last executing test programs: 7.400454248s ago: executing program 1: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 5.235124039s ago: executing program 1: bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x6, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040), &(0x7f00000004c0), 0xce, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 5.042191899s ago: executing program 1: r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0585605, &(0x7f00000005c0)={0x2, 0x0, @raw_data}) 4.96756872s ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000002000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000d80)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000d0"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffefb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xa, 0x4, 0x3, 0x8}, 0x48) close(r1) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='scsi_dispatch_cmd_start\x00', r2}, 0x10) write$cgroup_type(r0, &(0x7f0000000140), 0x9) 4.893341172s ago: executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) sendmsg$NL80211_CMD_ADD_TX_TS(r0, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x3c, 0x0, 0x800, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x9, 0x39}}}}, [@NL80211_ATTR_USER_PRIO={0x5}, @NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0x3f}, @NL80211_ATTR_MAC={0xa}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc840}, 0x80) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000640)={{{@in=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@remote, 0x0, 0x32}, 0x0, @in=@private, 0x0, 0x4}}, 0xe8) sendmmsg$inet6(r2, &(0x7f0000000300)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @dev}, 0x1c, 0x0}}], 0x1, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000840)={0x0, 0x58}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x3, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000850000009e00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000bf080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180), 0x600000, 0x0) syz_open_procfs(0x0, &(0x7f0000000200)='mountinfo\x00') write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000240), 0x12) unshare(0x22020400) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000400), 0xd, 0x5e8, &(0x7f0000001200)="$eJzs3c1vVFUbAPDnTj9oKe/bQt68igtpYgwkSksLGGJcwNaQBj/ixo2VFkQKNLRGiyaUBDcmxo0xJq5ciP+FEtmy0pULN64MCVHD0sQxd3pv6bR3Wjr9uJX7+yVDzz1nbs+5TJ+eM6fn3AmgsgbTf2oR+yNiOonoT+YXyzojKxxceN6DPz86mz6SqNdf+z2JJMvLn59kX/uyk3si4scfktjXsbLemblrF8enpiavZsfDs5emh2fmrh2+cGn8/OT5ycujL4yeOH7s+ImRI21d1/WCvNM3332//5OxN7/56q9k5NtfxpI4GS9nT1x6HZtlMAYb/yfJyqK+E5tdWUk6sp+TpS9x0llig1iX/PXriognoj864uGL1x8fv1Jq44AtVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsP9UwsTACvjv3NhbjB6GnMDux8ksXRaJ4mI9mbmmu2JiLt3xm6euzN2M7ZoHg4oNn8jIp4siv+kEf8D0RMDjfivNcV/Oi44k31N819ts/7lU8XiH7bPQvz3tI7/np7GUVH8v7Uk/t9us/7Bh8l3epviv7fdSwIAAAAAAIDKun0qIp4v+vt/bXH9TxSs/+mLiJObUP/gsuOVf/+v3duEaoAC909FvFS4/reWr/4d6MhS/2msB+pKzl2YmjwSEf+NiEPRtSs9HlmljsOf7vuyVdlgtv4vf6T1383WAmbtuNe5q/mcifHZ8Y1eNxBx/0bEU4Xrf5PF/j8p6P/T3wfTj1jHvmdvnWlVtnb8A1ul/nXEwcL+/+FdK5LV788x3BgPDOejgpWe/vCz71rV3278u8UEbFza/+9ePf4HkqX365lZfx1H5zrrrcraHf93J683bjnTneV9MD47e3Ukojs53ZHmNuWPrr/N8DjK4yGPlzT+Dz2z+vxf0fi/NyLml33v5I/mPcW5///d92ur9hj/Q3nS+J9YV/+//sTorYHvW9X/aP3/sUZffyjLMf8HC77Iw7S7Ob8gHDuLira7vQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwOKhFxJ5IakOL6VptaCiiLyL+F7trU1dmZp87d+W9yxNpWePz/2v5J/32Lxwn+ef/Dyw5Hl12fDQi9kbE5x29jeOhs1emJsq+eAAAAAAAAAAAAAAAAAAAANgh+lrs/0/91lF264At11l2A4DSFMT/T2W0A9h++n+oLvEP1SX+obrEP1SX+IfqEv9QXeIfqkv8AwAAAADAY2Xvgds/JxEx/2Jv45Hqzsq6Sm0ZsNVqZTcAKI1b/EB1WfoD1eU9PpCsUd7T8qS1zlzN9NkNnAwAAAAAAAAAAAAAlXNwv/3/UFX2/0N12f8P1ZXv/z9QcjuA7ec9PhBr7OQv3P+/5lkAAAAAAAAAAAAAwGaambt2cXxqavJq+4n8dgEb/T5lJ97YGc3YzkS9Xr+evnQ7pT3/8kS+FH6ntGdZIt/r92hnlfP7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWOmfAAAA///JXiFd") finit_module(0xffffffffffffffff, &(0x7f0000000340)='/dev/ptmx\x00', 0x3) socket$nl_route(0x10, 0x3, 0x0) socket(0x200000000000011, 0x0, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)=ANY=[@ANYBLOB="12010000ec31f8104c1302007eec0102030109021b0001000000000904002c11018b75000905836dc6"], 0x0) syz_open_dev$evdev(&(0x7f0000000100), 0x4000000, 0x0) 4.829019982s ago: executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_dev$swradio(&(0x7f0000000080), 0x1, 0x2) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) read(r2, &(0x7f0000000200)=""/209, 0xd1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000080)={0x335}) tkill(0x0, 0x7) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r2, 0x40a85323, &(0x7f0000000480)={{0x80, 0x9}, 'port1\x00', 0x1e, 0x100040, 0x2, 0x6, 0x5, 0x8, 0x5, 0x0, 0x4, 0x7}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r2, 0xc04c5349, &(0x7f00000003c0)={{}, 'port1\x00'}) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000080)=@framed={{0x18, 0x2}, [@call, @printk={@li, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x7b}}]}, &(0x7f0000000040)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000180)="00feffffff000000000051229dc9", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105518, 0x0) ioctl$VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000100)=@mmap={0x0, 0x8, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "185d7d4f"}}) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) setsockopt$ax25_int(r4, 0x101, 0x0, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f00000000c0), r6) sendmsg$NFC_CMD_START_POLL(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x14, 0x0, 0x1}, 0x14}}, 0x0) sendmsg$NFC_CMD_DEV_DOWN(r5, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x28004040) read$nci(0xffffffffffffffff, 0x0, 0x0) ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f00000000c0)) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x4, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) 3.428358792s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x4, 0xc}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x17, 0x0, 0x1f5c, 0x6}, 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r2, 0x0, 0x0}, 0x20) 3.322436909s ago: executing program 3: bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x6, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040), &(0x7f00000004c0), 0xce, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 3.111270602s ago: executing program 3: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x200002, &(0x7f0000000980), 0x0, 0x562, &(0x7f0000000a40)="$eJzs3U9rHOUfAPDvbJL+//2SQinagwR6sFK7aRL/VPBQj6LFgt7rkkxDyaZbspvSxILtwV68aBFELIgvwLvH4hvwVRS0UKQEPXhZmc1sum02/7du6nw+MNnnmdndZ74z8332mcwsG0BhjWZ/ShEvR8RXScTwyux92Z/ByBeOrjxv+fHNqWxKotn8+I8kknxe+72S/PFwXnkpIn75IuJ0aW279cWl2Uq1ms7n9bHG3LWx+uLSmStzlZl0Jr06MTl57s3JiXfefqsncX4dEa9d/Ou7j+6/f+7Lk8vf/vTw6N0kzseRfHlnHLtwq7MyGqP5NhmK8888cbwHje0lSb9XgB0ZyPN8KLI+YDgG8qwH/vs+j4gmUFCJ/IeCao8D2uf2PToPfmE8em/lBGht/IMr/xuJA61zo0PLyVNnRtn57kgP2s/a+Pn3e3ezKas3h4u1/YH+uXU7Is4ODq7t/5K8/9u5s1t4zrNtFO3zB/rpfjb+eb3b+Ke0Ov6JLuOfw11ydyc2z//Swx40s65s/Pdu1/Hv6kWrkYG89r/WmG8ouXylmmZ92/8j4lQM7c/qG13PObf8oLness7xXzZl7bfHgvl6PBzc//RrpiuNym5i7vTodsSJruPfZHX/J132f7Y9Lm6xjePpvVfWW7Z5/M9X88eIV7vu/ydXtJKNr0+OtY6HsfZRsdafd47/ul77/Y4/2/+HNo5/JOm8Xlvffhs/HPg7XW/ZTo//fcknrfK+fN6NE3kh+fDp+ZVGY37iyWvb9dbj+Er8p05u3P91O/4PbiP+O8fufLrz+J+vLP7pbe3/7RcefPDZ95Hc2mH82f5/o1U6lc/ZSv+31RXc5eYDAAAAAACAPaUUEUciKZVXy6VSubxyf8exOFSq1uqN05drC1eno/Vd2ZEYKrWvdA933A8xnt8P265PPFOfjIijEfHNwMFWvTxVq073O3gAAAAAAAAAAAAAAAAAAADYIw6v8/3/zG8D/V474Lnzk99QXJvmfy9+6QnYk3z+Q3HJfygu+Q/FJf+huOQ/FJf8h+KS/1Bc8h8AAAAAAAAAAAAAAAAAAAAAAAAAAAB66uKFC9nUXH58cyqrT19fXJitXT8zndZny3MLU+Wp2vy18kytNlNNy1O1uc3er1qrXRufiIUbY4203hirLy5dmqstXG1cujJXmUkvpUP/SlQAAAAAAAAAAAAAAAAAAADwYqkvLs1WqtV0/gUuJHtjNQpaGOycsz8i9sqKKeyq0O+eCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACe+CcAAP//MFU0rg==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000fc020000000000008000000000000000ff02000000000000000000000000000000000000000000000a"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="6501000014"], 0x188}}, 0x0) 2.798627571s ago: executing program 0: r0 = socket$inet(0x2, 0x802, 0x1) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000001500)=0xfffffffe, 0x4) write(r0, &(0x7f0000000080)="08008edf773c8000", 0xfd) readv(r0, &(0x7f0000000380)=[{&(0x7f0000000100)=""/222, 0xfdef}], 0x1) 2.770510875s ago: executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r0}, 0x10) openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r1, 0xffffffffffffffff, 0x0) 2.693970627s ago: executing program 2: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000940)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}, 0x90) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x12, 0x1c, &(0x7f0000000040)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x7b}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a40)={r2, 0xe0, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 2.679703839s ago: executing program 0: openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file2\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) mmap$snddsp_control(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x83000000) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r4, 0x0, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x380, 0xffffffff, 0x98, 0x98, 0x98, 0xffffffff, 0xffffffff, 0x2e8, 0x2e8, 0x2e8, 0xffffffff, 0x4, 0x0, {[{{@ip={@private, @remote, 0x0, 0x0, 'rose0\x00', 'wg2\x00'}, 0xa00, 0x70, 0x98, 0x0, {0x100000000000000}}, @REJECT={0x28}}, {{@uncond, 0x0, 0x100, 0x128, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'snmp_trap\x00'}}, @common=@unspec=@helper={{0x48}, {0x0, 'snmp\x00'}}]}, @REJECT={0x28}}, {{@ip={@remote, @dev, 0x0, 0x0, 'batadv_slave_0\x00', 'rose0\x00'}, 0x0, 0xc8, 0x128, 0x0, {}, [@common=@inet=@socket1={{0x28}}, @common=@addrtype={{0x30}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@broadcast}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3e0) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x2, 0x8, 0x801}, 0x14}}, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, 0x0) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) dup3(r7, r6, 0x0) r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r8, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, 0x0) 2.605045512s ago: executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_opts(r0, 0x0, 0xc, &(0x7f0000000000)="c1", 0x1) setsockopt$inet_opts(r0, 0x0, 0xd, &(0x7f0000000040)='\r', 0x1) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) getsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f0000000100)=""/27, &(0x7f00000000c0)=0xfffffffffffffe90) 2.506020937s ago: executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_dev$swradio(&(0x7f0000000080), 0x1, 0x2) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) read(r2, &(0x7f0000000200)=""/209, 0xd1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000080)={0x335}) tkill(0x0, 0x7) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r2, 0x40a85323, &(0x7f0000000480)={{0x80, 0x9}, 'port1\x00', 0x1e, 0x100040, 0x2, 0x6, 0x5, 0x8, 0x5, 0x0, 0x4, 0x7}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r2, 0xc04c5349, &(0x7f00000003c0)={{}, 'port1\x00'}) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000080)=@framed={{0x18, 0x2}, [@call, @printk={@li, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x7b}}]}, &(0x7f0000000040)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000180)="00feffffff000000000051229dc9", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105518, 0x0) ioctl$VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000100)=@mmap={0x0, 0x8, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "185d7d4f"}}) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) setsockopt$ax25_int(r4, 0x101, 0x0, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f00000000c0), r6) sendmsg$NFC_CMD_START_POLL(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x14, 0x0, 0x1}, 0x14}}, 0x0) sendmsg$NFC_CMD_DEV_DOWN(r5, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x28004040) read$nci(0xffffffffffffffff, 0x0, 0x0) ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f00000000c0)) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x4, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) 931.958594ms ago: executing program 3: bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x6, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040), &(0x7f00000004c0), 0xce, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 931.439424ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x4, 0xc}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x17, 0x0, 0x1f5c, 0x6}, 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r2, 0x0, 0x0}, 0x20) 928.882564ms ago: executing program 1: syz_mount_image$reiserfs(&(0x7f0000000280), &(0x7f0000000140)='./file0\x00', 0x10, &(0x7f0000000580), 0xfb, 0x111b, &(0x7f0000003600)="$eJzs2bFqFF0UB/D/ndnvS7qVsR8ELSwkJKwPYAqFbW21EQkIpsqCoPgavoFv4StoKvuQXouApTAyzo67woJKNoLw+8HuPXNmzj1zy3snAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Jskn0pyvUqaMVclKUnbns7Pk7Rj/tr7ukrJw6P54v7J7MEiSf398fIoKX1VX5bm4OZuM2tmzUFz997hrQ+Ll6+ePzk+PjpZTlPS5uxiq6so41+9nitb7QEAAAD/rO7Spnnz4nc6/X9F/QEAAIBf2fZ5AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCf6qaruBmDKklJ2vZ0fp6k3VD33196PwAAAODySqo8nm7KD8cAK3fycVp+5PvxS+nj/bzdUA8AAACsPHv302W3swzWv69/7Qb9vvt2JsO+fHe4dyOT7O0N8XLI58OkTrK/Nkdfc3bx+un4K12d7FzdugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC+sQMHJAAAAACC/r9uR6AAAAAAAAAAAAAAAAAAAAAAAAAAcFAAAAD//+bP4TA=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.stat\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080), 0xfea7) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x26e1, 0x0) ftruncate(r0, 0xe5c) write$cgroup_pressure(r0, &(0x7f0000000500)={'some'}, 0x2f) 585.488839ms ago: executing program 0: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@struct={0x0, 0x1, 0x0, 0x13, 0x0, 0x2, [{0x1}]}]}, {0x0, [0x5f, 0x5f]}}, 0x0, 0x34}, 0x20) 539.185836ms ago: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff2300000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000011000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb450063dedba767ade51f7f1f66acd19100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb4e4d0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e85cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd0cf8f79a015c7bd3f15aa6aadbeab2a01685108e61aa00000000000000000000000000c67c6c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e3b42bcae95239ef5ca2a730a00c87c493db0300e63fda97a296820000000001000000eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e180022537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d3f00000000000000665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d81ab324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e2603217606637ece1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca7670000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de56f7a0000e094fa4e3f05528caab5a430c08dd810bc97204b767dd969721a26aa740000000000bc433fe2d0a6ef2a8a91cd3cb305aa80dadef8b0caca780000000000000000863e21db415a222bb1a7ab94bfe4a74157d794f9d0430c2c0eb563350559829865a3dd08fb31bd0801e09aa3ee45e61a56fc83076451cff7632e49a41eadb5044a0d5f73d6932161ae5e9ce218a35cd8e7b747887b1a74798982d0b492c3f0ff53189d80733eb04f8124877b648ff438f7d66c7efcc09a8f3330b6c22d14e80db8e5608bdeab9388b758a15f4ce70390c214bc6838798f5b9b0b500d4e8b5174f329b8501c6feb7a6982bcea74a0f2ced7fa2059234a8d10b7f0597151d5c9067d57d85f4ae933eaf5174ba122f3f702ef8695578d3c08562c9fc185f0f65d11b4c58ae52500cbe99cde3758a5cbe6093dd328ac820e2de309d25a324647aadffcecf0f3bbaeda7af4436d9ffbce1b240a2f5e346eba8812e6329e01b087bde7da4a6448f478102e90c8134f531de08d4cf4f6f35b15a202544c0ced0c1715fd3a90099f785a13a2412bedba2981dd22bd9d736c00000000000000000000000000000000eb6fec8d7d2f77f4d470a9caa5b1bfc00cd1d40830ac35f229f8ffe1c02a63d3c2d9"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x14) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x1f2f, 0xf, 0x3ce, &(0x7f00000007c0)="9f44948721919580684010a40800", 0x0, 0x241, 0x60000000, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x23) r2 = socket$inet6(0x10, 0x2, 0x6) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000240)={0x1, &(0x7f0000000040)=[{0x16}]}, 0x10) sendto$inet6(r2, &(0x7f0000000000)="1c0000002800050f0c1000000049b23e9b200a000835b3c000000001", 0x1c, 0x0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080)=0x14) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x0, &(0x7f0000000380), 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socket$packet(0x11, 0x0, 0x300) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4}, 0x1c) listen(r0, 0x5) syz_emit_ethernet(0x4e, &(0x7f0000000e00)={@local, @local, @void, {@ipv4={0x800, @tcp={{0xb, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010101, @local, {[@rr={0x7, 0x17, 0x12, [@private, @broadcast, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback]}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) 474.504636ms ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000002000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000d80)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000d0"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffefb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xa, 0x4, 0x3, 0x8}, 0x48) close(r1) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='scsi_dispatch_cmd_start\x00', r2}, 0x10) write$cgroup_type(r0, &(0x7f0000000140), 0x9) 459.032208ms ago: executing program 3: socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000005c0)='cpuset.effective_mems\x00', 0x275a, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000680)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x28bd, 0x934, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f00000007c0)={0x24, 0x0, 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0022050000000802469e14ca464476599d381ae3f893750f415e8263455ceee9e4f56367aa63346217f0b501c2b35ae5d677765119229c5b8eb62040adb51f1b6fb0313e06c2971a8f4790d0f46bb05f1dfef6ed3becd84c0682928a9cba7269a5d83fc6dbe9725bf1508c766a799a442155c8306dc399de"], 0x0}, 0x0) write$FUSE_INTERRUPT(r0, &(0x7f0000000080)={0x10}, 0x10) mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f00000000c0)='nfs\x00', 0x0, &(0x7f0000000000)='\x03\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xd9z\x81\x91\x8aP}I\xc6\x0e\xd9\v\xda\xbfS\x16 \x04\r\xcd\xdb\x9a\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x00*:\b\xc4\n\xa7\xab\x99i\xe7#\x16>?\xb40\xc65G\x19\x89Z-O\xf2\x8f\xe9U\xe5\xcf\xf95\xfb\xe6\xb9\b \xf6\xce\x88\xffqa\xb8\xb4!0\x9el6\x0f\xf9\x19\xb3\b\xde\x1d\xc4\xde\xccRz\x1c\x02\x1d\xa0\x7f\r~\xe1\xe4\x88\xad\xe3\xf4\x05\xe0\x7f\x0f\xd9:n\xe6\x9a$\xd1s|1c\xfdo\x98\x88_ fh\xc7\"\xd1\x89d\x04\xcd\xefn\xb6o\xa8\xba\xdfI)+IU\x00\x00\x00\x00\x00\x00\x00\x00@\x06V<\xa7\x9c\n\x86\xc5\"\"\xf0\xc9\xadM\x84\x83$\xf6\xe6\x94<\xb3s+\xa4\xca\xbc\xed\xf8\x9c\x83\xa9]?\nm\xdc\x00P\xc6\x0225N\x92\b\x82\xa3.\xac\x01\xf9H\xbe#\xec\x7f\fm\x85[v\xde\x87\xd3(\x92\xfe\xe6\"@\xcc\xc3qx\x9a\xaf{\nt\xaf1\x047o\x9e\xba:\xc2O7`o\x96Y\x1a\x97\x1bn\xbc\xf8\x14c\xfe\x855\xbc\xfd\x1b\xe7[\x82\xe0H(N\x15\xd0n\xf1\x8d\x86|\xdc\x1f1\x102\x97\fX\x95 \"\xcd-\x17\xa7\xda\xe4\x83\xea\x06+\xf6\x93\xdcp\xc0g\xfao\x80\x1c\x93\x10\xc3C\xc3\xa6l\xe3\x87\xa0\x8f\x04\x18\xaa\v\xbbT*c\xf1\x8d\x8c7G\xa2\x96W\xc1\x06\xb0\x8d\x1bVJ\xccM\x83c\xb2@\x05\xa8:0\xc0\xb4\xeb&\x13T\x91\x7f!\xd7\xfe\x02\xf8\x13\xa2\x7fl]\x94\xfc\x84Fz\xce\x9a$\xf8\xe0\x84x\xfd\x8e1\xbe0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f0000000080)={r2, @in6={{0xa, 0x0, 0x0, @empty}}}, 0x90) 51.351532ms ago: executing program 4: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000940)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}, 0x90) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x12, 0x1c, &(0x7f0000000040)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x7b}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a40)={r2, 0xe0, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 0s ago: executing program 4: openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file2\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) mmap$snddsp_control(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x83000000) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r4, 0x0, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x380, 0xffffffff, 0x98, 0x98, 0x98, 0xffffffff, 0xffffffff, 0x2e8, 0x2e8, 0x2e8, 0xffffffff, 0x4, 0x0, {[{{@ip={@private, @remote, 0x0, 0x0, 'rose0\x00', 'wg2\x00'}, 0xa00, 0x70, 0x98, 0x0, {0x100000000000000}}, @REJECT={0x28}}, {{@uncond, 0x0, 0x100, 0x128, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'snmp_trap\x00'}}, @common=@unspec=@helper={{0x48}, {0x0, 'snmp\x00'}}]}, @REJECT={0x28}}, {{@ip={@remote, @dev, 0x0, 0x0, 'batadv_slave_0\x00', 'rose0\x00'}, 0x0, 0xc8, 0x128, 0x0, {}, [@common=@inet=@socket1={{0x28}}, @common=@addrtype={{0x30}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@broadcast}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3e0) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x2, 0x8, 0x801}, 0x14}}, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, 0x0) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) dup3(r7, r6, 0x0) r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r8, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, 0x0) kernel console output (not intermixed with test programs): USB device found, idVendor=28bd, idProduct=0934, bcdDevice= 0.00 [ 245.878923][ T3616] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.884549][ T8108] XFS (loop0): Ending clean mount [ 245.899929][ T3616] usb 2-1: config 0 descriptor?? [ 245.911827][ T8108] XFS (loop0): Quotacheck needed: Please wait. [ 245.945954][ T8108] XFS (loop0): Quotacheck: Done. [ 245.967238][ T27] audit: type=1804 audit(1718569984.447:339): pid=8108 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir2538009040/syzkaller.ybFukD/141/file0/file1" dev="loop0" ino=9286 res=1 errno=0 [ 246.165163][ T3613] usb 3-1: Using ep0 maxpacket: 32 [ 246.670695][ T3616] input: HID 28bd:0934 Mouse as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:28BD:0934.0005/input/input11 [ 246.745304][ T3613] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 246.773125][ T3613] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 246.790502][ T3616] uclogic 0003:28BD:0934.0005: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0934] on usb-dummy_hcd.1-1/input0 [ 246.819692][ T3613] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 246.849434][ T3613] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.880501][ T3613] usb 3-1: config 0 descriptor?? [ 246.904411][ T3616] usb 2-1: USB disconnect, device number 4 [ 246.936117][ T3613] hub 3-1:0.0: USB hub found [ 247.000872][ T6391] XFS (loop0): Unmounting Filesystem [ 247.070282][ C1] IPv4: Oversized IP packet from 127.0.0.1 [ 247.162670][ T3613] hub 3-1:0.0: 1 port detected [ 247.474719][ T8133] loop4: detected capacity change from 0 to 32768 [ 247.488465][ T8133] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz-executor.4 (8133) [ 248.791765][ T8133] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 248.824943][ T8133] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 248.860038][ T8133] BTRFS info (device loop4): setting nodatasum [ 248.889123][ T8133] BTRFS info (device loop4): force zlib compression, level 3 [ 248.915437][ T8133] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_LZO (0x8) [ 248.924676][ T8133] BTRFS info (device loop4): use lzo compression, level 0 [ 248.959550][ T8133] BTRFS info (device loop4): turning on flush-on-commit [ 248.980055][ T8133] BTRFS info (device loop4): enabling auto defrag [ 248.993646][ T8133] BTRFS info (device loop4): using free space tree [ 249.022952][ T8159] loop0: detected capacity change from 0 to 32768 [ 249.053651][ T8159] XFS (loop0): Mounting V5 Filesystem [ 249.072868][ T8133] BTRFS info (device loop4): enabling ssd optimizations [ 249.157019][ T8159] XFS (loop0): Ending clean mount [ 249.175237][ T3613] hub 3-1:0.0: hub_hub_status failed (err = -71) [ 249.188377][ T3613] hub 3-1:0.0: config failed, can't get hub status (err -71) [ 249.194469][ T8159] XFS (loop0): Quotacheck needed: Please wait. [ 249.220759][ C1] IPv4: Oversized IP packet from 127.0.0.1 [ 249.230129][ T6597] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 249.321642][ T8159] XFS (loop0): Quotacheck: Done. [ 249.332735][ T3613] usbhid 3-1:0.0: can't add hid device: -71 [ 249.343989][ T3613] usbhid: probe of 3-1:0.0 failed with error -71 [ 249.415770][ T3613] usb 3-1: USB disconnect, device number 8 [ 250.315507][ T27] audit: type=1800 audit(1718569988.787:340): pid=8159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.0" name="file1" dev="loop0" ino=9286 res=0 errno=0 [ 250.559834][ T27] audit: type=1804 audit(1718569988.787:341): pid=8231 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir2538009040/syzkaller.ybFukD/148/file0/file1" dev="loop0" ino=9286 res=1 errno=0 [ 250.686100][ T27] audit: type=1800 audit(1718569988.787:342): pid=8231 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.0" name="file1" dev="loop0" ino=9286 res=0 errno=0 [ 250.807217][ T8263] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 250.823073][ T8263] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 250.884096][ T6391] XFS (loop0): Unmounting Filesystem [ 250.934881][ C0] IPv4: Oversized IP packet from 127.0.0.1 [ 251.061526][ T27] audit: type=1326 audit(1718569989.537:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8274 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1147cea9 code=0x7ffc0000 [ 251.107157][ T27] audit: type=1326 audit(1718569989.567:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8274 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1147cea9 code=0x7ffc0000 [ 251.115161][ T4722] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 251.130115][ T27] audit: type=1326 audit(1718569989.567:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8274 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0d1147cea9 code=0x7ffc0000 [ 251.217932][ T27] audit: type=1326 audit(1718569989.567:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8274 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1147cea9 code=0x7ffc0000 [ 251.274922][ T27] audit: type=1326 audit(1718569989.567:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8274 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f0d1147cea9 code=0x7ffc0000 [ 251.354573][ T27] audit: type=1326 audit(1718569989.567:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8274 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1147cea9 code=0x7ffc0000 [ 251.404841][ T27] audit: type=1326 audit(1718569989.567:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8274 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1147cea9 code=0x7ffc0000 [ 251.540860][ T4722] usb 2-1: Using ep0 maxpacket: 32 [ 251.599305][ T8269] loop2: detected capacity change from 0 to 32768 [ 251.687356][ T8290] loop0: detected capacity change from 0 to 64 [ 251.700702][ T4722] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 251.729727][ T4722] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 251.818206][ T4722] usb 2-1: New USB device found, idVendor=28bd, idProduct=0934, bcdDevice= 0.00 [ 251.859435][ T8269] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz-executor.2 (8269) [ 251.902446][ T8290] Trying to free block not in datazone [ 251.911576][ T8290] Trying to free block not in datazone [ 251.917174][ T8290] Trying to free block not in datazone [ 251.922660][ T8290] Trying to free block not in datazone [ 251.928211][ T8290] Trying to free block not in datazone [ 251.933826][ T8290] minix_free_block (loop0:6): bit already cleared [ 251.940974][ T8290] Trying to free block not in datazone [ 251.946602][ T8290] Trying to free block not in datazone [ 252.092144][ T4722] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.316734][ T4722] usb 2-1: config 0 descriptor?? [ 252.328552][ T8269] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 252.346335][ T8269] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 252.375223][ T8269] BTRFS info (device loop2): setting nodatasum [ 252.391636][ T8269] BTRFS info (device loop2): force zlib compression, level 3 [ 252.401788][ T8269] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_LZO (0x8) [ 252.421317][ T8269] BTRFS info (device loop2): use lzo compression, level 0 [ 252.428024][ T8296] loop0: detected capacity change from 0 to 1764 [ 252.437936][ T8269] BTRFS info (device loop2): turning on flush-on-commit [ 252.455290][ T8269] BTRFS info (device loop2): enabling auto defrag [ 252.461754][ T8269] BTRFS info (device loop2): using free space tree [ 252.541394][ C1] IPv4: Oversized IP packet from 127.0.0.1 [ 252.587637][ T8269] BTRFS info (device loop2): enabling ssd optimizations [ 252.830963][ T4722] input: HID 28bd:0934 Mouse as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:28BD:0934.0006/input/input12 [ 252.992840][ T4722] uclogic 0003:28BD:0934.0006: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0934] on usb-dummy_hcd.1-1/input0 [ 253.025950][ T7101] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 253.058244][ T4722] usb 2-1: USB disconnect, device number 5 [ 253.786780][ T8347] loop3: detected capacity change from 0 to 64 [ 254.625661][ T8347] Trying to free block not in datazone [ 254.631335][ T8347] Trying to free block not in datazone [ 254.636810][ T8347] Trying to free block not in datazone [ 254.642263][ T8347] Trying to free block not in datazone [ 254.649230][ T8347] Trying to free block not in datazone [ 254.654694][ T8347] minix_free_block (loop3:6): bit already cleared [ 254.661133][ T8347] Trying to free block not in datazone [ 254.666632][ T8347] Trying to free block not in datazone [ 255.268830][ T8368] loop2: detected capacity change from 0 to 512 [ 255.294885][ T8368] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 255.507568][ T8368] EXT4-fs (loop2): 1 truncate cleaned up [ 255.513350][ T8368] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 255.565590][ T1245] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.571913][ T1245] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.815287][ T14] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 256.072577][ T14] usb 1-1: Using ep0 maxpacket: 32 [ 256.199450][ T14] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 256.217995][ T8381] loop4: detected capacity change from 0 to 32768 [ 256.224540][ T14] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 256.243440][ T8381] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz-executor.4 (8381) [ 256.263997][ T14] usb 1-1: New USB device found, idVendor=28bd, idProduct=0934, bcdDevice= 0.00 [ 256.275825][ T14] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.336697][ T14] usb 1-1: config 0 descriptor?? [ 256.800036][ T14] input: HID 28bd:0934 Mouse as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:28BD:0934.0007/input/input13 [ 256.814287][ T8381] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 256.825958][ T7101] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 54: comm syz-executor.2: path /root/syzkaller-testdir882113641/syzkaller.mY1QIE/49/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 256.831987][ T8381] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 256.851701][ C1] vkms_vblank_simulate: vblank timer overrun [ 256.877692][ T14] uclogic 0003:28BD:0934.0007: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0934] on usb-dummy_hcd.0-1/input0 [ 256.909691][ T8381] BTRFS info (device loop4): setting nodatasum [ 256.923484][ T8381] BTRFS info (device loop4): force zlib compression, level 3 [ 256.931015][ T8381] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_LZO (0x8) [ 256.945151][ T8381] BTRFS info (device loop4): use lzo compression, level 0 [ 256.952288][ T8381] BTRFS info (device loop4): turning on flush-on-commit [ 256.966591][ T8381] BTRFS info (device loop4): enabling auto defrag [ 256.973102][ T8381] BTRFS info (device loop4): using free space tree [ 257.037843][ T8381] BTRFS info (device loop4): enabling ssd optimizations [ 257.057887][ T14] usb 1-1: USB disconnect, device number 12 [ 257.154083][ T6597] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 257.314040][ T8406] device dummy0 entered promiscuous mode [ 257.324252][ T7101] EXT4-fs error (device loop2): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.2: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 257.344357][ C1] vkms_vblank_simulate: vblank timer overrun [ 257.437010][ T8403] device dummy0 left promiscuous mode [ 257.475546][ T7101] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 54: comm syz-executor.2: path /root/syzkaller-testdir882113641/syzkaller.mY1QIE/49/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 257.501202][ C1] vkms_vblank_simulate: vblank timer overrun [ 257.566266][ T7101] EXT4-fs error (device loop2): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.2: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 257.625660][ T7101] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 54: comm syz-executor.2: path /root/syzkaller-testdir882113641/syzkaller.mY1QIE/49/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 257.651304][ C1] vkms_vblank_simulate: vblank timer overrun [ 257.726745][ T8424] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 257.736110][ T7101] EXT4-fs error (device loop2): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.2: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 257.769175][ T8424] netlink: 199836 bytes leftover after parsing attributes in process `syz-executor.3'. [ 257.790839][ T8426] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 257.797054][ T8429] loop0: detected capacity change from 0 to 512 [ 257.800702][ T7101] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 54: comm syz-executor.2: path /root/syzkaller-testdir882113641/syzkaller.mY1QIE/49/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 257.819723][ T8429] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 257.832447][ C1] vkms_vblank_simulate: vblank timer overrun [ 257.863651][ T8429] EXT4-fs (loop0): 1 truncate cleaned up [ 257.867513][ T7101] EXT4-fs error (device loop2): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.2: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 257.874711][ T8429] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 257.950824][ T6391] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor.0: path /root/syzkaller-testdir2538009040/syzkaller.ybFukD/155/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 257.984029][ T6391] EXT4-fs error (device loop0): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.0: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 257.992274][ T7101] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 54: comm syz-executor.2: path /root/syzkaller-testdir882113641/syzkaller.mY1QIE/49/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 258.029695][ C1] vkms_vblank_simulate: vblank timer overrun [ 258.043332][ T6391] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor.0: path /root/syzkaller-testdir2538009040/syzkaller.ybFukD/155/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 258.057405][ T7101] EXT4-fs error (device loop2): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.2: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 258.077873][ T6391] EXT4-fs error (device loop0): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.0: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 258.109884][ T14] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 258.124726][ T6391] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor.0: path /root/syzkaller-testdir2538009040/syzkaller.ybFukD/155/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 258.163375][ T6391] EXT4-fs error (device loop0): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.0: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 258.184636][ T6391] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor.0: path /root/syzkaller-testdir2538009040/syzkaller.ybFukD/155/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 258.216257][ T6391] EXT4-fs error (device loop0): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.0: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 258.239844][ T6391] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor.0: path /root/syzkaller-testdir2538009040/syzkaller.ybFukD/155/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 258.272090][ T6391] EXT4-fs error (device loop0): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.0: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 258.305272][ T4663] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 258.395209][ T14] usb 5-1: Using ep0 maxpacket: 32 [ 258.535442][ T14] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 258.545382][ T4663] usb 4-1: Using ep0 maxpacket: 16 [ 258.546517][ T14] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 258.561222][ T14] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 258.570405][ T14] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.616018][ T14] hub 5-1:4.0: USB hub found [ 258.665329][ T4663] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 258.674291][ T4663] usb 4-1: config 1 has no interface number 1 [ 258.680544][ T4663] usb 4-1: too many endpoints for config 1 interface 2 altsetting 95: 154, using maximum allowed: 30 [ 258.691543][ T4663] usb 4-1: config 1 interface 2 altsetting 95 has 0 endpoint descriptors, different from the interface descriptor's value: 154 [ 258.705013][ T4663] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 258.706699][ T4722] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 258.737634][ T7101] EXT4-fs (loop2): unmounting filesystem. [ 258.740608][ T6391] EXT4-fs (loop0): unmounting filesystem. [ 258.749083][ T4663] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 258.762015][ T4663] usb 4-1: config 1 interface 2 has no altsetting 2 [ 258.822438][ T1274] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.927137][ T14] hub 5-1:4.0: 8 ports detected [ 258.931610][ T4663] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 258.945237][ T14] hub 5-1:4.0: insufficient power available to use all downstream ports [ 258.953318][ T4663] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 258.985341][ T4663] usb 4-1: Product: syz [ 258.989575][ T4663] usb 4-1: Manufacturer: syz [ 258.994170][ T4663] usb 4-1: SerialNumber: syz [ 258.995736][ T1274] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.091121][ T1274] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.125393][ T4722] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 259.129554][ T27] audit: type=1326 audit(1718569997.607:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8427 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1147cea9 code=0x7ffc0000 [ 259.165114][ T4722] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 259.195138][ T4722] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 259.204831][ T4722] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.215355][ T14] hub 5-1:4.0: hub_hub_status failed (err = -71) [ 259.224933][ T27] audit: type=1326 audit(1718569997.607:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8427 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0d1147cea9 code=0x7ffc0000 [ 259.227177][ T14] hub 5-1:4.0: config failed, can't get hub status (err -71) [ 259.269598][ T4722] usb 2-1: config 0 descriptor?? [ 259.296143][ T1274] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.307394][ T27] audit: type=1326 audit(1718569997.607:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8427 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1147cea9 code=0x7ffc0000 [ 259.337845][ T27] audit: type=1326 audit(1718569997.607:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8427 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0d1147cea9 code=0x7ffc0000 [ 259.341082][ T14] usb 5-1: USB disconnect, device number 10 [ 259.363347][ T27] audit: type=1326 audit(1718569997.607:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8427 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1147cea9 code=0x7ffc0000 [ 259.400089][ T4663] usb 4-1: USB disconnect, device number 9 [ 259.427800][ T27] audit: type=1326 audit(1718569997.647:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8427 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0d1147cea9 code=0x7ffc0000 [ 259.457046][ T27] audit: type=1326 audit(1718569997.647:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8427 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1147cea9 code=0x7ffc0000 [ 259.480448][ T27] audit: type=1326 audit(1718569997.647:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8427 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0d1147cea9 code=0x7ffc0000 [ 259.480706][ T3583] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 259.514193][ T27] audit: type=1326 audit(1718569997.647:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8427 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1147cea9 code=0x7ffc0000 [ 259.538287][ T3582] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 259.547606][ T3582] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 259.556756][ T3582] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 259.564249][ T3582] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 259.571529][ T3582] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 259.586273][ T27] audit: type=1326 audit(1718569997.647:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8427 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0d1147cea9 code=0x7ffc0000 [ 259.631491][ T3584] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 259.643329][ T3584] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 259.653594][ T3583] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 259.665758][ T3583] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 259.674355][ T3583] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 259.688569][ T3583] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 259.745814][ T4722] hid (null): bogus close delimiter [ 259.870377][ T8445] chnl_net:caif_netlink_parms(): no params data found [ 259.888423][ T8454] loop4: detected capacity change from 0 to 512 [ 259.940102][ T8454] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 259.952198][ T8454] ext4 filesystem being mounted at /root/syzkaller-testdir2133295699/syzkaller.MOWeDj/116/file0 supports timestamps until 2038 (0x7fffffff) [ 259.965306][ T4722] usb 2-1: language id specifier not provided by device, defaulting to English [ 260.013497][ T8462] device dummy0 entered promiscuous mode [ 260.026295][ T6597] EXT4-fs (loop4): unmounting filesystem. [ 260.075235][ T8457] device dummy0 left promiscuous mode [ 260.173551][ T8445] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.188975][ T8445] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.218794][ T8445] device bridge_slave_0 entered promiscuous mode [ 260.265323][ T8445] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.272494][ T8445] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.290829][ T8478] loop4: detected capacity change from 0 to 512 [ 260.298530][ T8445] device bridge_slave_1 entered promiscuous mode [ 260.332050][ T8447] chnl_net:caif_netlink_parms(): no params data found [ 260.342484][ T8478] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 260.420976][ T8478] EXT4-fs (loop4): 1 truncate cleaned up [ 260.435191][ T8478] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 260.518418][ T6597] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 54: comm syz-executor.4: path /root/syzkaller-testdir2133295699/syzkaller.MOWeDj/118/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 260.546569][ T6597] EXT4-fs error (device loop4): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.4: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 260.569018][ T8445] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 260.574131][ T6597] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 54: comm syz-executor.4: path /root/syzkaller-testdir2133295699/syzkaller.MOWeDj/118/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 260.605237][ T6597] EXT4-fs error (device loop4): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.4: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 260.626983][ T8445] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 260.636874][ T6597] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 54: comm syz-executor.4: path /root/syzkaller-testdir2133295699/syzkaller.MOWeDj/118/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 260.663653][ T6597] EXT4-fs error (device loop4): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.4: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 260.713571][ T6597] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 54: comm syz-executor.4: path /root/syzkaller-testdir2133295699/syzkaller.MOWeDj/118/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 260.753051][ T6597] EXT4-fs error (device loop4): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.4: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 260.788037][ T6597] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 54: comm syz-executor.4: path /root/syzkaller-testdir2133295699/syzkaller.MOWeDj/118/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 260.829219][ T6597] EXT4-fs error (device loop4): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.4: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 260.840108][ T8475] loop1: detected capacity change from 0 to 40427 [ 260.870648][ T8445] team0: Port device team_slave_0 added [ 260.918407][ T8475] F2FS-fs (loop1): Mismatch valid blocks 5 vs. 7 [ 260.927417][ T8445] team0: Port device team_slave_1 added [ 260.934385][ T8447] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.938636][ T8475] F2FS-fs (loop1): Failed to initialize F2FS segment manager (-117) [ 260.949059][ T8447] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.964382][ T8447] device bridge_slave_0 entered promiscuous mode [ 260.994971][ T8447] bridge0: port 2(bridge_slave_1) entered blocking state [ 261.002377][ T8447] bridge0: port 2(bridge_slave_1) entered disabled state [ 261.010982][ T8447] device bridge_slave_1 entered promiscuous mode [ 261.069397][ T8445] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 261.089298][ T8445] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 261.136267][ T8445] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 261.219424][ T8445] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 261.235215][ T8445] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 261.261683][ T8445] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 261.286681][ T8447] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 261.312478][ T8447] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 261.338094][ T8445] device hsr_slave_0 entered promiscuous mode [ 261.344789][ T8445] device hsr_slave_1 entered promiscuous mode [ 261.351482][ T8445] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 261.359517][ T8445] Cannot create hsr debugfs directory [ 261.399960][ T6597] EXT4-fs (loop4): unmounting filesystem. [ 261.406379][ T8447] team0: Port device team_slave_0 added [ 261.478804][ T1274] device hsr_slave_0 left promiscuous mode [ 261.495480][ T1274] device hsr_slave_1 left promiscuous mode [ 261.508755][ T1274] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 261.532608][ T1274] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 261.552631][ T1274] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 261.560600][ T1274] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 261.579541][ T1274] device bridge_slave_1 left promiscuous mode [ 261.594251][ T1274] bridge0: port 2(bridge_slave_1) entered disabled state [ 261.614030][ T1274] device bridge_slave_0 left promiscuous mode [ 261.623393][ T1274] bridge0: port 1(bridge_slave_0) entered disabled state [ 261.635496][ T3582] Bluetooth: hci0: command tx timeout [ 261.663093][ T1274] device veth1_macvtap left promiscuous mode [ 261.675188][ T1274] device veth0_macvtap left promiscuous mode [ 261.681435][ T1274] device veth1_vlan left promiscuous mode [ 261.688451][ T1274] device veth0_vlan left promiscuous mode [ 261.715398][ T3582] Bluetooth: hci4: command tx timeout [ 261.765313][ T4663] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 261.944750][ T3584] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 261.965494][ T3584] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 261.974041][ T3584] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 261.986075][ T3584] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 261.995410][ T1274] team0 (unregistering): Port device team_slave_1 removed [ 262.003734][ T3584] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 262.013448][ T3584] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 262.015449][ T4663] usb 4-1: Using ep0 maxpacket: 16 [ 262.028617][ T1274] team0 (unregistering): Port device team_slave_0 removed [ 262.049778][ T1274] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 262.065332][ T1274] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 262.134675][ T1274] bond0 (unregistering): Released all slaves [ 262.145392][ T4663] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 262.154522][ T4663] usb 4-1: config 1 has no interface number 1 [ 262.160865][ T4663] usb 4-1: too many endpoints for config 1 interface 2 altsetting 95: 154, using maximum allowed: 30 [ 262.172597][ T4663] usb 4-1: config 1 interface 2 altsetting 95 has 0 endpoint descriptors, different from the interface descriptor's value: 154 [ 262.185902][ T4663] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 262.196985][ T4663] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 262.209554][ T4663] usb 4-1: config 1 interface 2 has no altsetting 2 [ 262.212035][ T8447] team0: Port device team_slave_1 added [ 262.324981][ T8447] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 262.334618][ T8447] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 262.360829][ T8447] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 262.400534][ T4663] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 262.410581][ T4663] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 262.410706][ T8447] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 262.427801][ T4663] usb 4-1: Product: syz [ 262.432046][ T4663] usb 4-1: Manufacturer: syz [ 262.434611][ T8447] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 262.444104][ T4663] usb 4-1: SerialNumber: syz [ 262.473496][ T8447] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 262.495278][ T4722] uclogic 0003:256C:006D.0008: failed retrieving string descriptor #200: -71 [ 262.512859][ T4722] uclogic 0003:256C:006D.0008: failed retrieving pen parameters: -71 [ 262.521356][ T4722] uclogic 0003:256C:006D.0008: failed probing pen v2 parameters: -71 [ 262.530360][ T4722] uclogic 0003:256C:006D.0008: failed probing parameters: -71 [ 262.537993][ T4722] uclogic: probe of 0003:256C:006D.0008 failed with error -71 [ 262.553747][ T4722] usb 2-1: USB disconnect, device number 6 [ 262.624060][ T8447] device hsr_slave_0 entered promiscuous mode [ 262.632052][ T8447] device hsr_slave_1 entered promiscuous mode [ 262.638929][ T8447] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 262.646687][ T8447] Cannot create hsr debugfs directory [ 262.860024][ T4663] usb 4-1: USB disconnect, device number 10 [ 262.895448][ T8504] chnl_net:caif_netlink_parms(): no params data found [ 262.958809][ T8504] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.966181][ T8504] bridge0: port 1(bridge_slave_0) entered disabled state [ 262.974230][ T8504] device bridge_slave_0 entered promiscuous mode [ 262.982987][ T8504] bridge0: port 2(bridge_slave_1) entered blocking state [ 262.990213][ T8504] bridge0: port 2(bridge_slave_1) entered disabled state [ 263.010124][ T8504] device bridge_slave_1 entered promiscuous mode [ 263.051629][ T8447] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.127819][ T8504] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 263.148675][ T8504] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 263.184815][ T8447] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.201461][ T8514] device dummy0 entered promiscuous mode [ 263.226911][ T8511] device dummy0 left promiscuous mode [ 263.253673][ T8504] team0: Port device team_slave_0 added [ 263.294133][ T8447] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.342990][ T8504] team0: Port device team_slave_1 added [ 263.443301][ T8447] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.496143][ T8504] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 263.503112][ T8504] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 263.537904][ T8518] loop3: detected capacity change from 0 to 8192 [ 263.574366][ T8504] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 263.586470][ T8518] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 263.609688][ T8518] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 263.629746][ T8518] REISERFS (device loop3): using ordered data mode [ 263.635586][ T8504] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 263.645161][ T8518] reiserfs: using flush barriers [ 263.655275][ T8518] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 263.675287][ T8504] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 263.685505][ T8518] REISERFS (device loop3): checking transaction log (loop3) [ 263.715331][ T3582] Bluetooth: hci0: command tx timeout [ 263.742156][ T8518] REISERFS (device loop3): Using r5 hash to sort names [ 263.746552][ T8504] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 263.761572][ T8518] REISERFS (device loop3): using 3.5.x disk format [ 263.768503][ T8518] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 263.795190][ T3582] Bluetooth: hci4: command tx timeout [ 263.926006][ T8520] loop1: detected capacity change from 0 to 32768 [ 263.934871][ T8520] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop1 scanned by syz-executor.1 (8520) [ 263.951504][ T8504] device hsr_slave_0 entered promiscuous mode [ 263.970878][ T8520] BTRFS info (device loop1): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 263.981245][ T8520] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 263.991959][ T8504] device hsr_slave_1 entered promiscuous mode [ 264.005191][ T8520] BTRFS info (device loop1): using free space tree [ 264.016321][ T8504] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 264.023894][ T8504] Cannot create hsr debugfs directory [ 264.035303][ T3582] Bluetooth: hci1: command tx timeout [ 264.050869][ T8525] loop3: detected capacity change from 0 to 512 [ 264.067900][ T8525] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 264.120830][ T8445] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 264.140939][ T8445] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 264.153802][ T8525] EXT4-fs (loop3): 1 truncate cleaned up [ 264.161729][ T8525] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 264.209909][ T5952] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 54: comm syz-executor.3: path /root/syzkaller-testdir697253795/syzkaller.GBnvxe/166/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 264.235881][ T8520] BTRFS info (device loop1): enabling ssd optimizations [ 264.246786][ T8445] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 264.260463][ T5952] EXT4-fs error (device loop3): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.3: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 264.273444][ T8445] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 264.345720][ T5952] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 54: comm syz-executor.3: path /root/syzkaller-testdir697253795/syzkaller.GBnvxe/166/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 264.377016][ T5901] BTRFS info (device loop1): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 264.396264][ T5952] EXT4-fs error (device loop3): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.3: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 264.567145][ T5952] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 54: comm syz-executor.3: path /root/syzkaller-testdir697253795/syzkaller.GBnvxe/166/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 264.625912][ T5952] EXT4-fs error (device loop3): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.3: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 264.642292][ T8504] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.665912][ T5952] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 54: comm syz-executor.3: path /root/syzkaller-testdir697253795/syzkaller.GBnvxe/166/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 264.724312][ T5952] EXT4-fs error (device loop3): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.3: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 264.727855][ T8447] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 264.790647][ T5952] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 54: comm syz-executor.3: path /root/syzkaller-testdir697253795/syzkaller.GBnvxe/166/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 264.797136][ T8445] 8021q: adding VLAN 0 to HW filter on device bond0 [ 264.864148][ T5952] EXT4-fs error (device loop3): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.3: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 264.869990][ T8504] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.947790][ T8447] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 264.971654][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 264.980534][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 264.993686][ T8445] 8021q: adding VLAN 0 to HW filter on device team0 [ 265.006541][ T8447] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 265.033321][ T8504] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.072853][ T8447] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 265.102551][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 265.122538][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 265.136187][ T152] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.143323][ T152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.151708][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 265.189649][ T8504] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.239923][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 265.252075][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 265.265322][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.272387][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 265.315036][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 265.379717][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 265.388958][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 265.408120][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 265.456705][ T8445] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 265.467340][ T8445] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 265.479572][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 265.492000][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 265.500488][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 265.509265][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 265.516353][ T5952] EXT4-fs (loop3): unmounting filesystem. [ 265.517738][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 265.531586][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 265.540239][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 265.549008][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 265.601591][ T8447] 8021q: adding VLAN 0 to HW filter on device bond0 [ 265.655419][ T4514] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 265.663300][ T4514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 265.700042][ T8447] 8021q: adding VLAN 0 to HW filter on device team0 [ 265.710893][ T8504] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 265.771678][ T1274] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.795563][ T3582] Bluetooth: hci0: command tx timeout [ 265.855992][ T8504] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 265.875324][ T3582] Bluetooth: hci4: command tx timeout [ 265.888574][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 265.915679][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 265.933779][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.940943][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.975589][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 265.994290][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 266.008411][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 266.015526][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 266.032069][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 266.054330][ T3584] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 266.064170][ T3584] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 266.073604][ T3584] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 266.081685][ T3584] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 266.081769][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 266.090161][ T3584] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 266.104719][ T3584] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 266.116074][ T3583] Bluetooth: hci1: command tx timeout [ 266.126491][ T1274] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 266.147579][ T3890] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 266.155977][ T8504] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 266.174800][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 266.186947][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 266.200672][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 266.220275][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 266.234666][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 266.250465][ T8447] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 266.264086][ T8447] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 266.275772][ T8504] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 266.290516][ T1274] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 266.305548][ T4514] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 266.313470][ T4514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 266.322127][ T4514] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 266.330950][ T4514] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 266.339579][ T4514] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 266.351447][ T4514] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 266.381649][ T3891] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 266.390816][ T3891] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 266.398381][ T3890] usb 2-1: Using ep0 maxpacket: 16 [ 266.428030][ T1274] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 266.447367][ T8445] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 266.515392][ T3890] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 266.524480][ T3890] usb 2-1: config 1 has no interface number 1 [ 266.547927][ T3890] usb 2-1: too many endpoints for config 1 interface 2 altsetting 95: 154, using maximum allowed: 30 [ 266.560374][ T3890] usb 2-1: config 1 interface 2 altsetting 95 has 0 endpoint descriptors, different from the interface descriptor's value: 154 [ 266.574253][ T3890] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 266.594309][ T3890] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 266.618773][ T3890] usb 2-1: config 1 interface 2 has no altsetting 2 [ 266.644223][ T8504] 8021q: adding VLAN 0 to HW filter on device bond0 [ 266.659710][ T8445] device veth0_vlan entered promiscuous mode [ 266.668498][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 266.677222][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 266.686235][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 266.694628][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 266.702920][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 266.712349][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 266.740508][ T4434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 266.751039][ T4434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 266.760721][ T8445] device veth1_vlan entered promiscuous mode [ 266.786345][ T3890] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 266.795602][ T3890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.797454][ T8504] 8021q: adding VLAN 0 to HW filter on device team0 [ 266.803586][ T3890] usb 2-1: Product: syz [ 266.820051][ T3890] usb 2-1: Manufacturer: syz [ 266.824671][ T3890] usb 2-1: SerialNumber: syz [ 266.851180][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 266.860173][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 266.868853][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 266.877652][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 266.886547][ T4513] bridge0: port 1(bridge_slave_0) entered blocking state [ 266.893611][ T4513] bridge0: port 1(bridge_slave_0) entered forwarding state [ 266.901271][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 266.908711][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 266.956311][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 266.964416][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 266.973639][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 266.982372][ T4237] bridge0: port 2(bridge_slave_1) entered blocking state [ 266.989498][ T4237] bridge0: port 2(bridge_slave_1) entered forwarding state [ 266.998105][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 267.007025][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 267.015883][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 267.032252][ T8447] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 267.039619][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 267.048540][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 267.058325][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 267.069918][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 267.081575][ T8556] chnl_net:caif_netlink_parms(): no params data found [ 267.122749][ T8445] device veth0_macvtap entered promiscuous mode [ 267.131372][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 267.139888][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 267.149218][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 267.163775][ T3890] usb 2-1: USB disconnect, device number 7 [ 267.208661][ T8445] device veth1_macvtap entered promiscuous mode [ 267.225985][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 267.234763][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 267.244278][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 267.253010][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 267.282151][ T8504] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 267.306309][ T8504] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 267.335964][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 267.344593][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 267.382195][ T3887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 267.392528][ T3887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 267.402480][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 267.410408][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 267.421990][ T8556] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.431685][ T8556] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.440545][ T8556] device bridge_slave_0 entered promiscuous mode [ 267.449268][ T8556] bridge0: port 2(bridge_slave_1) entered blocking state [ 267.457110][ T8556] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.464801][ T8556] device bridge_slave_1 entered promiscuous mode [ 267.493872][ T8556] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 267.550327][ T8447] device veth0_vlan entered promiscuous mode [ 267.557947][ T8445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 267.575572][ T8445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.591519][ T8445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 267.610864][ T8445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.636222][ T8445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 267.655306][ T8445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.675104][ T8445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 267.696198][ T8445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.716086][ T8445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 267.729293][ T8445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.742848][ T8445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 267.753311][ T8445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.764460][ T8445] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 267.774617][ T8556] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 267.790731][ T8447] device veth1_vlan entered promiscuous mode [ 267.805707][ T8572] device dummy0 entered promiscuous mode [ 267.814033][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 267.839515][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 267.851778][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 267.867029][ T8445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 267.880114][ T3582] Bluetooth: hci0: command tx timeout [ 267.894622][ T8445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.905402][ T8445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 267.916084][ T8445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.926245][ T8445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 267.936759][ T8445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.947032][ T8445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 267.957778][ T3582] Bluetooth: hci4: command tx timeout [ 267.963213][ T8445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.973099][ T8445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 267.983636][ T8445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.993771][ T8445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 268.006352][ T8445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 268.017696][ T8445] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 268.057078][ T8571] device dummy0 left promiscuous mode [ 268.074873][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 268.084850][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 268.094196][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 268.104804][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 268.113193][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 268.123049][ T8445] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.135988][ T8445] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.139484][ T8578] Process accounting resumed [ 268.146524][ T8445] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.158834][ T8445] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.195422][ T3582] Bluetooth: hci2: command tx timeout [ 268.202208][ T3584] Bluetooth: hci1: command tx timeout [ 268.218115][ T8504] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 268.274407][ T8556] team0: Port device team_slave_0 added [ 268.344477][ T8556] team0: Port device team_slave_1 added [ 268.377024][ T3887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 268.387811][ T3887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 268.397372][ T8447] device veth0_macvtap entered promiscuous mode [ 268.450939][ T8447] device veth1_macvtap entered promiscuous mode [ 268.469763][ T8556] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 268.485157][ T8556] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 268.511585][ T3890] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 268.540872][ T8556] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 268.558856][ T8556] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 268.566772][ T8556] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 268.592873][ T8556] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 268.617153][ T8234] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 268.629477][ T8234] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 268.671475][ T8447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 268.695313][ T8447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 268.705508][ T8447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 268.716051][ T8447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 268.726690][ T8447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 268.737198][ T8447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 268.747813][ T8447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 268.755943][ T3890] usb 2-1: Using ep0 maxpacket: 32 [ 268.760111][ T8447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 268.774497][ T8447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 268.785330][ T8447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 268.797409][ T8447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 268.808481][ T8447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 268.818334][ T8447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 268.828968][ T8447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 268.841427][ T8447] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 268.852526][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 268.863482][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 268.871691][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 268.875338][ T3890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 268.879645][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 268.889968][ T3890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 268.908482][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 268.916316][ T3890] usb 2-1: New USB device found, idVendor=28bd, idProduct=0934, bcdDevice= 0.00 [ 268.932014][ T3890] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.941735][ T3890] usb 2-1: config 0 descriptor?? [ 268.967015][ T8447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 268.977969][ T8447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 268.988026][ T8447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 268.999491][ T8447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.009364][ T8447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.020313][ T8447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.031294][ T8447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.041740][ T8447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.051646][ T8447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.062322][ T8447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.072979][ T8447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.083566][ T8447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.097891][ T8447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.108374][ T8447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.119368][ T8447] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 269.136191][ T8447] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.144967][ T8447] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.154022][ T8447] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.163204][ T8447] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.182326][ T8230] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 269.196036][ T8230] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 269.215744][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 269.224151][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 269.233378][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 269.300935][ T8556] device hsr_slave_0 entered promiscuous mode [ 269.316018][ T8556] device hsr_slave_1 entered promiscuous mode [ 269.336066][ T8556] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 269.343727][ T8556] Cannot create hsr debugfs directory [ 269.397277][ T27] kauditd_printk_skb: 8 callbacks suppressed [ 269.397289][ T27] audit: type=1800 audit(1718570007.877:368): pid=8590 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1949 res=0 errno=0 [ 269.424712][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 269.433921][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 269.439914][ T3890] input: HID 28bd:0934 Mouse as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:28BD:0934.0009/input/input14 [ 269.442663][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 269.463884][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 269.509041][ T8504] device veth0_vlan entered promiscuous mode [ 269.538151][ T3890] uclogic 0003:28BD:0934.0009: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0934] on usb-dummy_hcd.1-1/input0 [ 269.556027][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 269.563826][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 269.601183][ T8504] device veth1_vlan entered promiscuous mode [ 269.662408][ T3887] usb 2-1: USB disconnect, device number 8 [ 269.709930][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 269.712454][ T8598] loop2: detected capacity change from 0 to 512 [ 269.726625][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 269.726909][ T8230] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 269.734653][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 269.751933][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 269.760701][ T8230] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 269.766191][ T8504] device veth0_macvtap entered promiscuous mode [ 269.792577][ T8598] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 269.814850][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 269.824723][ T8598] EXT4-fs (loop2): 1 truncate cleaned up [ 269.831196][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 269.838539][ T8598] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 269.870744][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 269.872601][ T8504] device veth1_macvtap entered promiscuous mode [ 269.894353][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 269.903831][ T8445] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 54: comm syz-executor.2: path /root/syzkaller-testdir2286387665/syzkaller.SvDHDz/5/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 269.936208][ T8445] EXT4-fs error (device loop2): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.2: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 269.954230][ T8504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.958921][ T8445] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 54: comm syz-executor.2: path /root/syzkaller-testdir2286387665/syzkaller.SvDHDz/5/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 270.003417][ T8504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.013396][ T8504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 270.013597][ T8445] EXT4-fs error (device loop2): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.2: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 270.033492][ T8504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.054243][ T8504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 270.054606][ T8445] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 54: comm syz-executor.2: path /root/syzkaller-testdir2286387665/syzkaller.SvDHDz/5/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 270.064691][ T8504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.064708][ T8504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 270.064722][ T8504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.064735][ T8504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 270.100785][ T8445] EXT4-fs error (device loop2): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.2: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 270.102618][ T8504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.163839][ T8445] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 54: comm syz-executor.2: path /root/syzkaller-testdir2286387665/syzkaller.SvDHDz/5/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 270.179608][ T8504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 270.190237][ T8445] EXT4-fs error (device loop2): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.2: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 270.202166][ T8504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.231936][ T8504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 270.242423][ T8504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.254591][ T8504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 270.269728][ T8504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.280830][ T3584] Bluetooth: hci1: command tx timeout [ 270.286266][ T3584] Bluetooth: hci2: command tx timeout [ 270.288996][ T8445] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 54: comm syz-executor.2: path /root/syzkaller-testdir2286387665/syzkaller.SvDHDz/5/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 270.299248][ T8504] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 270.326803][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 270.329173][ T8445] EXT4-fs error (device loop2): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor.2: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 270.334909][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 270.363059][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 270.371829][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 270.396365][ T8504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.416661][ T8504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.433124][ T8504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.444189][ T8504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.454360][ T8504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.465510][ T8504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.476002][ T8504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.486817][ T8504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.499297][ T8504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.510405][ T8504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.521656][ T8504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.532484][ T8504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.542745][ T8504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.553255][ T8504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.563479][ T8504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.574004][ T8504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.586739][ T8504] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 270.603453][ T8504] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.612324][ T8504] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.622690][ T8504] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.632797][ T8504] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.683083][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 270.694794][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 270.738160][ T8606] loop0: detected capacity change from 0 to 512 [ 270.774863][ T8606] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 270.822193][ T8606] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 270.831481][ T8606] ext4 filesystem being mounted at /root/syzkaller-testdir3624040350/syzkaller.JkofMB/1/file0 supports timestamps until 2038 (0x7fffffff) [ 270.921596][ T8447] EXT4-fs (loop0): unmounting filesystem. [ 271.000520][ T8230] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 271.011413][ T8230] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 271.022407][ T8610] loop0: detected capacity change from 0 to 512 [ 271.036752][ T4665] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 271.042259][ T8610] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #15: comm syz-executor.0: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) [ 271.064850][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 271.073407][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 271.073845][ T8610] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor.0: couldn't read orphan inode 15 (err -117) [ 271.089778][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 271.102394][ T8610] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 271.140920][ T8610] ext4 filesystem being mounted at /root/syzkaller-testdir3624040350/syzkaller.JkofMB/2/file0 supports timestamps until 2038 (0x7fffffff) [ 271.190213][ T8445] EXT4-fs (loop2): unmounting filesystem. [ 271.236472][ T8447] EXT4-fs (loop0): unmounting filesystem. [ 271.278028][ T8613] loop4: detected capacity change from 0 to 736 [ 271.334121][ T8615] loop1: detected capacity change from 0 to 1024 [ 271.353721][ T1274] device hsr_slave_0 left promiscuous mode [ 271.371734][ T8613] rock: directory entry would overflow storage [ 271.385614][ T1274] device hsr_slave_1 left promiscuous mode [ 271.409035][ T8613] rock: sig=0x3b10, size=4, remaining=3 [ 271.433462][ T1274] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 271.445223][ T1274] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 271.507780][ T1274] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 271.530709][ T1274] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 271.563332][ T8628] capability: warning: `syz-executor.4' uses 32-bit capabilities (legacy support in use) [ 271.575540][ T1274] device bridge_slave_1 left promiscuous mode [ 271.586286][ T1274] bridge0: port 2(bridge_slave_1) entered disabled state [ 271.617638][ T1274] device bridge_slave_0 left promiscuous mode [ 271.667466][ T1274] bridge0: port 1(bridge_slave_0) entered disabled state [ 271.702106][ T8636] loop4: detected capacity change from 0 to 512 [ 271.716368][ T1274] device hsr_slave_0 left promiscuous mode [ 271.727458][ T1274] device hsr_slave_1 left promiscuous mode [ 271.741147][ T1274] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 271.757662][ T1274] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 271.769836][ T8636] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #15: comm syz-executor.4: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) [ 271.798156][ T1274] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 271.814768][ T1274] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 271.834581][ T1274] device bridge_slave_1 left promiscuous mode [ 271.842440][ T8636] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 271.867242][ T8636] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 271.877784][ T1274] bridge0: port 2(bridge_slave_1) entered disabled state [ 271.906142][ T8636] ext4 filesystem being mounted at /root/syzkaller-testdir2018641762/syzkaller.Wpnd2y/2/file0 supports timestamps until 2038 (0x7fffffff) [ 271.925712][ T1274] device bridge_slave_0 left promiscuous mode [ 271.969973][ T1274] bridge0: port 1(bridge_slave_0) entered disabled state [ 271.976389][ T3584] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 271.995728][ T3584] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 272.003842][ T3584] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 272.012655][ T3584] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 272.021014][ T3584] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 272.030537][ T3584] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 272.037126][ T8504] EXT4-fs (loop4): unmounting filesystem. [ 272.050134][ T1274] device hsr_slave_0 left promiscuous mode [ 272.060932][ T1274] device hsr_slave_1 left promiscuous mode [ 272.072812][ T1274] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 272.096910][ T1274] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 272.106244][ T1274] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 272.113661][ T1274] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 272.123508][ T1274] device bridge_slave_1 left promiscuous mode [ 272.144947][ T1274] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.165173][ T8637] loop0: detected capacity change from 0 to 32768 [ 272.172770][ T1274] device bridge_slave_0 left promiscuous mode [ 272.173063][ T8637] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor.0 (8637) [ 272.179323][ T1274] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.213231][ T8637] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 272.223887][ T8637] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 272.232603][ T8637] BTRFS info (device loop0): using free space tree [ 272.233058][ T8643] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 272.256567][ T1274] device veth1_macvtap left promiscuous mode [ 272.262570][ T1274] device veth0_macvtap left promiscuous mode [ 272.274730][ T1274] device veth1_vlan left promiscuous mode [ 272.282222][ T1274] device veth0_vlan left promiscuous mode [ 272.296574][ T8637] BTRFS info (device loop0): enabling ssd optimizations [ 272.305766][ T1274] device veth1_macvtap left promiscuous mode [ 272.311820][ T1274] device veth0_macvtap left promiscuous mode [ 272.320101][ T1274] device veth1_vlan left promiscuous mode [ 272.326890][ T1274] device veth0_vlan left promiscuous mode [ 272.337279][ T1274] device veth1_macvtap left promiscuous mode [ 272.344105][ T1274] device veth0_macvtap left promiscuous mode [ 272.351221][ T1274] device veth1_vlan left promiscuous mode [ 272.360149][ T3584] Bluetooth: hci2: command tx timeout [ 272.367534][ T1274] device veth0_vlan left promiscuous mode [ 272.415926][ T8447] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 272.620790][ T8662] loop1: detected capacity change from 0 to 1024 [ 272.836575][ T8668] loop1: detected capacity change from 0 to 736 [ 272.893437][ T8668] rock: directory entry would overflow storage [ 272.900059][ T8668] rock: sig=0x3b10, size=4, remaining=3 [ 273.131528][ T8672] loop0: detected capacity change from 0 to 8192 [ 273.158819][ T8672] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 273.192103][ T8672] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 273.215298][ T8672] REISERFS (device loop0): using ordered data mode [ 273.221837][ T8672] reiserfs: using flush barriers [ 273.240826][ T1274] team0 (unregistering): Port device team_slave_1 removed [ 273.255093][ T8672] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 273.274259][ T1274] team0 (unregistering): Port device team_slave_0 removed [ 273.285558][ T8672] REISERFS (device loop0): checking transaction log (loop0) [ 273.293195][ T1274] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 273.299802][ T8672] REISERFS (device loop0): Using r5 hash to sort names [ 273.310785][ T8672] REISERFS (device loop0): using 3.5.x disk format [ 273.319067][ T8672] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 273.329891][ T1274] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 273.431268][ T1274] bond0 (unregistering): Released all slaves [ 273.572076][ T1274] team0 (unregistering): Port device team_slave_1 removed [ 273.587507][ T1274] team0 (unregistering): Port device team_slave_0 removed [ 273.604284][ T1274] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 273.620082][ T1274] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 273.687751][ T1274] bond0 (unregistering): Released all slaves [ 273.745233][ T4514] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 273.822361][ T1274] team0 (unregistering): Port device team_slave_1 removed [ 273.839565][ T1274] team0 (unregistering): Port device team_slave_0 removed [ 273.853737][ T1274] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 273.867329][ T1274] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 273.942506][ T1274] bond0 (unregistering): Released all slaves [ 273.995590][ T8642] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 274.011203][ T8684] netlink: 'syz-executor.1': attribute type 6 has an invalid length. [ 274.115962][ T3584] Bluetooth: hci0: command tx timeout [ 274.125270][ T4514] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 274.136487][ T4514] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 274.146452][ T4514] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 274.156054][ T4514] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.165613][ T4514] usb 1-1: config 0 descriptor?? [ 274.248425][ T8556] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 274.258904][ T8694] loop4: detected capacity change from 0 to 1024 [ 274.288411][ T8556] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 274.304091][ T8694] EXT4-fs (loop4): bad geometry: first data block 100663296 is beyond end of filesystem (512) [ 274.328659][ T8556] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 274.356399][ T8556] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 274.489106][ T3584] Bluetooth: hci2: command tx timeout [ 274.611081][ T8698] netlink: 277 bytes leftover after parsing attributes in process `syz-executor.4'. [ 275.211836][ T8639] chnl_net:caif_netlink_parms(): no params data found [ 275.266211][ T8556] 8021q: adding VLAN 0 to HW filter on device bond0 [ 275.323955][ T4722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 275.334634][ T4722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 275.341024][ T4514] hid (null): bogus close delimiter [ 275.392694][ T8556] 8021q: adding VLAN 0 to HW filter on device team0 [ 275.475262][ T4514] usb 1-1: language id specifier not provided by device, defaulting to English [ 275.521220][ T8639] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.530907][ T8639] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.539104][ T8639] device bridge_slave_0 entered promiscuous mode [ 275.547147][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 275.556827][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 275.565346][ T3578] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.572461][ T3578] bridge0: port 1(bridge_slave_0) entered forwarding state [ 275.580337][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 275.589319][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 275.597917][ T3578] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.604999][ T3578] bridge0: port 2(bridge_slave_1) entered forwarding state [ 275.616414][ T8639] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.640878][ T8639] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.663268][ T8639] device bridge_slave_1 entered promiscuous mode [ 275.685148][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 275.696022][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 275.714971][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 275.777058][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 275.788343][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 275.824082][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 275.846103][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 275.861144][ T8556] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 275.897540][ T8556] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 275.941427][ T8639] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 276.097537][ T4033] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 276.117402][ T4033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 276.145877][ T4033] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 276.174804][ T4033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 276.194758][ T4033] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 276.202588][ T3584] Bluetooth: hci0: command tx timeout [ 276.216488][ T8720] bridge_slave_0: mtu less than device minimum [ 276.248046][ T8639] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 276.266984][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 276.335310][ T8730] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 276.372793][ T8730] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 276.397623][ T8639] team0: Port device team_slave_0 added [ 276.428126][ T8639] team0: Port device team_slave_1 added [ 276.478836][ T8686] loop0: detected capacity change from 0 to 40427 [ 276.524072][ T8639] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 276.539393][ T8639] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.547248][ T8686] F2FS-fs (loop0): Mismatch valid blocks 5 vs. 7 [ 276.573876][ T8639] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 276.587708][ T8735] netlink: 'syz-executor.4': attribute type 6 has an invalid length. [ 276.612141][ T8686] F2FS-fs (loop0): Failed to initialize F2FS segment manager (-117) [ 276.628773][ T8639] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 276.655309][ T8639] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.732261][ T8639] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 276.902248][ T8639] device hsr_slave_0 entered promiscuous mode [ 276.935488][ T8639] device hsr_slave_1 entered promiscuous mode [ 276.940193][ T8748] loop4: detected capacity change from 0 to 1024 [ 276.986797][ T8556] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 276.994952][ T8748] EXT4-fs (loop4): bad geometry: first data block 100663296 is beyond end of filesystem (512) [ 277.006196][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 277.013752][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 277.075417][ T4514] uclogic 0003:256C:006D.000A: failed retrieving Huion firmware version: -71 [ 277.084255][ T4514] uclogic 0003:256C:006D.000A: failed probing parameters: -71 [ 277.123424][ T4514] uclogic: probe of 0003:256C:006D.000A failed with error -71 [ 277.258161][ T4514] usb 1-1: USB disconnect, device number 13 [ 277.351279][ T8761] netlink: 277 bytes leftover after parsing attributes in process `syz-executor.4'. [ 278.236674][ T8766] input: syz0 as /devices/virtual/input/input15 [ 278.275270][ T3583] Bluetooth: hci0: command tx timeout [ 278.323889][ T8767] loop0: detected capacity change from 0 to 512 [ 278.532841][ T8767] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 278.803310][ T3894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 278.823131][ T3894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 278.834963][ T8767] EXT4-fs (loop0): 1 truncate cleaned up [ 278.840934][ T8767] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 278.979271][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 278.996888][ T8774] loop1: detected capacity change from 0 to 1024 [ 279.006480][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 279.036232][ T8556] device veth0_vlan entered promiscuous mode [ 279.052761][ T3894] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 279.162290][ T3894] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 279.190668][ T8556] device veth1_vlan entered promiscuous mode [ 279.193154][ T8778] loop4: detected capacity change from 0 to 736 [ 279.207827][ T8447] EXT4-fs (loop0): unmounting filesystem. [ 279.307603][ T8778] rock: directory entry would overflow storage [ 279.324935][ T8639] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.340976][ T8778] rock: sig=0x3b10, size=4, remaining=3 [ 279.385543][ T3894] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 279.393735][ T3894] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 279.435890][ T3894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 279.455441][ T3894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 279.505024][ T8639] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.559063][ T8556] device veth0_macvtap entered promiscuous mode [ 279.576593][ T8556] device veth1_macvtap entered promiscuous mode [ 279.627829][ T8639] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.657912][ T8556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 279.678597][ T8556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 279.708591][ T8556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 279.732728][ T8556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 279.744997][ T8556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 279.762312][ T8556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 279.772345][ T3894] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 279.789244][ T8556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 279.814572][ T8556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 279.836144][ T8556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 279.855132][ T8556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 279.872831][ T8556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 279.905453][ T8556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 279.927344][ T8556] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 279.970127][ T8639] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.006706][ T8789] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 280.030601][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 280.044947][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 280.062140][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 280.073427][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 280.096649][ T8556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 280.118353][ T8556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 280.130411][ T8556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 280.140995][ T8556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 280.145329][ T3894] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 280.152063][ T8556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 280.172461][ T8556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 280.182487][ T8556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 280.189733][ T3894] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 280.202764][ T8556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 280.202780][ T8556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 280.202795][ T8556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 280.202810][ T8556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 280.202820][ T8556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 280.207765][ T8556] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 280.213093][ T3894] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 280.242416][ T8556] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 280.282561][ T8556] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 280.291412][ T8556] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 280.293180][ T3894] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.300196][ T8556] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 280.317324][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 280.326353][ T3890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 280.337590][ T3894] usb 2-1: config 0 descriptor?? [ 280.345313][ T8793] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 280.355359][ T3583] Bluetooth: hci0: command tx timeout [ 280.361104][ T8793] netlink: 168 bytes leftover after parsing attributes in process `syz-executor.0'. [ 280.542483][ T8218] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 280.552295][ T8218] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 280.581279][ T4663] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 280.650532][ T8639] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 280.658457][ T8230] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 280.671791][ T8230] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 280.689758][ T8639] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 280.715410][ T4663] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 280.726924][ T8639] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 280.781403][ T8639] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 280.826086][ T3894] hid (null): bogus close delimiter [ 281.084163][ T8639] 8021q: adding VLAN 0 to HW filter on device bond0 [ 281.110396][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 281.125255][ T3894] usb 2-1: language id specifier not provided by device, defaulting to English [ 281.149513][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 281.184212][ T8639] 8021q: adding VLAN 0 to HW filter on device team0 [ 281.265679][ T8816] input: syz0 as /devices/virtual/input/input16 [ 281.326058][ T8816] loop0: detected capacity change from 0 to 512 [ 281.429104][ T8816] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 281.950804][ T8816] EXT4-fs (loop0): 1 truncate cleaned up [ 281.956765][ T8816] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 282.027714][ T4514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 282.039042][ T4514] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 282.048765][ T4514] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.055913][ T4514] bridge0: port 1(bridge_slave_0) entered forwarding state [ 282.063668][ T4514] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 282.073275][ T4514] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 282.082024][ T4514] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.089151][ T4514] bridge0: port 2(bridge_slave_1) entered forwarding state [ 282.114364][ T4514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 282.166817][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 282.175969][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 282.185717][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 282.197056][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 282.206779][ T8821] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 282.217110][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 282.226851][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 282.235597][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 282.244213][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 282.256623][ T8820] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 282.350723][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 282.359375][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 282.360531][ T8447] EXT4-fs (loop0): unmounting filesystem. [ 282.368195][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 282.438632][ T8639] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 282.503286][ T8827] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 282.835774][ T3894] uclogic 0003:256C:006D.000B: failed retrieving Huion firmware version: -71 [ 282.844622][ T3894] uclogic 0003:256C:006D.000B: failed probing parameters: -71 [ 282.885725][ T3894] uclogic: probe of 0003:256C:006D.000B failed with error -71 [ 282.925879][ T3894] usb 2-1: USB disconnect, device number 9 [ 283.047180][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 283.054666][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 283.115550][ T8639] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 283.212764][ T4033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 283.225850][ T4033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 283.276753][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 283.285744][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 283.296072][ T8639] device veth0_vlan entered promiscuous mode [ 283.350724][ T4033] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 283.375900][ T4033] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 283.377838][ T8639] device veth1_vlan entered promiscuous mode [ 283.466080][ T4033] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 283.466711][ T4033] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 283.467259][ T4033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 283.467805][ T4033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 283.471913][ T8639] device veth0_macvtap entered promiscuous mode [ 283.490682][ T8639] device veth1_macvtap entered promiscuous mode [ 283.544342][ T8639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 283.544365][ T8639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.544376][ T8639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 283.544390][ T8639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.544400][ T8639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 283.544412][ T8639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.544423][ T8639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 283.544435][ T8639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.544445][ T8639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 283.544457][ T8639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.544468][ T8639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 283.544480][ T8639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.544491][ T8639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 283.544504][ T8639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.545939][ T8639] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 283.546056][ T935] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 283.546678][ T935] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 283.547245][ T935] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 283.548572][ T935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 283.551695][ T8639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.551714][ T8639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.551724][ T8639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.551737][ T8639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.551747][ T8639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.551760][ T8639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.551770][ T8639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.551783][ T8639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.551792][ T8639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.551804][ T8639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.551815][ T8639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.551828][ T8639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.551838][ T8639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.551850][ T8639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.566164][ T8639] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 283.566280][ T935] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 283.566897][ T935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 283.583204][ T8639] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.583237][ T8639] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.583264][ T8639] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.583290][ T8639] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.807268][ T8218] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 283.807340][ T8218] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 283.813478][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 283.887160][ T8241] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 283.887240][ T8241] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 283.892836][ T4033] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 284.657447][ T8859] input: syz0 as /devices/virtual/input/input17 [ 285.068497][ T8862] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 285.312742][ T8861] loop1: detected capacity change from 0 to 512 [ 285.320151][ T8861] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 285.400444][ T1274] device hsr_slave_0 left promiscuous mode [ 285.411890][ T1274] device hsr_slave_1 left promiscuous mode [ 285.418550][ T1274] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 285.423920][ T8861] EXT4-fs (loop1): 1 truncate cleaned up [ 285.426453][ T1274] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 285.431954][ T8861] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 285.451085][ T1274] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 285.460033][ T1274] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 285.469154][ T1274] device bridge_slave_1 left promiscuous mode [ 285.476529][ T1274] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.527414][ T1274] device bridge_slave_0 left promiscuous mode [ 285.538189][ T1274] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.580425][ T1274] device veth1_macvtap left promiscuous mode [ 285.595504][ T1274] device veth0_macvtap left promiscuous mode [ 285.601662][ T1274] device veth1_vlan left promiscuous mode [ 285.615275][ T1274] device veth0_vlan left promiscuous mode [ 285.691032][ T26] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 285.708789][ T5901] EXT4-fs (loop1): unmounting filesystem. [ 285.845166][ T3890] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 285.945280][ T26] usb 3-1: Using ep0 maxpacket: 32 [ 286.066008][ T26] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 286.085263][ T26] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 286.105394][ T26] usb 3-1: New USB device found, idVendor=28bd, idProduct=0934, bcdDevice= 0.00 [ 286.124622][ T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.166775][ T26] usb 3-1: config 0 descriptor?? [ 286.205346][ T3890] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 286.235127][ T3890] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 286.255253][ T3890] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 286.264333][ T3890] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.303499][ T1274] team0 (unregistering): Port device team_slave_1 removed [ 286.312362][ T3890] usb 4-1: config 0 descriptor?? [ 286.346342][ T1274] team0 (unregistering): Port device team_slave_0 removed [ 286.384167][ T1274] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 286.429607][ T1274] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 286.591770][ T1274] bond0 (unregistering): Released all slaves [ 286.660254][ T26] input: HID 28bd:0934 Mouse as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:28BD:0934.000C/input/input18 [ 286.713398][ T8901] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 286.752714][ T26] uclogic 0003:28BD:0934.000C: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0934] on usb-dummy_hcd.2-1/input0 [ 286.805757][ T3890] hid (null): bogus close delimiter [ 286.853462][ T8907] loop1: detected capacity change from 0 to 1024 [ 286.856313][ T8908] loop0: detected capacity change from 0 to 8 [ 286.880499][ T8908] squashfs: Unknown parameter 'C' [ 286.880527][ T8907] EXT4-fs: Ignoring removed orlov option [ 286.905695][ T26] usb 3-1: USB disconnect, device number 9 [ 286.914555][ T8907] EXT4-fs: Ignoring removed nomblk_io_submit option [ 286.954589][ T8907] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 287.025913][ T3890] usb 4-1: language id specifier not provided by device, defaulting to English [ 287.094171][ T8918] EXT4-fs error (device loop1): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.1: corrupt xattr in inline inode [ 287.134689][ T8918] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.1: corrupted in-inode xattr [ 287.169572][ T8919] loop0: detected capacity change from 0 to 8192 [ 287.196911][ T8919] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 287.214487][ T8919] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 287.223959][ T8919] REISERFS (device loop0): using ordered data mode [ 287.230636][ T8919] reiserfs: using flush barriers [ 287.237200][ T8919] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 287.254080][ T8919] REISERFS (device loop0): checking transaction log (loop0) [ 287.284596][ T8919] REISERFS (device loop0): Using r5 hash to sort names [ 287.292410][ T8919] REISERFS (device loop0): using 3.5.x disk format [ 287.299307][ T8919] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 287.391066][ T5901] EXT4-fs (loop1): unmounting filesystem. [ 287.404913][ T8927] loop4: detected capacity change from 0 to 1024 [ 287.471078][ T8927] EXT4-fs warning (device loop4): ext4_enable_quotas:7012: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 287.569904][ T8927] EXT4-fs (loop4): mount failed [ 287.827984][ T8938] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.2'. [ 287.982676][ T4033] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 288.236755][ T4033] usb 5-1: Using ep0 maxpacket: 16 [ 288.385541][ T4033] usb 5-1: config 0 interface 0 altsetting 44 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 288.386748][ T8944] loop2: detected capacity change from 0 to 8 [ 288.407589][ T4033] usb 5-1: config 0 interface 0 altsetting 44 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 288.409711][ T8876] loop3: detected capacity change from 0 to 40427 [ 288.436473][ T8944] squashfs: Unknown parameter 'C' [ 288.451438][ T4033] usb 5-1: config 0 interface 0 has no altsetting 0 [ 288.490965][ T8876] F2FS-fs (loop3): Mismatch valid blocks 5 vs. 7 [ 288.523096][ T8876] F2FS-fs (loop3): Failed to initialize F2FS segment manager (-117) [ 288.625316][ T3890] uclogic 0003:256C:006D.000D: failed retrieving Huion firmware version: -71 [ 288.634190][ T3890] uclogic 0003:256C:006D.000D: failed probing parameters: -71 [ 288.653218][ T4033] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 288.661223][ T3890] uclogic: probe of 0003:256C:006D.000D failed with error -71 [ 288.670258][ T4033] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 288.704546][ T4033] usb 5-1: Product: syz [ 288.705344][ T3890] usb 4-1: USB disconnect, device number 11 [ 288.719374][ T4033] usb 5-1: Manufacturer: syz [ 288.723987][ T4033] usb 5-1: SerialNumber: syz [ 288.752030][ T4033] usb 5-1: config 0 descriptor?? [ 288.814439][ T4033] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input19 [ 288.979150][ T8962] loop1: detected capacity change from 0 to 1024 [ 288.990445][ T8962] EXT4-fs: Ignoring removed orlov option [ 288.996450][ T8962] EXT4-fs: Ignoring removed nomblk_io_submit option [ 289.051913][ T8962] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 289.123465][ T8962] EXT4-fs error (device loop1): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.1: corrupt xattr in inline inode [ 289.180481][ T8965] loop0: detected capacity change from 0 to 8192 [ 289.324636][ T8965] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 289.325126][ T3894] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 289.348097][ T8962] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.1: corrupted in-inode xattr [ 289.358449][ T8965] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 289.484496][ T8965] REISERFS (device loop0): using ordered data mode [ 289.494509][ T8965] reiserfs: using flush barriers [ 289.531714][ T8965] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 289.551351][ T4237] usb 5-1: USB disconnect, device number 11 [ 289.615484][ T8965] REISERFS (device loop0): checking transaction log (loop0) [ 289.641465][ T8965] REISERFS (device loop0): Using r5 hash to sort names [ 289.679368][ T8965] REISERFS (device loop0): using 3.5.x disk format [ 289.715569][ T8965] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 290.139464][ T8981] loop0: detected capacity change from 0 to 8 [ 290.164259][ T8981] squashfs: Unknown parameter 'C' [ 290.765110][ T4237] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 291.100513][ T5901] EXT4-fs (loop1): unmounting filesystem. [ 291.125207][ T4237] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 291.136703][ T4237] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 291.146509][ T4237] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 291.155881][ T4237] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.165564][ T4237] usb 5-1: config 0 descriptor?? [ 291.325401][ T3894] usb 3-1: Using ep0 maxpacket: 32 [ 291.335610][ T8994] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 291.445337][ T3894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 291.466848][ T3894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 291.497197][ T3894] usb 3-1: New USB device found, idVendor=28bd, idProduct=0934, bcdDevice= 0.00 [ 291.527495][ T3894] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.542706][ T9004] loop1: detected capacity change from 0 to 1024 [ 291.562587][ T3894] usb 3-1: config 0 descriptor?? [ 291.575976][ T9004] EXT4-fs warning (device loop1): ext4_enable_quotas:7012: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 291.594024][ T9004] EXT4-fs (loop1): mount failed [ 291.643419][ T4237] hid (null): bogus close delimiter [ 291.935229][ T4663] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 291.954585][ T4237] usb 5-1: language id specifier not provided by device, defaulting to English [ 292.104025][ T9018] binder: 9015:9018 ioctl 4018620d 0 returned -22 [ 292.143986][ T9018] binder: 9015:9018 ioctl c0306201 0 returned -14 [ 292.784233][ T3894] input: HID 28bd:0934 Mouse as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:28BD:0934.000F/input/input20 [ 292.869352][ T3894] uclogic 0003:28BD:0934.000F: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0934] on usb-dummy_hcd.2-1/input0 [ 292.895275][ T4663] usb 2-1: Using ep0 maxpacket: 16 [ 293.005818][ T3894] usb 3-1: USB disconnect, device number 10 [ 293.007577][ T9021] loop0: detected capacity change from 0 to 8192 [ 293.015511][ T4663] usb 2-1: config 0 interface 0 altsetting 44 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 293.042110][ T4663] usb 2-1: config 0 interface 0 altsetting 44 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 293.042919][ T9021] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 293.069577][ T9021] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 293.078857][ T9021] REISERFS (device loop0): using ordered data mode [ 293.085478][ T9021] reiserfs: using flush barriers [ 293.091674][ T9021] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 293.108226][ T9021] REISERFS (device loop0): checking transaction log (loop0) [ 293.111859][ T4663] usb 2-1: config 0 interface 0 has no altsetting 0 [ 293.123298][ T9021] REISERFS (device loop0): Using r5 hash to sort names [ 293.131793][ T9021] REISERFS (device loop0): using 3.5.x disk format [ 293.138771][ T9021] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 293.268749][ T9028] loop3: detected capacity change from 0 to 1024 [ 293.287175][ T9028] EXT4-fs (loop3): bad geometry: first data block 100663296 is beyond end of filesystem (512) [ 293.325301][ T4663] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 293.352637][ T4663] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.383113][ T4663] usb 2-1: Product: syz [ 293.394659][ T4663] usb 2-1: Manufacturer: syz [ 293.394673][ T9032] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 293.418943][ T4663] usb 2-1: SerialNumber: syz [ 293.454792][ T4663] usb 2-1: config 0 descriptor?? [ 293.507562][ T4663] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input21 [ 293.839046][ T4237] uclogic 0003:256C:006D.000E: failed retrieving Huion firmware version: -71 [ 293.854157][ T4237] uclogic 0003:256C:006D.000E: failed probing parameters: -71 [ 293.865768][ T4237] uclogic: probe of 0003:256C:006D.000E failed with error -71 [ 293.883924][ T4237] usb 5-1: USB disconnect, device number 12 [ 294.685167][ T9051] netlink: 277 bytes leftover after parsing attributes in process `syz-executor.3'. [ 295.150168][ T3894] usb 2-1: USB disconnect, device number 10 [ 295.275456][ T9052] binder: 9042:9052 ioctl 4018620d 0 returned -22 [ 295.286847][ T9052] binder: 9042:9052 ioctl c0306201 0 returned -14 [ 295.832054][ T9065] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 295.992541][ T9064] loop1: detected capacity change from 0 to 8192 [ 296.016595][ T9075] loop2: detected capacity change from 0 to 1024 [ 296.024869][ T9064] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 296.038172][ T9064] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 296.048692][ T9075] EXT4-fs: Ignoring removed orlov option [ 296.054380][ T9075] EXT4-fs: Ignoring removed nomblk_io_submit option [ 296.061764][ T9064] REISERFS (device loop1): using ordered data mode [ 296.068849][ T9064] reiserfs: using flush barriers [ 296.079289][ T9064] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 296.096390][ T9064] REISERFS (device loop1): checking transaction log (loop1) [ 296.114084][ T9064] REISERFS (device loop1): Using r5 hash to sort names [ 296.121476][ T9064] REISERFS (device loop1): using 3.5.x disk format [ 296.130014][ T9064] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 296.139959][ T9078] loop0: detected capacity change from 0 to 1024 [ 296.140502][ T9075] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 296.173592][ T9078] EXT4-fs warning (device loop0): ext4_enable_quotas:7012: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 296.205140][ T4722] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 296.214274][ T9078] EXT4-fs (loop0): mount failed [ 296.256451][ T9075] EXT4-fs error (device loop2): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.2: corrupt xattr in inline inode [ 296.272142][ T9075] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.2: corrupted in-inode xattr [ 296.371693][ T8639] ================================================================== [ 296.380045][ T8639] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 296.388048][ T8639] Read of size 4 at addr ffff8880531cd000 by task syz-executor.2/8639 [ 296.396194][ T8639] [ 296.398512][ T8639] CPU: 1 PID: 8639 Comm: syz-executor.2 Not tainted 6.1.94-syzkaller #0 [ 296.406835][ T8639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 296.416893][ T8639] Call Trace: [ 296.420169][ T8639] [ 296.423097][ T8639] dump_stack_lvl+0x1e3/0x2cb [ 296.427794][ T8639] ? nf_tcp_handle_invalid+0x642/0x642 [ 296.433260][ T8639] ? panic+0x764/0x764 [ 296.437331][ T8639] ? _printk+0xd1/0x111 [ 296.441487][ T8639] ? __virt_addr_valid+0x17f/0x520 [ 296.446603][ T8639] ? __virt_addr_valid+0x17f/0x520 [ 296.451731][ T8639] print_report+0x15f/0x4f0 [ 296.456233][ T8639] ? __virt_addr_valid+0x17f/0x520 [ 296.461347][ T8639] ? __virt_addr_valid+0x17f/0x520 [ 296.466461][ T8639] ? __virt_addr_valid+0x44a/0x520 [ 296.471577][ T8639] ? __phys_addr+0xb6/0x170 [ 296.476082][ T8639] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 296.481720][ T8639] kasan_report+0x136/0x160 [ 296.486225][ T8639] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 296.491866][ T8639] ext4_xattr_delete_inode+0xcd0/0xce0 [ 296.497335][ T8639] ? ext4_blocks_for_truncate+0x270/0x270 [ 296.503054][ T8639] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 296.509111][ T8639] ? rcu_read_lock_any_held+0xb3/0x160 [ 296.514558][ T8639] ? ext4_inode_is_fast_symlink+0x262/0x390 [ 296.520448][ T8639] ext4_evict_inode+0xc77/0x1150 [ 296.525375][ T8639] ? _raw_spin_unlock+0x24/0x40 [ 296.530234][ T8639] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 296.536129][ T8639] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 296.542004][ T8639] evict+0x2a4/0x620 [ 296.545884][ T8639] vfs_rmdir+0x381/0x4b0 [ 296.550106][ T8639] do_rmdir+0x3a2/0x590 [ 296.554240][ T8639] ? d_delete_notify+0x150/0x150 [ 296.559157][ T8639] ? syscall_enter_from_user_mode+0x2e/0x230 [ 296.565116][ T8639] __x64_sys_unlinkat+0xdc/0xf0 [ 296.569945][ T8639] do_syscall_64+0x3b/0xb0 [ 296.574342][ T8639] ? clear_bhb_loop+0x45/0xa0 [ 296.579002][ T8639] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 296.584881][ T8639] RIP: 0033:0x7f904007c687 [ 296.589279][ T8639] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 296.608863][ T8639] RSP: 002b:00007ffe8dc1f238 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 296.617434][ T8639] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f904007c687 [ 296.625393][ T8639] RDX: 0000000000000200 RSI: 00007ffe8dc203e0 RDI: 00000000ffffff9c [ 296.633369][ T8639] RBP: 00007f90400d9636 R08: 0000000000000000 R09: 0000000000000000 [ 296.641318][ T8639] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffe8dc203e0 [ 296.649266][ T8639] R13: 00007f90400d9636 R14: 0000000000048414 R15: 0000000000000008 [ 296.657220][ T8639] [ 296.660215][ T8639] [ 296.662608][ T8639] The buggy address belongs to the physical page: [ 296.669091][ T8639] page:ffffea00014c7340 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x531cd [ 296.675522][ T4033] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 296.679211][ T8639] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 296.693848][ T8639] raw: 00fff00000000000 ffffea0001ffc088 ffffea0001783508 0000000000000000 [ 296.702422][ T8639] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 296.710977][ T8639] page dumped because: kasan: bad access detected [ 296.717371][ T8639] page_owner tracks the page as freed [ 296.722711][ T8639] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 9062, tgid 9062 (syz-executor.1), ts 296155753017, free_ts 296362432663 [ 296.741700][ T8639] post_alloc_hook+0x18d/0x1b0 [ 296.746442][ T8639] get_page_from_freelist+0x31a1/0x3320 [ 296.751962][ T8639] __alloc_pages+0x28d/0x770 [ 296.756527][ T8639] __folio_alloc+0xf/0x30 [ 296.760831][ T8639] vma_alloc_folio+0x486/0x990 [ 296.765591][ T8639] wp_page_copy+0x25d/0x18c0 [ 296.770159][ T8639] handle_mm_fault+0x2525/0x5340 [ 296.775076][ T8639] exc_page_fault+0x26f/0x620 [ 296.779743][ T8639] asm_exc_page_fault+0x22/0x30 [ 296.784574][ T8639] page last free stack trace: [ 296.789248][ T8639] free_unref_page_prepare+0xf63/0x1120 [ 296.794769][ T8639] free_unref_page_list+0x663/0x900 [ 296.799941][ T8639] release_pages+0x2836/0x2b40 [ 296.804676][ T8639] tlb_flush_mmu+0xfc/0x210 [ 296.809152][ T8639] tlb_finish_mmu+0xce/0x1f0 [ 296.813714][ T8639] exit_mmap+0x3c3/0x9f0 [ 296.817935][ T8639] __mmput+0x115/0x3c0 [ 296.821981][ T8639] exit_mm+0x226/0x300 [ 296.826030][ T8639] do_exit+0x9f6/0x26a0 [ 296.830167][ T8639] do_group_exit+0x202/0x2b0 [ 296.834754][ T8639] get_signal+0x16f7/0x17d0 [ 296.839236][ T8639] arch_do_signal_or_restart+0xb0/0x1a10 [ 296.844854][ T8639] exit_to_user_mode_loop+0x6a/0x100 [ 296.850124][ T8639] exit_to_user_mode_prepare+0xb1/0x140 [ 296.855653][ T8639] syscall_exit_to_user_mode+0x60/0x270 [ 296.861179][ T8639] do_syscall_64+0x47/0xb0 [ 296.865577][ T8639] [ 296.867878][ T8639] Memory state around the buggy address: [ 296.873491][ T8639] ffff8880531ccf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 296.881535][ T8639] ffff8880531ccf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 296.889577][ T8639] >ffff8880531cd000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 296.897609][ T8639] ^ [ 296.901663][ T8639] ffff8880531cd080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 296.909711][ T8639] ffff8880531cd100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 2024/06/16 20:33:55 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 296.917768][ T8639] ================================================================== [ 297.015090][ T4033] usb 1-1: Using ep0 maxpacket: 16 [ 297.022943][ T4722] usb 4-1: Using ep0 maxpacket: 32 [ 297.154962][ T8639] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 297.162190][ T8639] CPU: 1 PID: 8639 Comm: syz-executor.2 Not tainted 6.1.94-syzkaller #0 [ 297.170515][ T8639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 297.180568][ T8639] Call Trace: [ 297.183856][ T8639] [ 297.186785][ T8639] dump_stack_lvl+0x1e3/0x2cb [ 297.191468][ T8639] ? nf_tcp_handle_invalid+0x642/0x642 [ 297.196936][ T8639] ? panic+0x764/0x764 [ 297.201002][ T8639] ? preempt_schedule_common+0xa6/0xd0 [ 297.206473][ T8639] ? vscnprintf+0x59/0x80 [ 297.210811][ T8639] panic+0x318/0x764 [ 297.214711][ T8639] ? check_panic_on_warn+0x1d/0xa0 [ 297.219825][ T8639] ? memcpy_page_flushcache+0xfc/0xfc [ 297.225201][ T8639] ? _raw_spin_unlock_irqrestore+0x128/0x130 [ 297.231182][ T8639] ? _raw_spin_unlock+0x40/0x40 [ 297.236037][ T8639] ? print_report+0x4a3/0x4f0 [ 297.240710][ T8639] check_panic_on_warn+0x7e/0xa0 [ 297.245645][ T8639] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 297.251277][ T8639] end_report+0x66/0x110 [ 297.255517][ T8639] kasan_report+0x143/0x160 [ 297.260011][ T8639] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 297.265632][ T8639] ext4_xattr_delete_inode+0xcd0/0xce0 [ 297.271079][ T8639] ? ext4_blocks_for_truncate+0x270/0x270 [ 297.276784][ T8639] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 297.282839][ T8639] ? rcu_read_lock_any_held+0xb3/0x160 [ 297.288292][ T8639] ? ext4_inode_is_fast_symlink+0x262/0x390 [ 297.294166][ T8639] ext4_evict_inode+0xc77/0x1150 [ 297.299085][ T8639] ? _raw_spin_unlock+0x24/0x40 [ 297.303923][ T8639] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 297.309799][ T8639] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 297.315677][ T8639] evict+0x2a4/0x620 [ 297.319561][ T8639] vfs_rmdir+0x381/0x4b0 [ 297.323791][ T8639] do_rmdir+0x3a2/0x590 [ 297.327932][ T8639] ? d_delete_notify+0x150/0x150 [ 297.332860][ T8639] ? syscall_enter_from_user_mode+0x2e/0x230 [ 297.338827][ T8639] __x64_sys_unlinkat+0xdc/0xf0 [ 297.343667][ T8639] do_syscall_64+0x3b/0xb0 [ 297.348072][ T8639] ? clear_bhb_loop+0x45/0xa0 [ 297.352736][ T8639] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 297.358616][ T8639] RIP: 0033:0x7f904007c687 [ 297.363010][ T8639] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 297.382595][ T8639] RSP: 002b:00007ffe8dc1f238 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 297.390992][ T8639] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f904007c687 [ 297.398946][ T8639] RDX: 0000000000000200 RSI: 00007ffe8dc203e0 RDI: 00000000ffffff9c [ 297.406896][ T8639] RBP: 00007f90400d9636 R08: 0000000000000000 R09: 0000000000000000 [ 297.414850][ T8639] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffe8dc203e0 [ 297.422802][ T8639] R13: 00007f90400d9636 R14: 0000000000048414 R15: 0000000000000008 [ 297.430759][ T8639] [ 297.433876][ T8639] Kernel Offset: disabled [ 297.438180][ T8639] Rebooting in 86400 seconds..