last executing test programs: 9m0.808945358s ago: executing program 0 (id=3321): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) pipe(&(0x7f0000000040)) 8m58.627529038s ago: executing program 0 (id=3340): r0 = io_uring_setup(0x1cba, &(0x7f0000000000)) r1 = socket$inet6(0xa, 0x806, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r1, 0x3) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) accept4(r1, 0x0, 0x0, 0x0) dup(r2) write$binfmt_script(r2, &(0x7f0000000500)={'#! ', './file0'}, 0xb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 8m58.352246022s ago: executing program 0 (id=3342): bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x0, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000028"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r0, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) r4 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r4, &(0x7f0000000540)=[{{&(0x7f0000000080)={0x2, 0x4e20, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='p'], 0x70}}], 0x1, 0x2000c044) write$binfmt_misc(r2, &(0x7f0000000240)=ANY=[], 0x5) write$binfmt_misc(r2, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r1, 0x0, r3, 0x0, 0x7151, 0x0) 8m57.331867757s ago: executing program 0 (id=3347): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x81000, 0x0) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x91905a, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x112dd10, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x5, [@struct={0x0, 0x2, 0x0, 0x13, 0x0, 0x2, [{0x3}, {0x1000000}]}]}, {0x0, [0x0, 0x0, 0x5f]}}, 0x0, 0x41}, 0x20) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00') r1 = open(&(0x7f0000000a40)='./bus\x00', 0x141a42, 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040)='proc\x00', 0x0, &(0x7f0000000000)='gid=1\x00nk]e') close(0xffffffffffffffff) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)={'syzkaller0\x00', 0x7101}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x41}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x70) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={r2, 0x2e, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff61, 0x0, 0x0, 0x0, 0x94, 0x8, 0x0, 0x0}}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', r3}, 0x48) sendfile(r1, r0, 0x0, 0x100801700) 8m56.898828614s ago: executing program 0 (id=3349): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES64], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c36919790"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x0) ioctl$HIDIOCGREPORTINFO(r1, 0xc00c4809, &(0x7f00000001c0)={0x2, 0x200}) 8m56.156884203s ago: executing program 0 (id=3351): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000020000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) futex(&(0x7f0000004000), 0x5, 0x0, 0x0, 0x0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$igmp6(0xa, 0x3, 0x3a) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x39}, [@ldst={0x4}]}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48) getsockopt$WPAN_SECURITY(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000080), &(0x7f00000000c0)=0x4) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_mount_image$vfat(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000240), 0x1, 0x1a5, &(0x7f0000000280)="$eJzs3TFr1GAcBvCnterhcjc4iUNAB6fQ6ydokQpiQFBu0EmxLUhzFCwcKGJ18vv5DfwGjh2EiI3etSUODjXS+/2WPPDmgfddkin/vLg93d85ONz79P5rBoOVrG5mM8crGWU1v30MAHCZHDdNvjWtvvcCAPwb3v8AsHyePnv+aKuqtp8UxSCZfp5NZpP22q5v7eV16uxmPcN8T5q5Nj94WG2vFydGuTs9+tU/mk2unO2PM8youz9u+8XZ/tXcON3fyDA3u/sbnf1ruXfnVL/MMF9e5SB1dvKzu+h/GBfF/cfVuf71k/sAAAAAAAAAAAAAAAAAAAAAAOAilMVc5/yesvzTetv/i/lA5+brrOXWWr9nBwAAAAAAAAAAAAAAAAAAgP/F4dt3+y/reveNIAjCPPT9ZAIAAAAAAAAAAAAAAAAAgOWz+Oi3750AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH8W//+/uND3GQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALj8fgQAAP//xVOTag==") r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x42, 0x40}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, r6}, 0x38) bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f0000001d40)={r6, &(0x7f0000001b80), 0x0}, 0x20) getsockopt$inet6_mreq(r5, 0x29, 0x1b, &(0x7f00000001c0)={@ipv4={""/10, ""/2, @loopback}}, &(0x7f0000000400)=0x14) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000540)={0x0, 0x1, 0x8}, 0xc) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000580)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x20, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x4}, 0x48) dup2(0xffffffffffffffff, r4) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) 7m40.330974391s ago: executing program 5 (id=3561): unshare(0x20400) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r0, 0x0, 0x0}, 0x20) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x9, 0x0, r1}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r2, &(0x7f0000000300), 0x20000000}, 0x20) 7m40.330228262s ago: executing program 5 (id=3563): r0 = memfd_create(&(0x7f0000000140)='}\xa4-}{\x00\xaa\x81\xde\xac\xc0\xe8\xf1v\xbd\xd2\xd4\x03[t\xe8\x92\x9d\xc2\xdep\x11y\xf7\xb0\x90\v\xb9\x9f\x12\xfc\x8c\x19\xf7v\xdb\r\xf4\xce\xdb\xf8Cw\xe6c\xd1\xe9\xe1\x8e\x1bKn\x9c{[\xbe|\x13\x97{\x12z\xea(\xb8\xc7\xca\x9a\x17)\xfcl\xe9\x87\xe7\xf5U\xc9@\xeb\x02\x90\'\x8d\xccd\x05\xf7zJ\x8f+\\\x16\x9e\x10t^\xb7\x90\xa7\x8f \xc0#\xeb&s\xc6\x11\xfb\xc3\x1fp\xeb^\x82\x8a\x1d\xe3\x93\xfdt\x86-\b*c2\xe6\xd4\xc6\xf9\x172\xf7', 0x2) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000200)=ANY=[@ANYBLOB="300000001900010000000000000000000a00000000000000000000001400050000000000000000000000000000000000624d856e6ef7eb67a690ff79514a4d6fcb7014124dd253e7fe65af1929a6fca8f0f9f774c99ce4a278b2b88d0b7426b53d6de9994ce130f9a8d8b48e0de78efbda61c4c26e25235da7c28008511d0ade467e13ef76ca9a2635c98593de5cbf6631de0f6972bbc73890f898e337c00d3624c4d4fb142bec37c50aada966e08d744623ec9fd3ed66e9af842933f40acd9aa5b625859e14ce354a74261a23686b9f5fa13fd8b1207afef34b043e56ce71405b7f3eea2e6c8c3f36ded5d7ff06900b03bb313c0385d28aee83e44245dece9282cf764dc52575f490fb852e36a2a9fa635f5284f8fcc1a9c027e5102185c99327278e919164cf3eda"], 0x30}}, 0x0) r2 = dup(r0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e24, 0x5e, @private0={0xfc, 0x0, '\x00', 0x1}, 0x1c5acf88}, 0x1c) fcntl$addseals(r0, 0x409, 0x4) fallocate(r2, 0x0, 0x0, 0x8000006) ftruncate(r2, 0x6) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f00000004c0)=[{0x20, 0x0, 0x0, 0xfffff024}, {0x6}]}, 0x10) close(0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000009c0)=ANY=[@ANYBLOB="38010000", @ANYRES16=r5, @ANYBLOB="010000000000000000000700000008000300", @ANYRES32=r6, @ANYBLOB="0c009900000000003e000000140004006e69637666300000000000000000000008000500060000000c001780040005000400040014000400766c616e30000000000000000000000005005300000000000a00180003030303030300000a00e80008021100000000001c00178004000100040003000400020004000200040004000400060008001780040003001c0017800400050004000400040001000400020004000200040002000a00e800ffffffffffff0000040017801c00e700db6d365654c98181bfba37013717c4c8c68999db6df653c904001780200017800400010004000500040002000400010004000500040001000400030024001780040002000400020004000200040003"], 0x138}}, 0x0) 7m40.312957824s ago: executing program 5 (id=3568): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) connect$llc(r1, 0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x5c, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x0, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xa4a2}]}, 0x5c}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = socket$caif_seqpacket(0x25, 0x5, 0x0) getsockopt$sock_timeval(r7, 0x1, 0x43, &(0x7f0000000440), &(0x7f0000000480)=0x10) r10 = socket(0x28, 0x5, 0x0) unshare(0x20000400) bind$can_j1939(r10, 0x0, 0x0) getpid() sendmsg$unix(r8, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@rights={{0x14, 0x1, 0x1, [r7]}}, @rights={{0x14, 0x1, 0x1, [r9]}}], 0x30}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0), &(0x7f0000000540)=@mgmt_frame=@assoc_resp={{{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x7f}, @broadcast, @device_a, @random="43e6ba6cd26d", {0x6, 0x8}}, 0x0, 0x19, @default, @val, @void, [{0xdd, 0x7f, "93bb225bfc88f1eb33f76135a4a670d5e1878afcf506cb22de4a86c9ba504bbe4941123a7367551f2aebb3fc5228f655b88471c735d3f1e6ff3a9f58fe3b2eaed8bc0cacc3633a949b19bec4d856482e8fc69789810f6bc0f6de5b41445ed63486e53416058c17a000d06a7c029b8881f66c1200d0abddf62ba7019db8eb6f"}]}, 0xa1) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) socket$pppl2tp(0x18, 0x1, 0x1) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x0, 0x0, @default, @val={0x1, 0x2, [{}, {}]}, @void}, 0x22) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 7m36.097799436s ago: executing program 5 (id=3580): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000540)={@val={0x2000}, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xfb, 0x0, 0x0, 0x0, 0x29, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x0, 0xe7, 0x0, @gue={{0x1, 0x1, 0x0, 0x0, 0x0, @void}, "ebc7a1e0ff5befe1fdbc66e400d7e83306de422b4a81099bdac9375aef5d5aed344da629eff97e1bf022a4e03417754948d251006dc8cad92c971eba199c1fe0c6a7d6d908e2c63548f916e6dec6f96f7bf408d5b79c5d2a439fe595b81baffc25edcd056bdcfa2301a50bffcdad96491de1a7caf0f1def10588672df34aa80e7f53af9daaa6497d38e15230020032ec34b79af4ba4de9be93c2b84935ceb459c0441426efcf8f2a32a6ba7c424f7b47de3f09be8034eb90629074fe9f613143b3e0a338fff745ab6dea1323dc0b22ea987d4482e160dab4eecc3a"}}}}}}}, 0x10d) 7m34.210622909s ago: executing program 5 (id=3589): syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000080)='./file1\x00', 0x8, &(0x7f0000006500)={[{@dots}, {@dots}, {@dots}, {@nodots}, {@dots}, {@nodots}, {@dots}, {@fat=@quiet}, {@nodots}, {@dots}, {@fat=@showexec}, {@dots}, {@dots}, {@fat=@umask={'umask', 0x3d, 0x7fff}}, {@fat=@nfs}, {@dots}, {@fat=@tz_utc}, {@fat=@errors_continue}, {@nodots}, {@fat=@nocase}, {@fat=@check_strict}, {@dots}]}, 0xfd, 0x1bf, &(0x7f0000000680)="$eJzs3TGL02AYB/Cn9bzmnG4TRCHg4nSon+BEThADgtJBJ4XT5SqCt0SX9mP4Af0A0qmLRGrSxkaHWmxS6++39En/edvnHZp26ZNXN99dnL+/fPvl+udIkl70T+M0Zr04jn4sTAIA2CezooivRanrXgCAdqzx/f+t5ZYAgC17/uLlkwdZdvYsTZOI6SQf5sPyscwfPc7O7qY/HNerpnk+vLLM76XN3w7z/Gpcq/L75fp0NT+MO7fLfJ49fJo18kGcb3frAAAAAAAAAAAAAAAAAAAAAADQmVuRLvx2vs/JSTM/qvLy6Kf5QI35PQdx46A6rMcDFeM2NgUAAAAAAAAAAAAAAAAAAAD/mMuPny5ej0ZvPtTFICJWn/mTole98IbL2y76sRNtKP5qke5GG6MNPwWHEbGtxmZFUax1cn2NGHR1cQIAAAAAAAAAAAAAAAAAgP9M/affX7Oki4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAP1/f83KMYRscbJyzc76nSrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7LHvAQAA///DgjXa") mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$9p_tcp(&(0x7f0000000040), &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x2000, 0x0) 7m33.755076079s ago: executing program 5 (id=3593): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000080)) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(r1, 0x0, 0x60, &(0x7f0000000040), 0x50) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) capset(0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x20081e, &(0x7f00000020c0), 0x1, 0x4f3, &(0x7f0000000a00)="$eJzs3c9vG1kdAPCvnV9ONrvJLnsABGxZFgqq6iTubrTaAywnhNBKiD2C1A2JG0Wx4yh2liZUIv0fkKjECY78AZx74s4FwY1LOSDxIwI1lTgMmvEkdVO7yTaJHcWfjzSaefNsf9+LM+/ZXyd+AQytaxGxFxHjEfFJRMzk5wv5Fh+2tyRJfvF4/97ywf695UIkycf/KmT16bnouE/qlfwxSxHxo+9F/LTwfNzmzu76Uq1W3WoXJ+da9c255s7uzbX60mp1tbpRqSwuLM6/f+u9yrn19a36eH705Ud/3PvWz9NmTednOvtxntpdHzuKkxqNiB9cRLABGMn7Mz7ohvBSihHxRkS8nV3/MzGSPZsAwFWWJDORzHSWAYCrrpjlwArFcp4LmI5isVxu5/DejKlirdFs3bjT2N5YaefKZmOseGetVp3Pc4WzMVZIywvZ8dNy5Vj5VkS8HhG/nJjMyuXlRm1lkC98AGCIvXJs/v/vRHv+BwCuuNKgGwAA9J35HwCGj/kfAIaP+R8Aho/5HwCGj/kfAIaP+R8AhsoPP/oo3ZKD/PuvVz7d2V5vfHpzpdpcL9e3l8vLja3N8mqjsZp9Z0/9pMerNRqbC+/G9t3Zb282W3PNnd3b9cb2Rut29r3et6tjfekVAPAir7/18C+FiNj7YDLbomMtB3M1XG3FQTcAGJiRQTcAGBirfcHwOsN7fOkBuCK6LNH7jFJETB4/mSRJcnFNAi7Y9S/I/8Ow6sj/+ytgGDLy/zC85P9heCVJ4bRr/sdpbwgAXG5y/ECPz//fyPe/yz8c+MnK8Vs8uMhWAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOV2uP5vOV8LfDqKxXI54tWImI2xwp21WnU+Il6LiD9PjE2k5YUBtxkAOKvi3wv5+l/XZ96ZPl47Xngyke0j4me//vhXd5dara0/pef/fXS+9SA/XxlE+wGAkxzO09m+44384/17y4dbP9vzj+9GRKkd/2B/PA6O4o/GaLYvxVhETP2nkJfbCh25i7PYux8Rn+/W/0JMZzmQ9sqnx+OnsV/ta/ziM/GLWV17n/4sPncObYFh8zAdfz7sdv0V41q27379l7IR6uzy8S99qOWDbAx8Gv9w/BvpMf5dO22Md//w/fbR5PN19yO+OBpxGPugY/w5jF/oEf+dU8b/65e+8navuuQ3Edeje/zOWHOt+uZcc2f35lp9abW6Wt2oVBYXFuffv/VeZS7LUc/1ng3++cGN13rVpf2f6hG/dEL/v37K/v/2f5/8+KsviP/Nr3WLX4w3XxA/nRO/ccr4S1O/L/WqS+Ov9Oj/Sc//jVPGf/S33eeWDQcABqe5s7u+VKtVt/p5cPhCoq9BHVyBg/S35hI0o+vBd/oVazw+072S5KVi9RoxziPrBlwGRxd9RDwZdGMAAAAAAAAAAAAAAICu+vEfS4PuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFfX/wMAAP//C2/SMg==") open(0x0, 0x0, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) socket$alg(0x26, 0x5, 0x0) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_emit_vhci(0x0, 0x0) sendmsg$kcm(r2, &(0x7f0000001880)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000001a00)}, {0x0}, {&(0x7f0000001680)="094fb143daa9", 0x6}], 0x3}, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f00000000c0)={0x0, 0x3, 0x2}, 0x10) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x0, 0x0) kexec_load(0x0, 0x1, &(0x7f0000000140)=[{0x0, 0x0, 0x0, 0x41000000}], 0x0) 1m27.283512585s ago: executing program 1 (id=4061): mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mknod(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYRESHEX, @ANYRESHEX]) mkdir(&(0x7f0000000440)='./file0\x00', 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="890000000200000004"]) pipe2$9p(&(0x7f0000000240), 0x0) r4 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_mreqsrc(r4, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0xc) io_setup(0x8, &(0x7f0000004200)=0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') io_submit(r5, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r6, 0x0}]) dup(r3) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=0000000000000000004000', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 1m25.958553243s ago: executing program 1 (id=4065): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0xd}, 0x1c) r1 = syz_io_uring_setup(0x7c, &(0x7f0000000100), &(0x7f0000000000), &(0x7f0000185000)) r2 = io_uring_setup(0x4ea5, &(0x7f0000000500)) dup2(r1, r2) write(r0, 0x0, 0x0) 1m24.901333538s ago: executing program 1 (id=4067): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002380)={0x20, 0x19, 0xa, 0x201, 0x0, 0x0, {}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x20}}, 0x0) 1m24.710202933s ago: executing program 1 (id=4068): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x90) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000002c0)='bdi_dirty_ratelimit\x00', r1}, 0x10) r3 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r3, r2, 0x0, 0x1, 0xfffffffffffffffe}, 0x42) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000500)={0x60, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @dev={0xac, 0x3}}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x60}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[], 0x7c}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={0x2e0, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x2c3, 0x33, @beacon={{{}, {}, @device_a, @broadcast, @random="90e488f9971a"}, 0x0, @random, 0x0, @void, @void, @val={0x3, 0x1}, @val={0x4, 0x6}, @void, @void, @void, @val={0x2a, 0x1}, @void, @void, @val={0x72, 0x6}, @void, @val={0x76, 0x6}, [{0xdd, 0x3b, "2d5014b2109a59339408ad50548584c01cda5f3ced6f13b590b9aaf1bca488130effc03c7c2adf4757f254203300027902dd1fa777e6282b58e524"}, {0xdd, 0x7a, "eb13a8b3df323b58645505746aa35226d44912415c3d4ac256aa5c2291a3317d27815fda589135d0308f4ff131b3c4a96dde0f9c497c9bbde281223c0596f01156deb1f851f7602fb2299c382c07898a4d7dddbc046ef6a9b938b13f76ccceb4d339a7d92a6a7f45bd90df8b5bd53f1eec1a241b70cadc8c29c9"}, {0xdd, 0xe4, "4f2a899e94bcf0613609929460dda7b3421f2af277170aab1eef1bc7a6bad283ec72e75c78d8f4f30f5e2ee79daf8ece54852b5b93eabb5832b001d39227230802e601a7f9749d370367565ddb88a137c4572cce24103d4337027917c48d29a1860dad1f99fe412ea5a5eff0a43812f63ec34a05279e6dc25839f828e60b01f9b6a65bf411101d89dc154716566458aa4111340a6d895801f8d51908b9bdd47762550f4ee51c8a3f64cfe2f8b701e79d393a957fa4e3e620099b226f683280ec0f5d85f9c59d29d9159126c9f114d0e08f17f96e4757dd81825d8f432246cdb8ab571fcf"}, {0xdd, 0x65, "5dad8ac12f96664d51c30bd3379c2d305630cd93fec0b4249d429b451f52399f26b866650e0e9464949a974045190fa9251c8b6aacda7ecc351ee9cb5512364284512cf7643040ee1f52573ed7bb7527b9a86fc2f33bffce71947a0f29cfb9ac7bd9e7642c"}, {0xdd, 0x71, "83534cd40fda26eabadf3814f88fa9c5d39124ac6ffcf2583cbdd58fa0969b3e6783c46ed2318e977c080347f36fa8d773079f6224521c4c8b10e4a9454bece9457b66b239a7eaff140a8d9131349399c804bb1a81f829c6ab11af5cfe8df9f59ec093d26c17fe50bb0550d71068d16276"}]}}]}, 0x2e0}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r6, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r8, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r9}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r10}, 0x10) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58) r11 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$bt_hci(r11, &(0x7f0000000000)={0x27}, 0x62) listen(r11, 0x0) r12 = accept4(r11, 0x0, 0x0, 0x0) close(0xffffffffffffffff) r13 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r13, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x14}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) r14 = socket$nl_generic(0x10, 0x3, 0x10) r15 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r12) sendmsg$BATADV_CMD_GET_DAT_CACHE(r14, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r15, @ANYBLOB="0503000000000084509983800000"], 0x14}}, 0x0) 1m21.915078955s ago: executing program 1 (id=4072): r0 = socket$kcm(0x2b, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x63, 0x6a, 0xa, 0xff00}}, 0x0}, 0x90) sendmsg$inet(r0, &(0x7f0000000040)={&(0x7f00000000c0)={0x2, 0x4001, @loopback}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x2000488c) setsockopt$sock_attach_bpf(r0, 0x1, 0xd, &(0x7f0000000080), 0x24) recvmsg$kcm(r0, &(0x7f0000000440)={0x0, 0x5, 0x0}, 0x0) close(r0) 1m21.418355972s ago: executing program 1 (id=4076): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x17, 0x8, &(0x7f0000000000)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xba}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 5.350374794s ago: executing program 4 (id=4237): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="24000000180003041dfffd946f610500020100000005fe060c10880008000f00fff3c00e140000001a00ffffba16a0aa1c091dbfa1090000", 0x38}], 0x1}, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000001080), r0) sendmmsg$alg(r0, &(0x7f0000000180)=[{0x2, 0x1000000000000, &(0x7f0000000080), 0x6, &(0x7f0000000100), 0xf}], 0x492492492492642, 0x0) 4.793488455s ago: executing program 3 (id=4240): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000500)={0x2, &(0x7f00000004c0)=[{0x20}, {0x6, 0x0, 0x0, 0x7fff0000}]}) 4.64022606s ago: executing program 3 (id=4241): setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0xc01, 0x3, 0x220, 0x2e8, 0x5002004a, 0x6, 0x2e8, 0x3, 0x3e8, 0x3c8, 0x3c8, 0x3e8, 0x3c8, 0x7fffffe, 0x0, {[{{@ip={@dev, @broadcast=0xfeffffff, 0x0, 0x0, 'hsr0\x00', 'bridge0\x00'}, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x3fa}}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x280) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) ioctl$GIO_SCRNMAP(r1, 0x4bfb, &(0x7f0000000180)=""/4096) 4.583639124s ago: executing program 3 (id=4242): r0 = syz_io_uring_setup(0x23b, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_SEND={0x1a, 0x20, 0x0, r3, 0x0, 0xfffffffffffffffc}) io_uring_enter(r0, 0x484, 0x0, 0x0, 0x0, 0x0) 4.38576377s ago: executing program 3 (id=4243): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'veth0_to_team\x00', &(0x7f0000000040)=@ethtool_perm_addr={0x4b, 0x2d, "daf1684742d14158e6f99acdcb772855f138e5140db8f02a98d7bd744b87e35a1817484e8771cc93858cb08ed7"}}) 4.383494752s ago: executing program 2 (id=4244): unshare(0x480) syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x3200c00, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x3, 0xa73, &(0x7f0000003cc0)="$eJzs3U2MG1cBAOA33vUmm6TEKQldktAm/LTlp7vNZgk/ETRVcyFqKm6VKi5RmpaINCBSCVpVIsmJG62qcIUiTuVQAUJqLyjqiUslGolLT4UDB6IgVeIAhcRove95xy92x/uTtb3+Punt85s39nszOzMez8x7LwBjq9b6u7AwU4Rw5a1Xj//j/r9PL055pD1Ho/V3spSqhxCKmJ7MPu/9iaX45gcvne4WF2G+9TelwxM32u/dHkK4GA6Eq6ER9l659so784+fvHTi8sF3Xz96/c4sPQAAjJdvXz26sOevf96368M37j0WtrSnp/PzRkzviOf9x+KJfzr/r4XOdFEKZVPZfJMx1LL5JrrMVy6nns032aP8qexz6+38fR3zbakof6I0rdtywyhL23EjFLXZjnStNju79Js8tH7XTxWz58+ee+bCgCoKrLt/3RdCOCCsNDSbzZ+0VuAQ1EUQVhuaOwd9BAJYkt8vvM3F/MrC2rQ/bbK/8m88Wuv+flgHG739K3+0yv/1JUcc1s9m3ZrScqX9aEdM5/cR8ueXVrr/p8/L70fU+6xnr/sIo3J/oVc9Jza4HqvVq/75drFZfSPGaT18M8sv7z/5/3RU/sdAd//eqOv/r00P/FrnYjgwBHXY1KE+BHUQ+g7NQR+AgKG1/NzckmaU8vPn+vL8LRX5Wyvypyvyt1Xkb6/Ih3H2++d/Fl4uln/n57/pV3o9LF1nuyvGH1thffLrkSstP3/ud6XWWn7+PDEMszdPPXnmq08/dW3p+f+ivf3fitv7gZhuxH3rapwhXS/Mr6u3n/1vdJZT6zHf3Vl97rpt/uZSibs75yt2L39OKB1nbqvHTOf7dvaab3/nfI1svukYtmb1zc9PtmXvS+cf6bia1tdktrz1bDmmsnqk48quGOf1gNVI22Ov5//T9jkT6sUzZ8+deTim03b6p4n6lsXph8of+puNqTuwNv22/5kJne1/drSn12vl48LO5elF+bjQyKbPLyXbt8nT9MMxnb7nvjsx3Zo+e/r7555e74WHMXfhhRe/d+rcuTM/9CK9mLZavPCi6sixWZ8chPEx9/xzP5i78MKLD5197tSzZ549c/7wkSOH5+ePfO3wwlzrvH6ufHYPbCbLX/qDrgkAAAAAAAAAAADQrx+dOH7tL29/5b2l9v/L7f9S+//05G9q///TrP1/3k4+tQpI7QB3dclvjbv3Zmc9prL56jF8PKvv7qycPdn7PhHj9jh+sf1/am+f9+ua6nNPNj3vvzfNl3UncFt/KVNZHyTt8QJjg/1Px/TlGP8qwAAV090nx7iqf+u0raf+KfRLMZrS/y1tDakfk9T+u1e/Tun4v2sD6sj624jmhINeRqC7fw79+J+lM/GB1+UjQ7M5+DqsPQz/ehbWMTSbRvEAhsOgx/9M1z1TfP6P39q6GNJsNx7tPF7m/ZfCWgz7+JPK31zjf7bHv+vr+Neld/WOfp77H13hP7+4/l6p2LC33+NvvvypH+jd1WWWfRjLT8v/QOiv/OZrWfn5DaE+/Tcrf1uf5d+2/PtXV/7/YvlptT34mX7LX6pxUeusR37dON3/y68bJzez5U99e654+Vc5UOOtWD6Ms97jzPY7gu1wGpXxf3vJn8P4ckynA2F6ziH/Rl5p/dPzFel7YE/2+UXF99uojFPcy7iP//v1GFftD2n837Q9Nrqka6V0vcu6HfVtBTab94f+/t+IhYtDUAdhSMNwjIFdDs1mc6AdeetFfLAGvf4Hffd50OUPev1Xycf/zc/h8/F/a9kPiHz83/z9+fi/eX4+vl6en4//m6/PfPzfPP+e7HPzK9gzFfmfrMjfW5G/bzl/ulv+/or3f6oi/2BF/r0V+fdV5N9dkT9Rkf/ZivzPVeTfX5H/YEX+5yvyN7tWe5TSTjVuyw/jLG+fZ/+H8ZHu//Ta/3dX5AOj6+dvHHrsqd99p7HU/n+q/Xst3cc7FtP1+Nv5xzGd3/cOpfRi3tsx/bcsf9ivd8A4yfvPyL/fH6jIB0ZXes7L/g1jqOjeY09+v61Xv1W9zvMZLV+I8Rdj/KUYPxTj2RjPxfhQjOc3qH7cGY/99g9HXy6Wf+/vzPL7fZ48bw+U9xN1uM/65NcHVvo8e96P30qttfxVNgcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYmFrr78LCTBHClbdePf7kybNzi1Meac/RaP2dLKXq7feF8HCMJ2L8y/ji5gcvnS7Ht2JchPlQhKI9PTxxo13S9hDCxXAgXA2NsPfKtVfemX/85KUTlw+++/rR63duDQAAAMDm9/8AAAD//6ZSGwg=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r0, 0xc0186e86, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0xb}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x9c}, [@call={0x25}], {0x95, 0x0, 0xd00}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x8000000, 0x10, 0x0, 0xfffffffffffffed8}, 0x3f) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x20, 0x1411, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x7}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x20}}, 0x0) 3.82145401s ago: executing program 2 (id=4245): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x2cb, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x0, 0x1}) 3.674689332s ago: executing program 2 (id=4246): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0) sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0) recvmmsg(r0, &(0x7f0000002200)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/177, 0xb1}, {&(0x7f0000000480)=""/4096, 0x1000}], 0x2}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) 3.519151937s ago: executing program 2 (id=4247): socket$netlink(0x10, 0x3, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r2, @ANYBLOB="0198000000000000200012800800010067726500", @ANYRES32=r2], 0x40}}, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07}) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x401, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0x40a85323, &(0x7f0000000000)={{0x80}, 'port1\x00', 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}) rt_sigprocmask(0x0, &(0x7f0000000080)={[0xffffffff]}, 0x0, 0x8) signalfd4(0xffffffffffffffff, &(0x7f0000000300)={[0xffffffffffffffff]}, 0x8, 0x0) r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r5, &(0x7f0000000300)={{0x6, @rose}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r6}, 0x10) dup3(r0, r4, 0x0) 1.423824559s ago: executing program 4 (id=4248): ftruncate(0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x20, 0x20, 0x2, [@union, @func_proto={0x0, 0x1, 0x0, 0xd, 0xa, [{}]}]}}, &(0x7f0000000f40)=""/4089, 0x3a, 0xff9, 0x6}, 0x20) 1.373338529s ago: executing program 2 (id=4249): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x1, 0x2, 0x0, 0x0, 0x0) 1.340081281s ago: executing program 3 (id=4250): syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000f00)='./file0\x00', 0x3210052, &(0x7f0000000840)={[{}, {@nodiscard}, {@norecovery}, {@order_strict}, {@nobarrier}, {@order_strict}, {@nodiscard}, {@order_relaxed}], [], 0x2c}, 0x3, 0xebd, &(0x7f0000004540)="$eJzs3U9sHNUZAPA3a6/txCZeAwUDJaTQikDBDkmkprcgUI+IS++gkNAIQ1FDD0T8MT0gKiGKhDhVHKi4UCqlSK0EqlShntqeWvXWE+qFSlUqBfVSpMRV7PfWu8+e7npsz9q7v5/07ds3b3a+b7yRMzOefRuAkdVYfTx5cr4I4d1P33n05aeK315fdld7jSOrj0XstUIIzY5+kW3v87jg6pWXzmzWFuH46mPqh8cut187HUJYDkfCZ6EVPlpc+vLD9x45+vHrU7e8dfGZV3Zp99vy/QAAgGF06c9Lf7/vn396YO6rS4dPh8n28nR83or96XjcfyweKKfj5Ubo7hcd0WkiW28sRiNbbyxbbzzLM16Sr5ltp1my3kSPfGMdyzbbTwAAANiP0nltKxSNha5+o7GwsHbef93nsxPFwnPnl85dGFChAAAAQGX/eXX1plshhBBCCCGEEEIMcazMDvoKBAAAADBq8vnCNlje2Zm62ltr9Zf/8sONzV8PO6Duf//y76/8H7zmNw4AANUN69Fk2q90HJ3mMcjnERzLXrfV4/9Gtp3xLdZZNq/gfplvsKzO/Oe6V5XVv9X3cVDK6s/nw9yryurP5+ncq8rqn6y5jqrK6p+quY6qyuo/UHMdVZXVf7DmOqoqq3+65jqqKqt/puY6qiqr/4aa66iqrP5DNddRVVn9++W22rL6WzXXUVVZ/XM111FVWf031lxHVWX131RzHVWV1X9zzXUMyp2xTT+Hw9l45/lzfk63X87xAAAAYNT91/x/QgghhBBCCCHE0Merg74AAQAAAAxc+lxA+tT7SpTGx3qMj/cYb/YYn+gxPtljHAAAAAjhd2+cu+3tYv1z/tudDy/NG5XmX9rqPEb5fIRbzb/dec+2m3+/zFsGAADAaCm+99m1+x99/4W5ry4dPt1x9nstnu+meUDH47WBT2I/3Rcwk/WLdA59ujtPo2S9/PrADWXbe3ybOwoAAAAjLJ2/t0LRWOg4726FRmNhYf18fD40i3Pnl84ei/30/Sx/nG1OXl/+UM11AwAAAP1bP9/f/Pw/fY/vfJgoFp47v3Tuwlp/pr282ei8LjC7vrzovC7QypYfL1l+IvbT93f+YPbA6vKFMz9cemqndx4AAABGxIUXLz7z5NLS2R954oknnrSfDPo3EwAAsNO++OKd5o9PzPx+7fP/6/Pfpc//H4n9Vpzb7y9xhXSfQPocwIbP6z/RnWe2bL3nu9drZeuNxZjM6p7q2E7omG8wvW6uLF+rezsTJfmms3wzWb58noLxbP2U71C2PJ+fMK03my3P52Ecz3IUWf67AwAAAJRbfOHZ5xcvvHjxwfPPPvn02afPPnfi+Knvnjp17KHvPLS4el//Yufd/QAAAMB+tH7T76ArAQAAAAAAAAAAAAAAAAAAgNFVx9eJDXofAQAAYNT9+9UQwrIQoiTWvgJz8HUIIYQQQvSOsT1QgxBiz8bKSv5N8wAAAAC76+qVl850thssFzuar7211lpzLeZN7cyDf5u7Hmm1yw93Xy85uKPVMOrq/vcv//7K/8FrO5t/Kj3p+/dfo3sDp6vlvXfxl/Od+W8f7zN/vv+PV8t/NMt/b+gv/8r7Wf4nquW/L8t/sM/8G/b/+Wr574/552P/6D395u9+/ydjm/bjQJ/5v53t/1Oh3/zZ/rf6TJh5IOYHgFHUGHQBuyQdJaTj6OnYT/sbDzdDfvfDVo//G9l2xrddefd203HQrbGfjpdmsrzJVuufzrZ3Q8U6c/vlrpKy+nfqfdxtZfU3a66jqrL6J2quo6qy+idrrqOqsvqnaq6jqrL6+z0PHbSy+vfLdeWy+qdrrqOqsvpnaq6jqrL6t/r/+KCU1X+o5jqqKqt/tuY6qiqrv+JltdqV1T9Xcx1VldV/Y811VFVW/00111FVWf0311zHoNwR27Lz4XT+ORvHUr+V9Sc3+VkO67UFAAAA2G/+Zf4/IYQQQgghhBBi6GNlZdBXIBik3f00MwB7ld//o837P9q8/6PN+8//k+7hL7J+MtZjfLzHeLPH+EQ2nv97newxflO23ZUojd/cY/xrPcYP9Ri/tcf4fI/x23qM395j/I4e4wAAAIyGW2Lr/BAAAACG18u/+uTN39z7xJW5ry4dPh0mNsw7fyz2J+Pf1t+I/Xze+6QZ/+b/k9j/RWz/ENt/ZOu7/wQAAAB2X/qeGH//BwAAgOGVvqfU+T8AAAAMr7nYOv8HAACA4XVjbJ3/AwAAwBArpjZfHNt0XeDu2PY7rx8AsPd9PbZ3xvZwbO+K7Tdim44D7ontN2uqDwDYOT///k9PvV2sz/d/Ihu/GpendoPltSsFRaN7Jv8DsT0Y22/1WU/+fQD95k8O9Zlnt/LPbjM/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA8GquPJ0/OFyG8++k7j/5s4s2/Xl92V3uNI6uPRey1QgjN9uvS6Hr/13HFq1deOtPZXottEY6HIhTt5eGxy+1M0yGE5XAkfBZa4aPFpS8/fO+Rox+/PnXLWxefeWUXfwRd+wcAAADD6H8BAAD//8WNHkw=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x80186e84, &(0x7f0000000080)={@id={0x20000000, 0x0, @auto="660200002800a73e99fdffffffffffff"}}) 1.169725452s ago: executing program 4 (id=4251): setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0xc01, 0x3, 0x220, 0x2e8, 0x5002004a, 0x6, 0x2e8, 0x3, 0x3e8, 0x3c8, 0x3c8, 0x3e8, 0x3c8, 0x7fffffe, 0x0, {[{{@ip={@dev, @broadcast=0xfeffffff, 0x0, 0x0, 'hsr0\x00', 'bridge0\x00'}, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x3fa}}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x280) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) ioctl$GIO_SCRNMAP(r1, 0x4bfb, &(0x7f0000000180)=""/4096) 1.036030957s ago: executing program 4 (id=4252): r0 = syz_io_uring_setup(0x23b, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_SEND={0x1a, 0x20, 0x0, r3, 0x0, 0xfffffffffffffffc}) io_uring_enter(r0, 0x484, 0x0, 0x0, 0x0, 0x0) 808.253468ms ago: executing program 4 (id=4253): socket$unix(0x1, 0x5, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) pipe(&(0x7f0000000080)) socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) write$proc_mixer(r0, &(0x7f00000001c0)=ANY=[@ANYRES32=r0], 0xb8) r1 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) dup3(r1, r0, 0x0) 465.237549ms ago: executing program 4 (id=4254): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'veth1_macvtap\x00', 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) ptrace$setregs(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r4, 0x1, 0x9, &(0x7f0000000100), 0x4) sendto$inet(0xffffffffffffffff, &(0x7f0000000100)='I', 0x1, 0x0, 0x0, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$PROG_LOAD(0x5, 0x0, 0x0) bind$bt_hci(r5, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r5, &(0x7f0000000100)=ANY=[], 0x6) setxattr$trusted_overlay_upper(&(0x7f0000000300)='./file0\x00', &(0x7f0000000240), &(0x7f0000000880)=ANY=[], 0xff27, 0x0) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) r6 = socket$inet6(0xa, 0x2, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'geneve0\x00', 0x0}) setsockopt$inet6_mreq(r6, 0x29, 0x1b, &(0x7f0000000000)={@remote, r8}, 0x14) close(r6) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001540)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r2, {0xc}, {0xffff, 0x1}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x0, 0xb}}}}]}, 0x40}}, 0x0) 432.755763ms ago: executing program 2 (id=4255): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0xfecc) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000640)={'vlan0\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0xc7, 0x6, 0xc, 0x10}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000d26332756226dec201c095a52cec3687a35a5f97869dd324a2269207cc870f98a755579aacd87c6a7f7b0a452549a61a2cce96f552e6e5a288d09c5bdf0bd4e5c68d7439a8d89e8456de1e381dc048668e91439cfe91b6ee06af09343f920f8112d365aa4a35bda16eb9a2969390ae7423417cc01fcf05cec36fd833910e13d729", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095", @ANYRES32=r1, @ANYRES8=r2], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = getpid() r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x0, 0x800000000004, @tid=r3}, 0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0}) timer_settime(0x0, 0x0, &(0x7f0000000280)={{r5}, {0x77359400}}, 0x0) readv(r4, &(0x7f0000001380)=[{0x0}], 0x1) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000440)={'vxcan1\x00'}) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r6}, 0x10) process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000480)=@newlink={0x50, 0x10, 0x503, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, 0x115}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_PORT_SELF={0x14, 0x19, 0x0, 0x1, [@IFLA_PORT_REQUEST={0x5, 0x6, 0x8}, @IFLA_PORT_REQUEST={0x5, 0x6, 0x1}]}, @IFLA_MASTER={0x8}]}, 0x50}}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r8, 0x0) 0s ago: executing program 3 (id=4256): syz_init_net_socket$nfc_raw(0x27, 0x0, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x0, 0x0}, &(0x7f0000000300)=0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, &(0x7f0000000040)=[{{}, {0x0, 0x1}}, {{}, {0x0, 0x1}}], 0x10) bind$can_raw(r1, &(0x7f0000000000), 0x10) close(r1) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r2, 0x8982, &(0x7f0000000100)={0x0, 'lo\x00'}) ioctl$sock_bt_hci(r0, 0x400448e4, &(0x7f0000000040)) kernel console output (not intermixed with test programs): 3537: inode #12: comm syz.2.3782: Directory hole found for htree leaf block [ 1226.608988][T17231] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1227.460394][T10068] Bluetooth: Unexpected start frame (len 16) [ 1227.467046][T10068] Bluetooth: Frame is too long (len 16, expected len 4) [ 1227.716163][ T29] audit: type=1326 audit(1720612974.572:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17561 comm="syz.4.3790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b49b75bd9 code=0x7ffc0000 [ 1227.806655][ T29] audit: type=1326 audit(1720612974.572:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17561 comm="syz.4.3790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b49b75bd9 code=0x7ffc0000 [ 1227.883856][T17562] loop4: detected capacity change from 0 to 2048 [ 1227.900885][ T29] audit: type=1326 audit(1720612974.612:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17561 comm="syz.4.3790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f3b49b75bd9 code=0x7ffc0000 [ 1227.954462][T17562] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 1227.968122][T17562] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1227.980885][ T29] audit: type=1326 audit(1720612974.612:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17561 comm="syz.4.3790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b49b75bd9 code=0x7ffc0000 [ 1228.018468][ T29] audit: type=1326 audit(1720612974.612:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17561 comm="syz.4.3790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b49b75bd9 code=0x7ffc0000 [ 1228.056798][T17562] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a002e01c, mo2=0002] [ 1228.065370][T17562] System zones: 0-19 [ 1228.110759][T17562] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1228.123502][ T29] audit: type=1326 audit(1720612974.612:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17561 comm="syz.4.3790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3b49b74610 code=0x7ffc0000 [ 1228.123573][ T29] audit: type=1326 audit(1720612974.612:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17561 comm="syz.4.3790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f3b49b77367 code=0x7ffc0000 [ 1228.123631][ T29] audit: type=1326 audit(1720612974.612:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17561 comm="syz.4.3790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3b49b75bd9 code=0x7ffc0000 [ 1228.254951][T10068] Bluetooth: hci2: command tx timeout [ 1228.299183][ T29] audit: type=1326 audit(1720612974.612:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17561 comm="syz.4.3790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f3b49b77367 code=0x7ffc0000 [ 1228.379809][ T29] audit: type=1326 audit(1720612974.612:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17561 comm="syz.4.3790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f3b49b7490a code=0x7ffc0000 [ 1228.545066][T17238] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1228.840621][T17569] loop4: detected capacity change from 0 to 2048 [ 1228.909737][T17570] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1229.219963][ T5282] team0 (unregistering): Port device team_slave_1 removed [ 1229.474483][T17574] loop4: detected capacity change from 0 to 512 [ 1229.487863][ T5282] team0 (unregistering): Port device team_slave_0 removed [ 1229.501969][T17574] EXT4-fs: Ignoring removed bh option [ 1229.615341][T17574] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3793'. [ 1230.327082][T10068] Bluetooth: hci2: command tx timeout [ 1231.943005][T17582] loop1: detected capacity change from 0 to 512 [ 1232.018706][T17582] EXT4-fs: Ignoring removed i_version option [ 1232.041687][T17582] EXT4-fs: Ignoring removed nobh option [ 1232.066486][T17582] EXT4-fs: Ignoring removed mblk_io_submit option [ 1232.131155][T17582] EXT4-fs (loop1): failed to initialize system zone (-117) [ 1232.134191][T17284] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1232.156481][T17582] EXT4-fs (loop1): mount failed [ 1232.185618][T17586] loop2: detected capacity change from 0 to 2048 [ 1232.241458][T17425] bridge0: port 1(bridge_slave_0) entered blocking state [ 1232.267008][T17425] bridge0: port 1(bridge_slave_0) entered disabled state [ 1232.309583][T17425] bridge_slave_0: entered allmulticast mode [ 1232.338908][T17425] bridge_slave_0: entered promiscuous mode [ 1232.373189][T17425] bridge0: port 2(bridge_slave_1) entered blocking state [ 1232.396471][T17425] bridge0: port 2(bridge_slave_1) entered disabled state [ 1232.403806][T17425] bridge_slave_1: entered allmulticast mode [ 1232.468314][T17425] bridge_slave_1: entered promiscuous mode [ 1232.711861][T17425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1232.758879][T17425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1233.307766][T17425] team0: Port device team_slave_0 added [ 1233.409973][T17425] team0: Port device team_slave_1 added [ 1233.586778][T16573] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 1233.594775][T17582] loop1: detected capacity change from 0 to 32768 [ 1233.647280][T17582] jfs_mkdir: dtInsert returned -EIO [ 1233.652538][T17582] ERROR: (device loop1): jfs_mkdir: [ 1233.652538][T17582] [ 1233.708904][T17582] ERROR: (device loop1): remounting filesystem as read-only [ 1233.732758][T17609] loop4: detected capacity change from 0 to 128 [ 1233.787779][ T5282] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1233.798914][T17609] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1233.807374][T17609] ext4 filesystem being mounted at /25/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1233.869705][T17582] jfs_lookup: iget failed on inum 4 [ 1233.889801][T16573] usb 3-1: config 1 has an invalid descriptor of length 117, skipping remainder of the config [ 1233.943038][T16573] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 1234.003689][T17425] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1234.011670][T17425] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1234.013176][T16573] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1234.113392][T17425] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1234.126375][T16573] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1234.134431][T16573] usb 3-1: SerialNumber: syz [ 1234.159795][T17425] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1234.186335][T17425] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1234.265988][T17425] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1234.308464][T17612] syz.4.3804 (pid 17612) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 1234.599072][T17599] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1234.627239][T17599] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1234.675982][T17238] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1234.833389][ T5282] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1235.030437][T17599] loop2: detected capacity change from 0 to 8192 [ 1235.125946][T16573] cdc_ether 3-1:1.0: skipping garbage [ 1235.131242][T17615] netlink: 10 bytes leftover after parsing attributes in process `syz.1.3805'. [ 1235.156559][T16573] cdc_ether 3-1:1.0: skipping garbage [ 1235.162018][T16573] cdc_ether 3-1:1.0: skipping garbage [ 1235.192589][T16573] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 1235.240221][T16573] usb 3-1: USB disconnect, device number 19 [ 1235.322655][ T5282] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1235.412132][T17622] netlink: 'syz.4.3807': attribute type 21 has an invalid length. [ 1235.429210][T17622] netlink: 156 bytes leftover after parsing attributes in process `syz.4.3807'. [ 1236.066923][T17620] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3807'. [ 1236.405359][ T5282] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1236.849810][T17284] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1236.973674][T17638] loop2: detected capacity change from 0 to 512 [ 1237.060645][T17425] hsr_slave_0: entered promiscuous mode [ 1237.088343][T17638] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1237.127801][T17425] hsr_slave_1: entered promiscuous mode [ 1237.134427][T17425] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1237.157507][T17425] Cannot create hsr debugfs directory [ 1237.198531][T17638] ext4 filesystem being mounted at /32/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1237.366121][T17638] EXT4-fs error (device loop2): ext4_get_first_dir_block:3537: inode #12: comm syz.2.3810: Directory hole found for htree leaf block [ 1237.437747][T17490] chnl_net:caif_netlink_parms(): no params data found [ 1237.490666][T17652] loop4: detected capacity change from 0 to 128 [ 1237.567415][T17231] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1237.668204][T17652] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1237.690172][T17652] ext4 filesystem being mounted at /29/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1237.940453][ T1241] ieee802154 phy0 wpan0: encryption failed: -22 [ 1237.947194][ T1241] ieee802154 phy1 wpan1: encryption failed: -22 [ 1238.115044][T17666] loop1: detected capacity change from 0 to 256 [ 1238.172470][T17667] loop2: detected capacity change from 0 to 512 [ 1238.197392][T17667] EXT4-fs: Ignoring removed oldalloc option [ 1238.228031][T17667] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1238.325181][T17667] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1238.374085][T17667] ext4 filesystem being mounted at /34/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1238.570680][T17238] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1238.690298][T17231] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1238.846521][T17490] bridge0: port 1(bridge_slave_0) entered blocking state [ 1238.854589][T17490] bridge0: port 1(bridge_slave_0) entered disabled state [ 1238.904355][T17490] bridge_slave_0: entered allmulticast mode [ 1238.921462][T17490] bridge_slave_0: entered promiscuous mode [ 1238.934669][T17678] openvswitch: netlink: Missing key (keys=40, expected=100) [ 1238.948677][T17490] bridge0: port 2(bridge_slave_1) entered blocking state [ 1238.978300][T17490] bridge0: port 2(bridge_slave_1) entered disabled state [ 1239.009335][T17490] bridge_slave_1: entered allmulticast mode [ 1239.028716][T17490] bridge_slave_1: entered promiscuous mode [ 1239.041258][T17681] loop2: detected capacity change from 0 to 256 [ 1239.133790][T17681] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 1239.179686][ T5282] bridge_slave_1: left allmulticast mode [ 1239.185568][ T5282] bridge_slave_1: left promiscuous mode [ 1239.220824][ T5282] bridge0: port 2(bridge_slave_1) entered disabled state [ 1239.256953][T17681] exFAT-fs (loop2): hint_cluster is invalid (1), rewind to the first cluster [ 1239.334921][T17681] exFAT-fs (loop2): error, invalid access to exfat cache (entry 0x00000000) [ 1239.379456][T17681] exFAT-fs (loop2): Filesystem has been set read-only [ 1239.399737][ T5282] bridge_slave_0: left allmulticast mode [ 1239.405456][ T5282] bridge_slave_0: left promiscuous mode [ 1239.442313][T17681] exFAT-fs (loop2): error, failed to bmap (inode : ffff888079d6cfc8 iblock : 1, err : -5) [ 1239.476671][ T5282] bridge0: port 1(bridge_slave_0) entered disabled state [ 1240.503080][T17694] loop1: detected capacity change from 0 to 1024 [ 1240.643794][T17696] loop4: detected capacity change from 0 to 256 [ 1240.676295][T17696] exFAT-fs (loop4): Invalid boot checksum (boot checksum : 0x11190300, checksum : 0x1119ac00) [ 1240.739567][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x1 [ 1240.746252][T17696] exFAT-fs (loop4): invalid boot region [ 1240.756334][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1240.776311][T17696] exFAT-fs (loop4): failed to recognize exfat type [ 1240.795562][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1240.815089][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1240.826351][ T29] kauditd_printk_skb: 35 callbacks suppressed [ 1240.826372][ T29] audit: type=1326 audit(1720612987.692:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17691 comm="syz.1.3829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9717f75bd9 code=0x7ffc0000 [ 1240.838864][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1240.955591][ T29] audit: type=1326 audit(1720612987.692:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17691 comm="syz.1.3829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9717f75bd9 code=0x7ffc0000 [ 1241.117804][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1241.138435][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1241.145983][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x2 [ 1241.154407][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1241.162117][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1241.169602][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1241.177223][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1241.184716][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x4 [ 1241.192235][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1241.199880][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1241.212178][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1241.221583][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1241.231005][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1241.279825][T17703] input: syz0 as /devices/virtual/input/input27 [ 1241.581854][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1241.622403][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1241.668325][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1241.776447][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1241.803728][T17707] loop4: detected capacity change from 0 to 2048 [ 1241.810405][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1241.826311][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1241.844277][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1241.870473][T17707] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1241.886689][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1241.902229][T16573] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1241.972873][T16573] hid-generic 0000:0000:0000.000E: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1242.376512][T17713] openvswitch: netlink: Missing key (keys=40, expected=100) [ 1242.573590][T17717] loop1: detected capacity change from 0 to 256 [ 1242.619481][T17717] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 1242.695483][T17717] exFAT-fs (loop1): hint_cluster is invalid (1), rewind to the first cluster [ 1242.699103][T17719] loop4: detected capacity change from 0 to 512 [ 1242.735963][T17717] exFAT-fs (loop1): error, invalid access to exfat cache (entry 0x00000000) [ 1242.784497][T17717] exFAT-fs (loop1): Filesystem has been set read-only [ 1242.796086][T17717] exFAT-fs (loop1): error, failed to bmap (inode : ffff888079f16360 iblock : 1, err : -5) [ 1242.820066][T17719] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1242.896386][T17719] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1243.032222][T17719] EXT4-fs error (device loop4): ext4_get_first_dir_block:3537: inode #12: comm syz.4.3838: Directory hole found for htree leaf block [ 1243.160790][T17238] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1243.548371][ T5282] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1243.611045][ T5282] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1243.681406][ T5282] bond0 (unregistering): Released all slaves [ 1244.641694][T17490] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1244.876371][T17724] netlink: 10 bytes leftover after parsing attributes in process `syz.1.3839'. [ 1245.001732][T17736] loop4: detected capacity change from 0 to 512 [ 1245.059909][ T5282] hsr_slave_0: left promiscuous mode [ 1245.119431][T17736] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1245.156352][ T5282] hsr_slave_1: left promiscuous mode [ 1245.185006][T17742] loop1: detected capacity change from 0 to 2048 [ 1245.191776][ T5282] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1245.197836][T17736] ext4 filesystem being mounted at /39/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1245.206312][ T5282] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1245.240439][ T5282] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1245.258438][ T5282] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1245.275883][T17736] EXT4-fs error (device loop4): ext4_do_update_inode:5075: inode #2: comm syz.4.3842: corrupted inode contents [ 1245.294345][T17742] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1245.335983][T17736] EXT4-fs error (device loop4): ext4_dirty_inode:5935: inode #2: comm syz.4.3842: mark_inode_dirty error [ 1245.379527][T17736] EXT4-fs error (device loop4): ext4_do_update_inode:5075: inode #2: comm syz.4.3842: corrupted inode contents [ 1245.402727][ T5282] veth1_macvtap: left promiscuous mode [ 1245.428406][ T5282] veth0_macvtap: left promiscuous mode [ 1245.434159][ T5282] veth1_vlan: left promiscuous mode [ 1245.439256][T17736] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz.4.3842: mark_inode_dirty error [ 1245.496501][ T5282] veth0_vlan: left promiscuous mode [ 1245.567468][T17746] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3846'. [ 1245.633060][T17238] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1245.897327][T17753] loop4: detected capacity change from 0 to 256 [ 1246.121056][T17753] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 1246.588526][T17753] exFAT-fs (loop4): hint_cluster is invalid (1), rewind to the first cluster [ 1246.899482][T17762] exFAT-fs (loop4): error, invalid access to exfat cache (entry 0x00000000) [ 1246.956633][T17762] exFAT-fs (loop4): Filesystem has been set read-only [ 1246.963657][T17762] exFAT-fs (loop4): error, failed to bmap (inode : ffff888079d6e9e8 iblock : 1, err : -5) [ 1248.069481][ T29] audit: type=1326 audit(1720612994.932:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17769 comm="syz.4.3854" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3b49b75bd9 code=0x0 [ 1249.109291][T17779] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3858'. [ 1249.186345][T10636] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 1249.426464][T10636] usb 2-1: Using ep0 maxpacket: 32 [ 1249.457548][T10636] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1249.510785][T10636] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1249.556563][T10636] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1249.582101][T10636] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 1249.614721][T10636] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1249.676579][T10636] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 1249.696166][T10636] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1249.715481][T10636] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1249.753697][T10636] usb 2-1: Product: syz [ 1249.762521][T10636] usb 2-1: Manufacturer: syz [ 1249.782495][T10636] usb 2-1: SerialNumber: syz [ 1250.297219][ T5282] team0 (unregistering): Port device team_slave_1 removed [ 1250.519268][ T5282] team0 (unregistering): Port device team_slave_0 removed [ 1252.275532][ T5106] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1252.289967][ T5106] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1252.311084][ T5106] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1252.327923][ T5106] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1252.346598][ T5106] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1252.356618][ T5106] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1253.068669][T17490] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1253.210940][T17761] netlink: 10 bytes leftover after parsing attributes in process `syz.2.3852'. [ 1253.306732][T10636] cdc_ncm 2-1:1.0: bind() failure [ 1253.362912][T10636] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 1253.406304][T10636] cdc_ncm 2-1:1.1: bind() failure [ 1253.457814][T10636] usb 2-1: USB disconnect, device number 23 [ 1253.496906][T17792] loop4: detected capacity change from 0 to 1024 [ 1253.518738][T17795] loop1: detected capacity change from 0 to 256 [ 1253.575380][T17795] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 1253.685222][T17792] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1253.706936][T17795] exFAT-fs (loop1): hint_cluster is invalid (1), rewind to the first cluster [ 1253.802197][T17795] exFAT-fs (loop1): error, invalid access to exfat cache (entry 0x00000000) [ 1253.839608][T17795] exFAT-fs (loop1): Filesystem has been set read-only [ 1253.846673][T17792] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none. [ 1253.913092][T17795] exFAT-fs (loop1): error, failed to bmap (inode : ffff888079f169e8 iblock : 1, err : -5) [ 1254.420790][ T5106] Bluetooth: hci3: command tx timeout [ 1254.468971][T17490] team0: Port device team_slave_0 added [ 1254.612293][T17238] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1254.735299][T17490] team0: Port device team_slave_1 added [ 1255.065868][T17807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3867'. [ 1255.138112][T17815] loop1: detected capacity change from 0 to 1764 [ 1255.280707][T17490] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1255.306290][T17490] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1255.427413][T17490] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1255.668184][T17490] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1255.711216][T17490] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1255.811348][T17490] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1256.117606][T17823] netlink: 10 bytes leftover after parsing attributes in process `syz.4.3873'. [ 1256.470396][T17825] netlink: 'syz.2.3874': attribute type 1 has an invalid length. [ 1256.487730][ T5106] Bluetooth: hci3: command tx timeout [ 1257.336924][T17490] hsr_slave_0: entered promiscuous mode [ 1257.364064][T17490] hsr_slave_1: entered promiscuous mode [ 1257.392701][T17490] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1257.406317][T17490] Cannot create hsr debugfs directory [ 1257.942261][T17847] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1258.029665][T17851] loop4: detected capacity change from 0 to 1024 [ 1258.228297][T17425] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1258.258755][T17851] hfsplus: b-tree write err: -5, ino 3 [ 1258.378281][ T64] hfsplus: b-tree write err: -5, ino 3 [ 1258.482112][T17840] loop2: detected capacity change from 0 to 40427 [ 1258.504503][T17425] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1258.521716][T17855] loop1: detected capacity change from 0 to 1024 [ 1258.528632][T17840] F2FS-fs (loop2): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 1258.557577][T17840] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1258.568919][T10068] Bluetooth: hci3: command tx timeout [ 1258.597046][T17840] F2FS-fs (loop2): invalid crc value [ 1258.607915][T17789] chnl_net:caif_netlink_parms(): no params data found [ 1258.643678][T17840] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1258.775493][ T7408] hfsplus: b-tree write err: -5, ino 4 [ 1258.787850][T17840] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1258.809965][T17840] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1258.832999][T17425] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1258.874081][T17425] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1258.949747][T17857] netlink: 10 bytes leftover after parsing attributes in process `syz.4.3884'. [ 1258.994740][T17231] syz-executor: attempt to access beyond end of device [ 1258.994740][T17231] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 1259.052729][T17231] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 1259.094265][T17231] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 1259.436854][T10636] usb 2-1: new low-speed USB device number 24 using dummy_hcd [ 1259.677337][T10636] usb 2-1: config index 0 descriptor too short (expected 16420, got 36) [ 1259.685871][T10636] usb 2-1: config 0 has an invalid descriptor of length 101, skipping remainder of the config [ 1259.752290][T10636] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 102, changing to 4 [ 1259.806278][T10636] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 12078, setting to 0 [ 1259.836426][T10636] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1259.842797][T17789] bridge0: port 1(bridge_slave_0) entered blocking state [ 1259.887670][T10636] usb 2-1: New USB device found, idVendor=1a8d, idProduct=100d, bcdDevice=dd.34 [ 1259.916441][T17789] bridge0: port 1(bridge_slave_0) entered disabled state [ 1259.923867][T17789] bridge_slave_0: entered allmulticast mode [ 1259.937644][T10636] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1259.969087][T17789] bridge_slave_0: entered promiscuous mode [ 1259.984082][T10636] usb 2-1: config 0 descriptor?? [ 1260.010298][T17789] bridge0: port 2(bridge_slave_1) entered blocking state [ 1260.019771][T10636] option 2-1:0.0: GSM modem (1-port) converter detected [ 1260.042663][T17789] bridge0: port 2(bridge_slave_1) entered disabled state [ 1260.056911][T17789] bridge_slave_1: entered allmulticast mode [ 1260.074924][T17789] bridge_slave_1: entered promiscuous mode [ 1260.218717][ T5146] usb 2-1: USB disconnect, device number 24 [ 1260.257097][ T5146] option 2-1:0.0: device disconnected [ 1260.470779][T17789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1260.646863][T10068] Bluetooth: hci3: command tx timeout [ 1260.724052][T17789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1261.030755][T17789] team0: Port device team_slave_0 added [ 1261.200521][T17789] team0: Port device team_slave_1 added [ 1261.255570][ T5282] bridge_slave_1: left allmulticast mode [ 1261.273441][ T5282] bridge_slave_1: left promiscuous mode [ 1261.283807][ T5282] bridge0: port 2(bridge_slave_1) entered disabled state [ 1261.378363][ T5282] bridge_slave_0: left allmulticast mode [ 1261.384131][ T5282] bridge_slave_0: left promiscuous mode [ 1261.411821][ T5282] bridge0: port 1(bridge_slave_0) entered disabled state [ 1262.269479][T17906] loop2: detected capacity change from 0 to 2048 [ 1262.369301][T17906] UDF-fs: error (device loop2): udf_read_inode: (ino 1312) failed !bh [ 1262.389533][T17906] UDF-fs: Scanning with blocksize 512 failed [ 1262.421348][T17906] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1262.460581][T17906] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 1262.485726][T17906] UDF-fs: Scanning with blocksize 1024 failed [ 1262.527489][T17906] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1262.570209][T17906] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 [ 1262.608861][T17906] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 1262.636721][T17906] UDF-fs: Scanning with blocksize 2048 failed [ 1262.665852][T17906] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 1262.697575][T17906] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1262.767555][T17906] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 [ 1262.796496][T17906] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 1262.834332][T17906] UDF-fs: Scanning with blocksize 4096 failed [ 1262.840730][T17906] UDF-fs: warning (device loop2): udf_fill_super: No partition found (1) [ 1263.137920][T17912] loop4: detected capacity change from 0 to 1024 [ 1263.166165][T17912] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only. [ 1263.600241][ T5282] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1263.637197][ T5282] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1263.692033][ T5282] bond0 (unregistering): Released all slaves [ 1263.887215][T17789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1263.899019][T17789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1263.986777][T17789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1264.247920][ T5282] hsr_slave_0: left promiscuous mode [ 1264.267314][ T5282] hsr_slave_1: left promiscuous mode [ 1264.280534][ T5282] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1264.356340][ T5282] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1264.750989][T17936] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 1265.352662][T17935] loop2: detected capacity change from 0 to 2048 [ 1265.410193][T17935] UDF-fs: error (device loop2): udf_read_inode: (ino 1312) failed !bh [ 1265.436451][T17935] UDF-fs: Scanning with blocksize 512 failed [ 1265.508355][T17935] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1265.598186][T17935] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 1265.643477][T17941] loop1: detected capacity change from 0 to 1024 [ 1265.646686][T17935] UDF-fs: Scanning with blocksize 1024 failed [ 1265.660150][T17941] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only. [ 1265.687568][T17935] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1265.734656][T17935] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 [ 1265.760229][T17935] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 1265.803554][T17935] UDF-fs: Scanning with blocksize 2048 failed [ 1265.849757][T17935] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 1265.896681][T17935] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1265.933616][T17935] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 [ 1265.986451][T17935] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 1265.994271][T17935] UDF-fs: Scanning with blocksize 4096 failed [ 1266.026554][T17935] UDF-fs: warning (device loop2): udf_fill_super: No partition found (1) [ 1267.931951][T17968] loop1: detected capacity change from 0 to 1024 [ 1267.941229][ T5282] team0 (unregistering): Port device team_slave_1 removed [ 1267.958366][T17968] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only. [ 1268.231442][ T5282] team0 (unregistering): Port device team_slave_0 removed [ 1268.379031][T17975] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3926'. [ 1268.521508][T10068] block nbd1: Receive control failed (result -32) [ 1268.564549][T17973] block nbd1: shutting down sockets [ 1269.096713][ T29] audit: type=1326 audit(1720613015.952:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17987 comm="syz.1.3931" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9717f75bd9 code=0x0 [ 1269.264219][T17990] loop2: detected capacity change from 0 to 1024 [ 1269.413881][T12929] hfsplus: b-tree write err: -5, ino 4 [ 1271.697079][ T5157] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 1271.864206][T17789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1271.875044][T17789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1271.940322][ T5157] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1271.940910][T17789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1271.974457][ T5157] usb 2-1: New USB device found, idVendor=046d, idProduct=101b, bcdDevice= 0.00 [ 1272.021655][ T5157] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1272.053197][ T5157] usb 2-1: config 0 descriptor?? [ 1272.116660][T17425] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1272.419125][T17789] hsr_slave_0: entered promiscuous mode [ 1272.463739][T17789] hsr_slave_1: entered promiscuous mode [ 1272.516996][T17789] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1272.524629][T17789] Cannot create hsr debugfs directory [ 1272.541735][ T5157] hid-generic 0003:046D:101B.000F: hidraw0: USB HID v0.00 Device [HID 046d:101b] on usb-dummy_hcd.1-1/input0 [ 1272.610238][T17425] 8021q: adding VLAN 0 to HW filter on device team0 [ 1272.728412][ T5157] usb 2-1: USB disconnect, device number 25 [ 1272.844094][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 1272.851382][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1273.112195][ T29] audit: type=1326 audit(1720613019.962:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18020 comm="syz.2.3943" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f92c0b75bd9 code=0x0 [ 1273.137961][ T5092] bridge0: port 2(bridge_slave_1) entered blocking state [ 1273.145226][ T5092] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1274.681714][T17490] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1274.747293][T17490] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1274.860717][T17490] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1274.942453][T17490] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1275.414202][T18039] loop2: detected capacity change from 0 to 128 [ 1275.500128][T18039] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 1275.631250][T18039] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1275.639324][T18044] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3951'. [ 1276.316616][T17063] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 1276.394082][T18060] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1276.437574][T18060] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1276.450448][T18060] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1276.491089][T18060] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1276.508862][T18060] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1276.517447][T18060] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1276.559288][T17063] usb 5-1: New USB device found, idVendor=13d8, idProduct=0021, bcdDevice=79.90 [ 1276.568595][T18060] Bluetooth: hci7: command 0x0406 tx timeout [ 1276.616432][ T29] audit: type=1326 audit(1720613023.462:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18062 comm="syz.1.3959" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9717f75bd9 code=0x0 [ 1276.654043][T17063] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1276.675340][T17063] usb 5-1: config 0 descriptor?? [ 1276.720672][T17063] usb 5-1: selecting invalid altsetting 3 [ 1276.749410][T17063] comedi comedi0: could not set alternate setting 3 in high speed [ 1276.757755][T17063] usbduxsigma 5-1:0.0: driver 'usbduxsigma' failed to auto-configure device. [ 1276.788967][T17063] usbduxsigma 5-1:0.0: probe with driver usbduxsigma failed with error -22 [ 1276.932407][T17490] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1277.288330][T17490] 8021q: adding VLAN 0 to HW filter on device team0 [ 1277.315368][T10636] usb 5-1: USB disconnect, device number 21 [ 1277.416940][ T5106] Bluetooth: hci7: ACL packet for unknown connection handle 200 [ 1278.447305][T10636] bridge0: port 1(bridge_slave_0) entered blocking state [ 1278.454568][T10636] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1278.527185][T18077] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3963'. [ 1278.698613][ T5157] bridge0: port 2(bridge_slave_1) entered blocking state [ 1278.705840][ T5157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1278.727007][ T5106] Bluetooth: hci1: command tx timeout [ 1278.923977][T17789] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1278.988430][T17789] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1279.331156][T18094] loop4: detected capacity change from 0 to 256 [ 1279.470250][T18094] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 1279.513443][T17789] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1280.038661][ T29] audit: type=1326 audit(1720613026.852:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18098 comm="syz.2.3971" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f92c0b75bd9 code=0x0 [ 1280.160834][T18101] loop1: detected capacity change from 0 to 64 [ 1280.190827][T17789] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1280.538606][T16054] bridge_slave_1: left allmulticast mode [ 1280.544329][T16054] bridge_slave_1: left promiscuous mode [ 1280.555234][T16054] bridge0: port 2(bridge_slave_1) entered disabled state [ 1280.592871][T16054] bridge_slave_0: left allmulticast mode [ 1280.606281][T16054] bridge_slave_0: left promiscuous mode [ 1280.612122][T16054] bridge0: port 1(bridge_slave_0) entered disabled state [ 1280.676331][ T5092] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 1280.808806][ T5106] Bluetooth: hci1: command tx timeout [ 1280.927585][ T5092] usb 2-1: New USB device found, idVendor=13d8, idProduct=0021, bcdDevice=79.90 [ 1280.937143][ T5092] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1280.977350][ T5092] usb 2-1: config 0 descriptor?? [ 1281.029037][ T5092] usb 2-1: selecting invalid altsetting 3 [ 1281.034887][ T5092] comedi comedi0: could not set alternate setting 3 in high speed [ 1281.056415][ T5092] usbduxsigma 2-1:0.0: driver 'usbduxsigma' failed to auto-configure device. [ 1281.092061][ T5092] usbduxsigma 2-1:0.0: probe with driver usbduxsigma failed with error -22 [ 1281.462097][ T5092] usb 2-1: USB disconnect, device number 26 [ 1281.697696][T18119] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 1282.284416][T18124] loop4: detected capacity change from 0 to 512 [ 1282.322889][T18124] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 1282.332910][T18124] EXT4-fs (loop4): blocks per group (255) and clusters per group (8192) inconsistent [ 1282.889089][ T5106] Bluetooth: hci1: command tx timeout [ 1283.011663][ T29] audit: type=1326 audit(1720613029.872:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18126 comm="syz.1.3980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9717f75bd9 code=0x7ffc0000 [ 1283.154558][ T29] audit: type=1326 audit(1720613029.932:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18126 comm="syz.1.3980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9717f75bd9 code=0x7ffc0000 [ 1283.311522][ T29] audit: type=1326 audit(1720613029.932:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18126 comm="syz.1.3980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7f9717f75bd9 code=0x7ffc0000 [ 1283.424190][T18135] syz.2.3981[18135] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1283.425016][T18135] syz.2.3981[18135] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1283.594025][T18060] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 1283.642861][T18060] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 1283.656135][T18060] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 1283.672489][T18060] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 1283.782582][T18060] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 1283.793480][T18060] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 1283.931691][ T29] audit: type=1326 audit(1720613029.932:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18126 comm="syz.1.3980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9717f75bd9 code=0x7ffc0000 [ 1284.096479][ T29] audit: type=1326 audit(1720613029.932:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18126 comm="syz.1.3980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9717f75bd9 code=0x7ffc0000 [ 1284.366421][T17233] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 1284.517674][T16054] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1284.546880][T16054] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1284.566441][T17233] usb 2-1: Using ep0 maxpacket: 32 [ 1284.574906][T17233] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 64, changing to 10 [ 1284.599627][T16054] bond0 (unregistering): Released all slaves [ 1284.604031][T17233] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1284.647321][T17233] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023 [ 1284.647580][T18057] chnl_net:caif_netlink_parms(): no params data found [ 1284.697491][T17233] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1284.719828][T17233] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 1284.760015][T17233] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1284.917005][T17233] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1284.925136][T17233] usb 2-1: Product: syz [ 1284.930538][T17233] usb 2-1: Manufacturer: syz [ 1284.935156][T17233] usb 2-1: SerialNumber: syz [ 1284.966482][ T5106] Bluetooth: hci1: command tx timeout [ 1285.023763][T16054] hsr_slave_0: left promiscuous mode [ 1285.136532][T16054] hsr_slave_1: left promiscuous mode [ 1285.260291][T16054] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1285.304092][T16054] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1285.314988][ T29] audit: type=1326 audit(1720613032.182:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18145 comm="syz.4.3987" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3b49b75bd9 code=0x0 [ 1285.947699][ T5106] Bluetooth: hci8: command tx timeout [ 1286.101533][ T5106] Bluetooth: hci4: command 0x0406 tx timeout [ 1286.618056][T18154] loop4: detected capacity change from 0 to 1024 [ 1286.738408][T18154] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1286.969334][ T11] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 1287.046651][ T11] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 1287.086298][ T11] EXT4-fs (loop4): This should not happen!! Data will be lost [ 1287.086298][ T11] [ 1287.096070][ T11] EXT4-fs (loop4): Total free blocks count 0 [ 1287.128252][ T11] EXT4-fs (loop4): Free/Dirty block details [ 1287.146478][ T11] EXT4-fs (loop4): free_blocks=68451041280 [ 1287.152452][ T11] EXT4-fs (loop4): dirty_blocks=16 [ 1287.166301][ T11] EXT4-fs (loop4): Block reservation details [ 1287.186357][ T11] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 1287.220620][T17238] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1287.248361][T16054] team0 (unregistering): Port device team_slave_1 removed [ 1287.467852][T16054] team0 (unregistering): Port device team_slave_0 removed [ 1287.606705][ T29] audit: type=1326 audit(1720613034.462:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18160 comm="syz.4.3991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b49b75bd9 code=0x7ffc0000 [ 1287.666421][ T29] audit: type=1326 audit(1720613034.462:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18160 comm="syz.4.3991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b49b75bd9 code=0x7ffc0000 [ 1287.731510][ T29] audit: type=1326 audit(1720613034.482:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18160 comm="syz.4.3991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7f3b49b75bd9 code=0x7ffc0000 [ 1287.806371][ T29] audit: type=1326 audit(1720613034.482:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18160 comm="syz.4.3991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b49b75bd9 code=0x7ffc0000 [ 1287.830260][T18163] ieee802154 phy0 wpan0: encryption failed: -90 [ 1288.012509][T18060] Bluetooth: hci8: command tx timeout [ 1290.026530][T17233] cdc_ncm 2-1:1.0: bind() failure [ 1290.067300][T17233] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 1290.074188][T17233] cdc_ncm 2-1:1.1: bind() failure [ 1290.096613][T18060] Bluetooth: hci8: command tx timeout [ 1290.556849][ T25] usb 2-1: USB disconnect, device number 27 [ 1290.687443][T18149] IPv6: sit1: Disabled Multicast RS [ 1291.860103][T18190] loop4: detected capacity change from 0 to 16 [ 1291.878030][T18190] erofs: (device loop4): erofs_read_inode: unsupported chunk format 7fff of nid 36 [ 1291.935579][T18195] ieee802154 phy0 wpan0: encryption failed: -90 [ 1292.167306][T18060] Bluetooth: hci8: command tx timeout [ 1292.244703][T18057] bridge0: port 1(bridge_slave_0) entered blocking state [ 1292.247032][T17233] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 1292.276483][T18057] bridge0: port 1(bridge_slave_0) entered disabled state [ 1292.306551][T18057] bridge_slave_0: entered allmulticast mode [ 1292.314141][T18057] bridge_slave_0: entered promiscuous mode [ 1292.344548][ T25] usb 2-1: new low-speed USB device number 28 using dummy_hcd [ 1292.396540][T18057] bridge0: port 2(bridge_slave_1) entered blocking state [ 1292.403771][T18057] bridge0: port 2(bridge_slave_1) entered disabled state [ 1292.442321][T18057] bridge_slave_1: entered allmulticast mode [ 1292.459155][T17233] usb 5-1: Using ep0 maxpacket: 8 [ 1292.466866][T18057] bridge_slave_1: entered promiscuous mode [ 1292.477073][T17233] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1292.496879][T17233] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1292.526294][T17233] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1292.555953][ T25] usb 2-1: config index 0 descriptor too short (expected 16420, got 36) [ 1292.566691][ T25] usb 2-1: config 0 has an invalid descriptor of length 101, skipping remainder of the config [ 1292.583232][T17233] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1292.602950][T17233] usb 5-1: config 1 has no interface number 1 [ 1292.610119][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 102, changing to 4 [ 1292.628672][T17233] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1292.666681][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 12078, setting to 0 [ 1292.680462][T17233] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1292.701793][ T25] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1292.719445][T18057] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1292.747168][ T25] usb 2-1: New USB device found, idVendor=1a8d, idProduct=100d, bcdDevice=dd.34 [ 1292.759325][T17233] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1292.777674][T17233] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1292.790585][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1292.799060][T17233] usb 5-1: Product: syz [ 1292.803265][T17233] usb 5-1: Manufacturer: syz [ 1292.810528][T17233] usb 5-1: SerialNumber: syz [ 1292.814785][T17789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1292.818543][ T25] usb 2-1: config 0 descriptor?? [ 1292.841641][ T25] option 2-1:0.0: GSM modem (1-port) converter detected [ 1292.871421][T18057] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1293.082055][T16573] usb 2-1: USB disconnect, device number 28 [ 1293.089434][T18057] team0: Port device team_slave_0 added [ 1293.103466][T16573] option 2-1:0.0: device disconnected [ 1293.143241][T17233] usb 5-1: USB disconnect, device number 22 [ 1293.323875][T18203] loop2: detected capacity change from 0 to 8 [ 1293.374402][T18203] SQUASHFS error: zlib decompression failed, data probably corrupt [ 1293.406511][T18203] SQUASHFS error: Failed to read block 0x9b: -5 [ 1293.428910][T18203] SQUASHFS error: Unable to read metadata cache entry [99] [ 1293.446473][T18203] SQUASHFS error: Unable to read inode 0x127 [ 1293.453624][T18057] team0: Port device team_slave_1 added [ 1293.755662][T17789] 8021q: adding VLAN 0 to HW filter on device team0 [ 1293.963433][T18207] loop4: detected capacity change from 0 to 764 [ 1294.086539][T18208] Symlink component flag not implemented [ 1294.097222][T18208] Symlink component flag not implemented (129) [ 1294.873487][T18210] loop1: detected capacity change from 0 to 256 [ 1294.957712][T18210] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 1295.086149][T18057] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1295.133678][T18057] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1295.190335][T18057] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1295.241917][T18057] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1295.263875][T18057] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1295.356618][T18057] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1295.427164][T17233] bridge0: port 1(bridge_slave_0) entered blocking state [ 1295.434462][T17233] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1295.459439][T17233] bridge0: port 2(bridge_slave_1) entered blocking state [ 1295.466736][T17233] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1296.468370][T18221] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4011'. [ 1296.553378][T18133] chnl_net:caif_netlink_parms(): no params data found [ 1296.637894][T18225] ieee802154 phy0 wpan0: encryption failed: -90 [ 1296.731578][T18057] hsr_slave_0: entered promiscuous mode [ 1296.787732][T18057] hsr_slave_1: entered promiscuous mode [ 1296.834855][T18057] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1296.876362][T18057] Cannot create hsr debugfs directory [ 1298.363008][T17789] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1298.910539][T18250] loop4: detected capacity change from 0 to 128 [ 1298.947950][ T29] audit: type=1326 audit(1720613045.802:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18251 comm="syz.2.4022" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f92c0b75bd9 code=0x0 [ 1299.259176][T18133] bridge0: port 1(bridge_slave_0) entered blocking state [ 1299.279876][T18133] bridge0: port 1(bridge_slave_0) entered disabled state [ 1299.309584][T18133] bridge_slave_0: entered allmulticast mode [ 1299.333352][T18133] bridge_slave_0: entered promiscuous mode [ 1299.372449][ T1241] ieee802154 phy0 wpan0: encryption failed: -22 [ 1299.380343][ T1241] ieee802154 phy1 wpan1: encryption failed: -22 [ 1299.429507][T18133] bridge0: port 2(bridge_slave_1) entered blocking state [ 1299.454702][T18133] bridge0: port 2(bridge_slave_1) entered disabled state [ 1299.509894][T18133] bridge_slave_1: entered allmulticast mode [ 1299.558675][T18133] bridge_slave_1: entered promiscuous mode [ 1300.258656][T18268] xt_CT: No such helper "netbios-ns" [ 1300.714833][T18133] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1300.761942][T16054] bridge_slave_1: left allmulticast mode [ 1300.803160][T16054] bridge_slave_1: left promiscuous mode [ 1300.837532][T16054] bridge0: port 2(bridge_slave_1) entered disabled state [ 1300.889873][ T5146] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 1300.908163][T16054] bridge_slave_0: left allmulticast mode [ 1300.928294][T16054] bridge_slave_0: left promiscuous mode [ 1300.934180][T16054] bridge0: port 1(bridge_slave_0) entered disabled state [ 1301.106926][ T5146] usb 3-1: Using ep0 maxpacket: 32 [ 1301.156576][ T5146] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1301.196283][ T5146] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1301.206148][ T5146] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1301.230526][ T5146] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1301.267269][ T5146] usb 3-1: config 0 descriptor?? [ 1301.287959][ T5146] hub 3-1:0.0: USB hub found [ 1301.456513][T18291] loop4: detected capacity change from 0 to 128 [ 1301.487951][ T5146] hub 3-1:0.0: config failed, hub has too many ports! (err -19) [ 1301.690237][ T5146] usbhid 3-1:0.0: can't add hid device: -71 [ 1301.735534][ T5146] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1301.812678][ T5146] usb 3-1: USB disconnect, device number 20 [ 1303.229216][T18306] xt_CT: No such helper "netbios-ns" [ 1304.477606][T18320] loop4: detected capacity change from 0 to 65536 [ 1304.567957][T18320] XFS (loop4): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 1304.602956][T16054] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1304.640083][T18320] XFS (loop4): Ending clean mount [ 1304.652255][T18320] XFS (loop4): Quotacheck needed: Please wait. [ 1304.753324][T16054] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1304.797366][T18320] XFS (loop4): Quotacheck: Done. [ 1304.851304][T16054] bond0 (unregistering): Released all slaves [ 1304.955812][T18133] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1305.463062][T17238] XFS (loop4): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 1305.727335][T16054] hsr_slave_0: left promiscuous mode [ 1305.817006][T16054] hsr_slave_1: left promiscuous mode [ 1305.871430][T16054] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1305.974285][T16054] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1307.413103][T18374] kernel read not supported for file /eth0 (pid: 18374 comm: syz.1.4061) [ 1307.433442][T18374] program syz.1.4061 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1307.464509][T18374] fuse: Bad value for 'rootmode' [ 1307.473440][ T29] audit: type=1800 audit(1720613054.282:298): pid=18374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4061" name="eth0" dev="mqueue" ino=92357 res=0 errno=0 [ 1308.381724][T16054] team0 (unregistering): Port device team_slave_1 removed [ 1308.723274][T16054] team0 (unregistering): Port device team_slave_0 removed [ 1309.717000][T18386] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4068'. [ 1311.820933][T18133] team0: Port device team_slave_0 added [ 1311.859308][T18133] team0: Port device team_slave_1 added [ 1312.720253][T18133] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1312.751885][T18410] loop2: detected capacity change from 0 to 128 [ 1312.770200][T18133] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1313.591080][T18133] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1313.697493][T18133] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1313.704593][T18133] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1313.879810][T18133] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1313.982824][T18418] loop4: detected capacity change from 0 to 65 [ 1314.011581][T18418] BFS-fs: bfs_fill_super(): NOTE: filesystem loop4 was created with 512 inodes, the real maximum is 511, mounting anyway [ 1314.156702][T18418] BFS-fs: bfs_fill_super(): Last block not available on loop4: 511 [ 1314.348355][T18421] UBIFS error (pid: 18421): cannot open "./file0", error -22 [ 1314.589255][ T5106] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1314.647202][ T5106] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1314.663124][ T5106] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1314.673647][ T5106] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1314.688769][ T5106] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1314.710981][ T5106] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1315.014124][T18060] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1315.028086][T18060] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1315.046984][T18060] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1315.059588][T18060] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1315.070875][T18060] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1315.080697][T18060] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1315.277580][T18436] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4083'. [ 1315.305543][T18133] hsr_slave_0: entered promiscuous mode [ 1315.359027][T18133] hsr_slave_1: entered promiscuous mode [ 1315.378069][T18133] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1315.397976][T18133] Cannot create hsr debugfs directory [ 1316.184384][T16573] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 1316.206332][T18057] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1316.228429][T18057] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1316.240070][T18057] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1316.418595][T16573] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1316.447789][T16573] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1316.467919][T16573] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1316.478758][T18057] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1316.486669][T16573] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1316.494710][T16573] usb 5-1: SerialNumber: syz [ 1316.740146][T16573] usb 5-1: 0:2 : does not exist [ 1316.749585][T16573] usb 5-1: unit 5 not found! [ 1316.809203][T16573] usb 5-1: USB disconnect, device number 23 [ 1316.872614][T16054] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1316.889432][T18060] Bluetooth: hci2: command tx timeout [ 1317.080197][T18424] chnl_net:caif_netlink_parms(): no params data found [ 1317.126885][T18060] Bluetooth: hci3: command tx timeout [ 1317.274136][T16054] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1317.677848][T18449] loop4: detected capacity change from 0 to 1764 [ 1317.705751][T16054] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1318.136600][T16054] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1318.403095][T18424] bridge0: port 1(bridge_slave_0) entered blocking state [ 1318.423546][T18424] bridge0: port 1(bridge_slave_0) entered disabled state [ 1318.442460][T18424] bridge_slave_0: entered allmulticast mode [ 1318.476264][T18424] bridge_slave_0: entered promiscuous mode [ 1318.500394][T18432] chnl_net:caif_netlink_parms(): no params data found [ 1318.534734][T18424] bridge0: port 2(bridge_slave_1) entered blocking state [ 1318.557252][T18424] bridge0: port 2(bridge_slave_1) entered disabled state [ 1318.572651][T18424] bridge_slave_1: entered allmulticast mode [ 1318.593175][T18424] bridge_slave_1: entered promiscuous mode [ 1318.814022][T18424] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1318.844238][T18424] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1318.967035][T18060] Bluetooth: hci2: command tx timeout [ 1319.216578][T18060] Bluetooth: hci3: command tx timeout [ 1319.316565][T18473] netlink: 'syz.2.4092': attribute type 1 has an invalid length. [ 1319.324384][T18473] netlink: 9352 bytes leftover after parsing attributes in process `syz.2.4092'. [ 1319.356396][T18473] netlink: 'syz.2.4092': attribute type 1 has an invalid length. [ 1319.374564][T18473] netlink: 'syz.2.4092': attribute type 2 has an invalid length. [ 1319.447902][T18424] team0: Port device team_slave_0 added [ 1319.511895][T18424] team0: Port device team_slave_1 added [ 1319.708482][T18432] bridge0: port 1(bridge_slave_0) entered blocking state [ 1319.715779][T18432] bridge0: port 1(bridge_slave_0) entered disabled state [ 1319.745746][T18432] bridge_slave_0: entered allmulticast mode [ 1319.781542][T18432] bridge_slave_0: entered promiscuous mode [ 1319.906643][T18432] bridge0: port 2(bridge_slave_1) entered blocking state [ 1319.924401][T18432] bridge0: port 2(bridge_slave_1) entered disabled state [ 1319.935963][T18486] loop2: detected capacity change from 0 to 256 [ 1319.939806][T18432] bridge_slave_1: entered allmulticast mode [ 1319.962048][T18432] bridge_slave_1: entered promiscuous mode [ 1320.052963][T18424] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1320.090081][T18424] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1320.138677][T18424] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1320.151913][ T29] audit: type=1326 audit(1720613067.012:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18483 comm="syz.2.4096" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f92c0b75bd9 code=0x0 [ 1320.559739][T18424] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1320.580734][T18424] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1320.634409][T18424] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1320.836680][ T5155] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 1320.854721][T18432] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1320.903414][T18432] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1321.056659][T18060] Bluetooth: hci2: command tx timeout [ 1321.064790][ T5155] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1321.078113][ T5155] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1321.088195][ T5155] usb 5-1: New USB device found, idVendor=2179, idProduct=0053, bcdDevice= 0.00 [ 1321.097518][ T5155] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1321.114456][ T5155] usb 5-1: config 0 descriptor?? [ 1321.148519][T18133] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1321.170812][T18133] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1321.222212][T18133] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1321.286890][T18060] Bluetooth: hci3: command tx timeout [ 1321.528301][T18424] hsr_slave_0: entered promiscuous mode [ 1321.558208][T18424] hsr_slave_1: entered promiscuous mode [ 1321.576542][T18424] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1321.594516][T18424] Cannot create hsr debugfs directory [ 1321.620073][ T5155] uclogic 0003:2179:0053.0010: interface is invalid, ignoring [ 1321.708310][T18057] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1321.715504][T18133] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1321.882470][ T5146] usb 5-1: USB disconnect, device number 24 [ 1321.894362][T18432] team0: Port device team_slave_0 added [ 1321.967607][T18432] team0: Port device team_slave_1 added [ 1322.259280][T18432] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1322.269884][T18432] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1322.336753][T18432] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1322.373280][T18432] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1322.389810][T18432] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1322.417023][T18432] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1322.707621][T18057] 8021q: adding VLAN 0 to HW filter on device team0 [ 1322.928467][T16573] bridge0: port 1(bridge_slave_0) entered blocking state [ 1322.935702][T16573] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1322.999499][T16573] bridge0: port 2(bridge_slave_1) entered blocking state [ 1323.006759][T16573] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1323.124925][T18432] hsr_slave_0: entered promiscuous mode [ 1323.136274][T18060] Bluetooth: hci2: command tx timeout [ 1323.201962][T18432] hsr_slave_1: entered promiscuous mode [ 1323.208990][T18432] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1323.220076][T18432] Cannot create hsr debugfs directory [ 1323.367427][T18060] Bluetooth: hci3: command tx timeout [ 1323.374506][T16054] bridge_slave_1: left allmulticast mode [ 1323.404252][T16054] bridge_slave_1: left promiscuous mode [ 1323.428967][T16054] bridge0: port 2(bridge_slave_1) entered disabled state [ 1323.492575][T16054] bridge_slave_0: left allmulticast mode [ 1323.508731][T16054] bridge_slave_0: left promiscuous mode [ 1323.514656][T16054] bridge0: port 1(bridge_slave_0) entered disabled state [ 1323.562028][T16054] bridge_slave_1: left allmulticast mode [ 1323.589686][T16054] bridge_slave_1: left promiscuous mode [ 1323.595642][T16054] bridge0: port 2(bridge_slave_1) entered disabled state [ 1323.667610][T16054] bridge_slave_0: left allmulticast mode [ 1323.674946][T16054] bridge_slave_0: left promiscuous mode [ 1323.701174][T16054] bridge0: port 1(bridge_slave_0) entered disabled state [ 1324.546401][ T25] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 1324.620592][T18510] loop4: detected capacity change from 0 to 32768 [ 1324.736555][T18510] XFS (loop4): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 1324.778943][ T25] usb 3-1: config 0 has no interfaces? [ 1324.784578][ T25] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1324.799063][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1324.837588][ T25] usb 3-1: config 0 descriptor?? [ 1324.877847][T18510] XFS (loop4): Ending clean mount [ 1324.915923][T18510] XFS (loop4): Quotacheck needed: Please wait. [ 1325.074874][T18510] XFS (loop4): Quotacheck: Done. [ 1325.184953][ T25] usb 3-1: USB disconnect, device number 21 [ 1325.318425][T17238] XFS (loop4): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 1326.055832][T18527] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4108'. [ 1326.335598][ T5156] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 1326.542558][ T5156] usb 3-1: Using ep0 maxpacket: 32 [ 1326.558176][ T5156] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 1326.566782][ T5156] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1326.591562][ T5156] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1326.618380][ T5156] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1326.626974][ T5156] usb 3-1: Product: syz [ 1326.631294][ T5156] usb 3-1: Manufacturer: syz [ 1326.671283][ T5156] usb 3-1: SerialNumber: syz [ 1326.689978][ T5156] usb 3-1: config 0 descriptor?? [ 1326.701673][ T5156] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1326.728622][ T5156] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1326.919484][ T5155] usb 3-1: USB disconnect, device number 22 [ 1326.938267][ T5155] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 1327.003816][T16054] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1327.032605][T16054] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1327.072793][T16054] bond0 (unregistering): Released all slaves [ 1327.685948][T16054] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1327.746939][T16054] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1327.775189][T16054] bond0 (unregistering): Released all slaves [ 1327.821174][T18529] loop2: detected capacity change from 0 to 1024 [ 1330.061815][T18549] netlink: 'syz.2.4118': attribute type 1 has an invalid length. [ 1330.090676][T18549] netlink: 9348 bytes leftover after parsing attributes in process `syz.2.4118'. [ 1330.119482][T18549] netlink: 'syz.2.4118': attribute type 1 has an invalid length. [ 1330.149645][T18549] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4118'. [ 1330.257062][T16054] hsr_slave_0: left promiscuous mode [ 1330.285790][T16054] hsr_slave_1: left promiscuous mode [ 1330.305900][T16054] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1330.316319][T16054] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1330.357739][T16054] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1330.365302][T16054] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1330.430568][T16054] hsr_slave_0: left promiscuous mode [ 1330.456044][T16054] hsr_slave_1: left promiscuous mode [ 1330.472486][T16054] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1330.493332][T16054] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1330.601421][T16054] veth1_macvtap: left promiscuous mode [ 1330.616322][T16054] veth0_macvtap: left promiscuous mode [ 1330.626733][T16054] veth1_vlan: left promiscuous mode [ 1330.643913][T16054] veth0_vlan: left promiscuous mode [ 1330.667346][ T5157] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 1330.876283][ T5157] usb 3-1: Using ep0 maxpacket: 32 [ 1330.893933][ T5157] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 1330.906285][ T5157] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1330.952918][ T5157] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1330.978843][ T5157] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1330.997905][ T5157] usb 3-1: Product: syz [ 1331.002193][ T5157] usb 3-1: Manufacturer: syz [ 1331.038760][ T5157] usb 3-1: SerialNumber: syz [ 1331.068690][ T5157] usb 3-1: config 0 descriptor?? [ 1331.077040][ T5157] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1331.107921][ T5157] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1331.373194][ T5092] usb 3-1: USB disconnect, device number 23 [ 1331.391734][ T5092] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 1332.136495][T16573] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 1332.396395][T16573] usb 5-1: Using ep0 maxpacket: 8 [ 1332.470692][T16573] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1332.693414][T16573] usb 5-1: New USB device found, idVendor=2013, idProduct=0259, bcdDevice=a5.34 [ 1332.726435][T16573] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1332.734514][T16573] usb 5-1: Product: syz [ 1332.766436][T16573] usb 5-1: Manufacturer: syz [ 1332.771289][T16573] usb 5-1: SerialNumber: syz [ 1332.826013][T16573] usb 5-1: config 0 descriptor?? [ 1334.385360][T16054] team0 (unregistering): Port device team_slave_1 removed [ 1334.584047][T16054] team0 (unregistering): Port device team_slave_0 removed [ 1337.027760][ T5106] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1337.041144][ T5106] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1337.088518][ T5106] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1337.100671][ T5106] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1337.113608][ T5106] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 1337.135921][ T5106] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1337.744751][T16054] team0 (unregistering): Port device team_slave_1 removed [ 1337.959211][T16054] team0 (unregistering): Port device team_slave_0 removed [ 1339.226380][ T5106] Bluetooth: hci6: command tx timeout [ 1340.115267][ T5092] usb 5-1: USB disconnect, device number 25 [ 1340.208180][T18133] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1340.444312][T18133] 8021q: adding VLAN 0 to HW filter on device team0 [ 1340.781400][T16573] bridge0: port 1(bridge_slave_0) entered blocking state [ 1340.788649][T16573] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1340.980057][ T5156] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 1341.092869][T18588] loop2: detected capacity change from 0 to 512 [ 1341.184946][T18588] EXT4-fs: Ignoring removed nobh option [ 1341.197989][ T5156] usb 5-1: config 0 has no interfaces? [ 1341.203527][ T5156] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1341.220747][ T5092] bridge0: port 2(bridge_slave_1) entered blocking state [ 1341.228016][ T5092] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1341.249217][ T5156] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1341.286653][ T5106] Bluetooth: hci6: command tx timeout [ 1341.403281][ T5156] usb 5-1: config 0 descriptor?? [ 1341.518342][T18588] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1341.575960][T18588] ext4 filesystem being mounted at /139/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1341.698455][T18424] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1341.777931][T18424] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1341.946427][T18424] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1341.980621][ T7274] usb 5-1: USB disconnect, device number 26 [ 1342.356461][T18424] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1342.936994][ T5106] Bluetooth: hci4: unexpected subevent 0x01 length: 25 > 18 [ 1342.940547][T18597] netlink: 'syz.4.4133': attribute type 2 has an invalid length. [ 1343.286098][T18574] chnl_net:caif_netlink_parms(): no params data found [ 1343.366518][T18060] Bluetooth: hci6: command tx timeout [ 1343.577653][ T5106] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1343.602466][ T5106] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1343.611190][ T5106] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1343.639837][ T5106] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1343.661128][ T5106] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1343.676699][ T5106] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1344.058104][T17231] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1344.224605][T18424] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1344.490089][T18432] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1344.527749][T18432] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1344.659581][T18574] bridge0: port 1(bridge_slave_0) entered blocking state [ 1344.679495][T18574] bridge0: port 1(bridge_slave_0) entered disabled state [ 1344.690241][T18574] bridge_slave_0: entered allmulticast mode [ 1344.721174][T18574] bridge_slave_0: entered promiscuous mode [ 1344.733558][T18432] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1344.925309][T18574] bridge0: port 2(bridge_slave_1) entered blocking state [ 1344.955260][T18574] bridge0: port 2(bridge_slave_1) entered disabled state [ 1344.966563][T18060] Bluetooth: hci4: command 0x0406 tx timeout [ 1344.996076][T18574] bridge_slave_1: entered allmulticast mode [ 1345.047359][T18574] bridge_slave_1: entered promiscuous mode [ 1345.150132][T18432] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1345.382055][T18609] loop4: detected capacity change from 0 to 2048 [ 1345.451517][T18060] Bluetooth: hci6: command tx timeout [ 1345.496929][T18609] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1345.552176][T18574] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1345.638395][T18574] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1345.766760][T18060] Bluetooth: hci1: command tx timeout [ 1345.814857][T18424] 8021q: adding VLAN 0 to HW filter on device team0 [ 1345.871590][T17238] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1346.057802][T18574] team0: Port device team_slave_0 added [ 1346.271815][ T5156] bridge0: port 1(bridge_slave_0) entered blocking state [ 1346.279087][ T5156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1346.372278][T18574] team0: Port device team_slave_1 added [ 1346.539242][ T5156] bridge0: port 2(bridge_slave_1) entered blocking state [ 1346.546698][ T5156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1346.815980][T18574] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1346.866455][T18574] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1346.970166][T18574] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1347.150614][T18600] chnl_net:caif_netlink_parms(): no params data found [ 1347.199973][T18574] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1347.225891][T18574] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1347.251879][ C1] vkms_vblank_simulate: vblank timer overrun [ 1347.316401][T18574] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1347.846648][T18060] Bluetooth: hci1: command tx timeout [ 1348.023075][T18656] loop2: detected capacity change from 0 to 512 [ 1348.068119][T18656] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1348.169108][T18574] hsr_slave_0: entered promiscuous mode [ 1348.191214][T18656] EXT4-fs (loop2): 1 orphan inode deleted [ 1348.217107][T18574] hsr_slave_1: entered promiscuous mode [ 1348.226688][T18656] EXT4-fs (loop2): 1 truncate cleaned up [ 1348.233875][T18656] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1348.266365][T18574] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1348.273995][T18574] Cannot create hsr debugfs directory [ 1348.618887][T18656] EXT4-fs error (device loop2): ext4_lookup:1854: inode #15: comm syz.2.4153: iget: bad extra_isize 46 (inode size 256) [ 1348.648452][T18656] EXT4-fs (loop2): Remounting filesystem read-only [ 1349.465000][T18656] kAFS: unable to lookup cell '' [ 1349.770205][T17231] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1349.940306][T18060] Bluetooth: hci1: command tx timeout [ 1349.958818][T18432] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1351.322885][T18600] bridge0: port 1(bridge_slave_0) entered blocking state [ 1351.340618][T18600] bridge0: port 1(bridge_slave_0) entered disabled state [ 1351.386575][T18600] bridge_slave_0: entered allmulticast mode [ 1351.417824][T18600] bridge_slave_0: entered promiscuous mode [ 1351.627803][T18432] 8021q: adding VLAN 0 to HW filter on device team0 [ 1351.736800][ T5156] bridge0: port 1(bridge_slave_0) entered blocking state [ 1351.744095][ T5156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1351.770565][ T5156] bridge0: port 2(bridge_slave_1) entered blocking state [ 1351.777870][ T5156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1351.879493][T18600] bridge0: port 2(bridge_slave_1) entered blocking state [ 1351.934518][T18600] bridge0: port 2(bridge_slave_1) entered disabled state [ 1351.966961][T18600] bridge_slave_1: entered allmulticast mode [ 1351.974817][T18600] bridge_slave_1: entered promiscuous mode [ 1352.016866][ T5106] Bluetooth: hci1: command tx timeout [ 1352.135451][T18695] loop4: detected capacity change from 0 to 1024 [ 1352.268680][T18600] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1352.407504][T18600] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1352.623428][T18702] loop4: detected capacity change from 0 to 4096 [ 1352.645868][T18702] ntfs3: Unknown parameter '01777777777777777777777' [ 1352.673071][T18600] team0: Port device team_slave_0 added [ 1352.892965][T18600] team0: Port device team_slave_1 added [ 1353.027714][T16054] bridge_slave_1: left allmulticast mode [ 1353.033427][T16054] bridge_slave_1: left promiscuous mode [ 1353.068185][T16054] bridge0: port 2(bridge_slave_1) entered disabled state [ 1353.147744][T16054] bridge_slave_0: left allmulticast mode [ 1353.153452][T16054] bridge_slave_0: left promiscuous mode [ 1353.197410][T16054] bridge0: port 1(bridge_slave_0) entered disabled state [ 1353.286173][T16054] bridge_slave_1: left allmulticast mode [ 1353.322009][T16054] bridge_slave_1: left promiscuous mode [ 1353.346837][T16054] bridge0: port 2(bridge_slave_1) entered disabled state [ 1353.399646][T16054] bridge_slave_0: left allmulticast mode [ 1353.405452][T16054] bridge_slave_0: left promiscuous mode [ 1353.426435][T18721] netlink: 'syz.2.4171': attribute type 1 has an invalid length. [ 1353.435875][T16054] bridge0: port 1(bridge_slave_0) entered disabled state [ 1355.999460][T16054] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1356.023000][T16054] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1356.060832][T16054] bond0 (unregistering): Released all slaves [ 1356.588433][T16054] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1356.621906][T16054] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1356.661598][T16054] bond0 (unregistering): Released all slaves [ 1357.152369][T18600] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1357.216945][T18600] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1357.279240][T18600] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1357.320308][T18600] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1357.337146][T18600] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1357.404044][T18600] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1357.498278][T16054] hsr_slave_0: left promiscuous mode [ 1357.536169][T16054] hsr_slave_1: left promiscuous mode [ 1357.569763][T16054] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1357.589323][T16054] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1357.657631][T16054] hsr_slave_0: left promiscuous mode [ 1357.674423][T16054] hsr_slave_1: left promiscuous mode [ 1357.694010][T16054] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1357.721228][T16054] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1357.783790][T18733] loop2: detected capacity change from 0 to 1024 [ 1358.913067][T16054] team0 (unregistering): Port device team_slave_1 removed [ 1359.090279][T16054] team0 (unregistering): Port device team_slave_0 removed [ 1360.832191][ T1241] ieee802154 phy0 wpan0: encryption failed: -22 [ 1360.839078][ T1241] ieee802154 phy1 wpan1: encryption failed: -22 [ 1361.718601][T16054] team0 (unregistering): Port device team_slave_1 removed [ 1361.940041][T16054] team0 (unregistering): Port device team_slave_0 removed [ 1363.861485][T18424] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1364.192924][T18600] hsr_slave_0: entered promiscuous mode [ 1364.235586][T18600] hsr_slave_1: entered promiscuous mode [ 1364.282521][T18600] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1364.306619][T18600] Cannot create hsr debugfs directory [ 1364.513193][T18750] loop2: detected capacity change from 0 to 512 [ 1364.563087][T18750] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1364.578619][T18751] netlink: 'syz.4.4180': attribute type 1 has an invalid length. [ 1364.762241][T18750] EXT4-fs (loop2): 1 orphan inode deleted [ 1364.787342][T18750] EXT4-fs (loop2): 1 truncate cleaned up [ 1364.794560][T18750] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1365.025506][T18757] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4181'. [ 1365.077761][T18759] EXT4-fs error (device loop2): ext4_lookup:1854: inode #15: comm syz.2.4179: iget: bad extra_isize 46 (inode size 256) [ 1365.099568][T18759] EXT4-fs (loop2): Remounting filesystem read-only [ 1365.175920][T18759] kAFS: unable to lookup cell '' [ 1365.246443][T18432] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1365.493997][T17231] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1365.591603][T18574] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1365.724657][T18765] loop2: detected capacity change from 0 to 2048 [ 1365.750037][T18765] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1365.837670][T18766] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1366.026605][T18574] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1366.056937][T18574] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1366.226312][T18574] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1367.475651][T18432] veth0_vlan: entered promiscuous mode [ 1367.481143][T18778] input: syz1 as /devices/virtual/input/input29 [ 1367.570253][T18424] veth0_vlan: entered promiscuous mode [ 1367.686879][T18780] loop4: detected capacity change from 0 to 512 [ 1367.706022][T18424] veth1_vlan: entered promiscuous mode [ 1367.723359][T18780] EXT4-fs (loop4): blocks per group (71) and clusters per group (32768) inconsistent [ 1367.781919][T18432] veth1_vlan: entered promiscuous mode [ 1368.182709][T18785] kernel read not supported for file /eth0 (pid: 18785 comm: syz.2.4190) [ 1368.201822][T18785] program syz.2.4190 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1368.230824][T18785] fuse: Bad value for 'rootmode' [ 1368.264917][ T29] audit: type=1800 audit(1720613115.052:300): pid=18785 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4190" name="eth0" dev="mqueue" ino=95760 res=0 errno=0 [ 1368.904000][T18600] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1369.123913][T18600] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1369.184768][T18600] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1369.258652][T18600] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1369.364732][T18424] veth0_macvtap: entered promiscuous mode [ 1369.443086][T18432] veth0_macvtap: entered promiscuous mode [ 1369.479412][T18574] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1369.510534][T18424] veth1_macvtap: entered promiscuous mode [ 1369.535816][T18793] loop4: detected capacity change from 0 to 256 [ 1369.553488][T18432] veth1_macvtap: entered promiscuous mode [ 1369.639039][T18793] FAT-fs (loop4): Directory bread(block 64) failed [ 1369.649932][T18793] FAT-fs (loop4): Directory bread(block 65) failed [ 1369.666386][T18793] FAT-fs (loop4): Directory bread(block 66) failed [ 1369.683984][T18793] FAT-fs (loop4): Directory bread(block 67) failed [ 1369.692337][T18424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1369.696515][T18793] FAT-fs (loop4): Directory bread(block 68) failed [ 1369.709999][ T5146] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 1369.736438][T18793] FAT-fs (loop4): Directory bread(block 69) failed [ 1369.736592][T18424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1369.746363][T18793] FAT-fs (loop4): Directory bread(block 70) failed [ 1369.785022][T18424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1369.793454][T18793] FAT-fs (loop4): Directory bread(block 71) failed [ 1369.806443][T18424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1369.823662][T18793] FAT-fs (loop4): Directory bread(block 72) failed [ 1369.829887][T18424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1369.836344][T18793] FAT-fs (loop4): Directory bread(block 73) failed [ 1369.866788][T18424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1369.896830][T18424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1369.916298][T18424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1369.926129][T18424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1369.962605][ T5146] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1369.976681][T18424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1369.999579][ T5146] usb 3-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1370.004865][T18424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1370.031966][T18424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1370.040978][ T5146] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1370.061314][ T5146] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1370.078875][T18424] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1370.112964][ T5146] usb 3-1: invalid MIDI out EP 0 [ 1370.134203][T18574] 8021q: adding VLAN 0 to HW filter on device team0 [ 1370.161628][T18424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1370.196854][T18424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1370.212446][T18424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1370.233791][T18424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1370.243130][ T5146] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 1370.244032][T18424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1370.304285][T18424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1370.320446][ T5146] usb 3-1: USB disconnect, device number 24 [ 1370.336750][T18424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1370.380283][T18424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1370.409822][T18424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1370.466683][T18424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1370.486957][T18424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1370.516545][T18424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1370.549012][T18424] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1370.576736][T18432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1370.613017][T18432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1370.646612][T18432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1370.666449][T18432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1370.688904][T18432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1370.710002][T18432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1370.746626][T18432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1370.780385][T18432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1370.801933][T18432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1370.823879][T18432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1370.843377][T18432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1370.864957][T18432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1370.897232][T18432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1370.937487][T18432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1370.980885][T18432] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1371.040928][T18424] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1371.082762][T18424] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1371.112074][T18424] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1371.136378][T18424] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1371.198955][T16573] bridge0: port 1(bridge_slave_0) entered blocking state [ 1371.206294][T16573] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1371.287172][T18432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1371.320452][T18432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1371.361228][T18432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1371.396929][T18432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1371.427037][T18432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1371.466748][T18432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1371.500334][T18432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1371.536787][T18432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1371.569642][T18432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1371.635563][T18432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1371.666553][T18432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1371.706559][T18432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1371.746391][T18432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1371.776431][T18432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1371.810352][T18432] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1371.912686][T16573] bridge0: port 2(bridge_slave_1) entered blocking state [ 1371.920003][T16573] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1371.982588][T18806] loop4: detected capacity change from 0 to 4096 [ 1372.019826][T18432] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1372.047517][T18806] ntfs3: loop4: Different NTFS sector size (1024) and media sector size (512). [ 1372.057816][T18432] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1372.100283][T18432] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1372.121540][T18432] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1372.567245][T18600] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1373.095120][T18600] 8021q: adding VLAN 0 to HW filter on device team0 [ 1373.448047][T10636] bridge0: port 1(bridge_slave_0) entered blocking state [ 1373.455319][T10636] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1373.478780][T10636] bridge0: port 2(bridge_slave_1) entered blocking state [ 1373.486260][T10636] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1373.616525][ T1267] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1373.706367][ T1267] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1374.785230][T18060] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1374.810048][T18060] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1374.826679][T18060] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1374.858481][T18060] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1374.879841][T18060] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1374.905322][T18060] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1375.055462][T18600] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1375.135812][T18574] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1375.766368][ T29] audit: type=1326 audit(1720613122.612:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18833 comm="syz.4.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b49b75bd9 code=0x7ffc0000 [ 1375.808777][T18060] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1375.822791][T18060] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1375.841731][T18060] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1375.877010][T18060] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1375.896726][T18060] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1375.910498][T18060] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1375.916304][ T29] audit: type=1326 audit(1720613122.612:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18833 comm="syz.4.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b49b75bd9 code=0x7ffc0000 [ 1376.106310][ T29] audit: type=1326 audit(1720613122.612:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18833 comm="syz.4.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b49b75bd9 code=0x7ffc0000 [ 1376.182794][ T29] audit: type=1326 audit(1720613122.612:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18833 comm="syz.4.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b49b75bd9 code=0x7ffc0000 [ 1376.203972][T18574] veth0_vlan: entered promiscuous mode [ 1376.244945][ T29] audit: type=1326 audit(1720613122.612:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18833 comm="syz.4.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b49b75bd9 code=0x7ffc0000 [ 1376.306101][ T29] audit: type=1326 audit(1720613122.612:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18833 comm="syz.4.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b49b75bd9 code=0x7ffc0000 [ 1376.376721][T18844] loop2: detected capacity change from 0 to 512 [ 1376.410877][ T29] audit: type=1326 audit(1720613122.622:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18833 comm="syz.4.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7f3b49b75bd9 code=0x7ffc0000 [ 1376.474713][T18844] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1376.488835][T18574] veth1_vlan: entered promiscuous mode [ 1376.509076][ T29] audit: type=1326 audit(1720613122.622:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18833 comm="syz.4.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b49b75bd9 code=0x7ffc0000 [ 1376.603826][T18600] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1376.645615][ T29] audit: type=1326 audit(1720613122.622:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18833 comm="syz.4.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b49b75bd9 code=0x7ffc0000 [ 1376.696752][T18844] EXT4-fs (loop2): 1 orphan inode deleted [ 1376.702558][T18844] EXT4-fs (loop2): 1 truncate cleaned up [ 1376.757788][T18844] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1376.810340][ T29] audit: type=1326 audit(1720613122.662:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18833 comm="syz.4.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f3b49b75bd9 code=0x7ffc0000 [ 1376.967259][T18060] Bluetooth: hci2: command tx timeout [ 1377.027752][T18853] EXT4-fs error (device loop2): ext4_lookup:1854: inode #15: comm syz.2.4207: iget: bad extra_isize 46 (inode size 256) [ 1377.137978][T18854] kAFS: unable to lookup cell '' [ 1377.145198][T18853] EXT4-fs (loop2): Remounting filesystem read-only [ 1377.212736][T12827] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1377.628111][T17231] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1377.718677][T12827] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1378.088920][T18060] Bluetooth: hci3: command tx timeout [ 1378.243500][T18574] veth0_macvtap: entered promiscuous mode [ 1378.511578][T12827] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1378.719428][T18574] veth1_macvtap: entered promiscuous mode [ 1378.993206][T12827] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1379.047257][T18060] Bluetooth: hci2: command tx timeout [ 1379.088973][T18822] chnl_net:caif_netlink_parms(): no params data found [ 1379.697086][T18574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1379.726490][T18574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1379.768664][T18574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1379.820351][T18574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1379.866500][T18574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1379.896318][T18574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1379.927525][T18574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1379.966483][T18574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1379.996284][T18574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1380.001781][T18872] loop4: detected capacity change from 0 to 32768 [ 1380.036623][T18574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1380.068996][T18574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1380.101478][T18872] XFS (loop4): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 1380.116388][T18574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1380.132881][T18574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1380.167275][T18060] Bluetooth: hci3: command tx timeout [ 1380.206330][T18574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1380.226844][T18574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1380.247808][T18574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1380.258804][T18872] XFS (loop4): Ending clean mount [ 1380.271549][T18872] XFS (loop4): Quotacheck needed: Please wait. [ 1380.309211][T18574] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1380.364858][T18574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1380.396478][T18574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1380.415683][T18872] XFS (loop4): Quotacheck: Done. [ 1380.447726][T18574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1380.473021][T18574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1380.496330][T18574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1380.535865][T18574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1380.567786][T18574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1380.586282][T18574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1380.607742][T18574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1380.632606][T18574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1380.648169][T18574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1380.682532][T18574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1380.700236][T18574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1380.723833][T18574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1380.753504][T18574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1380.768758][T18574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1380.788900][T17238] XFS (loop4): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 1380.801886][T18574] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1380.835088][T18600] veth0_vlan: entered promiscuous mode [ 1380.896638][T18832] chnl_net:caif_netlink_parms(): no params data found [ 1381.129796][T18060] Bluetooth: hci2: command tx timeout [ 1381.520306][T18822] bridge0: port 1(bridge_slave_0) entered blocking state [ 1381.546741][T18822] bridge0: port 1(bridge_slave_0) entered disabled state [ 1381.554320][T18822] bridge_slave_0: entered allmulticast mode [ 1381.598330][T18822] bridge_slave_0: entered promiscuous mode [ 1381.748731][T18574] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1381.767273][T18574] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1381.796448][T18574] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1381.805235][T18574] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1381.877152][T18822] bridge0: port 2(bridge_slave_1) entered blocking state [ 1381.884386][T18822] bridge0: port 2(bridge_slave_1) entered disabled state [ 1381.928213][T18822] bridge_slave_1: entered allmulticast mode [ 1381.959225][T18822] bridge_slave_1: entered promiscuous mode [ 1382.112081][T18891] loop4: detected capacity change from 0 to 2048 [ 1382.198452][T18891] hpfs: hpfs_map_sector(): read error [ 1382.231168][T18600] veth1_vlan: entered promiscuous mode [ 1382.246505][T18060] Bluetooth: hci3: command tx timeout [ 1382.615016][T12827] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1382.711818][T18822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1382.786178][T18898] kernel read not supported for file /eth0 (pid: 18898 comm: syz.4.4215) [ 1382.804180][T18898] program syz.4.4215 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1382.829889][T18898] fuse: Bad value for 'rootmode' [ 1383.002167][ T29] kauditd_printk_skb: 49 callbacks suppressed [ 1383.002395][ T29] audit: type=1800 audit(1720613129.652:360): pid=18898 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4215" name="eth0" dev="mqueue" ino=96878 res=0 errno=0 [ 1383.208345][T18060] Bluetooth: hci2: command tx timeout [ 1383.352443][T18832] bridge0: port 1(bridge_slave_0) entered blocking state [ 1383.394569][T18832] bridge0: port 1(bridge_slave_0) entered disabled state [ 1383.420611][T18832] bridge_slave_0: entered allmulticast mode [ 1383.447375][T18832] bridge_slave_0: entered promiscuous mode [ 1383.681568][T12827] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1383.747665][T18822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1383.875526][T18832] bridge0: port 2(bridge_slave_1) entered blocking state [ 1383.897436][T18832] bridge0: port 2(bridge_slave_1) entered disabled state [ 1383.904829][T18832] bridge_slave_1: entered allmulticast mode [ 1383.938337][T18832] bridge_slave_1: entered promiscuous mode [ 1384.112061][T12827] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1384.260171][T18822] team0: Port device team_slave_0 added [ 1384.327791][T18060] Bluetooth: hci3: command tx timeout [ 1384.650313][T12827] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1384.750175][T18822] team0: Port device team_slave_1 added [ 1384.780185][T18600] veth0_macvtap: entered promiscuous mode [ 1384.839091][T18832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1384.918460][T18832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1385.560543][ T7005] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1385.580666][ T7005] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1385.607270][ T29] audit: type=1326 audit(1720613132.462:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18906 comm="syz.4.4219" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3b49b75bd9 code=0x0 [ 1385.683263][T18822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1385.692835][T18822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1385.767080][T18822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1385.799210][T18822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1385.830781][T18822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1385.896970][T18822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1385.948458][T18600] veth1_macvtap: entered promiscuous mode [ 1386.007721][T18832] team0: Port device team_slave_0 added [ 1386.170577][T18832] team0: Port device team_slave_1 added [ 1386.411814][T18915] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.4219'. [ 1386.448158][T18915] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 1386.604274][T18822] hsr_slave_0: entered promiscuous mode [ 1386.623245][T18822] hsr_slave_1: entered promiscuous mode [ 1386.659138][T18822] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1386.677115][T18822] Cannot create hsr debugfs directory [ 1386.691365][ T5282] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1386.700410][T18832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1386.709826][ T5282] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1386.728002][T18832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1386.822833][T18832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1386.897419][T18600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1386.927319][T18600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1386.951320][T18600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1386.985208][T18600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1387.032350][T18600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1387.066830][T18600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1387.112656][T18600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1387.146321][T18600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1387.166384][T18600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1387.186257][T18600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1387.196132][T18600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1387.236630][T18600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1387.266306][T18600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1387.287572][T18600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1387.307361][T18600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1387.336410][T18600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1387.356726][T18600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1387.386280][T18600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1387.418605][T18600] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1387.611505][T18832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1387.636082][T18832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1387.731133][T18832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1387.895995][T18600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1387.922937][T18600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1387.943640][T18600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1387.954797][T18600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1387.965114][T18600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1387.980548][T18600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1387.990689][T18600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1388.020356][T18600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.036250][T18600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1388.060676][T18600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.071060][T18600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1388.102471][T18600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.126340][T18600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1388.146300][T18600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.166313][T18600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1388.195041][T18600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.209054][T18600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1388.226242][T18600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.277972][T18600] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1388.459033][T12827] bridge_slave_1: left allmulticast mode [ 1388.465831][T12827] bridge_slave_1: left promiscuous mode [ 1388.477475][T12827] bridge0: port 2(bridge_slave_1) entered disabled state [ 1388.555761][T12827] bridge_slave_0: left allmulticast mode [ 1388.569128][T12827] bridge_slave_0: left promiscuous mode [ 1388.578811][T12827] bridge0: port 1(bridge_slave_0) entered disabled state [ 1388.617962][T12827] bridge_slave_1: left allmulticast mode [ 1388.632226][T12827] bridge_slave_1: left promiscuous mode [ 1388.649870][T12827] bridge0: port 2(bridge_slave_1) entered disabled state [ 1388.675286][T12827] bridge_slave_0: left allmulticast mode [ 1388.688924][T12827] bridge_slave_0: left promiscuous mode [ 1388.715797][T12827] bridge0: port 1(bridge_slave_0) entered disabled state [ 1388.859218][T18959] loop2: detected capacity change from 0 to 16 [ 1388.887407][T18959] erofs: (device loop2): mounted with root inode @ nid 36. [ 1389.373233][T18966] loop2: detected capacity change from 0 to 2048 [ 1389.471791][T18966] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1389.836102][T17231] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1390.173265][T18980] loop2: detected capacity change from 0 to 2048 [ 1390.250781][T18981] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1391.738803][T12827] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1391.797131][T12827] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1391.821249][T12827] bond0 (unregistering): Released all slaves [ 1392.326803][T12827] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1392.350024][T12827] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1392.383523][T12827] bond0 (unregistering): Released all slaves [ 1392.459021][T18832] hsr_slave_0: entered promiscuous mode [ 1392.487501][T18832] hsr_slave_1: entered promiscuous mode [ 1392.539776][T18832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1392.556373][T18832] Cannot create hsr debugfs directory [ 1392.592002][T18600] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1392.606521][T18600] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1392.625502][T18600] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1392.638873][T18600] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1393.569694][T19002] ALSA: mixer_oss: invalid OSS volume '' [ 1393.958321][T12827] hsr_slave_0: left promiscuous mode [ 1393.991781][T12827] hsr_slave_1: left promiscuous mode [ 1394.004829][T19007] Bluetooth: MGMT ver 1.22 [ 1394.070863][T12827] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1394.097226][T12827] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1394.149604][T12827] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1394.176942][T12827] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1394.272807][T12827] hsr_slave_0: left promiscuous mode [ 1394.431632][T12827] hsr_slave_1: left promiscuous mode [ 1394.477291][T12827] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1394.500731][T12827] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1394.539942][T12827] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1394.567990][T12827] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1394.808057][T12827] veth1_macvtap: left promiscuous mode [ 1394.813731][T12827] veth0_macvtap: left promiscuous mode [ 1394.828797][T12827] veth1_vlan: left promiscuous mode [ 1394.843849][T12827] veth0_vlan: left promiscuous mode [ 1394.898401][T12827] veth1_macvtap: left promiscuous mode [ 1394.904332][T12827] veth0_macvtap: left promiscuous mode [ 1394.915810][T12827] veth1_vlan: left promiscuous mode [ 1394.926511][T12827] veth0_vlan: left promiscuous mode [ 1397.432583][T15359] ================================================================== [ 1397.440796][T15359] BUG: KASAN: use-after-free in sysv_new_inode+0xfd3/0x1170 [ 1397.448126][T15359] Read of size 2 at addr ffff88807b27d1ce by task syz.3.3145/15359 [ 1397.456380][T15359] [ 1397.458709][T15359] CPU: 0 PID: 15359 Comm: syz.3.3145 Not tainted 6.10.0-rc7-syzkaller-00012-g34afb82a3c67 #0 [ 1397.468868][T15359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1397.478933][T15359] Call Trace: [ 1397.482225][T15359] [ 1397.485165][T15359] dump_stack_lvl+0x241/0x360 [ 1397.489918][T15359] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1397.495183][T15359] ? __pfx__printk+0x10/0x10 [ 1397.499818][T15359] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1397.505482][T15359] ? _printk+0xd5/0x120 [ 1397.509679][T15359] ? __virt_addr_valid+0x183/0x520 [ 1397.514914][T15359] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1397.520611][T15359] print_report+0x169/0x550 [ 1397.525152][T15359] ? __virt_addr_valid+0x183/0x520 [ 1397.530322][T15359] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1397.536081][T15359] ? __virt_addr_valid+0x44e/0x520 [ 1397.541257][T15359] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1397.546909][T15359] ? __phys_addr+0xba/0x170 [ 1397.551520][T15359] ? sysv_new_inode+0xfd3/0x1170 [ 1397.556481][T15359] kasan_report+0x143/0x180 [ 1397.561000][T15359] ? sysv_new_inode+0xfd3/0x1170 [ 1397.565967][T15359] sysv_new_inode+0xfd3/0x1170 [ 1397.570764][T15359] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1397.576410][T15359] ? __pfx_sysv_new_inode+0x10/0x10 [ 1397.581653][T15359] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1397.587292][T15359] ? _raw_spin_unlock+0x28/0x50 [ 1397.592149][T15359] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1397.597872][T15359] ? __d_add+0x503/0x810 [ 1397.602165][T15359] sysv_mknod+0x4e/0xe0 [ 1397.606342][T15359] ? __pfx_sysv_create+0x10/0x10 [ 1397.611304][T15359] path_openat+0x1a86/0x35f0 [ 1397.615922][T15359] ? __pfx_path_openat+0x10/0x10 [ 1397.620879][T15359] do_filp_open+0x235/0x490 [ 1397.625391][T15359] ? __pfx_do_filp_open+0x10/0x10 [ 1397.630438][T15359] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1397.636074][T15359] ? _raw_spin_unlock+0x28/0x50 [ 1397.640931][T15359] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1397.646577][T15359] ? alloc_fd+0x5a1/0x640 [ 1397.650925][T15359] do_sys_openat2+0x13e/0x1d0 [ 1397.655653][T15359] ? kasan_quarantine_put+0xdc/0x230 [ 1397.660947][T15359] ? __pfx_do_sys_openat2+0x10/0x10 [ 1397.666166][T15359] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1397.671848][T15359] __x64_sys_openat+0x247/0x2a0 [ 1397.676724][T15359] ? __pfx___x64_sys_openat+0x10/0x10 [ 1397.682117][T15359] ? do_syscall_64+0x100/0x230 [ 1397.686902][T15359] ? do_syscall_64+0xb6/0x230 [ 1397.691597][T15359] do_syscall_64+0xf3/0x230 [ 1397.696118][T15359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1397.702294][T15359] RIP: 0033:0x7f19e3d75bd9 [ 1397.706728][T15359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1397.726363][T15359] RSP: 002b:00007f19e4bea048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1397.734786][T15359] RAX: ffffffffffffffda RBX: 00007f19e3f03f60 RCX: 00007f19e3d75bd9 [ 1397.742763][T15359] RDX: 000000000000275a RSI: 0000000020000080 RDI: ffffffffffffff9c [ 1397.750748][T15359] RBP: 00007f19e3de4e60 R08: 0000000000000000 R09: 0000000000000000 [ 1397.758723][T15359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1397.766698][T15359] R13: 000000000000000b R14: 00007f19e3f03f60 R15: 00007fffc17f9188 [ 1397.774690][T15359] [ 1397.777704][T15359] [ 1397.780109][T15359] The buggy address belongs to the physical page: [ 1397.786600][T15359] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x636e2 pfn:0x7b27d [ 1397.795709][T15359] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1397.802830][T15359] raw: 00fff00000000000 dead000000000100 dead000000000122 0000000000000000 [ 1397.811424][T15359] raw: 00000000000636e2 0000000000000000 00000000ffffffff 0000000000000000 [ 1397.820009][T15359] page dumped because: kasan: bad access detected [ 1397.826419][T15359] page_owner tracks the page as freed [ 1397.831776][T15359] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 15442, tgid 15441 (syz.5.3174), ts 1303319348092, free_ts 1384425528919 [ 1397.849858][T15359] post_alloc_hook+0x1f3/0x230 [ 1397.854643][T15359] get_page_from_freelist+0x2e4c/0x2f10 [ 1397.860217][T15359] __alloc_pages_noprof+0x256/0x6c0 [ 1397.865467][T15359] alloc_pages_mpol_noprof+0x3e8/0x680 [ 1397.870939][T15359] folio_alloc_noprof+0x128/0x180 [ 1397.875973][T15359] filemap_alloc_folio_noprof+0xdf/0x500 [ 1397.881624][T15359] do_read_cache_folio+0xed/0x820 [ 1397.886653][T15359] do_read_cache_page+0x30/0x200 [ 1397.891595][T15359] sysv_find_entry+0x1af/0x410 [ 1397.896360][T15359] sysv_inode_by_name+0x98/0x1f0 [ 1397.901303][T15359] sysv_lookup+0x6b/0xe0 [ 1397.905546][T15359] path_openat+0x11c2/0x35f0 [ 1397.910141][T15359] do_filp_open+0x235/0x490 [ 1397.914646][T15359] do_sys_openat2+0x13e/0x1d0 [ 1397.919340][T15359] __x64_sys_openat+0x247/0x2a0 [ 1397.924206][T15359] do_syscall_64+0xf3/0x230 [ 1397.928721][T15359] page last free pid 15442 tgid 15441 stack trace: [ 1397.935213][T15359] free_unref_folios+0xf23/0x19e0 [ 1397.940292][T15359] shrink_folio_list+0x33cd/0x8f70 [ 1397.945418][T15359] evict_folios+0xb2e/0x2710 [ 1397.950022][T15359] try_to_shrink_lruvec+0xb6b/0xe90 [ 1397.955234][T15359] shrink_lruvec+0x586/0x2f90 [ 1397.959920][T15359] shrink_node+0xa18/0x3fe0 [ 1397.964442][T15359] do_try_to_free_pages+0x77d/0x1c40 [ 1397.969733][T15359] try_to_free_mem_cgroup_pages+0x465/0xac0 [ 1397.975632][T15359] try_charge_memcg+0x701/0x1840 [ 1397.980589][T15359] obj_cgroup_charge+0x38a/0x630 [ 1397.985536][T15359] __memcg_slab_post_alloc_hook+0x1b1/0x7e0 [ 1397.991451][T15359] kmem_cache_alloc_noprof+0x1de/0x2a0 [ 1397.997014][T15359] alloc_buffer_head+0x2a/0x290 [ 1398.001867][T15359] folio_alloc_buffers+0x241/0x5b0 [ 1398.006991][T15359] create_empty_buffers+0x3a/0x740 [ 1398.012120][T15359] block_read_full_folio+0x258/0xe10 [ 1398.017424][T15359] [ 1398.019742][T15359] Memory state around the buggy address: [ 1398.025457][T15359] ffff88807b27d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1398.033528][T15359] ffff88807b27d100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1398.041637][T15359] >ffff88807b27d180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1398.049696][T15359] ^ [ 1398.056103][T15359] ffff88807b27d200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1398.064172][T15359] ffff88807b27d280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1398.072275][T15359] ================================================================== [ 1398.108403][T15359] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1398.115657][T15359] CPU: 1 PID: 15359 Comm: syz.3.3145 Not tainted 6.10.0-rc7-syzkaller-00012-g34afb82a3c67 #0 [ 1398.125824][T15359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1398.135898][T15359] Call Trace: [ 1398.139183][T15359] [ 1398.142121][T15359] dump_stack_lvl+0x241/0x360 [ 1398.146922][T15359] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1398.152243][T15359] ? __pfx__printk+0x10/0x10 [ 1398.156863][T15359] ? preempt_schedule+0xe1/0xf0 [ 1398.161732][T15359] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1398.167387][T15359] ? vscnprintf+0x5d/0x90 [ 1398.171742][T15359] panic+0x349/0x860 [ 1398.175664][T15359] ? check_panic_on_warn+0x21/0xb0 [ 1398.180813][T15359] ? __pfx_panic+0x10/0x10 [ 1398.185256][T15359] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1398.190911][T15359] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1398.196563][T15359] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 1398.202560][T15359] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1398.208904][T15359] ? print_report+0x502/0x550 [ 1398.213612][T15359] check_panic_on_warn+0x86/0xb0 [ 1398.218585][T15359] ? sysv_new_inode+0xfd3/0x1170 [ 1398.223558][T15359] end_report+0x77/0x160 [ 1398.227812][T15359] kasan_report+0x154/0x180 [ 1398.232336][T15359] ? sysv_new_inode+0xfd3/0x1170 [ 1398.237295][T15359] sysv_new_inode+0xfd3/0x1170 [ 1398.242086][T15359] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1398.247725][T15359] ? __pfx_sysv_new_inode+0x10/0x10 [ 1398.252961][T15359] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1398.258619][T15359] ? _raw_spin_unlock+0x28/0x50 [ 1398.263486][T15359] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1398.269127][T15359] ? __d_add+0x503/0x810 [ 1398.273392][T15359] sysv_mknod+0x4e/0xe0 [ 1398.277558][T15359] ? __pfx_sysv_create+0x10/0x10 [ 1398.282623][T15359] path_openat+0x1a86/0x35f0 [ 1398.287247][T15359] ? __pfx_path_openat+0x10/0x10 [ 1398.292202][T15359] do_filp_open+0x235/0x490 [ 1398.296717][T15359] ? __pfx_do_filp_open+0x10/0x10 [ 1398.301760][T15359] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1398.307396][T15359] ? _raw_spin_unlock+0x28/0x50 [ 1398.312247][T15359] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1398.317881][T15359] ? alloc_fd+0x5a1/0x640 [ 1398.322229][T15359] do_sys_openat2+0x13e/0x1d0 [ 1398.326939][T15359] ? kasan_quarantine_put+0xdc/0x230 [ 1398.332249][T15359] ? __pfx_do_sys_openat2+0x10/0x10 [ 1398.337465][T15359] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1398.343108][T15359] __x64_sys_openat+0x247/0x2a0 [ 1398.347978][T15359] ? __pfx___x64_sys_openat+0x10/0x10 [ 1398.353369][T15359] ? do_syscall_64+0x100/0x230 [ 1398.358148][T15359] ? do_syscall_64+0xb6/0x230 [ 1398.362857][T15359] do_syscall_64+0xf3/0x230 [ 1398.367380][T15359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1398.373289][T15359] RIP: 0033:0x7f19e3d75bd9 [ 1398.377704][T15359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1398.397315][T15359] RSP: 002b:00007f19e4bea048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1398.405738][T15359] RAX: ffffffffffffffda RBX: 00007f19e3f03f60 RCX: 00007f19e3d75bd9 [ 1398.413713][T15359] RDX: 000000000000275a RSI: 0000000020000080 RDI: ffffffffffffff9c [ 1398.421779][T15359] RBP: 00007f19e3de4e60 R08: 0000000000000000 R09: 0000000000000000 [ 1398.429758][T15359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1398.437728][T15359] R13: 000000000000000b R14: 00007f19e3f03f60 R15: 00007fffc17f9188 [ 1398.445710][T15359] [ 1398.450567][T15359] Kernel Offset: disabled [ 1398.454881][T15359] Rebooting in 86400 seconds..