T7245] loop4: detected capacity change from 0 to 2048 [ 224.438230][ T7253] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 224.459152][ T7250] loop2: detected capacity change from 0 to 512 [ 224.513703][ T7250] EXT4-fs: Ignoring removed oldalloc option [ 224.533077][ T7250] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (56219!=33349) [ 224.568828][ T7250] EXT4-fs (loop2): corrupt root inode, run e2fsck [ 224.578110][ T7250] EXT4-fs (loop2): mount failed [ 224.799968][ T7268] netlink: 766 bytes leftover after parsing attributes in process `syz-executor.1'. [ 224.820037][ T26] audit: type=1326 audit(1718673258.255:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f5447cf29 code=0x0 [ 224.927670][ T7272] loop1: detected capacity change from 0 to 256 [ 224.971806][ T7272] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x4f8593fa, utbl_chksum : 0xe619d30d) [ 224.972162][ T7272] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 0) [ 224.972181][ T7272] exFAT-fs (loop1): failed to load alloc-bitmap [ 224.972246][ T7272] exFAT-fs (loop1): failed to recognize exfat type [ 225.064175][ T7272] fuse: Unknown parameter '0x0000000000000008' [ 225.783167][ T7279] loop4: detected capacity change from 0 to 40427 [ 225.793911][ T7279] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 225.793953][ T7279] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 225.839630][ T7279] F2FS-fs (loop4): Found nat_bits in checkpoint [ 225.855455][ T7289] loop3: detected capacity change from 0 to 2048 [ 225.896198][ T7279] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 225.916150][ T7296] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 225.925077][ T7279] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 225.925106][ T7279] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 225.989538][ T7279] syz-executor.4: attempt to access beyond end of device [ 225.989538][ T7279] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 226.487801][ T7314] loop3: detected capacity change from 0 to 256 [ 226.547793][ T7314] exfat: Unknown parameter 'errorsrs' [ 227.431841][ T7359] loop3: detected capacity change from 0 to 256 [ 227.445219][ T7359] exfat: Unknown parameter 'errorsrs' [ 228.086452][ T7383] loop3: detected capacity change from 0 to 1764 [ 228.325980][ T7383] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 229.086225][ T7379] loop2: detected capacity change from 0 to 32768 [ 229.094610][ T7401] loop4: detected capacity change from 0 to 256 [ 229.112951][ T7379] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz-executor.2 (7379) [ 229.153783][ T7379] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 229.172776][ T7379] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 229.199109][ T7379] BTRFS info (device loop2): setting nodatacow, compression disabled [ 229.222489][ T7379] BTRFS info (device loop2): setting datacow [ 229.228947][ T7379] BTRFS info (device loop2): doing ref verification [ 229.241828][ T7379] BTRFS info (device loop2): force clearing of disk cache [ 229.250362][ T7379] BTRFS info (device loop2): turning off barriers [ 229.265624][ T7379] BTRFS info (device loop2): enabling ssd optimizations [ 229.276707][ T7379] BTRFS info (device loop2): using spread ssd allocation scheme [ 229.294410][ T7379] BTRFS info (device loop2): not using ssd optimizations [ 229.307480][ T7379] BTRFS info (device loop2): not using spread ssd allocation scheme [ 229.319460][ T7379] BTRFS info (device loop2): using free space tree [ 229.368349][ T7379] BTRFS info (device loop2): rebuilding free space tree [ 230.188027][ T6888] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 230.765334][ T7454] loop4: detected capacity change from 0 to 64 [ 231.288595][ T7467] loop2: detected capacity change from 0 to 1764 [ 231.524486][ T7467] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 232.510807][ T7480] loop3: detected capacity change from 0 to 256 [ 232.514282][ T7482] loop1: detected capacity change from 0 to 256 [ 232.530851][ T7482] FAT-fs (loop1): Unrecognized mount option "subj_role=dos" or missing value [ 232.559037][ T7480] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 232.687891][ T7482] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 232.754093][ T7489] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 232.761787][ T7489] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 232.770989][ T7489] 8021q: adding VLAN 0 to HW filter on device  [ 233.032910][ T7489] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 234.051589][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 234.085669][ T7486] loop4: detected capacity change from 0 to 32768 [ 234.101059][ T7486] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz-executor.4 (7486) [ 234.139645][ T7486] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 234.150279][ T7486] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 234.171185][ T7486] BTRFS info (device loop4): setting nodatacow, compression disabled [ 234.195807][ T7486] BTRFS info (device loop4): setting datacow [ 234.210873][ T7486] BTRFS info (device loop4): doing ref verification [ 234.218960][ T7486] BTRFS info (device loop4): force clearing of disk cache [ 234.230658][ T7486] BTRFS info (device loop4): turning off barriers [ 234.238494][ T7486] BTRFS info (device loop4): enabling ssd optimizations [ 234.250522][ T7486] BTRFS info (device loop4): using spread ssd allocation scheme [ 234.259602][ T7486] BTRFS info (device loop4): not using ssd optimizations [ 234.273213][ T7486] BTRFS info (device loop4): not using spread ssd allocation scheme [ 234.281427][ T7486] BTRFS info (device loop4): using free space tree [ 234.331937][ T7486] BTRFS info (device loop4): rebuilding free space tree [ 234.476553][ T3615] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 234.481228][ T7537] loop3: detected capacity change from 0 to 256 [ 234.493273][ T6992] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 234.601419][ T7537] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 234.732519][ T3615] usb 3-1: Using ep0 maxpacket: 8 [ 234.852802][ T3615] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 15 [ 234.942395][ T3615] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 235.050294][ T7544] loop1: detected capacity change from 0 to 256 [ 235.083725][ T7547] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 235.132709][ T3615] usb 3-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8 [ 235.149704][ T7549] loop3: detected capacity change from 0 to 64 [ 235.156459][ T3615] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.185581][ T3615] usb 3-1: Product: syz [ 235.206043][ T3615] usb 3-1: Manufacturer: syz [ 235.210804][ T3615] usb 3-1: SerialNumber: syz [ 235.242722][ T3615] usb 3-1: config 0 descriptor?? [ 235.294104][ T3615] powermate: probe of 3-1:0.0 failed with error -5 [ 235.332930][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 235.358369][ T7556] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 235.368062][ T7556] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 235.406510][ T7556] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 235.477607][ T26] audit: type=1800 audit(1718673268.915:82): pid=7563 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1950 res=0 errno=0 [ 235.531511][ T3615] usb 3-1: USB disconnect, device number 5 [ 235.664446][ T7516] syz-executor.0 (7516): drop_caches: 2 [ 235.688780][ T7571] loop3: detected capacity change from 0 to 256 [ 235.710970][ T7571] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 235.934571][ T7576] loop3: detected capacity change from 0 to 256 [ 235.942187][ T7576] FAT-fs (loop3): Unrecognized mount option "subj_role=dos" or missing value [ 235.998908][ T7576] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 236.115714][ T7582] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 236.136593][ T7583] loop3: detected capacity change from 0 to 256 [ 236.240251][ T7585] loop2: detected capacity change from 0 to 64 [ 236.396742][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 236.658287][ T7602] loop4: detected capacity change from 0 to 512 [ 238.307521][ T7602] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 238.352773][ T7602] ext4 filesystem being mounted at /root/syzkaller-testdir2739347676/syzkaller.5FCKYJ/25/file0 supports timestamps until 2038 (0x7fffffff) [ 238.393219][ T7619] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 238.506046][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 238.555395][ T7623] loop1: detected capacity change from 0 to 64 [ 238.582775][ T7621] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 239.437779][ T6992] EXT4-fs (loop4): unmounting filesystem. [ 239.447985][ T7598] loop3: detected capacity change from 0 to 40427 [ 239.601184][ T7642] loop4: detected capacity change from 0 to 1024 [ 239.678826][ T7642] hfsplus: extend alloc file! (8192,512,16777719) [ 241.286310][ T7663] loop2: detected capacity change from 0 to 1764 [ 242.375115][ T7661] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 242.397052][ T7668] loop1: detected capacity change from 0 to 512 [ 242.430676][ T7673] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 242.461121][ T7668] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 242.481937][ T7673] sch_tbf: burst 511 is lower than device veth3 mtu (1514) ! [ 242.548388][ T7668] ext4 filesystem being mounted at /root/syzkaller-testdir2674211576/syzkaller.fT8ugJ/42/file0 supports timestamps until 2038 (0x7fffffff) [ 242.966025][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 243.090367][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 244.398750][ T7688] 8021q: adding VLAN 0 to HW filter on device  [ 244.428492][ T7688] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 244.531472][ T7703] loop4: detected capacity change from 0 to 16 [ 244.550349][ T6929] EXT4-fs (loop1): unmounting filesystem. [ 244.550918][ T7703] erofs: (device loop4): mounted with root inode @ nid 36. [ 245.954970][ T7722] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 246.021286][ T7727] sch_tbf: burst 511 is lower than device veth3 mtu (1514) ! [ 246.209358][ T7738] loop4: detected capacity change from 0 to 64 [ 247.284449][ T7750] loop3: detected capacity change from 0 to 16 [ 247.324923][ T7750] erofs: (device loop3): mounted with root inode @ nid 36. [ 248.955333][ T7781] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 249.030339][ T7781] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 249.892177][ T7789] loop2: detected capacity change from 0 to 256 [ 249.961243][ T7791] loop3: detected capacity change from 0 to 1024 [ 249.985884][ T7789] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001003e, chksum : 0x00424b3e, utbl_chksum : 0xe619d30d) [ 250.018630][ T7791] hfsplus: extend alloc file! (8192,512,16777719) [ 250.106394][ T7795] loop2: detected capacity change from 0 to 256 [ 250.184390][ T7795] exfat: Deprecated parameter 'utf8' [ 250.207904][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 250.225456][ T7799] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 250.244414][ T7795] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 250.286988][ T3635] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 250.644653][ T7813] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 250.644687][ T7813] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 250.688083][ T3635] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 4 [ 250.902842][ T3635] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 250.902877][ T3635] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.902898][ T3635] usb 2-1: Product: syz [ 250.902914][ T3635] usb 2-1: Manufacturer: syz [ 250.902963][ T3635] usb 2-1: SerialNumber: syz [ 250.924107][ T3635] usb 2-1: config 0 descriptor?? [ 250.979716][ T3635] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input12 [ 251.841762][ T3635] usb 2-1: USB disconnect, device number 4 [ 252.027334][ T7815] loop4: detected capacity change from 0 to 32768 [ 252.065530][ T7815] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz-executor.4 (7815) [ 252.159601][ T7828] loop3: detected capacity change from 0 to 16 [ 252.167929][ T7815] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 252.444106][ T7815] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 252.515567][ T7828] erofs: (device loop3): mounted with root inode @ nid 36. [ 252.912511][ T7815] BTRFS info (device loop4): using free space tree [ 252.990280][ T7838] loop1: detected capacity change from 0 to 256 [ 253.053444][ T7838] exfat: Deprecated parameter 'utf8' [ 253.090854][ T7838] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 253.311126][ T7815] BTRFS info (device loop4): enabling ssd optimizations [ 253.400129][ T6992] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 254.989754][ T7874] loop1: detected capacity change from 0 to 256 [ 255.027033][ T7874] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001003e, chksum : 0x00424b3e, utbl_chksum : 0xe619d30d) [ 255.594123][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.600476][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.678235][ T7886] loop2: detected capacity change from 0 to 512 [ 255.769281][ T7886] EXT4-fs (loop2): 1 truncate cleaned up [ 255.817899][ T7886] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 257.258015][ T6888] EXT4-fs (loop2): unmounting filesystem. [ 257.388991][ T7878] loop1: detected capacity change from 0 to 32768 [ 257.424774][ T7904] loop4: detected capacity change from 0 to 256 [ 257.511438][ T7904] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001003e, chksum : 0x00424b3e, utbl_chksum : 0xe619d30d) [ 257.536876][ T7878] XFS (loop1): DAX unsupported by block device. Turning off DAX. [ 257.545600][ T7878] XFS (loop1): Mounting V5 Filesystem [ 257.677068][ T7878] XFS (loop1): Ending clean mount [ 257.690130][ T7878] XFS (loop1): Quotacheck needed: Please wait. [ 257.760213][ T7898] loop0: detected capacity change from 0 to 32768 [ 257.797613][ T7898] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor.0 (7898) [ 257.860618][ T7917] loop4: detected capacity change from 0 to 256 [ 257.865719][ T7898] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 257.907644][ T7878] XFS (loop1): Quotacheck: Done. [ 257.914810][ T7898] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 257.927927][ T7898] BTRFS info (device loop0): using free space tree [ 258.193808][ T26] audit: type=1800 audit(1718673291.625:83): pid=7917 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name=D52323E747303D dev="loop4" ino=1048656 res=0 errno=0 [ 258.506925][ T6929] XFS (loop1): Unmounting Filesystem [ 258.714347][ T7938] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 258.805518][ T7948] loop2: detected capacity change from 0 to 512 [ 258.866815][ T7898] BTRFS info (device loop0): enabling ssd optimizations [ 258.879846][ T7948] EXT4-fs (loop2): 1 truncate cleaned up [ 258.892051][ T7948] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 259.410873][ T3571] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 259.654299][ T7956] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 259.725609][ T7956] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 259.894555][ T7968] device syzkaller1 entered promiscuous mode [ 260.069269][ T6888] EXT4-fs (loop2): unmounting filesystem. [ 260.667887][ T7980] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 261.120281][ T7987] loop1: detected capacity change from 0 to 512 [ 261.295051][ T7962] loop4: detected capacity change from 0 to 32768 [ 262.573931][ T7987] EXT4-fs (loop1): 1 truncate cleaned up [ 262.589986][ T7987] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 262.608349][ T7962] XFS (loop4): Mounting V5 Filesystem [ 262.781344][ T7962] XFS (loop4): Ending clean mount [ 262.832236][ T7962] XFS (loop4): Quotacheck needed: Please wait. [ 262.967300][ T7962] XFS (loop4): Quotacheck: Done. [ 262.999496][ T6929] EXT4-fs (loop1): unmounting filesystem. [ 263.009091][ T6992] XFS (loop4): Unmounting Filesystem [ 263.090456][ T8027] loop1: detected capacity change from 0 to 256 [ 263.130128][ T8027] exfat: Deprecated parameter 'utf8' [ 263.163680][ T8027] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 263.261908][ T8030] loop2: detected capacity change from 0 to 2048 [ 263.327465][ T8030] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 264.224396][ T8038] tc_dump_action: action bad kind [ 265.359803][ T8022] loop3: detected capacity change from 0 to 40427 [ 265.462119][ T8022] F2FS-fs (loop3): Invalid log blocks per segment (4278190089) [ 265.499141][ T8022] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 265.563183][ T8022] F2FS-fs (loop3): invalid crc value [ 265.604217][ T8022] F2FS-fs (loop3): Found nat_bits in checkpoint [ 265.676381][ T8061] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 265.709935][ T8022] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 265.742143][ T8022] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 265.811432][ T5511] syz-executor.3: attempt to access beyond end of device [ 265.811432][ T5511] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 265.915958][ T8078] netlink: 248 bytes leftover after parsing attributes in process `syz-executor.0'. [ 265.948122][ T8078] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 265.966446][ T8082] netlink: 'syz-executor.2': attribute type 11 has an invalid length. [ 265.986126][ T8082] netlink: 140 bytes leftover after parsing attributes in process `syz-executor.2'. [ 267.042440][ T152] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 267.328684][ T8103] tc_dump_action: action bad kind [ 268.102634][ T152] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 268.124850][ T152] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 268.155190][ T152] usb 3-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 268.171164][ T152] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.213836][ T152] usb 3-1: config 0 descriptor?? [ 269.335741][ T8122] loop3: detected capacity change from 0 to 32768 [ 269.349358][ T8122] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz-executor.3 (8122) [ 269.365304][ T152] usbhid 3-1:0.0: can't add hid device: -71 [ 269.371344][ T152] usbhid: probe of 3-1:0.0 failed with error -71 [ 269.382429][ T7] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 269.396325][ T152] usb 3-1: USB disconnect, device number 6 [ 269.493027][ T8143] netlink: 'syz-executor.2': attribute type 11 has an invalid length. [ 269.501572][ T8122] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 269.512058][ T8143] netlink: 140 bytes leftover after parsing attributes in process `syz-executor.2'. [ 269.522747][ T8122] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 269.531635][ T8122] BTRFS info (device loop3): enabling auto defrag [ 269.538502][ T8122] BTRFS info (device loop3): doing ref verification [ 269.557250][ T8122] BTRFS info (device loop3): max_inline at 0 [ 269.568511][ T8122] BTRFS info (device loop3): force clearing of disk cache [ 269.592427][ T8122] BTRFS info (device loop3): turning on sync discard [ 269.600152][ T8122] BTRFS info (device loop3): disabling free space tree [ 269.694506][ T7] usb 2-1: Using ep0 maxpacket: 8 [ 269.780950][ T8122] BTRFS info (device loop3): enabling ssd optimizations [ 269.804770][ T8122] BTRFS info (device loop3): rebuilding free space tree [ 269.812733][ T7] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 269.835668][ T7] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 269.854981][ T7] usb 2-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.00 [ 269.864551][ T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.881512][ T8122] BTRFS info (device loop3): disabling free space tree [ 269.891635][ T8122] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 269.905470][ T7] usb 2-1: config 0 descriptor?? [ 269.910776][ T8122] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 270.046838][ T5511] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 270.062403][ T3611] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 271.142527][ T3611] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 271.158965][ T3611] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 271.170139][ T8183] loop2: detected capacity change from 0 to 40427 [ 271.170310][ T3611] usb 1-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 271.186398][ T3611] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.203151][ T3611] usb 1-1: config 0 descriptor?? [ 271.206721][ T7] lenovo 0003:17EF:60EE.0003: hidraw0: USB HID v0.00 Device [HID 17ef:60ee] on usb-dummy_hcd.1-1/input0 [ 271.210991][ T8183] F2FS-fs (loop2): Invalid log blocks per segment (4278190089) [ 271.227187][ T8183] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 271.244949][ T8183] F2FS-fs (loop2): invalid crc value [ 271.265537][ T8183] F2FS-fs (loop2): Found nat_bits in checkpoint [ 271.406118][ T8183] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 271.418344][ T8183] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 271.419404][ T7] usb 2-1: USB disconnect, device number 5 [ 271.447495][ T8201] netlink: 'syz-executor.3': attribute type 11 has an invalid length. [ 271.467146][ T8201] netlink: 140 bytes leftover after parsing attributes in process `syz-executor.3'. [ 271.501793][ T6888] syz-executor.2: attempt to access beyond end of device [ 271.501793][ T6888] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 271.727351][ T3611] usbhid 1-1:0.0: can't add hid device: -71 [ 271.733571][ T3611] usbhid: probe of 1-1:0.0 failed with error -71 [ 271.742122][ T3611] usb 1-1: USB disconnect, device number 10 [ 272.150945][ T8211] tc_dump_action: action bad kind [ 273.194596][ T3579] Bluetooth: hci3: command 0x0406 tx timeout [ 273.730397][ T4040] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.991466][ T4040] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.090873][ T8214] loop1: detected capacity change from 0 to 32768 [ 274.126162][ T8239] loop2: detected capacity change from 0 to 256 [ 274.137005][ T4040] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.181131][ T8214] XFS (loop1): DAX unsupported by block device. Turning off DAX. [ 274.211706][ T8214] XFS (loop1): Mounting V5 Filesystem [ 274.245415][ T4040] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.300804][ T8214] XFS (loop1): Ending clean mount [ 274.312541][ T6213] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 274.331332][ T8214] XFS (loop1): Quotacheck needed: Please wait. [ 274.423435][ T8214] XFS (loop1): Quotacheck: Done. [ 274.487307][ T3582] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 274.501007][ T3582] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 274.502212][ T6929] XFS (loop1): Unmounting Filesystem [ 274.511089][ T3582] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 274.522066][ T3582] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 274.529771][ T3582] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 274.539849][ T3582] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 274.562443][ T6213] usb 4-1: Using ep0 maxpacket: 8 [ 274.611115][ T8255] loop2: detected capacity change from 0 to 1024 [ 274.674175][ T8255] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (29950!=20869) [ 274.684490][ T6213] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 274.696029][ T6213] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 274.704010][ T8255] EXT4-fs (loop2): invalid journal inode [ 274.705947][ T6213] usb 4-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.00 [ 274.721578][ T6213] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.732694][ T8255] EXT4-fs (loop2): can't get journal size [ 274.733704][ T6213] usb 4-1: config 0 descriptor?? [ 274.789107][ T8255] EXT4-fs error (device loop2): ext4_protect_reserved_inode:182: inode #2: comm syz-executor.2: blocks 48-48 from inode overlap system zone [ 274.822764][ T8255] EXT4-fs (loop2): failed to initialize system zone (-117) [ 274.830778][ T8255] EXT4-fs (loop2): mount failed [ 275.030211][ T8252] chnl_net:caif_netlink_parms(): no params data found [ 275.125791][ T8264] Cannot find add_set index 0 as target [ 275.349963][ T8252] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.368785][ T6213] lenovo 0003:17EF:60EE.0004: hidraw0: USB HID v0.00 Device [HID 17ef:60ee] on usb-dummy_hcd.3-1/input0 [ 275.377138][ T8252] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.487136][ T8252] device bridge_slave_0 entered promiscuous mode [ 275.618297][ T6213] usb 4-1: USB disconnect, device number 3 [ 275.733109][ T8252] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.983530][ T8252] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.991781][ T8252] device bridge_slave_1 entered promiscuous mode [ 276.224116][ T8285] loop1: detected capacity change from 0 to 512 [ 276.239421][ T8285] EXT4-fs (loop1): filesystem is read-only [ 276.282059][ T8285] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 276.284494][ T8252] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 276.302690][ T8285] EXT4-fs (loop1): can't mount with data=, fs mounted w/o journal [ 276.319616][ T8252] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 276.634271][ T3582] Bluetooth: hci0: command tx timeout [ 276.844758][ T8252] team0: Port device team_slave_0 added [ 277.095115][ T8252] team0: Port device team_slave_1 added [ 277.125680][ T26] audit: type=1326 audit(1718673310.565:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8284 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f5447cf29 code=0x0 [ 277.200572][ T8252] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 277.218059][ T8252] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 277.247606][ T8252] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 277.270459][ T8252] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 277.293923][ T8252] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 277.358095][ T8252] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 277.622481][ T8306] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 277.690328][ T8252] device hsr_slave_0 entered promiscuous mode [ 277.741742][ T8252] device hsr_slave_1 entered promiscuous mode [ 277.788227][ T8252] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 277.812558][ T8252] Cannot create hsr debugfs directory [ 277.932862][ T4040] device hsr_slave_0 left promiscuous mode [ 277.949135][ T4040] device hsr_slave_1 left promiscuous mode [ 277.959993][ T4040] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 277.977854][ T4040] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 277.997087][ T4040] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 278.012437][ T4040] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 278.033462][ T4040] device bridge_slave_1 left promiscuous mode [ 278.039739][ T4040] bridge0: port 2(bridge_slave_1) entered disabled state [ 278.057846][ T4040] device bridge_slave_0 left promiscuous mode [ 278.067441][ T4040] bridge0: port 1(bridge_slave_0) entered disabled state [ 278.084272][ T4040] device veth1_macvtap left promiscuous mode [ 278.104757][ T4040] device veth0_macvtap left promiscuous mode [ 278.110915][ T4040] device veth1_vlan left promiscuous mode [ 278.114080][ T8302] loop3: detected capacity change from 0 to 40427 [ 278.124083][ T4040] device veth0_vlan left promiscuous mode [ 278.131916][ T8302] F2FS-fs (loop3): Invalid log blocks per segment (4278190089) [ 278.140698][ T8302] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 278.162359][ T3611] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 278.171884][ T8302] F2FS-fs (loop3): invalid crc value [ 278.189552][ T8302] F2FS-fs (loop3): Found nat_bits in checkpoint [ 278.243592][ T8302] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 278.250893][ T8302] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 278.315061][ T5511] syz-executor.3: attempt to access beyond end of device [ 278.315061][ T5511] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 278.370311][ T4040] bond1 (unregistering): Released all slaves [ 278.402364][ T3611] usb 2-1: Using ep0 maxpacket: 8 [ 278.522633][ T3611] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 278.523860][ T4040] team0 (unregistering): Port device team_slave_1 removed [ 278.548127][ T3611] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 278.559870][ T4040] team0 (unregistering): Port device team_slave_0 removed [ 278.572381][ T3611] usb 2-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.00 [ 278.582037][ T4040] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 278.592367][ T3611] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.609366][ T3611] usb 2-1: config 0 descriptor?? [ 278.617781][ T4040] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 278.712444][ T3582] Bluetooth: hci0: command tx timeout [ 278.718046][ T4040] bond0 (unregistering): Released all slaves [ 278.993664][ T8341] Bluetooth: MGMT ver 1.22 [ 279.027355][ T8341] xt_NFQUEUE: number of queues (17952) out of range (got 83484) [ 279.169690][ T3611] lenovo 0003:17EF:60EE.0005: hidraw0: USB HID v0.00 Device [HID 17ef:60ee] on usb-dummy_hcd.1-1/input0 [ 279.183849][ T8337] loop3: detected capacity change from 0 to 32768 [ 279.199094][ T8346] Bluetooth: MGMT ver 1.22 [ 279.277298][ T8337] XFS (loop3): Mounting V5 Filesystem [ 279.352898][ T7] usb 2-1: USB disconnect, device number 6 [ 279.395542][ T8337] XFS (loop3): Ending clean mount [ 279.618947][ T5511] XFS (loop3): Unmounting Filesystem [ 279.980111][ T8252] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 280.029356][ T8252] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 280.051130][ T8252] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 280.078850][ T8252] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 280.100929][ T8370] Cannot find map_set index 0 as target [ 280.205477][ T8377] netlink: 'syz-executor.2': attribute type 10 has an invalid length. [ 280.285948][ T8252] 8021q: adding VLAN 0 to HW filter on device bond0 [ 280.360896][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 280.961143][ T3582] Bluetooth: hci0: command tx timeout [ 281.663141][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 281.694165][ T8382] loop2: detected capacity change from 0 to 2048 [ 281.720818][ T8252] 8021q: adding VLAN 0 to HW filter on device team0 [ 281.756808][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 281.770400][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 281.781146][ T3612] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.788323][ T3612] bridge0: port 1(bridge_slave_0) entered forwarding state [ 281.818289][ T8382] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 281.839603][ T8393] loop1: detected capacity change from 0 to 2048 [ 281.889706][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 281.917227][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 281.939422][ T8393] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 281.999335][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 282.022745][ T8397] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #2: block 16: comm syz-executor.2: lblock 0 mapped to illegal pblock 16 (length 1) [ 282.042075][ T8393] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 282.044169][ T4205] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.058001][ T4205] bridge0: port 2(bridge_slave_1) entered forwarding state [ 282.101649][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 282.139251][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 282.204202][ T6203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 282.234499][ T6203] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 282.278941][ T6203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 282.283830][ T6888] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #2: block 16: comm syz-executor.2: lblock 0 mapped to illegal pblock 16 (length 1) [ 282.305522][ T6203] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 282.346801][ T6203] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 282.372546][ T6888] EXT4-fs error (device loop2): __ext4_get_inode_loc:4495: comm syz-executor.2: Invalid inode table block 0 in block_group 0 [ 282.403061][ T6888] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5868: Corrupt filesystem [ 282.418874][ T8252] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 282.443009][ T6888] EXT4-fs error (device loop2): ext4_dirty_inode:6072: inode #2: comm syz-executor.2: mark_inode_dirty error [ 282.477882][ T8252] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 282.479368][ T3830] EXT4-fs error (device loop2): __ext4_get_inode_loc:4495: comm kworker/u4:7: Invalid inode table block 0 in block_group 0 [ 282.508318][ T6217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 282.528286][ T6217] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 282.564813][ T6217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 282.608007][ T6217] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 282.623636][ T6888] EXT4-fs (loop2): unmounting filesystem. [ 282.664775][ T6203] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 282.756070][ T8417] netlink: 'syz-executor.0': attribute type 10 has an invalid length. [ 282.926470][ T3582] ================================================================== [ 282.934765][ T3582] BUG: KASAN: use-after-free in __lock_acquire+0x77/0x1f80 [ 282.941990][ T3582] Read of size 8 at addr ffff8880776d00b0 by task kworker/u5:7/3582 [ 282.949981][ T3582] [ 282.952326][ T3582] CPU: 1 PID: 3582 Comm: kworker/u5:7 Not tainted 6.1.94-syzkaller #0 [ 282.960483][ T3582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 282.970568][ T3582] Workqueue: hci3 hci_rx_work [ 282.975275][ T3582] Call Trace: [ 282.978569][ T3582] [ 282.981499][ T3582] dump_stack_lvl+0x1e3/0x2cb [ 282.986216][ T3582] ? nf_tcp_handle_invalid+0x642/0x642 [ 282.991717][ T3582] ? panic+0x764/0x764 [ 282.995822][ T3582] ? _printk+0xd1/0x111 [ 283.000006][ T3582] ? __virt_addr_valid+0x17f/0x520 [ 283.005160][ T3582] ? __virt_addr_valid+0x17f/0x520 [ 283.010325][ T3582] print_report+0x15f/0x4f0 [ 283.014845][ T3582] ? __virt_addr_valid+0x17f/0x520 [ 283.019957][ T3582] ? __virt_addr_valid+0x17f/0x520 [ 283.025061][ T3582] ? __virt_addr_valid+0x44a/0x520 [ 283.030166][ T3582] ? __phys_addr+0xb6/0x170 [ 283.034671][ T3582] ? __lock_acquire+0x77/0x1f80 [ 283.039532][ T3582] kasan_report+0x136/0x160 [ 283.044026][ T3582] ? __lock_acquire+0x77/0x1f80 [ 283.048875][ T3582] __lock_acquire+0x77/0x1f80 [ 283.053554][ T3582] ? __lock_acquire+0x125b/0x1f80 [ 283.058577][ T3582] lock_acquire+0x1f8/0x5a0 [ 283.063073][ T3582] ? lock_sock_nested+0x66/0x100 [ 283.068010][ T3582] ? lockdep_softirqs_on+0x590/0x590 [ 283.073297][ T3582] ? read_lock_is_recursive+0x10/0x10 [ 283.078671][ T3582] ? __local_bh_disable_ip+0x183/0x210 [ 283.084126][ T3582] ? __might_sleep+0xb0/0xb0 [ 283.088796][ T3582] ? lock_sock_nested+0x66/0x100 [ 283.093734][ T3582] ? __bpf_trace_softirq+0x10/0x10 [ 283.098850][ T3582] ? do_raw_read_unlock+0x38/0x70 [ 283.103869][ T3582] ? _raw_read_unlock+0x24/0x40 [ 283.108719][ T3582] ? l2cap_global_chan_by_psm+0x459/0x4c0 [ 283.114435][ T3582] ? lock_sock_nested+0x66/0x100 [ 283.119370][ T3582] _raw_spin_lock_bh+0x31/0x40 [ 283.124127][ T3582] ? lock_sock_nested+0x66/0x100 [ 283.129058][ T3582] lock_sock_nested+0x66/0x100 [ 283.133819][ T3582] l2cap_sock_recv_cb+0x51/0x4e0 [ 283.138754][ T3582] ? l2cap_recv_frame+0x1242/0x8bd0 [ 283.143956][ T3582] l2cap_recv_frame+0x12ba/0x8bd0 [ 283.148979][ T3582] ? l2cap_conn_unreliable+0x1a0/0x1a0 [ 283.154429][ T3582] ? __mutex_unlock_slowpath+0x218/0x750 [ 283.160050][ T3582] ? __lock_acquire+0x1f80/0x1f80 [ 283.165070][ T3582] ? mutex_unlock+0x10/0x10 [ 283.169650][ T3582] ? hci_conn_enter_active_mode+0x25c/0x360 [ 283.175536][ T3582] ? l2cap_recv_acldata+0x2ed/0x1570 [ 283.181016][ T3582] ? hci_conn_hash_lookup_handle+0x226/0x240 [ 283.187033][ T3582] hci_rx_work+0x363/0xce0 [ 283.191650][ T3582] ? process_one_work+0x7a9/0x11d0 [ 283.196786][ T3582] process_one_work+0x8a9/0x11d0 [ 283.201729][ T3582] ? worker_detach_from_pool+0x260/0x260 [ 283.207362][ T3582] ? _raw_spin_lock_irqsave+0x120/0x120 [ 283.212903][ T3582] ? kthread_data+0x4e/0xc0 [ 283.217400][ T3582] ? wq_worker_running+0x97/0x190 [ 283.222420][ T3582] worker_thread+0xa47/0x1200 [ 283.227087][ T3582] ? _raw_spin_unlock+0x40/0x40 [ 283.231930][ T3582] ? __sched_text_start+0x8/0x8 [ 283.236780][ T3582] ? _raw_spin_unlock+0x40/0x40 [ 283.241713][ T3582] kthread+0x28d/0x320 [ 283.245772][ T3582] ? worker_clr_flags+0x190/0x190 [ 283.250803][ T3582] ? kthread_blkcg+0xd0/0xd0 [ 283.255384][ T3582] ret_from_fork+0x1f/0x30 [ 283.259802][ T3582] [ 283.262809][ T3582] [ 283.265116][ T3582] Allocated by task 8427: [ 283.269435][ T3582] kasan_set_track+0x4b/0x70 [ 283.274025][ T3582] __kasan_kmalloc+0x97/0xb0 [ 283.278611][ T3582] __kmalloc+0xb2/0x230 [ 283.282773][ T3582] sk_prot_alloc+0xe0/0x200 [ 283.287267][ T3582] sk_alloc+0x36/0x350 [ 283.291416][ T3582] bt_sock_alloc+0x37/0x130 [ 283.295912][ T3582] l2cap_sock_create+0x11e/0x2b0 [ 283.300845][ T3582] bt_sock_create+0x159/0x220 [ 283.305517][ T3582] __sock_create+0x488/0x910 [ 283.310100][ T3582] __sys_socket+0x136/0x3a0 [ 283.314612][ T3582] __x64_sys_socket+0x76/0x80 [ 283.319284][ T3582] do_syscall_64+0x3b/0xb0 [ 283.323693][ T3582] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 283.329589][ T3582] [ 283.331896][ T3582] Freed by task 8426: [ 283.335857][ T3582] kasan_set_track+0x4b/0x70 [ 283.340442][ T3582] kasan_save_free_info+0x27/0x40 [ 283.345458][ T3582] ____kasan_slab_free+0xd6/0x120 [ 283.350478][ T3582] __kmem_cache_free+0x25c/0x3c0 [ 283.355408][ T3582] __sk_destruct+0x473/0x5f0 [ 283.359990][ T3582] l2cap_sock_release+0x157/0x1d0 [ 283.365009][ T3582] sock_close+0xcd/0x230 [ 283.369236][ T3582] __fput+0x3b7/0x890 [ 283.373205][ T3582] task_work_run+0x246/0x300 [ 283.377787][ T3582] exit_to_user_mode_loop+0xde/0x100 [ 283.383062][ T3582] exit_to_user_mode_prepare+0xb1/0x140 [ 283.388853][ T3582] syscall_exit_to_user_mode+0x60/0x270 [ 283.394390][ T3582] do_syscall_64+0x47/0xb0 [ 283.398813][ T3582] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 283.404785][ T3582] [ 283.407094][ T3582] Last potentially related work creation: [ 283.412797][ T3582] kasan_save_stack+0x3b/0x60 [ 283.417564][ T3582] __kasan_record_aux_stack+0xb0/0xc0 [ 283.422924][ T3582] insert_work+0x54/0x3d0 [ 283.427241][ T3582] __queue_work+0xb4b/0xf90 [ 283.431731][ T3582] queue_work_on+0x14b/0x250 [ 283.436308][ T3582] afs_purge_servers+0x145/0x370 [ 283.441241][ T3582] afs_net_exit+0x50/0xa0 [ 283.445558][ T3582] cleanup_net+0x6ce/0xb60 [ 283.449966][ T3582] process_one_work+0x8a9/0x11d0 [ 283.454895][ T3582] worker_thread+0xa47/0x1200 [ 283.459562][ T3582] kthread+0x28d/0x320 [ 283.463616][ T3582] ret_from_fork+0x1f/0x30 [ 283.468023][ T3582] [ 283.470333][ T3582] Second to last potentially related work creation: [ 283.476900][ T3582] kasan_save_stack+0x3b/0x60 [ 283.481571][ T3582] __kasan_record_aux_stack+0xb0/0xc0 [ 283.486935][ T3582] insert_work+0x54/0x3d0 [ 283.491257][ T3582] __queue_work+0xb4b/0xf90 [ 283.495747][ T3582] queue_work_on+0x14b/0x250 [ 283.500344][ T3582] afs_cell_purge+0x185/0x3a0 [ 283.505012][ T3582] afs_net_exit+0x48/0xa0 [ 283.509335][ T3582] cleanup_net+0x6ce/0xb60 [ 283.513829][ T3582] process_one_work+0x8a9/0x11d0 [ 283.518755][ T3582] worker_thread+0xa47/0x1200 [ 283.523418][ T3582] kthread+0x28d/0x320 [ 283.527474][ T3582] ret_from_fork+0x1f/0x30 [ 283.531887][ T3582] [ 283.534193][ T3582] The buggy address belongs to the object at ffff8880776d0000 [ 283.534193][ T3582] which belongs to the cache kmalloc-2k of size 2048 [ 283.548233][ T3582] The buggy address is located 176 bytes inside of [ 283.548233][ T3582] 2048-byte region [ffff8880776d0000, ffff8880776d0800) [ 283.561596][ T3582] [ 283.564012][ T3582] The buggy address belongs to the physical page: [ 283.570406][ T3582] page:ffffea0001ddb400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x776d0 [ 283.580548][ T3582] head:ffffea0001ddb400 order:3 compound_mapcount:0 compound_pincount:0 [ 283.588860][ T3582] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 283.596851][ T3582] raw: 00fff00000010200 ffffea00015e6e00 dead000000000002 ffff888012442000 [ 283.605427][ T3582] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 283.613997][ T3582] page dumped because: kasan: bad access detected [ 283.620410][ T3582] page_owner tracks the page as allocated [ 283.626109][ T3582] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 3612, tgid 3612 (kworker/0:4), ts 61852282827, free_ts 61793102703 [ 283.648161][ T3582] post_alloc_hook+0x18d/0x1b0 [ 283.652922][ T3582] get_page_from_freelist+0x31a1/0x3320 [ 283.658468][ T3582] __alloc_pages+0x28d/0x770 [ 283.663049][ T3582] alloc_slab_page+0x6a/0x150 [ 283.667723][ T3582] new_slab+0x84/0x2d0 [ 283.671820][ T3582] ___slab_alloc+0xc20/0x1270 [ 283.676574][ T3582] __kmem_cache_alloc_node+0x19f/0x260 [ 283.682023][ T3582] __kmalloc_node_track_caller+0xa0/0x220 [ 283.687818][ T3582] __alloc_skb+0x135/0x670 [ 283.692237][ T3582] skb_copy+0x127/0x820 [ 283.696385][ T3582] mac80211_hwsim_tx_frame_no_nl+0x10f4/0x1a70 [ 283.702623][ T3582] mac80211_hwsim_tx+0x18d7/0x2600 [ 283.707735][ T3582] ieee80211_tx_frags+0x3d8/0x890 [ 283.712760][ T3582] __ieee80211_tx+0x21b/0x4a0 [ 283.717517][ T3582] ieee80211_tx+0x32d/0x460 [ 283.722012][ T3582] __ieee80211_subif_start_xmit+0x10d5/0x33f0 [ 283.728075][ T3582] page last free stack trace: [ 283.732738][ T3582] free_unref_page_prepare+0xf63/0x1120 [ 283.738274][ T3582] free_unref_page+0x33/0x3e0 [ 283.742939][ T3582] __unfreeze_partials+0x1b7/0x210 [ 283.748040][ T3582] put_cpu_partial+0x17b/0x250 [ 283.752798][ T3582] qlist_free_all+0x76/0xe0 [ 283.757291][ T3582] kasan_quarantine_reduce+0x156/0x170 [ 283.762742][ T3582] __kasan_slab_alloc+0x1f/0x70 [ 283.767580][ T3582] slab_post_alloc_hook+0x52/0x3a0 [ 283.772689][ T3582] kmem_cache_alloc_node+0x136/0x310 [ 283.777971][ T3582] __alloc_skb+0xde/0x670 [ 283.782299][ T3582] alloc_skb_with_frags+0xa4/0x740 [ 283.787405][ T3582] sock_alloc_send_pskb+0x915/0xa50 [ 283.792687][ T3582] mld_newpack+0x1c0/0xa90 [ 283.797101][ T3582] add_grec+0x1492/0x19a0 [ 283.801422][ T3582] mld_ifc_work+0x68f/0xc90 [ 283.805917][ T3582] process_one_work+0x8a9/0x11d0 [ 283.810850][ T3582] [ 283.813171][ T3582] Memory state around the buggy address: [ 283.818788][ T3582] ffff8880776cff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 283.826836][ T3582] ffff8880776d0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 283.834883][ T3582] >ffff8880776d0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 283.842928][ T3582] ^ [ 283.848544][ T3582] ffff8880776d0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 283.856599][ T3582] ffff8880776d0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 283.864643][ T3582] ================================================================== [ 283.872688][ T3582] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 283.879875][ T3582] CPU: 1 PID: 3582 Comm: kworker/u5:7 Not tainted 6.1.94-syzkaller #0 [ 283.888159][ T3582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 283.898236][ T3582] Workqueue: hci3 hci_rx_work [ 283.903014][ T3582] Call Trace: [ 283.906291][ T3582] [ 283.909218][ T3582] dump_stack_lvl+0x1e3/0x2cb [ 283.913996][ T3582] ? nf_tcp_handle_invalid+0x642/0x642 [ 283.919452][ T3582] ? panic+0x764/0x764 [ 283.923541][ T3582] ? lock_release+0xd6/0xa20 [ 283.928130][ T3582] ? vscnprintf+0x59/0x80 [ 283.932524][ T3582] panic+0x318/0x764 [ 283.936521][ T3582] ? check_panic_on_warn+0x1d/0xa0 [ 283.941634][ T3582] ? memcpy_page_flushcache+0xfc/0xfc [ 283.947026][ T3582] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 283.952926][ T3582] ? _raw_spin_unlock+0x40/0x40 [ 283.957771][ T3582] ? print_report+0x4a3/0x4f0 [ 283.962437][ T3582] check_panic_on_warn+0x7e/0xa0 [ 283.967367][ T3582] ? __lock_acquire+0x77/0x1f80 [ 283.972211][ T3582] end_report+0x66/0x110 [ 283.976442][ T3582] kasan_report+0x143/0x160 [ 283.980932][ T3582] ? __lock_acquire+0x77/0x1f80 [ 283.985791][ T3582] __lock_acquire+0x77/0x1f80 [ 283.990483][ T3582] ? __lock_acquire+0x125b/0x1f80 [ 283.995507][ T3582] lock_acquire+0x1f8/0x5a0 [ 284.000003][ T3582] ? lock_sock_nested+0x66/0x100 [ 284.004937][ T3582] ? lockdep_softirqs_on+0x590/0x590 [ 284.010446][ T3582] ? read_lock_is_recursive+0x10/0x10 [ 284.015867][ T3582] ? __local_bh_disable_ip+0x183/0x210 [ 284.021855][ T3582] ? __might_sleep+0xb0/0xb0 [ 284.026529][ T3582] ? lock_sock_nested+0x66/0x100 [ 284.031467][ T3582] ? __bpf_trace_softirq+0x10/0x10 [ 284.036597][ T3582] ? do_raw_read_unlock+0x38/0x70 [ 284.041617][ T3582] ? _raw_read_unlock+0x24/0x40 [ 284.046511][ T3582] ? l2cap_global_chan_by_psm+0x459/0x4c0 [ 284.052247][ T3582] ? lock_sock_nested+0x66/0x100 [ 284.057190][ T3582] _raw_spin_lock_bh+0x31/0x40 [ 284.061959][ T3582] ? lock_sock_nested+0x66/0x100 [ 284.066892][ T3582] lock_sock_nested+0x66/0x100 [ 284.071670][ T3582] l2cap_sock_recv_cb+0x51/0x4e0 [ 284.076627][ T3582] ? l2cap_recv_frame+0x1242/0x8bd0 [ 284.081824][ T3582] l2cap_recv_frame+0x12ba/0x8bd0 [ 284.086851][ T3582] ? l2cap_conn_unreliable+0x1a0/0x1a0 [ 284.092303][ T3582] ? __mutex_unlock_slowpath+0x218/0x750 [ 284.097932][ T3582] ? __lock_acquire+0x1f80/0x1f80 [ 284.102961][ T3582] ? mutex_unlock+0x10/0x10 [ 284.107457][ T3582] ? hci_conn_enter_active_mode+0x25c/0x360 [ 284.113348][ T3582] ? l2cap_recv_acldata+0x2ed/0x1570 [ 284.118632][ T3582] ? hci_conn_hash_lookup_handle+0x226/0x240 [ 284.124614][ T3582] hci_rx_work+0x363/0xce0 [ 284.129029][ T3582] ? process_one_work+0x7a9/0x11d0 [ 284.134139][ T3582] process_one_work+0x8a9/0x11d0 [ 284.139103][ T3582] ? worker_detach_from_pool+0x260/0x260 [ 284.144743][ T3582] ? _raw_spin_lock_irqsave+0x120/0x120 [ 284.150285][ T3582] ? kthread_data+0x4e/0xc0 [ 284.154797][ T3582] ? wq_worker_running+0x97/0x190 [ 284.160460][ T3582] worker_thread+0xa47/0x1200 [ 284.165173][ T3582] ? _raw_spin_unlock+0x40/0x40 [ 284.170919][ T3582] ? __sched_text_start+0x8/0x8 [ 284.175794][ T3582] ? _raw_spin_unlock+0x40/0x40 [ 284.180656][ T3582] kthread+0x28d/0x320 [ 284.184719][ T3582] ? worker_clr_flags+0x190/0x190 [ 284.189739][ T3582] ? kthread_blkcg+0xd0/0xd0 [ 284.194320][ T3582] ret_from_fork+0x1f/0x30 [ 284.198744][ T3582] [ 284.202033][ T3582] Kernel Offset: disabled [ 284.206374][ T3582] Rebooting in 86400 seconds..