last executing test programs: 19.963297953s ago: executing program 3 (id=1178): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @lowpan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x3c}}, 0x0) 19.630990157s ago: executing program 3 (id=1182): r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000180), 0x8, 0x0) dup3(r0, r1, 0x0) ioctl$SNDCTL_SEQ_GETTIME(r1, 0x40045106, &(0x7f0000002240)) 19.271076665s ago: executing program 3 (id=1186): syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000200), 0x1, 0x17a, &(0x7f0000000480)="$eJzskj9uE0EUxn+zXv+BAoFE5caWsMAUwHoNCNFAaXoOgGUvxmINstcSxHKxURS5SBGlzAl8jUi5QFJEOYCLVC6s1NFGMzu7GecKmV/hb943b2bee95f0TgqAzebeY+vKAo84VwIXKAmUm/tpHqk9ULrYSqc6bxv2t/TWo12Zr+7YRhM6p/rPNsygGvl5Vb0Zddhra663Mx7cvEDSJIkkV4fZDpmTgEYGzlVF56rJpI8RzYig1dwNUrrmr0ZjrqDYBD88f32R++9533w3/0choGX/grjCd0KUl8Dcl6PjP0isK9zHgNF7hBGaXpfmGdLxgybL9jCMc5mKjjJz5bJ/i/4zksqwL9YGG5D3eKiWuogKOig5Rr1pW9V1Mbb3t+wv0AgsmNL3PyO1opiHvhm0P4UZ2UvtDa0drQuta601u59Mq664UBHzRhK/O9Op5OWHFK6yj0/9/ynsTkw+eqxs93cqYPFYrFYLBaLxWKxPHRuAwAA///pTXlp") r0 = openat(0xffffffffffffff9c, &(0x7f0000001740)='./file2\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f0000000440)=@isofs_parent={0x14, 0x2, {0x5}}, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000002, &(0x7f0000000080), 0x1, 0x53c, &(0x7f00000025c0)="$eJzs3c9vI1cdAPDvTH52mzZb6AEqYBcoLGi19sbbrqpe2r2AUFUJUXFAHLYh8UZh7XWIndKESKR/A0ggcYI/gQMSB6SeOHDjyA0hlQPSAhFog0SF0YwnqZvYjWkcm8afjzQ7P178vu/FO/Oe38TzAphYVyNiLyJmI+L1iFgsjifFEi93luznHu3vrhzs767Ef9rt1/6W5OnZseh6TebxIs/5iPjGVyO+k5yM29zeub9cq1U3i/1yq75Rbm7v3FivL69V16oPKpXbS7dvvnDr+crQ6nql/suHX1l/5Zu/+fWn3/n93pd/kBVroUjrrscwdao+cxQnMx0Rr5xHsDGYKtazYy4HH04aER+LiM/l5/9iTOX/OwGAi6zdXoz2Yvc+AHDRpfkYWJKWirGAhUjTUqkzhvd0XEprjWbr+r3G1oPVzljZ5ZhJ54q+wvfyf2eSe+u16lKelqfn+5Vj+7ci4qmI+PHcY/l+aaVRWx1PlwcAJt7jx9r/f8512v8B9LirBwB8ZMyPuwAAwMhp/wFg8mj/AWDyDND+Fzf79869LADAaPj8DwCTR/sPAJNH+w8AE+Xrr76aLe2D4vnXq29sb91vvHFjtdq8X6pvrZRWGpsbpbVGYy1/Zk/9tPxqjcbG0nOx9Wa5VW22ys3tnbv1xtaD1t38ud53qzMjqRUA8EGeuvL2H5KI2HvxsXwJcznAxEjHXQBgbKbGXQBgbMz2BZNr8PH4351rOYDx6fkw7/mem+/30/8hiL8zgv8r1z7Zf/z/eN/AfQG4WIz/w+T6cOP/Lw29HMDo9Rr/18+HydBuJ8fn/J89SgIALqQzfB+v/cNhdUKAsTptMu+h3P8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAC2YhIr4bSVoq5gJfiDQtlSKeiIjLMZPcW69Vb0bEk3ElImbmsv2lcRcaADij9C9JMf/XtcVnF46nzib/motiTvDv/+y1n7y53GptLmXH/350fO5w+rDKe687w7yCAMCQ5e13pVh3fZB/tL+7criMsjwP78S7xVTEKwf7u/nSSZmO6Xw9n/clLv0jKfY7c5E+ExFTQ4i/91ZEfOKo/sm77XYRP8nHRi4XM592x48i9hPDj9/1+z8eP31f/DRP66yzztfHj+WbDqFscNG9fSciXu51/qVxNV/3Pv/n8yvU2T2808ns8Np30BX/8Po31SN+ds5fHTTGc7/92omD7cVO2lsRz0z3ip8cxU/6xH92wPh//NRnfvRSn7T2zyOuRe/43bHKrfpGubm9c2O9vrxWXas+qFRuL92++cKt5yvlfIy6fDhSfdJfX7z+ZL+yZfW/1Cf+fM/6zx699gsD1v8X/37925/9gPhf+nzv9//pnvE7sjbxiwPGX770q77Td2fxV/vU/7T3//qA8d/5887qgD8KAIxAc3vn/nKtVt0800b2aXMY+ZzYyIo41AxP2fhTjC7WqRsz5/VbPfeN6aO+4nBz/laW44irkw69FmfaeDSqWOO9LgHn772TftwlAQAAAAAAAAAAAAAA+hnFV5fGXUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAurv8GAAD//5S5ywU=") 18.553744084s ago: executing program 3 (id=1188): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@gettaction={0x28, 0x32, 0x6dd711a25f4cb68b, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}]}]}, 0x28}}, 0x0) 18.11538479s ago: executing program 3 (id=1192): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={@cgroup=r0, 0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 17.802348947s ago: executing program 3 (id=1196): socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000f00)='./file0\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00d77fbe9e57a634f929f74bee0c10f9cecfc3ead3b77b247312d0ad8ba2e74f257f47c684e0aec5cb3009a5028bd4f70eef4b274a5c38fec4079e5f43b598a9e97e460422eae305e57ae786347345f1de885fa6957858a8b0377854b8190607303abd6aee330a8caac51797b7a15b53acc98e0d526b12f36eb277aead8d55f85523364369522d5f49efa95367a99d00d2c3049e41e7d9ffffffd7a5af9bb021ff2474356bb2c975e3e8f87f1064a983db4d47057c94053fbf53a474536fe59f83bfc1843bd6449160b0c4842dbbeef31ac9bd265bf70f693c8c0c0b783b82271433a5d3d3bcd4c7f8395e4830262a3c414bfbe76d431c2001567510239dd2f2bbc049000000000000000000000092675a0b4430360148a763030694149b66a254a61956fb1b6bcd6cfc49f4f84694e73ed9c4b4d6b46d1e077fc89f36d8e5fd41d863a5bdb87562aa6e34ebb8e16b0b210786e0ae945cf920870ccd9657e2d7639d2d2bc46706950fc40406f22ac773d5043bddfe88faba3a973a67a0a8c64c95ba285267c76a7a31636f1e09ea085c771b3aae335b25fcb6b11358349c0f04abad13df1d0a2f732b059707f13b539692bd95cfea76185a8146ff55219ed65edb3f89f2fd4112fa45eaaee3ad02b5f2ff9c85453a6af8f4a408bc729aec69f33404b61ad21da92b8c813ca3de184e899a596543ca6d9be9f93840870ccda17746cd6461ad770ab337102b891bcd84c1596a60db767d62478ccb6dc3bf80474432a6123cdaf8a02bc6ac95c722c79aae41084a61bdc51f288b3980ba19e39dc078"], 0x1, 0xf17, &(0x7f0000001580)="$eJzs3U9oHNf9APA3q3+25VirJL9fnKSx3aSpE7eVXdmH9FQHTAshhFx6T3DsxFRJTZ0eEmJs91IXekgJuaT0kJLcCu6h0IRCCYVC/+TQc0+hvbQUFwyGUoO1RfJ7q9WzprsarWZ3tZ8PfPU082bn+51dsZ43nn0bgLHVWP154sT+IoR3P37n1DcvLf9qZd3B9haHVn8WcakZQpjqWC6y/X0WV9y+8dbplXY5a4uwuPoz9YfnrrcfOxtCuBwOhU9CMxw80rx5deLZsx++9+nhi+efeWWbDh8AAMbKtT8u/eXJv//hy/O3rh04GWba69P5eTMuz8bz/mPx/D6d9zfC+uWiIzpNZ9tNxGhk201k201meSZL8k1l+5kq2W66S76JjnUbHScAAACMokYc4zZD0VjoGOc2Q6OxsHBn3L/is7npYuG1c0tnLwywWAAAAKCSm5dWb7oVQgghhBjjuNVqtQZdgxBCiAoxNwQ1jEy05gZ9BQIAAAAYN2negfb8YLnL+cwCW9PeW7O3/Nefbmz8eOiDuv/+5R+t/B9c8Y4DAEB1O/VsMh1XOo9O8xjk8whOZI/b7Pl/I9vP5CbrLJtXcFTmGyyrM39eh1VZ/Zt9HQelrP58PsxhVVZ/Pk/nsCqrf6bmOqoqq39XzXVUVVb/7prrqKqs/j0111FVWf2zNddR1cb1/+DftRdSUdnzf0/NdVRVVv++muuoqqz+Ubmttqz+Zs11VFVW/3zNdVRVVv+9NddRVVn999VcR1Vl9d9fcx2D8khs0/NwIOvvHD/nY7pRGeMBAADAuPvPwOb/+/rA5z4Y9li906CP+5vq8/6EEGJoY8WhIahDCCHEBhFnIBt4HaKPcWUIahA9xKUBXnsAAAAAhkP6XED61HsrSv0TXfonu/RPdemf7tI/06UfAAAACOHXV88++Hax9jn/rc6Hl+aNSvMvbXYeo3w+ws3m3+q8Z1vNPyrzlgEAADBeim98snzk1Puvz9+6duBkx+h3OY530zygk/HawEdxOd0XsDdbLtIY+uT6PI2S7fLrA/eU7e/5LR4oAAAAjLE0fm+GorHQMe5uhkZjYWFtPL4/TBVnzy2dORaX0/ez/H5uamZl/VdrrhsAAADo3dp4f+Pxf/oe3/1hulh47dzS2Qt3lve21081Oq8LzK2tLzqvCzSz9Ysl64/H5fT9na/M7V5dv3D6O0sv9fvgAQAAYExceOPNb7+4tHTmu37xi1/80v5l0O9MAABAv334t3f+9L3je39z5/P/a/Pfpc//H4rLzTi335/jBuk+gfQ5gLs+r//C+jxzZdudX79dM9tuIsZMVveujv2EjvkG0+Pm1y1PrG3bXL+f6ZJ8s1m+vVm+fJ6CyWz7dHz7svX5/IRpu7lsfT4P42SWo8jyPxoAAACg3NHXXz1/9MIbb37l3Ksvvnzm5TOvHT+2+LXFpxYXTyweXb2v/2jn3f0AAADAKFq76XfQlQAAAAAAAAAAAAAAAAAAAMD4quPrxAZ9jAAAADDu/nUphHB5nGN5CGoQQojxitXvOB2COoQQQggx0lGstDPOK3qOViv/pnkAAACA7XX7xlunY3tlww0uF33N195bM4RdHeuXYx2/e/ynj69EWn/96fXXS/b0tRrGXcff/+kNN+jz37/8o5X/gyv9zd9+z2veadL7Xvn7X2P9Dk5Wy/vFH//jic78D032mD8//uer5T+c5T8cesvfej/L/0K1/E9k+ff0mP+u4z9fLf+TMf/+VM9jveZf//rPxDYdx+4e8x/Jjv+l0Gv+7PibPSbMfCnmB4Bx1Bh0AdsknSWk8+jZuJyON55uhvzuh82e/zey/UxuufL1+03nQQ/E5XS+tDfLm2y2/tlsf/dUrDM3KneVlNXfr9dxu5XVP1VzHVWV1T9dcx1VldU/U3MdVZXVv6vmOqoqq7/XceigldU/KteVy+qfrbmOqsrq31tzHVWV1b/Zf8cHpaz+fTXXUVVZ/XM111FVWf0VL6vVrqz++ZrrqKqs/ntrrqOqsvrvq7mOqsrqv//uVaNySrQpD8e2bDycxp9zsS8tN7PlmQ2ey516bQEAAABGzT/Hfv4/IYQQQgghhBBi50erNegrEAzS9n6aGYBh5f1/vHn9x5vXf7x5/flf0j38RbacTHTpn+zSP9Wlfzrrz/9eZ7r035fttxWl/vu79P9fl/59Xfof6NK/v0v/g136H+rS/3CXfgAAAMbD/8fW+BAAAAB2ros//+hHvzz8wo35W9cOnAzTd807fywuz8T/W78al/N575Op+H/+34/LP4vtb2P712x7958AAADA9kvfE+P//wEAAGDnSt9TavwPAAAAO9d8bI3/AQAAYOe6N7bG/wAAALCDFbs2Xh3bdF3g0dj2Oq8fADD8PhfbR2J7ILYHY/v52KbzgMdi+4Wa6gMA+ucn3/rhU28Xa/P9H8/6b8f1qb3L5TtXCorG+pn8d8d2T2wf77Ge/PsAes2f7Osxz3bln9tifgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg52is/jxxYn8Rwrsfv3Nq7uKpl1fWHWxvcWj1ZxGXmiGEqfbjUu/a8i/ihrdvvHV6pV2ObSu2RVgMRSja/eG56+1MsyGEy+FQ+CQ0w8EjzZtXJ549++F7nx6+eP6ZV7bxKQAAAIAd778BAAD//4IIK+k=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc020660b, &(0x7f0000000300)={@desc={0x1, 0x0, @auto="6d017cdf5a11f15e"}}) 14.399117592s ago: executing program 5 (id=1210): r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000200)='.pending_reads\x00', 0x40842, 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$bt_hci(r0, 0x0, 0x1, 0x0, &(0x7f0000000040)) 13.901224518s ago: executing program 5 (id=1214): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0xa4}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0x9d, &(0x7f0000000280)=""/157}, 0x80) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4410e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f0080047e0ffff00124000632f77fbac141416e000030a44089f184d2f87e589ca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) 13.085898542s ago: executing program 5 (id=1218): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000180)=0x2, 0x4) syz_emit_ethernet(0x2a, &(0x7f0000000040)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0) 12.697588156s ago: executing program 5 (id=1220): syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x2, &(0x7f0000000000)={[{@noblock_validity}, {@dioread_nolock}, {@errors_remount}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x2c}, 0x84, 0x451, &(0x7f0000000480)="$eJzs20tvG1UUAOAz46bvklDKow/AUBARj6RJC3TBBgRSN0hIsCjLkKZVqdugJki0qmhAqCxRfwGwROIXsIINAlYgtrBHSBXqhsICDRp7nBrHDnbs1Gn9fdIk986Mfc/xzLXvzLUDGFrl/E8SsTMifomI0YgoNe9Qrv27cf3S7F/XL80mkWWv/5HkD4s/r1+are+aFP93FJXxNCL9KIn9LdpduHDxzEylMne+qE8unn1ncuHCxWdOn505NXdq7tz00aNHDk89/9z0s33Jc1ce67735w/sPfbm1Vdnj1996/sv83h3Ftsb86gZ67nNcpSXX5Nmj/f87BvLroZysmmAgdCVvK/nh2uk2v9HoxQ3D95ovPLhQIMD1lWWZdmWFWuXRwBLGXAHS2LQEQCDUf+gz69/68stHH4M3LUXaxdAed43iqW2ZVOkxT4jTde3/VSOiONLf3+aL9HyPgQAQH99nY9/nm41/kvjvob97irmhsYi4u6I2B0R90TEnoi4N6K67/0R8UCX7Zeb6ivHPz9tW1NiHcrHfy8Uc1v/Hf/VR38xVipqu6r5jyQnT1fmDhWvyXiMbMnrU6u08c3LP3/Sblvj+C9f8vbrY8Eijt83Nd2gOzGzONNLzo2ufVC9B3h5Zf7J8kxAEhF7I2LfGp5/a0ScfvKLA+22/3/+q+jDPFP2ecQTteO/FE351yWrz09Obo3K3KHJ+lmx0g8/XnmtXfs95d8H+fHf3vL8X85/LGmcr13ovo0rv37c9ppmref/5uSNanlzse69mcXF81MRm5Olleunbz62Xq/vn+c/frB1/98d8c9nxeP2R0R+Ej8YEQ9FxMNF7I9ExKMRcXCV/L976bG3157/+srzP9HV8e++UDrz7Vft2u/s+B+plsaLNZ28/3UaYC+vHQAAANwu0up34JN0YrmcphMTte/w74ntaWV+YfGpk/PvnjtR+678WIyk9Ttdow33Q6eKe8P1+nRT/XD1vnGWZdm2an1idr6yXnPqQGd2tOn/ud9Kg44OWHddzaO1+0UbcFvye00YXvo/DC/9H4aX/g/Dq1X/vxxxYwChALeYz38YXvo/DC/9H4aX/g9DqZff9a9W2H1svZ75TiuUNkYYXRci3RBhrK2QbowwaoUtEdHpzpfjVgU26HcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg3AAD//zLQ7Dk=") r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000042c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r0, @ANYBLOB=',rootmode=0000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000240)='./file0\x00') 12.171525919s ago: executing program 5 (id=1222): r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r1, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) 11.172343311s ago: executing program 5 (id=1226): r0 = syz_mount_image$nilfs2(&(0x7f00000001c0), &(0x7f0000000300)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[], 0x1, 0xaa6, &(0x7f0000001100)="$eJzs3U2MW0cBAOCxd73JJilxSkKXNLQJhbb8dNNslvATQVIlQiJqKsSlUsUlStMSEYJEkYCqEklO3GhVBYkTP+LUS1UQEr2gqCculWikCqmnwoEDURCVOEAgcRXvjNee2H22s+tnx98njcfz5j3PvOfn5/c7E4CpVW2+Li8vVEK4+PrLR//x4N/nbw451Bqj3nydbUvVQgiVmJ7NPu/dmZX4+nsvnOwWV8JS8zWlwxNXW9NuDiGcC7vDpVAPOy9efunNpcePnz92Yc9brxy8sj5zDwAA0+Xrlw4u7/jrn+/ddu3V+w6HDa3haf+8HtNb4n7/4bjjn/b/q6EzXWkL7eay8WZjqM53jjfTZbz2cmrZeLM9yp/Lyq/1GG9D+ODyZ9qGdZtvmGRpPa6HSnWxI12tLi6uHJOH5nH9XGXx7OkzzzxXUkWBNffv+0MIu9vCkQud6XELh8agDkOGxhjUYSLD4dGVda2xovR5HlFobC17CwSwIr9eeItz+ZmF29P6tNn+yr/6WLX79LAGRr3+D1T+XMnlB+X/5rwtDmvnTl2b0nyl39GWmM6vI+T3L/X+/eVXOjqH5tcjan3Ws9d1hEm5vtCrnjMjrsewetU/Xy/uVF+OcVoOX8ny238/+Xc6Kd8x0N1/8vP/giCMdwgd6drtfFaj5O0PML7y++Ya6fpolN/Xl+dvKMjfWJA/X5C/qSB/c0E+TLPfff+n4cXK6nF+fkw/6PnwdJ7trhh/aMD65OcjBy0/v+93ULdbfn4/MYyzP5x48tQXnn7q8sr9/5XW+n8jru/pcKMef1uX4gjpfGF+Xr1173+9s5xqj/HuzupzV5fxm++3d45X2b76OaFtO3NLPRY6p9vaa7xdnePVs/HmY9iY1TffP9mUTZf2P9J2NS2v2Wx+a9l8zGX1SNuVbTHO6wHDSOtjr/v/0/q5EGqVZ06fOfVoTKf19E8ztQ03h+8bcb2B29fv8z8LofP5ny2t4bVq+3Zh6+rwysp24bX4eZ3Dl1rldA7fH9Ppf+5bM/PN4Ysnv3vm6bWffZhqz/3o+W+fOHPm1Pe8GfrNV8ejGoO8SYct41Ifb8buTckbJmDd7f3xyk7AI6e/c+LZU8+eOrv/wIH9S0sHvrh/eW9zv35v+959u3Ml1BZYS6t/+mXXBAAAAAAAAAAAAOjXD44dvfz2G59/Z+X5/9Xn/9Lz/+nO3/T8/0+y5//z5+TTc/DpOcBtXfKb42QNrM5l49Vi+HBW3+1ZOTuy6T4S41Y/fvH5/1Rc3q5rqs892fBaj2TWnMAt7aXMZW2Q5P0FfjzGF2L86wAlqsx3Hxzjovat07qe2qdoa5eioX3gyZG+t7Q2pHZM0vPfXdt1avuyt42gjqy9UTxOWPY8At39c6ra//7X6oyXXhehd5gdbXk/n951otFzL73fHmwA1kbZ/X+m854pPvvHr228GdJoVx/r3F7m7ZfCIP7ydmd63PufXO/y8377Rl1+2fM/6v4/W/3f9b39y3rMqw9X7n9/ceWdtmLDzn7Lz+c/tQO9fbDyr8Xy09w8FPorv/GrrPz8glCf/peVv6nP8m+Z/13Dlf//WH5abA8/0G/5KzWuVDvrkZ83Ttf/8vPGyfVs/lPbnh9Q/jee7zb/Q3bUeCOWD9NsUvqZHVS2H9HaaR++/9/o3Nr2/9uqbLZZy+/D+FxMpw1xus8h7+9k0Pqn+yvS/8CO7PMrBf9v+v+dbF+KcdHvIfX/m9bHevzLb0s3l2VK17os2zt1WwOT6t2puv43EWHjGNRB6D80ZoaYrtVPXMn1bzQa63tCq0CphVP68i/7OKHs8ste/kXy/n/zffi8/988P+//N8/P+//N8+fjN9QrP+//N1+eef+/ef492efm/QMvFOR/tCB/Z/f81mH7vQXT7yrI/1hB/p5W/qGOMVL+fQXT31+Qf3dB/gMF+Z8oyP9kQf6DBfkPt+W39wGd8j9VMP2dLj2PMq3zD9Msfz7P7x+mR7r+0+v3v70gH5hcP3t135GnfvvN+srz/3Ot8yHpOt7hmK7F46cfxnR+3Tu0pW/mvRHTf8vyx/18B0yTvP2M/P/9oYJ8YHKl+7z8vmEKVTZ2Hxzjonareu3nM1k+HePPxPizMX4kxosx3hvjfTFeGlH9WB9HXvv9wRcrq8f7W7P8fu8nz58H6mgnKoSwv8/65OcHBr2fPW/Hb1C3W/6Qj4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACUptp8XV5eqIRw8fWXjz55/PTem0MOtcaoN19n21K11nQhPBrjmRj/Mr65/t4LJ9vjGzGuhKVQCZXW8PDE1VZJm0MI58LucCnUw86Ll196c+nx4+ePXdjz1isHr6zfEgAAAIA73/sBAAD//weuDxQ=") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a4243c, &(0x7f0000000bc0)=ANY=[@ANYRES32=r0, @ANYRES8, @ANYRES8, @ANYBLOB="f1bcca05ed588d63a576cc3afd51baf29cde224a5ce922c3aea0a3df3c89633f589d81a84392f4e66ff7f77daa9af727ceae8a8ec95fc1b73083de2de825a0ce27c16bc23b2f7c7fb72585548939698f283e000000255a9a924008f8477e82ba11cdb11efd5ca2f1ab049ce2ccc415d2daf8dac725533a558d561654faf5e0924f1376174f374d664fad4a6ab24ec0e822e7f9426e8e5de1fe58085a0ae86fd02a118b9365961834d46208b9fb4cb1a1fa962a8b0000dc2e319379ea1e5a07aeb3f9cd4e648df4dd18e6253e7b2310a78d63a232a2a40758027a472e7d263ef567a841863787889bf1c90fccf31954a940c8b584ca69a512f28edec086b1c0823c028840eeaf3f5d8769023c01218614f4fa40be9892e7a285ac63f7f97aaa5b8ecc86ea8c6193bc21a2b833e5c2c9c703c4cfa063dd34c245706bde3d7ac373ab04b62b4111b59eabd436dd97e788a36ef25bad99be2aa924949558c800000000000000000000006e902719639a5b590a7306ae960562b9183b4de2dd5e2fc731ddfd1a23b3e991d947cd026224523abd1156665e5e573a6d1ec598eec9f10790c187deb457eea1eacd5fa617fc1a54c37a12f35b6064784a33e01c316e12434fb0c138cd31274603d85140950017fede1b75615d2729", @ANYRESDEC=r0, @ANYRES16=r0, @ANYRESOCT, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRESHEX, @ANYBLOB="eab6ec54a6018a984181ba01c2d71d3b4564fef14cf242055de55cf62f0f8673931a58d3bc077900c13bb4dd4ca669a94d11922f0fcdd6e33473e04dfbe74a54bacaf45703968b9572a0a11d1f604cbc423cf5889b5902ad2ff2048f0e0579b3c5c00236bb009d993b521ad3d96567b61e329c42b639898ecc39829dd0a049a394c9bc1587850b2f2c6bab6a2bad4f826efe473e6ec60cc1c0373668a0d735faed713e652b0c6a572182467977fdc5143fc69120f402da34f8b0896c0cb31bc0bd35e98c83ce923a14c48a05005739a45fdd72fa", @ANYRES64, @ANYRESHEX, @ANYRESOCT], 0x1, 0x0, &(0x7f0000000000)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpu.stat\x00', 0x275a, 0x0) 8.255319631s ago: executing program 4 (id=1239): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000800)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x80000000, 0xb}}}}]}, 0x40}}, 0x0) 7.317616057s ago: executing program 0 (id=1243): syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x180848c, &(0x7f0000000300)=ANY=[], 0x3, 0x298, &(0x7f0000000600)="$eJzs3c+KUlEcB/Df/FObjUKtosWFNq1knDeQMIiEwHAxrUaaGYhRBhwSimjc9S69SrseoycwiIxRa7yTRUM6d9LPBy73h8evnHsXniOc492/1zk+ODk92rv9OQq1j29fRfTjS0TEemxE2troyKVe6wcA8L9pNFrVrPvAYnW71dZWROR/aWl+yKRDAAAAAAAAAAAA/LPU+v9CEpsR/RhElKbW/69NzuvW/wPAUrD+f/l1u9XW9mT+lmb9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJCdwXBYHP7hyLp/AMD8/dX4n8+6lwDAPPn9DwCrZzDciIgfY/1aGP8BYPk923v+pFqv1xpJUojovO81e83xedxePYqX0Y7D2IlifI3z+cHEuH70uF7bSUZKsd85m+TPes2NdL4SxSjNzlfG+SSd34rt6fxuFOPO7PzuzHwuHtyfypejGJ9exEm04+B8xjOVf1dJkodP65fy+dH7AAAAAAAAAAAAAAAAAAAA4DqUk59m7t8vl3/XPs5f4f8BLu2v34y7m9leOwAAAAAAAAAAAAAAAAAAANwUp6/fHLfa7cPu3ItcLOqTb25xa+F3dXmKb8Orpdbd1WstMv5iAgAAAAAAAAAAAAAAAACAFXSx6TfrngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAdi6e/7+4IutrBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFbD9wAAAP//6gPmbw==") pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) splice(r1, 0x0, r0, 0x0, 0x3, 0x0) 6.812136575s ago: executing program 0 (id=1246): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000200)={0x0, 0x1, 0x2}) 6.563158419s ago: executing program 1 (id=1247): rt_sigprocmask(0x0, &(0x7f0000000200)={[0xffffffff]}, 0x0, 0x8) r0 = gettid() tkill(r0, 0x11) rt_sigaction(0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000)) 6.227440283s ago: executing program 1 (id=1248): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000300)={0x0, 0x5}, 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) 5.876391808s ago: executing program 1 (id=1249): r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000180), 0x8, 0x0) dup3(r0, r1, 0x0) ioctl$SNDCTL_SEQ_GETTIME(r1, 0x40045106, &(0x7f0000002240)) 5.867453427s ago: executing program 0 (id=1259): rt_sigprocmask(0x0, &(0x7f0000000200)={[0xffffffff]}, 0x0, 0x8) r0 = gettid() tkill(r0, 0x11) rt_sigaction(0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000)) 5.749038254s ago: executing program 1 (id=1250): pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x101001, 0x0) splice(r0, 0x0, r2, 0x0, 0x1, 0x0) write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[], 0xfffffd88) 5.539678057s ago: executing program 0 (id=1251): r0 = syz_usb_connect(0x3, 0x2d, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x5a, 0xe4, 0xc4, 0x10, 0x596, 0x1, 0x5f5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xd6, 0x0, 0x1, 0xb5, 0xe1, 0x45, 0x0, [], [{{0x9, 0x5, 0x83, 0x0, 0x3ff, 0x3, 0x7, 0x4}}]}}]}}]}}, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000001480)={0x34, &(0x7f0000001180)={0x20, 0xf, 0x10, "f0ba29522053fd87ba3d7e8387a0e605"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) 5.427466218s ago: executing program 4 (id=1252): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx2\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) write$nbd(r1, &(0x7f0000000040)={0x67446698, 0x0, 0x0, 0x0, 0x0, "d19ff7afff855957da3aad93b38e374ae65566f602d2e4f330ff83e81f96cd592586cd5d44d870c7f7dd7ed7855f6fd7026e5d7636a366c06b67c18a2eab7d43bedfe6b230b3678958543f2a841b84c1bc6b310984e1bee7fbdd66c9af0a56d0c415f15fffa9a45c"}, 0x78) 5.422689344s ago: executing program 2 (id=1263): r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) accept4$unix(r0, 0x0, 0x0, 0x0) 5.112331642s ago: executing program 4 (id=1253): r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_user\x00', 0x275a, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x36, &(0x7f0000000ec0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x2b0, 0x150, 0x150, 0x8, 0xf8010000, 0x380, 0x238, 0x238, 0x2b0, 0x238, 0x3, 0x0, {[{{@ipv6={@mcast1, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, [], [], 'team_slave_0\x00', 'hsr0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}, {{@ipv6={@empty, @mcast1, [], [], 'batadv_slave_0\x00', 'gre0\x00'}, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310) 5.081617376s ago: executing program 2 (id=1254): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001800)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0xfffffd66, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x4, 0xa, 0x101}, 0x14}}, 0x0) 4.769603073s ago: executing program 2 (id=1255): mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x0, 0x0, 0x55, 0x0, 0x0, 0x0) 2.8153495s ago: executing program 0 (id=1256): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000020bd28940000000000000109022400010000000009040100010300000009210000000122070009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000040)={0x0, 0x0, 0x7, {0x7, 0x0, "12279dfe7e"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f0000000ec0)={0x2c, 0x0, &(0x7f0000000ac0)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0) 2.804195988s ago: executing program 1 (id=1257): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6, 0x9, 0x0, 0x7ffffffb}]}) r0 = syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x201c448, &(0x7f0000000240)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYBLOB="2c6769643cfdcf0b77ac6521230a8e69bd954673aa802f1833d29130aeed4c22f81044f553f456f9bfb5098b2a9e93a548712e8ab98eb09e6416868eb529124b101953e0856f719f3a5ef09399b0", @ANYRESDEC=0xee00, @ANYBLOB="03fb17d64ee1457b7f766b0fe632a450d954a88a5bb013b1426dbcd2db8e678e84143735559fe815c1089ca7a332d4bdf01c174107f7b5d4c334bdfd19c144177281c2797af0c7710085c466d10db09cb9778b240f3eb0e9867af777b99555f3b8efc775ea468f79c992592b9d258f7d2aeed9897307ed4569b946f087f01194aabf91036335f9d608b0be48fc2ed6a83b29f4c907766a36d7e266f3e6f4cf00000000000000f783a32e834a9f97781a86d9d90efd41b71d18ae2c0859ee2360e8ca4c64dcd070c13085839ca1483b2194612068090284229d9493d0fc80edacb524a7ef83813bad9dda69b2e866830d718641eebecebf6e173b42d8965a70f248c11db1f8ed32875f78d366a6d57a5920f1693d9dfa2afecd1eadd4663be9ec6532e37b81707130b33ffce95706ca4b30011cf71474aea0b09d602b77a24d3f3a192d362e6254a946072b2261ebe3df62ef756d37d55a8a6144812f1c076805e7fdef71742c370745ab09469256abd3c95271edc945e2680bf25eea474ab4bf13e304695d070972bb50091058e50c12198aa0331a"], 0x0, 0xa78, &(0x7f0000000540)="$eJzs3c1vHGf9APDvbGzHdqs2bfNr+4vaZpIqrdsGZ23TRFEPNLHXyRa/INuRGgnUVI2DolgUNSC1EVJTCXGiokIICZAQ6pFTpXKgF5QTcOTEAQn6H6CKU4qAQTO7a+86+5K4azstn0+03pl5vs/bzOw88Xp3nuDzLMuy4rHF9XO/3snGcvc5PfPx+x+8mz/euR5DsSeeT34bMRwRacTAv4tzZXB6ZmlxvkdBVyIuRMSNiCQi9kbtuYORlrULkfwo7t1YvxHJL+LRNtmG77Bz9JTxP223zz8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgrTc+UyxNJzFUXzr2cdlZMAd4lvVHcR8Ws38lHvapNIpL8EcPDjam+H92/kfxw/uNwPFZbe6w28/dwXLvn4X0vPDRQauTv0qAdcfWta1deXVtbfaO+vjdNB3tm2rvtzbpzQ1vLdqayUF1erM6fOlNJq8uL6cnjx8vHzs4up7PVqCyfX16pzKfTS5VTK4tL6dj0M+nEyZNTaWX8/OK5hTMz43OVxsYTX5osl4+nL41/rXJqaXlx4dhL48vTZ6tzc9WFM0VMnpzHnMhPxK9WV9KVyqn5NL10eW11qlcj86CJtilJa9Bkr5Imy5OTExOTI3H8+ZPPnyiXB+obJicaG8qbxC0Ru3/S0m+/vO3I3/T9+g2fQak+/sdcVGMhzsXLkbb9Nx0zsRSLMd8mLdkorzH+HzlW6Vpv8/jfGOUf3Ug+EMX4/0Rt7YlO43+Htvb+l2W1kreav/HvarwV1+JKvBprsRar8cZnLjGN37euf7o5/V9Zlm2h3DTv7cHmfdCHtp6JSixENZZjMaoxH6eKLWl9Sxon43gcj3K8EmdjNpYjjdmoxlxUYjnOx3KsRKU4o6ZjKSppxEosxlKkMRbT8UykMREnYySmIo1KjMf5WIxzsRBnYiZOFaVcisvFfp/q0sb1oInbCZrsEnTLYP7Zxv/sbvyfINutz1dw2LqsPv4PdQzIGktj0zvWKgAAAKCf/v+Pcd/+B//w14jBeLx4X362Olcp73azAAAAgD4qPq73WP40mEXE45G0+f2/tEuNAwAAAPoiKb5jl0TEaBysLdW+CbUnfAgAAAAAviCKv/8/kT+N5ksHI1m/E8qF3W4bAAAA0B+977HfMyIZjvo9LdOLteeL9Yj6fX5HZ6tzlfHpxbkXJuKp4i4DxTcNbiltT0QyWHz94Nk4VIs6NFp7Hm0tcTiPmhh/YSKejcP1jow9mT89OdYmcrIW+XQt8ukukVN5JAB80R2+dTz+NLvD8f/ZOFqLOHpgYCgiBg60GVnLGyPrwG50FABY13uOndaIt+v5msf/L2/8/j9YT24Z/x+MS//JN67GeLwWr8daXIyjxbcNik8ctNT79ffq7xmsfwyhHEd7vBvQiP3TiVIc7fF+wGjTRC9He7wjUIuNb0RMbe9BAIAddrjDONxp/C8iovHBwdr4f7Tp9/+49ff/9amFVn2lEADuCusz2Pd1IdvTvGW3+wgAtDJKAwAAAAAAAAAAAAAAAAAAAAAAAAAAQP/19bb/w1vM/rf6vH61LVn/5yNovzBS3weNLW/f0d545+pb134cEc1JpbwT29PmoqX9LbnUh3KyiNip47VzC7EvYst7NdolDUXEtjd+pB9VfFpfqL02St0uHue6pgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA5kETsabe9FLE3IsoRcWznW7V9ru92A3beV5pXkptxM96M+3avOQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX0z1+/+XovZ8T21TDJQijkTEhYjIdruN/XRztxvQJyNbzNd0///8mEeWxEDtsEcyOD2ztDifH/5i7ofSx+9/8O4jrdn33m49RWBp0+QS9Ro2x/7q3sbSA0Wu0ZnVq1e+8/q305nTUYqhOL0yOzczf2bpxY0sDycfRqRRezTk7c0f3zvyu/fa9PzDvKftba53ttg5M7fW+0i73N3r7eby2upkXtNK5eWV737r8ptNSQ/GoYgnxyLGWmv6Zv7oUNOhGOxWW/JJ8oPkvvhpXCiOf743kizJD9H9Rf9HLl1eWx1/7fW1ix3atC8ORsTFiOGebVrf1QeL60lbxVlXGsxrLRdB+Y/9PfrYXvMcF7USJzr04YHilBmt92GopQ+lDnWmnftQ7PCm/V5qLCTJ5hZN1Vs0FK0teiieanOks70RnffCU92PdHvJJ8lfkrPx5/h+0/wfpfz4H4nOr87WIorIpjOlY2SpFln0fLI54ZXNkX//2W21vu00NdypH7a8eEtN1//6serT9ShLul6Pmmqc6lBj+9fFpho3nxWljh0vRqT9m3LUrz4dM9Xaub8W1aGd/xfPRQwc6HZVvGW0fq7zFaU1/4vtk7f6+v95Mhb/iOvm/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO5+ScSedttLEUciYl9jPY3I7qDYvZ0SSqPJnTaxr66v//ic21/8LLVse6d3tuRm3Mze3q5GAQAAAAAAALDTTs98/P4H7+aP4u/xe25mWf3v+2nEQETsS34yEjNLi/M9ChqMuBARN/Ll4U5B/8xqWrfm+eLejfUbEdn9W+8SANDDfwMAAP//zlFyiw==") iopl(0x3) name_to_handle_at(r0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)=ANY=[@ANYBLOB="10"], &(0x7f0000000140), 0x0) 2.803542284s ago: executing program 4 (id=1258): socket(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105}, 0x48) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00') read$char_usb(r0, &(0x7f0000000000)=""/12, 0xc) 2.316378626s ago: executing program 4 (id=1260): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000180), 0x3, 0x5eb, &(0x7f0000000c00)="$eJzs3ctvFEcaAPCvxw9sjNYDWu0ue1gsrVYg7WJjAysU5QDXCFnkoVxyiYMNIRiwsKPEJBJGIpdIUS5RFCmnHEL+iwSFK6fklEMuOUVIKIk4RspEPdNtPHaPX9jTiP79pGG6q6Zd1djfVHVNVU8AlTWS/lOLOBgRc0nEcLK0nNcbWeZI63WPfnv/fPpIotF4+Zckkiwtf32SPQ9lBw9ExHffJnGgZ22584s3Lk/Nzs5cz/bHFq7Mjc0v3jh66crUxZmLM1cn/j9x6uSJk6fGj23rvG4WpJ29/dY7wx9Ovvbl578n41/9OJnE6Xghe+HK89gpIzHS/D9J1mYNndrpwkrSk/2dNBqNRp6W9JZbJzYv//31RcTfYzh64vEvbzg+eLHUygG7qpG03ruBKkrEP1RU3g/Ir+1XXwfXSumVAN3w8ExrAGBt/Pe2xgZjoDk2sPdREiuHdZKI2N7IXLt9EXH/3uTtC/cmb8cujcMBxZZuRcQ/iuI/acZ/PQai3oz/Wlv8p/2Cc9lzmv7SNstfPVQs/qF7WvE/sG78R4f4fz19vtmK4Te2WX798eabg23xP7jdUwIAAAAAAIDKunsmIv5X9Pl/bXn+TxTM/xmKiNM7UP7Iqv21n//XHuxAMUCBh2cini+c/1vLZ//We1YsYa1HX3Lh0uzMsYj4S0Qcib496f74OmUc/ejAZ53yRrL5f/kjLf9+Nhcwq8eD3j3tx0xPLUw9wSkDmYe3Iv5ZOP83WW7/k4L2P31nmNtkGQf+c+dcp7yN4x/YLY0vIg4Xtv+P71qRrH9/jrFmf2As7xWs9a/3Pv66U/nbjX+3mIAnl7b/e9eP/3qy8n4981sv4/hib6NT3nb7//3JK827CvVnae9OLSxcH4/oT872pKlt6RNbrzM8i/J4yOMljf8j/15//K+o/z8YEUurfnbya/ua4tzf/hj6qVN99P+hPGn8T2+p/d/6xsSd+jedyt9c+3+i2dYfyVKM/0HLp3mY9renF4Rjb1FWt+sLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM+CWkTsi6Q2urxdq42ORgxFxF9jb2322vzCfy9ce/vqdJrX/P7/Wv5Nv8Ot/ST//v/6iv2JVfvHI2J/RHzSM9jcHz1/bXa67JMHAAAAAAAAAAAAAAAAAACAp8RQh/X/qZ97yq4dsOt6y64AUJqC+P++jHoA3af9h+oS/1Bd4h+qS/xDdYl/qC7xD9Ul/qG6xD8AAAAAADxT9h+6+0MSEUvPDTYfqf4sr6/UmgG7rVZ2BYDSuMUPVJepP1BdrvGBZIP8gY4HbXTkeubOP8HBAAAAAAAAAAAAAFA5hw9a/w9VZf0/VJf1/1Bd+fr/QyXXA+g+1/hAbLCSv3D9/4ZHAQAAAAAAAAAAAAA7aX7xxuWp2dmZ6zZefTqq0c2NRqNxM/0reFrqs/MbSTZDvSuF5lPhu3+m/Zs5wXyt3+Z+cnnvSQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQLs/AwAA//+JjCTl") syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x802053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) renameat2(r0, &(0x7f0000000480)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000016c0)='./file0\x00', 0x0) 2.305325585s ago: executing program 2 (id=1261): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='stack\x00') r1 = epoll_create1(0x0) epoll_pwait(r1, &(0x7f0000000140)=[{}], 0x1, 0xfffe, 0x0, 0x0) read$FUSE(r0, &(0x7f0000000140)={0x2020}, 0x2020) 923.950911ms ago: executing program 2 (id=1262): rt_sigprocmask(0x0, &(0x7f0000000200)={[0xffffffff]}, 0x0, 0x8) r0 = gettid() tkill(r0, 0x11) rt_sigaction(0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000)) 923.800348ms ago: executing program 4 (id=1264): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x8c, 0x24, 0xf0b, 0x70bd2d, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x1], 0x0, [0x8, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f], [0x0, 0x8]}}]}}]}, 0x8c}}, 0x0) 914.833815ms ago: executing program 1 (id=1265): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f00)=@newlink={0x48, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_VFINFO_LIST={0x20, 0x16, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x18, 0xc, 0x0, 0x1, [{0x1f}]}]}]}, @IFLA_TXQLEN={0x8}]}, 0x48}}, 0x0) 126.028µs ago: executing program 0 (id=1266): r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) accept4$unix(r0, 0x0, 0x0, 0x0) 0s ago: executing program 2 (id=1267): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) write$binfmt_misc(r0, &(0x7f0000000300)=ANY=[], 0xb0) kernel console output (not intermixed with test programs): 81.805262][ T29] audit: type=1326 audit(1725634804.553:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6151 comm="syz.4.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7f723977cef9 code=0x7ffc0000 [ 181.887155][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 181.903913][ T29] audit: type=1326 audit(1725634804.553:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6151 comm="syz.4.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f723977cef9 code=0x7ffc0000 [ 181.913774][ T8] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 181.957271][ T25] usb 3-1: Using ep0 maxpacket: 8 [ 181.997583][ T25] usb 3-1: config index 0 descriptor too short (expected 301, got 72) [ 182.004144][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.012612][ T6157] loop5: detected capacity change from 0 to 1024 [ 182.025520][ T25] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 182.037095][ T5300] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 182.053166][ T29] audit: type=1326 audit(1725634804.553:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6151 comm="syz.4.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f723977cef9 code=0x7ffc0000 [ 182.079242][ T25] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 182.085245][ T8] usb 2-1: config 0 descriptor?? [ 182.145899][ T25] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 182.186664][ T25] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 182.223124][ T5300] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 182.247711][ T25] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2007, setting to 1024 [ 182.260833][ T5300] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 182.286187][ T5300] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 182.303223][ T25] usb 3-1: config 16 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 3 [ 182.333922][ T5300] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.368124][ T25] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 182.394961][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.403113][ T6154] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 182.478376][ C1] raw-gadget.0 gadget.2: ignoring, device is not running [ 182.492606][ T5300] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 182.508914][ T25] usb 3-1: can't set config #16, error -32 [ 182.547202][ T25] usb 3-1: USB disconnect, device number 5 [ 182.638544][ T1067] hfsplus: b-tree write err: -5, ino 4 [ 182.940701][ T6012] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 182.949927][ T6164] loop2: detected capacity change from 0 to 512 [ 183.010584][ T8] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 183.042981][ T5300] usb 4-1: USB disconnect, device number 7 [ 183.071368][ T6012] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 183.095687][ T8] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9 [ 183.172750][ T8] asix 2-1:0.0: probe with driver asix failed with error -71 [ 183.195891][ T8] usb 2-1: USB disconnect, device number 4 [ 183.235790][ T6012] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 183.248122][ T6164] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 183.306722][ T6012] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 183.314556][ T6164] ext4 filesystem being mounted at /57/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 183.700153][ T6173] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.712282][ T6173] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.751830][ T6173] bridge0: entered allmulticast mode [ 183.795118][ T5234] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.876196][ T6174] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.883600][ T6174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.892808][ T6174] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.902282][ T6174] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.915222][ T6176] loop4: detected capacity change from 0 to 1024 [ 183.964892][ T6174] bridge0: entered promiscuous mode [ 184.371336][ T6180] loop1: detected capacity change from 0 to 64 [ 184.731651][ T6012] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.801505][ T6180] Trying to free block not in datazone [ 184.926890][ T6012] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.012366][ T5235] hfsplus: bad catalog entry type [ 185.031900][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.039491][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.117815][ T1167] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 185.228169][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.235508][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.337133][ T1167] usb 3-1: Using ep0 maxpacket: 16 [ 185.354308][ T1167] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 185.400358][ T1167] usb 3-1: New USB device found, idVendor=046d, idProduct=c287, bcdDevice= 0.00 [ 185.433030][ T6189] loop5: detected capacity change from 0 to 4096 [ 185.434013][ T1167] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.459821][ T6189] ntfs3: loop5: Different NTFS sector size (1024) and media sector size (512). [ 185.462904][ T6193] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.477558][ T6193] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.532797][ T1167] usb 3-1: config 0 descriptor?? [ 186.135090][ T1167] logitech 0003:046D:C287.0005: hidraw0: USB HID v81.44 Device [HID 046d:c287] on usb-dummy_hcd.2-1/input0 [ 186.183691][ T1167] logitech 0003:046D:C287.0005: no inputs found [ 186.268999][ T1167] usb 3-1: USB disconnect, device number 6 [ 186.922550][ T6012] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.216762][ T6012] veth0_vlan: entered promiscuous mode [ 187.311902][ T6012] veth1_vlan: entered promiscuous mode [ 187.615180][ T6012] veth0_macvtap: entered promiscuous mode [ 187.700645][ T6012] veth1_macvtap: entered promiscuous mode [ 187.798635][ T5300] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 187.848336][ T6012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 187.880595][ T6012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.910245][ T6012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 187.943849][ T6012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.985366][ T6012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.023504][ T6012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.039605][ T5300] usb 3-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4 [ 188.059078][ T5300] usb 3-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0 [ 188.092324][ T6012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.114219][ T5300] usb 3-1: Manufacturer: syz [ 188.123885][ T6012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.154209][ T5300] usb 3-1: config 0 descriptor?? [ 188.167033][ T6012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.222362][ T6012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.267092][ T6012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.326410][ T6012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.373412][ T6012] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 188.385922][ T6218] process 'syz.5.374' launched './file0' with NULL argv: empty string added [ 188.486454][ T6221] loop3: detected capacity change from 0 to 1024 [ 188.531023][ T6012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.572980][ T6012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.623918][ T6012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.667947][ T6012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.706120][ T5300] gs_usb 3-1:0.0: Configuring for 1 interfaces [ 188.721106][ T29] audit: type=1804 audit(1725634811.723:20): pid=6223 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.375" name=2F6E6577726F6F742F36332F6275732FE91F7189591E9233614B dev="loop3" ino=25 res=1 errno=0 [ 188.755569][ T6012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.781679][ T6012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.817071][ T6012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.847101][ T6012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.881434][ T6012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.954723][ T6012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.978195][ T5239] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 189.023746][ T5239] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 189.025374][ T6220] Process accounting resumed [ 189.043786][ T5239] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 189.049920][ T6012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 189.073003][ T5239] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 189.082488][ T5239] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 189.091254][ T5239] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 189.118118][ T6012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.131652][ T5300] gs_usb 3-1:0.0: Disabling termination support for channel 0 (-EPROTO) [ 189.134410][ T6220] hfsplus: extend alloc file! (8192,512,16777719) [ 189.144293][ T5300] gs_usb 3-1:0.0: Couldn't get extended bit timing const for channel 0 (-EPROTO) [ 189.159157][ T5300] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -71 [ 189.188152][ T5300] usb 3-1: USB disconnect, device number 7 [ 189.190147][ T6012] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 189.258154][ T5236] hfsplus: extend alloc file! (8192,512,16777719) [ 189.381030][ T6228] netlink: 204 bytes leftover after parsing attributes in process `syz.5.376'. [ 189.450489][ T6012] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.507180][ T6012] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.516000][ T6012] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.526154][ T6230] overlayfs: workdir and upperdir must be separate subtrees [ 189.554010][ T6012] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.373796][ T6242] Falling back ldisc for ptm0. [ 190.418239][ T6245] loop3: detected capacity change from 0 to 512 [ 190.454501][ T6245] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 190.478129][ T1104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.502681][ T1104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.518765][ T935] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 190.573299][ T6245] EXT4-fs (loop3): 1 orphan inode deleted [ 190.588030][ T6245] EXT4-fs (loop3): 1 truncate cleaned up [ 190.596893][ T6245] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.747472][ T935] usb 2-1: Using ep0 maxpacket: 8 [ 190.771991][ T935] usb 2-1: config 150 has an invalid interface number: 204 but max is 1 [ 190.792004][ T6245] EXT4-fs (loop3): shut down requested (0) [ 190.801965][ T935] usb 2-1: config 150 has no interface number 0 [ 190.829460][ T935] usb 2-1: config 150 interface 204 has no altsetting 0 [ 190.869874][ T935] usb 2-1: config 150 interface 1 has no altsetting 0 [ 190.911785][ T935] usb 2-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 190.955424][ T935] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.016418][ T935] usb 2-1: Product: syz [ 191.053296][ T935] usb 2-1: Manufacturer: syz [ 191.077249][ T935] usb 2-1: SerialNumber: syz [ 191.111923][ T5236] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.177449][ T5239] Bluetooth: hci3: command tx timeout [ 191.301978][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 191.332431][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 191.414122][ T935] xr_serial 2-1:150.204: xr_serial converter detected [ 191.735131][ T6225] chnl_net:caif_netlink_parms(): no params data found [ 192.025986][ T935] xr_serial ttyUSB0: Failed to set reg 0x0d: -71 [ 192.068631][ T935] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 192.110993][ T935] usb 2-1: USB disconnect, device number 5 [ 192.185759][ T935] xr_serial 2-1:150.204: device disconnected [ 192.495335][ T6266] loop5: detected capacity change from 0 to 512 [ 192.532809][ T6266] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found [ 192.573628][ T6266] UDF-fs: Scanning with blocksize 512 failed [ 192.660261][ T6266] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found [ 192.747416][ T6266] UDF-fs: Scanning with blocksize 1024 failed [ 192.827386][ T6266] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found [ 192.872897][ T6266] UDF-fs: Scanning with blocksize 2048 failed [ 192.917745][ T6266] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 192.996202][ T6266] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 193.102423][ T6273] loop3: detected capacity change from 0 to 2048 [ 193.155968][ T6273] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 193.215679][ T6273] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 193.254299][ T52] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.268997][ T5239] Bluetooth: hci3: command tx timeout [ 193.394688][ T6273] CUSE: info not properly terminated [ 193.888431][ T6281] netlink: 144316 bytes leftover after parsing attributes in process `syz.1.395'. [ 193.979730][ T6284] vxcan1: tx address claim with dest, not broadcast [ 193.992942][ T52] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.132680][ T6225] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.144897][ T6225] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.191840][ T6225] bridge_slave_0: entered allmulticast mode [ 194.258380][ T6225] bridge_slave_0: entered promiscuous mode [ 194.322065][ T6225] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.367340][ T6225] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.374781][ T6225] bridge_slave_1: entered allmulticast mode [ 194.453241][ T6225] bridge_slave_1: entered promiscuous mode [ 194.543946][ T29] audit: type=1326 audit(1725634817.543:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6289 comm="syz.0.399" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0277d7cef9 code=0x0 [ 194.589046][ T6292] trusted_key: encrypted_key: keyword 'id:cb2÷ÂÂDe' not recognized [ 194.685468][ T52] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.105937][ T52] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.389809][ T5239] Bluetooth: hci3: command tx timeout [ 195.563823][ T6225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 195.626672][ T6225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 195.959811][ T6314] netdevsim netdevsim0 : renamed from netdevsim0 (while UP) [ 196.463908][ T6225] team0: Port device team_slave_0 added [ 196.644326][ T6326] loop3: detected capacity change from 0 to 128 [ 196.652246][ T6225] team0: Port device team_slave_1 added [ 196.784116][ T6326] sysv_count_free_blocks: >flc_size entries in free-list block [ 196.956611][ T6326] sysv_count_free_inodes: unable to read inode table [ 196.989141][ T6326] sysv_count_free_blocks: >flc_size entries in free-list block [ 197.034707][ T6326] sysv_count_free_inodes: unable to read inode table [ 197.142623][ T6225] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 197.207062][ T6225] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.317098][ T6225] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 197.370231][ T6225] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 197.399738][ T5236] sysv_free_block: flc_count > flc_size [ 197.406165][ T5236] sysv_free_block: flc_count > flc_size [ 197.417421][ T5244] Bluetooth: hci3: command tx timeout [ 197.427179][ T6225] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.467149][ T5236] sysv_free_block: flc_count > flc_size [ 197.472850][ T5236] sysv_free_block: flc_count > flc_size [ 197.537782][ T5236] sysv_free_block: flc_count > flc_size [ 197.543410][ T5236] sysv_free_block: flc_count > flc_size [ 197.557311][ T6225] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 197.591567][ T5236] sysv_free_block: flc_count > flc_size [ 197.620941][ T5236] sysv_free_block: flc_count > flc_size [ 197.655982][ T5236] sysv_free_block: flc_count > flc_size [ 197.707625][ T5236] sysv_free_block: flc_count > flc_size [ 197.768304][ T5236] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 197.819787][ T52] bridge_slave_1: left allmulticast mode [ 197.842511][ T52] bridge_slave_1: left promiscuous mode [ 197.881352][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.040618][ T52] bridge_slave_0: left allmulticast mode [ 198.046354][ T52] bridge_slave_0: left promiscuous mode [ 198.074003][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.753314][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 199.795822][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 199.836336][ T52] bond0 (unregistering): Released all slaves [ 200.113785][ T6358] team_slave_1: mtu greater than device maximum [ 200.143898][ T6358] team0: Device team_slave_1 failed to change mtu [ 200.911508][ T6378] loop5: detected capacity change from 0 to 128 [ 201.036716][ T6225] hsr_slave_0: entered promiscuous mode [ 201.055163][ T6225] hsr_slave_1: entered promiscuous mode [ 201.086949][ T6225] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 201.098680][ T6225] Cannot create hsr debugfs directory [ 201.211682][ T6378] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 201.237909][ T6378] FAT-fs (loop5): Filesystem has been set read-only [ 201.489121][ T6381] loop3: detected capacity change from 0 to 4096 [ 201.575417][ T6381] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512). [ 201.912168][ T6381] ntfs3: loop3: Failed to load $Extend (-22). [ 201.931092][ T6381] ntfs3: loop3: Failed to initialize $Extend. [ 202.072489][ T6392] loop2: detected capacity change from 0 to 512 [ 202.112113][ T52] hsr_slave_0: left promiscuous mode [ 202.169423][ T29] audit: type=1800 audit(1725634825.173:22): pid=6381 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.440" name="file1" dev="loop3" ino=30 res=0 errno=0 [ 202.214764][ T6392] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 202.247263][ T52] hsr_slave_1: left promiscuous mode [ 202.320063][ T6392] EXT4-fs (loop2): 1 truncate cleaned up [ 202.337842][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 202.345535][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 202.370689][ T6392] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 202.418278][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 202.446351][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 202.475296][ T6397] loop1: detected capacity change from 0 to 1764 [ 202.712285][ T6392] fscrypt (loop2, inode 18): Can't use IV_INO_LBLK_32 policy on filesystem 'loop2' because it doesn't have stable inode numbers [ 202.726212][ T52] veth1_macvtap: left promiscuous mode [ 202.726766][ T52] veth0_macvtap: left promiscuous mode [ 202.759685][ T52] veth1_vlan: left promiscuous mode [ 202.766068][ T52] veth0_vlan: left promiscuous mode [ 202.995088][ T6400] loop0: detected capacity change from 0 to 4096 [ 203.121141][ T5234] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.378965][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 203.571148][ T29] audit: type=1800 audit(1725634826.573:23): pid=6400 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.447" name="bus" dev="loop0" ino=24 res=0 errno=0 [ 204.042151][ T5143] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 204.304501][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 204.307295][ T5143] usb 3-1: Using ep0 maxpacket: 8 [ 204.313241][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 204.331262][ T5143] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 204.383402][ T5143] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 204.440813][ T5143] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 204.477127][ T5143] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 204.509514][ T5143] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 204.587417][ T5143] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 204.596664][ T5143] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.902412][ T6431] loop0: detected capacity change from 0 to 64 [ 204.949698][ T5143] usb 3-1: GET_CAPABILITIES returned 0 [ 204.955328][ T5143] usbtmc 3-1:16.0: can't read capabilities [ 205.412908][ T5143] usb 3-1: USB disconnect, device number 8 [ 206.903789][ T6452] binder: BC_ATTEMPT_ACQUIRE not supported [ 206.922024][ T6452] binder: 6451:6452 ioctl c0306201 20000480 returned -22 [ 207.069341][ T52] team0 (unregistering): Port device team_slave_1 removed [ 207.253259][ T52] team0 (unregistering): Port device team_slave_0 removed [ 209.160764][ T6469] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.260060][ T6475] loop2: detected capacity change from 0 to 128 [ 209.324598][ T6471] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.332041][ T6471] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.399882][ T6475] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 209.412804][ T6478] loop1: detected capacity change from 0 to 764 [ 209.505580][ T6475] ext4 filesystem being mounted at /77/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 209.578224][ T6478] ISOFS: unable to read i-node block [ 210.222709][ T5234] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 210.381317][ T6491] loop1: detected capacity change from 0 to 2048 [ 210.392719][ T1167] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 210.438102][ T6491] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 210.607183][ T1167] usb 4-1: Using ep0 maxpacket: 8 [ 210.614876][ T6496] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 210.617898][ T6491] NILFS error (device loop1): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 210.645668][ T1167] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 210.678106][ T1167] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 210.725017][ T1167] usb 4-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00 [ 210.751730][ T6491] Remounting filesystem read-only [ 210.779017][ T1167] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.829507][ T1167] usb 4-1: config 0 descriptor?? [ 211.363850][ T1167] saitek 0003:06A3:0CCD.0006: unknown main item tag 0x0 [ 211.407239][ T1167] saitek 0003:06A3:0CCD.0006: unknown main item tag 0x0 [ 211.414285][ T1167] saitek 0003:06A3:0CCD.0006: item fetching failed at offset 2/11 [ 211.508894][ T1167] saitek 0003:06A3:0CCD.0006: parse failed [ 211.516245][ T1167] saitek 0003:06A3:0CCD.0006: probe with driver saitek failed with error -22 [ 211.618979][ T1167] usb 4-1: USB disconnect, device number 8 [ 212.010606][ T6512] tun0: tun_chr_ioctl cmd 1074025672 [ 212.015996][ T6512] tun0: ignored: set checksum enabled [ 212.682942][ T6225] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 212.803475][ T6225] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 212.965252][ T6225] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 213.028206][ T6225] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 213.098203][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 213.258926][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 213.729341][ T6539] Failed to get privilege flags for destination (handle=0x2:0x0) [ 214.065905][ T29] audit: type=1326 audit(1725634837.053:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6541 comm="syz.0.496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0277d7cef9 code=0x7ffc0000 [ 214.197717][ T29] audit: type=1326 audit(1725634837.053:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6541 comm="syz.0.496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0277d7cef9 code=0x7ffc0000 [ 214.274927][ T6225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.307784][ T29] audit: type=1326 audit(1725634837.113:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6541 comm="syz.0.496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0277d7cef9 code=0x7ffc0000 [ 214.440791][ T29] audit: type=1326 audit(1725634837.143:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6541 comm="syz.0.496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0277d7cef9 code=0x7ffc0000 [ 214.484206][ T6225] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.539173][ T29] audit: type=1326 audit(1725634837.143:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6541 comm="syz.0.496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0277d7cef9 code=0x7ffc0000 [ 214.627114][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.634412][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.677349][ T25] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 214.677460][ T29] audit: type=1326 audit(1725634837.153:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6541 comm="syz.0.496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0277d7cef9 code=0x7ffc0000 [ 214.793728][ T1104] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.803103][ T1104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.869942][ T29] audit: type=1326 audit(1725634837.153:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6541 comm="syz.0.496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0277d7cef9 code=0x7ffc0000 [ 214.927935][ T25] usb 3-1: Using ep0 maxpacket: 32 [ 214.948778][ T25] usb 3-1: unable to get BOS descriptor or descriptor too short [ 214.999450][ T25] usb 3-1: config 11 has an invalid interface number: 181 but max is 1 [ 215.001248][ T29] audit: type=1326 audit(1725634837.153:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6541 comm="syz.0.496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0277d7cef9 code=0x7ffc0000 [ 215.052002][ T25] usb 3-1: config 11 has an invalid interface number: 2 but max is 1 [ 215.117072][ T25] usb 3-1: config 11 has no interface number 0 [ 215.153882][ T25] usb 3-1: config 11 has no interface number 1 [ 215.159845][ T29] audit: type=1326 audit(1725634837.193:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6541 comm="syz.0.496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=161 compat=0 ip=0x7f0277d7cef9 code=0x7ffc0000 [ 215.182388][ T25] usb 3-1: config 11 interface 181 altsetting 0 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 215.182459][ T25] usb 3-1: config 11 interface 181 altsetting 0 endpoint 0x5 has invalid maxpacket 512, setting to 64 [ 215.190174][ T25] usb 3-1: string descriptor 0 read error: -22 [ 215.306703][ T29] audit: type=1326 audit(1725634837.193:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6541 comm="syz.0.496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0277d7cef9 code=0x7ffc0000 [ 215.367496][ T25] usb 3-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=da.27 [ 215.437027][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.586181][ T25] snd-usb-audio 3-1:11.181: probe with driver snd-usb-audio failed with error -22 [ 215.712181][ T6566] netlink: 'syz.3.505': attribute type 4 has an invalid length. [ 216.297869][ T5398] usb 3-1: USB disconnect, device number 9 [ 216.567288][ T25] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 216.810858][ T25] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 216.834415][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 216.897118][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 216.901890][ T6225] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.950369][ T25] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 217.000965][ T25] usb 1-1: New USB device found, idVendor=5543, idProduct=0003, bcdDevice= 0.00 [ 217.033134][ T6587] block nbd3: shutting down sockets [ 217.069597][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.156341][ T25] usb 1-1: config 0 descriptor?? [ 217.421541][ T6591] loop2: detected capacity change from 0 to 512 [ 217.529118][ T6591] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 217.693624][ T6591] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.511: iget: bad i_size value: -67835469387268086 [ 217.793446][ T6591] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.511: couldn't read orphan inode 15 (err -117) [ 217.797091][ T5301] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 217.827346][ T25] uclogic 0003:5543:0003.0007: No inputs registered, leaving [ 217.856523][ T6600] loop3: detected capacity change from 0 to 1024 [ 217.884781][ T6591] EXT4-fs (loop2): mounted filesystem f7ff0000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 217.908656][ T25] uclogic 0003:5543:0003.0007: hidraw0: USB HID v0.00 Device [HID 5543:0003] on usb-dummy_hcd.0-1/input0 [ 217.964159][ T6591] ext2 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 217.997556][ T25] usb 1-1: USB disconnect, device number 3 [ 218.123528][ T5301] usb 6-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 218.156543][ T5301] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.224429][ T6591] EXT4-fs error (device loop2): ext4_add_entry:2435: inode #2: comm syz.2.511: Directory hole found for htree leaf block 0 [ 218.271465][ T5301] usb 6-1: config 0 descriptor?? [ 218.384581][ T6603] syz.3.513: attempt to access beyond end of device [ 218.384581][ T6603] loop3: rw=0, sector=201326592, nr_sectors = 2 limit=1024 [ 218.511139][ T6603] Buffer I/O error on dev loop3, logical block 100663296, async page read [ 218.547972][ T6603] hfsplus: unable to mark blocks free: error -5 [ 218.577307][ T6603] hfsplus: can't free extent [ 218.605825][ T5301] [drm] vendor descriptor length:c3 data:c3 00 b7 aa f9 11 f3 d6 00 27 99 [ 218.658098][ T5301] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 218.748084][ T5234] EXT4-fs (loop2): unmounting filesystem f7ff0000-0000-0000-0000-000000000000. [ 218.829297][ T5301] [drm:udl_init] *ERROR* Selecting channel failed [ 219.071488][ T6607] loop1: detected capacity change from 0 to 4096 [ 219.080972][ T5301] [drm] Initialized udl 0.0.1 for 6-1:0.0 on minor 2 [ 219.120928][ T5301] [drm] Initialized udl on minor 2 [ 219.146773][ T6225] veth0_vlan: entered promiscuous mode [ 219.155221][ T6607] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 219.164133][ T5301] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 219.206339][ T5301] udl 6-1:0.0: [drm] Cannot find any crtc or sizes [ 219.213204][ T6612] loop3: detected capacity change from 0 to 64 [ 219.263684][ T5143] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 219.322642][ T5301] usb 6-1: USB disconnect, device number 4 [ 219.330120][ T6225] veth1_vlan: entered promiscuous mode [ 219.341875][ T5143] udl 6-1:0.0: [drm] Cannot find any crtc or sizes [ 219.425509][ T6616] loop0: detected capacity change from 0 to 1024 [ 219.534181][ T6616] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 219.678785][ T6607] ntfs3: loop1: failed to convert "c46c" to cp863 [ 219.766677][ T6616] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 219.779454][ T6225] veth0_macvtap: entered promiscuous mode [ 219.892836][ T6225] veth1_macvtap: entered promiscuous mode [ 220.125572][ T6225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.196036][ T6225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.246631][ T6225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.294046][ T6225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.357025][ T6225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.405803][ T6225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.482471][ T6225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.547121][ T6225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.601383][ T6225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.670395][ T6225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.719239][ T6225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.773524][ T6225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.808961][ T6636] loop3: detected capacity change from 0 to 512 [ 220.845376][ T6225] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.893204][ T6012] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.896891][ T6636] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 220.905977][ T6633] tipc: Started in network mode [ 220.957483][ T6633] tipc: Node identity b88, cluster identity 5 [ 220.982209][ T6633] tipc: Node number set to 2952 [ 221.027637][ T6633] tipc: Cannot configure node identity twice [ 221.060898][ T6636] EXT4-fs (loop3): 1 truncate cleaned up [ 221.102234][ T6636] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 221.230213][ T6225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.297151][ T6225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.327135][ T6225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.416271][ T6225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.467313][ T6225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.527063][ T6225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.601241][ T6225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.660865][ T6225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.734056][ T6225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.788127][ T6225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.820299][ T6225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.877033][ T6225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.934114][ T6225] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 222.042915][ T5236] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.055031][ T6225] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.094012][ T25] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 222.107167][ T6225] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.147236][ T6225] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.176895][ T6225] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.332729][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 222.418126][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 222.450279][ T25] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 222.492755][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.553616][ T25] usb 2-1: config 0 descriptor?? [ 222.598661][ T25] hub 2-1:0.0: USB hub found [ 222.884295][ T25] hub 2-1:0.0: 1 port detected [ 223.122973][ T6672] kernel read not supported for file /file0 (pid: 6672 comm: syz.5.535) [ 223.168242][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 223.168270][ T29] audit: type=1800 audit(1725634846.173:46): pid=6672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.535" name="file0" dev="mqueue" ino=12960 res=0 errno=0 [ 223.198949][ T6674] loop3: detected capacity change from 0 to 256 [ 223.216548][ T6674] exfat: Deprecated parameter 'namecase' [ 223.244498][ T1122] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 223.261065][ T6674] exfat: Deprecated parameter 'utf8' [ 223.266527][ T6674] exfat: Deprecated parameter 'namecase' [ 223.301243][ T1122] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 223.317143][ T6674] exfat: Deprecated parameter 'utf8' [ 223.338988][ T25] usb 2-1: USB disconnect, device number 6 [ 223.415426][ T6674] exFAT-fs (loop3): failed to load upcase table (idx : 0x00012153, chksum : 0x555ffa9e, utbl_chksum : 0xe619d30d) [ 223.740306][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 223.786852][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.894020][ T6702] loop1: detected capacity change from 0 to 512 [ 225.143723][ T6702] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 225.215701][ T6702] ext4 filesystem being mounted at /103/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 225.639155][ T6719] netlink: 8 bytes leftover after parsing attributes in process `syz.4.550'. [ 225.710957][ T6719] IPv6: NLM_F_CREATE should be specified when creating new route [ 225.795037][ T6726] netlink: 8 bytes leftover after parsing attributes in process `syz.2.552'. [ 225.898434][ T5238] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.557717][ T5342] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 226.584147][ T5300] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 226.672839][ T6743] loop3: detected capacity change from 0 to 128 [ 226.743208][ T6743] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 226.797649][ T5342] usb 1-1: New USB device found, idVendor=04bb, idProduct=0901, bcdDevice=55.ba [ 226.822756][ T5300] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 226.843104][ T5342] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.860970][ T6743] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 226.885906][ T5300] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 226.923813][ T5342] usb 1-1: Product: syz [ 226.930682][ T5342] usb 1-1: Manufacturer: syz [ 226.937909][ T5342] usb 1-1: SerialNumber: syz [ 226.942679][ T5300] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 226.978779][ T5342] usb 1-1: config 0 descriptor?? [ 226.997116][ T5300] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.038985][ T5300] usb 5-1: config 0 descriptor?? [ 227.137319][ T5300] hub 5-1:0.0: USB hub found [ 227.262203][ T6752] netlink: 20 bytes leftover after parsing attributes in process `syz.5.562'. [ 227.383986][ T5300] hub 5-1:0.0: 1 port detected [ 227.399504][ T5342] kaweth 1-1:0.0: Firmware present in device. [ 227.565679][ T5342] kaweth 1-1:0.0: Statistics collection: 0 [ 227.629568][ T5342] kaweth 1-1:0.0: Multicast filter limit: 0 [ 227.635858][ T5342] kaweth 1-1:0.0: MTU: 0 [ 227.655735][ T6757] loop1: detected capacity change from 0 to 256 [ 227.671994][ T5342] kaweth 1-1:0.0: Read MAC address 00:00:00:00:00:00 [ 227.768347][ T6759] binder: 6758:6759 ioctl 40046205 0 returned -22 [ 227.810697][ T5300] usb 5-1: USB disconnect, device number 3 [ 227.837356][ T6759] binder: 6758:6759 ioctl c0306201 20000040 returned -11 [ 227.956130][ T5342] kaweth 1-1:0.0: Error setting SOFS wait [ 228.000451][ T5342] kaweth 1-1:0.0: probe with driver kaweth failed with error -5 [ 228.148681][ T5342] usb 1-1: USB disconnect, device number 4 [ 229.184827][ T29] audit: type=1326 audit(1725634852.183:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6781 comm="syz.5.574" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fed18f7cef9 code=0x0 [ 229.621147][ T6792] netlink: 12 bytes leftover after parsing attributes in process `syz.3.578'. [ 229.760602][ T6795] loop1: detected capacity change from 0 to 256 [ 230.188986][ T6803] loop3: detected capacity change from 0 to 1024 [ 230.484427][ T6809] netlink: 'syz.1.584': attribute type 4 has an invalid length. [ 230.507284][ T6809] netlink: 17 bytes leftover after parsing attributes in process `syz.1.584'. [ 230.678300][ T6812] loop0: detected capacity change from 0 to 64 [ 230.757221][ T6814] netlink: 8 bytes leftover after parsing attributes in process `syz.5.587'. [ 230.767167][ T5301] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 231.026142][ T5301] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 231.057159][ T5301] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 231.101534][ T5301] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 231.137895][ T5301] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 231.169196][ T5301] usb 4-1: SerialNumber: syz [ 231.555206][ T5301] usb 4-1: 0:2 : does not exist [ 231.688431][ T5301] usb 4-1: USB disconnect, device number 9 [ 231.757782][ T6831] warning: `syz.0.593' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 231.969104][ T5402] udevd[5402]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 232.255203][ T6838] loop0: detected capacity change from 0 to 128 [ 232.462833][ T1122] hfsplus: b-tree write err: -5, ino 4 [ 232.492949][ T6838] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 232.586260][ T6838] ext4 filesystem being mounted at /42/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 232.777193][ T6838] EXT4-fs warning (device loop0): __ext4_ioctl:1257: Setting inode version is not supported with metadata_csum enabled. [ 232.947823][ T6847] loop5: detected capacity change from 0 to 1024 [ 233.091186][ T6012] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 233.197940][ T6855] loop3: detected capacity change from 0 to 128 [ 233.218916][ T6855] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 233.271458][ T6847] syz.5.600: attempt to access beyond end of device [ 233.271458][ T6847] loop5: rw=0, sector=201326592, nr_sectors = 2 limit=1024 [ 233.364361][ T6855] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 233.387083][ T6847] Buffer I/O error on dev loop5, logical block 100663296, async page read [ 233.416342][ T6847] syz.5.600: attempt to access beyond end of device [ 233.416342][ T6847] loop5: rw=0, sector=201326592, nr_sectors = 2 limit=1024 [ 233.477956][ T6847] Buffer I/O error on dev loop5, logical block 100663296, async page read [ 233.694083][ T29] audit: type=1800 audit(1725634856.693:48): pid=6855 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.603" name="bus" dev="loop3" ino=115 res=0 errno=0 [ 233.977169][ T6865] vcan0: entered allmulticast mode [ 234.659076][ T5300] usb 6-1: new full-speed USB device number 5 using dummy_hcd [ 234.911992][ T5300] usb 6-1: config 0 has no interfaces? [ 234.950834][ T5300] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 234.974124][ T5300] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.998281][ T6886] loop3: detected capacity change from 0 to 2048 [ 235.006226][ T6886] EXT4-fs: Ignoring removed mblk_io_submit option [ 235.031874][ T5300] usb 6-1: Product: syz [ 235.069931][ T5300] usb 6-1: Manufacturer: syz [ 235.097304][ T5300] usb 6-1: SerialNumber: syz [ 235.111612][ T5300] usb 6-1: config 0 descriptor?? [ 235.189429][ T6886] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 235.434743][ T6886] EXT4-fs error (device loop3): ext4_validate_block_bitmap:440: comm syz.3.616: bg 0: block 234: padding at end of block bitmap is not set [ 235.467516][ T6898] loop2: detected capacity change from 0 to 512 [ 235.548521][ T6898] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.621: corrupted in-inode xattr: invalid ea_ino [ 235.550053][ T1167] usb 6-1: USB disconnect, device number 5 [ 235.607913][ T6898] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.621: couldn't read orphan inode 15 (err -117) [ 235.647627][ T6886] EXT4-fs (loop3): Remounting filesystem read-only [ 235.684586][ T6898] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 235.858827][ T5236] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.012654][ T5234] EXT4-fs error (device loop2): htree_dirblock_to_tree:1109: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 236.120356][ T5234] EXT4-fs error (device loop2): ext4_lookup:1813: inode #2: comm syz-executor: deleted inode referenced: 15 [ 236.194669][ T5234] EXT4-fs error (device loop2): ext4_lookup:1813: inode #2: comm syz-executor: deleted inode referenced: 15 [ 236.239753][ T6909] loop3: detected capacity change from 0 to 16 [ 236.290534][ T6909] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 237.042899][ T6927] mmap: syz.4.634 (6927) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 237.097603][ T4618] Bluetooth: hci0: command 0x0406 tx timeout [ 237.111174][ T5241] Bluetooth: hci2: command 0x0406 tx timeout [ 237.111222][ T5251] Bluetooth: hci1: command 0x0406 tx timeout [ 237.330972][ T5342] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 237.560836][ T5342] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 237.591816][ T5342] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 237.623168][ T5342] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 237.672343][ T5342] usb 6-1: config 0 interface 0 has no altsetting 0 [ 237.714699][ T5342] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 237.755142][ T5342] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 237.807040][ T5342] usb 6-1: config 0 interface 0 has no altsetting 0 [ 237.847320][ T5342] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 237.858913][ T5234] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.876387][ T5342] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 237.942669][ T5342] usb 6-1: config 0 interface 0 has no altsetting 0 [ 237.981092][ T5342] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 238.028628][ T5342] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 238.093425][ T5342] usb 6-1: config 0 interface 0 has no altsetting 0 [ 238.124863][ T5342] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 238.164970][ T5342] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 238.207326][ T5342] usb 6-1: config 0 interface 0 has no altsetting 0 [ 238.230749][ T5342] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 238.268619][ T5342] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 238.288109][ T80] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.330363][ T5342] usb 6-1: config 0 interface 0 has no altsetting 0 [ 238.374628][ T5342] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 238.387579][ T6943] netlink: 3 bytes leftover after parsing attributes in process `syz.0.642'. [ 238.413243][ T5342] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 238.444721][ T5342] usb 6-1: config 0 interface 0 has no altsetting 0 [ 238.462763][ T5244] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 238.472978][ T5244] Bluetooth: hci3: Injecting HCI hardware error event [ 238.480695][ T5342] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 238.483548][ T5244] Bluetooth: hci3: hardware error 0x00 [ 238.495741][ T5342] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 238.549353][ T5342] usb 6-1: config 0 interface 0 has no altsetting 0 [ 238.624628][ T5342] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 238.667312][ T5342] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 238.755176][ T5342] usb 6-1: Product: syz [ 238.780181][ T5342] usb 6-1: Manufacturer: syz [ 238.784875][ T5342] usb 6-1: SerialNumber: syz [ 238.821396][ T80] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.838236][ T5342] usb 6-1: config 0 descriptor?? [ 238.919923][ T5342] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 239.157472][ T5342] IPVS: starting estimator thread 0... [ 239.187741][ T6952] IPVS: wlc: UDP 0.0.0.0:0 - no destination available [ 239.267595][ T6954] IPVS: using max 14 ests per chain, 33600 per kthread [ 239.289348][ T80] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.418474][ T6950] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 239.485416][ T5300] usb 6-1: USB disconnect, device number 6 [ 239.519185][ T5300] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 239.759613][ T6959] netlink: 4 bytes leftover after parsing attributes in process `syz.4.651'. [ 239.796487][ T80] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.877371][ T25] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 240.067199][ T8] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 240.110592][ T25] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 240.140133][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 240.187590][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 240.198490][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 240.237045][ T25] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 240.281379][ T25] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 240.337202][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.390314][ T6957] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 240.408572][ T8] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 240.425963][ T8] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 240.451064][ T25] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 240.515876][ T8] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 240.576205][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.614769][ T8] usb 4-1: Product: syz [ 240.637072][ T8] usb 4-1: Manufacturer: syz [ 240.672380][ T8] usb 4-1: SerialNumber: syz [ 240.697160][ T5244] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 240.739293][ T8] usb 4-1: config 0 descriptor?? [ 240.763211][ T6969] netlink: 24 bytes leftover after parsing attributes in process `syz.5.655'. [ 240.798227][ T6961] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 240.836226][ T6961] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 240.845873][ T25] usb 1-1: USB disconnect, device number 5 [ 240.922778][ T80] bridge_slave_1: left allmulticast mode [ 240.957509][ T80] bridge_slave_1: left promiscuous mode [ 240.963679][ T80] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.079368][ T5239] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 241.129519][ T5239] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 241.141175][ T5239] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 241.187725][ T5239] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 241.201689][ T5239] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 241.209635][ T5239] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 241.316748][ T6961] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 241.338938][ T6961] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 241.357413][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 241.459302][ T80] bridge_slave_0: left allmulticast mode [ 241.465051][ T80] bridge_slave_0: left promiscuous mode [ 241.527717][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 241.550670][ T80] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.601888][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 241.807287][ T8] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00 [ 242.019466][ T8] dm9601 4-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID [ 242.119121][ T8] usb 4-1: USB disconnect, device number 10 [ 243.338516][ T5244] Bluetooth: hci0: command tx timeout [ 243.562425][ T80] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 243.609709][ T80] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 243.648761][ T80] bond0 (unregistering): Released all slaves [ 243.706828][ T6995] sch_tbf: burst 0 is lower than device bridge_slave_1 mtu (1514) ! [ 244.177796][ T7016] Context (ID=0x0) not attached to queue pair (handle=0x1:0x0) [ 244.430836][ T7019] loop3: detected capacity change from 0 to 1024 [ 244.951059][ T1122] hfsplus: b-tree write err: -5, ino 4 [ 245.179582][ T5300] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 245.427662][ T5244] Bluetooth: hci0: command tx timeout [ 245.477235][ T5300] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 245.498508][ T7041] loop1: detected capacity change from 0 to 64 [ 245.549234][ T5300] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 245.591525][ T5300] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 245.647231][ T5300] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.657019][ T80] hsr_slave_0: left promiscuous mode [ 245.720636][ T80] hsr_slave_1: left promiscuous mode [ 245.728125][ T7030] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 245.798959][ T5300] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 245.808438][ T80] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 245.816012][ T80] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 246.118798][ T80] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 246.226459][ T80] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 246.493402][ T5300] usb 6-1: USB disconnect, device number 7 [ 246.760373][ T80] veth1_macvtap: left promiscuous mode [ 246.766091][ T80] veth0_macvtap: left promiscuous mode [ 246.932788][ T80] veth1_vlan: left promiscuous mode [ 246.997458][ T80] veth0_vlan: left promiscuous mode [ 247.507242][ T5244] Bluetooth: hci0: command tx timeout [ 247.748377][ T7047] loop0: detected capacity change from 0 to 131072 [ 247.765727][ T7047] F2FS-fs (loop0): Segment count (31) mismatch with total segments from devices (0) [ 247.777822][ T7047] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 247.805538][ T7047] F2FS-fs (loop0): invalid crc value [ 247.851647][ T7047] F2FS-fs (loop0): Found nat_bits in checkpoint [ 247.996849][ T7047] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 248.004650][ T7047] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 248.066749][ T7047] F2FS-fs (loop0): checksum invalid, nid = 4, ino_of_node = 4, efdbe231 vs. 15bb5891 [ 249.441444][ T7078] loop4: detected capacity change from 0 to 764 [ 249.577411][ T5244] Bluetooth: hci0: command tx timeout [ 250.242388][ T7089] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 251.278085][ T80] team0 (unregistering): Port device team_slave_1 removed [ 251.366393][ T80] team0 (unregistering): Port device team_slave_0 removed [ 252.350275][ T7071] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.358462][ T7071] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.383204][ T7071] bridge0: left allmulticast mode [ 253.893333][ T6973] chnl_net:caif_netlink_parms(): no params data found [ 254.918826][ T7144] loop3: detected capacity change from 0 to 512 [ 255.118973][ T7144] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 255.171026][ T7144] EXT4-fs error (device loop3): ext4_free_branches:1027: inode #13: comm syz.3.709: invalid indirect mapped block 8 (level 2) [ 255.306684][ T7144] EXT4-fs (loop3): Remounting filesystem read-only [ 255.319151][ T6973] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.336643][ T6973] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.353743][ T7144] EXT4-fs (loop3): 1 truncate cleaned up [ 255.410172][ T7144] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 255.417142][ T6973] bridge_slave_0: entered allmulticast mode [ 255.495642][ T6973] bridge_slave_0: entered promiscuous mode [ 255.619905][ T6973] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.671208][ T6973] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.724528][ T6973] bridge_slave_1: entered allmulticast mode [ 255.789447][ T6973] bridge_slave_1: entered promiscuous mode [ 255.985919][ T5236] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 256.298770][ T6973] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 256.332656][ T7164] netlink: 'syz.1.717': attribute type 25 has an invalid length. [ 256.357391][ T7164] netlink: 'syz.1.717': attribute type 7 has an invalid length. [ 256.419935][ T6973] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 256.864114][ T6973] team0: Port device team_slave_0 added [ 256.998184][ T6973] team0: Port device team_slave_1 added [ 257.362706][ T6973] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 257.405162][ T6973] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 257.486752][ T6973] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 257.568842][ T6973] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 257.575864][ T6973] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 257.688561][ T6973] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 258.288037][ T6973] hsr_slave_0: entered promiscuous mode [ 258.348003][ T6973] hsr_slave_1: entered promiscuous mode [ 259.052927][ T7212] netlink: 14601 bytes leftover after parsing attributes in process `syz.0.736'. [ 259.732839][ T7184] loop5: detected capacity change from 0 to 32768 [ 261.903264][ T7226] loop4: detected capacity change from 0 to 131072 [ 261.936578][ T7226] F2FS-fs (loop4): invalid crc value [ 262.052746][ T7226] F2FS-fs (loop4): Found nat_bits in checkpoint [ 262.161457][ T7226] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 262.409811][ T7250] Bluetooth: MGMT ver 1.23 [ 263.026246][ T7254] loop3: detected capacity change from 0 to 1024 [ 263.608125][ T61] hfsplus: b-tree write err: -5, ino 4 [ 263.927779][ T6973] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 264.009704][ T6973] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 264.097612][ T6973] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 264.162677][ T6973] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 264.933715][ T7283] netlink: 4 bytes leftover after parsing attributes in process `syz.0.761'. [ 264.986474][ T7291] loop1: detected capacity change from 0 to 128 [ 265.045693][ T6973] 8021q: adding VLAN 0 to HW filter on device bond0 [ 265.066778][ T7291] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 265.248255][ T7291] ext4 filesystem being mounted at /146/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 265.290554][ T6973] 8021q: adding VLAN 0 to HW filter on device team0 [ 265.402880][ T1104] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.410296][ T1104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.546610][ T1104] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.554054][ T1104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 265.778531][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 265.784969][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 265.822743][ T5238] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 266.631537][ T7316] netlink: 4 bytes leftover after parsing attributes in process `syz.1.770'. [ 267.237103][ T5299] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 267.487139][ T5299] usb 1-1: Using ep0 maxpacket: 32 [ 267.550629][ T5299] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 267.573389][ T6973] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 267.584538][ T5299] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.641129][ T5299] usb 1-1: config 0 descriptor?? [ 267.692342][ T5299] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 268.081246][ T6973] veth0_vlan: entered promiscuous mode [ 268.208630][ T6973] veth1_vlan: entered promiscuous mode [ 268.473228][ T6973] veth0_macvtap: entered promiscuous mode [ 268.565616][ T6973] veth1_macvtap: entered promiscuous mode [ 268.567856][ T5299] gspca_vc032x: reg_w err -71 [ 268.619225][ T5299] gspca_vc032x: I2c Bus Busy Wait 00 [ 268.624607][ T5299] gspca_vc032x: I2c Bus Busy Wait 00 [ 268.650856][ T5299] gspca_vc032x: I2c Bus Busy Wait 00 [ 268.676817][ T5299] gspca_vc032x: I2c Bus Busy Wait 00 [ 268.693132][ T5299] gspca_vc032x: I2c Bus Busy Wait 00 [ 268.731694][ T6973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 268.737139][ T5299] gspca_vc032x: I2c Bus Busy Wait 00 [ 268.779352][ T6973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 268.800983][ T5299] gspca_vc032x: I2c Bus Busy Wait 00 [ 268.817030][ T6973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 268.829047][ T5299] gspca_vc032x: I2c Bus Busy Wait 00 [ 268.849274][ T5299] gspca_vc032x: I2c Bus Busy Wait 00 [ 268.854637][ T5299] gspca_vc032x: I2c Bus Busy Wait 00 [ 268.859675][ T6973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 268.901126][ T5299] gspca_vc032x: I2c Bus Busy Wait 00 [ 268.927038][ T6973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 268.927201][ T5299] gspca_vc032x: I2c Bus Busy Wait 00 [ 268.975111][ T6973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 268.977737][ T5299] gspca_vc032x: I2c Bus Busy Wait 00 [ 269.017027][ T6973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.034798][ T5299] gspca_vc032x: I2c Bus Busy Wait 00 [ 269.049723][ T7353] netlink: 'syz.3.782': attribute type 3 has an invalid length. [ 269.052276][ T5299] gspca_vc032x: I2c Bus Busy Wait 00 [ 269.082863][ T6973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.095738][ T5299] gspca_vc032x: I2c Bus Busy Wait 00 [ 269.129575][ T5299] gspca_vc032x: I2c Bus Busy Wait 00 [ 269.146048][ T6973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.160519][ T5299] gspca_vc032x: I2c Bus Busy Wait 00 [ 269.192748][ T5299] gspca_vc032x: Unknown sensor... [ 269.210526][ T6973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.210964][ T5299] vc032x 1-1:0.0: probe with driver vc032x failed with error -22 [ 269.260409][ T6973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.317554][ T6973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.326756][ T5299] usb 1-1: USB disconnect, device number 6 [ 269.381514][ T6973] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 269.579401][ T6973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.642989][ T6973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.707768][ T6973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.767159][ T6973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.793375][ T6973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.828368][ T6973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.867874][ T6973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.910349][ T6973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.940951][ T6973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.967129][ T6973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.979121][ T6973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.996245][ T6973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.014198][ T6973] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 270.064553][ T7374] netlink: 8 bytes leftover after parsing attributes in process `syz.0.790'. [ 270.123542][ T6973] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.171091][ T6973] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.227798][ T6973] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.257090][ T6973] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.501232][ T7385] loop4: detected capacity change from 0 to 64 [ 270.519675][ T7386] loop0: detected capacity change from 0 to 8 [ 270.683989][ T7385] syz.4.794: attempt to access beyond end of device [ 270.683989][ T7385] loop4: rw=0, sector=1024, nr_sectors = 2 limit=64 [ 270.780768][ T7385] Buffer I/O error on dev loop4, logical block 512, async page read [ 270.805318][ T7385] syz.4.794: attempt to access beyond end of device [ 270.805318][ T7385] loop4: rw=0, sector=113152, nr_sectors = 2 limit=64 [ 270.841607][ T7386] SQUASHFS error: Failed to read block 0x8f: -5 [ 270.873609][ T29] audit: type=1800 audit(1725634893.873:49): pid=7386 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.795" name="/" dev="loop0" ino=5 res=0 errno=0 [ 270.877720][ T7385] Buffer I/O error on dev loop4, logical block 56576, async page read [ 271.065758][ T7395] netlink: 'syz.3.798': attribute type 8 has an invalid length. [ 271.113488][ T7395] netlink: 8 bytes leftover after parsing attributes in process `syz.3.798'. [ 271.116219][ T7399] loop1: detected capacity change from 0 to 8 [ 271.182474][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 271.230839][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 271.511729][ T7403] loop4: detected capacity change from 0 to 1024 [ 271.574882][ T1067] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 271.588503][ T7403] EXT4-fs: Ignoring removed nomblk_io_submit option [ 271.615995][ T1067] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 271.738127][ T7403] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 272.009533][ T7422] Attempt to restore checkpoint with obsolete wellknown handles [ 272.122469][ T7426] loop3: detected capacity change from 0 to 64 [ 272.270441][ T6225] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 272.341025][ T7426] syz.3.807: attempt to access beyond end of device [ 272.341025][ T7426] loop3: rw=2049, sector=268435468, nr_sectors = 2 limit=64 [ 272.402438][ T7432] syz.3.807: attempt to access beyond end of device [ 272.402438][ T7432] loop3: rw=2049, sector=268435468, nr_sectors = 2 limit=64 [ 272.538768][ T7436] input: syz1 as /devices/virtual/input/input9 [ 273.578335][ T5244] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0 [ 273.589476][ T5244] Bluetooth: hci6: Injecting HCI hardware error event [ 273.602245][ T5244] Bluetooth: hci6: hardware error 0x00 [ 273.606515][ T7464] loop4: detected capacity change from 0 to 1024 [ 273.660856][ T7465] Illegal XDP return value 4294967274 on prog (id 95) dev N/A, expect packet loss! [ 273.937361][ T7472] netlink: 12 bytes leftover after parsing attributes in process `syz.1.825'. [ 274.217186][ T29] audit: type=1326 audit(1725634897.213:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7481 comm="syz.5.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed18f7cef9 code=0x7ffc0000 [ 274.239747][ C1] vkms_vblank_simulate: vblank timer overrun [ 274.327140][ T29] audit: type=1326 audit(1725634897.233:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7481 comm="syz.5.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed18f7cef9 code=0x7ffc0000 [ 274.342442][ T7482] loop5: detected capacity change from 0 to 1024 [ 274.443036][ T29] audit: type=1326 audit(1725634897.253:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7481 comm="syz.5.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fed18f7cef9 code=0x7ffc0000 [ 274.445963][ T7482] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 274.545462][ T7489] netlink: 8 bytes leftover after parsing attributes in process `syz.1.832'. [ 274.550849][ T29] audit: type=1326 audit(1725634897.253:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7481 comm="syz.5.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fed18f7cf33 code=0x7ffc0000 [ 274.558865][ T7487] loop4: detected capacity change from 0 to 764 [ 274.696121][ T29] audit: type=1326 audit(1725634897.283:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7481 comm="syz.5.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fed18f7b9df code=0x7ffc0000 [ 274.730864][ T7482] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:482: comm syz.5.830: Invalid block bitmap block 0 in block_group 0 [ 274.802480][ T29] audit: type=1326 audit(1725634897.313:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7481 comm="syz.5.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fed18f7cf87 code=0x7ffc0000 [ 274.825066][ C1] vkms_vblank_simulate: vblank timer overrun [ 274.897702][ T7482] Quota error (device loop5): write_blk: dquota write failed [ 274.932031][ T29] audit: type=1326 audit(1725634897.343:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7481 comm="syz.5.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fed18f7b890 code=0x7ffc0000 [ 274.933673][ T7482] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 274.954879][ C1] vkms_vblank_simulate: vblank timer overrun [ 275.067224][ T7482] EXT4-fs error (device loop5): ext4_acquire_dquot:6846: comm syz.5.830: Failed to acquire dquot type 0 [ 275.154132][ T7506] IPVS: lc: SCTP 127.0.0.1:0 - no destination available [ 275.157851][ T7482] EXT4-fs error (device loop5): ext4_free_blocks:6589: comm syz.5.830: Freeing blocks not in datazone - block = 0, count = 4096 [ 275.177513][ T5143] IPVS: starting estimator thread 0... [ 275.234947][ T7482] EXT4-fs error (device loop5): ext4_read_inode_bitmap:139: comm syz.5.830: Invalid inode bitmap blk 0 in block_group 0 [ 275.253122][ T52] EXT4-fs error (device loop5): ext4_release_dquot:6869: comm kworker/u8:3: Failed to release dquot type 0 [ 275.310636][ T7505] IPVS: using max 14 ests per chain, 33600 per kthread [ 275.335948][ T7482] EXT4-fs error (device loop5) in ext4_free_inode:362: Corrupt filesystem [ 275.400613][ T7482] EXT4-fs (loop5): 1 orphan inode deleted [ 275.460913][ T7482] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 275.492974][ T7511] loop2: detected capacity change from 0 to 256 [ 275.554875][ T7511] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 275.583792][ T7482] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 275.837549][ T5237] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 275.897433][ T5244] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 276.777252][ T935] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 277.017384][ T935] usb 1-1: Using ep0 maxpacket: 16 [ 277.070797][ T935] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 277.122935][ T935] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 277.184624][ T935] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 277.246599][ T935] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 277.303849][ T935] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.319201][ T7543] IPVS: persistence engine module ip_vs_pe_@ not found [ 277.345088][ T5244] Bluetooth: hci0: command tx timeout [ 277.396281][ T935] usb 1-1: config 0 descriptor?? [ 278.096012][ T935] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0008/input/input10 [ 278.338158][ T935] microsoft 0003:045E:07DA.0008: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 278.414388][ T7563] loop4: detected capacity change from 0 to 64 [ 278.427716][ T935] usb 1-1: USB disconnect, device number 7 [ 279.246367][ T7580] loop3: detected capacity change from 0 to 512 [ 280.471804][ T7607] loop4: detected capacity change from 0 to 2048 [ 280.557289][ T25] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 280.582320][ T7607] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 280.829548][ T25] usb 6-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 280.851317][ T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.902936][ T25] usb 6-1: Product: syz [ 280.918160][ T25] usb 6-1: Manufacturer: syz [ 280.930578][ T25] usb 6-1: SerialNumber: syz [ 280.968279][ T25] usb 6-1: config 0 descriptor?? [ 281.287839][ T25] cx82310_eth 6-1:0.0: probe with driver cx82310_eth failed with error -22 [ 281.422889][ T7633] netlink: 12 bytes leftover after parsing attributes in process `syz.1.881'. [ 281.543586][ T7633] veth1_macvtap: left promiscuous mode [ 281.728286][ T25] cxacru 6-1:0.0: usbatm_usb_probe: bind failed: -19! [ 281.831090][ T7644] loop0: detected capacity change from 0 to 128 [ 281.879129][ T7644] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 281.924608][ T7644] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 282.120266][ T5143] usb 6-1: USB disconnect, device number 8 [ 282.198399][ T7651] loop1: detected capacity change from 0 to 512 [ 282.231015][ T7651] EXT4-fs: Ignoring removed i_version option [ 282.254547][ T7653] netlink: 8 bytes leftover after parsing attributes in process `syz.3.888'. [ 282.267602][ T7651] EXT4-fs: Ignoring removed nobh option [ 282.298486][ T7651] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 282.395090][ T7651] EXT4-fs (loop1): 1 truncate cleaned up [ 282.413350][ T7651] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 282.527595][ T7660] binder: 7659:7660 ioctl 40046205 0 returned -22 [ 282.549114][ T7660] binder: 7659:7660 ioctl c0306201 20000040 returned -11 [ 283.068669][ T5238] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 283.241198][ T7676] loop5: detected capacity change from 0 to 2048 [ 283.244484][ T8] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 283.288718][ T7679] netlink: 8 bytes leftover after parsing attributes in process `syz.1.898'. [ 283.327193][ T7679] netlink: 4 bytes leftover after parsing attributes in process `syz.1.898'. [ 283.356637][ T7676] loop5: p1 p3 p4 [ 283.384149][ T7679] ipvlan2: entered allmulticast mode [ 283.400589][ T7676] loop5: p4 size 8388608 extends beyond EOD, truncated [ 283.414330][ T7679] veth0_vlan: entered allmulticast mode [ 283.463902][ T7682] netlink: 'syz.0.899': attribute type 5 has an invalid length. [ 283.471942][ T8] usb 3-1: Using ep0 maxpacket: 32 [ 283.527136][ T8] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 283.544846][ T8] usb 3-1: config 0 has no interface number 0 [ 283.567178][ T8] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 283.607478][ T8] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 283.631413][ T8] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 283.654300][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.729179][ T8] usb 3-1: config 0 descriptor?? [ 283.948764][ T7687] loop3: detected capacity change from 0 to 2048 [ 284.011428][ T7694] loop0: detected capacity change from 0 to 64 [ 284.081461][ T7687] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c098, mo2=0002] [ 284.097459][ T7687] System zones: 0-4 [ 284.113239][ T7687] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 284.139786][ T7687] ext4 filesystem being mounted at /163/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 284.421982][ T8] uclogic 0003:28BD:0094.0009: pen parameters not found [ 284.452121][ T8] uclogic 0003:28BD:0094.0009: interface is invalid, ignoring [ 284.475877][ T8] usb 3-1: USB disconnect, device number 10 [ 284.494621][ T5236] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 285.260091][ T7715] loop1: detected capacity change from 0 to 2048 [ 285.334802][ T7715] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 285.687176][ T5238] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 287.972691][ T7784] smc: net device gretap0 applied user defined pnetid SYZ2 [ 288.038335][ T7786] smc: net device gretap0 erased user defined pnetid SYZ2 [ 288.228057][ T935] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 288.396512][ T7791] netlink: 8 bytes leftover after parsing attributes in process `syz.1.943'. [ 288.432593][ T935] usb 5-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4 [ 288.467367][ T935] usb 5-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0 [ 288.496194][ T935] usb 5-1: Manufacturer: syz [ 288.524079][ T935] usb 5-1: config 0 descriptor?? [ 289.046247][ T935] gs_usb 5-1:0.0: Configuring for 1 interfaces [ 289.186334][ T7806] netlink: 12 bytes leftover after parsing attributes in process `syz.1.949'. [ 289.248836][ T935] gs_usb 5-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 289.316621][ T935] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -22 [ 289.338865][ T7809] kernel read not supported for file /eth0 (pid: 7809 comm: syz.5.950) [ 289.367499][ T29] kauditd_printk_skb: 17 callbacks suppressed [ 289.367523][ T29] audit: type=1800 audit(1725634912.373:73): pid=7809 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.950" name="eth0" dev="mqueue" ino=17430 res=0 errno=0 [ 289.415602][ T7813] 9pnet_fd: Insufficient options for proto=fd [ 289.578152][ T935] usb 5-1: USB disconnect, device number 4 [ 289.616592][ T7815] netlink: 4 bytes leftover after parsing attributes in process `syz.1.953'. [ 290.455923][ T7841] loop4: detected capacity change from 0 to 64 [ 290.829501][ T7850] netlink: 8 bytes leftover after parsing attributes in process `syz.2.970'. [ 290.849456][ T7848] kernel read not supported for file /file0 (pid: 7848 comm: syz.1.969) [ 290.899254][ T29] audit: type=1800 audit(1725634913.903:74): pid=7848 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.969" name="file0" dev="mqueue" ino=17162 res=0 errno=0 [ 291.391091][ T7866] loop0: detected capacity change from 0 to 2048 [ 291.405336][ T7866] EXT4-fs: Ignoring removed mblk_io_submit option [ 291.519912][ T7866] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 291.623124][ T7866] EXT4-fs error (device loop0): ext4_validate_block_bitmap:440: comm syz.0.989: bg 0: block 234: padding at end of block bitmap is not set [ 291.657268][ T7866] EXT4-fs (loop0): Remounting filesystem read-only [ 291.679582][ T7878] loop2: detected capacity change from 0 to 128 [ 291.732554][ T7881] netlink: 'syz.4.979': attribute type 4 has an invalid length. [ 291.761009][ T7881] netlink: 17 bytes leftover after parsing attributes in process `syz.4.979'. [ 291.797926][ T7878] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 291.821065][ T7878] ext4 filesystem being mounted at /34/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 291.911950][ T6012] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 291.990222][ T7878] EXT4-fs warning (device loop2): __ext4_ioctl:1257: Setting inode version is not supported with metadata_csum enabled. [ 292.026682][ T5299] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 292.240143][ T5299] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 292.258287][ T6973] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 292.288055][ T5299] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 292.321378][ T5299] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 292.355254][ T5299] usb 4-1: config 0 interface 0 has no altsetting 0 [ 292.370514][ T5299] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 292.381569][ T5299] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 292.427096][ T5299] usb 4-1: config 0 interface 0 has no altsetting 0 [ 292.440089][ T7895] loop5: detected capacity change from 0 to 512 [ 292.453503][ T5299] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 292.478416][ T5299] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 292.501696][ T5299] usb 4-1: config 0 interface 0 has no altsetting 0 [ 292.508023][ T7895] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2240: inode #15: comm syz.5.985: corrupted in-inode xattr: invalid ea_ino [ 292.510740][ T5299] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 292.540347][ T5299] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 292.552631][ T5299] usb 4-1: config 0 interface 0 has no altsetting 0 [ 292.567872][ T5299] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 292.583360][ T5299] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 292.595190][ T5299] usb 4-1: config 0 interface 0 has no altsetting 0 [ 292.605677][ T7895] EXT4-fs error (device loop5): ext4_orphan_get:1394: comm syz.5.985: couldn't read orphan inode 15 (err -117) [ 292.625834][ T5299] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 292.635694][ T5299] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 292.652766][ T5299] usb 4-1: config 0 interface 0 has no altsetting 0 [ 292.669514][ T7895] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 292.717905][ T5299] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 292.747229][ T5299] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 292.771314][ T5299] usb 4-1: config 0 interface 0 has no altsetting 0 [ 292.779305][ T5239] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 292.789962][ T5299] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 292.792561][ T5239] Bluetooth: hci5: Injecting HCI hardware error event [ 292.864341][ T5299] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 292.937325][ T5299] usb 4-1: config 0 interface 0 has no altsetting 0 [ 292.979357][ T5299] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 293.009221][ T5299] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 293.049104][ T5299] usb 4-1: Product: syz [ 293.056444][ T5237] EXT4-fs error (device loop5): htree_dirblock_to_tree:1109: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 293.077285][ T5299] usb 4-1: Manufacturer: syz [ 293.081949][ T5299] usb 4-1: SerialNumber: syz [ 293.094351][ T5299] usb 4-1: config 0 descriptor?? [ 293.114284][ T5237] EXT4-fs error (device loop5): ext4_lookup:1813: inode #2: comm syz-executor: deleted inode referenced: 15 [ 293.131751][ T5299] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 293.181560][ T5237] EXT4-fs error (device loop5): ext4_lookup:1813: inode #2: comm syz-executor: deleted inode referenced: 15 [ 293.431751][ T5239] Bluetooth: hci5: command 0x0406 tx timeout [ 293.503520][ T5143] usb 4-1: USB disconnect, device number 11 [ 293.521743][ T5143] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 293.556463][ T5244] Bluetooth: hci5: hardware error 0x00 [ 293.877299][ T25] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 293.921448][ T5237] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.107327][ T25] usb 3-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4 [ 294.136552][ T25] usb 3-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0 [ 294.160494][ T25] usb 3-1: Manufacturer: syz [ 294.164870][ T1104] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.204055][ T25] usb 3-1: config 0 descriptor?? [ 294.281063][ T7925] sch_tbf: burst 0 is lower than device bridge_slave_1 mtu (1514) ! [ 294.318542][ T7929] netlink: 'syz.0.1001': attribute type 4 has an invalid length. [ 294.337407][ T7929] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1001'. [ 294.696489][ T1104] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.711953][ T25] gs_usb 3-1:0.0: Configuring for 1 interfaces [ 294.872643][ T1104] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.921426][ T25] gs_usb 3-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 294.958382][ T25] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -22 [ 295.058820][ T1104] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.273216][ T25] usb 3-1: USB disconnect, device number 11 [ 295.575020][ T7944] loop0: detected capacity change from 0 to 1024 [ 295.650919][ T1104] bridge_slave_1: left allmulticast mode [ 295.670943][ T5244] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 295.689436][ T1104] bridge_slave_1: left promiscuous mode [ 295.738286][ T1104] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.836633][ T1104] bridge_slave_0: left allmulticast mode [ 295.857634][ T1104] bridge_slave_0: left promiscuous mode [ 295.863678][ T1104] bridge0: port 1(bridge_slave_0) entered disabled state [ 295.985922][ T1067] hfsplus: b-tree write err: -5, ino 4 [ 296.170655][ T7953] loop2: detected capacity change from 0 to 64 [ 296.393136][ T5239] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 296.417264][ T5239] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 296.427561][ T5239] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 296.440461][ T5239] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 296.450327][ T5239] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 296.477802][ T5239] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 296.510126][ T7960] IPVS: wlc: UDP 0.0.0.0:0 - no destination available [ 297.310046][ T1104] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 297.325779][ T1104] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 297.349371][ T1104] bond0 (unregistering): Released all slaves [ 297.395522][ T7966] netlink: 'syz.2.1019': attribute type 4 has an invalid length. [ 297.407313][ T7966] netlink: 17 bytes leftover after parsing attributes in process `syz.2.1019'. [ 297.827538][ T7975] loop3: detected capacity change from 0 to 256 [ 297.836695][ T7975] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 297.873415][ T7975] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 297.915854][ T7974] sch_tbf: burst 0 is lower than device bridge_slave_1 mtu (1514) ! [ 298.547868][ T5239] Bluetooth: hci4: command tx timeout [ 298.783001][ T7991] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1031'. [ 298.824474][ T1104] hsr_slave_0: left promiscuous mode [ 298.903917][ T1104] hsr_slave_1: left promiscuous mode [ 298.973368][ T1104] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 299.007359][ T1104] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 299.070474][ T1104] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 299.084183][ T1104] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 299.189204][ T1104] veth1_macvtap: left promiscuous mode [ 299.194883][ T1104] veth0_macvtap: left promiscuous mode [ 299.218421][ T1104] veth1_vlan: left promiscuous mode [ 299.223986][ T1104] veth0_vlan: left promiscuous mode [ 299.817949][ T8017] loop4: detected capacity change from 0 to 128 [ 299.900826][ T8017] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 299.914710][ T8017] ext4 filesystem being mounted at /75/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 300.015836][ T8023] loop1: detected capacity change from 0 to 256 [ 300.068628][ T8023] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 300.125313][ T8023] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 300.216276][ T6225] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 300.630233][ T5239] Bluetooth: hci4: command tx timeout [ 301.133582][ T1104] team0 (unregistering): Port device team_slave_1 removed [ 301.218263][ T1104] team0 (unregistering): Port device team_slave_0 removed [ 302.098852][ T8013] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.107777][ T8013] bridge0: port 1(bridge_slave_0) entered disabled state [ 302.157170][ T8018] netlink: 'syz.3.1037': attribute type 4 has an invalid length. [ 302.165006][ T8018] netlink: 17 bytes leftover after parsing attributes in process `syz.3.1037'. [ 302.700179][ T5239] Bluetooth: hci4: command tx timeout [ 303.242473][ T7956] chnl_net:caif_netlink_parms(): no params data found [ 304.012310][ T8072] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.020932][ T8072] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.117523][ T7956] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.124846][ T7956] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.170073][ T7956] bridge_slave_0: entered allmulticast mode [ 304.214184][ T7956] bridge_slave_0: entered promiscuous mode [ 304.341986][ T7956] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.383136][ T7956] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.418560][ T7956] bridge_slave_1: entered allmulticast mode [ 304.460454][ T7956] bridge_slave_1: entered promiscuous mode [ 304.766410][ T7956] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 304.783495][ T5239] Bluetooth: hci4: command tx timeout [ 304.864756][ T7956] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 305.006178][ T8095] loop4: detected capacity change from 0 to 8 [ 305.196011][ T7956] team0: Port device team_slave_0 added [ 305.272683][ T7956] team0: Port device team_slave_1 added [ 305.571420][ T7956] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 305.606934][ T7956] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 305.723367][ T7956] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 305.775762][ T7956] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 305.790019][ T8106] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 305.793332][ T7956] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 305.845049][ T7956] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 306.370050][ T7956] hsr_slave_0: entered promiscuous mode [ 306.421274][ T7956] hsr_slave_1: entered promiscuous mode [ 306.458111][ T7956] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 306.472712][ T7956] Cannot create hsr debugfs directory [ 306.988205][ T8122] netlink: 'syz.4.1085': attribute type 8 has an invalid length. [ 306.996045][ T8122] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1085'. [ 309.198644][ T8131] loop1: detected capacity change from 0 to 131072 [ 309.208658][ T8131] F2FS-fs (loop1): Segment count (31) mismatch with total segments from devices (0) [ 309.221862][ T8131] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 309.237696][ T8131] F2FS-fs (loop1): invalid crc value [ 309.308173][ T8131] F2FS-fs (loop1): Found nat_bits in checkpoint [ 309.403469][ T8131] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 309.410962][ T8131] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 309.512654][ T8131] F2FS-fs (loop1): checksum invalid, nid = 4, ino_of_node = 4, efdbe231 vs. 15bb5891 [ 309.919331][ T7956] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 310.041471][ T7956] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 310.106155][ T7956] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 310.179579][ T7956] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 310.806946][ T7956] 8021q: adding VLAN 0 to HW filter on device bond0 [ 311.040355][ T7956] 8021q: adding VLAN 0 to HW filter on device team0 [ 311.123604][ T1122] bridge0: port 1(bridge_slave_0) entered blocking state [ 311.130976][ T1122] bridge0: port 1(bridge_slave_0) entered forwarding state [ 311.243125][ T1122] bridge0: port 2(bridge_slave_1) entered blocking state [ 311.250529][ T1122] bridge0: port 2(bridge_slave_1) entered forwarding state [ 312.701682][ T7956] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 313.919271][ T8205] loop4: detected capacity change from 0 to 1024 [ 314.326987][ C0] sched: RT throttling activated [ 314.405541][ T35] hfsplus: b-tree write err: -5, ino 4 [ 314.825997][ T7956] veth0_vlan: entered promiscuous mode [ 314.887462][ T25] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 314.903159][ T7956] veth1_vlan: entered promiscuous mode [ 314.923801][ T8211] loop2: detected capacity change from 0 to 4096 [ 314.967642][ T8211] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 315.132669][ T7956] veth0_macvtap: entered promiscuous mode [ 315.148264][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 315.195509][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 315.212417][ T7956] veth1_macvtap: entered promiscuous mode [ 315.212942][ T8199] loop0: detected capacity change from 0 to 131072 [ 315.227754][ T25] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 315.253262][ T8199] F2FS-fs (loop0): invalid crc value [ 315.310574][ T25] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 315.313676][ T8199] F2FS-fs (loop0): Found nat_bits in checkpoint [ 315.357575][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.408050][ T25] usb 4-1: config 0 descriptor?? [ 315.420603][ T7956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.431424][ T8199] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 315.432454][ T8211] ntfs3: loop2: Failed to load $Extend (-22). [ 315.477228][ T8211] ntfs3: loop2: Failed to initialize $Extend. [ 315.477416][ T7956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.518298][ T7956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.553893][ T7956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.594457][ T7956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.617053][ T7956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.650782][ T7956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.711519][ T7956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.735583][ T7956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.746906][ T7956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.757127][ T7956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.772696][ T7956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.833754][ T7956] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 315.867967][ T8218] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1131'. [ 315.900475][ T8218] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1131'. [ 315.956027][ T25] corsair-cpro 0003:1B1C:1D00.000A: item fetching failed at offset 1/5 [ 315.978149][ T8218] ipvlan2: entered allmulticast mode [ 315.988237][ T25] corsair-cpro 0003:1B1C:1D00.000A: probe with driver corsair-cpro failed with error -22 [ 316.003919][ T8218] veth0_vlan: entered allmulticast mode [ 316.118178][ T7956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 316.177075][ T7956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.209405][ T7956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 316.250251][ T7956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.301904][ T7956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 316.345088][ T5342] usb 4-1: USB disconnect, device number 12 [ 316.351404][ T7956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.391888][ T7956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 316.423423][ T7956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.445246][ T7956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 316.482160][ T7956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.507099][ T7956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 316.528428][ T7956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.561401][ T7956] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 316.704433][ T7956] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.737166][ T7956] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.768079][ T7956] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.807092][ T7956] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.292154][ T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 317.346042][ T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 317.559841][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 317.590037][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 319.165573][ T8254] loop2: detected capacity change from 0 to 128 [ 319.687289][ T5299] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 319.947110][ T5299] usb 5-1: Using ep0 maxpacket: 32 [ 319.978907][ T5299] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 320.017371][ T5299] usb 5-1: config 0 has no interface number 0 [ 320.043630][ T5299] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 320.120255][ T5299] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 320.183182][ T5299] usb 5-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 320.233995][ T5299] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.337473][ T5299] usb 5-1: config 0 descriptor?? [ 320.454765][ T8246] loop5: detected capacity change from 0 to 131072 [ 320.483852][ T8246] F2FS-fs (loop5): invalid crc value [ 320.587494][ T8246] F2FS-fs (loop5): Found nat_bits in checkpoint [ 320.693981][ T8246] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4 [ 321.147297][ T5299] uclogic 0003:28BD:0094.000B: pen parameters not found [ 321.164263][ T5299] uclogic 0003:28BD:0094.000B: interface is invalid, ignoring [ 321.180812][ T8278] netlink: 'syz.2.1144': attribute type 3 has an invalid length. [ 321.549349][ T5342] usb 5-1: USB disconnect, device number 5 [ 322.014582][ T8291] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 322.049608][ T8291] bridge0: entered allmulticast mode [ 322.515057][ T8296] loop2: detected capacity change from 0 to 2048 [ 322.554710][ T8296] EXT4-fs (loop2): #clusters per group too big: 20480 [ 322.608502][ T8300] loop3: detected capacity change from 0 to 64 [ 322.665350][ T8299] loop4: detected capacity change from 0 to 2048 [ 322.735046][ T8299] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c098, mo2=0002] [ 322.767486][ T8299] System zones: 0-4 [ 322.795733][ T8299] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 322.837873][ T8300] syz.3.1165: attempt to access beyond end of device [ 322.837873][ T8300] loop3: rw=0, sector=1024, nr_sectors = 2 limit=64 [ 322.878788][ T8300] Buffer I/O error on dev loop3, logical block 512, async page read [ 322.889269][ T8299] ext4 filesystem being mounted at /102/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 322.900588][ T8304] EXT4-fs error (device loop4): ext4_validate_block_bitmap:440: comm ext4lazyinit: bg 0: block 288: padding at end of block bitmap is not set [ 322.900717][ T8300] syz.3.1165: attempt to access beyond end of device [ 322.900717][ T8300] loop3: rw=0, sector=113152, nr_sectors = 2 limit=64 [ 322.957473][ T8300] Buffer I/O error on dev loop3, logical block 56576, async page read [ 323.209803][ T6225] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 323.938122][ T8316] netlink: 'syz.3.1158': attribute type 5 has an invalid length. [ 324.642210][ T8332] loop2: detected capacity change from 0 to 8 [ 324.849700][ T8332] SQUASHFS error: Failed to read block 0x8f: -5 [ 324.905132][ T8337] loop3: detected capacity change from 0 to 2048 [ 324.918905][ T29] audit: type=1800 audit(1725634947.923:75): pid=8332 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1166" name="/" dev="loop2" ino=5 res=0 errno=0 [ 324.954023][ T8337] EXT4-fs (loop3): #clusters per group too big: 20480 [ 325.146925][ T8340] loop0: detected capacity change from 0 to 2048 [ 325.253105][ T8340] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c098, mo2=0002] [ 325.343796][ T8340] System zones: 0-4 [ 325.422710][ T8340] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 325.481686][ T8340] ext4 filesystem being mounted at /143/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 325.643322][ T8353] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1146'. [ 325.810289][ T8345] EXT4-fs error (device loop0): ext4_validate_block_bitmap:440: comm ext4lazyinit: bg 0: block 288: padding at end of block bitmap is not set [ 325.926673][ T6012] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 325.934871][ T8359] loop4: detected capacity change from 0 to 128 [ 326.315433][ T8366] Attempt to restore checkpoint with obsolete wellknown handles [ 326.377375][ T8363] can0: slcan on ttyS3. [ 326.462822][ T8370] loop4: detected capacity change from 0 to 64 [ 326.554034][ T8368] can0 (unregistered): slcan off ttyS3. [ 326.586031][ T8370] syz.4.1183: attempt to access beyond end of device [ 326.586031][ T8370] loop4: rw=2049, sector=268435468, nr_sectors = 2 limit=64 [ 326.662022][ T8374] loop3: detected capacity change from 0 to 8 [ 326.690386][ T8370] syz.4.1183: attempt to access beyond end of device [ 326.690386][ T8370] loop4: rw=2049, sector=268435468, nr_sectors = 2 limit=64 [ 326.692462][ T8375] loop5: detected capacity change from 0 to 512 [ 326.755442][ T8377] input: syz1 as /devices/virtual/input/input11 [ 326.763699][ T8375] EXT4-fs: Ignoring removed i_version option [ 326.780887][ T8375] EXT4-fs: Ignoring removed nobh option [ 326.806050][ T8375] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 326.831960][ T8374] SQUASHFS error: Failed to read block 0x8f: -5 [ 326.889972][ T29] audit: type=1800 audit(1725634949.883:76): pid=8374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1186" name="/" dev="loop3" ino=5 res=0 errno=0 [ 326.931526][ T8380] netlink: 'syz.1.1187': attribute type 5 has an invalid length. [ 326.957487][ T8375] EXT4-fs (loop5): 1 truncate cleaned up [ 326.965755][ T8375] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 327.195962][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 327.202712][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 327.353206][ T7956] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 327.454589][ T8388] loop1: detected capacity change from 0 to 8 [ 327.547135][ T935] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 327.608475][ T8388] SQUASHFS error: Failed to read block 0x8f: -5 [ 327.615593][ T29] audit: type=1800 audit(1725634950.613:77): pid=8388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1203" name="/" dev="loop1" ino=5 res=0 errno=0 [ 327.767129][ T935] usb 1-1: Using ep0 maxpacket: 32 [ 327.781110][ T935] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 327.797652][ T935] usb 1-1: config 0 has no interface number 0 [ 327.823522][ T935] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 327.874586][ T935] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 327.909932][ T935] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 327.937165][ T935] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.975022][ T935] usb 1-1: config 0 descriptor?? [ 328.243983][ T8403] Attempt to restore checkpoint with obsolete wellknown handles [ 328.337556][ T8402] loop3: detected capacity change from 0 to 4096 [ 328.450539][ T8405] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 328.654714][ T935] uclogic 0003:28BD:0094.000C: pen parameters not found [ 328.688292][ T8411] input: syz1 as /devices/virtual/input/input12 [ 328.692477][ T935] uclogic 0003:28BD:0094.000C: interface is invalid, ignoring [ 328.734416][ T935] usb 1-1: USB disconnect, device number 8 [ 328.759481][ T8409] loop4: detected capacity change from 0 to 1764 [ 329.047094][ T5299] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 329.103225][ T8417] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 329.247049][ T5299] usb 6-1: Using ep0 maxpacket: 16 [ 329.300573][ T5299] usb 6-1: config 0 has an invalid interface number: 214 but max is 0 [ 329.317022][ T5299] usb 6-1: config 0 has no interface number 0 [ 329.323620][ T5299] usb 6-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 329.381386][ T5299] usb 6-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 329.417102][ T5299] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.440085][ T5299] usb 6-1: Product: syz [ 329.463720][ T5299] usb 6-1: Manufacturer: syz [ 329.477496][ T5299] usb 6-1: SerialNumber: syz [ 329.515305][ T5299] usb 6-1: config 0 descriptor?? [ 330.252382][ T5299] input: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.214/input/input13 [ 330.659678][ T5342] usb 6-1: USB disconnect, device number 9 [ 331.137872][ T8431] loop2: detected capacity change from 0 to 1024 [ 331.392042][ T8426] loop0: detected capacity change from 0 to 32768 [ 333.329306][ T8460] loop5: detected capacity change from 0 to 512 [ 333.359321][ T5342] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 333.375516][ T8460] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -13 [ 333.405012][ T8460] EXT4-fs error (device loop5): ext4_free_branches:1027: inode #13: comm syz.5.1220: invalid indirect mapped block 2683928664 (level 1) [ 333.427015][ T8460] EXT4-fs (loop5): Remounting filesystem read-only [ 333.437878][ T8460] EXT4-fs (loop5): 1 truncate cleaned up [ 333.446088][ T8460] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 333.588905][ T5342] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 333.610251][ T5342] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 333.647299][ T5342] usb 1-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 333.677587][ T5342] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.723563][ T5342] usb 1-1: config 0 descriptor?? [ 333.986006][ T8446] loop2: detected capacity change from 0 to 32768 [ 334.200348][ T5342] hid (null): global environment stack underflow [ 334.262461][ T5342] uclogic 0003:5543:0522.000D: global environment stack underflow [ 334.287140][ T5342] uclogic 0003:5543:0522.000D: item 0 1 1 11 parsing failed [ 334.306341][ T5342] uclogic 0003:5543:0522.000D: parse failed [ 334.318482][ T5342] uclogic 0003:5543:0522.000D: probe with driver uclogic failed with error -22 [ 334.418648][ T7956] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 334.621761][ T5342] usb 1-1: USB disconnect, device number 9 [ 334.851506][ T11] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.127366][ T5301] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 335.188781][ T11] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.387557][ T5301] usb 5-1: Using ep0 maxpacket: 16 [ 335.431071][ T5301] usb 5-1: config 0 has an invalid interface number: 214 but max is 0 [ 335.448688][ T5301] usb 5-1: config 0 has no interface number 0 [ 335.454973][ T5301] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 335.524941][ T5301] usb 5-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 335.541617][ T11] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.557032][ T5301] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 335.565125][ T5301] usb 5-1: Product: syz [ 335.597291][ T5301] usb 5-1: Manufacturer: syz [ 335.601976][ T5301] usb 5-1: SerialNumber: syz [ 335.638576][ T5301] usb 5-1: config 0 descriptor?? [ 335.869719][ T11] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.965189][ T8471] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1227'. [ 336.339539][ T5301] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.214/input/input14 [ 336.450442][ T11] bridge_slave_1: left allmulticast mode [ 336.466758][ T11] bridge_slave_1: left promiscuous mode [ 336.478978][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 336.515064][ T11] bridge_slave_0: left allmulticast mode [ 336.527069][ T11] bridge_slave_0: left promiscuous mode [ 336.539924][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 336.576417][ T8] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 336.765074][ T935] usb 5-1: USB disconnect, device number 6 [ 336.767226][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 336.791194][ T8] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 336.809658][ T8] usb 2-1: config 0 has no interface number 0 [ 336.816762][ T8] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 336.869968][ T8] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 336.897178][ T8] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 336.922768][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 336.978638][ T8] usb 2-1: config 0 descriptor?? [ 337.436562][ T5244] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 337.466202][ T5244] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 337.488371][ T5244] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 337.507744][ T5244] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 337.523098][ T5244] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 337.531553][ T5244] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 337.717297][ T8] uclogic 0003:28BD:0094.000E: pen parameters not found [ 337.724378][ T8] uclogic 0003:28BD:0094.000E: interface is invalid, ignoring [ 338.083627][ T8498] loop2: detected capacity change from 0 to 512 [ 338.117825][ T25] usb 2-1: USB disconnect, device number 7 [ 338.162720][ T8498] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13 [ 338.178846][ T8498] EXT4-fs error (device loop2): ext4_free_branches:1027: inode #13: comm syz.2.1241: invalid indirect mapped block 2683928664 (level 1) [ 338.255424][ T8498] EXT4-fs (loop2): Remounting filesystem read-only [ 338.303081][ T8498] EXT4-fs (loop2): 1 truncate cleaned up [ 338.359676][ T8498] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 338.473145][ T8498] EXT4-fs (loop2): Quota file not on filesystem root. Journaled quota will not work [ 338.655649][ T8503] loop0: detected capacity change from 0 to 512 [ 338.706412][ T6973] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 339.668488][ T5244] Bluetooth: hci4: command tx timeout [ 339.821045][ T5239] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 339.849171][ T5239] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 339.867580][ T5239] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 339.898662][ T5239] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 339.926133][ T5239] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 339.938972][ T5239] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 340.048658][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 340.094553][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 340.127867][ T11] bond0 (unregistering): Released all slaves [ 340.828011][ T5246] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 341.060144][ T5246] usb 1-1: Using ep0 maxpacket: 16 [ 341.070755][ T5246] usb 1-1: config 0 has an invalid interface number: 214 but max is 0 [ 341.087036][ T5246] usb 1-1: config 0 has no interface number 0 [ 341.102574][ T5246] usb 1-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 341.142631][ T5246] usb 1-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 341.155285][ T5246] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 341.174787][ T5246] usb 1-1: Product: syz [ 341.187204][ T5246] usb 1-1: Manufacturer: syz [ 341.191874][ T5246] usb 1-1: SerialNumber: syz [ 341.221424][ T5246] usb 1-1: config 0 descriptor?? [ 341.413311][ T11] hsr_slave_0: left promiscuous mode [ 341.430845][ T11] hsr_slave_1: left promiscuous mode [ 341.477291][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 341.484921][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 341.521680][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 341.546904][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 341.642411][ T11] veth1_macvtap: left promiscuous mode [ 341.653799][ T11] veth0_macvtap: left promiscuous mode [ 341.660185][ T11] veth1_vlan: left promiscuous mode [ 341.665678][ T11] veth0_vlan: left promiscuous mode [ 341.737382][ T5244] Bluetooth: hci4: command tx timeout [ 341.904827][ T5246] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.214/input/input15 [ 342.058081][ T5244] Bluetooth: hci7: command tx timeout [ 342.270261][ T5342] usb 1-1: USB disconnect, device number 10 [ 343.227951][ T8547] loop1: detected capacity change from 0 to 1764 [ 343.437241][ T5342] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 343.657581][ T5342] usb 1-1: Using ep0 maxpacket: 32 [ 343.676420][ T5342] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 343.698178][ T5342] usb 1-1: config 0 has no interface number 0 [ 343.704470][ T5342] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 343.714766][ T8551] loop4: detected capacity change from 0 to 1024 [ 343.738092][ T5342] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 343.787206][ T5342] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 343.806791][ T5342] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 343.827592][ T5244] Bluetooth: hci4: command tx timeout [ 343.861583][ T8551] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 343.881350][ T5342] usb 1-1: config 0 descriptor?? [ 344.147233][ T5244] Bluetooth: hci7: command tx timeout [ 344.189826][ T8551] EXT4-fs warning (device loop4): empty_inline_dir:1820: bad inline directory (dir #12) - no `..' [ 344.432800][ T6225] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 344.627553][ T5342] uclogic 0003:28BD:0094.000F: pen parameters not found [ 344.650219][ T5342] uclogic 0003:28BD:0094.000F: interface is invalid, ignoring [ 345.013543][ T8] usb 1-1: USB disconnect, device number 11 [ 345.224507][ T11] team0 (unregistering): Port device team_slave_1 removed [ 345.416932][ T11] team0 (unregistering): Port device team_slave_0 removed [ 345.899538][ T5244] Bluetooth: hci4: command tx timeout [ 346.020396][ T8564] ================================================================== [ 346.028541][ T8564] BUG: KASAN: slab-use-after-free in hci_sock_get_cookie+0x42/0x50 [ 346.036494][ T8564] Read of size 4 at addr ffff8880306bb568 by task syz.2.1267/8564 [ 346.044332][ T8564] [ 346.046671][ T8564] CPU: 0 UID: 0 PID: 8564 Comm: syz.2.1267 Not tainted 6.11.0-rc6-syzkaller-00183-gb831f83e40a2 #0 [ 346.057399][ T8564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 346.067506][ T8564] Call Trace: [ 346.070818][ T8564] [ 346.073856][ T8564] dump_stack_lvl+0x116/0x1f0 [ 346.078603][ T8564] print_report+0xc3/0x620 [ 346.083075][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.088789][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.094508][ T8564] ? __phys_addr+0xc6/0x150 [ 346.099059][ T8564] kasan_report+0xd9/0x110 [ 346.103538][ T8564] ? hci_sock_get_cookie+0x42/0x50 [ 346.108685][ T8564] ? hci_sock_get_cookie+0x42/0x50 [ 346.113860][ T8564] hci_sock_get_cookie+0x42/0x50 [ 346.118835][ T8564] mgmt_cmd_status+0x229/0x520 [ 346.123748][ T8564] cmd_complete_rsp+0x111/0x160 [ 346.128658][ T8564] mgmt_pending_foreach+0xe2/0x140 [ 346.133851][ T8564] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 346.139286][ T8564] __mgmt_power_off+0x12f/0x2c0 [ 346.144185][ T8564] ? __pfx___mgmt_power_off+0x10/0x10 [ 346.149604][ T8564] ? bit_wait_timeout+0x14f/0x170 [ 346.154684][ T8564] ? lockdep_hardirqs_on+0x7c/0x110 [ 346.159935][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.165610][ T8564] ? 0xffffffff81000000 [ 346.169847][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.175533][ T8564] hci_dev_close_sync+0xc33/0x1110 [ 346.180694][ T8564] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 346.186297][ T8564] hci_dev_do_close+0x2e/0x90 [ 346.191022][ T8564] hci_dev_close+0x183/0x1e0 [ 346.195652][ T8564] hci_sock_ioctl+0x28c/0x880 [ 346.200480][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.206178][ T8564] ? __pfx_hci_sock_ioctl+0x10/0x10 [ 346.211412][ T8564] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 346.217449][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.223133][ T8564] sock_do_ioctl+0x119/0x280 [ 346.227771][ T8564] ? __pfx_sock_do_ioctl+0x10/0x10 [ 346.232943][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.238627][ T8564] sock_ioctl+0x22e/0x6c0 [ 346.243007][ T8564] ? __pfx_sock_ioctl+0x10/0x10 [ 346.247968][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.253657][ T8564] ? __fget_files+0x256/0x400 [ 346.258410][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.264091][ T8564] ? __pfx_sock_ioctl+0x10/0x10 [ 346.268997][ T8564] __x64_sys_ioctl+0x196/0x220 [ 346.273822][ T8564] do_syscall_64+0xcd/0x250 [ 346.278375][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.284319][ T8564] RIP: 0033:0x7ff696d7cef9 [ 346.288799][ T8564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 346.308455][ T8564] RSP: 002b:00007ff697ba4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 346.316906][ T8564] RAX: ffffffffffffffda RBX: 00007ff696f35f80 RCX: 00007ff696d7cef9 [ 346.324996][ T8564] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004 [ 346.332993][ T8564] RBP: 00007ff696def01e R08: 0000000000000000 R09: 0000000000000000 [ 346.341110][ T8564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 346.349107][ T8564] R13: 0000000000000000 R14: 00007ff696f35f80 R15: 00007ffffd971dc8 [ 346.357125][ T8564] [ 346.360329][ T8564] [ 346.362669][ T8564] Allocated by task 7507: [ 346.367103][ T8564] kasan_save_stack+0x33/0x60 [ 346.371825][ T8564] kasan_save_track+0x14/0x30 [ 346.376542][ T8564] __kasan_kmalloc+0xaa/0xb0 [ 346.381182][ T8564] __kmalloc_noprof+0x1e8/0x400 [ 346.386089][ T8564] sk_prot_alloc+0x1a8/0x2a0 [ 346.390722][ T8564] sk_alloc+0x36/0xb90 [ 346.394869][ T8564] bt_sock_alloc+0x3b/0x3a0 [ 346.399444][ T8564] hci_sock_create+0xbc/0x1a0 [ 346.404173][ T8564] bt_sock_create+0x185/0x350 [ 346.408901][ T8564] __sock_create+0x331/0x800 [ 346.413538][ T8564] __sys_socket+0x14f/0x260 [ 346.418088][ T8564] __x64_sys_socket+0x72/0xb0 [ 346.422813][ T8564] do_syscall_64+0xcd/0x250 [ 346.427345][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.433280][ T8564] [ 346.435609][ T8564] Freed by task 8567: [ 346.439628][ T8564] kasan_save_stack+0x33/0x60 [ 346.444376][ T8564] kasan_save_track+0x14/0x30 [ 346.449109][ T8564] kasan_save_free_info+0x3b/0x60 [ 346.454167][ T8564] poison_slab_object+0xf7/0x160 [ 346.459152][ T8564] __kasan_slab_free+0x32/0x50 [ 346.463962][ T8564] kfree+0x12a/0x3b0 [ 346.467895][ T8564] __sk_destruct+0x5eb/0x720 [ 346.472534][ T8564] sk_destruct+0xc2/0xf0 [ 346.476824][ T8564] __sk_free+0xf4/0x3e0 [ 346.481032][ T8564] sk_free+0x6a/0x90 [ 346.484977][ T8564] mgmt_pending_free+0xc0/0xf0 [ 346.489798][ T8564] cmd_complete_rsp+0x119/0x160 [ 346.494711][ T8564] mgmt_pending_foreach+0xe2/0x140 [ 346.499880][ T8564] mgmt_index_removed+0x11f/0x2e0 [ 346.504951][ T8564] hci_sock_bind+0xc49/0x16f0 [ 346.509658][ T8564] __sys_bind+0x1ee/0x220 [ 346.514028][ T8564] __x64_sys_bind+0x72/0xb0 [ 346.518575][ T8564] do_syscall_64+0xcd/0x250 [ 346.523104][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.529093][ T8564] [ 346.531438][ T8564] The buggy address belongs to the object at ffff8880306bb000 [ 346.531438][ T8564] which belongs to the cache kmalloc-2k of size 2048 [ 346.545550][ T8564] The buggy address is located 1384 bytes inside of [ 346.545550][ T8564] freed 2048-byte region [ffff8880306bb000, ffff8880306bb800) [ 346.559571][ T8564] [ 346.561920][ T8564] The buggy address belongs to the physical page: [ 346.568458][ T8564] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880306bc000 pfn:0x306b8 [ 346.578564][ T8564] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 346.587096][ T8564] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 346.595110][ T8564] page_type: 0xfdffffff(slab) [ 346.599825][ T8564] raw: 00fff00000000040 ffff88801ac42000 0000000000000000 dead000000000001 [ 346.608438][ T8564] raw: ffff8880306bc000 0000000000080006 00000001fdffffff 0000000000000000 [ 346.617143][ T8564] head: 00fff00000000040 ffff88801ac42000 0000000000000000 dead000000000001 [ 346.625937][ T8564] head: ffff8880306bc000 0000000000080006 00000001fdffffff 0000000000000000 [ 346.634768][ T8564] head: 00fff00000000003 ffffea0000c1ae01 ffffffffffffffff 0000000000000000 [ 346.643734][ T8564] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 346.652428][ T8564] page dumped because: kasan: bad access detected [ 346.658909][ T8564] page_owner tracks the page as allocated [ 346.664630][ T8564] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5235, tgid 5235 (syz-executor), ts 113425910405, free_ts 113412156564 [ 346.686222][ T8564] post_alloc_hook+0x2d1/0x350 [ 346.691043][ T8564] get_page_from_freelist+0x1351/0x2e50 [ 346.696648][ T8564] __alloc_pages_noprof+0x22b/0x2460 [ 346.701990][ T8564] alloc_slab_page+0x4e/0xf0 [ 346.706614][ T8564] new_slab+0x84/0x260 [ 346.710722][ T8564] ___slab_alloc+0xdac/0x1870 [ 346.715536][ T8564] __slab_alloc.constprop.0+0x56/0xb0 [ 346.720957][ T8564] __kmalloc_cache_noprof+0x2b4/0x300 [ 346.726411][ T8564] rxrpc_alloc_connection+0x8b/0x6e0 [ 346.731751][ T8564] rxrpc_prealloc_service_connection+0x26/0x380 [ 346.738049][ T8564] rxrpc_service_prealloc_one+0x2bf/0xee0 [ 346.743909][ T8564] rxrpc_kernel_charge_accept+0xd7/0x120 [ 346.749571][ T8564] afs_charge_preallocation+0xce/0x330 [ 346.755065][ T8564] afs_open_socket+0x2b3/0x380 [ 346.759876][ T8564] afs_net_init+0x95d/0xc60 [ 346.764442][ T8564] ops_init+0xbc/0x650 [ 346.768536][ T8564] page last free pid 5235 tgid 5235 stack trace: [ 346.774875][ T8564] free_unref_page+0x64a/0xe40 [ 346.779692][ T8564] __put_partials+0x14c/0x170 [ 346.784406][ T8564] qlist_free_all+0x4e/0x140 [ 346.789122][ T8564] kasan_quarantine_reduce+0x192/0x1e0 [ 346.794627][ T8564] __kasan_slab_alloc+0x69/0x90 [ 346.799521][ T8564] __kmalloc_cache_noprof+0x11e/0x300 [ 346.804979][ T8564] ref_tracker_alloc+0x17c/0x5b0 [ 346.809962][ T8564] register_netdevice+0x164b/0x1e90 [ 346.815187][ T8564] register_netdev+0x2f/0x50 [ 346.819805][ T8564] ip6gre_init_net+0x2fe/0x450 [ 346.824620][ T8564] ops_init+0xbc/0x650 [ 346.828723][ T8564] setup_net+0x435/0xb40 [ 346.833017][ T8564] copy_net_ns+0x2fb/0x700 [ 346.837466][ T8564] create_new_namespaces+0x3ea/0xad0 [ 346.842783][ T8564] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 346.848458][ T8564] ksys_unshare+0x419/0x970 [ 346.853000][ T8564] [ 346.855328][ T8564] Memory state around the buggy address: [ 346.860970][ T8564] ffff8880306bb400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 346.869138][ T8564] ffff8880306bb480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 346.877315][ T8564] >ffff8880306bb500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 346.885395][ T8564] ^ [ 346.892902][ T8564] ffff8880306bb580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 346.901001][ T8564] ffff8880306bb600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 346.909088][ T8564] ================================================================== [ 346.965871][ T5244] Bluetooth: hci7: command tx timeout [ 346.977097][ T8564] Disabling lock debugging due to kernel taint [ 346.983520][ T8564] ================================================================== [ 346.991960][ T8564] BUG: KASAN: slab-use-after-free in sk_filter_trim_cap+0x9bd/0xac0 [ 347.000023][ T8564] Read of size 8 at addr ffff8880306bb178 by task syz.2.1267/8564 [ 347.007870][ T8564] [ 347.010219][ T8564] CPU: 1 UID: 0 PID: 8564 Comm: syz.2.1267 Tainted: G B 6.11.0-rc6-syzkaller-00183-gb831f83e40a2 #0 [ 347.022508][ T8564] Tainted: [B]=BAD_PAGE [ 347.026681][ T8564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 347.036779][ T8564] Call Trace: [ 347.040084][ T8564] [ 347.043036][ T8564] dump_stack_lvl+0x116/0x1f0 [ 347.047949][ T8564] print_report+0xc3/0x620 [ 347.052428][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.058120][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.063809][ T8564] ? __phys_addr+0xc6/0x150 [ 347.068375][ T8564] kasan_report+0xd9/0x110 [ 347.072858][ T8564] ? sk_filter_trim_cap+0x9bd/0xac0 [ 347.078128][ T8564] ? sk_filter_trim_cap+0x9bd/0xac0 [ 347.083409][ T8564] sk_filter_trim_cap+0x9bd/0xac0 [ 347.088506][ T8564] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 347.094557][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.100248][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.105940][ T8564] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 347.111726][ T8564] ? __pfx_sk_filter_trim_cap+0x10/0x10 [ 347.117333][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.123008][ T8564] ? ktime_get_with_offset+0x15d/0x240 [ 347.128519][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.134201][ T8564] sock_queue_rcv_skb_reason+0x30/0xe0 [ 347.139702][ T8564] mgmt_cmd_status+0x304/0x520 [ 347.144544][ T8564] cmd_complete_rsp+0x111/0x160 [ 347.149449][ T8564] mgmt_pending_foreach+0xe2/0x140 [ 347.154615][ T8564] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 347.160133][ T8564] __mgmt_power_off+0x12f/0x2c0 [ 347.165066][ T8564] ? __pfx___mgmt_power_off+0x10/0x10 [ 347.170480][ T8564] ? bit_wait_timeout+0x14f/0x170 [ 347.175570][ T8564] ? lockdep_hardirqs_on+0x7c/0x110 [ 347.180830][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.186512][ T8564] ? 0xffffffff81000000 [ 347.190689][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.196370][ T8564] hci_dev_close_sync+0xc33/0x1110 [ 347.201620][ T8564] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 347.207229][ T8564] hci_dev_do_close+0x2e/0x90 [ 347.212058][ T8564] hci_dev_close+0x183/0x1e0 [ 347.216708][ T8564] hci_sock_ioctl+0x28c/0x880 [ 347.221429][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.227126][ T8564] ? __pfx_hci_sock_ioctl+0x10/0x10 [ 347.232358][ T8564] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 347.238397][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.244079][ T8564] sock_do_ioctl+0x119/0x280 [ 347.248723][ T8564] ? __pfx_sock_do_ioctl+0x10/0x10 [ 347.253913][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.259599][ T8564] sock_ioctl+0x22e/0x6c0 [ 347.263990][ T8564] ? __pfx_sock_ioctl+0x10/0x10 [ 347.269074][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.274844][ T8564] ? __fget_files+0x256/0x400 [ 347.279584][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.285288][ T8564] ? __pfx_sock_ioctl+0x10/0x10 [ 347.290187][ T8564] __x64_sys_ioctl+0x196/0x220 [ 347.295441][ T8564] do_syscall_64+0xcd/0x250 [ 347.299977][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.305912][ T8564] RIP: 0033:0x7ff696d7cef9 [ 347.310360][ T8564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 347.330043][ T8564] RSP: 002b:00007ff697ba4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 347.338489][ T8564] RAX: ffffffffffffffda RBX: 00007ff696f35f80 RCX: 00007ff696d7cef9 [ 347.346484][ T8564] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004 [ 347.354481][ T8564] RBP: 00007ff696def01e R08: 0000000000000000 R09: 0000000000000000 [ 347.362474][ T8564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 347.370476][ T8564] R13: 0000000000000000 R14: 00007ff696f35f80 R15: 00007ffffd971dc8 [ 347.378491][ T8564] [ 347.381531][ T8564] [ 347.383862][ T8564] Allocated by task 7507: [ 347.388218][ T8564] kasan_save_stack+0x33/0x60 [ 347.392943][ T8564] kasan_save_track+0x14/0x30 [ 347.397662][ T8564] __kasan_kmalloc+0xaa/0xb0 [ 347.402289][ T8564] __kmalloc_noprof+0x1e8/0x400 [ 347.407186][ T8564] sk_prot_alloc+0x1a8/0x2a0 [ 347.411902][ T8564] sk_alloc+0x36/0xb90 [ 347.416018][ T8564] bt_sock_alloc+0x3b/0x3a0 [ 347.420567][ T8564] hci_sock_create+0xbc/0x1a0 [ 347.425296][ T8564] bt_sock_create+0x185/0x350 [ 347.430020][ T8564] __sock_create+0x331/0x800 [ 347.434651][ T8564] __sys_socket+0x14f/0x260 [ 347.439194][ T8564] __x64_sys_socket+0x72/0xb0 [ 347.443915][ T8564] do_syscall_64+0xcd/0x250 [ 347.448441][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.454366][ T8564] [ 347.456695][ T8564] Freed by task 8567: [ 347.460684][ T8564] kasan_save_stack+0x33/0x60 [ 347.465409][ T8564] kasan_save_track+0x14/0x30 [ 347.470647][ T8564] kasan_save_free_info+0x3b/0x60 [ 347.475701][ T8564] poison_slab_object+0xf7/0x160 [ 347.480708][ T8564] __kasan_slab_free+0x32/0x50 [ 347.485604][ T8564] kfree+0x12a/0x3b0 [ 347.489533][ T8564] __sk_destruct+0x5eb/0x720 [ 347.494176][ T8564] sk_destruct+0xc2/0xf0 [ 347.498554][ T8564] __sk_free+0xf4/0x3e0 [ 347.502759][ T8564] sk_free+0x6a/0x90 [ 347.506702][ T8564] mgmt_pending_free+0xc0/0xf0 [ 347.511521][ T8564] cmd_complete_rsp+0x119/0x160 [ 347.516423][ T8564] mgmt_pending_foreach+0xe2/0x140 [ 347.521585][ T8564] mgmt_index_removed+0x11f/0x2e0 [ 347.526650][ T8564] hci_sock_bind+0xc49/0x16f0 [ 347.531353][ T8564] __sys_bind+0x1ee/0x220 [ 347.535727][ T8564] __x64_sys_bind+0x72/0xb0 [ 347.540270][ T8564] do_syscall_64+0xcd/0x250 [ 347.544839][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.550769][ T8564] [ 347.553098][ T8564] The buggy address belongs to the object at ffff8880306bb000 [ 347.553098][ T8564] which belongs to the cache kmalloc-2k of size 2048 [ 347.567183][ T8564] The buggy address is located 376 bytes inside of [ 347.567183][ T8564] freed 2048-byte region [ffff8880306bb000, ffff8880306bb800) [ 347.581096][ T8564] [ 347.583432][ T8564] The buggy address belongs to the physical page: [ 347.589860][ T8564] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880306bc000 pfn:0x306b8 [ 347.599960][ T8564] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 347.608788][ T8564] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 347.616828][ T8564] page_type: 0xfdffffff(slab) [ 347.621538][ T8564] raw: 00fff00000000040 ffff88801ac42000 0000000000000000 dead000000000001 [ 347.630156][ T8564] raw: ffff8880306bc000 0000000000080006 00000001fdffffff 0000000000000000 [ 347.638776][ T8564] head: 00fff00000000040 ffff88801ac42000 0000000000000000 dead000000000001 [ 347.647505][ T8564] head: ffff8880306bc000 0000000000080006 00000001fdffffff 0000000000000000 [ 347.656202][ T8564] head: 00fff00000000003 ffffea0000c1ae01 ffffffffffffffff 0000000000000000 [ 347.665026][ T8564] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 347.673725][ T8564] page dumped because: kasan: bad access detected [ 347.680156][ T8564] page_owner tracks the page as allocated [ 347.685880][ T8564] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5235, tgid 5235 (syz-executor), ts 113425910405, free_ts 113412156564 [ 347.707642][ T8564] post_alloc_hook+0x2d1/0x350 [ 347.712463][ T8564] get_page_from_freelist+0x1351/0x2e50 [ 347.718081][ T8564] __alloc_pages_noprof+0x22b/0x2460 [ 347.723421][ T8564] alloc_slab_page+0x4e/0xf0 [ 347.728045][ T8564] new_slab+0x84/0x260 [ 347.732420][ T8564] ___slab_alloc+0xdac/0x1870 [ 347.737225][ T8564] __slab_alloc.constprop.0+0x56/0xb0 [ 347.742640][ T8564] __kmalloc_cache_noprof+0x2b4/0x300 [ 347.748054][ T8564] rxrpc_alloc_connection+0x8b/0x6e0 [ 347.753394][ T8564] rxrpc_prealloc_service_connection+0x26/0x380 [ 347.759693][ T8564] rxrpc_service_prealloc_one+0x2bf/0xee0 [ 347.766148][ T8564] rxrpc_kernel_charge_accept+0xd7/0x120 [ 347.771832][ T8564] afs_charge_preallocation+0xce/0x330 [ 347.777326][ T8564] afs_open_socket+0x2b3/0x380 [ 347.782117][ T8564] afs_net_init+0x95d/0xc60 [ 347.786692][ T8564] ops_init+0xbc/0x650 [ 347.790796][ T8564] page last free pid 5235 tgid 5235 stack trace: [ 347.797198][ T8564] free_unref_page+0x64a/0xe40 [ 347.802116][ T8564] __put_partials+0x14c/0x170 [ 347.806832][ T8564] qlist_free_all+0x4e/0x140 [ 347.811578][ T8564] kasan_quarantine_reduce+0x192/0x1e0 [ 347.817086][ T8564] __kasan_slab_alloc+0x69/0x90 [ 347.821986][ T8564] __kmalloc_cache_noprof+0x11e/0x300 [ 347.827504][ T8564] ref_tracker_alloc+0x17c/0x5b0 [ 347.832488][ T8564] register_netdevice+0x164b/0x1e90 [ 347.837716][ T8564] register_netdev+0x2f/0x50 [ 347.842420][ T8564] ip6gre_init_net+0x2fe/0x450 [ 347.847229][ T8564] ops_init+0xbc/0x650 [ 347.851326][ T8564] setup_net+0x435/0xb40 [ 347.855623][ T8564] copy_net_ns+0x2fb/0x700 [ 347.860078][ T8564] create_new_namespaces+0x3ea/0xad0 [ 347.865487][ T8564] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 347.871157][ T8564] ksys_unshare+0x419/0x970 [ 347.875706][ T8564] [ 347.878051][ T8564] Memory state around the buggy address: [ 347.883692][ T8564] ffff8880306bb000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 347.891814][ T8564] ffff8880306bb080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 347.899981][ T8564] >ffff8880306bb100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 347.908776][ T8564] ^ [ 347.916780][ T8564] ffff8880306bb180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 347.924891][ T8564] ffff8880306bb200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 347.932998][ T8564] ================================================================== [ 348.100012][ T8564] ================================================================== [ 348.108164][ T8564] BUG: KASAN: slab-use-after-free in __sock_queue_rcv_skb+0x3c/0xa80 [ 348.116307][ T8564] Read of size 4 at addr ffff8880306bb140 by task syz.2.1267/8564 [ 348.124164][ T8564] [ 348.126520][ T8564] CPU: 1 UID: 0 PID: 8564 Comm: syz.2.1267 Tainted: G B 6.11.0-rc6-syzkaller-00183-gb831f83e40a2 #0 [ 348.138747][ T8564] Tainted: [B]=BAD_PAGE [ 348.142934][ T8564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 348.153036][ T8564] Call Trace: [ 348.156347][ T8564] [ 348.159310][ T8564] dump_stack_lvl+0x116/0x1f0 [ 348.164057][ T8564] print_report+0xc3/0x620 [ 348.168558][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.174347][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.180047][ T8564] ? __phys_addr+0xc6/0x150 [ 348.184616][ T8564] kasan_report+0xd9/0x110 [ 348.189110][ T8564] ? __sock_queue_rcv_skb+0x3c/0xa80 [ 348.194545][ T8564] ? __sock_queue_rcv_skb+0x3c/0xa80 [ 348.199905][ T8564] kasan_check_range+0xef/0x1a0 [ 348.204955][ T8564] __sock_queue_rcv_skb+0x3c/0xa80 [ 348.210125][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.215971][ T8564] sock_queue_rcv_skb_reason+0xa2/0xe0 [ 348.221490][ T8564] mgmt_cmd_status+0x304/0x520 [ 348.226364][ T8564] cmd_complete_rsp+0x111/0x160 [ 348.231384][ T8564] mgmt_pending_foreach+0xe2/0x140 [ 348.236652][ T8564] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 348.242106][ T8564] __mgmt_power_off+0x12f/0x2c0 [ 348.247045][ T8564] ? __pfx___mgmt_power_off+0x10/0x10 [ 348.252491][ T8564] ? bit_wait_timeout+0x14f/0x170 [ 348.257688][ T8564] ? lockdep_hardirqs_on+0x7c/0x110 [ 348.262969][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.268673][ T8564] ? 0xffffffff81000000 [ 348.272895][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.279650][ T8564] hci_dev_close_sync+0xc33/0x1110 [ 348.284835][ T8564] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 348.290454][ T8564] hci_dev_do_close+0x2e/0x90 [ 348.295196][ T8564] hci_dev_close+0x183/0x1e0 [ 348.299850][ T8564] hci_sock_ioctl+0x28c/0x880 [ 348.304581][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.310290][ T8564] ? __pfx_hci_sock_ioctl+0x10/0x10 [ 348.315547][ T8564] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 348.321620][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.327329][ T8564] sock_do_ioctl+0x119/0x280 [ 348.332029][ T8564] ? __pfx_sock_do_ioctl+0x10/0x10 [ 348.337219][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.342921][ T8564] sock_ioctl+0x22e/0x6c0 [ 348.347329][ T8564] ? __pfx_sock_ioctl+0x10/0x10 [ 348.352256][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.357986][ T8564] ? __fget_files+0x256/0x400 [ 348.362831][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.368535][ T8564] ? __pfx_sock_ioctl+0x10/0x10 [ 348.373456][ T8564] __x64_sys_ioctl+0x196/0x220 [ 348.378302][ T8564] do_syscall_64+0xcd/0x250 [ 348.382854][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.388813][ T8564] RIP: 0033:0x7ff696d7cef9 [ 348.393612][ T8564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 348.413801][ T8564] RSP: 002b:00007ff697ba4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 348.422298][ T8564] RAX: ffffffffffffffda RBX: 00007ff696f35f80 RCX: 00007ff696d7cef9 [ 348.430313][ T8564] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004 [ 348.438414][ T8564] RBP: 00007ff696def01e R08: 0000000000000000 R09: 0000000000000000 [ 348.446431][ T8564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 348.454528][ T8564] R13: 0000000000000000 R14: 00007ff696f35f80 R15: 00007ffffd971dc8 [ 348.462595][ T8564] [ 348.465644][ T8564] [ 348.468029][ T8564] Allocated by task 7507: [ 348.472376][ T8564] kasan_save_stack+0x33/0x60 [ 348.477110][ T8564] kasan_save_track+0x14/0x30 [ 348.482015][ T8564] __kasan_kmalloc+0xaa/0xb0 [ 348.486653][ T8564] __kmalloc_noprof+0x1e8/0x400 [ 348.491821][ T8564] sk_prot_alloc+0x1a8/0x2a0 [ 348.496464][ T8564] sk_alloc+0x36/0xb90 [ 348.500608][ T8564] bt_sock_alloc+0x3b/0x3a0 [ 348.505168][ T8564] hci_sock_create+0xbc/0x1a0 [ 348.509908][ T8564] bt_sock_create+0x185/0x350 [ 348.514645][ T8564] __sock_create+0x331/0x800 [ 348.519285][ T8564] __sys_socket+0x14f/0x260 [ 348.523847][ T8564] __x64_sys_socket+0x72/0xb0 [ 348.528588][ T8564] do_syscall_64+0xcd/0x250 [ 348.533130][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.539074][ T8564] [ 348.541420][ T8564] Freed by task 8567: [ 348.545549][ T8564] kasan_save_stack+0x33/0x60 [ 348.550279][ T8564] kasan_save_track+0x14/0x30 [ 348.555006][ T8564] kasan_save_free_info+0x3b/0x60 [ 348.560072][ T8564] poison_slab_object+0xf7/0x160 [ 348.565072][ T8564] __kasan_slab_free+0x32/0x50 [ 348.569900][ T8564] kfree+0x12a/0x3b0 [ 348.573871][ T8564] __sk_destruct+0x5eb/0x720 [ 348.578524][ T8564] sk_destruct+0xc2/0xf0 [ 348.582825][ T8564] __sk_free+0xf4/0x3e0 [ 348.587251][ T8564] sk_free+0x6a/0x90 [ 348.591207][ T8564] mgmt_pending_free+0xc0/0xf0 [ 348.596132][ T8564] cmd_complete_rsp+0x119/0x160 [ 348.601233][ T8564] mgmt_pending_foreach+0xe2/0x140 [ 348.606405][ T8564] mgmt_index_removed+0x11f/0x2e0 [ 348.611570][ T8564] hci_sock_bind+0xc49/0x16f0 [ 348.616306][ T8564] __sys_bind+0x1ee/0x220 [ 348.621346][ T8564] __x64_sys_bind+0x72/0xb0 [ 348.625921][ T8564] do_syscall_64+0xcd/0x250 [ 348.630569][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.636603][ T8564] [ 348.638943][ T8564] The buggy address belongs to the object at ffff8880306bb000 [ 348.638943][ T8564] which belongs to the cache kmalloc-2k of size 2048 [ 348.653039][ T8564] The buggy address is located 320 bytes inside of [ 348.653039][ T8564] freed 2048-byte region [ffff8880306bb000, ffff8880306bb800) [ 348.666984][ T8564] [ 348.669331][ T8564] The buggy address belongs to the physical page: [ 348.675766][ T8564] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x306b8 [ 348.684557][ T8564] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 348.693090][ T8564] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 348.701211][ T8564] page_type: 0xfdffffff(slab) [ 348.705939][ T8564] raw: 00fff00000000040 ffff88801ac42000 0000000000000000 dead000000000001 [ 348.715178][ T8564] raw: 0000000000000000 0000000000080008 00000001fdffffff 0000000000000000 [ 348.723900][ T8564] head: 00fff00000000040 ffff88801ac42000 0000000000000000 dead000000000001 [ 348.732620][ T8564] head: 0000000000000000 0000000000080008 00000001fdffffff 0000000000000000 [ 348.741335][ T8564] head: 00fff00000000003 ffffea0000c1ae01 ffffffffffffffff 0000000000000000 [ 348.750057][ T8564] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 348.758845][ T8564] page dumped because: kasan: bad access detected [ 348.765285][ T8564] page_owner tracks the page as allocated [ 348.771009][ T8564] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5235, tgid 5235 (syz-executor), ts 113425910405, free_ts 113412156564 [ 348.792615][ T8564] post_alloc_hook+0x2d1/0x350 [ 348.797440][ T8564] get_page_from_freelist+0x1351/0x2e50 [ 348.803043][ T8564] __alloc_pages_noprof+0x22b/0x2460 [ 348.808397][ T8564] alloc_slab_page+0x4e/0xf0 [ 348.813199][ T8564] new_slab+0x84/0x260 [ 348.817403][ T8564] ___slab_alloc+0xdac/0x1870 [ 348.822308][ T8564] __slab_alloc.constprop.0+0x56/0xb0 [ 348.827748][ T8564] __kmalloc_cache_noprof+0x2b4/0x300 [ 348.833174][ T8564] rxrpc_alloc_connection+0x8b/0x6e0 [ 348.838520][ T8564] rxrpc_prealloc_service_connection+0x26/0x380 [ 348.844835][ T8564] rxrpc_service_prealloc_one+0x2bf/0xee0 [ 348.850606][ T8564] rxrpc_kernel_charge_accept+0xd7/0x120 [ 348.856455][ T8564] afs_charge_preallocation+0xce/0x330 [ 348.862067][ T8564] afs_open_socket+0x2b3/0x380 [ 348.866894][ T8564] afs_net_init+0x95d/0xc60 [ 348.871474][ T8564] ops_init+0xbc/0x650 [ 348.875582][ T8564] page last free pid 5235 tgid 5235 stack trace: [ 348.881931][ T8564] free_unref_page+0x64a/0xe40 [ 348.887474][ T8564] __put_partials+0x14c/0x170 [ 348.892202][ T8564] qlist_free_all+0x4e/0x140 [ 348.896843][ T8564] kasan_quarantine_reduce+0x192/0x1e0 [ 348.902379][ T8564] __kasan_slab_alloc+0x69/0x90 [ 348.907397][ T8564] __kmalloc_cache_noprof+0x11e/0x300 [ 348.912842][ T8564] ref_tracker_alloc+0x17c/0x5b0 [ 348.917852][ T8564] register_netdevice+0x164b/0x1e90 [ 348.923115][ T8564] register_netdev+0x2f/0x50 [ 348.927846][ T8564] ip6gre_init_net+0x2fe/0x450 [ 348.932681][ T8564] ops_init+0xbc/0x650 [ 348.936817][ T8564] setup_net+0x435/0xb40 [ 348.941283][ T8564] copy_net_ns+0x2fb/0x700 [ 348.945761][ T8564] create_new_namespaces+0x3ea/0xad0 [ 348.951273][ T8564] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 348.956953][ T8564] ksys_unshare+0x419/0x970 [ 348.961519][ T8564] [ 348.964479][ T8564] Memory state around the buggy address: [ 348.970141][ T8564] ffff8880306bb000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 348.978317][ T8564] ffff8880306bb080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 348.986442][ T8564] >ffff8880306bb100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 348.994543][ T8564] ^ [ 349.000949][ T8564] ffff8880306bb180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 349.009044][ T8564] ffff8880306bb200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 349.017138][ T8564] ================================================================== [ 349.083596][ T5244] Bluetooth: hci7: command tx timeout [ 349.087347][ T8564] ================================================================== [ 349.097276][ T8564] BUG: KASAN: slab-use-after-free in __sock_queue_rcv_skb+0x730/0xa80 [ 349.105576][ T8564] Read of size 4 at addr ffff8880306bb140 by task syz.2.1267/8564 [ 349.113416][ T8564] [ 349.115765][ T8564] CPU: 0 UID: 0 PID: 8564 Comm: syz.2.1267 Tainted: G B 6.11.0-rc6-syzkaller-00183-gb831f83e40a2 #0 [ 349.127980][ T8564] Tainted: [B]=BAD_PAGE [ 349.132166][ T8564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 349.142264][ T8564] Call Trace: [ 349.145575][ T8564] [ 349.148537][ T8564] dump_stack_lvl+0x116/0x1f0 [ 349.153282][ T8564] print_report+0xc3/0x620 [ 349.157764][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 349.163466][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 349.169166][ T8564] ? __phys_addr+0xc6/0x150 [ 349.173739][ T8564] kasan_report+0xd9/0x110 [ 349.178309][ T8564] ? __sock_queue_rcv_skb+0x730/0xa80 [ 349.183742][ T8564] ? __sock_queue_rcv_skb+0x730/0xa80 [ 349.189178][ T8564] __sock_queue_rcv_skb+0x730/0xa80 [ 349.194432][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 349.200132][ T8564] sock_queue_rcv_skb_reason+0xa2/0xe0 [ 349.205653][ T8564] mgmt_cmd_status+0x304/0x520 [ 349.210498][ T8564] cmd_complete_rsp+0x111/0x160 [ 349.215598][ T8564] mgmt_pending_foreach+0xe2/0x140 [ 349.220793][ T8564] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 349.226254][ T8564] __mgmt_power_off+0x12f/0x2c0 [ 349.231174][ T8564] ? __pfx___mgmt_power_off+0x10/0x10 [ 349.236609][ T8564] ? bit_wait_timeout+0x14f/0x170 [ 349.241712][ T8564] ? lockdep_hardirqs_on+0x7c/0x110 [ 349.246982][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 349.252679][ T8564] ? 0xffffffff81000000 [ 349.256957][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 349.262655][ T8564] hci_dev_close_sync+0xc33/0x1110 [ 349.268089][ T8564] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 349.273708][ T8564] hci_dev_do_close+0x2e/0x90 [ 349.278532][ T8564] hci_dev_close+0x183/0x1e0 [ 349.283274][ T8564] hci_sock_ioctl+0x28c/0x880 [ 349.288042][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 349.293742][ T8564] ? __pfx_hci_sock_ioctl+0x10/0x10 [ 349.299083][ T8564] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 349.305237][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 349.310941][ T8564] sock_do_ioctl+0x119/0x280 [ 349.315594][ T8564] ? __pfx_sock_do_ioctl+0x10/0x10 [ 349.320792][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 349.326586][ T8564] sock_ioctl+0x22e/0x6c0 [ 349.331005][ T8564] ? __pfx_sock_ioctl+0x10/0x10 [ 349.335931][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 349.341629][ T8564] ? __fget_files+0x256/0x400 [ 349.346474][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 349.352615][ T8564] ? __pfx_sock_ioctl+0x10/0x10 [ 349.357541][ T8564] __x64_sys_ioctl+0x196/0x220 [ 349.362380][ T8564] do_syscall_64+0xcd/0x250 [ 349.366938][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.372906][ T8564] RIP: 0033:0x7ff696d7cef9 [ 349.377364][ T8564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 349.397035][ T8564] RSP: 002b:00007ff697ba4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 349.405507][ T8564] RAX: ffffffffffffffda RBX: 00007ff696f35f80 RCX: 00007ff696d7cef9 [ 349.413612][ T8564] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004 [ 349.421712][ T8564] RBP: 00007ff696def01e R08: 0000000000000000 R09: 0000000000000000 [ 349.429896][ T8564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 349.437906][ T8564] R13: 0000000000000000 R14: 00007ff696f35f80 R15: 00007ffffd971dc8 [ 349.445932][ T8564] [ 349.448977][ T8564] [ 349.451325][ T8564] Allocated by task 7507: [ 349.455679][ T8564] kasan_save_stack+0x33/0x60 [ 349.460415][ T8564] kasan_save_track+0x14/0x30 [ 349.465156][ T8564] __kasan_kmalloc+0xaa/0xb0 [ 349.469816][ T8564] __kmalloc_noprof+0x1e8/0x400 [ 349.474754][ T8564] sk_prot_alloc+0x1a8/0x2a0 [ 349.479854][ T8564] sk_alloc+0x36/0xb90 [ 349.484006][ T8564] bt_sock_alloc+0x3b/0x3a0 [ 349.488587][ T8564] hci_sock_create+0xbc/0x1a0 [ 349.493343][ T8564] bt_sock_create+0x185/0x350 [ 349.498111][ T8564] __sock_create+0x331/0x800 [ 349.502900][ T8564] __sys_socket+0x14f/0x260 [ 349.507602][ T8564] __x64_sys_socket+0x72/0xb0 [ 349.512374][ T8564] do_syscall_64+0xcd/0x250 [ 349.517241][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.523282][ T8564] [ 349.525804][ T8564] Freed by task 8567: [ 349.529815][ T8564] kasan_save_stack+0x33/0x60 [ 349.534555][ T8564] kasan_save_track+0x14/0x30 [ 349.539299][ T8564] kasan_save_free_info+0x3b/0x60 [ 349.544386][ T8564] poison_slab_object+0xf7/0x160 [ 349.549408][ T8564] __kasan_slab_free+0x32/0x50 [ 349.554331][ T8564] kfree+0x12a/0x3b0 [ 349.558291][ T8564] __sk_destruct+0x5eb/0x720 [ 349.563038][ T8564] sk_destruct+0xc2/0xf0 [ 349.567360][ T8564] __sk_free+0xf4/0x3e0 [ 349.571590][ T8564] sk_free+0x6a/0x90 [ 349.575571][ T8564] mgmt_pending_free+0xc0/0xf0 [ 349.580414][ T8564] cmd_complete_rsp+0x119/0x160 [ 349.585431][ T8564] mgmt_pending_foreach+0xe2/0x140 [ 349.590625][ T8564] mgmt_index_removed+0x11f/0x2e0 [ 349.595717][ T8564] hci_sock_bind+0xc49/0x16f0 [ 349.600641][ T8564] __sys_bind+0x1ee/0x220 [ 349.605151][ T8564] __x64_sys_bind+0x72/0xb0 [ 349.609736][ T8564] do_syscall_64+0xcd/0x250 [ 349.614291][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.620249][ T8564] [ 349.622593][ T8564] The buggy address belongs to the object at ffff8880306bb000 [ 349.622593][ T8564] which belongs to the cache kmalloc-2k of size 2048 [ 349.636887][ T8564] The buggy address is located 320 bytes inside of [ 349.636887][ T8564] freed 2048-byte region [ffff8880306bb000, ffff8880306bb800) [ 349.650841][ T8564] [ 349.653210][ T8564] The buggy address belongs to the physical page: [ 349.659649][ T8564] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x306b8 [ 349.668460][ T8564] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 349.677181][ T8564] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 349.685461][ T8564] page_type: 0xfdffffff(slab) [ 349.690183][ T8564] raw: 00fff00000000040 ffff88801ac42000 0000000000000000 dead000000000001 [ 349.698900][ T8564] raw: 0000000000000000 0000000000080008 00000001fdffffff 0000000000000000 [ 349.707532][ T8564] head: 00fff00000000040 ffff88801ac42000 0000000000000000 dead000000000001 [ 349.716252][ T8564] head: 0000000000000000 0000000000080008 00000001fdffffff 0000000000000000 [ 349.724966][ T8564] head: 00fff00000000003 ffffea0000c1ae01 ffffffffffffffff 0000000000000000 [ 349.733677][ T8564] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 349.742385][ T8564] page dumped because: kasan: bad access detected [ 349.748828][ T8564] page_owner tracks the page as allocated [ 349.755448][ T8564] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5235, tgid 5235 (syz-executor), ts 113425910405, free_ts 113412156564 [ 349.777558][ T8564] post_alloc_hook+0x2d1/0x350 [ 349.782400][ T8564] get_page_from_freelist+0x1351/0x2e50 [ 349.788023][ T8564] __alloc_pages_noprof+0x22b/0x2460 [ 349.793467][ T8564] alloc_slab_page+0x4e/0xf0 [ 349.798105][ T8564] new_slab+0x84/0x260 [ 349.802231][ T8564] ___slab_alloc+0xdac/0x1870 [ 349.806965][ T8564] __slab_alloc.constprop.0+0x56/0xb0 [ 349.812396][ T8564] __kmalloc_cache_noprof+0x2b4/0x300 [ 349.817828][ T8564] rxrpc_alloc_connection+0x8b/0x6e0 [ 349.823184][ T8564] rxrpc_prealloc_service_connection+0x26/0x380 [ 349.829588][ T8564] rxrpc_service_prealloc_one+0x2bf/0xee0 [ 349.835558][ T8564] rxrpc_kernel_charge_accept+0xd7/0x120 [ 349.841256][ T8564] afs_charge_preallocation+0xce/0x330 [ 349.846769][ T8564] afs_open_socket+0x2b3/0x380 [ 349.851579][ T8564] afs_net_init+0x95d/0xc60 [ 349.856148][ T8564] ops_init+0xbc/0x650 [ 349.860277][ T8564] page last free pid 5235 tgid 5235 stack trace: [ 349.866671][ T8564] free_unref_page+0x64a/0xe40 [ 349.871585][ T8564] __put_partials+0x14c/0x170 [ 349.876350][ T8564] qlist_free_all+0x4e/0x140 [ 349.881006][ T8564] kasan_quarantine_reduce+0x192/0x1e0 [ 349.886531][ T8564] __kasan_slab_alloc+0x69/0x90 [ 349.891455][ T8564] __kmalloc_cache_noprof+0x11e/0x300 [ 349.896897][ T8564] ref_tracker_alloc+0x17c/0x5b0 [ 349.901903][ T8564] register_netdevice+0x164b/0x1e90 [ 349.907162][ T8564] register_netdev+0x2f/0x50 [ 349.911796][ T8564] ip6gre_init_net+0x2fe/0x450 [ 349.916666][ T8564] ops_init+0xbc/0x650 [ 349.920955][ T8564] setup_net+0x435/0xb40 [ 349.925246][ T8564] copy_net_ns+0x2fb/0x700 [ 349.929731][ T8564] create_new_namespaces+0x3ea/0xad0 [ 349.935091][ T8564] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 349.940782][ T8564] ksys_unshare+0x419/0x970 [ 349.946228][ T8564] [ 349.948571][ T8564] Memory state around the buggy address: [ 349.954350][ T8564] ffff8880306bb000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 349.962565][ T8564] ffff8880306bb080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 349.970766][ T8564] >ffff8880306bb100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 349.978951][ T8564] ^ [ 349.985141][ T8564] ffff8880306bb180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 349.993337][ T8564] ffff8880306bb200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 350.001430][ T8564] ================================================================== [ 350.042766][ T8564] ================================================================== [ 350.050903][ T8564] BUG: KASAN: slab-use-after-free in __sock_queue_rcv_skb+0x73a/0xa80 [ 350.059306][ T8564] Read of size 4 at addr ffff8880306bb174 by task syz.2.1267/8564 [ 350.067160][ T8564] [ 350.069516][ T8564] CPU: 0 UID: 0 PID: 8564 Comm: syz.2.1267 Tainted: G B 6.11.0-rc6-syzkaller-00183-gb831f83e40a2 #0 [ 350.081734][ T8564] Tainted: [B]=BAD_PAGE [ 350.085917][ T8564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 350.096272][ T8564] Call Trace: [ 350.099588][ T8564] [ 350.102550][ T8564] dump_stack_lvl+0x116/0x1f0 [ 350.107290][ T8564] print_report+0xc3/0x620 [ 350.111948][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.117650][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.123355][ T8564] ? __phys_addr+0xc6/0x150 [ 350.127932][ T8564] kasan_report+0xd9/0x110 [ 350.132426][ T8564] ? __sock_queue_rcv_skb+0x73a/0xa80 [ 350.137864][ T8564] ? __sock_queue_rcv_skb+0x73a/0xa80 [ 350.143316][ T8564] __sock_queue_rcv_skb+0x73a/0xa80 [ 350.148670][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.154496][ T8564] sock_queue_rcv_skb_reason+0xa2/0xe0 [ 350.160203][ T8564] mgmt_cmd_status+0x304/0x520 [ 350.165062][ T8564] cmd_complete_rsp+0x111/0x160 [ 350.170001][ T8564] mgmt_pending_foreach+0xe2/0x140 [ 350.175633][ T8564] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 350.181097][ T8564] __mgmt_power_off+0x12f/0x2c0 [ 350.186033][ T8564] ? __pfx___mgmt_power_off+0x10/0x10 [ 350.191747][ T8564] ? bit_wait_timeout+0x14f/0x170 [ 350.196867][ T8564] ? lockdep_hardirqs_on+0x7c/0x110 [ 350.202145][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.207844][ T8564] ? 0xffffffff81000000 [ 350.212046][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.217869][ T8564] hci_dev_close_sync+0xc33/0x1110 [ 350.223060][ T8564] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 350.228679][ T8564] hci_dev_do_close+0x2e/0x90 [ 350.233445][ T8564] hci_dev_close+0x183/0x1e0 [ 350.238104][ T8564] hci_sock_ioctl+0x28c/0x880 [ 350.242830][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.248530][ T8564] ? __pfx_hci_sock_ioctl+0x10/0x10 [ 350.253791][ T8564] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 350.260025][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.265734][ T8564] sock_do_ioctl+0x119/0x280 [ 350.270408][ T8564] ? __pfx_sock_do_ioctl+0x10/0x10 [ 350.275595][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.281313][ T8564] sock_ioctl+0x22e/0x6c0 [ 350.285763][ T8564] ? __pfx_sock_ioctl+0x10/0x10 [ 350.290753][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.296447][ T8564] ? __fget_files+0x256/0x400 [ 350.301211][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.306926][ T8564] ? __pfx_sock_ioctl+0x10/0x10 [ 350.311868][ T8564] __x64_sys_ioctl+0x196/0x220 [ 350.316715][ T8564] do_syscall_64+0xcd/0x250 [ 350.321280][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.327235][ T8564] RIP: 0033:0x7ff696d7cef9 [ 350.331688][ T8564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 350.351440][ T8564] RSP: 002b:00007ff697ba4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 350.359908][ T8564] RAX: ffffffffffffffda RBX: 00007ff696f35f80 RCX: 00007ff696d7cef9 [ 350.368099][ T8564] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004 [ 350.376672][ T8564] RBP: 00007ff696def01e R08: 0000000000000000 R09: 0000000000000000 [ 350.384688][ T8564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 350.392709][ T8564] R13: 0000000000000000 R14: 00007ff696f35f80 R15: 00007ffffd971dc8 [ 350.400740][ T8564] [ 350.403800][ T8564] [ 350.406153][ T8564] Allocated by task 7507: [ 350.410769][ T8564] kasan_save_stack+0x33/0x60 [ 350.415519][ T8564] kasan_save_track+0x14/0x30 [ 350.420260][ T8564] __kasan_kmalloc+0xaa/0xb0 [ 350.424913][ T8564] __kmalloc_noprof+0x1e8/0x400 [ 350.429875][ T8564] sk_prot_alloc+0x1a8/0x2a0 [ 350.434518][ T8564] sk_alloc+0x36/0xb90 [ 350.438657][ T8564] bt_sock_alloc+0x3b/0x3a0 [ 350.443225][ T8564] hci_sock_create+0xbc/0x1a0 [ 350.447972][ T8564] bt_sock_create+0x185/0x350 [ 350.452709][ T8564] __sock_create+0x331/0x800 [ 350.457355][ T8564] __sys_socket+0x14f/0x260 [ 350.461911][ T8564] __x64_sys_socket+0x72/0xb0 [ 350.466646][ T8564] do_syscall_64+0xcd/0x250 [ 350.471185][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.477585][ T8564] [ 350.479941][ T8564] Freed by task 8567: [ 350.484000][ T8564] kasan_save_stack+0x33/0x60 [ 350.488783][ T8564] kasan_save_track+0x14/0x30 [ 350.493709][ T8564] kasan_save_free_info+0x3b/0x60 [ 350.498914][ T8564] poison_slab_object+0xf7/0x160 [ 350.503914][ T8564] __kasan_slab_free+0x32/0x50 [ 350.508763][ T8564] kfree+0x12a/0x3b0 [ 350.512711][ T8564] __sk_destruct+0x5eb/0x720 [ 350.517464][ T8564] sk_destruct+0xc2/0xf0 [ 350.521781][ T8564] __sk_free+0xf4/0x3e0 [ 350.526007][ T8564] sk_free+0x6a/0x90 [ 350.529971][ T8564] mgmt_pending_free+0xc0/0xf0 [ 350.534814][ T8564] cmd_complete_rsp+0x119/0x160 [ 350.539739][ T8564] mgmt_pending_foreach+0xe2/0x140 [ 350.544939][ T8564] mgmt_index_removed+0x11f/0x2e0 [ 350.550027][ T8564] hci_sock_bind+0xc49/0x16f0 [ 350.554749][ T8564] __sys_bind+0x1ee/0x220 [ 350.559132][ T8564] __x64_sys_bind+0x72/0xb0 [ 350.563785][ T8564] do_syscall_64+0xcd/0x250 [ 350.568327][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.574358][ T8564] [ 350.576707][ T8564] The buggy address belongs to the object at ffff8880306bb000 [ 350.576707][ T8564] which belongs to the cache kmalloc-2k of size 2048 [ 350.590815][ T8564] The buggy address is located 372 bytes inside of [ 350.590815][ T8564] freed 2048-byte region [ffff8880306bb000, ffff8880306bb800) [ 350.605031][ T8564] [ 350.607394][ T8564] The buggy address belongs to the physical page: [ 350.613919][ T8564] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x306b8 [ 350.622818][ T8564] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 350.631371][ T8564] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 350.639424][ T8564] page_type: 0xfdffffff(slab) [ 350.644146][ T8564] raw: 00fff00000000040 ffff88801ac42000 0000000000000000 dead000000000001 [ 350.652862][ T8564] raw: 0000000000000000 0000000000080008 00000001fdffffff 0000000000000000 [ 350.661502][ T8564] head: 00fff00000000040 ffff88801ac42000 0000000000000000 dead000000000001 [ 350.670321][ T8564] head: 0000000000000000 0000000000080008 00000001fdffffff 0000000000000000 [ 350.679040][ T8564] head: 00fff00000000003 ffffea0000c1ae01 ffffffffffffffff 0000000000000000 [ 350.687849][ T8564] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 350.696585][ T8564] page dumped because: kasan: bad access detected [ 350.703054][ T8564] page_owner tracks the page as allocated [ 350.708793][ T8564] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5235, tgid 5235 (syz-executor), ts 113425910405, free_ts 113412156564 [ 350.730407][ T8564] post_alloc_hook+0x2d1/0x350 [ 350.735419][ T8564] get_page_from_freelist+0x1351/0x2e50 [ 350.741038][ T8564] __alloc_pages_noprof+0x22b/0x2460 [ 350.746392][ T8564] alloc_slab_page+0x4e/0xf0 [ 350.751036][ T8564] new_slab+0x84/0x260 [ 350.755167][ T8564] ___slab_alloc+0xdac/0x1870 [ 350.759995][ T8564] __slab_alloc.constprop.0+0x56/0xb0 [ 350.765426][ T8564] __kmalloc_cache_noprof+0x2b4/0x300 [ 350.770862][ T8564] rxrpc_alloc_connection+0x8b/0x6e0 [ 350.776215][ T8564] rxrpc_prealloc_service_connection+0x26/0x380 [ 350.782524][ T8564] rxrpc_service_prealloc_one+0x2bf/0xee0 [ 350.788300][ T8564] rxrpc_kernel_charge_accept+0xd7/0x120 [ 350.793999][ T8564] afs_charge_preallocation+0xce/0x330 [ 350.799509][ T8564] afs_open_socket+0x2b3/0x380 [ 350.804318][ T8564] afs_net_init+0x95d/0xc60 [ 350.808899][ T8564] ops_init+0xbc/0x650 [ 350.813111][ T8564] page last free pid 5235 tgid 5235 stack trace: [ 350.819560][ T8564] free_unref_page+0x64a/0xe40 [ 350.824386][ T8564] __put_partials+0x14c/0x170 [ 350.829138][ T8564] qlist_free_all+0x4e/0x140 [ 350.834058][ T8564] kasan_quarantine_reduce+0x192/0x1e0 [ 350.839605][ T8564] __kasan_slab_alloc+0x69/0x90 [ 350.844519][ T8564] __kmalloc_cache_noprof+0x11e/0x300 [ 350.850066][ T8564] ref_tracker_alloc+0x17c/0x5b0 [ 350.855083][ T8564] register_netdevice+0x164b/0x1e90 [ 350.860333][ T8564] register_netdev+0x2f/0x50 [ 350.864967][ T8564] ip6gre_init_net+0x2fe/0x450 [ 350.869811][ T8564] ops_init+0xbc/0x650 [ 350.873942][ T8564] setup_net+0x435/0xb40 [ 350.878229][ T8564] copy_net_ns+0x2fb/0x700 [ 350.882698][ T8564] create_new_namespaces+0x3ea/0xad0 [ 350.888037][ T8564] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 350.893740][ T8564] ksys_unshare+0x419/0x970 [ 350.898410][ T8564] [ 350.900767][ T8564] Memory state around the buggy address: [ 350.906493][ T8564] ffff8880306bb000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 350.914595][ T8564] ffff8880306bb080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 350.922703][ T8564] >ffff8880306bb100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 350.931244][ T8564] ^ [ 350.938994][ T8564] ffff8880306bb180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 350.947096][ T8564] ffff8880306bb200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 350.955218][ T8564] ================================================================== [ 351.039691][ T8564] ================================================================== [ 351.047890][ T8564] BUG: KASAN: slab-use-after-free in __sock_queue_rcv_skb+0x9ec/0xa80 [ 351.056194][ T8564] Read of size 8 at addr ffff8880306bb028 by task syz.2.1267/8564 [ 351.064221][ T8564] [ 351.066583][ T8564] CPU: 1 UID: 0 PID: 8564 Comm: syz.2.1267 Tainted: G B 6.11.0-rc6-syzkaller-00183-gb831f83e40a2 #0 [ 351.078956][ T8564] Tainted: [B]=BAD_PAGE [ 351.083153][ T8564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 351.093271][ T8564] Call Trace: [ 351.096581][ T8564] [ 351.099573][ T8564] dump_stack_lvl+0x116/0x1f0 [ 351.104310][ T8564] print_report+0xc3/0x620 [ 351.108779][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 351.114466][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 351.120322][ T8564] ? __phys_addr+0xc6/0x150 [ 351.124877][ T8564] kasan_report+0xd9/0x110 [ 351.129347][ T8564] ? __sock_queue_rcv_skb+0x9ec/0xa80 [ 351.134762][ T8564] ? __sock_queue_rcv_skb+0x9ec/0xa80 [ 351.140185][ T8564] __sock_queue_rcv_skb+0x9ec/0xa80 [ 351.145687][ T8564] sock_queue_rcv_skb_reason+0xa2/0xe0 [ 351.151372][ T8564] mgmt_cmd_status+0x304/0x520 [ 351.156200][ T8564] cmd_complete_rsp+0x111/0x160 [ 351.161109][ T8564] mgmt_pending_foreach+0xe2/0x140 [ 351.166282][ T8564] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 351.171717][ T8564] __mgmt_power_off+0x12f/0x2c0 [ 351.176709][ T8564] ? __pfx___mgmt_power_off+0x10/0x10 [ 351.182131][ T8564] ? bit_wait_timeout+0x14f/0x170 [ 351.187220][ T8564] ? lockdep_hardirqs_on+0x7c/0x110 [ 351.192474][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 351.198162][ T8564] ? 0xffffffff81000000 [ 351.202343][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 351.208030][ T8564] hci_dev_close_sync+0xc33/0x1110 [ 351.213187][ T8564] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 351.218783][ T8564] hci_dev_do_close+0x2e/0x90 [ 351.223500][ T8564] hci_dev_close+0x183/0x1e0 [ 351.228130][ T8564] hci_sock_ioctl+0x28c/0x880 [ 351.232927][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 351.238610][ T8564] ? __pfx_hci_sock_ioctl+0x10/0x10 [ 351.243871][ T8564] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 351.250277][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 351.255965][ T8564] sock_do_ioctl+0x119/0x280 [ 351.260610][ T8564] ? __pfx_sock_do_ioctl+0x10/0x10 [ 351.265955][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 351.271644][ T8564] sock_ioctl+0x22e/0x6c0 [ 351.276028][ T8564] ? __pfx_sock_ioctl+0x10/0x10 [ 351.281282][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 351.286978][ T8564] ? __fget_files+0x256/0x400 [ 351.291737][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 351.297431][ T8564] ? __pfx_sock_ioctl+0x10/0x10 [ 351.302345][ T8564] __x64_sys_ioctl+0x196/0x220 [ 351.307373][ T8564] do_syscall_64+0xcd/0x250 [ 351.311913][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.317935][ T8564] RIP: 0033:0x7ff696d7cef9 [ 351.322376][ T8564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 351.342208][ T8564] RSP: 002b:00007ff697ba4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 351.350661][ T8564] RAX: ffffffffffffffda RBX: 00007ff696f35f80 RCX: 00007ff696d7cef9 [ 351.359288][ T8564] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004 [ 351.367296][ T8564] RBP: 00007ff696def01e R08: 0000000000000000 R09: 0000000000000000 [ 351.375655][ T8564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 351.383833][ T8564] R13: 0000000000000000 R14: 00007ff696f35f80 R15: 00007ffffd971dc8 [ 351.391977][ T8564] [ 351.395015][ T8564] [ 351.397348][ T8564] Allocated by task 7507: [ 351.401700][ T8564] kasan_save_stack+0x33/0x60 [ 351.406477][ T8564] kasan_save_track+0x14/0x30 [ 351.411994][ T8564] __kasan_kmalloc+0xaa/0xb0 [ 351.416630][ T8564] __kmalloc_noprof+0x1e8/0x400 [ 351.421522][ T8564] sk_prot_alloc+0x1a8/0x2a0 [ 351.426145][ T8564] sk_alloc+0x36/0xb90 [ 351.430260][ T8564] bt_sock_alloc+0x3b/0x3a0 [ 351.434811][ T8564] hci_sock_create+0xbc/0x1a0 [ 351.439541][ T8564] bt_sock_create+0x185/0x350 [ 351.445011][ T8564] __sock_create+0x331/0x800 [ 351.449648][ T8564] __sys_socket+0x14f/0x260 [ 351.454202][ T8564] __x64_sys_socket+0x72/0xb0 [ 351.459008][ T8564] do_syscall_64+0xcd/0x250 [ 351.463537][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.469552][ T8564] [ 351.471885][ T8564] Freed by task 8567: [ 351.475885][ T8564] kasan_save_stack+0x33/0x60 [ 351.480604][ T8564] kasan_save_track+0x14/0x30 [ 351.485320][ T8564] kasan_save_free_info+0x3b/0x60 [ 351.490402][ T8564] poison_slab_object+0xf7/0x160 [ 351.495380][ T8564] __kasan_slab_free+0x32/0x50 [ 351.500272][ T8564] kfree+0x12a/0x3b0 [ 351.504199][ T8564] __sk_destruct+0x5eb/0x720 [ 351.509463][ T8564] sk_destruct+0xc2/0xf0 [ 351.513794][ T8564] __sk_free+0xf4/0x3e0 [ 351.518011][ T8564] sk_free+0x6a/0x90 [ 351.521999][ T8564] mgmt_pending_free+0xc0/0xf0 [ 351.526831][ T8564] cmd_complete_rsp+0x119/0x160 [ 351.531783][ T8564] mgmt_pending_foreach+0xe2/0x140 [ 351.536961][ T8564] mgmt_index_removed+0x11f/0x2e0 [ 351.542063][ T8564] hci_sock_bind+0xc49/0x16f0 [ 351.546769][ T8564] __sys_bind+0x1ee/0x220 [ 351.551578][ T8564] __x64_sys_bind+0x72/0xb0 [ 351.556397][ T8564] do_syscall_64+0xcd/0x250 [ 351.561026][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.567118][ T8564] [ 351.569478][ T8564] The buggy address belongs to the object at ffff8880306bb000 [ 351.569478][ T8564] which belongs to the cache kmalloc-2k of size 2048 [ 351.583590][ T8564] The buggy address is located 40 bytes inside of [ 351.583590][ T8564] freed 2048-byte region [ffff8880306bb000, ffff8880306bb800) [ 351.597435][ T8564] [ 351.599775][ T8564] The buggy address belongs to the physical page: [ 351.606207][ T8564] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x306b8 [ 351.615003][ T8564] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 351.623975][ T8564] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 351.632170][ T8564] page_type: 0xfdffffff(slab) [ 351.637434][ T8564] raw: 00fff00000000040 ffff88801ac42000 0000000000000000 dead000000000001 [ 351.646233][ T8564] raw: 0000000000000000 0000000000080008 00000001fdffffff 0000000000000000 [ 351.654861][ T8564] head: 00fff00000000040 ffff88801ac42000 0000000000000000 dead000000000001 [ 351.663575][ T8564] head: 0000000000000000 0000000000080008 00000001fdffffff 0000000000000000 [ 351.672314][ T8564] head: 00fff00000000003 ffffea0000c1ae01 ffffffffffffffff 0000000000000000 [ 351.681019][ T8564] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 351.689746][ T8564] page dumped because: kasan: bad access detected [ 351.696193][ T8564] page_owner tracks the page as allocated [ 351.701926][ T8564] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5235, tgid 5235 (syz-executor), ts 113425910405, free_ts 113412156564 [ 351.723622][ T8564] post_alloc_hook+0x2d1/0x350 [ 351.728446][ T8564] get_page_from_freelist+0x1351/0x2e50 [ 351.734053][ T8564] __alloc_pages_noprof+0x22b/0x2460 [ 351.739477][ T8564] alloc_slab_page+0x4e/0xf0 [ 351.744095][ T8564] new_slab+0x84/0x260 [ 351.748224][ T8564] ___slab_alloc+0xdac/0x1870 [ 351.752971][ T8564] __slab_alloc.constprop.0+0x56/0xb0 [ 351.758388][ T8564] __kmalloc_cache_noprof+0x2b4/0x300 [ 351.763889][ T8564] rxrpc_alloc_connection+0x8b/0x6e0 [ 351.769224][ T8564] rxrpc_prealloc_service_connection+0x26/0x380 [ 351.775515][ T8564] rxrpc_service_prealloc_one+0x2bf/0xee0 [ 351.781361][ T8564] rxrpc_kernel_charge_accept+0xd7/0x120 [ 351.787029][ T8564] afs_charge_preallocation+0xce/0x330 [ 351.792521][ T8564] afs_open_socket+0x2b3/0x380 [ 351.797359][ T8564] afs_net_init+0x95d/0xc60 [ 351.801908][ T8564] ops_init+0xbc/0x650 [ 351.806003][ T8564] page last free pid 5235 tgid 5235 stack trace: [ 351.812431][ T8564] free_unref_page+0x64a/0xe40 [ 351.817240][ T8564] __put_partials+0x14c/0x170 [ 351.821950][ T8564] qlist_free_all+0x4e/0x140 [ 351.826660][ T8564] kasan_quarantine_reduce+0x192/0x1e0 [ 351.832162][ T8564] __kasan_slab_alloc+0x69/0x90 [ 351.837057][ T8564] __kmalloc_cache_noprof+0x11e/0x300 [ 351.842477][ T8564] ref_tracker_alloc+0x17c/0x5b0 [ 351.847498][ T8564] register_netdevice+0x164b/0x1e90 [ 351.852786][ T8564] register_netdev+0x2f/0x50 [ 351.857480][ T8564] ip6gre_init_net+0x2fe/0x450 [ 351.862390][ T8564] ops_init+0xbc/0x650 [ 351.866500][ T8564] setup_net+0x435/0xb40 [ 351.870784][ T8564] copy_net_ns+0x2fb/0x700 [ 351.875242][ T8564] create_new_namespaces+0x3ea/0xad0 [ 351.880562][ T8564] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 351.886272][ T8564] ksys_unshare+0x419/0x970 [ 351.890827][ T8564] [ 351.893178][ T8564] Memory state around the buggy address: [ 351.898910][ T8564] ffff8880306baf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 351.907192][ T8564] ffff8880306baf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 351.915287][ T8564] >ffff8880306bb000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 351.923372][ T8564] ^ [ 351.928808][ T8564] ffff8880306bb080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 351.936963][ T8564] ffff8880306bb100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 351.945043][ T8564] ================================================================== [ 351.993610][ T8564] ================================================================== [ 352.001733][ T8564] BUG: KASAN: slab-use-after-free in __sock_queue_rcv_skb+0x295/0xa80 [ 352.009938][ T8564] Write of size 4 at addr ffff8880306bb140 by task syz.2.1267/8564 [ 352.017952][ T8564] [ 352.020302][ T8564] CPU: 1 UID: 0 PID: 8564 Comm: syz.2.1267 Tainted: G B 6.11.0-rc6-syzkaller-00183-gb831f83e40a2 #0 [ 352.032508][ T8564] Tainted: [B]=BAD_PAGE [ 352.036682][ T8564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 352.046777][ T8564] Call Trace: [ 352.050083][ T8564] [ 352.053040][ T8564] dump_stack_lvl+0x116/0x1f0 [ 352.057783][ T8564] print_report+0xc3/0x620 [ 352.062267][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.067959][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.073824][ T8564] ? __phys_addr+0xc6/0x150 [ 352.078384][ T8564] kasan_report+0xd9/0x110 [ 352.082865][ T8564] ? __sock_queue_rcv_skb+0x295/0xa80 [ 352.088287][ T8564] ? __sock_queue_rcv_skb+0x295/0xa80 [ 352.093712][ T8564] kasan_check_range+0xef/0x1a0 [ 352.098601][ T8564] __sock_queue_rcv_skb+0x295/0xa80 [ 352.104116][ T8564] sock_queue_rcv_skb_reason+0xa2/0xe0 [ 352.109629][ T8564] mgmt_cmd_status+0x304/0x520 [ 352.114547][ T8564] cmd_complete_rsp+0x111/0x160 [ 352.119462][ T8564] mgmt_pending_foreach+0xe2/0x140 [ 352.124732][ T8564] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 352.130182][ T8564] __mgmt_power_off+0x12f/0x2c0 [ 352.135135][ T8564] ? __pfx___mgmt_power_off+0x10/0x10 [ 352.140648][ T8564] ? bit_wait_timeout+0x14f/0x170 [ 352.145857][ T8564] ? lockdep_hardirqs_on+0x7c/0x110 [ 352.151147][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.156841][ T8564] ? 0xffffffff81000000 [ 352.161025][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.167411][ T8564] hci_dev_close_sync+0xc33/0x1110 [ 352.172581][ T8564] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 352.178196][ T8564] hci_dev_do_close+0x2e/0x90 [ 352.182925][ T8564] hci_dev_close+0x183/0x1e0 [ 352.187563][ T8564] hci_sock_ioctl+0x28c/0x880 [ 352.192282][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.197967][ T8564] ? __pfx_hci_sock_ioctl+0x10/0x10 [ 352.203991][ T8564] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 352.210137][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.215844][ T8564] sock_do_ioctl+0x119/0x280 [ 352.220503][ T8564] ? __pfx_sock_do_ioctl+0x10/0x10 [ 352.225683][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.231375][ T8564] sock_ioctl+0x22e/0x6c0 [ 352.235763][ T8564] ? __pfx_sock_ioctl+0x10/0x10 [ 352.242679][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.248510][ T8564] ? __fget_files+0x256/0x400 [ 352.253267][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.258966][ T8564] ? __pfx_sock_ioctl+0x10/0x10 [ 352.263893][ T8564] __x64_sys_ioctl+0x196/0x220 [ 352.268755][ T8564] do_syscall_64+0xcd/0x250 [ 352.273308][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.279347][ T8564] RIP: 0033:0x7ff696d7cef9 [ 352.283887][ T8564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 352.303907][ T8564] RSP: 002b:00007ff697ba4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 352.312455][ T8564] RAX: ffffffffffffffda RBX: 00007ff696f35f80 RCX: 00007ff696d7cef9 [ 352.320464][ T8564] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004 [ 352.328474][ T8564] RBP: 00007ff696def01e R08: 0000000000000000 R09: 0000000000000000 [ 352.336483][ T8564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 352.344776][ T8564] R13: 0000000000000000 R14: 00007ff696f35f80 R15: 00007ffffd971dc8 [ 352.352805][ T8564] [ 352.355850][ T8564] [ 352.358195][ T8564] Allocated by task 7507: [ 352.362538][ T8564] kasan_save_stack+0x33/0x60 [ 352.367449][ T8564] kasan_save_track+0x14/0x30 [ 352.375239][ T8564] __kasan_kmalloc+0xaa/0xb0 [ 352.379984][ T8564] __kmalloc_noprof+0x1e8/0x400 [ 352.385419][ T8564] sk_prot_alloc+0x1a8/0x2a0 [ 352.390068][ T8564] sk_alloc+0x36/0xb90 [ 352.394502][ T8564] bt_sock_alloc+0x3b/0x3a0 [ 352.399160][ T8564] hci_sock_create+0xbc/0x1a0 [ 352.403905][ T8564] bt_sock_create+0x185/0x350 [ 352.408749][ T8564] __sock_create+0x331/0x800 [ 352.413393][ T8564] __sys_socket+0x14f/0x260 [ 352.417947][ T8564] __x64_sys_socket+0x72/0xb0 [ 352.422685][ T8564] do_syscall_64+0xcd/0x250 [ 352.427228][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.433166][ T8564] [ 352.435501][ T8564] Freed by task 8567: [ 352.439588][ T8564] kasan_save_stack+0x33/0x60 [ 352.444323][ T8564] kasan_save_track+0x14/0x30 [ 352.449093][ T8564] kasan_save_free_info+0x3b/0x60 [ 352.454157][ T8564] poison_slab_object+0xf7/0x160 [ 352.459147][ T8564] __kasan_slab_free+0x32/0x50 [ 352.463962][ T8564] kfree+0x12a/0x3b0 [ 352.467909][ T8564] __sk_destruct+0x5eb/0x720 [ 352.472569][ T8564] sk_destruct+0xc2/0xf0 [ 352.476878][ T8564] __sk_free+0xf4/0x3e0 [ 352.481180][ T8564] sk_free+0x6a/0x90 [ 352.486000][ T8564] mgmt_pending_free+0xc0/0xf0 [ 352.490835][ T8564] cmd_complete_rsp+0x119/0x160 [ 352.495765][ T8564] mgmt_pending_foreach+0xe2/0x140 [ 352.500940][ T8564] mgmt_index_removed+0x11f/0x2e0 [ 352.506276][ T8564] hci_sock_bind+0xc49/0x16f0 [ 352.511076][ T8564] __sys_bind+0x1ee/0x220 [ 352.516064][ T8564] __x64_sys_bind+0x72/0xb0 [ 352.520624][ T8564] do_syscall_64+0xcd/0x250 [ 352.525255][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.531208][ T8564] [ 352.533547][ T8564] The buggy address belongs to the object at ffff8880306bb000 [ 352.533547][ T8564] which belongs to the cache kmalloc-2k of size 2048 [ 352.547641][ T8564] The buggy address is located 320 bytes inside of [ 352.547641][ T8564] freed 2048-byte region [ffff8880306bb000, ffff8880306bb800) [ 352.561575][ T8564] [ 352.563919][ T8564] The buggy address belongs to the physical page: [ 352.570350][ T8564] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x306b8 [ 352.579150][ T8564] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 352.587736][ T8564] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 352.596275][ T8564] page_type: 0xfdffffff(slab) [ 352.601515][ T8564] raw: 00fff00000000040 ffff88801ac42000 0000000000000000 dead000000000001 [ 352.610581][ T8564] raw: 0000000000000000 0000000000080008 00000001fdffffff 0000000000000000 [ 352.619297][ T8564] head: 00fff00000000040 ffff88801ac42000 0000000000000000 dead000000000001 [ 352.628365][ T8564] head: 0000000000000000 0000000000080008 00000001fdffffff 0000000000000000 [ 352.637082][ T8564] head: 00fff00000000003 ffffea0000c1ae01 ffffffffffffffff 0000000000000000 [ 352.645797][ T8564] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 352.654495][ T8564] page dumped because: kasan: bad access detected [ 352.661016][ T8564] page_owner tracks the page as allocated [ 352.666744][ T8564] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5235, tgid 5235 (syz-executor), ts 113425910405, free_ts 113412156564 [ 352.688358][ T8564] post_alloc_hook+0x2d1/0x350 [ 352.693182][ T8564] get_page_from_freelist+0x1351/0x2e50 [ 352.698785][ T8564] __alloc_pages_noprof+0x22b/0x2460 [ 352.704125][ T8564] alloc_slab_page+0x4e/0xf0 [ 352.708789][ T8564] new_slab+0x84/0x260 [ 352.712931][ T8564] ___slab_alloc+0xdac/0x1870 [ 352.717694][ T8564] __slab_alloc.constprop.0+0x56/0xb0 [ 352.723120][ T8564] __kmalloc_cache_noprof+0x2b4/0x300 [ 352.728546][ T8564] rxrpc_alloc_connection+0x8b/0x6e0 [ 352.734067][ T8564] rxrpc_prealloc_service_connection+0x26/0x380 [ 352.740414][ T8564] rxrpc_service_prealloc_one+0x2bf/0xee0 [ 352.746175][ T8564] rxrpc_kernel_charge_accept+0xd7/0x120 [ 352.751847][ T8564] afs_charge_preallocation+0xce/0x330 [ 352.757374][ T8564] afs_open_socket+0x2b3/0x380 [ 352.762185][ T8564] afs_net_init+0x95d/0xc60 [ 352.766837][ T8564] ops_init+0xbc/0x650 [ 352.770954][ T8564] page last free pid 5235 tgid 5235 stack trace: [ 352.777304][ T8564] free_unref_page+0x64a/0xe40 [ 352.782125][ T8564] __put_partials+0x14c/0x170 [ 352.786854][ T8564] qlist_free_all+0x4e/0x140 [ 352.791533][ T8564] kasan_quarantine_reduce+0x192/0x1e0 [ 352.797043][ T8564] __kasan_slab_alloc+0x69/0x90 [ 352.801947][ T8564] __kmalloc_cache_noprof+0x11e/0x300 [ 352.807460][ T8564] ref_tracker_alloc+0x17c/0x5b0 [ 352.812450][ T8564] register_netdevice+0x164b/0x1e90 [ 352.817690][ T8564] register_netdev+0x2f/0x50 [ 352.822319][ T8564] ip6gre_init_net+0x2fe/0x450 [ 352.827151][ T8564] ops_init+0xbc/0x650 [ 352.831260][ T8564] setup_net+0x435/0xb40 [ 352.835549][ T8564] copy_net_ns+0x2fb/0x700 [ 352.840103][ T8564] create_new_namespaces+0x3ea/0xad0 [ 352.845613][ T8564] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 352.851296][ T8564] ksys_unshare+0x419/0x970 [ 352.855860][ T8564] [ 352.858201][ T8564] Memory state around the buggy address: [ 352.863851][ T8564] ffff8880306bb000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 352.872038][ T8564] ffff8880306bb080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 352.880133][ T8564] >ffff8880306bb100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 352.888240][ T8564] ^ [ 352.894421][ T8564] ffff8880306bb180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 352.902809][ T8564] ffff8880306bb200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 352.911006][ T8564] ================================================================== [ 352.948014][ T8564] Kernel panic - not syncing: kasan.fault=panic_on_write set ... [ 352.956000][ T8564] CPU: 1 UID: 0 PID: 8564 Comm: syz.2.1267 Tainted: G B 6.11.0-rc6-syzkaller-00183-gb831f83e40a2 #0 [ 352.968225][ T8564] Tainted: [B]=BAD_PAGE [ 352.972406][ T8564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 352.982498][ T8564] Call Trace: [ 352.985802][ T8564] [ 352.988777][ T8564] dump_stack_lvl+0x3d/0x1f0 [ 352.993440][ T8564] panic+0x6dc/0x7c0 [ 352.997405][ T8564] ? __pfx_panic+0x10/0x10 [ 353.001884][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.007581][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.013367][ T8564] ? preempt_schedule_common+0x44/0xc0 [ 353.018904][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.025121][ T8564] ? preempt_schedule_thunk+0x1a/0x30 [ 353.030560][ T8564] end_report+0x160/0x180 [ 353.034966][ T8564] kasan_report+0xe9/0x110 [ 353.039456][ T8564] ? __sock_queue_rcv_skb+0x295/0xa80 [ 353.044881][ T8564] ? __sock_queue_rcv_skb+0x295/0xa80 [ 353.050321][ T8564] kasan_check_range+0xef/0x1a0 [ 353.055221][ T8564] __sock_queue_rcv_skb+0x295/0xa80 [ 353.060474][ T8564] sock_queue_rcv_skb_reason+0xa2/0xe0 [ 353.065988][ T8564] mgmt_cmd_status+0x304/0x520 [ 353.070834][ T8564] cmd_complete_rsp+0x111/0x160 [ 353.075755][ T8564] mgmt_pending_foreach+0xe2/0x140 [ 353.080940][ T8564] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 353.087259][ T8564] __mgmt_power_off+0x12f/0x2c0 [ 353.092179][ T8564] ? __pfx___mgmt_power_off+0x10/0x10 [ 353.097620][ T8564] ? bit_wait_timeout+0x14f/0x170 [ 353.102721][ T8564] ? lockdep_hardirqs_on+0x7c/0x110 [ 353.108000][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.113697][ T8564] ? 0xffffffff81000000 [ 353.117886][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.123930][ T8564] hci_dev_close_sync+0xc33/0x1110 [ 353.129110][ T8564] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 353.134718][ T8564] hci_dev_do_close+0x2e/0x90 [ 353.139467][ T8564] hci_dev_close+0x183/0x1e0 [ 353.144139][ T8564] hci_sock_ioctl+0x28c/0x880 [ 353.148965][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.154648][ T8564] ? __pfx_hci_sock_ioctl+0x10/0x10 [ 353.159889][ T8564] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 353.166072][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.171769][ T8564] sock_do_ioctl+0x119/0x280 [ 353.176409][ T8564] ? __pfx_sock_do_ioctl+0x10/0x10 [ 353.181580][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.187361][ T8564] sock_ioctl+0x22e/0x6c0 [ 353.191743][ T8564] ? __pfx_sock_ioctl+0x10/0x10 [ 353.196644][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.202318][ T8564] ? __fget_files+0x256/0x400 [ 353.207074][ T8564] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.212769][ T8564] ? __pfx_sock_ioctl+0x10/0x10 [ 353.217674][ T8564] __x64_sys_ioctl+0x196/0x220 [ 353.222490][ T8564] do_syscall_64+0xcd/0x250 [ 353.227032][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.232974][ T8564] RIP: 0033:0x7ff696d7cef9 [ 353.237417][ T8564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 353.257069][ T8564] RSP: 002b:00007ff697ba4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 353.265526][ T8564] RAX: ffffffffffffffda RBX: 00007ff696f35f80 RCX: 00007ff696d7cef9 [ 353.273523][ T8564] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004 [ 353.281519][ T8564] RBP: 00007ff696def01e R08: 0000000000000000 R09: 0000000000000000 [ 353.289516][ T8564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 353.297509][ T8564] R13: 0000000000000000 R14: 00007ff696f35f80 R15: 00007ffffd971dc8 [ 353.305517][ T8564] [ 353.309074][ T8564] Kernel Offset: disabled [ 353.313503][ T8564] Rebooting in 86400 seconds..