last executing test programs: 10.880908735s ago: executing program 3 (id=2026): r0 = socket$l2tp(0x2, 0x2, 0x73) sendmmsg$inet(r0, &(0x7f0000001f40)=[{{&(0x7f0000000000)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000180)=[{&(0x7f00000000c0)='\'', 0x1}, {0x0}], 0x2}}], 0x1, 0x0) 10.637438951s ago: executing program 3 (id=2028): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x12, 0xc, 0x8, 0x3}, 0x48) r1 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r0, &(0x7f00000000c0), &(0x7f0000000000)=@udp6=r1}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000001540), &(0x7f00000000c0)=@udp6=r1, 0x1}, 0x20) 10.417374916s ago: executing program 3 (id=2030): r0 = socket$key(0xf, 0x3, 0x2) recvmmsg(r0, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400}) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x94c, 0x4) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x2, 0x8, 0x0, 0x0, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) 9.279528149s ago: executing program 0 (id=2032): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000080)=0xfffffff5, 0x4) socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$sock_buf(r3, 0xab, 0x0, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f00000003c0)=[{{&(0x7f0000000040)={0xa, 0x4e21, 0x3, @dev={0xfe, 0x80, '\x00', 0x15}}, 0x1c, 0x0, 0x0, &(0x7f0000000340)=[@pktinfo={{0x24, 0x29, 0x32, {@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', r2}}}], 0x28}}], 0x1, 0x0) 9.003876156s ago: executing program 3 (id=2036): keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0x4002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) 8.990883883s ago: executing program 0 (id=2037): r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r0, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6000) io_setup(0x202, &(0x7f0000000200)=0x0) ftruncate(r1, 0x81fd) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000000), 0x1670e68) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe70300e4, 0x2, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}]) 7.4785264s ago: executing program 3 (id=2042): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 6.697306732s ago: executing program 0 (id=2044): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket(0x40000000015, 0x5, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) bind$inet(r1, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000840)={0x24, 0x1, 0x4, 0x5, 0x0, 0x0, {}, [@NFULA_CFG_NLBUFSIZ={0x8}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x24}}, 0x0) sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r1, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/11, 0xb}}], 0x5df, 0x2, 0x0) socket$l2tp6(0xa, 0x2, 0x73) io_uring_setup(0x0, 0x0) unshare(0x20000400) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0xb2dd, 0x3, 0x0, 0x1}, 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r3, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r3, 0x0, &(0x7f0000001700)=""/53}, 0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r4, &(0x7f0000007fc0), 0x2d, 0xa00) 6.536200211s ago: executing program 3 (id=2048): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NETID(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000004c0)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {}, {0x8}}}, 0x24}}, 0x0) 5.445543079s ago: executing program 0 (id=2056): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) 4.55371129s ago: executing program 0 (id=2058): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000100000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008400000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0x12, &(0x7f0000000040)={@random="f60db9be9ce2", @multicast, @val={@void}}, 0x0) 4.553154575s ago: executing program 0 (id=2060): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd70a5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c707647fa8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa60e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b0a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000f841b35af2e300"/3601], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802) write$evdev(r1, &(0x7f0000000000), 0x100000008) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r2}, 0x10) ioctl$EVIOCSABS20(r1, 0x40044590, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) 3.485381152s ago: executing program 1 (id=2070): io_setup(0xbf5, &(0x7f0000000600)=0x0) r1 = creat(&(0x7f0000000640)='./file0\x00', 0x0) r2 = inotify_init() io_submit(r0, 0x2, &(0x7f0000000840)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, 0x0}, &(0x7f0000000800)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x2}]) 3.245658888s ago: executing program 1 (id=2072): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x14, 0x15, 0x301, 0x0, 0x0, {0x5}}, 0x14}}, 0x0) 3.13737354s ago: executing program 4 (id=2073): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) sched_setscheduler(0x0, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) geteuid() lstat(&(0x7f0000007600)='./file0\x00', &(0x7f0000007640)) getgid() sched_setscheduler(0x0, 0x2, 0x0) geteuid() pwritev2(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000000)="dc", 0x1}], 0x1, 0x0, 0x0, 0x6) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = timerfd_create(0x0, 0x0) read(r1, &(0x7f0000000140)=""/199, 0xc7) 2.802632991s ago: executing program 1 (id=2074): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400009eb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.635874846s ago: executing program 1 (id=2075): socket$nl_netfilter(0x10, 0x3, 0xc) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00'}, 0x80) fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) pipe(&(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x2, 0x300) socket(0x200000100000011, 0x803, 0x0) socket$packet(0x11, 0x3, 0x300) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r1}, 0x8) ioctl$SIOCSIFHWADDR(r0, 0x89f0, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'}) 2.294655049s ago: executing program 2 (id=2077): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) r1 = dup(r0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000080), 0x10010) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000005, 0x10012, r2, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x22, &(0x7f0000000080), &(0x7f0000000040)=0x8) 2.233371678s ago: executing program 2 (id=2078): r0 = socket$inet6(0xa, 0x2, 0x3a) sendmmsg$inet6(r0, &(0x7f0000000800)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f00000001c0)=[{&(0x7f0000000100)="8000102e7577d401", 0x8}], 0x1, &(0x7f0000000580)=[@hopopts_2292={{0x18}}, @hopopts_2292={{0x18}}], 0x30}}], 0x1, 0x0) 2.115878394s ago: executing program 4 (id=2079): r0 = socket$inet(0x2, 0x4000000805, 0x0) sendmmsg(r0, &(0x7f0000000e40)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @rand_addr=0x64010100}, 0x80, &(0x7f0000000300)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[{0x30, 0x84, 0x1, "b23ea0c74cd7a434e1d8f0819200"/25}], 0x30}}], 0x2, 0x0) 1.995827344s ago: executing program 4 (id=2080): r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r0, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6000) io_setup(0x202, &(0x7f0000000200)=0x0) ftruncate(r1, 0x81fd) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000000), 0x1670e68) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe70300e4, 0x2, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}]) 1.975790187s ago: executing program 2 (id=2081): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_OSF_FLAGS={0x8, 0x3, 0x1, 0x0, 0x11}, @NFTA_OSF_TTL={0x5}, @NFTA_OSF_DREG={0x8}]}}}]}]}], {0x14}}, 0x80}}, 0x0) 1.860439885s ago: executing program 2 (id=2082): syz_mount_image$cramfs(&(0x7f00000000c0), &(0x7f0000000080)='./file2\x00', 0x0, &(0x7f00000006c0)=ANY=[], 0x2, 0x15d, &(0x7f0000000500)="$eJzszr9rGmEcx/H39fxRW62WWrCFtkKHHhXr9aTdWqqlUqH2oMWlk6BXWtAqCiVjEsiWIX+AQxIhkziEjBkSk8VEIZi/Q8gQyHjhuUcCyZj5eS3HfT4fvndfPkwMYqAjfW42Wm2n03FqyR92qfBze2f3gciDwF1v0Wi1xbgm93s5+COePpgtyfggAr//1p031WZdvM9yYAD5+yL3YyK390QWl9u3IhuC8RKGj2VmzXfzTHzVyc6zpz7IR+VO3HM34JW49xDcoPy3c2Chmxr0j76PR8X0661nOivF1ItH2vX8ubNqFZ70wgmdsnO4Sd7rTzOj9Elm0J9OxqVvdsmeZC3rfdb8ZJrvpvbxOMTiGr6v4f/w68a9QAAow7IGXQ36Xj/b1yLAcP3CbkSDceDsXww0r0nKJsRV47rQrVYS/l4l/vEOuoGGoiiKoiiKoiiKotzSZQAAAP//WzxoZw==") execveat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x0, 0x0, 0x0) 1.667937158s ago: executing program 4 (id=2083): r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000040)={0x1, 0x5}, 0x2) write$USERIO_CMD_REGISTER(r0, &(0x7f00000001c0), 0x2) socket(0x0, 0x0, 0x0) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000000)={0x2, 0xfc}, 0x2) 1.566432774s ago: executing program 2 (id=2084): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400009eb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.371380667s ago: executing program 2 (id=2085): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000680)={0x0, {0x2, 0x4e20, @empty}, {0x2, 0x4e23, @multicast1}, {0x2, 0x4e24, @broadcast}, 0x354, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)='nr0\x00', 0xffffffffffffffc1, 0x8, 0x14}) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000900)={0x0, {0x2, 0x4e23, @private}, {0x2, 0x4e20, @empty}, {0x2, 0x4e23, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0xe, &(0x7f0000000200)='batadv_slave_1\x00', 0x9, 0x2, 0x9}) getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000009c0)={'broute\x00', 0x0, 0x0, 0x0, [0xfffc, 0xc, 0x0, 0x3, 0x8651, 0xfffffffffffffff7]}, &(0x7f0000000080)=0x78) unshare(0x40000000) r1 = socket$inet_udplite(0x2, 0x2, 0x88) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000480)={0xffffffffffffffff, &(0x7f0000000380)="f7463800cbdec122707151f05fdbd8938bbf8e35f2cd4fec8d9bae70aadf80cf9f98c710a7807cc71a3f9b51e9b206eb0f7836d047f5da73aa0e8a6592fe9606764f157767f90280b4acbf9f0f8eb1501d65e4083ce3a7dad0a7dc6b7f1034c9418fa54731ddfeebf4731dc0e048536f934865eca5e2f3b831c553128246b3154a21a1ebada7191d32809cfd3d7f4625215736f672", &(0x7f0000000440)=@tcp6, 0x4}, 0x20) r2 = socket$inet_udplite(0x2, 0x2, 0x88) unshare(0x80) sendfile(r0, 0xffffffffffffffff, &(0x7f0000000040)=0x6, 0x3) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r1, 0x890c, &(0x7f0000000100)={0x0, {0x2, 0x4}, {0x2, 0xfffe, @remote}, {0x2, 0xfffd, @multicast1}, 0x8f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000000), 0x4) getsockopt$EBT_SO_GET_INFO(r3, 0x0, 0x80, &(0x7f00000004c0)={'nat\x00', 0x0, 0x0, 0x0, [0x1, 0xffffffffffffffff, 0x0, 0xae, 0x401, 0x53b8]}, &(0x7f0000000280)=0x78) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0xe23, @remote}, {0x2, 0x0, @empty}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x36}}, 0x507, 0x0, 0x0, 0x0, 0x4}) unshare(0x40000080) r4 = socket(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f0000000840)={0x0, {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x4, 0x4e22, @rand_addr=0x64010101}, {0x2, 0x4e23, @remote}, 0x184, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)='lo\x00', 0xffffffff}) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f00000005c0)={0x0, 0x6, 0x0, 0x4}, 0x10) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r4, 0x8982, &(0x7f0000000340)={0x0, 'team_slave_0\x00', {0x4}, 0x401}) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x18, 0x9, 0x6, 0xffffffe1, 0x800, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x1}, 0x48) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000011c0)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x240488c0}, 0x0) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r4, &(0x7f0000000300)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000780)={&(0x7f0000000d00)=ANY=[@ANYRES32, @ANYRES16=r1, @ANYRES32=r5, @ANYRESDEC=r1, @ANYBLOB="ccb335b3f5d42ddbba70e11e95cd7ba600001000008484a8030019830655a377b4ad5c35ddea1b5bbe38df80f86dac5b6ed38e63749ba7c43c8bbcb8999a08aeee1c82231a886e75a8b90e84accf0f5b1fb616a324ea3b5bfd14645fbf480c5320165b04e405ad377731e994f56d8acc24ae157175b70b5670a2687cf3743de4d44801270829ede73ab8788a787356aefced8d0e531d61b033ec87c3775f197a2552a9d0633efa782f5c1136dc2a00000000000000007e10711aece94b4355a4db2b2716442dffd9c099122c8721434671f43d188519edbed1594884661b7c0b2ab41b4624d625f5560675b033421ea72cc2a3d8ffaa91ca5047dc3ba3f22faec0bfe25cd1dcbc828ed35fdce4d6069c6c18834abad16e6c89604fc6f69e80c0e44c45a37084841c300f4dc7bf22e99653ad82a853ab127ae45aec6e10246402e60b9a9c5e5cf57ac8134a15d0e47558573e9f6d8b1812c0255c73f3fc404fdb93a376d4677e9146f7c517a2c25fc95d7de9f64bd4bc158c"], 0x14}, 0x1, 0x0, 0x0, 0x400c1}, 0x4000040) socket$inet(0x2, 0xa, 0xffffff10) sendto$inet6(r4, &(0x7f0000000180), 0x0, 0x40080, &(0x7f0000000700)={0xa, 0x4e22, 0x15, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x7}, 0x1c) unshare(0xa040900) socket$netlink(0x10, 0x3, 0x9) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f00000007c0)={{0x2, 0x4e1f, @multicast1}, {0x306, @remote}, 0x5e, {0x2, 0x4e22, @empty}, 'erspan0\x00'}) bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xa, 0x3, &(0x7f0000000e00)=ANY=[], &(0x7f0000014ff5)='GPL\x00', 0x2, 0x1000, &(0x7f0000014000)=""/4096, 0x0, 0x4e, '\x00', 0x0, 0x32, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0xb}, 0x10}, 0x90) 1.236112614s ago: executing program 4 (id=2086): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) ioctl$F2FS_IOC_DEFRAGMENT(0xffffffffffffffff, 0xc010f508, &(0x7f0000000140)={0x0, 0x7}) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) fanotify_init(0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000b, 0x4031, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x4, 0x0, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYRES32=r1, @ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x40305839, &(0x7f0000000540)={'\x00', @link_local={0x1, 0x80, 0xc2, 0x5}}) getdents(0xffffffffffffffff, 0x0, 0x0) r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) connect$ax25(r3, &(0x7f0000000000)={{0x3, @null}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x10) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r4, 0x40101286, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000005c0)={0xffffffffffffffff, 0x58, &(0x7f0000000540)}, 0x10) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 320.65706ms ago: executing program 1 (id=2087): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000000c0)={@rand_addr=' \x01\x00', @mcast1, @empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20220}) 163.011347ms ago: executing program 4 (id=2088): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd0100000000200000020060206b830f983afffe8000000000000000020000000000bbfe88000000000000000000000000000189"], 0xfce) 0s ago: executing program 1 (id=2089): setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xc01, 0x3, 0x1270, 0x1100, 0x5002004a, 0x12, 0x1100, 0x6800, 0x1240, 0x3c8, 0x3c8, 0x1240, 0x3c8, 0x2, 0x0, {[{{@ip={@multicast1, @multicast1, 0x0, 0x0, 'veth1_to_batadv\x00', 'macvlan0\x00'}, 0x60, 0x10a0, 0x1100, 0xb, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x0, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @common=@SET={0x60}}, {{@ip={@loopback, @remote, 0x0, 0x0, 'team_slave_0\x00', 'veth1_vlan\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x12d0) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) connect$pppl2tp(r0, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26) getsockopt$bt_BT_SECURITY(r0, 0x111, 0x3, 0x0, 0x20001100) kernel console output (not intermixed with test programs): : type=1326 audit(1719911081.557:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10290 comm="syz.2.1458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff43575b99 code=0x7ffc0000 [ 419.753968][T10296] ext4 filesystem being mounted at /root/syzkaller.EWp4ri/55/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 419.776505][ T29] audit: type=1326 audit(1719911081.557:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10290 comm="syz.2.1458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff43575b99 code=0x7ffc0000 [ 419.892974][T10303] ptrace attach of "./syz-executor exec"[9571] was attempted by ""[10303] [ 419.909628][T10171] chnl_net:caif_netlink_parms(): no params data found [ 419.982889][T10295] EXT4-fs error (device loop1): ext4_do_update_inode:5149: inode #2: comm syz.1.1457: corrupted inode contents [ 419.996403][T10149] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 420.009965][T10149] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 420.093940][T10149] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 420.106233][T10295] EXT4-fs error (device loop1): ext4_dirty_inode:6009: inode #2: comm syz.1.1457: mark_inode_dirty error [ 420.125933][T10295] EXT4-fs error (device loop1): ext4_do_update_inode:5149: inode #2: comm syz.1.1457: corrupted inode contents [ 420.195337][T10295] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #2: comm syz.1.1457: mark_inode_dirty error [ 420.213173][T10149] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 420.233718][T10149] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 420.244547][T10306] loop0: detected capacity change from 0 to 8192 [ 420.274732][T10310] loop2: detected capacity change from 0 to 512 [ 420.319981][T10149] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 420.369578][T10310] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 420.409037][T10310] ext4 filesystem being mounted at /root/syzkaller.HmiH51/30/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 420.450624][ T9641] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 420.665325][T10149] hsr_slave_0: entered promiscuous mode [ 420.668449][ T9699] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 420.689226][T10149] hsr_slave_1: entered promiscuous mode [ 420.697805][T10318] loop0: detected capacity change from 0 to 1024 [ 420.753639][T10149] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 420.783560][T10149] Cannot create hsr debugfs directory [ 420.953874][ T29] audit: type=1326 audit(1719911082.847:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10324 comm="syz.0.1466" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f49b7575b99 code=0x0 [ 421.127169][T10331] ptrace attach of "./syz-executor exec"[9699] was attempted by ""[10331] [ 421.143593][T10171] bridge0: port 1(bridge_slave_0) entered blocking state [ 421.150887][T10171] bridge0: port 1(bridge_slave_0) entered disabled state [ 421.184197][T10171] bridge_slave_0: entered allmulticast mode [ 421.191858][T10171] bridge_slave_0: entered promiscuous mode [ 421.279119][T10171] bridge0: port 2(bridge_slave_1) entered blocking state [ 421.298232][T10171] bridge0: port 2(bridge_slave_1) entered disabled state [ 421.323245][T10171] bridge_slave_1: entered allmulticast mode [ 421.333098][T10171] bridge_slave_1: entered promiscuous mode [ 421.529525][T10171] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 421.593116][T10343] loop2: detected capacity change from 0 to 64 [ 421.648649][T10171] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 421.836715][T10171] team0: Port device team_slave_0 added [ 421.868803][T10171] team0: Port device team_slave_1 added [ 421.984275][T10349] loop0: detected capacity change from 0 to 16 [ 421.992253][T10345] loop1: detected capacity change from 0 to 8192 [ 422.020540][T10349] erofs: (device loop0): mounted with root inode @ nid 36. [ 422.234118][T10171] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 422.241223][T10171] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 422.276118][T10171] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 422.375246][T10171] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 422.392198][T10171] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 422.443228][T10171] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 422.645190][T10171] hsr_slave_0: entered promiscuous mode [ 422.666420][T10358] ptrace attach of "./syz-executor exec"[9699] was attempted by ""[10358] [ 422.667310][T10171] hsr_slave_1: entered promiscuous mode [ 422.693859][T10171] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 422.701479][T10171] Cannot create hsr debugfs directory [ 422.882487][T10364] loop2: detected capacity change from 0 to 512 [ 422.988173][T10368] loop0: detected capacity change from 0 to 16 [ 423.012265][T10368] erofs: (device loop0): mounted with root inode @ nid 36. [ 423.069984][T10364] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 423.087029][T10364] ext4 filesystem being mounted at /root/syzkaller.HmiH51/38/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 423.173559][ T8311] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 423.228683][T10364] EXT4-fs error (device loop2): ext4_do_update_inode:5149: inode #2: comm syz.2.1480: corrupted inode contents [ 423.260007][T10372] loop0: detected capacity change from 0 to 8192 [ 423.283705][T10364] EXT4-fs error (device loop2): ext4_dirty_inode:6009: inode #2: comm syz.2.1480: mark_inode_dirty error [ 423.306503][T10364] EXT4-fs error (device loop2): ext4_do_update_inode:5149: inode #2: comm syz.2.1480: corrupted inode contents [ 423.351395][T10149] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 423.358952][T10364] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz.2.1480: mark_inode_dirty error [ 423.385455][ T8311] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 423.386259][T10149] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 423.403186][ T8311] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 423.443565][ T8311] usb 2-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 423.488810][ T8311] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 423.503555][ T8311] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 423.531030][ T8311] usb 2-1: Product: syz [ 423.531053][T10149] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 423.557962][ T8311] usb 2-1: Manufacturer: syz [ 423.588841][ T8311] usb 2-1: SerialNumber: syz [ 423.596214][T10149] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 423.609005][ T9699] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 423.792649][T10376] Driver unsupported XDP return value 0 on prog (id 235) dev N/A, expect packet loss! [ 423.976929][T10382] ptrace attach of "./syz-executor exec"[9571] was attempted by ""[10382] [ 424.109929][T10149] 8021q: adding VLAN 0 to HW filter on device bond0 [ 424.119344][T10384] loop2: detected capacity change from 0 to 64 [ 424.208722][T10149] 8021q: adding VLAN 0 to HW filter on device team0 [ 424.275133][ T8318] bridge0: port 1(bridge_slave_0) entered blocking state [ 424.282336][ T8318] bridge0: port 1(bridge_slave_0) entered forwarding state [ 424.377506][ T8318] bridge0: port 2(bridge_slave_1) entered blocking state [ 424.384833][ T8318] bridge0: port 2(bridge_slave_1) entered forwarding state [ 424.460456][T10390] loop2: detected capacity change from 0 to 16 [ 424.527027][T10390] erofs: (device loop2): mounted with root inode @ nid 36. [ 424.612788][T10171] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 424.661136][T10171] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 424.682000][T10392] loop0: detected capacity change from 0 to 256 [ 424.695112][ T8311] cdc_ncm 2-1:1.0: bind() failure [ 424.697419][T10171] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 424.740840][ T8311] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 424.749106][T10171] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 424.761016][ T8311] cdc_ncm 2-1:1.1: bind() failure [ 424.771518][T10392] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 424.835569][T10392] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 424.854261][T10392] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 424.875590][T10392] UDF-fs: Scanning with blocksize 512 failed [ 424.917350][T10392] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 424.952717][T10392] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 425.084675][ T29] audit: type=1800 audit(1719911086.977:247): pid=10392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1492" name=3ADC332C3F474EEDF6F6B659997387B7E6CCC3A2FDEB79DE8461C7A9982B2246E1D848EDF6533D2E dev="loop0" ino=77 res=0 errno=0 [ 425.143074][T10171] 8021q: adding VLAN 0 to HW filter on device bond0 [ 425.222921][T10171] 8021q: adding VLAN 0 to HW filter on device team0 [ 425.276596][ T5151] bridge0: port 1(bridge_slave_0) entered blocking state [ 425.283840][ T5151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 425.342816][ T5151] bridge0: port 2(bridge_slave_1) entered blocking state [ 425.350080][ T5151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 425.358721][T10403] loop0: detected capacity change from 0 to 512 [ 425.411231][T10149] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 425.526944][T10403] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 ro without journal. Quota mode: writeback. [ 425.554822][ T8311] usb 2-1: USB disconnect, device number 15 [ 425.605173][T10171] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 425.673982][T10403] Bluetooth: MGMT ver 1.23 [ 426.046149][T10149] veth0_vlan: entered promiscuous mode [ 426.136012][T10149] veth1_vlan: entered promiscuous mode [ 426.198911][T10171] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 426.277640][ T9571] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 426.298702][T10423] loop2: detected capacity change from 0 to 1024 [ 426.410938][T10149] veth0_macvtap: entered promiscuous mode [ 426.488284][T10149] veth1_macvtap: entered promiscuous mode [ 426.617730][T10149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 426.650737][T10149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.670149][T10149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 426.680754][T10149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.704748][T10432] loop0: detected capacity change from 0 to 64 [ 426.728541][T10149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 426.764741][T10149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.790642][T10149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 426.807002][T10149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.840840][T10149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 426.856818][T10149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.910258][T10149] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 426.972068][T10438] loop0: detected capacity change from 0 to 16 [ 427.008008][T10149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 427.035950][T10438] erofs: (device loop0): mounted with root inode @ nid 36. [ 427.036179][T10149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 427.056009][T10149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 427.066820][T10149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 427.078044][T10149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 427.098922][T10149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 427.111031][T10149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 427.121880][T10149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 427.133152][T10149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 427.146752][T10149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 427.162118][T10149] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 427.177743][T10149] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 427.190298][T10149] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 427.210365][T10149] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 427.220425][T10149] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 427.237658][ T11] hfsplus: b-tree write err: -5, ino 4 [ 427.257256][T10171] veth0_vlan: entered promiscuous mode [ 427.312982][T10171] veth1_vlan: entered promiscuous mode [ 427.459562][T10442] loop2: detected capacity change from 0 to 256 [ 427.559412][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 427.587924][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 427.667272][T10171] veth0_macvtap: entered promiscuous mode [ 427.678109][ T9699] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 427.717050][ T9699] FAT-fs (loop2): Filesystem has been set read-only [ 427.736316][T10171] veth1_macvtap: entered promiscuous mode [ 427.744649][ T9699] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 427.775970][T10446] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 427.797044][ T1101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 427.822263][ T1101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 427.852079][T10171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 427.876930][T10171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 427.893171][T10171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 427.920261][T10171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 427.934385][T10171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 427.953744][T10171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 427.984147][T10171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 428.003394][T10171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 428.033405][T10171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 428.063397][T10171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 428.103409][T10171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 428.133380][T10171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 428.165711][T10171] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 428.372333][T10450] gretap0: refused to change device tx_queue_len [ 428.385753][T10450] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 428.462154][T10171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 428.523155][T10171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 428.555499][T10171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 428.583518][T10171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 428.613720][T10171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 428.640362][T10171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 428.693840][T10171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 428.743363][T10171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 428.753241][T10171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 428.798891][T10444] loop0: detected capacity change from 0 to 32768 [ 428.823468][T10171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 428.863856][T10171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 428.883959][T10171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 428.926416][T10444] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 428.965879][T10171] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 429.018017][T10171] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.042109][T10468] loop4: detected capacity change from 0 to 512 [ 429.089215][T10171] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.100056][T10468] ext4: Unknown parameter 'nouser_xattr' [ 429.112252][T10171] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.142818][T10171] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.193475][T10444] XFS (loop0): Ending clean mount [ 429.298222][T10444] XFS (loop0): Quotacheck needed: Please wait. [ 429.490619][T10444] XFS (loop0): Quotacheck: Done. [ 429.610480][ T29] audit: type=1800 audit(1719911091.507:248): pid=10444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1504" name="file1" dev="loop0" ino=9286 res=0 errno=0 [ 429.730130][ T1101] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.219947][ T9571] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 430.351688][ T5105] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 430.373684][ T5105] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 430.382597][ T5105] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 430.431895][ T5105] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 430.441340][ T5105] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 430.448944][ T5105] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 430.451056][ T1101] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.558194][T10477] loop4: detected capacity change from 0 to 256 [ 430.798193][T10149] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 430.818728][T10149] FAT-fs (loop4): Filesystem has been set read-only [ 430.843534][T10149] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 430.849011][ T1101] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.983911][T10482] loop1: detected capacity change from 0 to 4096 [ 431.006090][T10482] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 431.043570][T10482] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 431.126077][ T1101] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.243615][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 431.270393][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 431.429696][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 431.464471][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 432.278140][ T1101] bridge_slave_1: left allmulticast mode [ 432.285640][ T1101] bridge_slave_1: left promiscuous mode [ 432.291485][ T1101] bridge0: port 2(bridge_slave_1) entered disabled state [ 432.311015][ T1101] bridge_slave_0: left allmulticast mode [ 432.317266][ T1101] bridge_slave_0: left promiscuous mode [ 432.323124][ T1101] bridge0: port 1(bridge_slave_0) entered disabled state [ 432.574069][ T5097] Bluetooth: hci4: command tx timeout [ 433.032766][ T5105] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 433.045494][ T5105] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 433.059035][ T5105] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 433.087436][ T5105] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 433.099955][ T5105] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 433.107569][ T5105] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 433.521240][ T1101] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 433.535557][ T1101] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 433.548550][ T1101] bond0 (unregistering): Released all slaves [ 433.655508][T10504] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1523'. [ 433.788919][T10510] loop3: detected capacity change from 0 to 256 [ 434.110650][T10474] chnl_net:caif_netlink_parms(): no params data found [ 434.653977][ T5105] Bluetooth: hci4: command tx timeout [ 434.734496][ T1101] hsr_slave_0: left promiscuous mode [ 434.749073][ T1101] hsr_slave_1: left promiscuous mode [ 434.776900][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 434.796177][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 434.829222][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 434.864703][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 435.143805][ T1101] veth1_macvtap: left promiscuous mode [ 435.173720][ T1101] veth0_macvtap: left promiscuous mode [ 435.179484][ T1101] veth1_vlan: left promiscuous mode [ 435.185773][T10520] loop1: detected capacity change from 0 to 1764 [ 435.214039][ T5105] Bluetooth: hci2: command tx timeout [ 435.252591][ T1101] veth0_vlan: left promiscuous mode [ 435.417512][T10534] loop3: detected capacity change from 0 to 256 [ 435.458725][T10534] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 435.500335][T10534] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 435.535569][T10534] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 435.566167][T10534] UDF-fs: Scanning with blocksize 512 failed [ 435.596745][T10534] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 435.629347][T10534] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 435.718012][ T29] audit: type=1800 audit(1719911097.617:249): pid=10534 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1529" name=3ADC332C3F474EEDF6F6B659997387B7E6CCC3A2FDEB79DE8461C7A9982B2246E1D848EDF6533D2E dev="loop3" ino=77 res=0 errno=0 [ 436.530508][T10559] loop0: detected capacity change from 0 to 512 [ 436.549696][T10559] ext4: Unknown parameter 'nouser_xattr' [ 436.733547][ T5105] Bluetooth: hci4: command tx timeout [ 437.295487][ T5105] Bluetooth: hci2: command tx timeout [ 437.660923][ T1101] team0 (unregistering): Port device team_slave_1 removed [ 437.807404][ T1101] team0 (unregistering): Port device team_slave_0 removed [ 438.814870][ T5105] Bluetooth: hci4: command tx timeout [ 438.875740][T10550] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1533'. [ 439.178992][ T29] audit: type=1800 audit(1719911101.077:250): pid=10583 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1543" name="bus" dev="sda1" ino=2062 res=0 errno=0 [ 439.272020][T10474] bridge0: port 1(bridge_slave_0) entered blocking state [ 439.310570][T10474] bridge0: port 1(bridge_slave_0) entered disabled state [ 439.325675][T10474] bridge_slave_0: entered allmulticast mode [ 439.333723][T10474] bridge_slave_0: entered promiscuous mode [ 439.365687][T10474] bridge0: port 2(bridge_slave_1) entered blocking state [ 439.373977][ T5105] Bluetooth: hci2: command tx timeout [ 439.384159][T10474] bridge0: port 2(bridge_slave_1) entered disabled state [ 439.391463][T10474] bridge_slave_1: entered allmulticast mode [ 439.458681][T10474] bridge_slave_1: entered promiscuous mode [ 439.501046][T10593] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1546'. [ 439.552722][T10505] chnl_net:caif_netlink_parms(): no params data found [ 439.721665][T10474] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 439.770373][T10595] team0: entered promiscuous mode [ 439.772646][T10597] loop1: detected capacity change from 0 to 2048 [ 439.777000][T10595] team_slave_0: entered promiscuous mode [ 439.800766][T10595] team_slave_1: entered promiscuous mode [ 439.838363][T10474] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 439.869257][T10590] team0: left promiscuous mode [ 439.874731][T10590] team_slave_0: left promiscuous mode [ 439.879507][T10597] loop1: p1 < > p4 [ 439.880791][T10590] team_slave_1: left promiscuous mode [ 439.891578][T10601] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1550'. [ 439.895548][T10597] loop1: p4 size 8388608 extends beyond EOD, truncated [ 439.961342][ T4546] loop1: p1 < > p4 [ 439.977821][ T4546] loop1: p4 size 8388608 extends beyond EOD, truncated [ 440.237598][T10610] syz.0.1553: attempt to access beyond end of device [ 440.237598][T10610] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 440.272020][T10610] syz.0.1553: attempt to access beyond end of device [ 440.272020][T10610] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 440.281367][T10474] team0: Port device team_slave_0 added [ 440.299088][T10474] team0: Port device team_slave_1 added [ 440.310370][T10610] Mount JFS Failure: -5 [ 440.505162][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.511564][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.810470][T10606] team0: Port device team_slave_0 removed [ 440.838308][T10474] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 440.864078][T10474] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 440.913088][T10474] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 440.940481][T10474] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 440.963703][T10474] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 441.005051][T10474] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 441.029058][T10505] bridge0: port 1(bridge_slave_0) entered blocking state [ 441.049152][T10505] bridge0: port 1(bridge_slave_0) entered disabled state [ 441.066543][T10505] bridge_slave_0: entered allmulticast mode [ 441.085717][T10505] bridge_slave_0: entered promiscuous mode [ 441.095164][T10624] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 441.106200][T10505] bridge0: port 2(bridge_slave_1) entered blocking state [ 441.123846][T10505] bridge0: port 2(bridge_slave_1) entered disabled state [ 441.131202][T10505] bridge_slave_1: entered allmulticast mode [ 441.155988][T10505] bridge_slave_1: entered promiscuous mode [ 441.177044][T10624] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 441.465916][ T5105] Bluetooth: hci2: command tx timeout [ 441.483609][ T29] audit: type=1804 audit(1719911103.377:251): pid=10623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1556" name="/root/syzkaller.EWp4ri/80/cgroup.controllers" dev="sda1" ino=2064 res=1 errno=0 [ 441.549368][ T1101] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.707232][T10474] hsr_slave_0: entered promiscuous mode [ 441.720011][T10474] hsr_slave_1: entered promiscuous mode [ 441.736050][T10474] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 441.753598][T10474] Cannot create hsr debugfs directory [ 441.772784][T10505] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 441.840265][ C1] vxcan0: j1939_tp_rxtimer: 0xffff888062324000: rx timeout, send abort [ 441.854021][ C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff888062324000: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 441.897098][ T1101] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.015854][T10505] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 442.120549][ T1101] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.265512][T10633] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1560'. [ 442.478006][T10638] syz.0.1562: attempt to access beyond end of device [ 442.478006][T10638] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 442.500382][T10638] syz.0.1562: attempt to access beyond end of device [ 442.500382][T10638] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 442.513842][T10638] Mount JFS Failure: -5 [ 442.614999][T10505] team0: Port device team_slave_0 added [ 443.037251][ T1101] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.148388][T10505] team0: Port device team_slave_1 added [ 443.405439][T10505] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 443.432885][T10505] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 443.490250][T10652] affs: No valid root block on device nbd0 [ 443.503080][T10505] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 443.531264][T10505] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 443.550569][T10505] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 443.630444][T10505] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 443.977401][T10505] hsr_slave_0: entered promiscuous mode [ 444.020683][T10505] hsr_slave_1: entered promiscuous mode [ 444.040654][T10505] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 444.049542][T10505] Cannot create hsr debugfs directory [ 444.056568][T10661] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1571'. [ 444.318019][T10668] netlink: 'syz.1.1574': attribute type 23 has an invalid length. [ 445.193654][ T1101] bridge_slave_1: left allmulticast mode [ 445.205494][ T1101] bridge_slave_1: left promiscuous mode [ 445.221921][ T1101] bridge0: port 2(bridge_slave_1) entered disabled state [ 445.284980][ T1101] bridge_slave_0: left allmulticast mode [ 445.290847][ T1101] bridge_slave_0: left promiscuous mode [ 445.296732][ T1101] bridge0: port 1(bridge_slave_0) entered disabled state [ 446.616090][ T1101] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 446.629015][ T1101] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 446.646887][ T1101] bond0 (unregistering): Released all slaves [ 447.242244][T10694] loop0: detected capacity change from 0 to 256 [ 447.353478][T10694] loop0: detected capacity change from 256 to 0 [ 447.464106][ T1101] hsr_slave_0: left promiscuous mode [ 447.503109][ T1101] hsr_slave_1: left promiscuous mode [ 447.521093][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 447.530007][T10699] syz.0.1584: attempt to access beyond end of device [ 447.530007][T10699] loop0: rw=0, sector=12, nr_sectors = 4 limit=0 [ 447.564963][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 447.572295][T10699] FAT-fs (loop0): unable to read inode block for updating (i_pos 202) [ 447.604404][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 447.612084][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 447.671967][ T1101] veth1_macvtap: left promiscuous mode [ 447.678012][ T1101] veth0_macvtap: left promiscuous mode [ 447.683810][ T1101] veth1_vlan: left promiscuous mode [ 447.689183][ T1101] veth0_vlan: left promiscuous mode [ 447.746449][ T9571] syz-executor: attempt to access beyond end of device [ 447.746449][ T9571] loop0: rw=0, sector=12, nr_sectors = 4 limit=0 [ 447.774431][ T9571] FAT-fs (loop0): Directory bread(block 3) failed [ 447.973789][ T9571] syz-executor: attempt to access beyond end of device [ 447.973789][ T9571] loop0: rw=2049, sector=0, nr_sectors = 4 limit=0 [ 448.041421][ T9571] Buffer I/O error on dev loop0, logical block 0, lost sync page write [ 449.292749][ T1101] team0 (unregistering): Port device team_slave_1 removed [ 449.362886][ T1101] team0 (unregistering): Port device team_slave_0 removed [ 450.455622][T10718] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1594'. [ 450.589442][T10474] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 450.675240][T10474] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 450.888091][T10474] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 450.900808][T10725] loop3: detected capacity change from 0 to 256 [ 450.936162][T10474] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 451.063729][T10725] loop3: detected capacity change from 256 to 0 [ 451.115884][T10724] loop1: detected capacity change from 0 to 8192 [ 451.164370][T10724] REISERFS warning (device loop1): jmacd-7 reiserfs_fill_super: resize option for remount only [ 451.184782][T10726] syz.3.1599: attempt to access beyond end of device [ 451.184782][T10726] loop3: rw=0, sector=12, nr_sectors = 4 limit=0 [ 451.226123][T10726] FAT-fs (loop3): unable to read inode block for updating (i_pos 202) [ 451.420961][T10171] syz-executor: attempt to access beyond end of device [ 451.420961][T10171] loop3: rw=0, sector=12, nr_sectors = 4 limit=0 [ 451.458627][T10171] FAT-fs (loop3): Directory bread(block 3) failed [ 451.529721][T10171] syz-executor: attempt to access beyond end of device [ 451.529721][T10171] loop3: rw=0, sector=0, nr_sectors = 4 limit=0 [ 451.607301][T10171] FAT-fs (loop3): unable to read boot sector to mark fs as dirty [ 451.722299][ T1101] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 451.734341][ T5097] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 451.762842][ T5097] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 451.778659][ T5097] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 451.945585][ T5097] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 451.962102][ T5097] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 451.973494][ T5097] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 452.637283][ T1101] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.852272][ T1101] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.046484][ T1101] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.149199][T10740] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1606'. [ 453.189523][T10505] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 453.266304][T10474] 8021q: adding VLAN 0 to HW filter on device bond0 [ 453.323065][T10505] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 453.345492][ T5105] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 453.361208][ T5105] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 453.370795][ T5105] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 453.378809][T10505] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 453.386710][ T5105] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 453.401364][ T5105] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 453.403836][T10505] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 453.415526][ T5105] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 453.501004][T10474] 8021q: adding VLAN 0 to HW filter on device team0 [ 453.629722][T10745] syzkaller0: entered allmulticast mode [ 453.693133][ T8311] bridge0: port 1(bridge_slave_0) entered blocking state [ 453.700408][ T8311] bridge0: port 1(bridge_slave_0) entered forwarding state [ 453.741827][ T1101] bridge_slave_1: left allmulticast mode [ 453.749512][ T1101] bridge_slave_1: left promiscuous mode [ 453.755770][ T1101] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.768769][ T1101] bridge_slave_0: left allmulticast mode [ 453.774838][ T1101] bridge_slave_0: left promiscuous mode [ 453.780641][ T1101] bridge0: port 1(bridge_slave_0) entered disabled state [ 454.103725][ T5105] Bluetooth: hci1: command tx timeout [ 454.357318][ T1101] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 454.369122][ T1101] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 454.390296][ T1101] bond0 (unregistering): Released all slaves [ 455.537493][ T5105] Bluetooth: hci3: command tx timeout [ 456.183428][ T5105] Bluetooth: hci1: command tx timeout [ 457.617513][ T5105] Bluetooth: hci3: command tx timeout [ 457.854878][ T8306] bridge0: port 2(bridge_slave_1) entered blocking state [ 457.862116][ T8306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 458.007184][T10505] 8021q: adding VLAN 0 to HW filter on device bond0 [ 458.030489][T10731] chnl_net:caif_netlink_parms(): no params data found [ 458.255005][ T5105] Bluetooth: hci1: command tx timeout [ 458.884358][T10505] 8021q: adding VLAN 0 to HW filter on device team0 [ 458.946262][ T1101] hsr_slave_0: left promiscuous mode [ 458.957085][ T1101] hsr_slave_1: left promiscuous mode [ 458.966565][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 458.997398][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 459.023010][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 459.031883][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 459.067912][ T1101] veth1_macvtap: left promiscuous mode [ 459.074340][ T1101] veth0_macvtap: left promiscuous mode [ 459.080062][ T1101] veth1_vlan: left promiscuous mode [ 459.090485][ T1101] veth0_vlan: left promiscuous mode [ 459.158164][T10761] loop1: detected capacity change from 0 to 4096 [ 459.175355][T10761] ntfs3: Unknown parameter '00000000000000000000003 [ 459.175355][T10761] #ñÍÒâêÆä:÷¯!‹…µÃ†¨Î˜%¸ŒËà²íA æm9ÒôT¢w^è›Ú¼!Y4B!ˆfª§HNÛÉ' [ 459.743551][ T5105] Bluetooth: hci3: command tx timeout [ 460.354033][ T5105] Bluetooth: hci1: command tx timeout [ 461.541713][ T1101] team0 (unregistering): Port device team_slave_1 removed [ 461.697322][ T1101] team0 (unregistering): Port device team_slave_0 removed [ 461.773422][ T5097] Bluetooth: hci3: command tx timeout [ 461.834718][ T29] audit: type=1800 audit(1719911123.717:252): pid=10772 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1612" name="bus" dev="sda1" ino=2061 res=0 errno=0 [ 462.574317][ T5151] bridge0: port 1(bridge_slave_0) entered blocking state [ 462.581524][ T5151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 462.647315][ T5151] bridge0: port 2(bridge_slave_1) entered blocking state [ 462.654577][ T5151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 462.686420][T10731] bridge0: port 1(bridge_slave_0) entered blocking state [ 462.712229][T10731] bridge0: port 1(bridge_slave_0) entered disabled state [ 462.734089][T10731] bridge_slave_0: entered allmulticast mode [ 462.744140][T10731] bridge_slave_0: entered promiscuous mode [ 462.765567][T10731] bridge0: port 2(bridge_slave_1) entered blocking state [ 462.784579][T10731] bridge0: port 2(bridge_slave_1) entered disabled state [ 462.791909][T10731] bridge_slave_1: entered allmulticast mode [ 462.815216][T10731] bridge_slave_1: entered promiscuous mode [ 463.098646][T10731] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 463.126448][T10731] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 463.239419][T10474] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 463.291893][T10783] syzkaller0: entered allmulticast mode [ 463.308041][T10731] team0: Port device team_slave_0 added [ 463.322813][T10731] team0: Port device team_slave_1 added [ 463.378309][T10743] chnl_net:caif_netlink_parms(): no params data found [ 463.602607][T10731] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 463.610413][T10731] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 463.653433][T10731] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 463.667815][T10731] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 463.674948][T10731] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 463.703047][T10731] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 466.951981][T10731] hsr_slave_0: entered promiscuous mode [ 466.965385][T10731] hsr_slave_1: entered promiscuous mode [ 466.985002][T10731] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 467.004320][T10731] Cannot create hsr debugfs directory [ 467.011370][T10743] bridge0: port 1(bridge_slave_0) entered blocking state [ 467.029316][T10743] bridge0: port 1(bridge_slave_0) entered disabled state [ 467.047712][T10743] bridge_slave_0: entered allmulticast mode [ 467.062541][T10743] bridge_slave_0: entered promiscuous mode [ 467.082415][T10743] bridge0: port 2(bridge_slave_1) entered blocking state [ 467.100499][T10743] bridge0: port 2(bridge_slave_1) entered disabled state [ 467.112337][T10743] bridge_slave_1: entered allmulticast mode [ 467.123594][T10743] bridge_slave_1: entered promiscuous mode [ 467.165128][T10505] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 467.756172][T10743] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 467.805062][T10743] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 467.950842][T10743] team0: Port device team_slave_0 added [ 467.979812][T10474] veth0_vlan: entered promiscuous mode [ 468.078345][ T1101] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 468.137828][T10743] team0: Port device team_slave_1 added [ 468.320897][T10801] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 468.412054][ T1101] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 468.498881][T10474] veth1_vlan: entered promiscuous mode [ 468.536423][T10743] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 468.553515][T10743] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 468.580607][T10743] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 468.602392][T10743] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 468.610950][T10743] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 468.637883][T10743] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 468.689038][ T1101] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 468.830258][ T1101] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.051327][T10743] hsr_slave_0: entered promiscuous mode [ 469.067492][T10743] hsr_slave_1: entered promiscuous mode [ 469.077572][T10743] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 469.090990][T10809] loop1: detected capacity change from 0 to 1024 [ 469.093539][T10743] Cannot create hsr debugfs directory [ 469.141129][T10809] hfsplus: Filesystem is marked locked, mounting read-only. [ 469.179718][T10809] hfsplus: invalid catalog entry type in lookup [ 469.356990][T10474] veth0_macvtap: entered promiscuous mode [ 469.445186][T10474] veth1_macvtap: entered promiscuous mode [ 469.610628][T10505] veth0_vlan: entered promiscuous mode [ 469.746433][T10820] loop1: detected capacity change from 0 to 4096 [ 469.777318][T10820] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 469.827312][T10820] ntfs3: loop1: Failed to initialize $Extend/$Reparse. [ 469.846683][T10474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 469.859601][T10474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.869594][T10474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 469.880319][T10474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.890697][T10474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 469.901303][T10474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.918374][T10474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 469.928992][T10474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.945267][T10474] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 470.030790][ T1101] bridge_slave_1: left allmulticast mode [ 470.046692][ T1101] bridge_slave_1: left promiscuous mode [ 470.052551][ T1101] bridge0: port 2(bridge_slave_1) entered disabled state [ 470.100007][ T1101] bridge_slave_0: left allmulticast mode [ 470.112266][ T1101] bridge_slave_0: left promiscuous mode [ 470.118400][ T1101] bridge0: port 1(bridge_slave_0) entered disabled state [ 470.379997][ T8] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 470.593413][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 470.616151][ T8] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 470.624810][ T8] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 470.634649][ T8] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 470.644528][ T8] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 470.654630][ T8] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 470.669149][ T8] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 470.678308][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.733910][ T1101] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 470.750833][ T1101] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 470.764512][ T1101] bond0 (unregistering): Released all slaves [ 470.882732][T10474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 470.901573][T10474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.912324][ T8] usb 2-1: GET_CAPABILITIES returned 0 [ 470.917963][ T8] usbtmc 2-1:16.0: can't read capabilities [ 470.924706][T10474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 470.944456][T10474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.954889][T10474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 470.967795][T10474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.992589][T10474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 471.003773][T10474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 471.015845][T10474] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 471.069028][T10505] veth1_vlan: entered promiscuous mode [ 471.101882][T10474] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.110883][T10474] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.130436][T10474] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.143547][T10474] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.187436][ T5151] usb 2-1: USB disconnect, device number 16 [ 471.419622][ T1101] hsr_slave_0: left promiscuous mode [ 471.426051][ T1101] hsr_slave_1: left promiscuous mode [ 471.432215][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 471.445002][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 471.461863][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 471.469417][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 471.501107][ T1101] veth1_macvtap: left promiscuous mode [ 471.507983][ T1101] veth0_macvtap: left promiscuous mode [ 471.513899][ T1101] veth1_vlan: left promiscuous mode [ 471.519446][ T1101] veth0_vlan: left promiscuous mode [ 472.412150][ T1101] team0 (unregistering): Port device team_slave_1 removed [ 473.265284][T10505] veth0_macvtap: entered promiscuous mode [ 473.361239][T10505] veth1_macvtap: entered promiscuous mode [ 473.409894][ T2900] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 473.420658][ T2900] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 473.602771][T10505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 473.633837][T10505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 473.645772][T10505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 473.658538][T10505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 473.680016][T10505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 473.704609][T10505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 473.723347][T10505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 473.743324][T10505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 473.766092][T10505] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 473.809756][T10505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 473.843506][T10505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 473.862797][T10505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 473.883321][T10505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 473.903024][T10505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 473.923326][T10505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 473.943337][T10505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 473.963341][T10505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 473.998874][T10505] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 474.006698][T10731] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 474.021554][T10731] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 474.028729][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 474.068728][T10505] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 474.073624][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 474.095091][T10505] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 474.104209][T10505] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 474.112939][T10505] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 474.182029][T10731] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 474.202980][T10731] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 474.274339][T10837] loop1: detected capacity change from 0 to 32768 [ 474.337641][T10837] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 474.493519][T10837] XFS (loop1): Ending clean mount [ 474.512270][T10837] XFS (loop1): Quotacheck needed: Please wait. [ 474.583646][ T2848] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 474.591755][T10743] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 474.613570][ T2848] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 474.667896][T10837] XFS (loop1): Quotacheck: Done. [ 474.689111][T10743] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 474.722354][T10743] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 474.784600][ T2848] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 474.796221][ T9641] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 474.819264][ T2848] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 474.840229][T10743] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 474.961096][T10850] fuse: Bad value for 'fd' [ 475.047100][T10731] 8021q: adding VLAN 0 to HW filter on device bond0 [ 475.132780][T10731] 8021q: adding VLAN 0 to HW filter on device team0 [ 475.172352][ T8318] bridge0: port 1(bridge_slave_0) entered blocking state [ 475.179714][ T8318] bridge0: port 1(bridge_slave_0) entered forwarding state [ 475.226630][ T8318] bridge0: port 2(bridge_slave_1) entered blocking state [ 475.233890][ T8318] bridge0: port 2(bridge_slave_1) entered forwarding state [ 475.411905][T10743] 8021q: adding VLAN 0 to HW filter on device bond0 [ 475.456749][T10743] 8021q: adding VLAN 0 to HW filter on device team0 [ 475.466300][T10855] loop2: detected capacity change from 0 to 256 [ 475.491184][ T8308] bridge0: port 1(bridge_slave_0) entered blocking state [ 475.498467][ T8308] bridge0: port 1(bridge_slave_0) entered forwarding state [ 475.511522][T10855] FAT-fs (loop2): Unrecognized mount option "uni_xlate=" or missing value [ 475.561348][ T8311] bridge0: port 2(bridge_slave_1) entered blocking state [ 475.568628][ T8311] bridge0: port 2(bridge_slave_1) entered forwarding state [ 475.954925][T10731] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 476.183188][T10731] veth0_vlan: entered promiscuous mode [ 476.234619][ T5151] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 476.247259][T10731] veth1_vlan: entered promiscuous mode [ 476.387150][T10743] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 476.399478][T10731] veth0_macvtap: entered promiscuous mode [ 476.429874][T10731] veth1_macvtap: entered promiscuous mode [ 476.448738][ T5151] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 476.479043][ T5151] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 476.515071][ T5151] usb 3-1: Product: syz [ 476.530097][ T5151] usb 3-1: Manufacturer: syz [ 476.534545][T10731] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 476.550383][ T5151] usb 3-1: SerialNumber: syz [ 476.567349][T10731] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.569739][ T5151] usb 3-1: config 0 descriptor?? [ 476.584027][T10731] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 476.613493][T10731] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.636145][T10731] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 476.663409][T10731] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.683447][T10731] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 476.714827][T10731] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.728806][T10731] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 476.753339][T10731] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.815828][T10731] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 476.837898][T10731] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 476.863470][T10731] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.874162][ T5151] usb 3-1: USB disconnect, device number 9 [ 476.895574][T10731] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 476.941917][T10731] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.972777][T10731] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 477.010335][T10731] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.026231][T10731] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 477.061938][T10731] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.082288][T10731] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 477.101600][T10731] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.142494][T10731] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 477.197222][T10731] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.224409][T10731] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.244795][T10731] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.262436][T10731] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.338223][T10743] veth0_vlan: entered promiscuous mode [ 477.408333][T10743] veth1_vlan: entered promiscuous mode [ 477.416706][T10876] loop4: detected capacity change from 0 to 32768 [ 477.454112][ T8316] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 477.510755][T10876] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 477.578424][ T2848] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 477.605121][ T2848] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 477.618080][T10743] veth0_macvtap: entered promiscuous mode [ 477.642011][T10876] XFS (loop4): Ending clean mount [ 477.647549][ T8316] usb 2-1: Using ep0 maxpacket: 8 [ 477.657631][T10743] veth1_macvtap: entered promiscuous mode [ 477.671548][ T8316] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 477.700551][ T8316] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 477.731132][ T8316] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 477.742468][T10876] XFS (loop4): Quotacheck needed: Please wait. [ 477.764643][ T8316] usb 2-1: config 250 has no interface number 0 [ 477.771004][ T8316] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 477.789781][ T2848] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 477.808646][ T2848] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 477.831615][T10743] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 477.842643][ T8316] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 477.864414][ T8316] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 26 [ 477.873331][T10743] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.884927][ T8316] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 477.884973][ T8316] usb 2-1: config 250 interface 228 has no altsetting 0 [ 477.891672][ T8316] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 477.951430][ T8316] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 477.960340][T10876] XFS (loop4): Quotacheck: Done. [ 477.969942][T10743] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 477.986232][ T8316] usb 2-1: Product: syz [ 478.001068][ T8316] usb 2-1: SerialNumber: syz [ 478.008813][T10743] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 478.019999][T10743] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 478.032739][T10743] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 478.044097][T10743] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 478.056819][ T8316] hub 2-1:250.228: bad descriptor, ignoring hub [ 478.060947][T10743] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 478.073438][T10743] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 478.083479][ T8316] hub 2-1:250.228: probe with driver hub failed with error -5 [ 478.087920][T10743] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 478.109649][T10743] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 478.138912][T10743] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 478.151938][T10743] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 478.167142][T10505] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 478.180437][T10743] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 478.216527][T10743] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 478.240230][ T8316] usblp 2-1:250.228: usblp0: USB Bidirectional printer dev 17 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 478.276240][T10743] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 478.293509][T10743] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 478.317602][T10743] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 478.333159][T10743] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 478.366847][T10743] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 478.387667][T10743] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 478.406294][T10743] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 478.426778][T10743] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 478.446045][T10743] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 478.468696][T10743] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 478.567491][T10743] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 478.756956][T10900] overlayfs: missing 'lowerdir' [ 478.814207][T10743] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 478.814884][T10896] ipt_ECN: cannot use operation on non-tcp rule [ 478.823048][T10743] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 478.851359][T10900] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 478.896682][T10900] loop4: detected capacity change from 0 to 1024 [ 478.906476][T10743] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 478.926816][T10743] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 479.015576][T10900] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 479.140060][ C1] usblp0: nonzero read bulk status received: -71 [ 479.152058][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 479.220621][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 479.300152][ T2900] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 479.358242][ T2900] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 479.623967][ T5151] usb 2-1: USB disconnect, device number 17 [ 479.685214][ T5151] usblp0: removed [ 479.935657][T10922] loop3: detected capacity change from 0 to 4096 [ 479.985214][T10922] ntfs3: loop3: ino=3, Correct links count -> 2. [ 480.314186][T10922] ntfs3: loop3: failed to convert "0080" to cp874 [ 480.378730][T10922] ntfs3: loop3: failed to convert name for inode 1e. [ 480.817686][T10939] loop2: detected capacity change from 0 to 4096 [ 480.835631][T10939] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 480.925001][T10939] ntfs3: loop2: Failed to initialize $Extend/$Reparse. [ 481.048591][T10952] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1658'. [ 481.151187][T10955] loop3: detected capacity change from 0 to 256 [ 481.186674][T10955] exfat: Unknown parameter 'V¿B]ÍÏ|t' [ 481.228315][T10956] batadv0: entered promiscuous mode [ 481.285594][T10955] loop3: detected capacity change from 0 to 256 [ 481.316781][T10958] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 481.355651][T10955] exFAT-fs (loop3): bogus fat length [ 481.361021][T10955] exFAT-fs (loop3): failed to read boot sector [ 481.423774][T10955] exFAT-fs (loop3): failed to recognize exfat type [ 482.958621][T10982] loop0: detected capacity change from 0 to 1024 [ 483.077788][T10982] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 483.177358][T10505] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 483.224737][ T29] audit: type=1326 audit(1719911145.107:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10981 comm="syz.0.1673" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2929175b99 code=0x0 [ 484.599772][T10731] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 484.673840][T11000] netlink: 'syz.4.1678': attribute type 38 has an invalid length. [ 484.681826][T11000] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1678'. [ 485.916061][T11012] overlayfs: missing 'lowerdir' [ 486.068378][T11012] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 486.179128][T11012] loop3: detected capacity change from 0 to 1024 [ 486.209718][T11012] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 487.753665][T11051] EXT4-fs warning (device sda1): verify_group_input:167: Cannot read last block (266238) [ 487.952226][T11052] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1691'. [ 488.428154][T11055] loop4: detected capacity change from 0 to 4096 [ 488.807381][T11055] ntfs3: loop4: Different NTFS sector size (2048) and media sector size (512). [ 489.185085][T11055] ntfs3: loop4: Failed to load $Bitmap (-22). [ 489.744713][ T4546] udevd[4546]: worker [10793] terminated by signal 33 (Unknown signal 33) [ 489.787083][ T4546] udevd[4546]: worker [10793] failed while handling '/devices/virtual/block/loop0' [ 489.813021][T11074] loop2: detected capacity change from 0 to 16 [ 489.828134][T11074] erofs: (device loop2): mounted with root inode @ nid 36. [ 490.431425][T11085] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 490.478471][T11085] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1700'. [ 491.870957][T10743] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 491.894264][T11091] loop2: detected capacity change from 0 to 1024 [ 491.943768][ T5097] Bluetooth: hci0: unexpected event for opcode 0x0411 [ 492.025123][T11095] loop1: detected capacity change from 0 to 1764 [ 492.119905][T11095] iso9660: Unknown parameter 'pocharset' [ 494.513281][ C1] sched: RT throttling activated [ 495.300865][ T2835] hfsplus: b-tree write err: -5, ino 4 [ 495.671766][ T5097] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 495.686910][ T5097] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 495.704467][ T5097] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 495.715426][ T5097] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 495.743720][ T5097] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 495.761221][ T5097] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 495.886038][ T2900] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 496.036139][ T5097] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 496.046231][ T5097] Bluetooth: hci0: Injecting HCI hardware error event [ 496.061035][ T5105] Bluetooth: hci0: hardware error 0x00 [ 497.533424][ T2900] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 497.860049][ T5097] Bluetooth: hci2: command tx timeout [ 497.884892][ T2900] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 498.173628][ T5105] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 499.084815][ T2900] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 499.100357][T11151] loop0: detected capacity change from 0 to 1024 [ 499.224781][T11157] overlayfs: missing 'lowerdir' [ 499.299727][T11158] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 499.342036][ T11] hfsplus: b-tree write err: -5, ino 4 [ 499.400247][T11157] loop2: detected capacity change from 0 to 1024 [ 499.459111][T11115] chnl_net:caif_netlink_parms(): no params data found [ 499.532870][T11157] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 499.996731][ T5105] Bluetooth: hci2: command tx timeout [ 501.087731][T11115] bridge0: port 1(bridge_slave_0) entered blocking state [ 501.118901][T11115] bridge0: port 1(bridge_slave_0) entered disabled state [ 501.142320][T11115] bridge_slave_0: entered allmulticast mode [ 501.166527][T11115] bridge_slave_0: entered promiscuous mode [ 501.312188][T11115] bridge0: port 2(bridge_slave_1) entered blocking state [ 501.339795][T11115] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.369930][T11115] bridge_slave_1: entered allmulticast mode [ 501.400691][T11115] bridge_slave_1: entered promiscuous mode [ 501.501976][ T2900] bridge_slave_1: left allmulticast mode [ 501.531598][ T2900] bridge_slave_1: left promiscuous mode [ 501.550836][ T2900] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.634281][ T2900] bridge_slave_0: left allmulticast mode [ 501.667537][ T2900] bridge_slave_0: left promiscuous mode [ 501.725340][ T2900] bridge0: port 1(bridge_slave_0) entered disabled state [ 501.838025][T11197] loop0: detected capacity change from 0 to 1024 [ 501.912439][T11197] hfsplus: request for non-existent node 33423360 in B*Tree [ 501.927525][T11197] hfsplus: request for non-existent node 33423360 in B*Tree [ 501.945450][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.965256][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.013521][ T5105] Bluetooth: hci2: command tx timeout [ 502.168875][T11202] loop3: detected capacity change from 0 to 1024 [ 502.831154][T10474] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 503.422673][T11212] loop0: detected capacity change from 0 to 40427 [ 503.436795][T11212] F2FS-fs (loop0): invalid crc value [ 503.470246][T11212] F2FS-fs (loop0): Found nat_bits in checkpoint [ 503.563689][T11212] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 504.093529][ T5105] Bluetooth: hci2: command tx timeout [ 505.140911][T11222] syz.0.1743: attempt to access beyond end of device [ 505.140911][T11222] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 505.822259][T11222] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 506.613557][ T2900] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 506.646116][ T2900] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 506.672841][ T2900] bond0 (unregistering): Released all slaves [ 506.722073][T11228] loop1: detected capacity change from 0 to 1764 [ 506.749693][T11228] iso9660: Unknown parameter 'pocharset' [ 506.855250][T11115] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 507.067895][ C0] DEBUG: holding rtnl_mutex for 505 jiffies. [ 507.074002][ C0] task:kworker/1:11 state:R running task stack:23680 pid:8317 tgid:8317 ppid:2 flags:0x00004000 [ 507.085870][ C0] Workqueue: events linkwatch_event [ 507.091137][ C0] Call Trace: [ 507.094496][ C0] [ 507.097560][ C0] __schedule+0x1800/0x4a60 [ 507.102182][ C0] ? __pfx___schedule+0x10/0x10 [ 507.107304][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 507.113418][ C0] ? __pfx_lock_release+0x10/0x10 [ 507.118515][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 507.123887][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 507.129153][ C0] ? schedule+0x90/0x320 [ 507.133480][ C0] schedule+0x14b/0x320 [ 507.137702][ C0] synchronize_rcu_expedited+0x684/0x830 [ 507.143459][ C0] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 507.149728][ C0] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 507.155128][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 507.160543][ C0] ? __pfx_autoremove_wake_function+0x10/0x10 [ 507.166724][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 507.172588][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 507.177901][ C0] dev_deactivate_many+0x4a7/0xb10 [ 507.183076][ C0] ? dev_deactivate_many+0x250/0xb10 [ 507.188454][ C0] dev_deactivate+0x184/0x280 [ 507.193195][ C0] ? __pfx_dev_deactivate+0x10/0x10 [ 507.198499][ C0] ? veth_get_iflink+0x25/0x260 [ 507.203531][ C0] ? rfc2863_policy+0x1d7/0x300 [ 507.208439][ C0] linkwatch_do_dev+0x10a/0x170 [ 507.213386][ C0] __linkwatch_run_queue+0x44f/0x6c0 [ 507.218759][ C0] ? __pfx___linkwatch_run_queue+0x10/0x10 [ 507.224665][ C0] ? get_rtnl_holder+0x144/0x190 [ 507.229659][ C0] ? process_scheduled_works+0x945/0x1830 [ 507.235517][ C0] linkwatch_event+0x4c/0x60 [ 507.240250][ C0] process_scheduled_works+0xa2c/0x1830 [ 507.245926][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 507.251976][ C0] ? assign_work+0x364/0x3d0 [ 507.256675][ C0] worker_thread+0x86d/0xd40 [ 507.261340][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 507.267331][ C0] ? __kthread_parkme+0x169/0x1d0 [ 507.272443][ C0] ? __pfx_worker_thread+0x10/0x10 [ 507.277662][ C0] kthread+0x2f0/0x390 [ 507.281821][ C0] ? __pfx_worker_thread+0x10/0x10 [ 507.287035][ C0] ? __pfx_kthread+0x10/0x10 [ 507.291704][ C0] ret_from_fork+0x4b/0x80 [ 507.296221][ C0] ? __pfx_kthread+0x10/0x10 [ 507.300874][ C0] ret_from_fork_asm+0x1a/0x30 [ 507.305752][ C0] [ 507.308865][ C0] [ 507.308865][ C0] Showing all locks held in the system: [ 507.316736][ C0] 1 lock held by pool_workqueue_/3: [ 507.321971][ C0] #0: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 507.333009][ C0] 2 locks held by kworker/u8:3/48: [ 507.338210][ C0] 2 locks held by kworker/u8:4/62: [ 507.343484][ C0] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 507.355298][ C0] #1: ffffc900015dfd00 ((reaper_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 507.366172][ C0] 2 locks held by kworker/u8:7/2835: [ 507.371592][ C0] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 507.383372][ C0] #1: ffffc900097b7d00 (connector_reaper_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 507.394480][ C0] 4 locks held by kworker/u8:9/2900: [ 507.400071][ C0] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 507.411105][ C0] #1: ffffc90009a57d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 507.421787][ C0] #2: ffffffff8f5f2190 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 507.431344][ C0] #3: ffffffff8e33ab00 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x4c/0x530 [ 507.441407][ C0] 2 locks held by getty/4849: [ 507.446146][ C0] #0: ffff88802ac8a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 507.456036][ C0] #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 507.466279][ C0] 3 locks held by kworker/0:11/8308: [ 507.471630][ C0] 4 locks held by kworker/1:11/8317: [ 507.477052][ C0] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 507.488572][ C0] #1: ffffc900020bfd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 507.499650][ C0] #2: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 507.508727][ C0] #3: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 507.519756][ C0] 1 lock held by syz-executor/11115: [ 507.525118][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 507.534750][ C0] 1 lock held by syz.3.1738/11202: [ 507.539927][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 507.549539][ C0] 1 lock held by syz.2.1745/11225: [ 507.554718][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: xsk_bind+0x151/0xdc0 [ 507.563726][ C0] 4 locks held by vhost-11228/11229: [ 507.569030][ C0] #0: ffff888072070258 (&vq->mutex){+.+.}-{3:3}, at: vhost_transport_do_send_pkt+0xaf/0x1400 [ 507.579379][ C0] #1: ffff888011562798 (&mm->mmap_lock){++++}-{3:3}, at: __gup_longterm_locked+0xd11/0x17d0 [ 507.589698][ C0] #2: ffffc90000007c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 507.599932][ C0] #3: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 507.609926][ C0] [ 507.612256][ C0] ============================================= [ 507.612256][ C0] [ 507.674009][ T2848] hfsplus: b-tree write err: -5, ino 4 [ 507.686653][T11115] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 508.055659][T11239] loop1: detected capacity change from 0 to 256 [ 508.093698][T11241] overlayfs: missing 'lowerdir' [ 508.119657][T11241] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 508.626670][T11245] loop0: detected capacity change from 0 to 4096 [ 508.731957][T11245] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 508.904169][T11245] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 508.943599][T11245] ntfs3: loop0: Failed to load $Extend (-22). [ 508.949789][T11245] ntfs3: loop0: Failed to initialize $Extend. [ 508.965246][T11245] ntfs3: loop0: Failed to load root (-22). [ 509.021403][T11246] loop3: detected capacity change from 0 to 1024 [ 509.044066][T11115] team0: Port device team_slave_0 added [ 509.111394][T11115] team0: Port device team_slave_1 added [ 509.147394][T11246] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 509.596322][T11115] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 509.635599][T11115] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 509.732161][T11115] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 509.942719][T11115] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 509.988647][T11115] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 510.014728][ C1] vkms_vblank_simulate: vblank timer overrun [ 510.065697][T11115] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 510.084831][T11276] loop1: detected capacity change from 0 to 1024 [ 510.150080][ T2900] hsr_slave_0: left promiscuous mode [ 510.197971][ T2900] hsr_slave_1: left promiscuous mode [ 510.234658][ T2900] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 510.249847][ T2900] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 510.304691][ T2900] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 510.330573][T11280] loop0: detected capacity change from 0 to 1024 [ 510.333974][ T2900] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 510.452998][ T2900] veth1_macvtap: left promiscuous mode [ 510.483502][ T2900] veth0_macvtap: left promiscuous mode [ 510.489267][ T2900] veth1_vlan: left promiscuous mode [ 510.496012][ T2835] hfsplus: b-tree write err: -5, ino 4 [ 510.520779][ T2900] veth0_vlan: left promiscuous mode [ 510.781950][T11283] loop1: detected capacity change from 0 to 4096 [ 511.540553][T10743] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 512.264311][T11290] loop3: detected capacity change from 0 to 2048 [ 512.364606][T11290] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 513.355042][T11298] loop1: detected capacity change from 0 to 4096 [ 513.397600][T11298] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 513.609610][T11298] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 513.618949][T11298] ntfs3: loop1: Failed to load $Extend (-22). [ 513.625304][T11298] ntfs3: loop1: Failed to initialize $Extend. [ 513.632046][T11298] ntfs3: loop1: Failed to load root (-22). [ 513.751779][ T2900] team0 (unregistering): Port device team_slave_1 removed [ 513.844215][ T2900] team0 (unregistering): Port device team_slave_0 removed [ 514.632671][T11278] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1756'. [ 514.723859][ T35] hfsplus: b-tree write err: -5, ino 4 [ 514.910706][T11301] loop3: detected capacity change from 0 to 2048 [ 514.948170][T11115] hsr_slave_0: entered promiscuous mode [ 514.972554][T11115] hsr_slave_1: entered promiscuous mode [ 514.991852][T11115] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 514.992946][T11304] loop1: detected capacity change from 0 to 16 [ 515.005500][T11115] Cannot create hsr debugfs directory [ 515.030292][T11304] erofs: (device loop1): mounted with root inode @ nid 36. [ 515.079443][T11304] erofs: (device loop1): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 515.133570][T11304] erofs: (device loop1): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 515.172502][T11304] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 515.192939][T11308] erofs: (device loop1): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 515.316296][T11301] hpfs: filesystem error: improperly stopped; already mounted read-only [ 515.365199][T11301] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 515.417132][T11301] hpfs: filesystem error: sector(s) 'dir_band_bitmap' badly placed at 7b318cc4 [ 516.269153][T11313] loop1: detected capacity change from 0 to 4096 [ 516.465675][ T8316] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 516.477777][T11317] syz_tun: entered allmulticast mode [ 516.686262][ T8316] usb 4-1: Using ep0 maxpacket: 8 [ 516.724227][ T8316] usb 4-1: config 0 has an invalid descriptor of length 192, skipping remainder of the config [ 516.769243][ T8316] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 516.784142][ T8316] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 516.825213][ T8316] usb 4-1: SerialNumber: syz [ 516.856065][ T8316] usb 4-1: config 0 descriptor?? [ 517.144363][ T8316] usb 4-1: Found UVC 0.00 device (05ac:8501) [ 517.177159][ T8316] usb 4-1: No valid video chain found. [ 517.195773][ T8316] usb 4-1: USB disconnect, device number 8 [ 517.297941][T11115] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 517.367922][T11316] syz_tun: left allmulticast mode [ 517.374187][T11115] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 517.400996][T11115] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 517.449714][T11115] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 517.648277][T11329] loop0: detected capacity change from 0 to 1024 [ 517.780937][T11115] 8021q: adding VLAN 0 to HW filter on device bond0 [ 517.808636][ T2848] hfsplus: b-tree write err: -5, ino 4 [ 517.839736][T11115] 8021q: adding VLAN 0 to HW filter on device team0 [ 517.923452][ T8316] bridge0: port 1(bridge_slave_0) entered blocking state [ 517.930705][ T8316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 518.000804][ T8320] bridge0: port 2(bridge_slave_1) entered blocking state [ 518.008086][ T8320] bridge0: port 2(bridge_slave_1) entered forwarding state [ 519.426984][T11346] loop0: detected capacity change from 0 to 4096 [ 519.700231][T11115] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 520.148104][T11361] loop3: detected capacity change from 0 to 2048 [ 520.213426][T11361] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 520.274892][T11361] NILFS (loop3): invalid segment: Checksum error in segment payload [ 520.282984][T11361] NILFS (loop3): unable to fall back to spare super block [ 520.333499][T11361] NILFS (loop3): error -22 while searching super root [ 520.456004][T11115] veth0_vlan: entered promiscuous mode [ 520.493017][T11115] veth1_vlan: entered promiscuous mode [ 520.678365][T11115] veth0_macvtap: entered promiscuous mode [ 520.764014][T11115] veth1_macvtap: entered promiscuous mode [ 520.784429][T11348] loop2: detected capacity change from 0 to 32768 [ 520.804209][T11348] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1782 (11348) [ 520.808734][T11115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 520.933594][ T8320] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 521.012947][T11339] loop1: detected capacity change from 0 to 40427 [ 521.072307][T11115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.423459][ T8320] usb 1-1: Using ep0 maxpacket: 32 [ 521.433929][T11339] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 521.518447][T11115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 521.555146][ T8320] usb 1-1: New USB device found, idVendor=0416, idProduct=a91a, bcdDevice=13.6d [ 521.601807][T11339] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 521.630057][ T8320] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 521.634814][T11115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.653902][T11348] BTRFS info (device loop2): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 521.672420][T11115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 521.674699][ T8320] usb 1-1: Product: syz [ 521.686865][T11115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.693949][T11348] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 521.698888][T11115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 521.717021][T11115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.729030][T11115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 521.740017][T11115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.740115][ T8320] usb 1-1: Manufacturer: syz [ 521.750322][T11115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 521.767821][T11115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.777937][T11339] F2FS-fs (loop1): Found nat_bits in checkpoint [ 521.809403][T11115] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 521.811175][ T8320] usb 1-1: SerialNumber: syz [ 521.832870][T11348] BTRFS info (device loop2): using free-space-tree [ 521.850329][ T8320] usb 1-1: config 0 descriptor?? [ 521.891527][T11115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 521.938690][T11115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.987147][ T8320] usb 1-1: Found UVC 0.00 device syz (0416:a91a) [ 522.004881][T11115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 522.032815][ T8320] usb 1-1: No valid video chain found. [ 522.063422][T11115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.089299][T11115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 522.103055][T11115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.113046][T11115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 522.124369][T11115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.134575][T11115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 522.146499][T11115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.156500][T11115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 522.169274][T11115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.182282][T11115] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 522.207652][ T8320] usb 1-1: USB disconnect, device number 9 [ 522.251422][T11115] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.273621][T11115] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.293357][T11115] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.316565][T11115] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.411026][T10474] BTRFS info (device loop2): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 522.787738][ T2848] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 522.823509][ T2848] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 522.936169][ T2848] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 522.970207][ T2848] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 523.655871][T11415] loop1: detected capacity change from 0 to 256 [ 523.744355][T11415] FAT-fs (loop1): bogus logical sector size 0 [ 523.750622][T11415] FAT-fs (loop1): Can't find a valid FAT filesystem [ 524.719517][T11427] xt_NFQUEUE: number of total queues is 0 [ 525.443911][ T8316] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 525.565308][T11455] loop1: detected capacity change from 0 to 1764 [ 525.587099][T11455] iso9660: Unknown parameter 'pocharset' [ 525.788168][ T8316] usb 4-1: New USB device found, idVendor=0644, idProduct=800f, bcdDevice=8f.45 [ 525.813777][ T8316] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 525.821858][ T8316] usb 4-1: Product: syz [ 525.826588][ T8316] usb 4-1: Manufacturer: syz [ 527.644765][ T8316] usb 4-1: SerialNumber: syz [ 528.633570][ T8316] usb 4-1: config 0 descriptor?? [ 530.976607][ T8311] usb 4-1: USB disconnect, device number 9 [ 531.078153][T11474] loop3: detected capacity change from 0 to 64 [ 531.250597][ T8316] IPVS: starting estimator thread 0... [ 531.264293][T11479] IPVS: wrr: SCTP 127.0.0.1:0 - no destination available [ 531.378536][T11482] IPVS: using max 18 ests per chain, 43200 per kthread [ 531.435467][T11490] netlink: 'syz.3.1821': attribute type 1 has an invalid length. [ 531.444581][T11476] xt_NFQUEUE: number of total queues is 0 [ 532.168878][ T8311] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 532.223369][ T8309] IPVS: starting estimator thread 0... [ 532.324722][T11513] IPVS: using max 21 ests per chain, 50400 per kthread [ 532.371892][ T8311] usb 3-1: New USB device found, idVendor=0644, idProduct=800f, bcdDevice=8f.45 [ 532.399886][ T8311] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 532.443757][ T8311] usb 3-1: Product: syz [ 532.454064][ T8311] usb 3-1: Manufacturer: syz [ 532.465647][ T8311] usb 3-1: SerialNumber: syz [ 532.502114][ T8311] usb 3-1: config 0 descriptor?? [ 532.819027][T11519] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 532.854725][ T8309] usb 3-1: USB disconnect, device number 10 [ 532.889267][ T8311] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 532.909487][T11519] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 533.099130][ T8311] usb 5-1: Using ep0 maxpacket: 8 [ 533.102009][ T5105] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 533.116224][ T8311] usb 5-1: config 17 has an invalid descriptor of length 48, skipping remainder of the config [ 533.134645][ T5105] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 533.144616][ T8311] usb 5-1: config 17 has an invalid descriptor of length 48, skipping remainder of the config [ 533.145053][ T5105] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 533.181523][ T5105] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 533.192174][ T5105] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 533.200012][ T5105] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 533.212194][ T8311] usb 5-1: config 17 has an invalid descriptor of length 48, skipping remainder of the config [ 533.267404][ T8311] usb 5-1: config 17 has an invalid descriptor of length 48, skipping remainder of the config [ 533.280546][ T8311] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 533.290865][ T8311] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 533.302866][ T8311] usb 5-1: SerialNumber: syz [ 533.316114][ T8311] usb 5-1: Found UVC 0.00 device (05ac:8501) [ 533.323041][ T8311] usb 5-1: No valid video chain found. [ 533.452018][T11525] netlink: 'syz.3.1834': attribute type 1 has an invalid length. [ 533.477607][ T2848] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 533.752698][ T2848] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 533.952976][ T8316] usb 5-1: USB disconnect, device number 11 [ 534.000037][T11533] loop0: detected capacity change from 0 to 1024 [ 534.092287][ T2848] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 534.157645][ T62] hfsplus: b-tree write err: -5, ino 4 [ 534.167633][T11545] loop2: detected capacity change from 0 to 64 [ 534.177166][ T8] IPVS: starting estimator thread 0... [ 534.283672][T11546] IPVS: using max 17 ests per chain, 40800 per kthread [ 534.372777][T11548] loop0: detected capacity change from 0 to 256 [ 534.423351][T11548] FAT-fs (loop0): Directory bread(block 64) failed [ 534.445364][T11548] FAT-fs (loop0): Directory bread(block 65) failed [ 534.495588][T11548] FAT-fs (loop0): Directory bread(block 66) failed [ 534.526250][T11548] FAT-fs (loop0): Directory bread(block 67) failed [ 534.532957][T11548] FAT-fs (loop0): Directory bread(block 68) failed [ 534.550090][T11548] FAT-fs (loop0): Directory bread(block 69) failed [ 534.633895][T11548] FAT-fs (loop0): Directory bread(block 70) failed [ 534.640936][T11548] FAT-fs (loop0): Directory bread(block 71) failed [ 534.648383][T11548] FAT-fs (loop0): Directory bread(block 72) failed [ 534.659386][T11548] FAT-fs (loop0): Directory bread(block 73) failed [ 534.675967][T11552] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 534.700028][T11552] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 535.047678][T11520] chnl_net:caif_netlink_parms(): no params data found [ 535.232308][ T2848] bridge_slave_1: left allmulticast mode [ 535.260426][ T2848] bridge_slave_1: left promiscuous mode [ 535.280569][ T2848] bridge0: port 2(bridge_slave_1) entered disabled state [ 535.293954][ T5097] Bluetooth: hci0: command tx timeout [ 535.314848][ T2848] bridge_slave_0: left allmulticast mode [ 535.331495][ T2848] bridge_slave_0: left promiscuous mode [ 535.389653][ T2848] bridge0: port 1(bridge_slave_0) entered disabled state [ 535.601338][T11573] loop2: detected capacity change from 0 to 1024 [ 535.758817][ T12] hfsplus: b-tree write err: -5, ino 4 [ 536.546375][T11588] xt_socket: unknown flags 0xc [ 536.873797][ T2848] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 536.904519][ T2848] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 536.923167][ T2848] bond0 (unregistering): Released all slaves [ 537.121276][T11590] loop0: detected capacity change from 0 to 256 [ 537.315643][T11590] FAT-fs (loop0): Directory bread(block 64) failed [ 537.336383][T11590] FAT-fs (loop0): Directory bread(block 65) failed [ 537.343213][T11590] FAT-fs (loop0): Directory bread(block 66) failed [ 537.371829][T11590] FAT-fs (loop0): Directory bread(block 67) failed [ 537.379112][ T5097] Bluetooth: hci0: command tx timeout [ 537.387622][T11590] FAT-fs (loop0): Directory bread(block 68) failed [ 537.394417][T11590] FAT-fs (loop0): Directory bread(block 69) failed [ 537.404344][T11590] FAT-fs (loop0): Directory bread(block 70) failed [ 537.410930][T11590] FAT-fs (loop0): Directory bread(block 71) failed [ 537.418003][T11590] FAT-fs (loop0): Directory bread(block 72) failed [ 537.426715][T11590] FAT-fs (loop0): Directory bread(block 73) failed [ 537.537221][T11520] bridge0: port 1(bridge_slave_0) entered blocking state [ 537.554151][ T8310] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 537.572792][T11520] bridge0: port 1(bridge_slave_0) entered disabled state [ 537.580398][T11520] bridge_slave_0: entered allmulticast mode [ 537.611095][T11520] bridge_slave_0: entered promiscuous mode [ 537.749959][ T8310] usb 4-1: Using ep0 maxpacket: 8 [ 537.781972][ T8310] usb 4-1: config 17 has an invalid descriptor of length 48, skipping remainder of the config [ 537.796931][T11520] bridge0: port 2(bridge_slave_1) entered blocking state [ 537.809952][ T8310] usb 4-1: config 17 has an invalid descriptor of length 48, skipping remainder of the config [ 537.825961][ T8310] usb 4-1: config 17 has an invalid descriptor of length 48, skipping remainder of the config [ 537.849418][T11520] bridge0: port 2(bridge_slave_1) entered disabled state [ 537.860165][ T8310] usb 4-1: config 17 has an invalid descriptor of length 48, skipping remainder of the config [ 537.864089][T11520] bridge_slave_1: entered allmulticast mode [ 537.893563][ T8310] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 537.895603][T11520] bridge_slave_1: entered promiscuous mode [ 537.908709][ T8310] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 537.908768][ T8310] usb 4-1: SerialNumber: syz [ 537.921190][ T8310] usb 4-1: Found UVC 0.00 device (05ac:8501) [ 537.944222][ T8310] usb 4-1: No valid video chain found. [ 538.072928][T11520] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 538.097652][ T2848] hsr_slave_0: left promiscuous mode [ 538.106877][ T2848] hsr_slave_1: left promiscuous mode [ 538.125947][ T2848] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 538.147890][ T2848] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 538.166688][ T2848] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 538.184045][ T2848] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 538.308838][ T2848] veth1_macvtap: left promiscuous mode [ 538.325618][ T2848] veth0_macvtap: left promiscuous mode [ 538.336963][ T2848] veth1_vlan: left promiscuous mode [ 538.342507][ T2848] veth0_vlan: left promiscuous mode [ 538.376595][T11612] loop0: detected capacity change from 0 to 1024 [ 538.521309][ T62] hfsplus: b-tree write err: -5, ino 4 [ 538.906891][T11624] loop4: detected capacity change from 0 to 256 [ 538.985824][T11625] use of bytesused == 0 is deprecated and will be removed in the future, [ 538.995502][T11624] FAT-fs (loop4): Directory bread(block 64) failed [ 539.007102][T11624] FAT-fs (loop4): Directory bread(block 65) failed [ 539.014267][T11624] FAT-fs (loop4): Directory bread(block 66) failed [ 539.020974][T11624] FAT-fs (loop4): Directory bread(block 67) failed [ 539.027809][T11624] FAT-fs (loop4): Directory bread(block 68) failed [ 539.034594][T11624] FAT-fs (loop4): Directory bread(block 69) failed [ 539.035067][T11625] use the actual size instead. [ 539.041266][T11624] FAT-fs (loop4): Directory bread(block 70) failed [ 539.041309][T11624] FAT-fs (loop4): Directory bread(block 71) failed [ 539.041413][T11624] FAT-fs (loop4): Directory bread(block 72) failed [ 539.041448][T11624] FAT-fs (loop4): Directory bread(block 73) failed [ 539.458209][ T5097] Bluetooth: hci0: command tx timeout [ 539.965789][T11634] xt_socket: unknown flags 0xc [ 540.035359][ T2848] team0 (unregistering): Port device team_slave_1 removed [ 540.134431][ T2848] team0 (unregistering): Port device team_slave_0 removed [ 541.371184][T11520] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 541.480451][ T8316] usb 4-1: USB disconnect, device number 10 [ 541.538396][ T5097] Bluetooth: hci0: command tx timeout [ 541.733107][T11520] team0: Port device team_slave_0 added [ 541.842579][T11520] team0: Port device team_slave_1 added [ 541.897918][ T29] audit: type=1326 audit(1719911203.797:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11647 comm="syz.2.1879" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe4e1975b99 code=0x0 [ 543.144489][T11638] loop4: detected capacity change from 0 to 32768 [ 543.238979][T11520] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 543.293299][T11520] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 543.364310][T11655] loop3: detected capacity change from 0 to 256 [ 543.395313][T11520] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 543.442260][T11520] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 543.476706][T11655] FAT-fs (loop3): Directory bread(block 64) failed [ 543.485196][T11520] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 543.523547][T11655] FAT-fs (loop3): Directory bread(block 65) failed [ 543.530260][T11655] FAT-fs (loop3): Directory bread(block 66) failed [ 543.564162][T11520] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 543.599287][T11655] FAT-fs (loop3): Directory bread(block 67) failed [ 543.622749][T11655] FAT-fs (loop3): Directory bread(block 68) failed [ 543.641881][T11655] FAT-fs (loop3): Directory bread(block 69) failed [ 543.649211][T11655] FAT-fs (loop3): Directory bread(block 70) failed [ 543.660277][T11655] FAT-fs (loop3): Directory bread(block 71) failed [ 543.677183][T11655] FAT-fs (loop3): Directory bread(block 72) failed [ 543.703559][T11655] FAT-fs (loop3): Directory bread(block 73) failed [ 543.818905][T11520] hsr_slave_0: entered promiscuous mode [ 543.849747][T11520] hsr_slave_1: entered promiscuous mode [ 543.903650][T11520] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 543.943441][T11520] Cannot create hsr debugfs directory [ 543.962958][ T2848] IPVS: stop unused estimator thread 0... [ 544.211571][T11667] loop2: detected capacity change from 0 to 256 [ 544.351583][T11667] FAT-fs (loop2): bogus logical sector size 0 [ 544.358665][T11667] FAT-fs (loop2): Can't find a valid FAT filesystem [ 545.311273][T11672] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1888'. [ 545.329676][T11672] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1888'. [ 545.376716][ T29] audit: type=1800 audit(1719911207.267:255): pid=11672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1888" name="bus" dev="sda1" ino=2085 res=0 errno=0 [ 545.687077][T11686] loop4: detected capacity change from 0 to 256 [ 546.088281][T11520] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 546.168968][T11520] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 546.202031][T11520] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 546.247565][T11520] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 546.341233][T11691] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 546.478280][T11697] loop2: detected capacity change from 0 to 256 [ 546.607636][T11520] 8021q: adding VLAN 0 to HW filter on device bond0 [ 546.679371][T11697] FAT-fs (loop2): Directory bread(block 64) failed [ 546.711412][T11697] FAT-fs (loop2): Directory bread(block 65) failed [ 546.727137][T11520] 8021q: adding VLAN 0 to HW filter on device team0 [ 546.739257][T11697] FAT-fs (loop2): Directory bread(block 66) failed [ 546.763359][T11697] FAT-fs (loop2): Directory bread(block 67) failed [ 546.772010][T11697] FAT-fs (loop2): Directory bread(block 68) failed [ 546.784585][ T5150] bridge0: port 1(bridge_slave_0) entered blocking state [ 546.791988][ T5150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 546.813613][T11697] FAT-fs (loop2): Directory bread(block 69) failed [ 546.820321][T11697] FAT-fs (loop2): Directory bread(block 70) failed [ 546.852057][ T5150] bridge0: port 2(bridge_slave_1) entered blocking state [ 546.859298][ T5150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 546.884510][T11697] FAT-fs (loop2): Directory bread(block 71) failed [ 546.913528][T11697] FAT-fs (loop2): Directory bread(block 72) failed [ 546.920135][T11697] FAT-fs (loop2): Directory bread(block 73) failed [ 547.153218][T11688] loop4: detected capacity change from 0 to 32768 [ 547.401259][T11710] loop3: detected capacity change from 0 to 256 [ 547.494755][T11710] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 547.743448][T11520] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 547.888098][T11520] veth0_vlan: entered promiscuous mode [ 548.006275][T11520] veth1_vlan: entered promiscuous mode [ 548.782121][T11520] veth0_macvtap: entered promiscuous mode [ 548.920563][T11520] veth1_macvtap: entered promiscuous mode [ 548.939726][T11738] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 549.247846][T11520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 549.316271][T11520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.352575][T11520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 549.381761][T11520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.433524][T11520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 549.466641][T11520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.497547][T11520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 549.541401][T11520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.577969][T11520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 549.614239][T11520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.648592][T11520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 549.687808][T11520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.705400][T11520] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 549.770436][T11520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 549.785562][T11520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.799575][T11520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 549.850910][T11520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.872946][T11520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 549.893348][T11520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.904649][T11520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 549.917174][T11520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.927159][T11520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 549.942965][T11520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.953624][T11520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 549.964849][T11520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.976992][T11520] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 549.989074][T11520] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 550.113315][ T29] audit: type=1800 audit(1719911211.957:256): pid=11780 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1915" name="file2" dev="sda1" ino=2066 res=0 errno=0 [ 550.136816][T11520] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 550.145910][T11520] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 550.162968][T11520] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 550.330233][T11786] loop3: detected capacity change from 0 to 256 [ 550.434529][T11786] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 550.523505][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 550.562734][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 550.716531][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 550.763395][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 551.742704][T11797] tc_dump_action: action bad kind [ 551.808952][T11801] loop4: detected capacity change from 0 to 256 [ 552.009455][T11808] IPVS: wrr: SCTP 127.0.0.1:0 - no destination available [ 552.017254][ T8309] IPVS: starting estimator thread 0... [ 552.123861][T11810] IPVS: using max 19 ests per chain, 45600 per kthread [ 552.325972][T11775] loop2: detected capacity change from 0 to 32768 [ 552.462005][T11826] loop0: detected capacity change from 0 to 256 [ 552.526690][T11826] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 552.573503][ T8309] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 552.791964][ T8309] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 552.808725][ T8309] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 552.856625][ T8309] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 552.873413][ T8309] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 552.917348][ T8309] usb 2-1: config 0 descriptor?? [ 552.936580][T11839] tc_dump_action: action bad kind [ 552.957534][ T8309] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 554.348312][T11856] loop4: detected capacity change from 0 to 256 [ 555.116505][T11871] loop4: detected capacity change from 0 to 256 [ 555.207752][T11871] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 555.231227][ T5105] Bluetooth: hci4: command 0x0406 tx timeout [ 555.675522][T11861] loop3: detected capacity change from 0 to 32768 [ 556.040806][ T8] usb 2-1: USB disconnect, device number 18 [ 556.547486][T11898] loop4: detected capacity change from 0 to 256 [ 556.562293][T11900] loop3: detected capacity change from 0 to 256 [ 558.796176][T11924] loop1: detected capacity change from 0 to 256 [ 558.884900][T11924] FAT-fs (loop1): bogus logical sector size 8 [ 558.908632][T11895] loop0: detected capacity change from 0 to 32768 [ 558.983965][T11924] FAT-fs (loop1): Can't find a valid FAT filesystem [ 559.738662][T11912] loop3: detected capacity change from 0 to 32768 [ 559.948145][T11940] loop0: detected capacity change from 0 to 256 [ 560.347863][T11948] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1979'. [ 560.558334][T11953] 8021q: adding VLAN 0 to HW filter on device team1 [ 560.643547][T11953] bond0: (slave team1): Enslaving as an active interface with an up link [ 560.671898][T11951] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1980'. [ 561.914233][T11965] loop4: detected capacity change from 0 to 1024 [ 561.970978][T11964] loop2: detected capacity change from 0 to 2048 [ 562.379838][T11756] hfsplus: b-tree write err: -5, ino 4 [ 562.892018][T11956] loop0: detected capacity change from 0 to 32768 [ 563.020078][T11992] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1995'. [ 563.203696][T11994] 8021q: adding VLAN 0 to HW filter on device team1 [ 563.235051][T11994] bond0: (slave team1): Enslaving as an active interface with an up link [ 563.377640][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.384098][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.848126][ T5097] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 563.928237][T12003] loop0: detected capacity change from 0 to 512 [ 564.096779][T12003] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 564.116854][T12003] ext4 filesystem being mounted at /root/syzkaller.Sy9Oc7/97/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 564.155248][T12003] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 565.128643][T12028] kvm: kvm [12027]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x800 [ 565.168462][T12028] kvm: kvm [12027]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 565.239043][T12028] kvm: kvm [12027]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x800 [ 565.566088][ T29] audit: type=1804 audit(1719911227.474:257): pid=12049 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2014" name=203020696E736E7320286C696D6974203130303030303029206D61785F7374617465735F7065725F696E736E203020746F74616C5F7374617465732030207065616B5F7374617465732030206D61726B5F7265616420300A dev="sda1" ino=2087 res=1 errno=0 [ 565.635049][T12051] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2015'. [ 566.037480][ T8316] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 566.342075][ T8316] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 64, changing to 10 [ 566.412905][ T8316] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 566.974348][ T8316] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 567.027414][ T8316] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.071241][T12070] loop2: detected capacity change from 0 to 8192 [ 567.085712][T12055] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 567.103654][T12070] REISERFS warning (device loop2): super-6515 reiserfs_parse_options: journaled quota format not specified. [ 568.389594][T12089] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2029'. [ 568.433807][ T8316] usb 5-1: USB disconnect, device number 12 [ 571.206741][T12125] loop2: detected capacity change from 0 to 8 [ 571.350165][T12134] loop1: detected capacity change from 0 to 512 [ 571.463470][T12125] SQUASHFS error: Failed to read block 0x8f: -5 [ 571.482175][T12125] SQUASHFS error: Failed to read block 0xc00090: -5 [ 571.491291][T12134] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 571.502451][T12125] SQUASHFS error: Failed to read block 0x8f: -5 [ 571.511289][T12125] SQUASHFS error: Failed to read block 0x8f: -5 [ 571.518062][T12125] SQUASHFS error: Failed to read block 0x8f: -5 [ 571.526259][T12125] SQUASHFS error: Failed to read block 0x8f: -5 [ 571.537092][T12125] SQUASHFS error: Failed to read block 0x8f: -5 [ 571.546583][ T29] audit: type=1800 audit(1719911233.454:258): pid=12125 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2043" name="file2" dev="loop2" ino=6 res=0 errno=0 [ 571.583948][T12134] ext4 filesystem being mounted at /root/syzkaller.YfhhnT/22/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 572.522677][T11520] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 572.641764][ T5105] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 572.680343][ T5105] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 572.707874][ T5105] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 572.728610][ T5105] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 572.738265][ T5105] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 572.748734][ T5105] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 572.810302][T12170] bridge0: entered promiscuous mode [ 572.820300][T12170] macvlan2: entered promiscuous mode [ 572.840337][T12170] macvlan2: entered allmulticast mode [ 572.883854][T12170] bridge0: entered allmulticast mode [ 572.999006][T12176] loop1: detected capacity change from 0 to 8 [ 573.099496][T12176] SQUASHFS error: Failed to read block 0x8f: -5 [ 573.127012][T12176] SQUASHFS error: Failed to read block 0xc00090: -5 [ 573.162010][T12176] SQUASHFS error: Failed to read block 0x8f: -5 [ 573.184884][T12176] SQUASHFS error: Failed to read block 0x8f: -5 [ 573.209050][T12176] SQUASHFS error: Failed to read block 0x8f: -5 [ 573.247932][T12176] SQUASHFS error: Failed to read block 0x8f: -5 [ 573.273926][T12176] SQUASHFS error: Failed to read block 0x8f: -5 [ 573.315111][ T29] audit: type=1800 audit(1719911235.194:259): pid=12176 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2061" name="file2" dev="loop1" ino=6 res=0 errno=0 [ 573.552966][T11766] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 573.841102][T12186] loop1: detected capacity change from 0 to 8 [ 573.881519][T12186] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 574.073088][T12190] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2067'. [ 574.156956][T11766] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 574.227265][T12190] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2067'. [ 574.526370][T12199] loop4: detected capacity change from 0 to 8 [ 574.544415][T12199] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 574.567162][T11766] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 574.745826][ T29] audit: type=1326 audit(1719911236.644:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12202 comm="syz.4.2073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe92c175b99 code=0x7ffc0000 [ 574.822352][ T5105] Bluetooth: hci3: command tx timeout [ 574.826343][ T29] audit: type=1326 audit(1719911236.644:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12202 comm="syz.4.2073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe92c175b99 code=0x7ffc0000 [ 574.858584][T11766] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 574.863168][ T29] audit: type=1326 audit(1719911236.684:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12202 comm="syz.4.2073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fe92c175b99 code=0x7ffc0000 [ 574.892339][ T29] audit: type=1326 audit(1719911236.684:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12202 comm="syz.4.2073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe92c175b99 code=0x7ffc0000 [ 574.930077][ T29] audit: type=1326 audit(1719911236.684:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12202 comm="syz.4.2073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe92c175b99 code=0x7ffc0000 [ 574.962042][ T29] audit: type=1326 audit(1719911236.684:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12202 comm="syz.4.2073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fe92c175b99 code=0x7ffc0000 [ 574.986538][ T29] audit: type=1326 audit(1719911236.684:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12202 comm="syz.4.2073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe92c175b99 code=0x7ffc0000 [ 575.037280][ T29] audit: type=1326 audit(1719911236.694:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12202 comm="syz.4.2073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fe92c175b99 code=0x7ffc0000 [ 575.391967][T11766] bridge_slave_1: left allmulticast mode [ 575.398838][T11766] bridge_slave_1: left promiscuous mode [ 575.405547][T11766] bridge0: port 2(bridge_slave_1) entered disabled state [ 575.469653][T11766] bridge_slave_0: left allmulticast mode [ 575.484330][T11766] bridge_slave_0: left promiscuous mode [ 575.498220][T11766] bridge0: port 1(bridge_slave_0) entered disabled state [ 575.694084][ T5105] Bluetooth: hci1: command 0x0406 tx timeout [ 576.035494][T12224] loop2: detected capacity change from 0 to 8 [ 576.047567][T12224] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 576.823942][T12237] ax25_connect(): syz.4.2086 uses autobind, please contact jreuter@yaina.de [ 576.893390][ T5097] Bluetooth: hci3: command tx timeout [ 577.260111][T11766] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 577.298113][T11766] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 577.342728][T11766] bond0 (unregistering): (slave team1): Releasing backup interface [ 577.403800][T11766] bond0 (unregistering): Released all slaves [ 577.681089][T12162] chnl_net:caif_netlink_parms(): no params data found [ 577.973972][ T11] ================================================================== [ 577.982212][ T11] BUG: KASAN: slab-use-after-free in l2tp_tunnel_del_work+0xe5/0x330 [ 577.990418][ T11] Read of size 8 at addr ffff888029df10b8 by task kworker/u8:0/11 [ 577.998438][ T11] [ 578.000797][ T11] CPU: 0 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.10.0-rc6-next-20240702-syzkaller #0 [ 578.011252][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 578.021434][ T11] Workqueue: l2tp l2tp_tunnel_del_work [ 578.026953][ T11] Call Trace: [ 578.030258][ T11] [ 578.033210][ T11] dump_stack_lvl+0x241/0x360 [ 578.037945][ T11] ? __pfx_dump_stack_lvl+0x10/0x10 [ 578.043196][ T11] ? __pfx__printk+0x10/0x10 [ 578.047821][ T11] ? _printk+0xd5/0x120 [ 578.052031][ T11] ? __virt_addr_valid+0x183/0x530 [ 578.057183][ T11] ? __virt_addr_valid+0x183/0x530 [ 578.062341][ T11] print_report+0x169/0x550 [ 578.066980][ T11] ? __virt_addr_valid+0x183/0x530 [ 578.072134][ T11] ? __virt_addr_valid+0x183/0x530 [ 578.077289][ T11] ? __virt_addr_valid+0x45f/0x530 [ 578.082438][ T11] ? __phys_addr+0xba/0x170 [ 578.086984][ T11] ? l2tp_tunnel_del_work+0xe5/0x330 [ 578.092407][ T11] kasan_report+0x143/0x180 [ 578.097044][ T11] ? l2tp_tunnel_del_work+0xe5/0x330 [ 578.102383][ T11] l2tp_tunnel_del_work+0xe5/0x330 [ 578.107544][ T11] ? process_scheduled_works+0x945/0x1830 [ 578.113298][ T11] process_scheduled_works+0xa2c/0x1830 [ 578.118899][ T11] ? __pfx_process_scheduled_works+0x10/0x10 [ 578.125025][ T11] ? assign_work+0x364/0x3d0 [ 578.129660][ T11] worker_thread+0x86d/0xd40 [ 578.134292][ T11] ? __kthread_parkme+0x169/0x1d0 [ 578.139359][ T11] ? __pfx_worker_thread+0x10/0x10 [ 578.144520][ T11] kthread+0x2f0/0x390 [ 578.148630][ T11] ? __pfx_worker_thread+0x10/0x10 [ 578.153780][ T11] ? __pfx_kthread+0x10/0x10 [ 578.158442][ T11] ret_from_fork+0x4b/0x80 [ 578.162901][ T11] ? __pfx_kthread+0x10/0x10 [ 578.167529][ T11] ret_from_fork_asm+0x1a/0x30 [ 578.172338][ T11] [ 578.175370][ T11] [ 578.177708][ T11] Allocated by task 12251: [ 578.182238][ T11] kasan_save_track+0x3f/0x80 [ 578.186946][ T11] __kasan_kmalloc+0x98/0xb0 [ 578.191566][ T11] __kmalloc_noprof+0x1f9/0x400 [ 578.196449][ T11] l2tp_session_create+0x3b/0xc20 [ 578.201523][ T11] pppol2tp_connect+0xca3/0x17a0 [ 578.206489][ T11] __sys_connect+0x2df/0x310 [ 578.211102][ T11] __x64_sys_connect+0x7a/0x90 [ 578.215888][ T11] do_syscall_64+0xf3/0x230 [ 578.220481][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.226422][ T11] [ 578.228770][ T11] Freed by task 24: [ 578.232593][ T11] kasan_save_track+0x3f/0x80 [ 578.237301][ T11] kasan_save_free_info+0x40/0x50 [ 578.242380][ T11] poison_slab_object+0xe0/0x150 [ 578.247358][ T11] __kasan_slab_free+0x37/0x60 [ 578.252272][ T11] kfree+0x149/0x360 [ 578.256203][ T11] __sk_destruct+0x58/0x5f0 [ 578.260730][ T11] rcu_core+0xaaa/0x17a0 [ 578.265002][ T11] handle_softirqs+0x2c4/0x970 [ 578.269791][ T11] run_ksoftirqd+0xca/0x130 [ 578.274333][ T11] smpboot_thread_fn+0x544/0xa30 [ 578.279302][ T11] kthread+0x2f0/0x390 [ 578.283436][ T11] ret_from_fork+0x4b/0x80 [ 578.287890][ T11] ret_from_fork_asm+0x1a/0x30 [ 578.292696][ T11] [ 578.295042][ T11] Last potentially related work creation: [ 578.300781][ T11] kasan_save_stack+0x3f/0x60 [ 578.305495][ T11] __kasan_record_aux_stack+0xac/0xc0 [ 578.310907][ T11] call_rcu+0x167/0xa70 [ 578.315101][ T11] pppol2tp_release+0x24b/0x350 [ 578.319991][ T11] sock_close+0xbc/0x240 [ 578.324266][ T11] __fput+0x24a/0x8a0 [ 578.328285][ T11] task_work_run+0x24f/0x310 [ 578.332900][ T11] syscall_exit_to_user_mode+0x168/0x370 [ 578.338591][ T11] do_syscall_64+0x100/0x230 [ 578.343309][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.349234][ T11] [ 578.351571][ T11] The buggy address belongs to the object at ffff888029df1000 [ 578.351571][ T11] which belongs to the cache kmalloc-1k of size 1024 [ 578.365835][ T11] The buggy address is located 184 bytes inside of [ 578.365835][ T11] freed 1024-byte region [ffff888029df1000, ffff888029df1400) [ 578.379760][ T11] [ 578.382112][ T11] The buggy address belongs to the physical page: [ 578.388558][ T11] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29df0 [ 578.397350][ T11] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 578.405964][ T11] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 578.413974][ T11] page_type: 0xfdffffff(slab) [ 578.418676][ T11] raw: 00fff00000000040 ffff888015041dc0 0000000000000000 dead000000000001 [ 578.427372][ T11] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 578.436081][ T11] head: 00fff00000000040 ffff888015041dc0 0000000000000000 dead000000000001 [ 578.444797][ T11] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 578.453508][ T11] head: 00fff00000000003 ffffea0000a77c01 ffffffffffffffff 0000000000000000 [ 578.462201][ T11] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 578.470893][ T11] page dumped because: kasan: bad access detected [ 578.477342][ T11] page_owner tracks the page as allocated [ 578.483071][ T11] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 2848, tgid 2848 (kworker/u8:8), ts 462875323904, free_ts 462635866697 [ 578.503957][ T11] post_alloc_hook+0x1f3/0x230 [ 578.508767][ T11] get_page_from_freelist+0x2ccb/0x2d80 [ 578.514361][ T11] __alloc_pages_noprof+0x256/0x6c0 [ 578.519606][ T11] alloc_slab_page+0x5f/0x120 [ 578.524357][ T11] allocate_slab+0x5a/0x2f0 [ 578.529150][ T11] ___slab_alloc+0xcd1/0x14b0 [ 578.533863][ T11] __slab_alloc+0x58/0xa0 [ 578.538232][ T11] __kmalloc_noprof+0x257/0x400 [ 578.543203][ T11] ieee802_11_parse_elems_full+0xdb/0x2880 [ 578.549049][ T11] ieee80211_ibss_rx_queued_mgmt+0x4c8/0x2d70 [ 578.555232][ T11] ieee80211_iface_work+0x8a5/0xf20 [ 578.560462][ T11] cfg80211_wiphy_work+0x2db/0x490 [ 578.565597][ T11] process_scheduled_works+0xa2c/0x1830 [ 578.571173][ T11] worker_thread+0x86d/0xd40 [ 578.575794][ T11] kthread+0x2f0/0x390 [ 578.579906][ T11] ret_from_fork+0x4b/0x80 [ 578.584356][ T11] page last free pid 10775 tgid 10775 stack trace: [ 578.590878][ T11] free_unref_page+0xd22/0xea0 [ 578.595676][ T11] __put_partials+0xeb/0x130 [ 578.600289][ T11] put_cpu_partial+0x17c/0x250 [ 578.605081][ T11] __slab_free+0x2ea/0x3d0 [ 578.609786][ T11] qlist_free_all+0x9e/0x140 [ 578.614401][ T11] kasan_quarantine_reduce+0x14f/0x170 [ 578.619887][ T11] __kasan_slab_alloc+0x23/0x80 [ 578.624766][ T11] kmem_cache_alloc_noprof+0x135/0x2a0 [ 578.630258][ T11] getname_flags+0xb7/0x540 [ 578.634795][ T11] do_sys_openat2+0xd2/0x1d0 [ 578.639421][ T11] __x64_sys_openat+0x247/0x2a0 [ 578.644311][ T11] do_syscall_64+0xf3/0x230 [ 578.648852][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.654783][ T11] [ 578.657132][ T11] Memory state around the buggy address: [ 578.662777][ T11] ffff888029df0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 578.670868][ T11] ffff888029df1000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 578.678972][ T11] >ffff888029df1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 578.687054][ T11] ^ [ 578.692966][ T11] ffff888029df1100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 578.701056][ T11] ffff888029df1180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 578.709152][ T11] ================================================================== [ 578.717335][ T11] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 578.724556][ T11] CPU: 0 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.10.0-rc6-next-20240702-syzkaller #0 [ 578.734751][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 578.744841][ T11] Workqueue: l2tp l2tp_tunnel_del_work [ 578.750352][ T11] Call Trace: [ 578.753656][ T11] [ 578.756608][ T11] dump_stack_lvl+0x241/0x360 [ 578.761339][ T11] ? __pfx_dump_stack_lvl+0x10/0x10 [ 578.766602][ T11] ? __pfx__printk+0x10/0x10 [ 578.771325][ T11] ? vscnprintf+0x5d/0x90 [ 578.775690][ T11] panic+0x349/0x870 [ 578.779629][ T11] ? check_panic_on_warn+0x21/0xb0 [ 578.784780][ T11] ? __pfx_panic+0x10/0x10 [ 578.789247][ T11] ? mark_lock+0x9a/0x360 [ 578.793628][ T11] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 578.799558][ T11] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 578.805492][ T11] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 578.811943][ T11] ? print_report+0x502/0x550 [ 578.816666][ T11] check_panic_on_warn+0x86/0xb0 [ 578.821649][ T11] ? l2tp_tunnel_del_work+0xe5/0x330 [ 578.826977][ T11] end_report+0x77/0x160 [ 578.831255][ T11] kasan_report+0x154/0x180 [ 578.835981][ T11] ? l2tp_tunnel_del_work+0xe5/0x330 [ 578.841317][ T11] l2tp_tunnel_del_work+0xe5/0x330 [ 578.846470][ T11] ? process_scheduled_works+0x945/0x1830 [ 578.852225][ T11] process_scheduled_works+0xa2c/0x1830 [ 578.857825][ T11] ? __pfx_process_scheduled_works+0x10/0x10 [ 578.863843][ T11] ? assign_work+0x364/0x3d0 [ 578.868468][ T11] worker_thread+0x86d/0xd40 [ 578.873098][ T11] ? __kthread_parkme+0x169/0x1d0 [ 578.878154][ T11] ? __pfx_worker_thread+0x10/0x10 [ 578.883302][ T11] kthread+0x2f0/0x390 [ 578.887408][ T11] ? __pfx_worker_thread+0x10/0x10 [ 578.892548][ T11] ? __pfx_kthread+0x10/0x10 [ 578.897212][ T11] ret_from_fork+0x4b/0x80 [ 578.901670][ T11] ? __pfx_kthread+0x10/0x10 [ 578.906296][ T11] ret_from_fork_asm+0x1a/0x30 [ 578.911106][ T11] [ 578.914382][ T11] Kernel Offset: disabled [ 578.918710][ T11] Rebooting in 86400 seconds..