last executing test programs: 30.343716531s ago: executing program 2 (id=1778): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_DISABLE_SE(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000b40)={0x24, r1, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_SE_INDEX={0x8}]}, 0x24}}, 0x0) 30.29494125s ago: executing program 2 (id=1779): pipe(&(0x7f0000000080)) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') fchdir(r0) r1 = memfd_create(&(0x7f0000002280)='\xcaB\x89\xed`@>\x89=\x9e', 0x0) write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) 30.13710059s ago: executing program 2 (id=1782): r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCSETA(r0, 0x8925, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "4feda26323b172e0"}) 29.810515843s ago: executing program 2 (id=1787): syz_read_part_table(0x5e4, &(0x7f0000000600)="$eJzs3D+oHFUUB+DfzO7OvhcSnpWV4IMUBgWfkFIXo5A80wXRTtDWYkViZSG7SwQLjZWNvRZGIYhtCgUJajorER5aiNhbmMJwZefPrqJWT9TA9xUz95w795xZ5k65E+5uZS8p1Xq02ibHdT/4MckkWT3/RDLtUpN+ar3m2WvnL1zcv1RNN7l1dtnPTrcFm6Fw9vvRjXGuXjt84+13TlVZ5la96NLLZPJRk3F7a926d/9807erthb/uTOflu5BNPk6+fLRE/Nq1D789X56P7knO21wkGSU/rBMdtej5vj9r89urh7vx7vpd9qkixZ5oDzSz01SSil1FqeHlaPkvscOLv9V0Un++Dqs92Ipk5PD2nr7FszvNMM+PPvF94us7t9UbzuW0sVHu8nLR08/3NaquhoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPz/nHnlwc+aITjXHqs++uTJpz5Ivb10mfw6jPd3/qH+12c39668frnOq7MXv3nptR8Of8rPSUY5ODyZTDfXvdCdPn6zPY377L27x+0/v1M3H773+bZOX7pKvjr97e0y6tNHmwu295RZfdz2AAAAAAAAAAAAAAAAAAAA0Dp/4eL+pTrPJFWey/bv/iU7STV8CmAdlFLKL6WTnL0xnl9tcuVEN3/ru/6zAaX6ffVzyd6ppEzfemj4rMCyrTRuW1T/1q/k7/wWAAD//27mZ2s=") mount(&(0x7f0000000000)=@filename='./file1\x00', &(0x7f0000000240)='./file1\x00', &(0x7f00000004c0)='hfsplus\x00', 0x0, 0x0) 29.542128216s ago: executing program 2 (id=1792): mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0xd8f3dccb89506ebe, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) mount$tmpfs(0x0, &(0x7f00000000c0)='./file0/../file0/../file0\x00', 0x0, 0x20, &(0x7f0000000000)={[{@gid={'gid', 0x3d, r1}}]}) 29.375799267s ago: executing program 2 (id=1795): io_uring_setup(0x4442, &(0x7f0000001300)={0x0, 0x0, 0x1046, 0x7}) 28.969053383s ago: executing program 0 (id=1799): fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) capset(0x0, 0x0) capset(0x0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x8}) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$user(&(0x7f0000000480), &(0x7f0000000280)={'syz', 0x0}, &(0x7f0000000a00)="c218b8fb4f2711662cda1925942565487e7d348d3cb55586a0b8af4c8b0e15dd9b6a54e2b1949a11fd43529b6d7178ad1bca2c14db39ff5a5cc5653035257088bc479654863b4172cad06d296711c31da28fd6ee8733d014bdff64c5adb64d1df761b14bf856875d2ccbe1d4559c3a7600ffffff237a5aa929be91720ce0468e265d13f9ce80c2d474cff4fabd20cfa00fdc867ccd24521a769b61fd609b55a3672c221fc7ad9d29bb5a826e9e7fc46139e19be09c2528fdfba998dd047e8115c02807698c6c824a940100000000000000636c88246f7df2ea55c356a3f2ff7136e7f1cc7dc8a6500d08b554a0932784e08369203b220e9d7109cee984e6c620739f594cd4e06742cad50cc162b30348ab2082176734522f00f9b1baec7e6aeed020c10affa1d20a79dde91f42882b766be08d1a9b39060af788a357b05120948857f8dde09dbde139ec000000000000177c19e9d794dbc1fedae6b4fe888eb81797573ce9264ccbdc895515eebc9daf41f7726af1f421a30ea5f0e0e2f5d25500", 0x181, r0) r2 = add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f00000003c0)='X', 0x1, 0xfffffffffffffffe) r3 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000100)={r2, r3, r1}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'crct10dif\x00\x00\x00 \x00\x00\x00+\xcc\xff%\xd2cTH,\x00'}}) sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000380)=0xffffffffffffffff, 0x12) r4 = socket$inet(0x2, 0x4000000805, 0x0) sendmmsg(r4, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) ioctl$VFAT_IOCTL_READDIR_BOTH(0xffffffffffffffff, 0x82307201, 0x0) 28.864529712s ago: executing program 0 (id=1800): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffff7a, 0x0, 0x0, 0x2b, '\x00', 0x0, 0x9}, 0x90) r0 = syz_io_uring_setup(0x6167, &(0x7f0000000400)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 28.738885797s ago: executing program 0 (id=1801): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r1, 0x4068aea3, &(0x7f0000000200)={0xc1, 0x0, 0x3}) 28.54997334s ago: executing program 0 (id=1802): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x3e, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f00000002c0)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000680)={r1}) 28.532966697s ago: executing program 0 (id=1803): mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0xd8f3dccb89506ebe, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) mount$tmpfs(0x0, &(0x7f00000000c0)='./file0/../file0/../file0\x00', 0x0, 0x20, &(0x7f0000000000)={[{@gid={'gid', 0x3d, r1}}]}) 28.468584693s ago: executing program 0 (id=1804): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0x6, 0x15, &(0x7f0000001480)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f900001ab703000008000000b704000000001500850000003300000095"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="30000000190001000000000000000000021800000000ff000000000008000100ac1414000c00090008"], 0x30}}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000040)="cb", 0xfffffdef) 26.329402689s ago: executing program 1 (id=1826): r0 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r0, 0x8b0d, &(0x7f0000000040)={'virt_wifi0\x00'}) 26.304622205s ago: executing program 1 (id=1828): r0 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0185648, &(0x7f0000000080)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f905, 0x0, '\x00', @value64}}) 26.238736551s ago: executing program 1 (id=1829): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x7, 0x8, 0x8, 0x5}, 0x48) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder-control\x00', 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f00000001c0)={'#! ', './file0'}, 0xb) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0) ioctl$BINDER_CTL_ADD(r1, 0xc1086201, &(0x7f0000000080)={'binder0\x00'}) 26.235831717s ago: executing program 1 (id=1830): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000900)=ANY=[@ANYBLOB="14000000760023"], 0x14}], 0x1}, 0x0) 26.151645411s ago: executing program 1 (id=1831): mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0xd8f3dccb89506ebe, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) mount$tmpfs(0x0, &(0x7f00000000c0)='./file0/../file0/../file0\x00', 0x0, 0x20, &(0x7f0000000000)={[{@gid={'gid', 0x3d, r1}}]}) 26.095949274s ago: executing program 1 (id=1832): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x1000806, &(0x7f0000001780)=ANY=[@ANYBLOB='iocharset=cp1255,umask=00000000000000000000777,gid=', @ANYRESHEX=0xee01, @ANYBLOB=',dmask=00000000000000000000005,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c646d61736b3d30303030303030303030303030303030303030303032372c6572726f72733d636f6e74696e75652c6572726f72733d72656d6f756e742d726f2c00a36a9f3782f0352ef82c07fa1b6ef8989ed1a01b254c18f4a1aa23"], 0x9, 0x1505, &(0x7f0000000180)="$eJzs3Au4jdX2MPAx5pwvm9BKcp9jjpeVXCZJEknIJUmSJMktIUmSJCS33JKQhNyT3ENyC8n9fss9SY4kSUJCwvweHefzndPp9P2/0/mc59nj9zzz2XPstcZY411jr9u7n72/azewUp3K5WsxM/xb8K9fugJACgD0AYBrASACgOKZi2e+dHk6jV3/vRsRf66Hp1ztDsTVJPNP3WT+qZvMP3WT+aduMv/UTeafusn8UzeZvxCp2ZapOa6TlXqXnP9PzeT1P3WT+aduMv/UTeafusn8UzOW+adyMv/UTeafusn8hUjN/pTzyGkvF/svOJ/9H1h/u6uudh9/sKL/p7yr95MnhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEECI1ORuuMADwt/3V7ksIIYQQQgghhBB/npD2ancghBBCCCGEEEKI/zwEMBoMRJAG0kIKpIP0cA1kgIyQCa6FBFwHmeF6yAI3QFbIBtkhB+SEXJAbLBA4YIghD+SFJNwI+eAmyA8FoCAUAg+FoQjcDEXhFigGt0JxuA1KwO1QEkrBHVAa7oQycBeUhXJQHu6GClARKkFluAeqwL1QFe6DanA/VIcHoAY8CDXhIagFD0NteATqwKNQFx6DelAfGkBDaPTP8/W/zn8JOsHL0Bm66Ev3QHd4BXpAT+gFvaEPvAp94TXoB69DfxgAA+ENGARvwmB4C4bAUBgGb8NwGAEjYRSMhjEwFt6BcfAujIf3YAJMhEkwGabAVJgG78N0mAEz4QOYBR/CbJgDc2EezIePYAEshEXwMSyGT2AJLIVlsBxWwEpYBathDayFdbAeNsBG2ASbYQt8ClthG2yHHbATdsFu+Az2wOewF76AffDl/zD/zD/kt0dAQIUKDRpMg2kwBVMwPabHDJgBM2EmTGACM2NmzIJZMCtmxeyYHXNiTsyNuZGQkJExD+bBJCYxH+bD/JgfC2JB9OixCBbBongLFsNiWByLYwksgSWxFJbC0lgay2AZLItlsfztcwCwAlbCSngP3oP3YlWsitWwGlbH6lgDa2BNrIm1sBbWxtpYB+tgXayL9bAeNsAG2AgbYWNsjE2wCTbDZtgcm2MLbIEtsSW2wlbYGltjG2yDbbEttsN22B47YAd8CV/Cl/Fl7IIVVDfsjt2xB/bAXtgbe+Or2Bdfw9fwdeyPA3AgvoFv4Js4GE/jEByKw3AYllEjcCSOQlZjcCyOxXE4DsfjeJyAE3EiTsYpOBWn4TScjjNwBn6As/BD/BDn4Bych/NxPi7AhbgIF+FiPINLcCkuw+W4AlfiClyNa3A1rlN/e2huxs34KX6K23Ab7sAduAt34Wf4GX6On2N/3If7cD/uxwN4AA/iQTyEh/AwHsYjeASP4lE8hsfwOJ7Ak3gCT+EpPI1n8CyexXN4Ds/jCzm/qb2rwNr+oC4xyqg0Ko1KUSkqvUqvMqgMKpPKpBIqoTKrzCqLyqKyqqwqu8qucqqcKrfKrUiRYhWrPCqPSqqkyqfyAUBXVVAVVF55VUQVUUVVUVVMFVPF1W2qhLpdlVSlVFNfWpVWZVQzX1aVU+VVeVVBVVSVVGVVWVVRVVRVVVVVU9VUdVVd1VAPqpqqG/bCh9WlydRRA7CuGoj1VH3VQDVUb+LjqrEajE1UU9VMPamG4hBsoRr7luoZ1UqNxNbqOTUKn1dt1Rhsp15U7VUH1VG9pDqpJr6z6qImYDfVXU3GHqqn6qV6q+lYUV2aWCX1uuqvBqiB6g01D99Ug9Vbaogaqoapt9VwNUKNVKPUaDVGjVXvqHHqXTVevacmqIlqkpqspqipapp6X01XM9RM9YGapT5Us9UcNVfNU/PVR2qBWqgWqY/VYvWJWqKWqmVquVqhVqpVarVao9aqdWq92qA2qk1qs9qiPlVb1Ta1Xe1QO9UutVt9pvaoz9Ve9YXap75U+9Vf1AH1lTqovlaH1DfqsPpWHVHfqaPqe3VMdVHH1Ql1Uv2oTqmf1Gl1Rp1VP6tz6hd1Xl1QF1VQoFErrbXRkU6j0+oUnU6n19foDDqjzqSv1Ql9nc6sr9dZ9A06q86ms+scOqfOpXNrq0k7zTrWeXRendQ36nz6Jp1fF9AFdSHtdWFdRN+si+pbdDF9qy6ub9Ml9O26pC6l79Cl9Z26jL5Ll9XldHl9t66gK+pKurK+R1fR9+qq+j5dTd+vq+sHdA39oK6pH9K19MO6tn5E19GP6rr6MV1P19cNdEPdSD+uG+sndBPdVDfTT+rm+indQj+tW+pndCv9rG6tn9Nt9PO6rX5Bt9Mv6va6g+6oL+iLOujOuovuqrvp7voV3UP31L10b91Hv6r76td0P/267q8H6IH6DT1Iv6kH67f0ED1UD9Nv6+F6hB6pR+nReoweq9/R4/S7erx+T0/QE/UkPVlP0VN1r8uVZl7KN/Av89/9J/n9fr31zXqL/lRv1dv0dr1D79S79G69W+/Re/RevVfv0/v0fr1fH9AH9EF9UB/Sh/RhfVgf0Uf0UX1UH9PH9HF9Qv+sf9Sn9E/6tD6jz+if9Tl9Tp+/fB+AQaOMNsZEJo1Ja1JMOpPeXGMymIwmk7nWJMx1JrO53mQxN5isJpvJbnKYnCaXyW2sIeMMm9jkMXlN0txo8pmbTH5TwBQ0hYw3hU0Rc/Pv5UeXn+H+MP93+ls+6XJ+I9PINDaNTRPTxDQzzUxz09y0MC1MS9PStDKtTGvT2rQxbUxb09a0M+1Me9PedDQdTSfTyXRGMF1NV9PdvGJ6mJ6ml+lt+phXTV/T1/Qz/Ux/098MNAPNIDPIDDaDzRAzxAwzw8xwM9yMNCPNaDPajDVjzTgzzow3480EM8FMMpPMFDPFXHphvWSmmWlmmVlmtplt5pq5Zr6ZbxaYBWaRWWQWm8VmiVlqlprlZrlZaVaa1Wa1WWvWmvVmvdloNpolZovZYraarWa72W52mp1mt9lt9pg9Zq/Za/aZfWa/2W8OmAPmoDloDplD5rA5bI6YI+aoOWqOmWPmuDluTpqT5pQ5ZU6b0+asOWvOmXPmvDlvLpqLl972RSpSkYlMlCZKE6VEKVH6KH2UIcoQZYoyRYkoEWWOMkdZohuirFG2KHuUI8oZ5YpyRzaiyEUcxVGeKG+UjG6M8kU3RfmjAlHBqFDko8JRkejmqGh0S1QsujUqHt0WlYhuj0pGpaI7otLRnVGZ6K6obFQuKh/dHVWIKkaVosrRPVGV6N6oanRfVC26P6oePRDViB6MakYPRbWih6Pa0SNRnejRqG70WFQvqh81iBpGjf7U+iGczvaE72y72LTQzXa3r9getqftZXvbPvZV29e+ZvvZ121/O8AOtG/YQfZNO9i+ZYfYoXaYfdsOtyPsSDvKjrZj7Fj7jh1n37Xj7Xt2gp1oJ9nJdoqdaqfZ9+10O8POtB/YWfZDO9vOsXPtPDvffmQX2IV2kf3YLraf2CV2qV1ml9sVdqVdZVfbNXatXWfX2w12o91kN9st9lO71W6z2+0Ou9PusrvtZ3aP/dzutV/YffZLu9/+xR6wX9mD9mt7yH5jD9tv7RH7nT1qv7fH7A/2uD1hT9of7Sn7kz1tz9iz9md7zv5iz9sL9qINl97cX3p5J0OG0lAaSqEUSk/pKQNloEyUiRKUoMyUmbJQFspKWSk7ZaeclJNyU266hIkpD+WhJCUpH+Wj/JSfClJB8uSpCBWholSUilExKk7FqQSVuPxoAbqT7qS76C4qR+XobrqbKlJFqkyVqQpVoapUlapRNapO1akG1aCaVJNqUS2qTbWpDtWhulSX6lE9akANqBE1osbUmJpQE2pGzag5NacW1IJaUktqRa2oNbWmNtSG2lJbakftqD21p47UkTpRJ+pMnakrdaXu1J16UA/qRb2oD/WhvtSX+lE/6k/9aSANpEE0iAbTYBpCQ2kYvU3DaQSNpFE0msbQWBpL42gcjafxNIEm0CSaRFNoCk2jaTSdptNMmkmzaBbNptk0l+bSfJpPC2gBLaJFtJgW0xJaQstoGa2gFbSKVtEaWkPraB1toA20iTbRFtpCW2krbafttJN20m7aTXtoD+2lvbSP9tF+2k8H6AAdpIN0iA7RYTpMR+gIHaWjdIyO0XE6TifpJJ2iU3SaTtNZOkvn6Bc6TxfoIgVKcelceneNy+AyukzuWvePcXaXw+V0uVxuZ11Wl+3vYnLO5XcFXEFXyHlX2BVxN/8mLulKuTtcaXenK+PucmV/E1dx97qq7j5Xzd3vKrt7/i6u7h5wNdyjrqZ7zNVy9V1t19DVcY+6uu4xV8/Vdw1cQ9fcPeVauKddS/eMa+We/U28wC10a9xat86td3vc5+6s+9kdcd+5c+4X19l1cX3cq66ve831c6+7/m7Ab+Jh7m033I1wI90oN9qN+U08yU12U9xUN82976a7Gb+J57uP3Cy3yM12c9xcN+/X+FJPi9zHbrH7xC1xS90yt9ytcCvdKrf6f/e63G10m9xmt9t95ra6bW672+F2ul2/xpeOY6/7wu1zX7rD7lt3wH3lDrqj7pD75tf40vEddd+7Y+4Hd9ydcCfdj+6U+8mddmd+Pf5Lx/6ju+AuuuCAkRVrNhxxGk7LKZyO0/M1nIEzcia+lhN8HWfm6zkL38BZORtn5xyck3NxbrZM7Jg55jycl5N8I+fjmzg/F+CCXIg9F+YifDMX5Vu4GN/Kxfk2LsG3c0kuxXdwab6Ty/BdXJbLcXm+mytwRa7ElfkersL3clW+j6vx/VydH+Aa/CDX5Ie4Fj/MtfkRrsOPcl1+jOtxfW7ADbkRP86N+Qluwk25GT/JzfkpbsFPc0t+hlvxs9yan+M2/Dy35Re4Hb/I7bkDd+SXuBO/zJ25C3flbtydX+Ee3JN7cW/uw69yX36N+/Hr3J8H8EB+gwfxmzyY3+IhPJSH8ds8nEfwSB7Fo3kMj+V3eBy/y+P5PZ7AE3kST+YpPJWn8fs8nWfwTP6AZ/GHPJvn8Fyex/P5I17AC3kRf8yL+RNewkt5GS/nFbySV/FqXsNreR2v5w28kTfxZt7Cn/JW3sbIO3gn7+Ld/Bnv4c95L3/B+/hL3s9/4QP8FR/kr/kQf8OH+Vs+wt/xUf6ej/EPfJxP8En+kU/xT3yaz/BZ/pnP8S98ni/wRQ4MMcYq1rGJozhNnDZOidPF6eNr4gxxxjhTfG2ciK+LM8fXx1niG+KscbY4e5wjzhnninPHNqbYxRzHcZ44b5yMb4zzxTfF+eMCccG4UOzjwnGR+Oa4aHxLXCy+NS4e3xaXiG+PS8al4kfvLx3fGZeJ74rLxuXi8vHdcYW4YlwprhzfE1eJ742rxvfF1eL742LxA3GN+MG4ZvxQXCt+OK4dPxLXiR+N68aPxfXi+nGDuGHcKH48bhw/ETeJm8bN4ifj5vFTcYv46bhl/EzcKn72Dy/vGneLu8evxK/EIdyn5ybnJecnP0ouSC5MLkp+nFyc/CS5JLk0uSy5PLkiuTK5Krk6uSa5NrkuuT65IbkxuSm5ORlC5bTg0SuvvfGRT+PT+hSfzqf31/gMPqPP5K/1CX+dz+yv91n8DT6rz+az+xw+p8/lc3vryTvPPvZ5fF6f9Df6fP4mn98X8AV9Ie99YV/EN/SNfCPf2D/hm/imvpl/0j/pn/JP+af90/4Z38o/61v753wb/7xv61/wL/gXfXvfwXf0L/lO/mXf2XfxXX1X39139z18D9/L9/J9fB/f1/f1/Xw/399f8AP9QD/ID/KD/WA/xA/xw/wwP9wP9yP9SD/aj/Zj/Vg/zo/z4/14PyFlgp/kJ/kpfoqf5qf56X66n+ln+ln5Z/nZfraf6+f6+X6+X+AX+EV+kV/sF/slfolf5pf5FX6FX+VX+TV+jV/n1/kNfoPf5Df5LX6L3+q3+u1+u9/pd/rdfrff4/f4vX6v3+dDCF32nw3+gD/ov/aH/Df+sP/WH/Hf+aP+e3/M/+CP+xP+pP/Rn/I/+dP+jD/rf/bn/C/+vL/gL/rgxybeSYxLvJsYn3gvMSExMTEpMTkxJTE1MS3xfmJ6YkZiZuKDxKzEh4nZiTmJuYl5ifmJjxILEgsTixIfJxYnPkksSSxNLEssT6xIrEyEkGtrHPKEvCEZbgz5wk0hfygQCoZCwYfCoUi4ORQNt4Ri4dZQPNwWSoTbQ8lQKtwRHgv1Qv3QIDQMjcLjoXF4IjQJTUOz8GRoHp4KLcLToWV4JrQKz4bW4bnQJjwf2oYXQrvwYmgfOoSO4aXQKbwcOocuoWvoFrqHV0KP0DP8EnqHPuHV0De8FvqF10P/MCAMDG+EQeHNMDi8FYaEoWFYeDsMDyPCyDAqjA5jwtjwThgX3g3jw3thQpgYJoXJYUqYGqaF98P0MCPMDB+EWeHDMDvMCXPDvDA/fBQWhIVhUfg4LA6fhCVhaVgWlgdIWRlWhdVhTVgb1oX1YUPYGDaFzWFL+DRsDdvC9rAj7Ay7wu7wWdgTPg97wxdhX/gy7A9/CQfCV+Fg+DocCt+Ew+HbcCR8F46G78Ox8EM4Hk6EkwHDqfBTOB3OhLPh53Au/BLOhwvhovzNmhBCCCHE/xX9B5d3+yffU5cX/Pq7c4CM23Ic+seaG7L+dd9T5WyeAIBnurR7+G+rQoWuXbtevu4SDVHeOQCQuJKfBq7ES6EZPAUtoSkU/af99VQdzvG/rv8bKQCQHv6x/i2/U3/ErD+oHyXnAOTPeyUnHVyJr9Qv9jv1szX+g/rpvhoL0OT/yMkAV+Ir9YvAE/AstPy7awohhBBCCCGEEH/VU93R5o8+3176fJ7TXMlJC1fiP/p8LoQQQgghhBBCiKvv+Q4dn368ZcumbWRzFTbtMv51Cv8t/fzOJs1/Rxt/3gYvn736b+nnP70pd/nR/j/JumpPSUIIIYQQQoj/kCtv+q92J0IIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghROr1/+OfkF3tYxRCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGutv8VAAD//zmwHF0=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) 2.035421848s ago: executing program 3 (id=1905): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f00000000c0)=0x8, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x6, 0x300, 0xfc}, 0x1c) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r1, &(0x7f0000001000)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000640)="0036d551863e1902129da79f5986e05288f50e5398660c1a29b0f45c0cc36902e0251c8d34197b357b32b161f9ad72d55a0eab976aae24ed805271b43f0ce2fea5e764494873e0d82a172b3bb54f59b458fd35039c7d81e9ab07f2fb4dad61bd500a119b54c74a12e4569e47b69a95", 0x6f}], 0x1}}], 0x1, 0x0) 1.858574306s ago: executing program 3 (id=1906): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, "77746a315690a576", "07f217bd2e511e465bbbd5de32b495b2f9044677d4d588360663af84db44be59", "9bbf8c07", "e0e0ffffff000024"}, 0x38) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_256={{0x304}, "76f7bc3e4ae1c84c", "af193cff4810ba5ac120d096eb00b40752095b4285514ca312c52e3a08756735", "5d362ced", "bc3a20b10f4ad11e"}, 0x38) 1.700936729s ago: executing program 3 (id=1907): syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='./file0\x00', 0x800, &(0x7f0000000180)={[{@shortname_mixed}, {@uni_xlate}, {@iocharset={'iocharset', 0x3d, 'iso8859-4'}}, {@uni_xlateno}, {@utf8no}, {@fat=@check_strict}, {@fat=@codepage={'codepage', 0x3d, '737'}}, {@utf8no}, {@rodir}, {@shortname_mixed}, {@numtail}]}, 0x1, 0x2a0, &(0x7f00000003c0)="$eJzs3U1LY1ccB+B/XmqiUBJKQVoKTenGlaili64aKRZKAy0tWbSrSo20GCsoCJWi7qT9DO1XaJfdFroYZjtfYBgYnIHZ6KxcDNwh5sXEyUTjmMk4PM8iHs49v3tO4uF675V78sN762srG1urx8eHkc+nIluOiJNUFCMdmYiZ4ySJ/QAAXicnSRJHSdMV4ukRDAkAGLGT5JM/Iq789x8AuIH6XP93rulT+526r8czOgBgFF7o/r+7/wBwI3373fdfLlYqS9+USvmI9YPt6na1+bO5fXE1fo56uRZzUYgn7f8UNM8WGq+ff1FZmis1PChGfn2vld/brma68lGL+ShEsX9+vtQU1e78GzHVyt+dilosRCHe7p9f6JufiJkPu/qfjULc+TE2oh4r0cg287mI2J0vlT77qnKWb5zXVHOn7QAAAAAAAAAAAAAAAAAAAAAAYBRmS235Vk3v+j2zZw2KvevrdHbx2+nrXBQmB64PdH59nmy8mx3LWwYAAAAAAAAAAAAAAAAAAIBXztavO2vL9Xptc1Dhl9t//3+YawaW6+2n9i9K9S2kWuHhUgeXbfzp5cfz5gf3/zy/KRs7a7nhP5/rLfz3/hg6rW1GdpjUrcOf3vloa/rj57WJbHfN743p0tOmMZH67Dl7nR94umuKPipETFx10g4u/NMulB8/06Y9mWqbky/xV/lWq9ueTdN/lZf/3b33sFWTiQv2M+CgkWSu+SgEAAAAAAAAAAAAAAAAAABEz/Pt3bXp8Q0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMbg7Pv/hy3koqcm39NmotPBUTLW9wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1PAwAA//+jsYgb") r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f00000007c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$FUSE_WRITE(r1, &(0x7f000000ba80)={0x18}, 0x18) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r1, 0x0) msync(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4) 1.54622367s ago: executing program 3 (id=1908): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0) recvmmsg(r0, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/189, 0xbd}, {&(0x7f00000003c0)=""/152, 0x98}, {&(0x7f0000000480)=""/4096, 0x1000}], 0x3}}], 0x7, 0x0, 0x0) 1.226090954s ago: executing program 3 (id=1909): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1) bind$inet(0xffffffffffffffff, 0x0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs2/custom0\x00', 0x2, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20, @loopback}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000b80)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x2828}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r3 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000001000008500000095000000b70000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0xa, 0x1006, &(0x7f0000000880)=""/4102}, 0x90) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setownex(r5, 0xf, 0x0) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r6 = socket$inet_udp(0x2, 0x2, 0x0) syz_emit_vhci(&(0x7f0000001a00)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_ext_features={{0x23, 0xd}, {0xff, 0xc9, 0xff, 0xfd, "000023ff0f2500"}}}, 0x10) r7 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r7, &(0x7f0000000140)={0xa, 0xe22, 0x0, @loopback={0xff00000000000000}}, 0x1c) connect$inet6(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000200)={@broadcast, @dev, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x8, 0x11, 0x0, @private2, @mcast2, {[], {0x0, 0xe22, 0x8}}}}}}, 0x0) setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000440)='wlan0\x00', 0x10) 0s ago: executing program 3 (id=1910): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave']) chdir(&(0x7f0000000140)='./file0\x00') creat(&(0x7f00000003c0)='./bus\x00', 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14103e, 0x0) r2 = open(&(0x7f00000004c0)='./bus\x00', 0x143042, 0x0) mlockall(0x2) ftruncate(r2, 0x2008002) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) kernel console output (not intermixed with test programs): ng): left promiscuous mode [ 245.567763][ T1096] team0 (unregistering): Port device team_slave_1 removed [ 245.756717][ T1096] team_slave_0 (unregistering): left promiscuous mode [ 245.764063][ T1096] team0 (unregistering): Port device team_slave_0 removed [ 246.971409][ T9909] team0: Port device team_slave_1 added [ 247.165970][ T9909] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 247.168980][ T9909] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 247.179708][ T9909] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 247.188596][ T9909] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 247.191665][ T9909] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 247.226057][ T5197] Bluetooth: hci2: command tx timeout [ 247.228143][ T9909] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 247.280478][T10018] loop3: detected capacity change from 0 to 4096 [ 247.284734][T10018] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 247.335409][ T9909] hsr_slave_0: entered promiscuous mode [ 247.340284][ T9909] hsr_slave_1: entered promiscuous mode [ 247.560933][T10029] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1361'. [ 247.908445][T10024] loop1: detected capacity change from 0 to 65536 [ 247.958069][T10024] XFS (loop1): Mounting V5 Filesystem 4194cad6-cad4-4798-ac4c-c2118f686eb1 [ 248.021808][T10037] loop3: detected capacity change from 0 to 32768 [ 248.050832][T10024] XFS (loop1): Ending clean mount [ 248.092754][T10037] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 248.151086][T10037] XFS (loop3): Ending clean mount [ 248.152359][ T9909] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 248.171541][ T9909] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 248.178521][ T9909] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 248.191734][ T9909] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 248.308536][ T9135] XFS (loop1): Unmounting Filesystem 4194cad6-cad4-4798-ac4c-c2118f686eb1 [ 248.314132][T10037] loop3: detected capacity change from 32768 to 0 [ 248.320595][ C3] I/O error, dev loop3, sector 8776 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 248.321747][ T9909] 8021q: adding VLAN 0 to HW filter on device bond0 [ 248.351770][T10064] loop0: detected capacity change from 0 to 2048 [ 248.355130][ T9909] 8021q: adding VLAN 0 to HW filter on device team0 [ 248.365298][T10064] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 248.404451][ T7228] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.407272][ T7228] bridge0: port 1(bridge_slave_0) entered forwarding state [ 248.421259][ T7228] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.424562][ T7228] bridge0: port 2(bridge_slave_1) entered forwarding state [ 248.455739][ T1389] kworker/0:2: attempt to access beyond end of device [ 248.455739][ T1389] loop3: rw=4096, sector=1, nr_sectors = 1 limit=0 [ 248.507968][T10064] UDF-fs: error (device loop0): udf_read_inode: (ino 1347) failed !bh [ 248.509531][ T1389] XFS (loop3): metadata I/O error in "xfs_read_agf+0x2bd/0x590" at daddr 0x1 len 1 error 5 [ 248.544625][ T1389] kworker/0:2: attempt to access beyond end of device [ 248.544625][ T1389] loop3: rw=432129, sector=128, nr_sectors = 16 limit=0 [ 248.576099][ T6984] XFS (loop3): log I/O error -5 [ 248.605568][ T1389] XFS (loop3): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x414/0x990 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 248.617120][ T1389] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 248.785719][T10078] Illegal XDP return value 457286720 on prog (id 193) dev N/A, expect packet loss! [ 248.903191][T10086] netlink: 'syz.0.1368': attribute type 9 has an invalid length. [ 248.906003][T10086] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1368'. [ 248.939811][ T9254] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 248.972954][ T9909] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 249.181965][ T1087] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.205287][T10099] mmap: syz.1.1374 (10099) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 249.215761][T10089] netlink: 'syz.0.1368': attribute type 9 has an invalid length. [ 249.222604][T10089] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1368'. [ 249.306542][T10099] loop1: detected capacity change from 0 to 1024 [ 249.311056][ T5197] Bluetooth: hci2: command tx timeout [ 249.321209][ T1087] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.323108][T10099] EXT4-fs (loop1): stripe (205) is not aligned with cluster size (16), stripe is disabled [ 249.398429][ T5202] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 249.401327][ T9909] veth0_vlan: entered promiscuous mode [ 249.407372][ T5202] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 249.419003][ T5202] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 249.421217][ T9909] veth1_vlan: entered promiscuous mode [ 249.424979][ T5202] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 249.428666][ T5202] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 249.431990][ T5202] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 249.443386][T10099] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 249.491170][ T1087] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.567823][ T9909] veth0_macvtap: entered promiscuous mode [ 249.632513][ T1087] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.642833][ T9909] veth1_macvtap: entered promiscuous mode [ 249.679624][ T9909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 249.683189][ T9909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.694081][ T9909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 249.704229][ T9909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.714071][ T9909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 249.718710][ T9909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.723097][ T9909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 249.732274][ T9909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.738804][ T9909] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 249.760036][ T9909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 249.765761][ T9909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.770177][ T9909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 249.775434][ T9909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.780258][ T9909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 249.785511][ T9909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.790241][ T9909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 249.795811][ T9909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.802288][ T9909] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 249.897248][ T9909] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.900925][ T9909] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.904348][ T9909] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.908702][ T9909] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.960576][ T1087] team0: left allmulticast mode [ 249.962978][ T1087] team_slave_0: left allmulticast mode [ 249.967718][ T1087] team_slave_1: left allmulticast mode [ 249.970388][ T1087] bridge0: port 3(team0) entered disabled state [ 249.979291][ T1087] bridge_slave_1: left allmulticast mode [ 249.981854][ T1087] bridge_slave_1: left promiscuous mode [ 249.984525][ T1087] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.997731][ T1087] bridge_slave_0: left allmulticast mode [ 250.000183][ T1087] bridge_slave_0: left promiscuous mode [ 250.002705][ T1087] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.027589][ T9135] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 250.586622][ T1087] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 250.593320][ T1087] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 250.600739][ T1087] bond0 (unregistering): Released all slaves [ 250.652562][T10103] chnl_net:caif_netlink_parms(): no params data found [ 250.765931][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 250.770394][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 250.898895][T10103] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.901590][T10103] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.905000][T10103] bridge_slave_0: entered allmulticast mode [ 250.908879][T10103] bridge_slave_0: entered promiscuous mode [ 250.921798][ T5356] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 250.925414][ T5356] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 250.930963][T10103] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.933751][T10103] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.936709][T10103] bridge_slave_1: entered allmulticast mode [ 250.948647][T10103] bridge_slave_1: entered promiscuous mode [ 251.052774][T10103] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 251.069280][T10103] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 251.142148][T10134] netlink: 'syz.1.1381': attribute type 6 has an invalid length. [ 251.146584][T10134] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1381'. [ 251.221621][T10103] team0: Port device team_slave_0 added [ 251.232957][T10103] team0: Port device team_slave_1 added [ 251.327336][T10130] loop2: detected capacity change from 0 to 32768 [ 251.359716][ T1087] hsr_slave_0: left promiscuous mode [ 251.363972][ T1087] hsr_slave_1: left promiscuous mode [ 251.385271][ T1087] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 251.388581][ T1087] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 251.399476][ T1087] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 251.402846][ T1087] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 251.412495][ T39] audit: type=1804 audit(1719407934.982:75): pid=10130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1331" name="/syzkaller.JnsI9j/0/file0/rdma.current" dev="loop2" ino=11 res=1 errno=0 [ 251.445960][ T1087] veth1_macvtap: left promiscuous mode [ 251.448043][ T1087] veth0_macvtap: left promiscuous mode [ 251.450147][ T1087] veth1_vlan: left promiscuous mode [ 251.452079][ T1087] veth0_vlan: left promiscuous mode [ 251.469767][ T5202] Bluetooth: hci1: command tx timeout [ 251.619000][T10144] netlink: 'syz.2.1386': attribute type 9 has an invalid length. [ 251.621818][T10144] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1386'. [ 253.058601][ T1087] team_slave_1 (unregistering): left promiscuous mode [ 253.069487][ T1087] team0 (unregistering): Port device team_slave_1 removed [ 253.248202][ T1087] team_slave_0 (unregistering): left promiscuous mode [ 253.254281][ T1087] team0 (unregistering): Port device team_slave_0 removed [ 253.566111][ T5202] Bluetooth: hci1: command tx timeout [ 254.581097][T10103] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 254.584197][T10103] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 254.594737][T10103] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 254.648112][T10103] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 254.656190][T10103] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 254.672670][T10103] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 254.706089][T10145] netlink: 'syz.2.1386': attribute type 9 has an invalid length. [ 254.712418][T10145] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1386'. [ 254.780859][T10158] loop1: detected capacity change from 0 to 256 [ 254.844064][T10103] hsr_slave_0: entered promiscuous mode [ 254.848155][T10103] hsr_slave_1: entered promiscuous mode [ 254.865364][T10103] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 254.868880][T10103] Cannot create hsr debugfs directory [ 254.940814][T10152] netlink: 'syz.0.1389': attribute type 6 has an invalid length. [ 254.946077][T10152] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1389'. [ 255.275904][T10182] loop2: detected capacity change from 0 to 256 [ 255.355489][T10184] netlink: 'syz.0.1401': attribute type 9 has an invalid length. [ 255.361700][T10184] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1401'. [ 255.449952][T10184] netlink: 'syz.0.1401': attribute type 9 has an invalid length. [ 255.458515][T10184] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1401'. [ 255.642277][ T5202] Bluetooth: hci1: command tx timeout [ 255.863076][T10208] loop2: detected capacity change from 0 to 256 [ 255.885839][ T1353] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.888755][ T1353] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.987989][T10103] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 256.035699][T10103] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 256.045302][T10103] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 256.067337][T10103] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 256.106030][T10222] loop2: detected capacity change from 0 to 2048 [ 256.156559][T10222] loop2: p2 p3 p7 [ 256.237303][T10222] Bluetooth: MGMT ver 1.22 [ 256.237938][T10103] 8021q: adding VLAN 0 to HW filter on device bond0 [ 256.253114][T10222] loop2: detected capacity change from 0 to 512 [ 256.262888][T10103] 8021q: adding VLAN 0 to HW filter on device team0 [ 256.274805][ T815] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.278305][ T815] bridge0: port 1(bridge_slave_0) entered forwarding state [ 256.283648][ T9791] udevd[9791]: inotify_add_watch(7, /dev/loop2p7, 10) failed: No such file or directory [ 256.285939][ T9320] udevd[9320]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 256.286095][ T9929] udevd[9929]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 256.308649][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.311813][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 256.340413][ T9929] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 256.364377][T10103] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 256.419433][T10222] loop2: detected capacity change from 0 to 1764 [ 256.630649][T10103] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 256.671821][T10251] loop0: detected capacity change from 0 to 2048 [ 256.691284][T10251] NILFS (loop0): invalid segment: Sequence number mismatch [ 256.693934][T10103] veth0_vlan: entered promiscuous mode [ 256.694787][T10251] NILFS (loop0): trying rollback from an earlier position [ 256.708009][ T5248] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 256.708136][T10103] veth1_vlan: entered promiscuous mode [ 256.712161][T10251] NILFS (loop0): recovery complete [ 256.726646][T10252] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 256.751455][T10103] veth0_macvtap: entered promiscuous mode [ 256.760007][T10103] veth1_macvtap: entered promiscuous mode [ 256.783166][T10103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 256.788312][T10103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.792642][T10103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 256.797440][T10103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.802054][T10103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 256.806950][T10103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.811421][T10103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 256.816496][T10103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.834801][T10103] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 256.846911][T10103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 256.851488][T10103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.856934][T10103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 256.861762][T10103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.866395][T10103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 256.870704][T10103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.877923][T10103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 256.882309][T10103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.896406][ T5248] usb 7-1: Using ep0 maxpacket: 8 [ 256.896969][T10103] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 256.900885][ T5248] usb 7-1: config 0 has no interfaces? [ 256.904657][ T5248] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 256.905093][T10103] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.910605][ T5248] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 256.923388][T10103] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.927551][T10103] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.931394][T10103] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.932609][ T5248] usb 7-1: SerialNumber: syz [ 256.940859][T10254] loop1: detected capacity change from 0 to 256 [ 256.946811][ T5248] usb 7-1: config 0 descriptor?? [ 257.025145][ T5360] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 257.028629][ T5360] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 257.080257][ T5343] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 257.084302][ T5343] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 257.176759][ T5248] usb 7-1: USB disconnect, device number 3 [ 257.372700][T10270] loop3: detected capacity change from 0 to 256 [ 257.376731][T10270] exfat: Deprecated parameter 'namecase' [ 257.430977][T10270] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 257.465723][T10268] loop1: detected capacity change from 0 to 1024 [ 257.481156][T10268] EXT4-fs (loop1): stripe (205) is not aligned with cluster size (16), stripe is disabled [ 257.504398][T10268] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 257.730676][ T5202] Bluetooth: hci1: command tx timeout [ 257.898220][T10291] loop2: detected capacity change from 0 to 2048 [ 257.920549][T10291] NILFS (loop2): invalid segment: Sequence number mismatch [ 257.929304][T10291] NILFS (loop2): trying rollback from an earlier position [ 257.956828][T10291] NILFS (loop2): recovery complete [ 257.964292][T10297] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 258.047883][T10299] loop0: detected capacity change from 0 to 256 [ 258.058680][T10299] exfat: Deprecated parameter 'namecase' [ 258.072741][T10299] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 258.261202][ T9135] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 258.365936][T10312] loop3: detected capacity change from 0 to 2048 [ 258.424180][T10312] loop3: p2 p3 p7 [ 258.590884][T10312] loop3: detected capacity change from 0 to 1024 [ 258.639743][ T5197] Bluetooth: hci3: unexpected cc 0x2002 length: 1 < 4 [ 258.646857][T10312] loop3: detected capacity change from 0 to 512 [ 258.693516][T10328] loop2: detected capacity change from 0 to 8192 [ 258.710516][ T9929] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 258.860496][T10312] loop3: detected capacity change from 0 to 1764 [ 258.921938][ T9320] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 259.056117][ T5197] Bluetooth: hci0: unexpected cc 0x2002 length: 1 < 4 [ 259.252780][ T815] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 259.318462][T10362] loop0: detected capacity change from 0 to 8192 [ 259.347942][T10370] syz.1.1470[10370] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 259.348035][T10370] syz.1.1470[10370] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 259.362830][T10370] syz.1.1470[10370] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 259.364078][T10372] loop2: detected capacity change from 0 to 16 [ 259.367757][T10370] syz.1.1470[10370] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 259.376546][T10372] erofs: (device loop2): mounted with root inode @ nid 36. [ 259.392553][T10372] erofs: (device loop2): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36 [ 259.404842][T10372] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 259.410410][T10372] erofs: (device loop2): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36 [ 259.416884][T10372] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 259.452813][ T815] usb 8-1: Using ep0 maxpacket: 8 [ 259.499427][ T815] usb 8-1: config 0 has no interfaces? [ 259.505965][ T815] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 259.511399][ T815] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 259.515686][ T815] usb 8-1: SerialNumber: syz [ 259.523606][ T815] usb 8-1: config 0 descriptor?? [ 259.783430][ T5879] usb 8-1: USB disconnect, device number 7 [ 260.078044][ T5197] Bluetooth: hci3: unexpected cc 0x2002 length: 1 < 4 [ 260.309783][T10409] loop0: detected capacity change from 0 to 1024 [ 260.313602][T10409] EXT4-fs: Ignoring removed orlov option [ 260.324765][T10409] EXT4-fs: Ignoring removed nomblk_io_submit option [ 260.368432][T10409] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 260.456022][ T5202] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 260.460104][ T5194] Bluetooth: hci2: command 0x206a tx timeout [ 260.464494][ T5202] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 260.515623][ T9379] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 260.583889][T10420] input: syz1 as /devices/virtual/input/input9 [ 260.729155][T10430] loop2: detected capacity change from 0 to 2048 [ 260.777846][T10430] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 260.798166][T10430] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 260.803406][T10432] loop0: detected capacity change from 0 to 2048 [ 260.845457][T10436] loop1: detected capacity change from 0 to 1024 [ 260.852508][T10436] EXT4-fs: Ignoring removed orlov option [ 260.854696][T10436] EXT4-fs: Ignoring removed nomblk_io_submit option [ 260.871680][T10436] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 260.929458][T10432] loop0: p2 p3 p7 [ 260.970148][ T4699] loop0: p2 p3 p7 [ 261.070553][ T9320] udevd[9320]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 261.076114][ T9791] udevd[9791]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory [ 261.079562][ T9929] udevd[9929]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 261.114295][ T9791] udevd[9791]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory [ 261.114479][ T9929] udevd[9929]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 261.119955][ T9320] udevd[9320]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 261.132798][ T9135] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 261.133359][T10432] loop0: detected capacity change from 0 to 512 [ 261.245390][T10432] loop0: detected capacity change from 0 to 1764 [ 261.287224][T10441] UDF-fs: error (device loop2): udf_verify_fi: directory (ino 1376) has entry at pos 0 with incorrect tag 107 [ 261.313397][T10441] UDF-fs: error (device loop2): udf_verify_fi: directory (ino 1376) has entry at pos 0 with incorrect tag 107 [ 261.332635][ T9929] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 261.340346][T10451] input: syz1 as /devices/virtual/input/input10 [ 261.598817][ T5356] kworker/u32:18: attempt to access beyond end of device [ 261.598817][ T5356] loop2: rw=1, sector=3635, nr_sectors = 464 limit=2048 [ 261.622041][ T5356] kworker/u32:18: attempt to access beyond end of device [ 261.622041][ T5356] loop2: rw=1, sector=4100, nr_sectors = 5112 limit=2048 [ 261.668711][ T5250] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 261.859157][ T5250] usb 5-1: Using ep0 maxpacket: 8 [ 261.862970][ T5250] usb 5-1: config 0 has no interfaces? [ 261.865826][ T5250] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 261.869449][ T5250] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 261.873415][ T5250] usb 5-1: SerialNumber: syz [ 261.884828][ T5250] usb 5-1: config 0 descriptor?? [ 261.936432][T10461] loop2: detected capacity change from 0 to 128 [ 261.951263][T10461] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 261.961471][T10461] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 262.105005][T10446] loop3: detected capacity change from 0 to 131072 [ 262.131616][ T815] usb 5-1: USB disconnect, device number 5 [ 262.142162][T10446] F2FS-fs (loop3): Found nat_bits in checkpoint [ 262.206807][T10446] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 262.221743][ T5194] Bluetooth: hci3: command 0x206a tx timeout [ 262.226983][ T5197] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 262.540966][ T5202] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 262.541456][ T5197] Bluetooth: hci2: command 0x206a tx timeout [ 262.705835][ T5197] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 262.710241][ T5197] Bluetooth: hci3: Injecting HCI hardware error event [ 262.719944][ T5202] Bluetooth: hci3: hardware error 0x00 [ 262.982464][T10486] loop3: detected capacity change from 0 to 32768 [ 263.004960][T10486] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1511 (10486) [ 263.021830][T10486] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 263.026878][T10486] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm [ 263.112598][ T5197] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 263.116222][ T5197] Bluetooth: hci0: Injecting HCI hardware error event [ 263.121050][ T5197] Bluetooth: hci0: hardware error 0x00 [ 263.127839][T10486] BTRFS info (device loop3): rebuilding free space tree [ 263.140424][T10486] BTRFS info (device loop3): disabling free space tree [ 263.143827][T10486] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 263.148070][T10486] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 263.211942][ T39] audit: type=1800 audit(1719407946.749:76): pid=10486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1511" name="bus" dev="loop3" ino=263 res=0 errno=0 [ 263.363334][T10103] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 263.480661][T10524] loop0: detected capacity change from 0 to 2048 [ 263.533635][T10524] loop0: p2 p3 p7 [ 263.621016][T10522] loop1: detected capacity change from 0 to 32768 [ 263.628104][T10522] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1525 (10522) [ 263.638824][T10522] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 263.643003][T10522] BTRFS info (device loop1): using sha256 (sha256-ni) checksum algorithm [ 263.660097][T10530] loop2: detected capacity change from 0 to 512 [ 263.661512][ T9929] udevd[9929]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 263.666499][T10522] BTRFS info (device loop1): using free-space-tree [ 263.671993][ T9320] udevd[9320]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 263.676627][T10530] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 1 not in group (block 0)! [ 263.679127][ T9791] udevd[9791]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory [ 263.688190][T10530] EXT4-fs (loop2): group descriptors corrupted! [ 263.751723][T10524] loop0: detected capacity change from 0 to 1764 [ 263.771215][T10547] netlink: 296 bytes leftover after parsing attributes in process `syz.2.1530'. [ 263.775624][T10522] BTRFS info (device loop1): rebuilding free space tree [ 263.830028][ T9320] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 263.884848][ T9135] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 264.165580][ T6887] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 264.307819][T10571] netlink: 296 bytes leftover after parsing attributes in process `syz.3.1539'. [ 264.375742][ T6887] usb 5-1: Using ep0 maxpacket: 8 [ 264.389678][ T6887] usb 5-1: config 0 has no interfaces? [ 264.396757][ T6887] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 264.400684][ T6887] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 264.404162][ T6887] usb 5-1: SerialNumber: syz [ 264.409256][ T6887] usb 5-1: config 0 descriptor?? [ 264.433096][T10577] loop3: detected capacity change from 0 to 512 [ 264.437613][T10577] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 1 not in group (block 0)! [ 264.441517][T10577] EXT4-fs (loop3): group descriptors corrupted! [ 264.512704][T10569] loop1: detected capacity change from 0 to 32768 [ 264.616271][ T9929] I/O error, dev loop1, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 264.633153][T10580] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 264.638345][T10580] overlayfs: failed to set xattr on upper [ 264.639129][ T5194] Bluetooth: hci2: command 0x206a tx timeout [ 264.640807][T10580] overlayfs: ...falling back to redirect_dir=nofollow. [ 264.648629][T10580] overlayfs: ...falling back to metacopy=off. [ 264.651355][T10580] overlayfs: ...falling back to index=off. [ 264.653779][T10580] overlayfs: ...falling back to uuid=null. [ 264.689567][ T6887] usb 5-1: USB disconnect, device number 6 [ 264.786831][ T5202] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 264.831186][T10580] overlay: Unknown parameter 'seclabel' [ 264.987265][T10569] loop1: detected capacity change from 0 to 32768 [ 265.142637][T10569] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=compression=lz4,noacl,nojournal_transaction_names [ 265.148305][T10569] bcachefs (loop1): recovering from clean shutdown, journal seq 7 [ 265.168768][T10569] bcachefs (loop1): alloc_read... done [ 265.171268][T10569] bcachefs (loop1): stripes_read... done [ 265.173754][T10569] bcachefs (loop1): snapshots_read... done [ 265.181303][T10569] bcachefs (loop1): journal_replay... done [ 265.183978][T10569] bcachefs (loop1): resume_logged_ops... done [ 265.186920][T10569] bcachefs (loop1): going read-write [ 265.198614][T10569] bcachefs (loop1): done starting filesystem [ 265.252416][ T9135] bcachefs (loop1): shutting down [ 265.254726][ T9135] bcachefs (loop1): going read-only [ 265.257093][ T9135] bcachefs (loop1): finished waiting for writes to stop [ 265.267541][ T9135] bcachefs (loop1): flushing journal and stopping allocators, journal seq 7 [ 265.268090][ T5197] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 265.272216][ T9135] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 7 [ 265.307345][ T9135] bcachefs (loop1): shutdown complete, journal seq 8 [ 265.315816][ T9135] bcachefs (loop1): marking filesystem clean [ 265.360080][ T9135] bcachefs (loop1): shutdown complete [ 265.627931][T10612] loop0: detected capacity change from 0 to 64 [ 265.903892][T10613] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 265.907443][T10613] overlayfs: failed to set xattr on upper [ 265.911273][T10613] overlayfs: ...falling back to redirect_dir=nofollow. [ 265.914410][T10613] overlayfs: ...falling back to metacopy=off. [ 265.949489][T10613] overlayfs: ...falling back to index=off. [ 265.952379][T10613] overlayfs: ...falling back to uuid=null. [ 265.958040][T10623] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 266.040770][T10613] overlay: Unknown parameter 'seclabel' [ 266.065945][T10631] loop0: detected capacity change from 0 to 1024 [ 266.097000][T10631] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 266.109379][ T39] audit: type=1800 audit(1719407949.631:77): pid=10631 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1559" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 266.121437][T10631] Trying to write to read-only block-device loop0 [ 266.154629][T10638] netlink: 216 bytes leftover after parsing attributes in process `syz.1.1562'. [ 266.158984][T10638] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1562'. [ 266.170568][T10631] loop0: detected capacity change from 1024 to 64 [ 266.217437][ T9379] EXT4-fs warning (device loop0): ext4_empty_dir:3089: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 266.228466][ T9379] EXT4-fs warning (device loop0): ext4_empty_dir:3089: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 266.235134][ T9379] EXT4-fs warning (device loop0): ext4_empty_dir:3089: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 266.242255][ T9379] EXT4-fs warning (device loop0): ext4_empty_dir:3089: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 266.249476][ T9379] EXT4-fs warning (device loop0): ext4_empty_dir:3089: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 266.256401][ T9379] EXT4-fs warning (device loop0): ext4_empty_dir:3089: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 266.263894][ T9379] EXT4-fs warning (device loop0): ext4_empty_dir:3089: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 266.272131][ T9379] EXT4-fs warning (device loop0): ext4_empty_dir:3089: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 266.278243][ T9379] EXT4-fs warning (device loop0): ext4_empty_dir:3089: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 266.286250][ T9379] EXT4-fs warning (device loop0): ext4_empty_dir:3089: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 266.583045][ T9379] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 266.607217][T10633] kmmpd-loop0: attempt to access beyond end of device [ 266.607217][T10633] loop0: rw=14337, sector=128, nr_sectors = 2 limit=64 [ 266.614913][T10633] Buffer I/O error on dev loop0, logical block 64, lost sync page write [ 266.702987][ T1086] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 266.804222][ T1086] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 266.886727][ T1086] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 266.981428][ T1086] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 267.128430][ T1086] bridge_slave_1: left allmulticast mode [ 267.130972][ T1086] bridge_slave_1: left promiscuous mode [ 267.133841][ T1086] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.143389][ T1086] bridge_slave_0: left allmulticast mode [ 267.146039][ T1086] bridge_slave_0: left promiscuous mode [ 267.148804][ T1086] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.665506][ T1086] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 267.672907][ T1086] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 267.680200][ T1086] bond0 (unregistering): Released all slaves [ 267.693081][ T1086] bond1 (unregistering): Released all slaves [ 268.115839][ T1086] hsr_slave_0: left promiscuous mode [ 268.118285][ T1086] hsr_slave_1: left promiscuous mode [ 268.121433][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 268.125176][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 268.128929][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 268.131835][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 268.180183][ T1086] veth1_macvtap: left promiscuous mode [ 268.182874][ T1086] veth0_macvtap: left promiscuous mode [ 268.186000][ T1086] veth1_vlan: left promiscuous mode [ 268.188817][ T1086] veth0_vlan: left promiscuous mode [ 269.711858][ T1086] team0 (unregistering): Port device team_slave_1 removed [ 269.915266][ T1086] team0 (unregistering): Port device team_slave_0 removed [ 273.388905][T10708] loop1: detected capacity change from 0 to 128 [ 273.515672][ T5202] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 273.525815][ T5202] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 273.537298][ T5202] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 273.544258][ T5202] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 273.549457][ T5202] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 273.552913][ T5202] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 273.678216][T10727] ebtables: wrong size: *len 168, entries_size 48, replsz 48 [ 273.710017][T10727] loop3: detected capacity change from 0 to 128 [ 273.905032][T10716] chnl_net:caif_netlink_parms(): no params data found [ 273.910648][T10740] loop1: detected capacity change from 0 to 512 [ 273.937592][T10740] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 1 not in group (block 0)! [ 273.951637][T10740] EXT4-fs (loop1): group descriptors corrupted! [ 274.055263][T10745] loop1: detected capacity change from 0 to 128 [ 274.080232][T10747] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 274.157236][T10716] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.163729][T10716] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.167031][T10716] bridge_slave_0: entered allmulticast mode [ 274.171600][T10716] bridge_slave_0: entered promiscuous mode [ 274.181950][T10716] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.184887][T10716] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.195310][T10716] bridge_slave_1: entered allmulticast mode [ 274.200751][T10716] bridge_slave_1: entered promiscuous mode [ 274.297431][T10716] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 274.313852][T10716] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 274.459477][T10716] team0: Port device team_slave_0 added [ 274.525448][ T5202] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 274.537985][ T5202] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 274.550751][ T5202] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 274.555840][T10716] team0: Port device team_slave_1 added [ 274.561716][ T5202] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 274.567250][ T5202] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 274.571337][ T5202] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 274.618647][T10760] loop3: detected capacity change from 0 to 128 [ 274.630369][T10760] befs: (loop3): invalid magic header [ 274.659379][T10716] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 274.665059][T10716] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 274.676760][T10716] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 274.681306][T10662] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 274.687963][T10716] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 274.696720][T10716] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 274.711103][T10716] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 274.905410][ T1086] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.969569][T10716] hsr_slave_0: entered promiscuous mode [ 274.973782][T10716] hsr_slave_1: entered promiscuous mode [ 274.981383][T10716] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 274.990395][T10716] Cannot create hsr debugfs directory [ 275.099497][ T1086] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.203011][ T1086] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.406116][ T1086] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.433273][T10761] chnl_net:caif_netlink_parms(): no params data found [ 275.621901][ T5197] Bluetooth: hci3: command tx timeout [ 275.799772][ T5202] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 275.810941][ T5202] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 275.818481][ T5202] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 275.826243][ T5202] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 275.831496][ T5202] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 275.836573][ T5202] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 275.878634][T10729] loop2: detected capacity change from 0 to 262144 [ 275.890053][T10729] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1576 (10729) [ 275.912198][T10729] BTRFS info (device loop2): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53 [ 275.925182][T10729] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 275.928913][T10729] BTRFS info (device loop2): using free-space-tree [ 275.979466][T10761] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.986469][T10761] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.989622][T10761] bridge_slave_0: entered allmulticast mode [ 275.993731][T10761] bridge_slave_0: entered promiscuous mode [ 276.006783][T10761] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.010222][T10761] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.016012][T10761] bridge_slave_1: entered allmulticast mode [ 276.019966][T10761] bridge_slave_1: entered promiscuous mode [ 276.178389][T10761] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 276.208452][T10761] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 276.266163][ T9909] BTRFS info (device loop2): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53 [ 276.320998][T10761] team0: Port device team_slave_0 added [ 276.340657][T10761] team0: Port device team_slave_1 added [ 276.479537][T10761] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 276.482737][T10761] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.503819][T10761] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 276.518282][T10761] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 276.532998][T10761] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.558259][T10761] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 276.653944][ T5197] Bluetooth: hci0: command tx timeout [ 276.739396][T10761] hsr_slave_0: entered promiscuous mode [ 276.752448][T10761] hsr_slave_1: entered promiscuous mode [ 276.761219][T10761] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 276.764703][T10761] Cannot create hsr debugfs directory [ 276.772967][T10785] chnl_net:caif_netlink_parms(): no params data found [ 277.009876][T10785] bridge0: port 1(bridge_slave_0) entered blocking state [ 277.013235][T10785] bridge0: port 1(bridge_slave_0) entered disabled state [ 277.018221][T10785] bridge_slave_0: entered allmulticast mode [ 277.022631][T10785] bridge_slave_0: entered promiscuous mode [ 277.042255][T10785] bridge0: port 2(bridge_slave_1) entered blocking state [ 277.046375][T10785] bridge0: port 2(bridge_slave_1) entered disabled state [ 277.049937][T10785] bridge_slave_1: entered allmulticast mode [ 277.053876][T10785] bridge_slave_1: entered promiscuous mode [ 277.230988][T10785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 277.399867][T10785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 277.478947][T10848] ebtables: wrong size: *len 168, entries_size 48, replsz 48 [ 277.500309][T10785] team0: Port device team_slave_0 added [ 277.507995][ T1086] bridge_slave_1: left allmulticast mode [ 277.510580][ T1086] bridge_slave_1: left promiscuous mode [ 277.513028][ T1086] bridge0: port 2(bridge_slave_1) entered disabled state [ 277.518849][T10848] loop2: detected capacity change from 0 to 128 [ 277.527461][ T1086] bridge_slave_0: left allmulticast mode [ 277.529719][ T1086] bridge_slave_0: left promiscuous mode [ 277.532442][ T1086] bridge0: port 1(bridge_slave_0) entered disabled state [ 277.700758][ T5197] Bluetooth: hci3: command tx timeout [ 277.936676][ T5197] Bluetooth: hci1: command tx timeout [ 278.085161][ T1086] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 278.103532][ T1086] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 278.112575][ T1086] bond0 (unregistering): Released all slaves [ 278.126215][T10785] team0: Port device team_slave_1 added [ 278.316220][T10785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 278.329388][T10785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 278.347093][T10785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 278.391922][T10785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 278.394319][T10785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 278.404570][T10785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 278.608351][T10785] hsr_slave_0: entered promiscuous mode [ 278.612197][T10785] hsr_slave_1: entered promiscuous mode [ 278.618518][T10785] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 278.622108][T10785] Cannot create hsr debugfs directory [ 278.738821][ T5197] Bluetooth: hci0: command tx timeout [ 278.740853][T10883] loop2: detected capacity change from 0 to 128 [ 278.745601][ T1086] hsr_slave_0: left promiscuous mode [ 278.750427][ T1086] hsr_slave_1: left promiscuous mode [ 278.754305][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 278.757688][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 278.763134][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 278.766667][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 278.829950][ T1086] veth1_macvtap: left promiscuous mode [ 278.832575][ T1086] veth0_macvtap: left promiscuous mode [ 278.835269][ T1086] veth1_vlan: left promiscuous mode [ 278.837859][ T1086] veth0_vlan: left promiscuous mode [ 278.953002][T10887] loop2: detected capacity change from 0 to 164 [ 279.017987][T10887] isofs_fill_super: root inode is not a directory. Corrupted media? [ 279.149710][T10887] loop2: detected capacity change from 0 to 512 [ 279.203252][T10662] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 279.222334][T10887] loop2: detected capacity change from 0 to 1024 [ 279.528848][T10887] hfsplus: xattr searching failed [ 279.557560][T10887] hfsplus: xattr searching failed [ 279.693016][T10887] hfsplus: b-tree write err: -5, ino 8 [ 279.780313][ T5197] Bluetooth: hci3: command tx timeout [ 280.020735][ T5197] Bluetooth: hci1: command tx timeout [ 280.248922][ T1096] hfsplus: b-tree write err: -5, ino 3 [ 280.490341][ T1086] team0 (unregistering): Port device team_slave_1 removed [ 280.570259][T10890] loop2: detected capacity change from 0 to 32768 [ 280.704849][ T1086] team0 (unregistering): Port device team_slave_0 removed [ 280.825898][ T5197] Bluetooth: hci0: command tx timeout [ 281.864294][ T5197] Bluetooth: hci3: command tx timeout [ 282.104946][ T5197] Bluetooth: hci1: command tx timeout [ 282.247909][T10898] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1601'. [ 282.442413][T10716] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 282.448547][T10716] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 282.467854][T10716] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 282.476736][T10716] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 282.725152][T10716] 8021q: adding VLAN 0 to HW filter on device bond0 [ 282.737373][T10917] loop2: detected capacity change from 0 to 16 [ 282.747521][T10917] erofs: (device loop2): mounted with root inode @ nid 36. [ 282.754346][T10716] 8021q: adding VLAN 0 to HW filter on device team0 [ 282.770374][T10917] erofs: (device loop2): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 282.779077][T10917] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 282.814286][ T5250] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.817243][ T5250] bridge0: port 1(bridge_slave_0) entered forwarding state [ 282.831964][ T5250] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.834469][ T5250] bridge0: port 2(bridge_slave_1) entered forwarding state [ 282.839380][T10917] erofs: (device loop2): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 282.844477][T10917] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 282.854055][T10917] erofs: (device loop2): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 282.858977][T10917] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 282.864088][T10917] erofs: (device loop2): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 282.869592][T10917] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 282.874562][T10917] erofs: (device loop2): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 282.879167][T10917] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 282.906846][ T5197] Bluetooth: hci0: command tx timeout [ 282.912838][ T1086] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.041940][ T1086] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.065013][T10716] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 283.092636][T10926] loop2: detected capacity change from 0 to 1024 [ 283.172191][ T1086] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.271680][ T1086] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.284309][T10761] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 283.310143][T10761] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 283.320234][T10761] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 283.330090][T10761] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 283.360373][T10716] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 283.558200][T10716] veth0_vlan: entered promiscuous mode [ 283.569244][ T1086] bridge_slave_1: left allmulticast mode [ 283.571920][ T1086] bridge_slave_1: left promiscuous mode [ 283.574690][ T1086] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.582439][ T1086] bridge_slave_0: left allmulticast mode [ 283.585044][ T1086] bridge_slave_0: left promiscuous mode [ 283.590366][ T1086] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.146494][ T1086] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 284.154682][ T1086] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 284.161766][ T1086] bond0 (unregistering): Released all slaves [ 284.188623][ T5197] Bluetooth: hci1: command tx timeout [ 284.209191][T10716] veth1_vlan: entered promiscuous mode [ 284.233274][T10761] 8021q: adding VLAN 0 to HW filter on device bond0 [ 284.249316][T10716] veth0_macvtap: entered promiscuous mode [ 284.271031][T10716] veth1_macvtap: entered promiscuous mode [ 284.295465][T10761] 8021q: adding VLAN 0 to HW filter on device team0 [ 284.376292][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.379461][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 284.458708][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.462147][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 284.488989][T10716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 284.495588][T10716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 284.499040][T10716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 284.503233][T10716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 284.506842][T10716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 284.518319][T10716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 284.526353][T10716] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 284.642887][T10716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 284.647433][T10716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 284.652388][T10716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 284.655791][T10965] loop2: detected capacity change from 0 to 1024 [ 284.657908][T10716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 284.665995][T10716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 284.671069][T10716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 284.676980][T10716] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 284.687068][T10716] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.692046][T10716] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.695898][T10716] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.700344][T10716] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.725994][T10965] hfsplus: bad catalog entry type [ 284.759485][ T1086] hsr_slave_0: left promiscuous mode [ 284.760679][ T1096] hfsplus: b-tree write err: -5, ino 4 [ 284.767635][ T1086] hsr_slave_1: left promiscuous mode [ 284.786395][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 284.790124][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 284.794430][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 284.797899][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 284.862507][ T1086] veth1_macvtap: left promiscuous mode [ 284.864831][ T1086] veth0_macvtap: left promiscuous mode [ 284.870018][ T1086] veth1_vlan: left promiscuous mode [ 284.872585][ T1086] veth0_vlan: left promiscuous mode [ 284.924341][T10971] program syz.2.1618 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 285.090363][T10977] loop2: detected capacity change from 0 to 1024 [ 286.900749][ T1086] team0 (unregistering): Port device team_slave_1 removed [ 287.187452][ T1086] team0 (unregistering): Port device team_slave_0 removed [ 288.949504][T10986] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1625'. [ 289.288574][ T5360] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 289.292014][ T5360] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 289.307573][T10785] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 289.314503][T10785] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 289.362497][T10785] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 289.400486][T10761] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 289.425834][T11004] loop2: detected capacity change from 0 to 1024 [ 289.435347][T10785] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 289.499851][ T5360] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 289.527638][ T5360] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 289.606141][T10761] veth0_vlan: entered promiscuous mode [ 289.618028][T10761] veth1_vlan: entered promiscuous mode [ 289.687201][T10761] veth0_macvtap: entered promiscuous mode [ 289.695504][T10761] veth1_macvtap: entered promiscuous mode [ 289.766964][T10761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 289.775288][T10761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 289.780136][T10761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 289.784522][T10761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 289.788902][T10761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 289.792542][T11015] loop2: detected capacity change from 0 to 256 [ 289.793062][T10761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 289.801339][T10761] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 289.826777][T10761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 289.833927][T10761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 289.838278][T10761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 289.843491][T10761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 289.847652][T10761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 289.852696][T10761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 289.859247][T10761] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 289.870611][T10785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 289.872098][T11015] FAT-fs (loop2): IO charset none not found [ 289.882569][T10761] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.886952][T10761] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.890727][T10761] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.904926][T10761] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.927808][T10785] 8021q: adding VLAN 0 to HW filter on device team0 [ 289.972815][ T6887] bridge0: port 1(bridge_slave_0) entered blocking state [ 289.976032][ T6887] bridge0: port 1(bridge_slave_0) entered forwarding state [ 289.998233][T11019] loop0: detected capacity change from 0 to 1024 [ 290.014279][ T55] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.017468][ T55] bridge0: port 2(bridge_slave_1) entered forwarding state [ 290.105027][ T1086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 290.108750][ T1086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 290.125616][T11019] loop0: detected capacity change from 0 to 256 [ 290.192175][ T1086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 290.197019][ T1086] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 290.201345][T10662] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 290.508089][T11031] loop1: detected capacity change from 0 to 1024 [ 290.520818][T10785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 290.553669][T11031] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 290.586772][T10785] veth0_vlan: entered promiscuous mode [ 290.597238][T10785] veth1_vlan: entered promiscuous mode [ 290.603354][ T39] audit: type=1800 audit(1719407974.081:78): pid=11031 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1634" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 290.621530][T11031] Trying to write to read-only block-device loop1 [ 290.643900][T10785] veth0_macvtap: entered promiscuous mode [ 290.650696][T10785] veth1_macvtap: entered promiscuous mode [ 290.668728][T10785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 290.670251][T11031] loop1: detected capacity change from 1024 to 64 [ 290.674782][T10785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.679300][T10785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 290.684922][T10785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.688993][T10785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 290.699268][T10785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.716938][T10785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 290.721612][T10785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.726672][T10785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 290.739043][T10785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 290.743499][T10785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.747542][T10785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 290.754500][T10785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.758800][T10785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 290.765932][T10761] EXT4-fs warning (device loop1): ext4_empty_dir:3089: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 290.775518][T10761] EXT4-fs warning (device loop1): ext4_empty_dir:3089: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 290.782205][T10761] EXT4-fs warning (device loop1): ext4_empty_dir:3089: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 290.788966][T10785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.805927][T10761] EXT4-fs warning (device loop1): ext4_empty_dir:3089: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 290.810590][T10785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 290.816365][T10761] EXT4-fs warning (device loop1): ext4_empty_dir:3089: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 290.816927][T11029] loop0: detected capacity change from 0 to 32768 [ 290.819523][T10785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.821766][T10785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 290.826587][T10761] EXT4-fs warning (device loop1): ext4_empty_dir:3089: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 290.834152][T10785] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.839655][T10761] EXT4-fs warning (device loop1): ext4_empty_dir:3089: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 290.843467][T10785] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.849428][T10761] EXT4-fs warning (device loop1): ext4_empty_dir:3089: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 290.858289][T10785] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.858734][T10761] EXT4-fs warning (device loop1): ext4_empty_dir:3089: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 290.868137][T10785] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.869294][T10761] EXT4-fs warning (device loop1): ext4_empty_dir:3089: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 291.058484][ T39] audit: type=1800 audit(1719407974.531:79): pid=11029 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1633" name="bus" dev="sda1" ino=2031 res=0 errno=0 [ 291.089154][ T39] audit: type=1800 audit(1719407974.551:80): pid=11029 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1633" name="bus" dev="sda1" ino=2031 res=0 errno=0 [ 291.108743][ T5360] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 291.113915][ T5360] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 291.136168][ T5360] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 291.140437][ T5360] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 291.150261][T11050] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 291.150459][ T39] audit: type=1804 audit(1719407974.630:81): pid=11052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1633" name="/syzkaller.pm3aO8/4/file0/bus" dev="sda1" ino=2031 res=1 errno=0 [ 291.191470][ T39] audit: type=1804 audit(1719407974.670:82): pid=11053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1633" name="/syzkaller.pm3aO8/4/file0/bus" dev="sda1" ino=2031 res=1 errno=0 [ 291.473576][ T39] audit: type=1800 audit(1719407974.950:83): pid=11052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1633" name="bus" dev="sda1" ino=2031 res=0 errno=0 [ 291.497277][ T39] audit: type=1800 audit(1719407974.960:84): pid=11053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1633" name="bus" dev="sda1" ino=2031 res=0 errno=0 [ 291.516319][ T35] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 291.703968][ T35] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 255, changing to 11 [ 291.708561][ T35] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 291.716602][ T35] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 291.723878][ T35] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 291.727489][ T35] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.746321][T11066] loop0: detected capacity change from 0 to 512 [ 291.749911][ T35] usb 8-1: config 0 descriptor?? [ 291.753082][T11055] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 291.814809][T10662] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 291.920308][T11071] loop2: detected capacity change from 0 to 2048 [ 291.984494][T11071] loop2: p2 < > p4 [ 291.987370][T11071] loop2: p4 size 8192 extends beyond EOD, truncated [ 292.176123][ T35] plantronics 0003:047F:FFFF.0007: unknown main item tag 0xd [ 292.181443][ T35] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 292.195716][ T35] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 292.222614][ T5249] usb 5-1: new low-speed USB device number 7 using dummy_hcd [ 292.446223][ T5249] usb 5-1: config index 0 descriptor too short (expected 1307, got 27) [ 292.450313][ T5249] usb 5-1: config 0 has an invalid interface number: 0 but max is -1 [ 292.457417][ T55] usb 8-1: USB disconnect, device number 8 [ 292.463056][ T5249] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 292.466720][ T5249] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 292.497058][ T5249] usb 5-1: string descriptor 0 read error: -22 [ 292.499467][ T5249] usb 5-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 292.502635][ T5249] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.513871][ T5249] usb 5-1: config 0 descriptor?? [ 292.517082][T11073] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 292.520957][ T5249] hub 5-1:0.0: bad descriptor, ignoring hub [ 292.526332][ T5249] hub 5-1:0.0: probe with driver hub failed with error -5 [ 292.533908][ T5249] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input12 [ 292.583426][ C3] usb_acecad 5-1:0.0: can't resubmit intr, dummy_hcd.0-1/input0, status -1 [ 292.619316][T11089] loop2: detected capacity change from 0 to 512 [ 292.642781][T11089] EXT4-fs (loop2): corrupt root inode, run e2fsck [ 292.653326][T11089] EXT4-fs (loop2): mount failed [ 292.753107][ T55] usb 5-1: USB disconnect, device number 7 [ 292.826491][T10761] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 292.855930][T11034] kmmpd-loop1: attempt to access beyond end of device [ 292.855930][T11034] loop1: rw=14337, sector=128, nr_sectors = 2 limit=64 [ 292.863449][T11034] Buffer I/O error on dev loop1, logical block 64, lost sync page write [ 292.915570][ T5360] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.055660][ T39] audit: type=1326 audit(1719407976.537:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11094 comm="syz.3.1660" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73d0579 code=0x0 [ 293.098317][T11092] loop2: detected capacity change from 0 to 32768 [ 293.124632][T11092] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 293.185573][T11092] XFS (loop2): Ending clean mount [ 293.185858][ T5202] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 293.193786][ T5202] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 293.198752][ T5202] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 293.199150][T11092] XFS (loop2): Quotacheck needed: Please wait. [ 293.202588][ T5202] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 293.210189][ T5202] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 293.213513][ T5202] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 293.319244][T11092] XFS (loop2): Quotacheck: Done. [ 293.418748][T11111] loop0: detected capacity change from 0 to 1024 [ 293.489454][T10662] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 293.530569][T11111] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1662'. [ 293.532411][T11105] chnl_net:caif_netlink_parms(): no params data found [ 293.597408][ T5360] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.651906][T11111] loop0: detected capacity change from 0 to 1764 [ 293.658180][ T9909] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 293.840859][ T5360] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.074610][ T5360] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.105970][T11128] loop0: detected capacity change from 0 to 256 [ 294.112527][T11105] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.126025][T11105] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.132945][T11105] bridge_slave_0: entered allmulticast mode [ 294.138079][T11105] bridge_slave_0: entered promiscuous mode [ 294.157979][T11105] bridge0: port 2(bridge_slave_1) entered blocking state [ 294.170073][T11105] bridge0: port 2(bridge_slave_1) entered disabled state [ 294.173553][T10662] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 294.174719][T11105] bridge_slave_1: entered allmulticast mode [ 294.195028][T11105] bridge_slave_1: entered promiscuous mode [ 294.273381][T11124] loop3: detected capacity change from 0 to 40427 [ 294.279849][T11124] F2FS-fs (loop3): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 294.283812][T11124] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 294.290805][T11124] F2FS-fs (loop3): invalid crc value [ 294.309413][T11124] F2FS-fs (loop3): Found nat_bits in checkpoint [ 294.346161][T11105] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 294.353714][T11124] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 294.357939][T11124] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 294.382162][T11105] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 294.508550][T11105] team0: Port device team_slave_0 added [ 294.542322][T11105] team0: Port device team_slave_1 added [ 294.705761][ T5360] bridge_slave_1: left allmulticast mode [ 294.708406][ T5360] bridge_slave_1: left promiscuous mode [ 294.711170][ T5360] bridge0: port 2(bridge_slave_1) entered disabled state [ 294.724935][ T5360] bridge_slave_0: left allmulticast mode [ 294.734384][ T5360] bridge_slave_0: left promiscuous mode [ 294.737162][ T5360] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.803999][T10993] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 294.870018][T11141] loop2: detected capacity change from 0 to 65536 [ 294.925392][T11145] loop3: detected capacity change from 0 to 32768 [ 294.937074][T11145] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1673 (11145) [ 294.946271][T11141] XFS (loop2): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 294.954416][T11145] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 294.959072][T11145] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm [ 294.962791][T11145] BTRFS info (device loop3): using free-space-tree [ 294.999461][T11141] XFS (loop2): Ending clean mount [ 295.000484][T10993] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 295.002853][T11141] XFS (loop2): Quotacheck needed: Please wait. [ 295.007390][T10993] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 295.012167][T10993] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 295.029400][T10993] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 295.042773][T10993] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.050120][T10993] usb 5-1: config 0 descriptor?? [ 295.113137][T11141] XFS (loop2): Quotacheck: Done. [ 295.211805][ T39] audit: type=1800 audit(1719407978.684:86): pid=11145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1673" name="bus" dev="loop3" ino=263 res=0 errno=0 [ 295.227677][ T9909] XFS (loop2): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 295.242335][ T39] audit: type=1800 audit(1719407978.714:87): pid=11145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1673" name="bus" dev="loop3" ino=263 res=0 errno=0 [ 295.247679][ T5197] Bluetooth: hci0: command tx timeout [ 295.488305][T10993] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 295.491446][T10993] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 295.495246][T10993] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 295.521986][T10993] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 295.797341][ T5360] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 295.849173][ T5360] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 295.879287][ T5360] bond0 (unregistering): Released all slaves [ 295.895505][T11179] loop2: detected capacity change from 0 to 128 [ 295.916086][T11105] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 295.919551][T11105] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 295.946047][T11105] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 295.959680][T11105] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 295.979619][T11105] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 296.018305][T11105] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 296.277180][ T39] kauditd_printk_skb: 2 callbacks suppressed [ 296.277196][ T39] audit: type=1800 audit(1719407979.742:90): pid=11170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1673" name="bus" dev="loop3" ino=263 res=0 errno=0 [ 296.318027][ T39] audit: type=1800 audit(1719407979.762:91): pid=11171 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1673" name="bus" dev="loop3" ino=263 res=0 errno=0 [ 296.487872][T11105] hsr_slave_0: entered promiscuous mode [ 296.562175][T11105] hsr_slave_1: entered promiscuous mode [ 296.566671][T11105] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 296.573020][T11105] Cannot create hsr debugfs directory [ 296.592733][T10785] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 296.658000][T11184] loop2: detected capacity change from 0 to 1024 [ 296.831956][T11184] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 297.005545][T11184] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 297.037703][T11184] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (59422!=20869) [ 297.046279][T11180] usb 5-1: string descriptor 0 read error: -71 [ 297.065945][T11184] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 297.122847][T11184] journal_load_superblock: Cannot read journal superblock [ 297.125725][T11184] EXT4-fs (loop2): Could not load journal inode [ 297.334394][ T5197] Bluetooth: hci0: command tx timeout [ 297.355840][ T5360] hsr_slave_0: left promiscuous mode [ 297.396478][ T5360] hsr_slave_1: left promiscuous mode [ 297.439419][ T5360] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 297.442739][ T5360] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 297.459312][ T5360] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 297.483355][ T5360] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 297.574066][ T5360] veth1_macvtap: left promiscuous mode [ 297.586341][ T5360] veth0_macvtap: left promiscuous mode [ 297.588585][ T5360] veth1_vlan: left promiscuous mode [ 297.592948][ T5360] veth0_vlan: left promiscuous mode [ 297.646375][T11192] loop3: detected capacity change from 0 to 40427 [ 297.656747][T11192] F2FS-fs (loop3): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 297.660382][T11192] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 297.672416][T11192] F2FS-fs (loop3): invalid crc value [ 297.690764][T11192] F2FS-fs (loop3): Found nat_bits in checkpoint [ 297.748941][T11192] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 297.771312][T11192] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 297.896673][ T55] usb 5-1: USB disconnect, device number 8 [ 299.423725][ T5197] Bluetooth: hci0: command tx timeout [ 299.665154][ T5360] team0 (unregistering): Port device team_slave_1 removed [ 299.849616][ T5360] team0 (unregistering): Port device team_slave_0 removed [ 301.355146][T11201] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1682'. [ 301.359397][T11201] bridge0: port 2(bridge_slave_1) entered disabled state [ 301.362761][T11201] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.366120][T11201] bridge0: port 2(bridge_slave_1) entered forwarding state [ 301.377261][T11211] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1683'. [ 301.381095][T11211] netlink: 'syz.3.1683': attribute type 13 has an invalid length. [ 301.387061][T11211] netlink: 'syz.3.1683': attribute type 12 has an invalid length. [ 301.435873][T11211] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 301.441152][T11211] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 301.444955][T11211] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 301.449722][T11211] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 301.469139][T11211] vxlan0: entered promiscuous mode [ 301.496960][ T5197] Bluetooth: hci0: command tx timeout [ 301.643318][T11227] loop2: detected capacity change from 0 to 256 [ 301.693788][T11227] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 302.376666][T11252] loop2: detected capacity change from 0 to 32768 [ 302.572604][T11105] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 302.592382][T11105] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 302.601365][T11252] bcachefs (loop2): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names [ 302.610182][T11252] bcachefs (loop2): recovering from clean shutdown, journal seq 10 [ 302.612041][T11105] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 302.631710][T11105] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 302.653169][T11252] bcachefs (loop2): alloc_read... done [ 302.655722][T11252] bcachefs (loop2): stripes_read... done [ 302.658131][T11252] bcachefs (loop2): snapshots_read... done [ 302.673314][T11252] bcachefs (loop2): journal_replay... done [ 302.675920][T11252] bcachefs (loop2): resume_logged_ops... done [ 302.684573][T11252] bcachefs (loop2): going read-write [ 302.689430][T11252] bcachefs (loop2): done starting filesystem [ 302.823287][T11105] 8021q: adding VLAN 0 to HW filter on device bond0 [ 302.861772][T11105] 8021q: adding VLAN 0 to HW filter on device team0 [ 302.896390][ T6887] bridge0: port 1(bridge_slave_0) entered blocking state [ 302.900608][ T6887] bridge0: port 1(bridge_slave_0) entered forwarding state [ 302.923598][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 302.926868][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 302.953883][ T9909] bcachefs (loop2): shutting down [ 302.956492][ T9909] bcachefs (loop2): going read-only [ 302.963203][ T9909] bcachefs (loop2): finished waiting for writes to stop [ 302.986214][ T9909] bcachefs (loop2): flushing journal and stopping allocators, journal seq 12 [ 303.024147][ T9909] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 15 [ 303.061370][ T9909] bcachefs (loop2): shutdown complete, journal seq 16 [ 303.065609][ T9909] bcachefs (loop2): marking filesystem clean [ 303.150715][ T58] IPVS: starting estimator thread 0... [ 303.182224][ T9909] bcachefs (loop2): shutdown complete [ 303.254828][T11308] IPVS: using max 20 ests per chain, 48000 per kthread [ 303.263147][T11105] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 303.329420][ T5202] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 303.333724][ T5202] Bluetooth: Wrong link type (-22) [ 303.391824][T11105] veth0_vlan: entered promiscuous mode [ 303.407484][T11105] veth1_vlan: entered promiscuous mode [ 303.474323][T11105] veth0_macvtap: entered promiscuous mode [ 303.513912][T11105] veth1_macvtap: entered promiscuous mode [ 303.569188][T11105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 303.589637][T11105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.595735][T11105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 303.610840][T11105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.616976][T11326] loop3: detected capacity change from 0 to 512 [ 303.618573][T11105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 303.623502][T11326] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 303.659992][T11105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.665566][T11105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 303.667865][T11326] EXT4-fs (loop3): 1 truncate cleaned up [ 303.684033][T11105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.700515][T11326] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 303.711350][T11105] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 303.728374][T11105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 303.732069][T11326] EXT4-fs error (device loop3): ext4_generic_delete_entry:2675: inode #2: block 13: comm syz.3.1720: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 303.748005][T11105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.748025][T11105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 303.748039][T11105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.748054][T11105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 303.748066][T11105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.748078][T11105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 303.748090][T11105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.749989][T11105] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 303.757476][T11326] EXT4-fs error (device loop3) in ext4_delete_entry:2747: Corrupt filesystem [ 303.767678][T11331] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1711'. [ 303.780232][T11326] EXT4-fs warning (device loop3): ext4_rename_delete:3736: inode #2: comm syz.3.1720: Deleting old file: nlink 5, error=-117 [ 303.787361][T11105] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 303.811978][T11324] loop0: detected capacity change from 0 to 32768 [ 303.817517][T11324] bcachefs (/dev/loop0): error reading superblock: error opening /dev/loop0: EACCES [ 303.830083][T11105] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 303.835010][T11105] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 303.842095][T11105] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 303.975399][ T5343] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 303.979397][ T5343] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 304.054822][T11339] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1723'. [ 304.058233][ T1096] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 304.058875][T11339] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.062929][ T1096] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 304.080886][T11339] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.086049][T11339] bridge0: port 2(bridge_slave_1) entered forwarding state [ 304.111797][T10785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 304.384733][T11351] loop1: detected capacity change from 0 to 256 [ 304.442633][T11214] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 304.711767][T11360] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload [ 305.166588][T11376] netlink: 'syz.3.1738': attribute type 21 has an invalid length. [ 305.170409][T11376] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1738'. [ 305.175554][T11376] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1738'. [ 305.246473][ T5248] IPVS: starting estimator thread 0... [ 305.296076][T11383] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload [ 305.342868][T11381] IPVS: using max 19 ests per chain, 45600 per kthread [ 306.105857][ T5248] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 306.243767][ T39] audit: type=1800 audit(1719407989.708:92): pid=11437 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1765" name="/" dev="9p" ino=2 res=0 errno=0 [ 306.295699][ T5248] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 306.302065][ T5248] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 306.316334][ T5248] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 306.328680][ T5248] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 306.335004][ T5248] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.347960][ T5248] usb 6-1: config 0 descriptor?? [ 306.579418][T11450] usb usb8: usbfs: process 11450 (syz.3.1771) did not claim interface 0 before use [ 306.767337][T11456] loop3: detected capacity change from 0 to 512 [ 306.775513][T11456] EXT4-fs: Ignoring removed nobh option [ 306.799453][ T5248] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 306.813733][ T5248] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 306.826298][ T5248] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving [ 306.837117][T11456] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 306.842363][T11456] ext4 filesystem being mounted at /syzkaller.0BO2it/43/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 306.849199][ T5248] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 306.926633][T11456] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 306.988517][T11456] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 307.351555][T11472] usb usb8: usbfs: process 11472 (syz.0.1780) did not claim interface 0 before use [ 307.367339][T11474] sp0: Synchronizing with TNC [ 307.380487][T11473] [U] è [ 307.607857][T11487] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1786'. [ 307.642486][T11490] loop2: detected capacity change from 0 to 2048 [ 307.743718][T11490] loop2: p1 < > p3 p4 < > [ 307.756301][T11490] loop2: p3 start 4284289 is beyond EOD, truncated [ 307.813405][T11490] syz.2.1787: attempt to access beyond end of device [ 307.813405][T11490] loop2p4: rw=2048, sector=2, nr_sectors = 1 limit=1 [ 307.842087][T11490] hfsplus: unable to find HFS+ superblock [ 307.995141][T11501] autofs: Invalid gid [ 308.488945][T11479] usb 6-1: string descriptor 0 read error: -2 [ 308.527394][T10993] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 308.729282][T10993] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 255, changing to 11 [ 308.734489][T10993] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 308.745062][T10993] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 308.752650][T10993] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 308.759042][T10993] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 308.765141][T10993] usb 8-1: config 0 descriptor?? [ 308.770132][T11510] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 308.919495][T11522] autofs: Invalid gid [ 309.186373][T10993] plantronics 0003:047F:FFFF.000A: unknown main item tag 0xd [ 309.195015][T10993] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 309.202424][T10993] plantronics 0003:047F:FFFF.000A: hiddev1,hidraw2: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 309.312334][ T1389] usb 6-1: USB disconnect, device number 6 [ 309.347836][ T5202] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 309.353138][ T5202] Bluetooth: hci1: Injecting HCI hardware error event [ 309.360588][ T5202] Bluetooth: hci1: hardware error 0x00 [ 309.422139][ T5248] usb 8-1: USB disconnect, device number 9 [ 309.729598][T11539] loop1: detected capacity change from 0 to 8 [ 309.995853][T11543] loop3: detected capacity change from 0 to 256 [ 310.009150][T11543] exFAT-fs (loop3): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 310.247486][T11551] usb usb8: usbfs: process 11551 (syz.3.1816) did not claim interface 0 before use [ 310.300269][T11555] vivid-007: ================= START STATUS ================= [ 310.305979][T11555] vivid-007: Enable Output Cropping: true [ 310.312024][T11555] vivid-007: Enable Output Composing: true [ 310.314313][T11555] vivid-007: Enable Output Scaler: true [ 310.317012][T11555] vivid-007: Tx RGB Quantization Range: Automatic [ 310.320408][T11555] vivid-007: Transmit Mode: HDMI [ 310.322629][T11555] vivid-007: Display Present: true inactive [ 310.324905][T11555] vivid-007: Hotplug Present: 0x00000001 [ 310.327745][T11555] vivid-007: RxSense Present: 0x00000001 [ 310.331577][T11555] vivid-007: EDID Present: 0x00000001 [ 310.334922][T11555] vivid-007: ================== END STATUS ================== [ 310.654693][T11560] loop1: detected capacity change from 0 to 40427 [ 310.730155][T11214] I/O error, dev loop1, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 310.785306][T11564] loop3: detected capacity change from 0 to 32768 [ 310.790658][T11564] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1823 (11564) [ 310.800085][T11564] BTRFS info (device loop3): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 310.806093][T11564] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 310.811411][T11564] BTRFS info (device loop3): using free-space-tree [ 311.128398][T10785] BTRFS info (device loop3): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 311.293651][T11595] autofs: Invalid gid [ 311.516694][T11601] Bluetooth: MGMT ver 1.22 [ 311.520260][ T5202] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 311.769902][T11603] loop3: detected capacity change from 0 to 32768 [ 311.791861][T11603] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 311.815353][T11603] XFS (loop3): Ending clean mount [ 311.820469][T11603] XFS (loop3): Quotacheck needed: Please wait. [ 311.875368][T11603] XFS (loop3): Quotacheck: Done. [ 311.977721][T10785] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 312.501589][T11613] loop3: detected capacity change from 0 to 32768 [ 312.509013][T11613] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1836 (11613) [ 312.531679][T11613] BTRFS info (device loop3): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 312.535751][T11613] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 312.538987][T11613] BTRFS info (device loop3): using free-space-tree [ 312.750500][T10785] BTRFS info (device loop3): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 313.509114][T11641] loop3: detected capacity change from 0 to 32768 [ 313.514320][T11641] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1842 (11641) [ 313.523532][T11641] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 313.527990][T11641] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm [ 313.531579][T11641] BTRFS info (device loop3): using free-space-tree [ 313.582959][ T39] audit: type=1800 audit(1719407997.039:93): pid=11641 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1842" name="bus" dev="loop3" ino=263 res=0 errno=0 [ 313.592013][ T39] audit: type=1800 audit(1719407997.039:94): pid=11641 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1842" name="bus" dev="loop3" ino=263 res=0 errno=0 [ 313.660581][ T39] audit: type=1804 audit(1719407997.109:95): pid=11657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1842" name="/syzkaller.0BO2it/68/file0/bus" dev="loop3" ino=263 res=1 errno=0 [ 313.719786][ T39] audit: type=1804 audit(1719407997.169:96): pid=11658 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1842" name="/syzkaller.0BO2it/68/file0/bus" dev="loop3" ino=263 res=1 errno=0 [ 314.298858][ T39] audit: type=1800 audit(1719407997.748:97): pid=11657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1842" name="bus" dev="loop3" ino=263 res=0 errno=0 [ 314.316912][ T39] audit: type=1800 audit(1719407997.748:98): pid=11658 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1842" name="bus" dev="loop3" ino=263 res=0 errno=0 [ 314.636814][T10785] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 315.329664][T11670] loop3: detected capacity change from 0 to 32768 [ 315.335041][T11670] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1847 (11670) [ 315.346216][T11670] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 315.351666][T11670] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 315.356211][T11670] BTRFS info (device loop3): using free-space-tree [ 315.522773][T10785] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 316.346924][T11707] loop3: detected capacity change from 0 to 2048 [ 316.354273][T11707] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 316.362314][T11707] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 317.151287][T11711] loop3: detected capacity change from 0 to 256 [ 317.199042][T11711] FAT-fs (loop3): IO charset none not found [ 317.454998][ T1353] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.458269][ T1353] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.635267][T11723] netlink: 'syz.3.1862': attribute type 4 has an invalid length. [ 318.715079][ T5197] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 318.725540][ T5197] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 318.735512][ T5197] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 318.742367][ T5197] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 318.746695][ T5197] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 318.749894][ T5197] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 319.052393][T11724] chnl_net:caif_netlink_parms(): no params data found [ 319.149863][ T5343] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 319.202219][ T5197] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 319.219068][ T5197] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 319.225765][ T5197] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 319.233175][ T5197] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 319.237802][ T5197] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 319.242906][ T5197] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 319.402599][ T5343] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 319.541911][ T5343] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 319.554035][T11724] bridge0: port 1(bridge_slave_0) entered blocking state [ 319.558312][T11724] bridge0: port 1(bridge_slave_0) entered disabled state [ 319.562848][T11724] bridge_slave_0: entered allmulticast mode [ 319.572895][T11724] bridge_slave_0: entered promiscuous mode [ 319.583421][T11724] bridge0: port 2(bridge_slave_1) entered blocking state [ 319.587440][T11724] bridge0: port 2(bridge_slave_1) entered disabled state [ 319.593847][T11724] bridge_slave_1: entered allmulticast mode [ 319.601641][T11724] bridge_slave_1: entered promiscuous mode [ 319.682316][ T5343] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 319.744232][T11724] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 319.761486][T11724] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 319.896678][T11724] team0: Port device team_slave_0 added [ 319.918301][T11724] team0: Port device team_slave_1 added [ 320.120015][T11724] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 320.122955][T11724] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 320.146511][T11724] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 320.170478][T11724] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 320.174035][T11724] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 320.201258][T11724] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 320.211750][T11730] chnl_net:caif_netlink_parms(): no params data found [ 320.239504][ T5343] bridge_slave_1: left allmulticast mode [ 320.242140][ T5343] bridge_slave_1: left promiscuous mode [ 320.244663][ T5343] bridge0: port 2(bridge_slave_1) entered disabled state [ 320.257014][ T5343] bridge_slave_0: left allmulticast mode [ 320.259404][ T5343] bridge_slave_0: left promiscuous mode [ 320.262123][ T5343] bridge0: port 1(bridge_slave_0) entered disabled state [ 320.305796][T11742] loop3: detected capacity change from 0 to 40427 [ 320.313643][T11742] F2FS-fs (loop3): invalid crc value [ 320.331110][T11742] F2FS-fs (loop3): Found nat_bits in checkpoint [ 320.373594][T11742] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 320.412308][T10785] syz-executor: attempt to access beyond end of device [ 320.412308][T10785] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 320.419629][T10785] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 320.809416][ T5202] Bluetooth: hci2: command tx timeout [ 320.952232][ T5343] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 320.960981][ T5343] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 320.967949][ T5343] bond0 (unregistering): Released all slaves [ 320.979745][ T5343] bond1 (unregistering): Released all slaves [ 320.989490][ T5343] bond2 (unregistering): Released all slaves [ 320.998740][ T5343] bond3 (unregistering): Released all slaves [ 321.063933][T11749] sp0: Synchronizing with TNC [ 321.269374][T11724] hsr_slave_0: entered promiscuous mode [ 321.277240][T11724] hsr_slave_1: entered promiscuous mode [ 321.282418][T11724] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 321.285649][T11724] Cannot create hsr debugfs directory [ 321.290977][ T5202] Bluetooth: hci4: command tx timeout [ 321.625199][ T5197] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 321.635545][ T5197] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 321.640880][ T5197] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 321.647374][ T5197] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 321.652059][ T5197] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 321.658206][ T5197] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 321.706738][T11730] bridge0: port 1(bridge_slave_0) entered blocking state [ 321.709960][T11730] bridge0: port 1(bridge_slave_0) entered disabled state [ 321.713404][T11730] bridge_slave_0: entered allmulticast mode [ 321.716654][T11730] bridge_slave_0: entered promiscuous mode [ 321.852811][T11730] bridge0: port 2(bridge_slave_1) entered blocking state [ 321.856464][T11730] bridge0: port 2(bridge_slave_1) entered disabled state [ 321.859625][T11730] bridge_slave_1: entered allmulticast mode [ 321.872151][T11730] bridge_slave_1: entered promiscuous mode [ 321.875643][T11777] loop3: detected capacity change from 0 to 64 [ 322.021859][ T5343] hsr_slave_0: left promiscuous mode [ 322.025447][ T5343] hsr_slave_1: left promiscuous mode [ 322.029297][ T5343] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 322.036447][ T5343] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 322.042340][ T5343] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 322.046161][ T5343] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 322.110334][ T5343] veth1_macvtap: left promiscuous mode [ 322.113263][ T5343] veth0_macvtap: left promiscuous mode [ 322.116337][ T5343] veth1_vlan: left promiscuous mode [ 322.118956][ T5343] veth0_vlan: left promiscuous mode [ 322.404122][T11781] loop3: detected capacity change from 0 to 40427 [ 322.411360][T11781] F2FS-fs (loop3): invalid crc value [ 322.419964][T11781] F2FS-fs (loop3): Found nat_bits in checkpoint [ 322.460360][T11781] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 322.561555][T10785] syz-executor: attempt to access beyond end of device [ 322.561555][T10785] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 322.568760][T10785] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 322.892578][ T5197] Bluetooth: hci2: command tx timeout [ 323.035169][T11787] loop3: detected capacity change from 0 to 1024 [ 323.044467][T11787] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 323.057302][T11787] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 323.072792][T11787] JBD2: no valid journal superblock found [ 323.075637][T11787] EXT4-fs (loop3): Could not load journal inode [ 323.266669][T11787] loop3: detected capacity change from 0 to 512 [ 323.287647][T11787] EXT4-fs (sda1): changing journal_checksum during remount not supported; ignoring [ 323.293571][T11787] EXT4-fs (sda1): re-mounted 5941fea2-f5fa-4b4e-b5ef-9af118b27b95 r/w. Quota mode: writeback. [ 323.363128][ T5197] Bluetooth: hci4: command tx timeout [ 323.693556][ T5197] Bluetooth: hci0: command tx timeout [ 323.945911][T11790] loop3: detected capacity change from 0 to 256 [ 324.043828][T11790] FAT-fs (loop3): IO charset none not found [ 324.420399][ T5343] team0 (unregistering): Port device team_slave_1 removed [ 324.796310][ T5343] team0 (unregistering): Port device team_slave_0 removed [ 324.886863][T11793] netlink: 'syz.3.1880': attribute type 8 has an invalid length. [ 324.942565][T11793] netlink: zone id is out of range [ 324.952000][T11793] netlink: set zone limit has 4 unknown bytes [ 324.984742][ T5197] Bluetooth: hci2: command tx timeout [ 325.445935][ T5197] Bluetooth: hci4: command tx timeout [ 326.589560][ T5197] Bluetooth: hci0: command tx timeout [ 327.058402][ T5197] Bluetooth: hci2: command tx timeout [ 327.172209][ T39] audit: type=1800 audit(1719408010.595:99): pid=11802 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1882" name="bus" dev="sda1" ino=2039 res=0 errno=0 [ 327.197133][ T39] audit: type=1804 audit(1719408010.625:100): pid=11802 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1882" name="/syzkaller.0BO2it/105/bus" dev="sda1" ino=2039 res=1 errno=0 [ 327.534397][ T5197] Bluetooth: hci4: command tx timeout [ 327.799366][T11730] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 327.813063][T11730] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 327.945799][T11812] loop3: detected capacity change from 0 to 512 [ 327.973566][T11812] EXT4-fs error (device loop3): ext4_map_blocks:580: inode #2: block 3: comm syz.3.1884: lblock 0 mapped to illegal pblock 3 (length 1) [ 327.994419][T11812] EXT4-fs (loop3): Remounting filesystem read-only [ 327.997180][T11812] EXT4-fs warning (device loop3): dx_probe:822: inode #2: lblock 0: comm syz.3.1884: error -117 reading directory block [ 328.008267][T11812] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 328.013142][T11812] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 328.105380][T11730] team0: Port device team_slave_0 added [ 328.129684][T11730] team0: Port device team_slave_1 added [ 328.201778][T10785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 328.281612][T11730] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 328.285255][T11730] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 328.300334][T11730] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 328.422666][T11730] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 328.427712][T11730] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 328.443488][T11730] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 328.648344][ T5197] Bluetooth: hci0: command tx timeout [ 328.672556][T11730] hsr_slave_0: entered promiscuous mode [ 328.676574][T11730] hsr_slave_1: entered promiscuous mode [ 328.814218][T11766] chnl_net:caif_netlink_parms(): no params data found [ 328.927836][ T5343] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.140974][ T5343] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.295627][ T5343] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.350509][T11836] trusted_key: encrypted_key: keyword 'update' not allowed when called from .instantiate method [ 329.402154][T11724] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 329.459794][ T5343] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.473241][T11766] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.477247][T11766] bridge0: port 1(bridge_slave_0) entered disabled state [ 329.482100][T11766] bridge_slave_0: entered allmulticast mode [ 329.487007][T11766] bridge_slave_0: entered promiscuous mode [ 329.494837][T11766] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.503206][T11766] bridge0: port 2(bridge_slave_1) entered disabled state [ 329.507186][T11766] bridge_slave_1: entered allmulticast mode [ 329.515824][T11766] bridge_slave_1: entered promiscuous mode [ 329.530800][T11724] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 329.539698][T11724] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 329.615886][T11724] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 329.655080][ T39] audit: type=1804 audit(1719408013.082:101): pid=11840 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1892" name="/syzkaller.0BO2it/115/bus" dev="sda1" ino=2039 res=1 errno=0 [ 329.684460][ T39] audit: type=1804 audit(1719408013.112:102): pid=11840 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1892" name="/syzkaller.0BO2it/115/bus" dev="sda1" ino=2039 res=1 errno=0 [ 329.728144][T11730] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.776564][T11766] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 329.786296][T11766] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 329.878779][T11730] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.959847][T11766] team0: Port device team_slave_0 added [ 330.019417][T11730] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.034650][T11766] team0: Port device team_slave_1 added [ 330.218369][T11730] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.232648][T11766] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 330.235701][T11766] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 330.246997][T11766] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 330.261504][T11766] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 330.264181][T11766] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 330.274791][T11766] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 330.435244][T11766] hsr_slave_0: entered promiscuous mode [ 330.440701][T11766] hsr_slave_1: entered promiscuous mode [ 330.444942][T11766] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 330.454853][T11766] Cannot create hsr debugfs directory [ 330.527586][ T5343] bridge_slave_1: left allmulticast mode [ 330.531158][ T5343] bridge_slave_1: left promiscuous mode [ 330.534220][ T5343] bridge0: port 2(bridge_slave_1) entered disabled state [ 330.544839][ T5343] bridge_slave_0: left allmulticast mode [ 330.547432][ T5343] bridge_slave_0: left promiscuous mode [ 330.553855][ T5343] bridge0: port 1(bridge_slave_0) entered disabled state [ 330.561157][ T5343] bridge_slave_1: left allmulticast mode [ 330.563859][ T5343] bridge_slave_1: left promiscuous mode [ 330.566469][ T5343] bridge0: port 2(bridge_slave_1) entered disabled state [ 330.573842][ T5343] bridge_slave_0: left allmulticast mode [ 330.576465][ T5343] bridge_slave_0: left promiscuous mode [ 330.579120][ T5343] bridge0: port 1(bridge_slave_0) entered disabled state [ 330.593361][ T5343] bridge_slave_1: left allmulticast mode [ 330.596358][ T5343] bridge_slave_1: left promiscuous mode [ 330.599201][ T5343] bridge0: port 2(bridge_slave_1) entered disabled state [ 330.606180][ T5343] bridge_slave_0: left allmulticast mode [ 330.608723][ T5343] bridge_slave_0: left promiscuous mode [ 330.612455][ T5343] bridge0: port 1(bridge_slave_0) entered disabled state [ 330.740888][ T5197] Bluetooth: hci0: command tx timeout [ 331.011041][ T39] audit: type=1326 audit(1719408014.431:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11845 comm="syz.3.1894" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x7fc00000 [ 331.065461][ T39] audit: type=1326 audit(1719408014.491:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11845 comm="syz.3.1894" exe="/syz-executor" sig=0 arch=40000003 syscall=329 compat=1 ip=0xf73d0579 code=0x7fc00000 [ 331.099604][ T39] audit: type=1326 audit(1719408014.521:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11845 comm="syz.3.1894" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x7fc00000 [ 331.112967][ T39] audit: type=1326 audit(1719408014.521:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11845 comm="syz.3.1894" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x7fc00000 [ 331.123518][ T39] audit: type=1326 audit(1719408014.521:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11845 comm="syz.3.1894" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x7fc00000 [ 331.139168][ T39] audit: type=1326 audit(1719408014.521:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11845 comm="syz.3.1894" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x7fc00000 [ 331.974884][T11856] loop3: detected capacity change from 0 to 512 [ 331.985324][T11856] EXT4-fs error (device loop3): ext4_map_blocks:580: inode #2: block 3: comm syz.3.1898: lblock 0 mapped to illegal pblock 3 (length 1) [ 331.996261][T11856] EXT4-fs (loop3): Remounting filesystem read-only [ 331.999577][T11856] EXT4-fs warning (device loop3): dx_probe:822: inode #2: lblock 0: comm syz.3.1898: error -117 reading directory block [ 332.007177][T11856] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 332.012290][T11856] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 332.066400][T10785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 332.340290][ T5343] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 332.366072][ T5343] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 332.378194][ T5343] bond0 (unregistering): Released all slaves [ 332.619996][ T5343] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 332.627699][ T5343] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 332.635180][ T5343] bond0 (unregistering): Released all slaves [ 332.857877][ T5343] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 332.869644][ T5343] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 332.877826][ T5343] bond0 (unregistering): Released all slaves [ 333.385578][T11730] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 333.445141][T11730] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 333.462076][T11730] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 333.575899][T11730] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 333.604826][T11724] 8021q: adding VLAN 0 to HW filter on device bond0 [ 333.632448][T11724] 8021q: adding VLAN 0 to HW filter on device team0 [ 333.744015][T10993] bridge0: port 1(bridge_slave_0) entered blocking state [ 333.746825][T10993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 333.766113][ T1278] bridge0: port 2(bridge_slave_1) entered blocking state [ 333.768690][ T1278] bridge0: port 2(bridge_slave_1) entered forwarding state [ 333.907445][T11724] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 334.051569][T11730] 8021q: adding VLAN 0 to HW filter on device bond0 [ 334.074292][T11730] 8021q: adding VLAN 0 to HW filter on device team0 [ 334.094225][ T1278] bridge0: port 1(bridge_slave_0) entered blocking state [ 334.097147][ T1278] bridge0: port 1(bridge_slave_0) entered forwarding state [ 334.129414][ T6738] bridge0: port 2(bridge_slave_1) entered blocking state [ 334.133088][ T6738] bridge0: port 2(bridge_slave_1) entered forwarding state [ 334.220423][T11724] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 334.343060][T11766] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 334.355019][ T5343] hsr_slave_0: left promiscuous mode [ 334.358453][ T5343] hsr_slave_1: left promiscuous mode [ 334.362111][ T5343] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 334.366221][ T5343] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 334.369857][ T5343] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 334.372935][ T5343] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 334.398985][ T5343] hsr_slave_0: left promiscuous mode [ 334.411022][ T5343] hsr_slave_1: left promiscuous mode [ 334.421492][ T5343] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 334.426339][ T5343] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 334.431294][ T5343] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 334.435182][ T5343] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 334.447950][ T5343] hsr_slave_0: left promiscuous mode [ 334.451754][ T5343] hsr_slave_1: left promiscuous mode [ 334.461894][ T5343] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 334.465362][ T5343] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 334.473442][ T5343] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 334.476392][ T5343] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 334.661153][T11904] loop3: detected capacity change from 0 to 256 [ 334.669740][ T5343] veth1_macvtap: left promiscuous mode [ 334.672881][ T5343] veth0_macvtap: left promiscuous mode [ 334.676137][ T5343] veth1_vlan: left promiscuous mode [ 334.678628][ T5343] veth0_vlan: left promiscuous mode [ 334.700130][ T5343] veth1_macvtap: left promiscuous mode [ 334.705782][ T5343] veth0_macvtap: left promiscuous mode [ 334.708607][ T5343] veth1_vlan: left promiscuous mode [ 334.711226][ T5343] veth0_vlan: left promiscuous mode [ 334.728801][ T5343] veth1_macvtap: left promiscuous mode [ 334.731456][ T5343] veth0_macvtap: left promiscuous mode [ 334.734195][ T5343] veth1_vlan: left promiscuous mode [ 334.736236][ T5343] veth0_vlan: left promiscuous mode [ 334.794930][T11904] FAT-fs (loop3): IO charset none not found [ 335.771523][T11915] loop3: detected capacity change from 0 to 256 [ 337.189614][ T5343] team0 (unregistering): Port device team_slave_1 removed [ 337.466963][ T5343] team0 (unregistering): Port device team_slave_0 removed [ 337.657476][ T111] [ 337.659122][ T111] ====================================================== [ 337.663420][ T111] WARNING: possible circular locking dependency detected [ 337.669545][ T111] 6.10.0-rc5-syzkaller-00018-g55027e689933 #0 Not tainted [ 337.675209][ T111] ------------------------------------------------------ [ 337.678582][ T111] kswapd0/111 is trying to acquire lock: [ 337.681316][ T111] ffff888027cd0950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x10db/0x15e0 [ 337.685969][ T111] [ 337.685969][ T111] but task is already holding lock: [ 337.689384][ T111] ffffffff8dd3a040 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat+0x166/0x1970 [ 337.693105][ T111] [ 337.693105][ T111] which lock already depends on the new lock. [ 337.693105][ T111] SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 337.697735][ T111] [ 337.697735][ T111] the existing dependency chain (in reverse order) is: [ 337.701701][ T111] [ 337.701701][ T111] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 337.705285][ T111] fs_reclaim_acquire+0x102/0x160 [ 337.708133][ T111] __kmalloc_node_noprof+0xbb/0x450 [ 337.710565][ T111] kvmalloc_node_noprof+0x9d/0x1a0 [ 337.712949][ T111] ext4_xattr_inode_lookup_create+0x4e8/0x1910 [ 337.716117][ T111] ext4_xattr_block_set+0x77a/0x3090 [ 337.718596][ T111] ext4_expand_extra_isize_ea+0xf57/0x1990 [ 337.721288][ T111] __ext4_expand_extra_isize+0x322/0x450 [ 337.723620][ T111] __ext4_mark_inode_dirty+0x55a/0x890 [ 337.725915][ T111] ext4_dirty_inode+0xd9/0x130 [ 337.728275][ T111] __mark_inode_dirty+0x1f0/0xe70 [ 337.730504][ T111] generic_update_time+0xcf/0xf0 [ 337.732787][ T111] touch_atime+0x4ee/0x5d0 [ 337.734932][ T111] filemap_read+0xb2b/0xd10 [ 337.736944][ T111] generic_file_read_iter+0x350/0x460 [ 337.739336][ T111] ext4_file_read_iter+0x1dc/0x6c0 [ 337.742013][ T111] __kernel_read+0x3ec/0xb50 [ 337.744310][ T111] kernel_read+0x55/0x70 [ 337.746266][ T111] bprm_execve+0x61e/0x19b0 [ 337.748278][ T111] do_execveat_common.isra.0+0x5cb/0x750 [ 337.750473][ T111] __ia32_compat_sys_execve+0x90/0xc0 [ 337.752990][ T111] __do_fast_syscall_32+0x73/0x120 [ 337.755533][ T111] do_fast_syscall_32+0x32/0x80 [ 337.758046][ T111] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 337.761352][ T111] [ 337.761352][ T111] -> #1 (&ei->xattr_sem){++++}-{3:3}: [ 337.765002][ T111] down_write+0x3a/0x50 [ 337.767261][ T111] ext4_xattr_set_handle+0x156/0x16d0 [ 337.769873][ T111] __ext4_set_acl+0x366/0x5d0 [ 337.772182][ T111] ext4_set_acl+0x2a0/0x5a0 [ 337.774581][ T111] set_posix_acl+0x25c/0x320 [ 337.777170][ T111] vfs_remove_acl+0x2d1/0x660 [ 337.779765][ T111] ovl_workdir_create+0x4a5/0x820 [ 337.782558][ T111] ovl_fill_super+0xe60/0x6970 [ 337.785311][ T111] get_tree_nodev+0xda/0x190 [ 337.787423][ T111] vfs_get_tree+0x8f/0x380 [ 337.789540][ T111] path_mount+0x6e1/0x1f10 [ 337.791713][ T111] __ia32_sys_mount+0x295/0x320 [ 337.793827][ T111] __do_fast_syscall_32+0x73/0x120 [ 337.796057][ T111] do_fast_syscall_32+0x32/0x80 [ 337.797980][ T111] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 337.801469][ T111] [ 337.801469][ T111] -> #0 (jbd2_handle){++++}-{0:0}: [ 337.804856][ T111] __lock_acquire+0x2478/0x3b30 [ 337.807212][ T111] lock_acquire+0x1b1/0x560 [ 337.809331][ T111] start_this_handle+0x1101/0x15e0 [ 337.811390][ T111] jbd2__journal_start+0x394/0x6a0 [ 337.813338][ T111] __ext4_journal_start_sb+0x358/0x660 [ 337.815708][ T111] ext4_dirty_inode+0xa1/0x130 [ 337.818002][ T111] __mark_inode_dirty+0x1f0/0xe70 [ 337.820436][ T111] iput.part.0+0x5b/0x7f0 [ 337.822629][ T111] iput+0x5c/0x80 [ 337.824535][ T111] dentry_unlink_inode+0x295/0x480 [ 337.827141][ T111] __dentry_kill+0x1d0/0x600 [ 337.829218][ T111] shrink_dentry_list+0x140/0x5d0 [ 337.831351][ T111] prune_dcache_sb+0xeb/0x150 [ 337.833325][ T111] super_cache_scan+0x32a/0x550 [ 337.835423][ T111] do_shrink_slab+0x44f/0x11c0 [ 337.837447][ T111] shrink_slab+0xa87/0x1310 [ 337.839483][ T111] shrink_one+0x493/0x7c0 [ 337.841430][ T111] lru_gen_shrink_node+0x89f/0x1750 [ 337.843969][ T111] balance_pgdat+0x1105/0x1970 [ 337.846484][ T111] kswapd+0x5ea/0xbf0 [ 337.848583][ T111] kthread+0x2c1/0x3a0 [ 337.850401][ T111] ret_from_fork+0x45/0x80 [ 337.852369][ T111] ret_from_fork_asm+0x1a/0x30 [ 337.854190][ T111] [ 337.854190][ T111] other info that might help us debug this: [ 337.854190][ T111] [ 337.857709][ T111] Chain exists of: [ 337.857709][ T111] jbd2_handle --> &ei->xattr_sem --> fs_reclaim [ 337.857709][ T111] [ 337.862820][ T111] Possible unsafe locking scenario: [ 337.862820][ T111] [ 337.866557][ T111] CPU0 CPU1 [ 337.869363][ T111] ---- ---- [ 337.871700][ T111] lock(fs_reclaim); [ 337.873415][ T111] lock(&ei->xattr_sem); [ 337.876655][ T111] lock(fs_reclaim); [ 337.879429][ T111] rlock(jbd2_handle); [ 337.881271][ T111] [ 337.881271][ T111] *** DEADLOCK *** [ 337.881271][ T111] [ 337.884858][ T111] 2 locks held by kswapd0/111: [ 337.887049][ T111] #0: ffffffff8dd3a040 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat+0x166/0x1970 [ 337.891442][ T111] #1: ffff888027ccc0e0 (&type->s_umount_key#33){++++}-{3:3}, at: super_cache_scan+0x96/0x550 [ 337.895669][ T111] [ 337.895669][ T111] stack backtrace: [ 337.898417][ T111] CPU: 3 PID: 111 Comm: kswapd0 Not tainted 6.10.0-rc5-syzkaller-00018-g55027e689933 #0 [ 337.902215][ T111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 337.906747][ T111] Call Trace: [ 337.908071][ T111] [ 337.909098][ T111] dump_stack_lvl+0x116/0x1f0 [ 337.910824][ T111] check_noncircular+0x31a/0x400 [ 337.912954][ T111] ? __pfx_check_noncircular+0x10/0x10 [ 337.915157][ T111] ? lockdep_lock+0xc6/0x200 [ 337.916896][ T111] ? __pfx_lockdep_lock+0x10/0x10 [ 337.918825][ T111] __lock_acquire+0x2478/0x3b30 [ 337.920638][ T111] ? __pfx___lock_acquire+0x10/0x10 [ 337.922842][ T111] ? __pfx___schedule+0x10/0x10 [ 337.924646][ T111] ? _raw_spin_unlock_irqrestore+0x31/0x80 [ 337.926961][ T111] lock_acquire+0x1b1/0x560 [ 337.929067][ T111] ? start_this_handle+0x10db/0x15e0 [ 337.931199][ T111] ? __pfx_lock_acquire+0x10/0x10 [ 337.933244][ T111] ? __pfx_lock_release+0x10/0x10 [ 337.935175][ T111] ? preempt_schedule_thunk+0x1a/0x30 [ 337.937300][ T111] start_this_handle+0x1101/0x15e0 [ 337.939193][ T111] ? start_this_handle+0x10db/0x15e0 [ 337.941231][ T111] ? __pfx_start_this_handle+0x10/0x10 [ 337.943251][ T111] ? rcu_is_watching+0x12/0xc0 [ 337.944998][ T111] ? trace_kmem_cache_alloc+0x2d/0xe0 [ 337.947101][ T111] ? kmem_cache_alloc_noprof+0x174/0x2f0 [ 337.949680][ T111] ? jbd2__journal_start+0x193/0x6a0 [ 337.951814][ T111] jbd2__journal_start+0x394/0x6a0 [ 337.954167][ T111] __ext4_journal_start_sb+0x358/0x660 [ 337.956618][ T111] ? ext4_dirty_inode+0xa1/0x130 [ 337.958994][ T111] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 337.961213][ T111] ext4_dirty_inode+0xa1/0x130 [ 337.963013][ T111] ? rcu_is_watching+0x12/0xc0 [ 337.964791][ T111] __mark_inode_dirty+0x1f0/0xe70 [ 337.966643][ T111] iput.part.0+0x5b/0x7f0 [ 337.968601][ T111] ? shrink_dentry_list+0x11a/0x5d0 [ 337.971387][ T111] iput+0x5c/0x80 [ 337.973004][ T111] dentry_unlink_inode+0x295/0x480 [ 337.975420][ T111] __dentry_kill+0x1d0/0x600 [ 337.977948][ T111] ? shrink_dentry_list+0x11a/0x5d0 [ 337.980268][ T111] shrink_dentry_list+0x140/0x5d0 [ 337.982080][ T111] prune_dcache_sb+0xeb/0x150 [ 337.984070][ T111] ? __pfx_prune_dcache_sb+0x10/0x10 [ 337.986378][ T111] super_cache_scan+0x32a/0x550 [ 337.988513][ T111] do_shrink_slab+0x44f/0x11c0 [ 337.990663][ T111] shrink_slab+0xa87/0x1310 [ 337.992654][ T111] ? shrink_slab+0x86a/0x1310 [ 337.994911][ T111] ? __pfx_shrink_slab+0x10/0x10 [ 337.997309][ T111] ? find_held_lock+0x2d/0x110 [ 337.999386][ T111] ? mem_cgroup_calculate_protection+0x45/0x500 [ 338.002086][ T111] shrink_one+0x493/0x7c0 [ 338.004204][ T111] ? lru_gen_shrink_node+0x885/0x1750 [ 338.006706][ T111] lru_gen_shrink_node+0x89f/0x1750 [ 338.009104][ T111] ? lru_gen_shrink_node+0x622/0x1750 [ 338.011686][ T111] ? __pfx_lru_gen_shrink_node+0x10/0x10 [ 338.014415][ T111] ? pgdat_balanced+0x1b2/0x210 [ 338.016646][ T111] balance_pgdat+0x1105/0x1970 [ 338.018591][ T111] ? __pfx_balance_pgdat+0x10/0x10 [ 338.020865][ T111] ? __pfx___lock_acquire+0x10/0x10 [ 338.023076][ T111] ? irqentry_exit+0x3b/0x90 [ 338.024824][ T111] ? lock_acquire+0x1b1/0x560 [ 338.026881][ T111] ? __pfx___might_resched+0x10/0x10 [ 338.028826][ T111] kswapd+0x5ea/0xbf0 [ 338.030295][ T111] ? __pfx_kswapd+0x10/0x10 [ 338.031963][ T111] ? __pfx_autoremove_wake_function+0x10/0x10 [ 338.034435][ T111] ? lockdep_hardirqs_on+0x7c/0x110 [ 338.036638][ T111] ? __kthread_parkme+0x148/0x220 [ 338.038799][ T111] ? __pfx_kswapd+0x10/0x10 [ 338.040630][ T111] kthread+0x2c1/0x3a0 [ 338.042471][ T111] ? _raw_spin_unlock_irq+0x23/0x50 [ 338.045054][ T111] ? __pfx_kthread+0x10/0x10 [ 338.047129][ T111] ret_from_fork+0x45/0x80 [ 338.048966][ T111] ? __pfx_kthread+0x10/0x10 [ 338.051039][ T111] ret_from_fork_asm+0x1a/0x30 [ 338.053177][ T111] [ 341.174464][ T5343] team0 (unregistering): Port device team_slave_1 removed [ 341.408947][ T5343] team0 (unregistering): Port device team_slave_0 removed [ 344.742504][ T5343] team0 (unregistering): Port device team_slave_1 removed [ 344.992189][ T5343] team0 (unregistering): Port device team_slave_0 removed [ 346.570815][T11766] netdevsim netdevsim1 netdevsim1: renamed from eth1 VM DIAGNOSIS: 12:12:06 Registers: info registers vcpu 0 CPU#0 RAX=0000000000131adc RBX=0000000000000000 RCX=ffffffff8adbfcb9 RDX=ffffed1005806fde RSI=ffffffff8b8fb8a0 RDI=ffffffff8167231c RBP=fffffbfff1b12af8 RSP=ffffffff8d807e20 R8 =0000000000000000 R9 =ffffed1005806fdd R10=ffff88802c037eeb R11=0000000000000000 R12=0000000000000000 R13=ffffffff8d8957c0 R14=ffffffff8fe2a210 R15=0000000000000000 RIP=ffffffff8adc10af RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f73f60a4 CR3=0000000046d04000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000a60ce07b 00000000cec3662e ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0cdd8576e61b6ee2 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 63382ec189169e44 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000ffffffffffff ffffffffffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000151fc4 RBX=0000000000000001 RCX=ffffffff8adbfcb9 RDX=ffffed1005826fde RSI=ffffffff8b8fb8a0 RDI=ffffffff8167231c RBP=ffffed1002c63910 RSP=ffffc90000477e08 R8 =0000000000000000 R9 =ffffed1005826fdd R10=ffff88802c137eeb R11=0000000000000000 R12=0000000000000001 R13=ffff88801631c880 R14=ffffffff8fe2a210 R15=0000000000000000 RIP=ffffffff8adc10af RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7393658 CR3=000000000d97a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000008000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000ffffffffffff ffffffffffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000080080783 RBX=ffff88801a3b0000 RCX=ffffffff862ea8f2 RDX=00000000ffffffff RSI=ffffffff862ea8ff RDI=0000000000000005 RBP=0000000000000000 RSP=ffffc90000540eb8 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=ffffc90000540ff8 R12=0000000000000000 R13=ffff88801a3b1550 R14=ffff88801a3b1168 R15=0000000000000000 RIP=ffffffff862ea939 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fdf44cdcd00 ffffffff 00c00000 GS =0000 ffff88802c200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000579c699c CR3=000000001fb1e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 ZMM17=134127d26f32269f 00cb80323073fef5 134127d26f32269f 00cb80323073fef5 134127d26f32269f 00cb80323073fef5 134127d26f32269f 00cb80323073fef5 ZMM18=6c900aa733b1ebfb f7eeb43906ab8aee 6c900aa733b1ebfb f7eeb43906ab8aee 6c900aa733b1ebfb f7eeb43906ab8aee 6c900aa733b1ebfb f7eeb43906ab8aee ZMM19=f119000000000000 0000000000000204 f119000000000000 0000000000000203 f119000000000000 0000000000000202 f119000000000000 0000000000000201 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=00cb803200cb8032 00cb803200cb8032 00cb803200cb8032 00cb803200cb8032 00cb803200cb8032 00cb803200cb8032 00cb803200cb8032 00cb803200cb8032 ZMM22=6f32269f6f32269f 6f32269f6f32269f 6f32269f6f32269f 6f32269f6f32269f 6f32269f6f32269f 6f32269f6f32269f 6f32269f6f32269f 6f32269f6f32269f ZMM23=134127d2134127d2 134127d2134127d2 134127d2134127d2 134127d2134127d2 134127d2134127d2 134127d2134127d2 134127d2134127d2 134127d2134127d2 ZMM24=06ab8aee06ab8aee 06ab8aee06ab8aee 06ab8aee06ab8aee 06ab8aee06ab8aee 06ab8aee06ab8aee 06ab8aee06ab8aee 06ab8aee06ab8aee 06ab8aee06ab8aee ZMM25=f7eeb439f7eeb439 f7eeb439f7eeb439 f7eeb439f7eeb439 f7eeb439f7eeb439 f7eeb439f7eeb439 f7eeb439f7eeb439 f7eeb439f7eeb439 f7eeb439f7eeb439 ZMM26=33b1ebfb33b1ebfb 33b1ebfb33b1ebfb 33b1ebfb33b1ebfb 33b1ebfb33b1ebfb 33b1ebfb33b1ebfb 33b1ebfb33b1ebfb 33b1ebfb33b1ebfb 33b1ebfb33b1ebfb ZMM27=6c900aa76c900aa7 6c900aa76c900aa7 6c900aa76c900aa7 6c900aa76c900aa7 6c900aa76c900aa7 6c900aa76c900aa7 6c900aa76c900aa7 6c900aa76c900aa7 ZMM28=00000200000001ff 000001fe000001fd 000001fc000001fb 000001fa000001f9 000001f8000001f7 000001f6000001f5 000001f4000001f3 000001f2000001f1 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=f1190000f1190000 f1190000f1190000 f1190000f1190000 f1190000f1190000 f1190000f1190000 f1190000f1190000 f1190000f1190000 f1190000f1190000 info registers vcpu 3 CPU#3 RAX=000000000000006b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84f95405 RDI=ffffffff94d5c040 RBP=ffffffff94d5c000 RSP=ffffc90000e3eaf8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=722d302e30312e36 R12=0000000000000000 R13=000000000000006b R14=ffffffff84f953a0 R15=0000000000000000 RIP=ffffffff84f9542f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000579ce9bc CR3=000000000d97a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000a60ce07b 00000000cec3662e ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2562f9990db59ec0 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 520168204b674cc2 7246fc81610c7c99 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001ec0 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 01000000000000cd 9b2df90a00800100 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00cd96ba000000cd 000000cd00800100 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1bf4e94b99a2de9c 03aa00006af60080 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000cd9c3afa22 9b4bf16200cd9518 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 47134bc722c52da1 a803023925070337 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1bc846bd0d318859 4beb50426c6d705d ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000