last executing test programs: 9.637325115s ago: executing program 0: socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000003780)=@newsa={0x138, 0x10, 0x1, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@broadcast}, {@in6=@private0, 0x0, 0x6c}, @in6=@remote, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'lzs\x00'}}}]}, 0x138}}, 0x0) 8.490229817s ago: executing program 0: syz_mount_image$vfat(0x0, &(0x7f0000000040)='./file0\x00', 0x102000, 0x0, 0x0, 0x0, &(0x7f0000000000)) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r2 = dup(r1) openat$cgroup_int(0xffffffffffffffff, &(0x7f00000002c0)='cpuset.mem_exclusive\x00', 0x2, 0x0) write$P9_RLERRORu(r2, &(0x7f00000002c0)=ANY=[@ANYBLOB='S\x00\x00\x00\a\x00\x00B\x00'], 0x53) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}}) 7.908721421s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000010000000000000000000000a5000000a000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x22}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xe, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000a40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)={@map=r0, r1, 0x4}, 0x10) r2 = socket(0x1, 0x3, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r0, &(0x7f0000000680), &(0x7f0000000080)=@udp6=r2}, 0x20) r3 = socket(0x1, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r0, &(0x7f0000000240), &(0x7f0000000180)=@tcp=r3}, 0x20) 7.413485727s ago: executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae000000a5000000d000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000600)='ext4_da_update_reserve_space\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0x40010) 6.510132033s ago: executing program 0: bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x8}, 0x48) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001880)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x26}, 0x20) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r1, 0x29, 0x31, &(0x7f0000000040)=0x8000, 0x4) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) socket(0x10, 0x3, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) 5.951904103s ago: executing program 2: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c00000015000000000000000000000000000005"], 0x1c}}, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, 0x0, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3c9ffff01000000010000005600000025000000f15a41d40400000007fd17e5ffff0808040000000000000000", 0x39}], 0x1) setsockopt$inet_mreqsrc(r0, 0x0, 0x25, &(0x7f0000000100)={@multicast2, @loopback, @empty}, 0xc) 5.935253579s ago: executing program 0: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000d00)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c64656275672c6572726f72733d72656d6f756e742d726f2c757466383d302c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c636865636b3d72656c617865642c757466383d302c726f6469722c726f6469722c00bd11a3d82e3cc8e94a1ac3169cb253bc51dceb1a3c8675eef705933dac0549813c420584251b8849a95afa9de1a80dcc7f9d4e26116050410b89f88108d551843f6115dded9b54fcb36a3a7bab7fb11d2c7265fa11a3ff2f3ca1c0df2142ff9ce532341817f2bb2fef3428793728d4daa090c5becbb74d00c95f965afa83e5bb562620ea9e99853533ca4ef0702dad548503917329f0f431d87efa28137d3f0e0fa2906cb9e236094a2d7a9ce877c1d8509500"/315, @ANYRESDEC], 0x1, 0x21c, &(0x7f0000000ac0)="$eJzs3TFrE2EYB/CnNtVSkHQQiiJ44uIUmop7ilQQA4qSQSeLTVGaWDAQ0KF180voV9DRVXAQV7+ACFIFF7t1ECL1YtPWxARKctL+fkse8r7/u+e9hBwZ8ube2frK0mpjeXNzIyYnxyJXilJsjcV0HIvxSD0LAOAw2Wq14kcr1WV4IoOWAIAh63P/BwAOoQHv/zdH2BIAMGS+/wPA0XP7zt3r8+Xywq0kmYyoP29WmpX0MR2fX46HUYtqzEY+fka0dqT11Wvlhdlk29fpqNTX2/n1ZmV8b74Y+Zjuni8mqb35iZhq5z9NRTXmIh+nuufnuuaPx8ULu85fiHx8vB+rUYul2M528mvFJLlyo7wvf+L3PAAAAAAAAAAAAAAAAAAAAAAAGIZCsqPr/j2FQq/xND/4/kD79+fJxZlctmsHAAAAAAAAAAAAAAAAAACA/0XjydOVxVqt+vhfxaMPr971mzNgMdY+70GPc/Di5PkvL3rNGd99fXIjbuztuSwvy4DF+40Hpy81Zi5n1sZERPz9TM+31vd8xJD6eZ3pa/Fn1X0nz7wsLb5Z+/xt0COP/KMIAAAAAAAAAAAAAAAAAACOvM6PfrPuBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACy0/n//+EVWa8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+BQAA///OT51p") r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) rt_sigqueueinfo(0x0, 0x18, &(0x7f00000003c0)={0x2d, 0x3e}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) pipe2$9p(&(0x7f0000001900), 0x0) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x128781) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r4, 0x40bc5311, &(0x7f00000001c0)={0x124, 0x1, 'client1\x00', 0xffffffff80000004, "56dc9179cf8000", "20e48560999f00"}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001e0001ade907200000", @ANYRES32=0x0, @ANYBLOB="000000000a000200aaaaaaaaaabb00000800090001000000"], 0x30}}, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000a80)='virtio_transport_alloc_pkt\x00', r6}, 0x10) 5.331936862s ago: executing program 2: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r0) r1 = socket$inet(0xa, 0x801, 0x0) listen(r1, 0x0) mount$9p_fd(0x0, &(0x7f0000000780)='./file0\x00', &(0x7f00000007c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 4.742442614s ago: executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) futex(&(0x7f000000cffc), 0x9, 0x0, 0x0, 0x0, 0xfffffffe) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0xa, 0x0, 0x0, 0x0, 0x1) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e75"], 0x24) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000800)={'bridge0\x00'}) read$FUSE(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x3, 0x15}, @l2cap_cid_signaling={{0x11}, [@l2cap_create_chan_req={{0xc, 0x8, 0x5}, {0x1, 0x9, 0x3}}, @l2cap_disconn_rsp={{0x7, 0x0, 0x4}, {0xb492, 0x8}}]}}, 0x1a) 4.419027496s ago: executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f0000000040), 0x76dc) recvmmsg(r0, &(0x7f00000061c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x102, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=ANY=[@ANYBLOB="6000000010000304000000005573002000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000380012800b00010069703667726500002800028014000600fe80000000000000000000000000000008", @ANYRES32=0x0, @ANYBLOB="060002000000000008000a00", @ANYRES32], 0x60}, 0x1, 0xba01}, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000001c0)=0x100000, 0x4) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc", 0x24}], 0x1) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5}) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454de, 0x20001100) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000a00)={'#! ', '', [], 0xa, "1d"}, 0x5) 3.91247205s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r2, 0x7aa, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x8001000000000000, 0x40, &(0x7f0000000280)=@raw={'raw\x00', 0x8, 0x3, 0x208, 0x0, 0x3f1, 0x148, 0x0, 0x5, 0x170, 0x2a8, 0x2a8, 0x170, 0x2a8, 0x3, 0x0, {[{{@uncond, 0xffffe000, 0x70, 0xd0, 0x0, {0x0, 0x1c030000}}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff}, {0xffffffffffffffff, [0xf, 0x6, 0x2, 0x1]}}}}, {{@ip={@local, @private, 0x0, 0x0, 'bridge_slave_1\x00', 'lo\x00'}, 0x0, 0x70, 0xa0}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x268) 3.562587472s ago: executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000001980)={0xb, {"a2e3ad214fc752f9182909094bf70e0dd038e7ff7fc6e5539b324c078b089b39353b6d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31300d074c0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r1, 0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000780)=r1}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000740)={r2, 0x58, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x4c, 0x0, 0x800, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x20}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x10001}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x7}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xfff}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x9}]}, 0x4c}}, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x759, &(0x7f0000000b40)={[{@abort}, {@noblock_validity}, {@discard}, {@errors_remount}, {@journal_dev={'journal_dev', 0x3d, 0x1}, 0x0}, {@usrjquota}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x4}}, {@journal_dev={'journal_dev', 0x3d, 0x10001}}, {@errors_continue}, {@usrjquota_path={'usrjquota', 0x3d, './file1/file4/file5'}}, {@jqfmt_vfsv1}, {@jqfmt_vfsv0}], [], 0x2c}, 0x2, 0x4f9, &(0x7f0000000200)="$eJzs3ElvHFUeAPB/te04zjL2ZNYsM+mZzAgLRBw764FDgkDKBQkJhMLR2E4U4iQoNlISWcRBKEgcQPkELDckPgEnuCBAHEBcibgipAj5ksABFarqatN2ub2l7cbx7yd151XVq37v31Uv/ZZuB7BpVbOnJGJHRHwXEb21zbkZqrV/7s9Mjfw8MzWSRJo+91OS57s3MzVSz1o/b3ux0V+JqLyRxN5ysd0T165fGB4fH7tS7BiYrBSpi8Pnxs6NXRo6ceLI4Z7jx4aOtiTOrE739rx2ed/u0y/efmbkzO2Xvvgoq29aHG+Mo6Yvf96y7BI6SnuqUZ37Xjb4//KrviHsbEgnndlzpX2VYdmyuza7XF15+++Njnyrpjeefr2tlQPWVJqmaXdp7+xn2XTaKElqJ6TpzRR4CCTR7hoA7VH/oL83k41Up0bK4+CH291TkY+AsrjvF4/akc58BFvtq42Nutao/L9GxJnpX97NHrHgPAQAQGt9cipiW9HvqD9qRyrx94Z8fyrWhvoi4s8RsSsi/lL0X/4Wkef9R0T8s+GcHctYBajO2y73f77pKRKN3dWWyfp/TxRrW3P7f7M17+sotnbm8XclZ8+Pjx0q3pP+6OrOtgfLLz07rfbpU9++06z8akP/L3tk5df7gkU9fuycN0E3Ojw5/KBx1929mb+xN8rxJ9GZ1FMRuyNizypeP3vPzj/64b5mx+fEn8VZiv/t5i/euYoKzZO+H/FI7fpPx7z4o1j/S/L1yYuvDExcu/74+cb1ycHjx4aODmyN8bFDA/W7ouzLr289WyRLw4hFrn+9aazpQlp2/bcteP/Prlz2ZanZ9dqJlZdx686bTcc0q73/tyTP5+n6+uzV4cnJK4MRW5Lp8v6h38+9OtwzJ38Wf/+Bhdv/rohf3yvO2xsR2U38r4j4d0TsL+r+n4j4b0QcWCT+z5/838vNhpBLx7+2svhHV3T9myVOfhWx8KGOC599XCr4rWop/q5odv2P5Kn+Ys/o8OTWpeJarKaNiQd+AwEAAGAD2J/P0yaVg8VE046oVA4ejNg+O4MyMfnY2cuvXhqtzef2RVelPtPV2zAfOljMDWfb2VlDDdvZ8cP5vHGapmlPtp2N38d3tjd02PS2N2n/mR/KP2kBHjYrWkdr9os2YEOa3/7vLPvM1n8hA1hfLfgeDbBBaf+weS27/a/Vr+CAtlmo/d+IuN+GqgDrbKH2/0Jpz8l1qQuwvoz/YfNaffv3ZQDY6Hz+w6a0rB/JryKx6/QieZLOtSm0eaISi/8VgL6I+p56n2bxF/y+EtGaGna0NNKeOde0smCerdGKsqKyZJ7OFfwhhvVNVP4Y1agluiNiibt39ma7UU9cX+uK5Y3gg/b+7wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDgfgsAAP//RUTTKw==") mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="6e725f97696e6f6465733d382c00cb51fe27d2ffbf8134060a2a9eaaff3159662107b1ee23ac20dd7cf86e445c5edfcb018e9d2ecd4c16fe0911acc5db32d6f3941209cfd4dac33ebfcf9d7515c0ccfe874f6d981e1c821e30c2cab3e75c55b6"]) mount$bind(&(0x7f0000000200)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000202053250000000000202020731af9ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10) ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0) r5 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r5, 0x5412, &(0x7f0000000140)=0x13) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) 3.559108781s ago: executing program 1: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c00000015000000000000000000000000000005"], 0x1c}}, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, 0x0, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3c9ffff01000000010000005600000025000000f15a41d40400000007fd17e5ffff0808040000000000000000", 0x39}], 0x1) setsockopt$inet_mreqsrc(r0, 0x0, 0x25, &(0x7f0000000100)={@multicast2, @loopback, @empty}, 0xc) 3.189530808s ago: executing program 1: openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000015c0)='devices.list\x00', 0x275a, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000}, 0x48) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r0, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1428}, {&(0x7f00000000c0)=""/250, 0x2}], 0x2, 0x0, 0xd64}}], 0x300, 0x0, 0x0) sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB=' \x00\x00 ', @ANYRES16, @ANYBLOB="a78700000000000000000b0000000c0001800800030001000000"], 0x20}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x3, &(0x7f0000000340)=[{0x44, 0x0, 0x0, 0x2}, {}, {0x6}]}) socket$vsock_stream(0x28, 0x1, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="18"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) syz_open_dev$usbmon(&(0x7f0000000000), 0x7fffffff, 0x0) add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) socket(0x0, 0x80002, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x18000000) 2.942769898s ago: executing program 3: syz_mount_image$hfsplus(&(0x7f0000003000), &(0x7f0000000240)='./bus\x00', 0x208000, &(0x7f0000003f80)=ANY=[@ANYBLOB="6e6c733d63703935302c6e6f626172726965722c666f7263652c756d61736b3d30303030303030303030303030303030303030313030302c00d01280f532b0f4cf3b36fd5c6ef64269a533fc6b052f92ffcac08ca18519d5b3711b97ec291e41355fa65d9c0d15e7c10c63ab0bba736f92ab9d30478ae1452a017be98c2a0507febf295db17e98d0fffc0d349264ce2acdedc0a61ae132d4024d39e11de2dc8679fac7efcb6137aa2e361c5f6cb851e3a60ba05f834666694667f27f0d632cf9a85fe247e27251acbd739ff85088cb201010900132000000000000000000002593d600000000"], 0xfd, 0x691, &(0x7f00000002c0)="$eJzs3U1sHGf9B/DvrDdrO/+/UrdN2oKQGjUigkYkdpaSIEAEhFAOFYrEpRcOVuI0VjZp5bjIrRB1eb1y7KGHIhQOPaEekIo4VJQzEhInLrlH4u4Ti2Z2dr3Oxo43b7uBz0eanWfmeZnf/PzM7JusDfA/6/xrObCZIudPvLpRbt+62e7cutm+1i8nmU3SSJq9VYrrSfFZci69JZ8rd9bDFbsd55Xbn3xw/P2P2r2tZr1U7Rt79Rtx15ab9ZKjSWbq9QPYMd7FBx6vGMRdJuxYP3Ewad0Rm+N03/91C0ytove8OWIhOZhkrn4dkPru0Hi80T18Y93lAAAA4An11Fa2spFDk44DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAniT17/8X9dLol4+m6P/+f6va16qatyYd74P6dNIBAAAAAAAAAMBD8OJWtrKRQ/3tblF95/9StXG4evy/vJUbWclaTmYjy1nPetaylGShqn+vemxtLK+vry3t1rPb7b7bnal6nh70zFDP0yOhFXtH3p194JMHAAAAAAAAgCfMHl+W/yznt7//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAaVAkM71VtRzulxfSaCaZS9Iq220mf+6Xn2SfTjoAAAAAeAye2spWNnKo+Hdvu1tU7/mfq973z+WtXM96VrOeTlZyqfosoPeuv/H3zXbn1s32tXIZHfc7/xorjGrE9D57uPuRF6sWR+r2m0m+nx/mRI7mQtaymh9nOetZydF8ryotp8hCNdY/v5XUcY7EO1s+nNsRyoV7xfpCFcl8Lme1iu1kLg4+Bmn02wwd7Y+tZEeGGnmvzE7x7do+c3SpXpd/g9/U6+mwUJ3UgUFGFuvcl9l4+tZuua/05sns+Edq1nsag8+gDu91pPvM+cF6Xeb6V8M5f3G/ET8qwzkvozqdxmD2Pbd3zpMv/+MvF650rl+9cvnGiemZRrvqdrvv7l575+xrDzIxl+f3n4nNXTLx8c7Nmbu1mRvzhB6RVp2NXozbd8vk/PDdsttNRu6WL1V9D2U1P8gbuZSVnMlilnI2i/l6Tqe9Y4Yd2Tuv1bXWGO9aO/alujCf5Nf1ejqUeX16KK/Dd7qFqm54z3aWntlHlsa8IzU/XxfKY/x86Bln8u7MxNJQJp7dOxO/LWdkbnSuX127svzmPo93vF6Xl+0vdz4f/u5hnM/9K+fLM+Ufq9raOTvKumfvWrdU1R0e1DVG6o4M6u51pbbq13CjI/Xqnr9rXbuqe2GobsernLyRzuBVCADToju66+DLB1vzt+f/Nv/h/C/mr8y/Ovfd2bOzX2jlwF+bf5r5Q+P3jW8WL+fD/DSHJhEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8t7nx9jtXlzudlbUpLKQxXq/yfCYd89QWZpOM26toPtwwPk5y3937vxXY3/PFzkr+f49ezaEZvt1rKv4WD174xo/qZNyjcXO8y3y+HnB6flwMeHROrV9789SNt9/5yuq15ddXXl+5fvrsmbNn2l9b+uqpy6udlcXe46SjBB6F7Wf/SUcCAAAAAAAAAAAA7Nfj+I+FSZ8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8GQ7/1oObKbI0uLJxXL71s12p1z65e2WzSSNJMVPkuKz5Fx6SxaGhit2O84rtz/54Pj7H7W3x2r22zf26rc/m/WSo0lm6vWdDUbN7mu8i8PjNe4nvGJwhmXCjvUTB5P2nwAAAP//euIAEg==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$UHID_INPUT(r0, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd4829bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bccdf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, 0x0) 2.481529055s ago: executing program 4: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x5, 0x9, 0x0, 0x2, 0x300}, {0x6e}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 2.192421432s ago: executing program 3: r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@phonet={0x23, 0x0, 0x0, 0x3f}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000180)="27050200590200000600002fb96dbcf706e105000700810000008100accb", 0x1e}, {&(0x7f0000001a00)="8848e08d7b077433", 0x8}], 0x2}, 0x0) 1.881778423s ago: executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) 1.706941687s ago: executing program 1: syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x0, 0x0, 0x0, 0x1, [{0xc1, &(0x7f0000000880)=@string={0xc1, 0x3, "289bf4c57b2888772af1dd9694320cfb2d07d97fdb0b750006e17c86114975f57eea829ae05b0762bfb3865b4dc7be7b412390ce8feb28b457028c7d4750e851ff7810747fd25d53316b6b0f8b7d9e1b75e1be0d6c7f0cf5e0f860a47204b08ac6794f29dd1392477baca45273c1ce23af0c9d8e5f18c553c0617d3014aed74eea42fede243df170462c644f6a1f883b3091efcc7a07e87b70b7c587da7b226c5a382dd527f87ae26ebaa1a8c70524230cc7070779dce3e8408bedb1ae0fed"}}]}) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000002c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc01c64b9, &(0x7f0000000300)={&(0x7f0000000200)=[0x0, 0x0, 0x0], &(0x7f00000000c0), 0x3, r1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000840)={0x0, 0x1, &(0x7f0000000040)=[r1], &(0x7f0000000980)=[0x3], &(0x7f0000000780)=[r2], &(0x7f0000000940)}) 1.597504221s ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10, &(0x7f0000000640)={[{@prjquota}, {@delalloc}]}, 0xfe, 0x47c, &(0x7f00000001c0)="$eJzs3M9vFFUcAPDvzLZF+VVEROWHVNHY+KOlBZWDF43eNDHRA15MalsIslBDSyKEaDUGj4bEu/FkjP4FnvRi1JOJV70bEqLEBPSga2Z2prSlu9Cyyy7u55PM9r2dt/ved2fezJt53Q2gZw1lD0nExoj4JSIG69mlBYbqf65cOjv516Wzk0nUaq/+nuTlLl86O1kWLV+3ocgMpxHph0lRyVKzp88cm6hWp08W+dG542+Pzp4+8+TR4xNHpo9Mnxg/ePDA/rFnnh5/qiVxZnFd3vHuzK6k7/XzL08eOv/mD1/1RcT23fX1i+O4KemGheRQFvgftdzyYo+0pLLusWlROunrYENYlUpEZJurP+//g1GJqxtvMF78oKONA9oqOzeta7x6vgb8jyXR6RYAnVGe6LPr33K5RUOPrnDxufoFUBb3lWKpr+mLtCjT38b674uIQ/N/f5otUWyHfza2sUIAoOd9k41/nlhp/JfG9kXlNhdzKFsi4q6I2BoRd0fEtoi4JyIve28xnlmN+tRQZSF/7fgzvbDm4G5ANv57tpjbWjr+q4/+arXav5UitymPvz85fLQ6va/4TIajf12WH2tSx7cv/Pxxo3VDi8Z/2ZLVX44Fi3Zc6Ft2g25qYm6iVYPSi+9H7OhbKf5kYSYgiYj7I2LH6t56c5k4+tgXuxoVun78TbRgnqn2WcSj9e0/H8viLyXN5ydH74jq9L7Rcq+41o8/nXulUf03FX8LZNt//dL9f1mJwT+TxfO1s6uv49yvHzW8plzr/j+QvJbPWQ8Uz70zMTd3cixiIHkpzy95fvzqa8t8WT6Lf3jvyv1/a/GaLP6dEZHtxLsj4oGI2FO0/cGIeCgi9jaJ//vnH35r7fG3Vxb/1IrHv4X9f8vS7b/6ROXYd183qv/Gtv+BPDVcPJMf/66jcXOiOp0d1te8NwMAAMDtJ42IjZGkIwvpNB0Zqf8P/7ZYn1ZnZucePzxz6sRU/TsCW6I/Le90DRb3Q7Or7bFkvnjH+v3R8eJecXm/dH9x3/iTyp15fmRypjrV4dih121o0P8zv1U63Tqg7XxfC3rX8v6fdqgdwK3n/A+9S/+H3qX/Q+9a1P+/PHVuZ554L3/cs7BixbmAJr8cAtwenP+hd+n/0Lv0f+hd+j/0pJv5Xn93Jwa6oxmrT3ze3xXNuF4i0mZl3ohb3rDoio+l1Ymk6Y9ZtDHR6SMTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAa/wXAAD//ys68O0=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f0000000240)=@reiserfs_2={0x4b, 0x2, {0xb}}, 0x0) 1.534543963s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r2, 0x7aa, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x8001000000000000, 0x40, &(0x7f0000000280)=@raw={'raw\x00', 0x8, 0x3, 0x208, 0x0, 0x3f1, 0x148, 0x0, 0x5, 0x170, 0x2a8, 0x2a8, 0x170, 0x2a8, 0x3, 0x0, {[{{@uncond, 0xffffe000, 0x70, 0xd0, 0x0, {0x0, 0x1c030000}}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff}, {0xffffffffffffffff, [0xf, 0x6, 0x2, 0x1]}}}}, {{@ip={@local, @private, 0x0, 0x0, 'bridge_slave_1\x00', 'lo\x00'}, 0x0, 0x70, 0xa0}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x268) 1.371942046s ago: executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) futex(&(0x7f000000cffc), 0x9, 0x0, 0x0, 0x0, 0xfffffffe) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0xa, 0x0, 0x0, 0x0, 0x1) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e75"], 0x24) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000800)={'bridge0\x00'}) read$FUSE(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x3, 0x15}, @l2cap_cid_signaling={{0x11}, [@l2cap_create_chan_req={{0xc, 0x8, 0x5}, {0x1, 0x9, 0x3}}, @l2cap_disconn_rsp={{0x7, 0x0, 0x4}, {0xb492, 0x8}}]}}, 0x1a) 1.215378727s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000085000000a000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001880)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x26}, 0x20) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r2, 0x29, 0x31, &(0x7f0000000040)=0x8000, 0x4) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) socket(0x10, 0x3, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) 1.033845411s ago: executing program 3: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c00000015000000000000000000000000000005"], 0x1c}}, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3c9ffff01000000010000005600000025000000f15a41d40400000007fd17e5ffff0808040000000000000000", 0x39}], 0x1) setsockopt$inet_mreqsrc(r0, 0x0, 0x25, &(0x7f0000000100)={@multicast2, @loopback, @empty}, 0xc) 809.816029ms ago: executing program 4: bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000000)='ext4_allocate_inode\x00'}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x4, 0xc}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000006604000008000300", @ANYRES32=r3, @ANYBLOB="0800b70004000000080026009409"], 0x4c}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='rdma.current\x00', 0x26e1, 0x0) close(r4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) ioctl$SIOCSIFHWADDR(r4, 0x8b04, &(0x7f0000000040)={'wlan1\x00', @random="e1ffffff0200"}) 715.084851ms ago: executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f0000000040), 0x76dc) recvmmsg(r0, &(0x7f00000061c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x102, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=ANY=[@ANYBLOB="6000000010000304000000005573002000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000380012800b00010069703667726500002800028014000600fe80000000000000000000000000000008", @ANYRES32=0x0, @ANYBLOB="060002000000000008000a00", @ANYRES32], 0x60}, 0x1, 0xba01}, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000001c0)=0x100000, 0x4) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc", 0x24}], 0x1) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5}) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454de, 0x20001100) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000a00)={'#! ', '', [], 0xa, "1d"}, 0x5) 700.303899ms ago: executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4) setsockopt$inet6_int(r0, 0x29, 0x4d, &(0x7f0000000180)=0x8, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 269.103566ms ago: executing program 1: write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21}}, 0x50) r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000005c0), 0x10) recvmmsg(r0, &(0x7f0000003080)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000017c0)=""/16, 0x10}], 0x1}}], 0x1, 0x0, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000180)={'vxcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f00000001c0)={0x1d, r2}, 0x18) sendmsg$can_j1939(r1, &(0x7f0000000380)={&(0x7f0000000200), 0x18, &(0x7f0000000340)={&(0x7f00000000c0)="10", 0x1}}, 0x0) 29.486388ms ago: executing program 2: openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000015c0)='devices.list\x00', 0x275a, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000}, 0x48) r0 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r1, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1428}, {&(0x7f00000000c0)=""/250, 0x2}], 0x2, 0x0, 0xd64}}], 0x300, 0x0, 0x0) sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB=' \x00\x00 ', @ANYRES16=r0, @ANYBLOB="a78700000000000000000b0000000c0001800800030001000000"], 0x20}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x3, &(0x7f0000000340)=[{0x44, 0x0, 0x0, 0x2}, {}, {0x6}]}) socket$vsock_stream(0x28, 0x1, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="18"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) syz_open_dev$usbmon(&(0x7f0000000000), 0x7fffffff, 0x0) add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) socket(0x0, 0x80002, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x18000000) 0s ago: executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) kernel console output (not intermixed with test programs): ms! [ 335.388948][ T5417] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 335.467070][ T5414] veth0_vlan: entered promiscuous mode [ 335.534429][ T5414] veth1_vlan: entered promiscuous mode [ 335.649115][ T5417] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.658294][ T5417] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.667464][ T5417] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.676619][ T5417] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.841388][ T5414] veth0_macvtap: entered promiscuous mode [ 335.947605][ T5414] veth1_macvtap: entered promiscuous mode [ 336.193722][ T5414] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 336.206937][ T5414] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.217901][ T5414] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 336.228664][ T5414] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.238789][ T5414] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 336.249590][ T5414] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.259701][ T5414] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 336.270474][ T5414] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.288721][ T5414] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 336.494687][ T5414] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 336.505582][ T5414] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.515773][ T5414] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 336.526527][ T5414] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.536862][ T5414] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 336.547727][ T5414] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.557803][ T5414] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 336.568498][ T5414] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.583455][ T5414] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 336.897281][ T5414] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.907967][ T5414] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.918323][ T5414] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.928311][ T5414] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 339.233258][ T3493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 339.243866][ T3493] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 339.513489][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 339.521756][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 339.981117][ T5603] syz-executor.2[5603] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 339.982989][ T5603] syz-executor.2[5603] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 340.103051][ T5603] syz-executor.2 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 341.507310][ T4209] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 341.515575][ T4209] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 341.732034][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 341.741514][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 341.980691][ T1218] ieee802154 phy0 wpan0: encryption failed: -22 [ 341.987357][ T1218] ieee802154 phy1 wpan1: encryption failed: -22 [ 342.199019][ T5634] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 342.502991][ T3580] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 342.511656][ T3580] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 342.752161][ T5634] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 342.825286][ T4209] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 342.833523][ T4209] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 343.304224][ T5132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 343.312470][ T5132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 343.354480][ T5136] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 343.581982][ T3580] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 343.590314][ T3580] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 343.870573][ T5136] usb 4-1: config 1 interface 0 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 343.895521][ T5136] usb 4-1: config 1 interface 0 has no altsetting 0 [ 343.964140][ T5656] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 343.974466][ T5656] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 344.120314][ T5136] usb 4-1: New USB device found, idVendor=046d, idProduct=c22e, bcdDevice= 0.40 [ 344.129755][ T5136] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 344.138003][ T5136] usb 4-1: Product: ы [ 344.142425][ T5136] usb 4-1: Manufacturer: 繙ꏟ䞍뽨ﱀ傐溸᪺鴓୰㸳ꑪ岽汍綃넹Êቸ船瓶矂㏽聸៟騱퀎ꤲ⠳﫳ۊ⯵櫼䥆쀚螤迭枛諱ꄡ芶耠꣚繗꿃멺렪蔠ྮ咔乩癍㦫씫✻틁芄邊䡳ᅪ灥翥㞚磃퀔䬬➼湖旜≋⛞鸪鍈紟캟멻ꩄ똾䴏籂骦嬑썴ᘛ鎾諐箍㹱쇴覤넠⎗焴ዡ㘣녉☃⏚⚲瘔⃪嚣ᷔ縒 [ 344.179144][ T5136] usb 4-1: SerialNumber: э [ 344.820617][ T5645] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 345.280278][ T5675] loop2: detected capacity change from 0 to 128 [ 345.293239][ T5675] ufs: You didn't specify the type of your ufs filesystem [ 345.293239][ T5675] [ 345.293239][ T5675] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 345.293239][ T5675] [ 345.293239][ T5675] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 345.362282][ T5673] loop1: detected capacity change from 0 to 64 [ 345.446968][ T5675] ufs: ufs_fill_super(): bad magic number [ 345.900065][ T5136] usbhid 4-1:1.0: can't add hid device: -71 [ 345.906706][ T5136] usbhid 4-1:1.0: probe with driver usbhid failed with error -71 [ 346.014157][ T5136] usb 4-1: USB disconnect, device number 2 [ 346.313649][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 346.321892][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 346.785916][ T5668] loop0: detected capacity change from 0 to 4096 [ 346.807593][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 346.815765][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 346.856376][ T5668] ======================================================= [ 346.856376][ T5668] WARNING: The mand mount option has been deprecated and [ 346.856376][ T5668] and is ignored by this kernel. Remove the mand [ 346.856376][ T5668] option from the mount to silence this warning. [ 346.856376][ T5668] ======================================================= [ 348.006502][ T5688] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 349.758511][ T5702] input: syz0 as /devices/virtual/input/input6 [ 349.970939][ T5706] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 349.980748][ T5706] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 350.559686][ T5715] loop3: detected capacity change from 0 to 256 [ 350.629643][ T5714] 9pnet_fd: Insufficient options for proto=fd [ 350.868172][ T5715] FAT-fs (loop3): Directory bread(block 64) failed [ 350.875182][ T5715] FAT-fs (loop3): Directory bread(block 65) failed [ 350.882268][ T5715] FAT-fs (loop3): Directory bread(block 66) failed [ 350.889023][ T5715] FAT-fs (loop3): Directory bread(block 67) failed [ 350.896155][ T5715] FAT-fs (loop3): Directory bread(block 68) failed [ 350.903123][ T5715] FAT-fs (loop3): Directory bread(block 69) failed [ 350.910134][ T5715] FAT-fs (loop3): Directory bread(block 70) failed [ 350.916900][ T5715] FAT-fs (loop3): Directory bread(block 71) failed [ 350.924005][ T5715] FAT-fs (loop3): Directory bread(block 72) failed [ 350.930871][ T5715] FAT-fs (loop3): Directory bread(block 73) failed [ 351.431030][ T5728] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 352.042195][ T5715] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 352.324799][ T5729] syz-executor.3: attempt to access beyond end of device [ 352.324799][ T5729] loop3: rw=2049, sector=1224, nr_sectors = 120 limit=256 [ 352.538006][ T5741] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 354.163472][ T5757] binder: BINDER_SET_CONTEXT_MGR already set [ 354.170848][ T5757] binder: 5754:5757 ioctl 4018620d 20000040 returned -16 [ 354.647172][ T5764] input: syz0 as /devices/virtual/input/input7 [ 354.992191][ T5768] 9pnet_fd: Insufficient options for proto=fd [ 355.875124][ T5775] loop1: detected capacity change from 0 to 32768 [ 355.951159][ T5775] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (5775) [ 356.280587][ T5775] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 356.291286][ T5775] BTRFS info (device loop1): using sha256 (sha256-generic) checksum algorithm [ 356.302663][ T5775] BTRFS info (device loop1): using free-space-tree [ 356.707194][ T5775] BTRFS info (device loop1): rebuilding free space tree [ 356.948964][ T5802] loop0: detected capacity change from 0 to 256 [ 357.095596][ T29] audit: type=1804 audit(1717837245.439:2): pid=5805 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir116354569/syzkaller.sOpXHG/11/bus/bus" dev="loop1" ino=263 res=1 errno=0 [ 357.402702][ T5802] FAT-fs (loop0): Directory bread(block 64) failed [ 357.410254][ T5802] FAT-fs (loop0): Directory bread(block 65) failed [ 357.417001][ T5802] FAT-fs (loop0): Directory bread(block 66) failed [ 357.423784][ T5802] FAT-fs (loop0): Directory bread(block 67) failed [ 357.430603][ T5802] FAT-fs (loop0): Directory bread(block 68) failed [ 357.437242][ T5802] FAT-fs (loop0): Directory bread(block 69) failed [ 357.444030][ T5802] FAT-fs (loop0): Directory bread(block 70) failed [ 357.451130][ T5802] FAT-fs (loop0): Directory bread(block 71) failed [ 357.457884][ T5802] FAT-fs (loop0): Directory bread(block 72) failed [ 357.464578][ T5802] FAT-fs (loop0): Directory bread(block 73) failed [ 357.506406][ T5810] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 357.516304][ T5810] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 358.217477][ T5397] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 358.349123][ T5816] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 358.556546][ T5816] syz-executor.0: attempt to access beyond end of device [ 358.556546][ T5816] loop0: rw=2049, sector=1224, nr_sectors = 120 limit=256 [ 358.671321][ T5817] 9pnet_fd: Insufficient options for proto=fd [ 359.725763][ T5829] input: syz0 as /devices/virtual/input/input8 [ 361.401596][ T5836] loop1: detected capacity change from 0 to 2048 [ 361.494267][ T5836] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 361.634595][ T29] audit: type=1804 audit(1717837249.929:3): pid=5836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir116354569/syzkaller.sOpXHG/14/file1/bus" dev="loop1" ino=1367 res=1 errno=0 [ 361.663465][ T5848] loop0: detected capacity change from 0 to 64 [ 362.488676][ T5855] loop3: detected capacity change from 0 to 64 [ 362.914034][ T5860] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 363.110131][ T5862] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 363.121498][ T5862] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 363.473757][ T5868] loop3: detected capacity change from 0 to 256 [ 365.346489][ T5877] loop3: detected capacity change from 0 to 2048 [ 365.518925][ T5877] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 365.733065][ T29] audit: type=1804 audit(1717837254.009:4): pid=5877 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir4167890991/syzkaller.6s7K0h/12/file1/bus" dev="loop3" ino=1367 res=1 errno=0 [ 366.318054][ T5889] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 367.115674][ T5898] loop0: detected capacity change from 0 to 64 [ 367.308955][ T5898] minix_free_block (loop0:1): bit already cleared [ 367.316021][ T5898] minix_free_block (loop0:4): bit already cleared [ 367.323411][ T5898] minix_free_block (loop0:3): bit already cleared [ 367.334714][ T5898] minix_free_block (loop0:2): bit already cleared [ 367.964297][ T5906] loop3: detected capacity change from 0 to 256 [ 368.202946][ T5913] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 368.212668][ T5913] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 368.951172][ T5910] loop0: detected capacity change from 0 to 40427 [ 368.972258][ T5910] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 368.980515][ T5910] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 369.165303][ T5910] F2FS-fs (loop0): Found nat_bits in checkpoint [ 369.466285][ T5910] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 369.479810][ T5910] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 370.180344][ T5923] loop3: detected capacity change from 0 to 2048 [ 370.339672][ T5923] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 370.465473][ T29] audit: type=1804 audit(1717837258.799:5): pid=5923 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir4167890991/syzkaller.6s7K0h/16/file1/bus" dev="loop3" ino=1367 res=1 errno=0 [ 370.528243][ T5937] kvm: emulating exchange as write [ 371.531284][ T5941] loop2: detected capacity change from 0 to 64 [ 371.768487][ T5941] minix_free_block (loop2:1): bit already cleared [ 371.775416][ T5941] minix_free_block (loop2:4): bit already cleared [ 371.782322][ T5941] minix_free_block (loop2:3): bit already cleared [ 371.788937][ T5941] minix_free_block (loop2:2): bit already cleared [ 372.217938][ T5950] loop4: detected capacity change from 0 to 256 [ 373.800951][ T5955] loop2: detected capacity change from 0 to 40427 [ 373.818866][ T5955] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 373.827085][ T5955] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 373.937751][ T5955] F2FS-fs (loop2): Found nat_bits in checkpoint [ 374.274405][ T5955] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 374.281901][ T5955] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 374.679998][ T5973] loop1: detected capacity change from 0 to 2048 [ 374.797305][ T5973] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 375.020409][ T29] audit: type=1804 audit(1717837263.309:6): pid=5970 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir116354569/syzkaller.sOpXHG/22/file1/bus" dev="loop1" ino=1367 res=1 errno=0 [ 375.878366][ T5984] input: syz0 as /devices/virtual/input/input11 [ 376.157023][ T5988] loop4: detected capacity change from 0 to 64 [ 376.287532][ T5988] minix_free_block (loop4:1): bit already cleared [ 376.294409][ T5988] minix_free_block (loop4:4): bit already cleared [ 376.301214][ T5988] minix_free_block (loop4:3): bit already cleared [ 376.307832][ T5988] minix_free_block (loop4:2): bit already cleared [ 376.627786][ T5992] loop0: detected capacity change from 0 to 256 [ 376.959986][ T5997] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 378.107677][ T6006] binder: BINDER_SET_CONTEXT_MGR already set [ 378.114684][ T6006] binder: 6005:6006 ioctl 4018620d 20000040 returned -16 [ 378.202206][ T6009] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 378.211879][ T6009] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 378.623234][ T6004] loop4: detected capacity change from 0 to 40427 [ 378.669497][ T6004] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 378.677498][ T6004] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 378.840962][ T6004] F2FS-fs (loop4): Found nat_bits in checkpoint [ 379.110186][ T6011] loop3: detected capacity change from 0 to 32768 [ 379.124386][ T6011] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (6011) [ 379.126801][ T6004] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 379.145211][ T6004] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 379.163651][ T6011] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 379.175159][ T6011] BTRFS info (device loop3): using sha256 (sha256-generic) checksum algorithm [ 379.186520][ T6011] BTRFS info (device loop3): using free-space-tree [ 379.587010][ T29] audit: type=1326 audit(1717837267.929:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6032 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd04e67cf69 code=0x0 [ 379.687495][ T6011] BTRFS info (device loop3): rebuilding free space tree [ 379.926329][ T29] audit: type=1804 audit(1717837268.239:8): pid=6038 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir4167890991/syzkaller.6s7K0h/21/bus/bus" dev="loop3" ino=263 res=1 errno=0 [ 380.989632][ T6050] loop0: detected capacity change from 0 to 256 [ 381.042240][ T6051] 9pnet_fd: Insufficient options for proto=fd [ 381.497932][ T5416] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 381.713204][ T58] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.996013][ T58] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.316466][ T58] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.625326][ T58] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.719932][ T6061] loop2: detected capacity change from 0 to 2048 [ 382.939762][ T6061] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 383.156659][ T58] bridge_slave_1: left allmulticast mode [ 383.163241][ T58] bridge_slave_1: left promiscuous mode [ 383.169927][ T58] bridge0: port 2(bridge_slave_1) entered disabled state [ 383.291713][ T58] bridge_slave_0: left allmulticast mode [ 383.297597][ T58] bridge_slave_0: left promiscuous mode [ 383.310855][ T58] bridge0: port 1(bridge_slave_0) entered disabled state [ 383.324505][ T29] audit: type=1804 audit(1717837271.499:9): pid=6061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2613474254/syzkaller.X1424J/22/file1/bus" dev="loop2" ino=1367 res=1 errno=0 [ 383.350835][ T29] audit: type=1804 audit(1717837271.549:10): pid=6067 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2613115545/syzkaller.eYVStf/27/cgroup.controllers" dev="sda1" ino=1967 res=1 errno=0 [ 384.454568][ T29] audit: type=1326 audit(1717837272.739:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6075 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c7627cf69 code=0x0 [ 384.645840][ T29] audit: type=1326 audit(1717837272.929:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6078 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fafc1c7cf69 code=0x0 [ 385.264366][ T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 385.562347][ T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 385.720412][ T58] bond0 (unregistering): Released all slaves [ 385.828977][ T6072] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'. [ 385.842653][ T6090] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 385.988599][ T5083] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 386.042533][ T5083] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 386.053447][ T6096] loop4: detected capacity change from 0 to 256 [ 386.060980][ T5083] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 386.092080][ T50] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 386.121359][ T50] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 386.131328][ T50] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 386.677244][ T6101] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 386.704629][ T6103] input: syz0 as /devices/virtual/input/input12 [ 387.161702][ T58] hsr_slave_0: left promiscuous mode [ 387.198499][ T58] hsr_slave_1: left promiscuous mode [ 387.225535][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 387.233394][ T58] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 387.313339][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 387.321843][ T58] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 387.444496][ T58] veth1_macvtap: left promiscuous mode [ 387.450334][ T58] veth0_macvtap: left promiscuous mode [ 387.456216][ T58] veth1_vlan: left promiscuous mode [ 387.462023][ T58] veth0_vlan: left promiscuous mode [ 387.789002][ T6113] loop1: detected capacity change from 0 to 2048 [ 387.972476][ T6113] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 388.271525][ T29] audit: type=1804 audit(1717837276.559:13): pid=6113 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir116354569/syzkaller.sOpXHG/31/file1/bus" dev="loop1" ino=1367 res=1 errno=0 [ 388.302743][ T50] Bluetooth: hci3: command tx timeout [ 388.672429][ T29] audit: type=1804 audit(1717837276.919:14): pid=6126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2613115545/syzkaller.eYVStf/31/cgroup.controllers" dev="sda1" ino=1958 res=1 errno=0 [ 389.389283][ T29] audit: type=1326 audit(1717837277.709:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6134 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c7627cf69 code=0x0 [ 389.659721][ C1] hrtimer: interrupt took 332485 ns [ 389.776345][ T58] team0 (unregistering): Port device team_slave_1 removed [ 389.811049][ T29] audit: type=1326 audit(1717837278.089:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6137 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd04e67cf69 code=0x0 [ 389.901972][ T58] team0 (unregistering): Port device team_slave_0 removed [ 390.371933][ T50] Bluetooth: hci3: command tx timeout [ 390.522981][ T6153] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'. [ 391.096380][ T6156] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 391.345057][ T6159] loop0: detected capacity change from 0 to 256 [ 392.090988][ T6093] chnl_net:caif_netlink_parms(): no params data found [ 392.452984][ T6163] loop1: detected capacity change from 0 to 32768 [ 392.466337][ T50] Bluetooth: hci3: command tx timeout [ 392.607839][ T6163] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 393.018605][ T6183] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 393.047550][ T6163] XFS (loop1): Starting recovery (logdev: internal) [ 393.314988][ T6163] XFS (loop1): Ending recovery (logdev: internal) [ 393.497090][ T6177] loop0: detected capacity change from 0 to 2048 [ 393.749838][ T6177] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 393.871267][ T5397] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 393.961594][ T29] audit: type=1804 audit(1717837282.229:17): pid=6177 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1212903333/syzkaller.L9tGJk/33/file1/bus" dev="loop0" ino=1367 res=1 errno=0 [ 394.525074][ T50] Bluetooth: hci3: command tx timeout [ 394.747561][ T6093] bridge0: port 1(bridge_slave_0) entered blocking state [ 394.755529][ T6093] bridge0: port 1(bridge_slave_0) entered disabled state [ 394.763438][ T6093] bridge_slave_0: entered allmulticast mode [ 394.775870][ T6093] bridge_slave_0: entered promiscuous mode [ 394.907672][ T6093] bridge0: port 2(bridge_slave_1) entered blocking state [ 394.915896][ T6093] bridge0: port 2(bridge_slave_1) entered disabled state [ 394.923898][ T6093] bridge_slave_1: entered allmulticast mode [ 394.932894][ T6093] bridge_slave_1: entered promiscuous mode [ 395.344698][ T6093] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 395.481793][ T6093] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 395.576106][ T29] audit: type=1326 audit(1717837283.859:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6202 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fafc1c7cf69 code=0x0 [ 395.824643][ T6093] team0: Port device team_slave_0 added [ 395.907249][ T6093] team0: Port device team_slave_1 added [ 396.133693][ T29] audit: type=1326 audit(1717837284.399:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6211 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd04e67cf69 code=0x0 [ 396.217769][ T6093] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 396.225265][ T6093] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 396.251896][ T6093] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 396.496441][ T6093] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 396.503919][ T6093] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 396.533068][ T6093] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 396.966098][ T6093] hsr_slave_0: entered promiscuous mode [ 396.983947][ T29] audit: type=1804 audit(1717837285.249:20): pid=6222 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir116354569/syzkaller.sOpXHG/35/cgroup.controllers" dev="sda1" ino=1952 res=1 errno=0 [ 397.041953][ T6093] hsr_slave_1: entered promiscuous mode [ 397.102479][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port [::1]:20002. Sending cookies. [ 397.291135][ T6227] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 397.423740][ T6226] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.4'. [ 397.927525][ T6236] loop0: detected capacity change from 0 to 256 [ 398.111371][ T6239] loop4: detected capacity change from 0 to 64 [ 399.060855][ T29] audit: type=1326 audit(1717837287.319:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6247 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f448cc7cf69 code=0x0 [ 399.289692][ T6093] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 399.356919][ T6093] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 399.430759][ T6093] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 399.592207][ T6093] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 399.794411][ T29] audit: type=1326 audit(1717837288.059:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6259 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd04e67cf69 code=0x0 [ 400.221458][ T29] audit: type=1326 audit(1717837288.479:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6265 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c7627cf69 code=0x0 [ 401.586598][ T6274] loop2: detected capacity change from 0 to 32768 [ 401.717972][ T6093] 8021q: adding VLAN 0 to HW filter on device bond0 [ 401.777378][ T6093] 8021q: adding VLAN 0 to HW filter on device team0 [ 401.808338][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 401.816138][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 401.895059][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 401.902849][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 401.917728][ T6274] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 402.382671][ T6093] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 402.390635][ T6274] XFS (loop2): Starting recovery (logdev: internal) [ 402.494757][ T6293] loop1: detected capacity change from 0 to 2048 [ 402.612947][ T6293] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 402.705484][ T6274] XFS (loop2): Ending recovery (logdev: internal) [ 402.861213][ T29] audit: type=1804 audit(1717837291.089:24): pid=6293 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir116354569/syzkaller.sOpXHG/39/file1/bus" dev="loop1" ino=1367 res=1 errno=0 [ 403.072610][ T5411] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 403.454418][ T1218] ieee802154 phy0 wpan0: encryption failed: -22 [ 403.461459][ T1218] ieee802154 phy1 wpan1: encryption failed: -22 [ 404.719468][ T6093] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 405.274114][ T6093] veth0_vlan: entered promiscuous mode [ 405.423828][ T6093] veth1_vlan: entered promiscuous mode [ 405.490779][ T6329] loop2: detected capacity change from 0 to 256 [ 405.658416][ T29] audit: type=1326 audit(1717837293.929:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6326 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c7627cf69 code=0x0 [ 405.772637][ T29] audit: type=1326 audit(1717837294.039:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6330 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd04e67cf69 code=0x0 [ 405.939101][ T6093] veth0_macvtap: entered promiscuous mode [ 406.098840][ T6093] veth1_macvtap: entered promiscuous mode [ 406.463973][ T6093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 406.474922][ T6093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.485236][ T6093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 406.495987][ T6093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.506138][ T6093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 406.516859][ T6093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.527034][ T6093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 406.538346][ T6093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.556750][ T6093] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 406.728657][ T6093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 406.740084][ T6093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.754365][ T6093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 406.770939][ T6093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.781124][ T6093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 406.791881][ T6093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.802059][ T6093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 406.812927][ T6093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.823310][ T29] audit: type=1326 audit(1717837295.009:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6341 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fafc1c7cf69 code=0x0 [ 406.827950][ T6093] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 407.044255][ T6347] netlink: 280 bytes leftover after parsing attributes in process `syz-executor.1'. [ 407.435063][ T6093] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 407.444667][ T6093] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 407.453879][ T6093] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 407.463672][ T6093] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 407.901845][ T6349] loop4: detected capacity change from 0 to 2048 [ 407.918194][ T6347] loop1: detected capacity change from 0 to 32768 [ 408.018648][ T6347] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 408.143676][ T6349] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 408.433124][ T29] audit: type=1804 audit(1717837296.699:28): pid=6349 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2613115545/syzkaller.eYVStf/44/file1/bus" dev="loop4" ino=1367 res=1 errno=0 [ 408.726651][ T6347] XFS (loop1): Starting recovery (logdev: internal) [ 408.876782][ T6347] XFS (loop1): Ending recovery (logdev: internal) [ 409.416445][ T5397] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 412.312130][ T29] audit: type=1326 audit(1717837300.489:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6412 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd04e67cf69 code=0x0 [ 412.603650][ T6413] loop1: detected capacity change from 0 to 32768 [ 412.618609][ T6413] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (6413) [ 412.648470][ T6413] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 412.659115][ T6413] BTRFS info (device loop1): using sha256 (sha256-generic) checksum algorithm [ 412.670941][ T6413] BTRFS info (device loop1): using free-space-tree [ 412.920986][ T6413] BTRFS info (device loop1): rebuilding free space tree [ 413.024152][ T6444] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.2'. [ 413.204987][ T29] audit: type=1804 audit(1717837301.459:30): pid=6415 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir116354569/syzkaller.sOpXHG/44/bus/bus" dev="loop1" ino=263 res=1 errno=0 [ 414.372903][ T5397] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 414.424864][ T3493] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.697852][ T3493] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.025088][ T3493] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.227202][ T3493] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.582356][ T780] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 415.671374][ T3493] bridge_slave_1: left allmulticast mode [ 415.677348][ T3493] bridge_slave_1: left promiscuous mode [ 415.684078][ T3493] bridge0: port 2(bridge_slave_1) entered disabled state [ 415.780665][ T3493] bridge_slave_0: left allmulticast mode [ 415.786543][ T3493] bridge_slave_0: left promiscuous mode [ 415.793359][ T3493] bridge0: port 1(bridge_slave_0) entered disabled state [ 416.205644][ T780] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 416.218132][ T780] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.226642][ T780] usb 3-1: Product: syz [ 416.231171][ T780] usb 3-1: Manufacturer: syz [ 416.236006][ T780] usb 3-1: SerialNumber: syz [ 416.279898][ T780] usb 3-1: config 0 descriptor?? [ 416.333136][ T780] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 002 [ 416.582223][ T6477] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 416.593083][ T6477] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 417.042024][ T3493] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 417.117143][ T3493] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 417.154138][ T3493] bond0 (unregistering): Released all slaves [ 417.222140][ T6482] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 417.966024][ T10] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 417.974970][ T10] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 418.342369][ T780] (null): failure reading functionality [ 418.427142][ T780] i2c i2c-1: failure reading functionality [ 418.463626][ T25] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 418.465124][ T780] i2c i2c-1: connected i2c-tiny-usb device [ 418.471785][ T25] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 418.622193][ T780] usb 3-1: USB disconnect, device number 2 [ 418.631453][ T29] audit: type=1326 audit(1717837306.939:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6500 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd04e67cf69 code=0x0 [ 418.670929][ T3493] hsr_slave_0: left promiscuous mode [ 418.702876][ T3493] hsr_slave_1: left promiscuous mode [ 418.735004][ T3493] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 418.744523][ T3493] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 418.771786][ T3493] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 418.779652][ T3493] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 418.862914][ T3493] veth1_macvtap: left promiscuous mode [ 418.868815][ T3493] veth0_macvtap: left promiscuous mode [ 418.875284][ T3493] veth1_vlan: left promiscuous mode [ 418.880966][ T3493] veth0_vlan: left promiscuous mode [ 419.014034][ T4433] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 419.041472][ T4433] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 419.056573][ T4433] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 419.098528][ T4433] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 419.116040][ T4433] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 419.129281][ T4433] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 420.018561][ T3493] team0 (unregistering): Port device team_slave_1 removed [ 420.148009][ T3493] team0 (unregistering): Port device team_slave_0 removed [ 420.513998][ T6513] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.4'. [ 421.239922][ T4433] Bluetooth: hci1: command tx timeout [ 422.272837][ T6549] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 422.392437][ T29] audit: type=1326 audit(1717837310.659:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6544 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fafc1c7cf69 code=0x0 [ 422.441115][ T6508] chnl_net:caif_netlink_parms(): no params data found [ 423.277033][ T29] audit: type=1326 audit(1717837311.559:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6560 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd04e67cf69 code=0x0 [ 423.321342][ T4433] Bluetooth: hci1: command tx timeout [ 424.204910][ T6508] bridge0: port 1(bridge_slave_0) entered blocking state [ 424.213155][ T6508] bridge0: port 1(bridge_slave_0) entered disabled state [ 424.221059][ T6508] bridge_slave_0: entered allmulticast mode [ 424.230274][ T6508] bridge_slave_0: entered promiscuous mode [ 424.373642][ T6508] bridge0: port 2(bridge_slave_1) entered blocking state [ 424.381709][ T6508] bridge0: port 2(bridge_slave_1) entered disabled state [ 424.389746][ T6508] bridge_slave_1: entered allmulticast mode [ 424.454323][ T6508] bridge_slave_1: entered promiscuous mode [ 424.670847][ T6585] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.0'. [ 424.858142][ T6508] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 424.984773][ T6508] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 425.352129][ T6508] team0: Port device team_slave_0 added [ 425.420198][ T4433] Bluetooth: hci1: command tx timeout [ 425.449055][ T6594] loop0: detected capacity change from 0 to 64 [ 425.522482][ T6508] team0: Port device team_slave_1 added [ 425.859126][ T6508] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 425.866448][ T6508] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 425.892634][ C1] vkms_vblank_simulate: vblank timer overrun [ 425.901967][ T6508] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 426.113931][ T6508] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 426.121522][ T6508] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 426.147584][ C1] vkms_vblank_simulate: vblank timer overrun [ 426.157352][ T6508] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 426.787096][ T29] audit: type=1326 audit(1717837315.049:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6608 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2a1507cf69 code=0x0 [ 426.809627][ C1] vkms_vblank_simulate: vblank timer overrun [ 426.816361][ T29] audit: type=1326 audit(1717837315.079:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6606 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fafc1c7cf69 code=0x0 [ 426.870540][ T6508] hsr_slave_0: entered promiscuous mode [ 426.885605][ T6508] hsr_slave_1: entered promiscuous mode [ 426.932500][ T6508] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 426.941069][ T6508] Cannot create hsr debugfs directory [ 427.512352][ T4433] Bluetooth: hci1: command tx timeout [ 428.079832][ T5136] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 428.101364][ T6629] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.0'. [ 428.372177][ T5136] usb 5-1: Using ep0 maxpacket: 32 [ 428.513802][ T5136] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 428.524391][ T5136] usb 5-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 428.537825][ T5136] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 428.547380][ T5136] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.687465][ T5136] hub 5-1:4.0: bad descriptor, ignoring hub [ 428.695775][ T5136] hub 5-1:4.0: probe with driver hub failed with error -5 [ 428.710806][ T5136] usbhid 5-1:4.0: couldn't find an input interrupt endpoint [ 428.902089][ T6622] fuse: Unknown parameter '' [ 429.077855][ T6622] input: syz1 as /devices/virtual/input/input13 [ 429.185283][ T6622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 429.195222][ T6622] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 429.564913][ T6508] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 429.677305][ T6508] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 429.826358][ T6508] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 429.911049][ T6508] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 430.031376][ T6645] loop2: detected capacity change from 0 to 64 [ 430.776733][ T5133] usb 5-1: USB disconnect, device number 2 [ 430.964599][ T29] audit: type=1326 audit(1717837319.239:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6654 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd04e67cf69 code=0x0 [ 431.093213][ T50] Bluetooth: hci0: command 0x0406 tx timeout [ 431.100488][ T5086] Bluetooth: hci2: command 0x0406 tx timeout [ 431.106721][ T5086] Bluetooth: hci4: command 0x0406 tx timeout [ 431.215067][ T6508] 8021q: adding VLAN 0 to HW filter on device bond0 [ 431.384264][ T6508] 8021q: adding VLAN 0 to HW filter on device team0 [ 431.487163][ T5133] bridge0: port 1(bridge_slave_0) entered blocking state [ 431.494939][ T5133] bridge0: port 1(bridge_slave_0) entered forwarding state [ 431.622243][ T5133] bridge0: port 2(bridge_slave_1) entered blocking state [ 431.630012][ T5133] bridge0: port 2(bridge_slave_1) entered forwarding state [ 431.712597][ T6672] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.4'. [ 432.085633][ T29] audit: type=1326 audit(1717837320.339:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6673 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fafc1c7cf69 code=0x0 [ 432.108043][ C1] vkms_vblank_simulate: vblank timer overrun [ 433.229727][ T6698] loop0: detected capacity change from 0 to 64 [ 434.484994][ T6508] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 434.713480][ T5133] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 435.032237][ T5133] usb 5-1: Using ep0 maxpacket: 32 [ 435.151276][ T6508] veth0_vlan: entered promiscuous mode [ 435.177320][ T5133] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 435.187880][ T5133] usb 5-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 435.201385][ T5133] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 435.210789][ T5133] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 435.323509][ T5133] hub 5-1:4.0: bad descriptor, ignoring hub [ 435.324714][ T6508] veth1_vlan: entered promiscuous mode [ 435.330639][ T5133] hub 5-1:4.0: probe with driver hub failed with error -5 [ 435.349060][ T5133] usbhid 5-1:4.0: couldn't find an input interrupt endpoint [ 435.576614][ T6708] fuse: Unknown parameter '' [ 435.604146][ T6727] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.2'. [ 435.767053][ T6708] input: syz1 as /devices/virtual/input/input14 [ 435.771531][ T6508] veth0_macvtap: entered promiscuous mode [ 435.862979][ T6508] veth1_macvtap: entered promiscuous mode [ 435.879705][ T6708] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 435.889588][ T6708] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 436.263478][ T6508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.275590][ T6508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.288005][ T6508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.298854][ T6508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.308978][ T6508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.319805][ T6508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.329982][ T6508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.341105][ T6508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.361157][ T6508] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 436.635134][ T6508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 436.646098][ T6508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.659568][ T6508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 436.671195][ T6508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.683675][ T6508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 436.695870][ T6508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.706093][ T6508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 436.713552][ T6737] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'. [ 436.716820][ T6508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.741292][ T6508] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 436.784963][ T6508] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 436.795424][ T6508] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 436.804701][ T6508] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 436.815634][ T6508] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.152475][ T780] usb 5-1: USB disconnect, device number 3 [ 437.232515][ T6742] loop2: detected capacity change from 0 to 64 [ 437.770641][ T29] audit: type=1326 audit(1717837326.059:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6746 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c7627cf69 code=0x0 [ 437.793132][ C1] vkms_vblank_simulate: vblank timer overrun [ 438.192662][ T6760] netlink: 280 bytes leftover after parsing attributes in process `syz-executor.3'. [ 439.058576][ T6760] loop3: detected capacity change from 0 to 32768 [ 439.233845][ T6760] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 439.747693][ T6760] XFS (loop3): Starting recovery (logdev: internal) [ 439.941885][ T6782] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.2'. [ 439.953971][ T6760] XFS (loop3): Ending recovery (logdev: internal) [ 440.237862][ T6093] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 440.686161][ T6792] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 441.845082][ T780] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 441.993640][ T6810] loop0: detected capacity change from 0 to 64 [ 442.139704][ T780] usb 3-1: Using ep0 maxpacket: 32 [ 442.285914][ T780] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 442.296390][ T780] usb 3-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 442.309891][ T780] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 442.319212][ T780] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.485026][ T780] hub 3-1:4.0: bad descriptor, ignoring hub [ 442.495786][ T780] hub 3-1:4.0: probe with driver hub failed with error -5 [ 442.510761][ T780] usbhid 3-1:4.0: couldn't find an input interrupt endpoint [ 442.679957][ T6804] fuse: Unknown parameter '' [ 442.813139][ T6804] input: syz1 as /devices/virtual/input/input15 [ 442.866454][ T6804] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 442.876336][ T6804] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 443.582922][ T6836] netlink: 280 bytes leftover after parsing attributes in process `syz-executor.4'. [ 444.489746][ T6836] loop4: detected capacity change from 0 to 32768 [ 444.531220][ T780] usb 3-1: USB disconnect, device number 3 [ 444.563239][ T29] audit: type=1326 audit(1717837332.909:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6842 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2a1507cf69 code=0x0 [ 444.666009][ T6836] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 444.910772][ T6854] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.0'. [ 445.131351][ T6836] XFS (loop4): Starting recovery (logdev: internal) [ 445.398171][ T6836] XFS (loop4): Ending recovery (logdev: internal) [ 445.740085][ T5414] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 446.030862][ T4130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 446.038935][ T4130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 446.401009][ T780] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 446.409131][ T780] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 446.551329][ T6872] loop0: detected capacity change from 0 to 64 [ 448.099967][ T25] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 448.379670][ T25] usb 3-1: Using ep0 maxpacket: 32 [ 448.496645][ T6901] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.1'. [ 448.501032][ T25] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 448.516543][ T25] usb 3-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 448.532493][ T25] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 448.542801][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 448.641108][ T25] hub 3-1:4.0: bad descriptor, ignoring hub [ 448.647293][ T25] hub 3-1:4.0: probe with driver hub failed with error -5 [ 448.661666][ T25] usbhid 3-1:4.0: couldn't find an input interrupt endpoint [ 448.935154][ T6893] fuse: Unknown parameter '' [ 448.950223][ T6907] netlink: 264 bytes leftover after parsing attributes in process `syz-executor.3'. [ 449.052952][ T6893] input: syz1 as /devices/virtual/input/input16 [ 449.140650][ T29] audit: type=1326 audit(1717837337.349:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6904 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c7627cf69 code=0x0 [ 449.225731][ T6893] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 449.235944][ T6893] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 449.907012][ T6905] loop3: detected capacity change from 0 to 32768 [ 450.022499][ T6905] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 450.434803][ T6905] XFS (loop3): Starting recovery (logdev: internal) [ 450.614161][ T6905] XFS (loop3): Ending recovery (logdev: internal) [ 450.747234][ T10] usb 3-1: USB disconnect, device number 4 [ 451.079072][ T6093] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 451.382154][ T6933] loop2: detected capacity change from 0 to 64 [ 452.210735][ T6947] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.2'. [ 452.242958][ T29] audit: type=1326 audit(1717837340.529:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6939 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd04e67cf69 code=0x0 [ 453.271667][ T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 453.487596][ T29] audit: type=1326 audit(1717837341.799:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6960 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fafc1c7cf69 code=0x0 [ 453.571139][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 453.750417][ T10] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 453.765381][ T10] usb 2-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 453.780321][ T10] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 453.789730][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 453.977410][ T10] hub 2-1:4.0: bad descriptor, ignoring hub [ 453.983654][ T10] hub 2-1:4.0: probe with driver hub failed with error -5 [ 453.996788][ T6969] netlink: 264 bytes leftover after parsing attributes in process `syz-executor.0'. [ 453.997570][ T10] usbhid 2-1:4.0: couldn't find an input interrupt endpoint [ 454.405183][ T6958] fuse: Unknown parameter '' [ 454.722358][ T6958] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 454.732350][ T6958] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 454.952533][ T6969] loop0: detected capacity change from 0 to 32768 [ 455.164927][ T6969] XFS (loop0): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 455.470117][ T6969] XFS (loop0): Starting recovery (logdev: internal) [ 455.556245][ T6969] XFS (loop0): Ending recovery (logdev: internal) [ 455.765854][ T25] usb 2-1: USB disconnect, device number 2 [ 455.886181][ T5417] XFS (loop0): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 456.020006][ T6989] loop3: detected capacity change from 0 to 64 [ 456.320722][ T6995] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 457.087384][ T29] audit: type=1326 audit(1717837345.379:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6999 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fafc1c7cf69 code=0x0 [ 457.961588][ T7016] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.0'. [ 458.371310][ T7023] netlink: 264 bytes leftover after parsing attributes in process `syz-executor.2'. [ 458.567158][ T29] audit: type=1326 audit(1717837346.789:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7020 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c7627cf69 code=0x0 [ 458.589586][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.001540][ T25] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 459.260198][ T7023] loop2: detected capacity change from 0 to 32768 [ 459.322363][ T7023] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 459.339869][ T25] usb 1-1: Using ep0 maxpacket: 32 [ 459.478376][ T25] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 459.491405][ T25] usb 1-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 459.505576][ T25] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 459.515468][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 459.674128][ T25] hub 1-1:4.0: bad descriptor, ignoring hub [ 459.680406][ T25] hub 1-1:4.0: probe with driver hub failed with error -5 [ 459.697781][ T25] usbhid 1-1:4.0: couldn't find an input interrupt endpoint [ 459.711603][ T7023] XFS (loop2): Starting recovery (logdev: internal) [ 459.909153][ T7023] XFS (loop2): Ending recovery (logdev: internal) [ 459.995052][ T7026] fuse: Unknown parameter '' [ 460.042712][ T7043] loop1: detected capacity change from 0 to 64 [ 460.156260][ T7026] input: syz1 as /devices/virtual/input/input17 [ 460.264918][ T7026] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 460.274669][ T7026] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 460.447354][ T5411] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 460.505496][ T7046] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 461.559883][ T29] audit: type=1326 audit(1717837349.819:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7053 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c7627cf69 code=0x0 [ 461.631055][ T25] usb 1-1: USB disconnect, device number 2 [ 462.510553][ T7069] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 462.520773][ T7069] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 462.692774][ T29] audit: type=1326 audit(1717837350.989:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7070 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd04e67cf69 code=0x0 [ 462.820809][ T7077] netlink: 192 bytes leftover after parsing attributes in process `syz-executor.4'. [ 463.758989][ T7082] loop4: detected capacity change from 0 to 32768 [ 463.910068][ T7082] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 463.998435][ T7091] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. [ 464.292503][ T7082] XFS (loop4): Starting recovery (logdev: internal) [ 464.439673][ T7082] XFS (loop4): Ending recovery (logdev: internal) [ 464.554167][ T7103] loop1: detected capacity change from 0 to 64 [ 464.872441][ T1218] ieee802154 phy0 wpan0: encryption failed: -22 [ 464.879190][ T1218] ieee802154 phy1 wpan1: encryption failed: -22 [ 465.100237][ T5414] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 465.496394][ T4744] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 465.749752][ T4744] usb 3-1: Using ep0 maxpacket: 32 [ 465.884027][ T4744] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 465.894647][ T4744] usb 3-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 465.908037][ T4744] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 465.908339][ T29] audit: type=1326 audit(1717837354.189:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7112 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2a1507cf69 code=0x0 [ 465.917377][ T4744] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 465.939633][ C1] vkms_vblank_simulate: vblank timer overrun [ 466.091380][ T4744] hub 3-1:4.0: bad descriptor, ignoring hub [ 466.097544][ T4744] hub 3-1:4.0: probe with driver hub failed with error -5 [ 466.111595][ T4744] usbhid 3-1:4.0: couldn't find an input interrupt endpoint [ 466.321463][ T7107] fuse: Unknown parameter '' [ 466.424944][ T7107] input: syz1 as /devices/virtual/input/input18 [ 466.511920][ T7107] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 466.521661][ T7107] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 467.014983][ T29] audit: type=1326 audit(1717837355.359:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7121 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2937e7cf69 code=0x0 [ 467.240362][ T7129] 9pnet_fd: Insufficient options for proto=fd [ 467.839047][ T25] usb 3-1: USB disconnect, device number 5 [ 467.995392][ T7139] loop3: detected capacity change from 0 to 64 [ 468.141658][ T7142] netlink: 192 bytes leftover after parsing attributes in process `syz-executor.2'. [ 468.626329][ T7148] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 468.636086][ T7148] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 468.821839][ T6065] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 469.836134][ T29] audit: type=1326 audit(1717837358.119:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7158 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2a1507cf69 code=0x0 [ 470.317949][ T7168] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 471.054015][ T5129] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 471.068855][ T7175] 9pnet_fd: Insufficient options for proto=fd [ 471.369687][ T5129] usb 2-1: Using ep0 maxpacket: 32 [ 471.448158][ T7178] loop4: detected capacity change from 0 to 64 [ 471.507158][ T5129] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 471.517970][ T5129] usb 2-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 471.531600][ T5129] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 471.541046][ T5129] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 471.665773][ T5129] hub 2-1:4.0: bad descriptor, ignoring hub [ 471.676137][ T5129] hub 2-1:4.0: probe with driver hub failed with error -5 [ 471.697896][ T5129] usbhid 2-1:4.0: couldn't find an input interrupt endpoint [ 472.008502][ T7172] fuse: Unknown parameter '' [ 472.120977][ T7172] input: syz1 as /devices/virtual/input/input19 [ 472.149183][ T7172] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 472.158998][ T7172] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 472.348877][ T29] audit: type=1326 audit(1717837360.569:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7182 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2a1507cf69 code=0x0 [ 472.430388][ T5734] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 473.661534][ T10] usb 2-1: USB disconnect, device number 3 [ 473.869262][ T7201] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 474.170013][ T29] audit: type=1326 audit(1717837362.429:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7199 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2937e7cf69 code=0x0 [ 474.239922][ T7206] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 474.249565][ T7206] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 474.749715][ T5083] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 474.768955][ T5083] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 474.780034][ T5083] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 474.802769][ T5083] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 474.817388][ T5083] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 474.831165][ T5083] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 475.447096][ T7223] loop1: detected capacity change from 0 to 64 [ 475.656281][ T7222] 9pnet_fd: Insufficient options for proto=fd [ 476.211004][ T7229] netlink: 192 bytes leftover after parsing attributes in process `syz-executor.3'. [ 476.656503][ T4130] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 476.920630][ T4433] Bluetooth: hci5: command tx timeout [ 477.018678][ T4130] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.142698][ T7212] chnl_net:caif_netlink_parms(): no params data found [ 477.155285][ T7229] loop3: detected capacity change from 0 to 32768 [ 477.270426][ T7229] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 477.423309][ T4130] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.589464][ T4130] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.623307][ T7229] XFS (loop3): Starting recovery (logdev: internal) [ 477.747826][ T7229] XFS (loop3): Ending recovery (logdev: internal) [ 477.761421][ T5129] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 477.771487][ T7249] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 478.055267][ T4130] bridge_slave_1: left allmulticast mode [ 478.061516][ T4130] bridge_slave_1: left promiscuous mode [ 478.068059][ T4130] bridge0: port 2(bridge_slave_1) entered disabled state [ 478.069990][ T5129] usb 1-1: Using ep0 maxpacket: 32 [ 478.184499][ T4130] bridge_slave_0: left allmulticast mode [ 478.190573][ T4130] bridge_slave_0: left promiscuous mode [ 478.197127][ T4130] bridge0: port 1(bridge_slave_0) entered disabled state [ 478.397529][ T5129] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 478.408183][ T5129] usb 1-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 478.422935][ T5129] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 478.435496][ T5129] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.478384][ T6093] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 478.619192][ T5129] hub 1-1:4.0: bad descriptor, ignoring hub [ 478.626073][ T5129] hub 1-1:4.0: probe with driver hub failed with error -5 [ 478.644910][ T5129] usbhid 1-1:4.0: couldn't find an input interrupt endpoint [ 478.892455][ T7244] fuse: Unknown parameter '' [ 478.952391][ T29] audit: type=1326 audit(1717837367.219:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7254 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2937e7cf69 code=0x0 [ 478.974745][ C1] vkms_vblank_simulate: vblank timer overrun [ 478.981533][ T7244] input: syz1 as /devices/virtual/input/input20 [ 479.007769][ T4433] Bluetooth: hci5: command tx timeout [ 479.157971][ T7259] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 479.167879][ T7259] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 479.707059][ T4130] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 479.801341][ T4130] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 479.884209][ T4130] bond0 (unregistering): Released all slaves [ 480.120359][ T7267] loop2: detected capacity change from 0 to 64 [ 480.521020][ T7272] 9pnet_fd: Insufficient options for proto=fd [ 480.870401][ T5133] usb 1-1: USB disconnect, device number 3 [ 481.082745][ T4433] Bluetooth: hci5: command tx timeout [ 481.130811][ T7212] bridge0: port 1(bridge_slave_0) entered blocking state [ 481.138711][ T7212] bridge0: port 1(bridge_slave_0) entered disabled state [ 481.148688][ T7212] bridge_slave_0: entered allmulticast mode [ 481.159425][ T7212] bridge_slave_0: entered promiscuous mode [ 481.191160][ T7277] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.0'. [ 481.247686][ T29] audit: type=1326 audit(1717837369.459:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7274 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2a1507cf69 code=0x0 [ 481.449699][ T4130] hsr_slave_0: left promiscuous mode [ 481.505365][ T4130] hsr_slave_1: left promiscuous mode [ 481.555370][ T4130] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 481.563262][ T4130] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 481.639079][ T4130] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 481.646915][ T4130] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 481.780133][ T4130] veth1_macvtap: left promiscuous mode [ 481.785897][ T4130] veth0_macvtap: left promiscuous mode [ 481.792699][ T4130] veth1_vlan: left promiscuous mode [ 481.798242][ T4130] veth0_vlan: left promiscuous mode [ 483.063483][ T4130] team0 (unregistering): Port device team_slave_1 removed [ 483.094930][ T4130] team0 (unregistering): Port device team_slave_0 removed [ 483.160205][ T4433] Bluetooth: hci5: command tx timeout [ 483.542149][ T7212] bridge0: port 2(bridge_slave_1) entered blocking state [ 483.557078][ T7212] bridge0: port 2(bridge_slave_1) entered disabled state [ 483.565048][ T7212] bridge_slave_1: entered allmulticast mode [ 483.574090][ T7212] bridge_slave_1: entered promiscuous mode [ 483.925236][ T7212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 484.079127][ T7212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 484.089740][ T7303] netlink: 192 bytes leftover after parsing attributes in process `syz-executor.3'. [ 484.099705][ T7303] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.3'. [ 484.527663][ T7212] team0: Port device team_slave_0 added [ 484.711758][ T7212] team0: Port device team_slave_1 added [ 485.022654][ T7303] loop3: detected capacity change from 0 to 32768 [ 485.117334][ T7303] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 485.344309][ T7212] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 485.351733][ T7212] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 485.378124][ T7212] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 485.401525][ T7325] loop1: detected capacity change from 0 to 64 [ 485.520609][ T29] audit: type=1326 audit(1717837373.799:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7322 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fafc1c7cf69 code=0x0 [ 485.600203][ T25] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 485.653411][ T7212] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 485.660768][ T7212] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 485.687290][ T7212] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 485.780576][ T7303] XFS (loop3): Starting recovery (logdev: internal) [ 485.859728][ T25] usb 1-1: Using ep0 maxpacket: 32 [ 485.927283][ T7303] XFS (loop3): Ending recovery (logdev: internal) [ 485.992665][ T25] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 486.003231][ T25] usb 1-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 486.017513][ T25] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 486.027201][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 486.165112][ T25] hub 1-1:4.0: bad descriptor, ignoring hub [ 486.171967][ T25] hub 1-1:4.0: probe with driver hub failed with error -5 [ 486.187409][ T25] usbhid 1-1:4.0: couldn't find an input interrupt endpoint [ 486.392787][ T7323] fuse: Unknown parameter '' [ 486.485537][ T7212] hsr_slave_0: entered promiscuous mode [ 486.551716][ T7323] input: syz1 as /devices/virtual/input/input21 [ 486.591310][ T7212] hsr_slave_1: entered promiscuous mode [ 486.675335][ T6093] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 486.682079][ T7323] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 486.693872][ T7323] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 486.725910][ T7212] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 486.733967][ T7212] Cannot create hsr debugfs directory [ 487.356550][ T29] audit: type=1326 audit(1717837375.659:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7337 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fafc1c7cf69 code=0x0 [ 487.555356][ T7340] 9pnet_fd: Insufficient options for proto=fd [ 488.170842][ T25] usb 1-1: USB disconnect, device number 4 [ 488.686289][ T7350] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'. [ 489.615703][ T7212] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 489.710849][ T7212] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 489.822577][ T7212] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 489.965199][ T7212] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 491.103398][ T7375] netlink: 192 bytes leftover after parsing attributes in process `syz-executor.0'. [ 491.114816][ T7375] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.0'. [ 491.870982][ T7375] loop0: detected capacity change from 0 to 32768 [ 491.980602][ T7212] 8021q: adding VLAN 0 to HW filter on device bond0 [ 492.064010][ T7212] 8021q: adding VLAN 0 to HW filter on device team0 [ 492.094913][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 492.102703][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 492.167389][ T7375] XFS (loop0): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 492.226360][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 492.234155][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 492.383208][ T7392] 9pnet_fd: Insufficient options for proto=fd [ 492.385926][ T7212] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 492.397312][ T29] audit: type=1326 audit(1717837380.659:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7377 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2937e7cf69 code=0x0 [ 492.401551][ T7212] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 492.863598][ T7375] XFS (loop0): Starting recovery (logdev: internal) [ 492.910021][ T780] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 493.039168][ T7375] XFS (loop0): Ending recovery (logdev: internal) [ 493.198486][ T780] usb 3-1: Using ep0 maxpacket: 32 [ 493.360822][ T780] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 493.371281][ T780] usb 3-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 493.389169][ T780] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 493.394643][ T5417] XFS (loop0): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 493.399877][ T780] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 493.548535][ T780] hub 3-1:4.0: bad descriptor, ignoring hub [ 493.554873][ T780] hub 3-1:4.0: probe with driver hub failed with error -5 [ 493.568803][ T780] usbhid 3-1:4.0: couldn't find an input interrupt endpoint [ 493.834904][ T7397] fuse: Unknown parameter '' [ 494.024011][ T7397] input: syz1 as /devices/virtual/input/input22 [ 494.163735][ T7411] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 494.173723][ T7411] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 495.137071][ T7212] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 495.362583][ T7421] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'. [ 495.641003][ T5136] usb 3-1: USB disconnect, device number 6 [ 496.157934][ T7430] veth0_vlan: entered allmulticast mode [ 496.976380][ T29] audit: type=1326 audit(1717837385.239:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7437 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd04e67cf69 code=0x0 [ 498.677740][ T7212] veth0_vlan: entered promiscuous mode [ 498.810111][ T7212] veth1_vlan: entered promiscuous mode [ 499.223275][ T7212] veth0_macvtap: entered promiscuous mode [ 499.344481][ T7212] veth1_macvtap: entered promiscuous mode [ 499.596350][ T7212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 499.607842][ T7212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 499.618068][ T7212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 499.630109][ T7212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 499.640619][ T7212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 499.651494][ T7212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 499.661684][ T7212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 499.672408][ T7212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 499.691892][ T7212] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 500.126634][ T7212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.141405][ T7212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.152277][ T7212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.163380][ T7212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.173610][ T7212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.184358][ T7212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.194672][ T7212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.205462][ T7212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.221915][ T7212] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 500.651136][ T7212] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.660427][ T7212] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.669624][ T7212] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.678701][ T7212] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.762212][ T29] audit: type=1326 audit(1717837388.999:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7489 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2a1507cf69 code=0x0 [ 501.144031][ T7500] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.0'. [ 501.222186][ T7503] usb usb8: usbfs: interface 0 claimed by hub while 'syz-executor.2' sets config #3 [ 502.475836][ T7514] tipc: Started in network mode [ 502.481278][ T7514] tipc: Node identity ff020000000000000000000000000001, cluster identity 4711 [ 502.490601][ T7514] tipc: Enabling of bearer rejected, failed to enable media [ 502.586683][ T7521] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. [ 502.717333][ T7523] warning: `syz-executor.1' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 504.310362][ T7532] loop1: detected capacity change from 0 to 40427 [ 504.391905][ T7532] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 504.399892][ T7532] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 504.514406][ T7532] F2FS-fs (loop1): Found nat_bits in checkpoint [ 504.795142][ T7532] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 504.802765][ T7532] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 509.230204][ T29] audit: type=1326 audit(1717837397.489:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7563 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd04e67cf69 code=0x0 [ 510.583121][ T7579] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 512.260056][ T7595] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'. [ 512.622341][ T3518] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 512.640308][ T3518] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 512.791548][ T3518] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 512.799976][ T3518] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 513.000228][ T5083] Bluetooth: hci3: command 0x0406 tx timeout [ 516.748387][ T7617] loop3: detected capacity change from 0 to 1024 [ 516.824290][ T7617] hfsplus: request for non-existent node 3 in B*Tree [ 516.834665][ T7617] hfsplus: request for non-existent node 3 in B*Tree [ 516.844920][ T7617] Zero length message leads to an empty skb [ 518.232495][ T29] audit: type=1326 audit(1717837406.469:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7622 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2a1507cf69 code=0x0 [ 519.210111][ T7633] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 520.820206][ T7646] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.4'. [ 523.205608][ T7651] loop1: detected capacity change from 0 to 1024 [ 523.253534][ T7651] hfsplus: request for non-existent node 3 in B*Tree [ 523.260483][ T7651] hfsplus: request for non-existent node 3 in B*Tree [ 523.432212][ T7655] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.4'. [ 524.588648][ T29] audit: type=1326 audit(1717837412.849:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7659 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2937e7cf69 code=0x0 [ 526.304255][ T1218] ieee802154 phy0 wpan0: encryption failed: -22 [ 526.311030][ T1218] ieee802154 phy1 wpan1: encryption failed: -22 [ 526.732118][ T7675] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 528.024934][ T7683] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 529.912714][ T7690] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.1'. [ 530.692326][ T3289] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.778436][ T3289] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.941316][ T3289] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.037104][ T3289] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.217521][ T29] audit: type=1326 audit(1717837419.499:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7694 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2937e7cf69 code=0x0 [ 531.254999][ T5083] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 531.264299][ T5083] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 531.338150][ T5083] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 531.381395][ T5083] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 531.406292][ T5083] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 531.497118][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 531.783218][ T3289] bridge_slave_1: left allmulticast mode [ 531.789117][ T3289] bridge_slave_1: left promiscuous mode [ 531.795861][ T3289] bridge0: port 2(bridge_slave_1) entered disabled state [ 531.931318][ T3289] bridge_slave_0: left allmulticast mode [ 531.937100][ T3289] bridge_slave_0: left promiscuous mode [ 531.943530][ T3289] bridge0: port 1(bridge_slave_0) entered disabled state [ 533.160155][ T3289] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 533.179896][ T3289] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 533.236004][ T7713] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 533.258811][ T3289] bond0 (unregistering): Released all slaves [ 533.275198][ T3289] bond1 (unregistering): Released all slaves [ 533.561012][ T50] Bluetooth: hci0: command tx timeout [ 533.598594][ T3289] tipc: Left network mode [ 534.273050][ T3289] hsr_slave_0: left promiscuous mode [ 534.280885][ T7718] loop4: detected capacity change from 0 to 1024 [ 534.323235][ T3289] hsr_slave_1: left promiscuous mode [ 534.360080][ T3289] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 534.367715][ T3289] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 534.460061][ T3289] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 534.467619][ T3289] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 534.585734][ T3289] veth1_macvtap: left promiscuous mode [ 534.592249][ T3289] veth0_macvtap: left promiscuous mode [ 534.597987][ T3289] veth1_vlan: left promiscuous mode [ 534.644516][ T7722] loop1: detected capacity change from 0 to 256 [ 534.958594][ T7722] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf23980c3, utbl_chksum : 0xe619d30d) [ 535.037886][ T4130] hfsplus: b-tree write err: -5, ino 4 [ 535.643399][ T50] Bluetooth: hci0: command tx timeout [ 536.247873][ T3289] team0 (unregistering): Port device team_slave_1 removed [ 536.319573][ T3289] team0 (unregistering): Port device team_slave_0 removed [ 536.345046][ T7738] loop1: detected capacity change from 0 to 2048 [ 536.479378][ T7738] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found! [ 536.707215][ T7738] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 536.806013][ T7728] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 536.822320][ T7732] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 537.434679][ T7697] chnl_net:caif_netlink_parms(): no params data found [ 537.723223][ T50] Bluetooth: hci0: command tx timeout [ 538.411007][ T7754] loop1: detected capacity change from 0 to 8 [ 539.067505][ T29] audit: type=1326 audit(1717837427.319:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7756 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd04e67cf69 code=0x0 [ 539.543243][ T7697] bridge0: port 1(bridge_slave_0) entered blocking state [ 539.551381][ T7697] bridge0: port 1(bridge_slave_0) entered disabled state [ 539.559123][ T7697] bridge_slave_0: entered allmulticast mode [ 539.571155][ T7697] bridge_slave_0: entered promiscuous mode [ 539.703693][ T7697] bridge0: port 2(bridge_slave_1) entered blocking state [ 539.711513][ T7697] bridge0: port 2(bridge_slave_1) entered disabled state [ 539.719475][ T7697] bridge_slave_1: entered allmulticast mode [ 539.728457][ T7697] bridge_slave_1: entered promiscuous mode [ 539.773453][ T7769] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 539.800042][ T50] Bluetooth: hci0: command tx timeout [ 540.093268][ T7697] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 540.186442][ T7697] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 540.500913][ T7697] team0: Port device team_slave_0 added [ 540.556720][ T7697] team0: Port device team_slave_1 added [ 541.776657][ T7774] loop4: detected capacity change from 0 to 1024 [ 541.863290][ T7774] hfsplus: request for non-existent node 3 in B*Tree [ 541.870235][ T7774] hfsplus: request for non-existent node 3 in B*Tree [ 541.927425][ T7697] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 541.934820][ T7697] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 541.963398][ T7697] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 542.338647][ T7697] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 542.346092][ T7697] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 542.373057][ T7697] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 542.556388][ T5589] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 542.872830][ T7697] hsr_slave_0: entered promiscuous mode [ 542.965852][ T7697] hsr_slave_1: entered promiscuous mode [ 542.995554][ T7697] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 543.003625][ T7697] Cannot create hsr debugfs directory [ 543.119798][ T7781] loop4: detected capacity change from 0 to 1024 [ 543.800573][ T4433] Bluetooth: hci1: command 0x0406 tx timeout [ 544.024106][ T3518] hfsplus: b-tree write err: -5, ino 4 [ 544.216542][ T7789] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 545.274824][ T7797] Cannot find add_set index 0 as target [ 547.016504][ T7802] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.4'. [ 547.315713][ T7697] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 547.594060][ T7697] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 547.668116][ T7697] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 547.710934][ T7697] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 547.931080][ T7808] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 548.159981][ T29] audit: type=1326 audit(1717837436.429:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7810 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd04e67cf69 code=0x0 [ 549.509560][ T7697] 8021q: adding VLAN 0 to HW filter on device bond0 [ 549.650884][ T7697] 8021q: adding VLAN 0 to HW filter on device team0 [ 549.797549][ T5136] bridge0: port 1(bridge_slave_0) entered blocking state [ 549.805306][ T5136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 549.822046][ T5136] bridge0: port 2(bridge_slave_1) entered blocking state [ 549.829776][ T5136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 550.983214][ T3289] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.005701][ T4433] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 551.043887][ T4433] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 551.060969][ T4433] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 551.115602][ T4433] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 551.142082][ T4433] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 551.177507][ T4433] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 551.187625][ T7826] loop0: detected capacity change from 0 to 2048 [ 551.188877][ T3289] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.312711][ T7826] loop0: p4 < > [ 551.515084][ T3289] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.544484][ T7832] loop1: detected capacity change from 0 to 1024 [ 551.668672][ T4433] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 551.679982][ T4433] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 551.708397][ T4433] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 551.755718][ T4433] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 551.773716][ T4433] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 551.793295][ T4433] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 551.970265][ T3289] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 552.344355][ T3493] hfsplus: b-tree write err: -5, ino 4 [ 552.841088][ T3289] bridge_slave_1: left allmulticast mode [ 552.846960][ T3289] bridge_slave_1: left promiscuous mode [ 552.853749][ T3289] bridge0: port 2(bridge_slave_1) entered disabled state [ 552.984886][ T3289] bridge_slave_0: left allmulticast mode [ 552.990956][ T3289] bridge_slave_0: left promiscuous mode [ 552.997521][ T3289] bridge0: port 1(bridge_slave_0) entered disabled state [ 553.400616][ T5083] Bluetooth: hci2: command tx timeout [ 553.609184][ T7849] Cannot find add_set index 0 as target [ 553.969627][ T5083] Bluetooth: hci3: command tx timeout [ 554.090797][ T3289] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 554.138167][ T3289] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 554.165836][ T3289] bond0 (unregistering): Released all slaves [ 554.283994][ T7850] debugfs: Directory 'netdev:nicvf0' with parent 'phy19' already present! [ 555.003140][ T7697] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 555.349984][ T7867] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.0'. [ 555.376057][ T7827] chnl_net:caif_netlink_parms(): no params data found [ 555.482608][ T5083] Bluetooth: hci2: command tx timeout [ 555.664784][ T3289] hsr_slave_0: left promiscuous mode [ 555.708261][ T3289] hsr_slave_1: left promiscuous mode [ 555.774522][ T3289] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 555.782485][ T3289] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 555.836775][ T7875] 9pnet_fd: Insufficient options for proto=fd [ 555.850686][ T3289] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 555.858344][ T3289] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 555.952111][ T3289] veth1_macvtap: left promiscuous mode [ 555.957933][ T3289] veth0_macvtap: left promiscuous mode [ 555.966744][ T3289] veth1_vlan: left promiscuous mode [ 555.972427][ T3289] veth0_vlan: left promiscuous mode [ 556.040421][ T5083] Bluetooth: hci3: command tx timeout [ 556.306769][ T29] audit: type=1326 audit(1717837444.619:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7877 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2937e7cf69 code=0x0 [ 556.831921][ T3289] team0 (unregistering): Port device team_slave_1 removed [ 556.892787][ T3289] team0 (unregistering): Port device team_slave_0 removed [ 557.422066][ T7881] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'. [ 557.510664][ T7888] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 557.520295][ T7888] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 557.562730][ T5083] Bluetooth: hci2: command tx timeout [ 558.019764][ T7697] veth0_vlan: entered promiscuous mode [ 558.053577][ T7834] chnl_net:caif_netlink_parms(): no params data found [ 558.121883][ T5083] Bluetooth: hci3: command tx timeout [ 558.190837][ T7697] veth1_vlan: entered promiscuous mode [ 558.410742][ T7697] veth0_macvtap: entered promiscuous mode [ 558.498050][ T7697] veth1_macvtap: entered promiscuous mode [ 558.727116][ T7697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 558.738166][ T7697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.748787][ T7697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 558.759580][ T7697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.769784][ T7697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 558.780495][ T7697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.797366][ T7697] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 559.101316][ T7697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 559.113533][ T7697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 559.127700][ T7697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 559.139101][ T7697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 559.149212][ T7697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 559.160806][ T7697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 559.177603][ T7697] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 559.210307][ T7827] bridge0: port 1(bridge_slave_0) entered blocking state [ 559.217996][ T7827] bridge0: port 1(bridge_slave_0) entered disabled state [ 559.225937][ T7827] bridge_slave_0: entered allmulticast mode [ 559.234994][ T7827] bridge_slave_0: entered promiscuous mode [ 559.372626][ T7827] bridge0: port 2(bridge_slave_1) entered blocking state [ 559.383477][ T7827] bridge0: port 2(bridge_slave_1) entered disabled state [ 559.391365][ T7827] bridge_slave_1: entered allmulticast mode [ 559.400567][ T7827] bridge_slave_1: entered promiscuous mode [ 559.516537][ T7697] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.525752][ T7697] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.538702][ T7697] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.548578][ T7697] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.661340][ T5083] Bluetooth: hci2: command tx timeout [ 559.950172][ T7834] bridge0: port 1(bridge_slave_0) entered blocking state [ 559.957894][ T7834] bridge0: port 1(bridge_slave_0) entered disabled state [ 559.965899][ T7834] bridge_slave_0: entered allmulticast mode [ 559.976262][ T7834] bridge_slave_0: entered promiscuous mode [ 560.006560][ T7827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 560.171555][ T7827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 560.190831][ T7834] bridge0: port 2(bridge_slave_1) entered blocking state [ 560.198606][ T7834] bridge0: port 2(bridge_slave_1) entered disabled state [ 560.209706][ T7834] bridge_slave_1: entered allmulticast mode [ 560.218748][ T7834] bridge_slave_1: entered promiscuous mode [ 560.230113][ T5083] Bluetooth: hci3: command tx timeout [ 560.545670][ T7915] loop1: detected capacity change from 0 to 1024 [ 560.620261][ T7834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 560.687366][ T7827] team0: Port device team_slave_0 added [ 560.741514][ T7834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 560.765205][ T7827] team0: Port device team_slave_1 added [ 561.210398][ T34] hfsplus: b-tree write err: -5, ino 4 [ 561.221975][ T7827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 561.229123][ T7827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 561.255810][ T7827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 561.326351][ T7834] team0: Port device team_slave_0 added [ 561.383540][ T7834] team0: Port device team_slave_1 added [ 561.414904][ T7827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 561.422859][ T7827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 561.449194][ T7827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 561.719064][ T7834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 561.726513][ T7834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 561.752909][ T7834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 561.909876][ T7834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 561.917028][ T7834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 561.943499][ T7834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 562.203648][ T7827] hsr_slave_0: entered promiscuous mode [ 562.261689][ T7827] hsr_slave_1: entered promiscuous mode [ 562.770778][ T7834] hsr_slave_0: entered promiscuous mode [ 562.846152][ T7834] hsr_slave_1: entered promiscuous mode [ 562.888198][ T7834] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 562.896328][ T7834] Cannot create hsr debugfs directory [ 563.754458][ T3289] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.927254][ T3289] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 564.114477][ T3289] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 564.324903][ T3289] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 564.861008][ T3289] bridge_slave_1: left allmulticast mode [ 564.866892][ T3289] bridge_slave_1: left promiscuous mode [ 564.876610][ T3289] bridge0: port 2(bridge_slave_1) entered disabled state [ 564.930781][ T3289] bridge_slave_0: left allmulticast mode [ 564.936653][ T3289] bridge_slave_0: left promiscuous mode [ 564.945231][ T3289] bridge0: port 1(bridge_slave_0) entered disabled state [ 565.643111][ T3289] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 565.706266][ T3289] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 565.773370][ T3289] bond0 (unregistering): Released all slaves [ 566.890178][ T7827] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 566.943142][ T7952] Cannot find add_set index 0 as target [ 567.035349][ T7827] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 567.439656][ T3289] hsr_slave_0: left promiscuous mode [ 567.479861][ T3289] hsr_slave_1: left promiscuous mode [ 567.533146][ T3289] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 567.541169][ T3289] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 567.584814][ T3289] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 567.592958][ T3289] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 567.660902][ T3289] veth1_macvtap: left promiscuous mode [ 567.666669][ T3289] veth0_macvtap: left promiscuous mode [ 567.674402][ T3289] veth1_vlan: left promiscuous mode [ 567.680414][ T3289] veth0_vlan: left promiscuous mode [ 568.558941][ T3289] team0 (unregistering): Port device team_slave_1 removed [ 568.712547][ T3289] team0 (unregistering): Port device team_slave_0 removed [ 569.032664][ T7827] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 569.200930][ T7827] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 569.772665][ T7963] 9pnet_fd: Insufficient options for proto=fd [ 569.779645][ T7834] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 569.846323][ T7834] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 569.891772][ T7834] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 569.960816][ T7834] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 570.390567][ T3518] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 570.398631][ T3518] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 570.478107][ T7968] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.1'. [ 570.747223][ T5133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 570.756235][ T5133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 570.909686][ T7827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 571.152412][ T7827] 8021q: adding VLAN 0 to HW filter on device team0 [ 571.209912][ T779] bridge0: port 1(bridge_slave_0) entered blocking state [ 571.217595][ T779] bridge0: port 1(bridge_slave_0) entered forwarding state [ 571.378153][ T779] bridge0: port 2(bridge_slave_1) entered blocking state [ 571.385931][ T779] bridge0: port 2(bridge_slave_1) entered forwarding state [ 571.672930][ T7834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 571.910215][ T7834] 8021q: adding VLAN 0 to HW filter on device team0 [ 572.075485][ T780] bridge0: port 1(bridge_slave_0) entered blocking state [ 572.083296][ T780] bridge0: port 1(bridge_slave_0) entered forwarding state [ 572.174793][ T29] audit: type=1326 audit(1717837460.459:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7974 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2937e7cf69 code=0x0 [ 572.189157][ T780] bridge0: port 2(bridge_slave_1) entered blocking state [ 572.205002][ T780] bridge0: port 2(bridge_slave_1) entered forwarding state [ 573.351991][ T7986] devpts: called with bogus options [ 573.583814][ T7989] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 573.595021][ T7989] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 574.056557][ T7827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 574.133475][ T7994] loop2: detected capacity change from 0 to 1024 [ 574.565874][ T7834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 574.672475][ T34] hfsplus: b-tree write err: -5, ino 4 [ 575.041446][ T7834] veth0_vlan: entered promiscuous mode [ 575.141746][ T7834] veth1_vlan: entered promiscuous mode [ 575.203238][ T8002] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 575.421070][ T7834] veth0_macvtap: entered promiscuous mode [ 575.553337][ T7834] veth1_macvtap: entered promiscuous mode [ 575.767449][ T7834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 575.778302][ T7834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 575.788754][ T7834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 575.799573][ T7834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 575.809810][ T7834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 575.823786][ T7834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 575.839411][ T7834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 576.207704][ T7834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 576.218783][ T7834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.232307][ T7834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 576.243690][ T7834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.253800][ T7834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 576.264616][ T7834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.281361][ T7834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 576.480560][ T7834] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.489767][ T7834] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.498781][ T7834] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.507953][ T7834] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.533871][ T8012] Cannot find add_set index 0 as target [ 576.621846][ T8013] 9pnet_fd: Insufficient options for proto=fd [ 577.172638][ T8019] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.2'. [ 577.595395][ T7827] veth0_vlan: entered promiscuous mode [ 577.782207][ T7827] veth1_vlan: entered promiscuous mode [ 577.792798][ T29] audit: type=1326 audit(1717837466.019:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8023 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2937e7cf69 code=0x0 [ 578.107254][ T7827] veth0_macvtap: entered promiscuous mode [ 578.194940][ T7827] veth1_macvtap: entered promiscuous mode [ 578.412554][ T7827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 578.424505][ T7827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.434721][ T7827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 578.445590][ T7827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.455739][ T7827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 578.466499][ T7827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.480014][ T7827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 578.491416][ T7827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.506666][ T7827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 578.581800][ T7827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 578.592660][ T7827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.604964][ T7827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 578.616174][ T7827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.626370][ T7827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 578.637136][ T7827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.647333][ T7827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 578.658353][ T7827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.673473][ T7827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 578.963102][ T7827] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.972380][ T7827] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.981688][ T7827] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.994240][ T7827] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 579.071403][ T8042] serio: Serial port pts0 [ 579.991675][ T8063] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 580.072532][ T8064] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 580.083982][ T8064] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 581.404298][ T8081] 9pnet_fd: Insufficient options for proto=fd [ 581.984305][ T2448] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 581.993856][ T2448] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 582.091992][ T8088] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.1'. [ 582.114852][ T3518] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 582.123794][ T3518] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 582.740247][ T29] audit: type=1326 audit(1717837471.009:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8096 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2937e7cf69 code=0x0 [ 583.018047][ T8106] loop0: detected capacity change from 0 to 256 [ 583.135026][ T8106] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d) [ 583.886166][ T8120] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 584.066102][ T8124] 9pnet_fd: Insufficient options for proto=fd [ 584.273743][ T779] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 584.282149][ T779] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 584.695843][ T779] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 584.704559][ T779] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 584.913435][ T8131] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.0'. [ 585.351234][ T8134] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 585.360958][ T8134] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 585.411192][ T8135] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 586.041559][ T29] audit: type=1326 audit(1717837474.339:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8146 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffbf087cf69 code=0x0 [ 586.549638][ T8159] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 586.951412][ T8161] 9pnet_fd: Insufficient options for proto=fd [ 587.416466][ T8171] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.3'. [ 587.787281][ T1218] ieee802154 phy0 wpan0: encryption failed: -22 [ 587.796849][ T1218] ieee802154 phy1 wpan1: encryption failed: -22 [ 588.340772][ T8180] xt_CT: No such helper "syz0" [ 588.703951][ T8187] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 588.924722][ T29] audit: type=1326 audit(1717837477.219:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8188 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2937e7cf69 code=0x0 [ 589.205043][ T8197] CUSE: DEVNAME unspecified [ 589.337024][ T8201] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 589.347050][ T8201] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 589.680250][ T8208] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.0'. [ 590.086840][ T8213] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.2'. [ 590.815946][ T8219] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 590.855080][ T8221] Cannot find add_set index 0 as target [ 591.657990][ T8230] binder: 8225:8230 unknown command 0 [ 591.663866][ T8230] binder: 8225:8230 ioctl c0306201 20000580 returned -22 [ 591.764660][ T8231] loop2: detected capacity change from 0 to 64 [ 592.349801][ T8239] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.3'. [ 592.766862][ T8242] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.2'. [ 592.870259][ T29] audit: type=1326 audit(1717837481.139:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8241 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2937e7cf69 code=0x0 [ 592.894260][ T8247] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 593.863686][ T8260] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 593.873458][ T8260] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 594.004002][ T8257] Cannot find add_set index 0 as target [ 594.899455][ T8271] loop1: detected capacity change from 0 to 256 [ 595.075408][ T8274] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.4'. [ 595.475138][ T8280] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 595.509557][ T8278] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 595.808685][ T29] audit: type=1326 audit(1717837484.139:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8284 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffbf087cf69 code=0x0 [ 596.687503][ T8292] Cannot find add_set index 0 as target [ 597.553405][ T8313] 9pnet: p9_errstr2errno: server reported unknown error m_exclusive [ 597.562215][ T8317] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.4'. [ 597.614499][ T8319] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 597.627082][ T8319] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 597.912962][ T8323] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 599.312172][ T8336] Cannot find add_set index 0 as target [ 599.762477][ T29] audit: type=1326 audit(1717837488.089:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffbf087cf69 code=0x0 [ 599.958612][ T8355] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.2'. [ 600.026132][ T8357] loop0: detected capacity change from 0 to 256 [ 600.109187][ T8361] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. [ 601.028406][ T8367] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 601.284172][ T5083] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 601.455279][ T8378] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 601.465012][ T8378] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 601.567244][ T8381] input: syz1 as /devices/virtual/input/input23 [ 602.058249][ T8383] Cannot find add_set index 0 as target [ 602.317635][ T8388] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.1'. [ 602.342532][ T8389] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 602.558184][ T8392] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 602.692031][ T8390] loop2: detected capacity change from 0 to 512 [ 602.752089][ T8390] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 602.797414][ T8390] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e02c, mo2=0102] [ 602.803605][ T8390] EXT4-fs (loop2): orphan cleanup on readonly fs [ 602.821954][ T8390] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz-executor.2: bg 0: block 361: padding at end of block bitmap is not set [ 602.836886][ T29] audit: type=1326 audit(1717837491.129:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2937e7cf69 code=0x0 [ 602.837298][ T8390] EXT4-fs (loop2): Remounting filesystem read-only [ 602.855817][ T8390] EXT4-fs (loop2): 1 truncate cleaned up [ 602.855938][ T8390] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 602.915395][ T8390] EXT4-fs warning (device loop2): dx_probe:892: inode #2: comm syz-executor.2: dx entry: limit 0 != root limit 125 [ 602.961744][ T8390] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended [ 602.981453][ T8399] loop3: detected capacity change from 0 to 1024 [ 604.311711][ T7697] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 604.365922][ T8417] Cannot find add_set index 0 as target [ 604.431490][ T8416] loop4: detected capacity change from 0 to 512 [ 604.517374][ T8416] EXT4-fs error (device loop4): ext4_orphan_get:1394: inode #15: comm syz-executor.4: casefold flag without casefold feature [ 604.536859][ T8416] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 604.570052][ T8416] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 604.713013][ T8416] EXT4-fs error (device loop4): htree_dirblock_to_tree:1082: inode #2: comm syz-executor.4: Directory hole found for htree leaf block [ 604.800926][ T8426] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.3'. [ 604.913747][ T7827] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 605.220800][ T8430] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 605.230655][ T8430] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 605.438529][ T8435] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 605.742425][ T8437] ===================================================== [ 605.750797][ T8437] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x24b0 [ 605.758300][ T8437] _copy_to_iter+0x366/0x24b0 [ 605.764103][ T8437] raw_recvmsg+0x2b8/0x9e0 [ 605.768835][ T8437] sock_recvmsg+0x2c4/0x340 [ 605.773713][ T8437] ____sys_recvmsg+0x18a/0x620 [ 605.778695][ T8437] ___sys_recvmsg+0x223/0x840 [ 605.783747][ T8437] do_recvmmsg+0x4fc/0xfd0 [ 605.788360][ T8437] __x64_sys_recvmmsg+0x397/0x490 [ 605.793786][ T8437] x64_sys_call+0xf6c/0x3b50 [ 605.798585][ T8437] do_syscall_64+0xcf/0x1e0 [ 605.803504][ T8437] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.809756][ T8437] [ 605.812180][ T8437] Uninit was created at: [ 605.820275][ T8437] kmem_cache_alloc_node+0x622/0xc90 [ 605.826390][ T8437] kmalloc_reserve+0x13d/0x4a0 [ 605.831483][ T8437] __alloc_skb+0x35b/0x7a0 [ 605.836064][ T8437] alloc_skb_with_frags+0xc8/0xbf0 [ 605.841501][ T8437] sock_alloc_send_pskb+0xa81/0xbf0 [ 605.846920][ T8437] j1939_sk_sendmsg+0xc0a/0x2730 [ 605.852267][ T8437] __sock_sendmsg+0x30f/0x380 [ 605.857109][ T8437] ____sys_sendmsg+0x877/0xb60 [ 605.862290][ T8437] ___sys_sendmsg+0x28d/0x3c0 [ 605.867180][ T8437] __x64_sys_sendmsg+0x307/0x4a0 [ 605.872491][ T8437] x64_sys_call+0xc4b/0x3b50 [ 605.877297][ T8437] do_syscall_64+0xcf/0x1e0 [ 605.882297][ T8437] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.888405][ T8437] 2024/06/08 09:04:54 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 605.890981][ T8437] Bytes 12-15 of 16 are uninitialized [ 605.896470][ T8437] Memory access of size 16 starts at ffff88803b0c4f10 [ 605.903519][ T8437] Data copied to user address 00000000200017c0 [ 605.909921][ T8437] [ 605.912343][ T8437] CPU: 0 PID: 8437 Comm: syz-executor.1 Not tainted 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 605.926078][ T8437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 605.936969][ T8437] ===================================================== [ 605.944596][ T8437] Disabling lock debugging due to kernel taint [ 605.950969][ T8437] Kernel panic - not syncing: kmsan.panic set ... [ 605.957497][ T8437] CPU: 0 PID: 8437 Comm: syz-executor.1 Tainted: G B 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 605.969132][ T8437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 605.979332][ T8437] Call Trace: [ 605.982718][ T8437] [ 605.985742][ T8437] dump_stack_lvl+0x216/0x2d0 [ 605.990624][ T8437] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 605.996633][ T8437] dump_stack+0x1e/0x30 [ 606.000986][ T8437] panic+0x4e2/0xcd0 [ 606.005080][ T8437] ? kmsan_get_metadata+0xf1/0x1d0 [ 606.010400][ T8437] kmsan_report+0x2d5/0x2e0 [ 606.015091][ T8437] ? finish_task_switch+0x1c8/0x8f0 [ 606.020503][ T8437] ? kmsan_internal_check_memory+0x48c/0x560 [ 606.026714][ T8437] ? kmsan_copy_to_user+0xd5/0xf0 [ 606.031905][ T8437] ? _copy_to_iter+0x366/0x24b0 [ 606.036963][ T8437] ? raw_recvmsg+0x2b8/0x9e0 [ 606.041727][ T8437] ? sock_recvmsg+0x2c4/0x340 [ 606.046570][ T8437] ? ____sys_recvmsg+0x18a/0x620 [ 606.051707][ T8437] ? ___sys_recvmsg+0x223/0x840 [ 606.056758][ T8437] ? do_recvmmsg+0x4fc/0xfd0 [ 606.061542][ T8437] ? __x64_sys_recvmmsg+0x397/0x490 [ 606.066951][ T8437] ? x64_sys_call+0xf6c/0x3b50 [ 606.071912][ T8437] ? do_syscall_64+0xcf/0x1e0 [ 606.076795][ T8437] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.083074][ T8437] ? __schedule+0x22df/0x6bc0 [ 606.087923][ T8437] ? __update_load_avg_cfs_rq+0x121/0x10e0 [ 606.093950][ T8437] ? kmsan_get_metadata+0x146/0x1d0 [ 606.099322][ T8437] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 606.105314][ T8437] ? _raw_spin_lock_irqsave+0x35/0xc0 [ 606.110870][ T8437] ? kmsan_get_metadata+0x146/0x1d0 [ 606.116246][ T8437] ? kmsan_get_metadata+0x146/0x1d0 [ 606.121622][ T8437] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 606.127609][ T8437] ? _raw_spin_lock_irqsave+0x35/0xc0 [ 606.133169][ T8437] ? filter_irq_stacks+0x60/0x1a0 [ 606.138412][ T8437] ? kmsan_get_metadata+0x146/0x1d0 [ 606.143784][ T8437] ? kmsan_get_metadata+0x146/0x1d0 [ 606.149154][ T8437] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 606.155165][ T8437] kmsan_internal_check_memory+0x48c/0x560 [ 606.161228][ T8437] kmsan_copy_to_user+0xd5/0xf0 [ 606.166249][ T8437] ? should_fail_usercopy+0x2e/0x40 [ 606.171647][ T8437] _copy_to_iter+0x366/0x24b0 [ 606.176541][ T8437] ? __pfx_sk_busy_loop_end+0x10/0x10 [ 606.182107][ T8437] ? kmsan_get_metadata+0xf1/0x1d0 [ 606.187413][ T8437] raw_recvmsg+0x2b8/0x9e0 [ 606.192025][ T8437] ? __pfx_raw_recvmsg+0x10/0x10 [ 606.197145][ T8437] ? __pfx_raw_recvmsg+0x10/0x10 [ 606.202277][ T8437] sock_recvmsg+0x2c4/0x340 [ 606.206950][ T8437] ____sys_recvmsg+0x18a/0x620 [ 606.211925][ T8437] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 606.217930][ T8437] ? kmsan_get_metadata+0x146/0x1d0 [ 606.223322][ T8437] ___sys_recvmsg+0x223/0x840 [ 606.228235][ T8437] ? kmsan_get_metadata+0x146/0x1d0 [ 606.233618][ T8437] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 606.239617][ T8437] do_recvmmsg+0x4fc/0xfd0 [ 606.244244][ T8437] ? stack_depot_save_flags+0x2c/0x6e0 [ 606.249886][ T8437] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 606.256375][ T8437] ? x64_sys_call+0xf6c/0x3b50 [ 606.261352][ T8437] __x64_sys_recvmmsg+0x397/0x490 [ 606.266599][ T8437] ? kmsan_get_metadata+0x146/0x1d0 [ 606.271990][ T8437] x64_sys_call+0xf6c/0x3b50 [ 606.276782][ T8437] do_syscall_64+0xcf/0x1e0 [ 606.281502][ T8437] ? clear_bhb_loop+0x25/0x80 [ 606.286400][ T8437] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.292509][ T8437] RIP: 0033:0x7f2937e7cf69 [ 606.297061][ T8437] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 606.316858][ T8437] RSP: 002b:00007f2938b300c8 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 606.325456][ T8437] RAX: ffffffffffffffda RBX: 00007f2937fb3f80 RCX: 00007f2937e7cf69 [ 606.333577][ T8437] RDX: 0000000000000001 RSI: 0000000020003080 RDI: 0000000000000003 [ 606.341685][ T8437] RBP: 00007f2937eda6fe R08: 0000000000000000 R09: 0000000000000000 [ 606.349795][ T8437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 606.357900][ T8437] R13: 000000000000000b R14: 00007f2937fb3f80 R15: 00007ffcb2d428c8 [ 606.366049][ T8437] [ 606.369380][ T8437] Kernel Offset: disabled [ 606.373760][ T8437] Rebooting in 86400 seconds..