last executing test programs: 27.884957616s ago: executing program 3 (id=1161): syz_open_dev$tty20(0xc, 0x4, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, 0x0) ioctl$UI_DEV_CREATE(r1, 0x5501) write$input_event(r1, &(0x7f0000000400)={{}, 0x4, 0x2, 0x4}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000480)={'batadv0\x00', 0x0}) sendto$packet(r5, &(0x7f0000000080)="020000ffffffba00004000", 0xb, 0x0, &(0x7f0000000000)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @random="6d6eb1f60783"}, 0x14) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@setlink={0x3c, 0x13, 0x1, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, r4}, @IFLA_ALT_IFNAME={0x14, 0x35, 'dummy0\x00'}]}, 0x3c}}, 0x0) r7 = socket$pppl2tp(0x18, 0x1, 0x1) syz_emit_ethernet(0x0, 0x0, 0x0) ioctl$SIOCSIFMTU(r7, 0x8922, &(0x7f0000000080)={'dummy0\x00'}) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000006180)=""/152, 0x98}], 0x1, &(0x7f0000008640)=[{0x0}], 0x1, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) write$binfmt_script(r8, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r8, 0x0) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) 26.490074345s ago: executing program 3 (id=1166): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000080)=0x3ff, 0x4) recvmmsg(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000001880)=""/246, 0x13e}], 0x1, &(0x7f00000000c0)=""/7, 0x10}, 0x2}], 0x1, 0x0, 0x0) 26.212601551s ago: executing program 3 (id=1169): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10) r2 = fcntl$dupfd(r0, 0x0, r1) write$P9_RMKNOD(r2, &(0x7f0000000080)={0x14}, 0xfdef) 26.101142181s ago: executing program 3 (id=1170): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.throttle.io_serviced\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfffffd9d) sendfile(r0, r1, 0x0, 0x8000002b) 25.203882644s ago: executing program 3 (id=1175): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r0}, 0x18) socket$unix(0x1, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000040000000c"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/vmallocinfo\x00', 0x0, 0x0) r1 = socket$l2tp(0x2, 0x2, 0x73) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000680), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000006c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000f000000050033000100000008000300", @ANYRES32=r4], 0x24}}, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r6}}, 0x24}}, 0x0) 24.687731302s ago: executing program 3 (id=1176): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_resuseaddr={0x0}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}}}, 0x30) write$binfmt_elf64(r2, 0x0, 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000100)='./file0\x00') newfstatat(0xffffffffffffff9c, &(0x7f00000004c0)='.\x00', 0x0, 0x0) 17.035478922s ago: executing program 0 (id=1212): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x9, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x10, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) 15.486801535s ago: executing program 0 (id=1215): r0 = socket$inet_tcp(0x2, 0x1, 0x0) syz_open_dev$usbfs(0x0, 0x74, 0x101301) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x3, 0x1004, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r4, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000e8000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000280)=0x3, 0x4) 13.501026149s ago: executing program 0 (id=1220): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x41, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000080)=0x3ff, 0x4) recvmmsg(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000001880)=""/246, 0x13e}], 0x1, &(0x7f00000000c0)=""/7, 0x10}, 0x2}], 0x1, 0x0, 0x0) 13.359023812s ago: executing program 0 (id=1224): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001f00010a00000000000000000000000005000000000000009607184fdfc029f7b8e04ee35a3e2932b0f1538fb1bef05e908cb4486849c44d754241de37"], 0x14}}, 0x0) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r2, 0x0) write$bt_hci(r1, &(0x7f00000000c0)={0x1, @write_sc_support={{0xc7a, 0x1}}}, 0x6) 13.203041707s ago: executing program 0 (id=1226): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r4 = fanotify_init(0x0, 0x0) readv(r4, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1) fanotify_mark(r4, 0x1, 0x40001019, r3, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 11.209109422s ago: executing program 4 (id=1232): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x9, 0x2a8, &(0x7f0000000500)="$eJzs3F9IU38Yx/HHPz/1Z+hGRFBQPeVNRRzcrgMdoRENjHJhCcExz2rstI2dsZqEWxB400U3/buuIEIQoosgELvoKpTwrovuvPMiu0oiOjGnudnUMnWS79fF9rDn+zl8z58dtu9g08fvXouGHSNspqS6oUqq2yUns1XilWpZkJMj10fe7zt34eLpQDDYcVa1M9Dt86tq84HR3pvDh8ZSO86/bH5dL+PeS9Mz/qnx3eN7pr93X404GnE0Fk+pqX3xeMrssy3tv+9EDdUztmU6lkZijpUs6YfteCKRUTPW39SYSFqOo2Yso1Ero6m4ppIZNa+YkZgahqFNjYKVDacfBZbvhp7Puq7MpN65bn1OXNfNv9iwidNDhc2df9ctOv93Kj0lbKKim3qDiD2UDqVDhedCPxCWiNhiSat45JvkrxH38Yg7d6nkH2/4R4KTR9++UVWvDNrZ+Xw2HaopzfvEI95CpqBQd54Kdvi0oDT/nzQW5/3ikV3l8/6y+To53FKUN8Qjk5clLrZMjB78MtU19GAhP+hTPdEVXJL/X/oXD9OzzxU6PwAAAAAAAAAArIWhP5VdvzfyA24PqGrTkn4hX+73gaXr861l1+drZW9tZfcdAAAAAIDtwskMRE3btpJ/WeS/yq/Hdv694smt3x+8v3PlMS1tNRPtH3KJrbBff1B87dkS0ygtZH71abXBNev8TlksPq3Ldqrm57f8mJO9H1+sup26X47PcsY2/q4EAAAAYCMsfuhvk2z4VTrbc+xepecEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB2s4a/HJt4WK6l+WLn03KtSu8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADASn4EAAD//xAR0Ao=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000140)={0x0, 0x0}) r6 = syz_open_procfs(r5, &(0x7f0000000600)='fd/4\x00') fsetxattr$system_posix_acl(r6, &(0x7f0000000100)='system.posix_acl_access\x00', &(0x7f0000000500)={{}, {0x1, 0x2}, [], {0x4, 0x2}, [], {}, {0x20, 0x5}}, 0x24, 0x0) 9.159572101s ago: executing program 0 (id=1235): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='ext4_sync_fs\x00', r2}, 0x10) sync() 7.522804223s ago: executing program 4 (id=1239): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) 6.203820656s ago: executing program 4 (id=1242): r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) read$FUSE(r0, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a00060000000000000500e50000070000001ffeff0001000003f1dc7f7c6e870200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) sendmmsg(r6, &(0x7f0000000180), 0x400008a, 0x0) wait4(0x0, 0x0, 0x20000000, 0x0) chmod(&(0x7f0000000080)='./file0\x00', 0x0) 6.123930033s ago: executing program 2 (id=1243): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000500000008500000008000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCVHANGUP(r1, 0x5437, 0x2) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 6.003201394s ago: executing program 2 (id=1244): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000340)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 4.353271097s ago: executing program 2 (id=1248): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000000)={[{@jqfmt_vfsv0}, {@errors_remount}]}, 0x1, 0x784, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0TwIqh4EPTSsy/15tWXq/4XHqSlalqseJDI7Eu7bXbTTZvdDeTzgck+z8xsnue7z8wzz+wMOwHsWRPpn0zEoYj4KIkYq89PImKomhqMOFFb7/b6Wj6dktjYePOPpLrOrfW1fDS9J3WgnnkyIn58P+JwZnO55ZXV+VyxWFiq56cqC+enyiurR84t5OYKc4XFY9MzM0ePv3D82M7F+tcvqwevf/zas9+c+Oe9J65++FMSJ+JgfVlzHDtlIibqn8lQ+hHe49WdLqzPkn5XgIeS7poDtb08DsVYDFRTbYz0smYAQLe8GxEbAMAekzj+A8Ae0/ge4Nb6Wr4x9fcbid668UpE7K/F37i+WVsyWL9mt796HXT0VnLPlZEkIsZ3oPyJiPjiu7e/Sqfo0nVIgFYuXY6IM+MTm/v/ZNM9C9v13FYLN4arLxP3zdb/Qe98n45/Xmw1/svcGf9Ei/HPcIt992E8eP/PXNuBYtpKx38vN93bdrsp/rrxgXruf9Ux31By9lyxkPZt/4+IyRgaTvPT1VVb3wU1efPfm+3Kbx7//fnJO1+m5aevd9fIXBscvvc9s7lK7lHjbrhxOeKpwVbxJ3faP2kz/j3VYRmvv/TB5+2WpfGn8TamzfF318aViGdatv/dtky2vD9xqro5TDU2iha+/fWz0XblN7d/OqXlN84FeiFt/9Gt4x9Pmu/XLG+/jJ+vjP3QbtmD42+9/e9L3qqm99XnXcxVKkvTEfuSNzbPP3r3vY18Y/00/smnW+//W23/6TnhmQ7jH7z++9cPH393pfHPbqv9t5+4ent+oF35nbX/TDU1WZ/TSf/XaQUf5bMDAAAAAAAAAAAAAAAAAAAAAAAAgE5lIuJgJJnsnXQmk83WnuH9eIxmiqVy5fDZ0vLibFSflT0eQ5nGT12ONf0e6nT99/Ab+aP35Z+PiMci4tPhkWo+my8VZ/sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHWjz/P/Ub8P9rh0A0DX7+10BAKDnHP8BYO/Z3vF/pGv1AAB6x/k/AOw9HR//z3S3HgBA7zj/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMtOnTyZTht/r6/l0/zshZXl+dKFI7OF8nx2YTmfzZeWzmfnSqW5YiGbLy20/UeXai/FUun8TCwuX5yqFMqVqfLK6umF0vJi5fS5hdxc4XRhqGeRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnyiur87lisbAksWViZHdUY9ckBmNXVEOia4nmXmKkfx0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwC73XwAAAP//+Lkq2Q==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)={'#! ', './file0'}, 0xb) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000020240), 0x10010) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x71}, [@ldst={0x6, 0x2}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 4.352957647s ago: executing program 2 (id=1251): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x9, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) 3.489296797s ago: executing program 2 (id=1254): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) 3.343753311s ago: executing program 4 (id=1255): syz_emit_vhci(0x0, 0x0) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) shutdown(r2, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB(0xffffffffffffffff, 0xc01c64ae, 0x0) listen(r0, 0x0) 3.184500865s ago: executing program 4 (id=1256): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000080)={0x0, 0x7, 0x30}, 0xc) sendto$inet(r4, &(0x7f0000000040)='}', 0x1, 0x0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r4, &(0x7f0000000280)='p', 0x29fcb, 0x0, 0x0, 0x0) sendto$inet(r4, &(0x7f0000000300)="ab", 0x1, 0x0, 0x0, 0x0) 2.130033403s ago: executing program 1 (id=1260): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000080), 0x4) 1.920762603s ago: executing program 1 (id=1261): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, 0x0, 0x0) sendmsg$inet(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="11000000000000000000000001000000f70000000000000058"], 0x108}, 0x0) 1.607288521s ago: executing program 1 (id=1262): r0 = socket(0x11, 0x3, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000300)=0x16, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, 0x0}, 0x0) 1.607219091s ago: executing program 1 (id=1263): r0 = socket$inet6(0xa, 0x3, 0x20) connect$inet6(r0, 0x0, 0x0) 1.350312425s ago: executing program 1 (id=1264): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x9, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) 153.102226ms ago: executing program 2 (id=1265): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) connect$inet(r0, 0x0, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="00222200000096231306e53f070c0000002a9000070900be0083000000000b09007a150b5d8c3dda89"], 0x0}, 0x0) r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f0000000040)=0x21) ioctl$EVIOCGKEYCODE_V2(r2, 0x80284504, &(0x7f0000000040)=""/95) 9.99562ms ago: executing program 1 (id=1266): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCVHANGUP(r1, 0x5437, 0x2) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 0s ago: executing program 4 (id=1267): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001f00010a00000000000000000000000005000000000000009607184fdfc029f7b8e04ee35a3e2932b0f1538fb1bef05e908cb4486849c44d754241de37"], 0x14}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_aout(r2, &(0x7f00000002c0)=ANY=[], 0xc1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r2, 0x0) write$bt_hci(r1, &(0x7f00000000c0)={0x1, @write_sc_support={{0xc7a, 0x1}}}, 0x6) kernel console output (not intermixed with test programs): nexpected cc 0x0c38 length: 249 > 2 [ 152.657581][ T1164] usb 1-1: Product: syz [ 152.669154][ T1164] usb 1-1: Manufacturer: syz [ 152.674075][ T1164] usb 1-1: SerialNumber: syz [ 152.713018][ T5137] XFS (loop2): Ending clean mount [ 152.735471][ T1164] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 152.735746][ T5137] XFS (loop2): Quotacheck needed: Please wait. [ 152.771620][ T5116] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.783642][ T5116] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.796832][ T5116] device bridge_slave_0 entered promiscuous mode [ 152.813899][ T5137] XFS (loop2): Quotacheck: Done. [ 152.818999][ T5116] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.826528][ T5116] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.839854][ T5116] device bridge_slave_1 entered promiscuous mode [ 152.874273][ T3643] Bluetooth: hci3: command tx timeout [ 152.925893][ T4824] XFS (loop2): Unmounting Filesystem [ 152.973609][ T5116] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 153.054375][ T5116] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 153.148458][ T5116] team0: Port device team_slave_0 added [ 153.173970][ T5116] team0: Port device team_slave_1 added [ 153.310557][ T1164] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 153.367409][ T5116] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 153.390425][ T5116] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.513888][ T5116] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 153.545199][ T5116] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 153.552322][ T5116] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.589466][ T5116] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 153.671886][ T3721] usb 1-1: USB disconnect, device number 3 [ 154.331232][ T5169] netlink: 44 bytes leftover after parsing attributes in process `syz.1.470'. [ 154.385371][ T1164] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 154.399177][ T1164] ath9k_htc: Failed to initialize the device [ 154.406336][ T3721] usb 1-1: ath9k_htc: USB layer deinitialized [ 154.480597][ T5154] chnl_net:caif_netlink_parms(): no params data found [ 154.570377][ T5116] device hsr_slave_0 entered promiscuous mode [ 154.578439][ T5116] device hsr_slave_1 entered promiscuous mode [ 154.593142][ T5116] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 154.605674][ T5116] Cannot create hsr debugfs directory [ 154.692567][ T62] device hsr_slave_0 left promiscuous mode [ 154.699109][ T62] device hsr_slave_1 left promiscuous mode [ 154.711587][ T3643] Bluetooth: hci0: command tx timeout [ 154.719678][ T62] device bridge_slave_1 left promiscuous mode [ 154.726077][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.735245][ T62] device bridge_slave_0 left promiscuous mode [ 154.778723][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.820932][ T62] device veth1_macvtap left promiscuous mode [ 154.827172][ T62] device veth0_macvtap left promiscuous mode [ 154.833475][ T62] device veth1_vlan left promiscuous mode [ 154.839656][ T62] device veth0_vlan left promiscuous mode [ 154.940729][ T3643] Bluetooth: hci3: command tx timeout [ 156.040814][ T62] team0 (unregistering): Port device team_slave_1 removed [ 156.119417][ T62] team0 (unregistering): Port device team_slave_0 removed [ 156.201859][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 156.215877][ T5196] loop2: detected capacity change from 0 to 32768 [ 156.262464][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 156.273489][ T5196] XFS (loop2): Mounting V5 Filesystem [ 156.363771][ T5196] XFS (loop2): Ending clean mount [ 156.413026][ T5196] XFS (loop2): Quotacheck needed: Please wait. [ 156.476045][ T5196] XFS (loop2): Quotacheck: Done. [ 156.508878][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 156.508897][ T26] audit: type=1804 audit(1728044438.544:414): pid=5196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.476" name="/newroot/18/file0/bus" dev="loop2" ino=9291 res=1 errno=0 [ 156.549266][ T26] audit: type=1804 audit(1728044438.554:415): pid=5196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.476" name="/newroot/18/file0/bus" dev="loop2" ino=9291 res=1 errno=0 [ 156.573957][ T26] audit: type=1804 audit(1728044438.554:416): pid=5196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.476" name="/newroot/18/file0/bus" dev="loop2" ino=9291 res=1 errno=0 [ 156.614122][ T4824] XFS (loop2): Unmounting Filesystem [ 156.794760][ T3643] Bluetooth: hci0: command tx timeout [ 157.026702][ T3657] Bluetooth: hci3: command tx timeout [ 157.146121][ T62] bond0 (unregistering): Released all slaves [ 157.272588][ T5208] device vlan2 entered promiscuous mode [ 157.278252][ T5208] device bond0 entered promiscuous mode [ 157.288402][ T5208] device bond_slave_0 entered promiscuous mode [ 157.294840][ T5208] device bond_slave_1 entered promiscuous mode [ 157.308140][ T5208] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready [ 157.317111][ T5208] device bond0 left promiscuous mode [ 157.330292][ T5208] device bond_slave_0 left promiscuous mode [ 157.336382][ T5208] device bond_slave_1 left promiscuous mode [ 157.433831][ T5154] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.460477][ T5154] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.468929][ T5154] device bridge_slave_0 entered promiscuous mode [ 157.534295][ T5154] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.542481][ T5154] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.558104][ T5154] device bridge_slave_1 entered promiscuous mode [ 157.830422][ T3643] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0 [ 157.839768][ T3643] Bluetooth: hci6: Injecting HCI hardware error event [ 157.850738][ T3657] Bluetooth: hci6: hardware error 0x00 [ 157.960512][ T26] audit: type=1326 audit(1728044439.984:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5212 comm="syz.2.480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 158.014805][ T5154] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 158.294292][ T5154] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 158.303843][ T26] audit: type=1326 audit(1728044440.044:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5212 comm="syz.2.480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 158.416979][ T26] audit: type=1326 audit(1728044440.094:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5212 comm="syz.2.480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 158.441868][ T26] audit: type=1326 audit(1728044440.104:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5212 comm="syz.2.480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 158.466704][ T26] audit: type=1326 audit(1728044440.114:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5212 comm="syz.2.480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 158.489407][ T26] audit: type=1326 audit(1728044440.114:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5212 comm="syz.2.480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 158.515445][ T26] audit: type=1326 audit(1728044440.114:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5212 comm="syz.2.480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 158.521583][ T5154] team0: Port device team_slave_0 added [ 158.579002][ T5154] team0: Port device team_slave_1 added [ 158.695711][ T5154] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 158.707528][ T5154] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.742025][ T5154] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 158.757415][ T5154] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 158.764784][ T5154] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.792548][ T5154] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 158.860459][ T3643] Bluetooth: hci0: command tx timeout [ 158.890715][ T4251] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 159.111737][ T3643] Bluetooth: hci3: command tx timeout [ 159.439000][ T5154] device hsr_slave_0 entered promiscuous mode [ 159.455555][ T5154] device hsr_slave_1 entered promiscuous mode [ 159.466167][ T5154] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 159.477805][ T5154] Cannot create hsr debugfs directory [ 159.522843][ T4251] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 159.555667][ T4251] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.583004][ T4251] usb 1-1: Product: syz [ 159.599732][ T4251] usb 1-1: Manufacturer: syz [ 159.608124][ T4251] usb 1-1: SerialNumber: syz [ 159.662793][ T4251] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 159.707826][ T5225] loop2: detected capacity change from 0 to 512 [ 159.715198][ T5225] EXT4-fs: Ignoring removed nobh option [ 159.721292][ T5225] EXT4-fs: Ignoring removed nobh option [ 159.727781][ T5225] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 159.761233][ T5225] EXT4-fs (loop2): failed to initialize system zone (-117) [ 159.769275][ T5225] EXT4-fs (loop2): mount failed [ 159.900679][ T3657] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 159.962698][ T5230] loop1: detected capacity change from 0 to 128 [ 160.144197][ T5230] syz.1.486: attempt to access beyond end of device [ 160.144197][ T5230] loop1: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 160.176612][ T5230] syz.1.486[5230] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 160.176738][ T5230] syz.1.486[5230] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 160.238762][ T5237] netlink: 16 bytes leftover after parsing attributes in process `syz.2.489'. [ 160.268235][ T5237] bond0: (slave bond_slave_0): Slave does not support ipsec offload [ 160.268794][ T5230] syz.1.486: attempt to access beyond end of device [ 160.268794][ T5230] loop1: rw=0, sector=177, nr_sectors = 1 limit=128 [ 160.312530][ T4251] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 160.365949][ T5229] syz.1.486: attempt to access beyond end of device [ 160.365949][ T5229] loop1: rw=0, sector=177, nr_sectors = 1 limit=128 [ 160.376492][ T5116] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 160.398062][ T5229] Buffer I/O error on dev loop1, logical block 177, async page read [ 160.419956][ T5116] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 160.420050][ T5229] syz.1.486: attempt to access beyond end of device [ 160.420050][ T5229] loop1: rw=0, sector=178, nr_sectors = 1 limit=128 [ 160.448649][ T5229] Buffer I/O error on dev loop1, logical block 178, async page read [ 160.451425][ T5116] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 160.457525][ T5229] syz.1.486: attempt to access beyond end of device [ 160.457525][ T5229] loop1: rw=0, sector=179, nr_sectors = 1 limit=128 [ 160.478108][ T5229] Buffer I/O error on dev loop1, logical block 179, async page read [ 160.489844][ T5116] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 160.497864][ T5229] syz.1.486: attempt to access beyond end of device [ 160.497864][ T5229] loop1: rw=0, sector=180, nr_sectors = 1 limit=128 [ 160.515082][ T5229] Buffer I/O error on dev loop1, logical block 180, async page read [ 160.531303][ T5154] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 160.538896][ T5229] syz.1.486: attempt to access beyond end of device [ 160.538896][ T5229] loop1: rw=0, sector=181, nr_sectors = 1 limit=128 [ 160.552757][ T5229] Buffer I/O error on dev loop1, logical block 181, async page read [ 160.561213][ T5229] syz.1.486: attempt to access beyond end of device [ 160.561213][ T5229] loop1: rw=0, sector=182, nr_sectors = 1 limit=128 [ 160.567444][ T5154] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 160.584004][ T5229] Buffer I/O error on dev loop1, logical block 182, async page read [ 160.595118][ T5229] syz.1.486: attempt to access beyond end of device [ 160.595118][ T5229] loop1: rw=0, sector=183, nr_sectors = 1 limit=128 [ 160.615365][ T7] usb 1-1: USB disconnect, device number 4 [ 160.627837][ T5229] Buffer I/O error on dev loop1, logical block 183, async page read [ 160.636286][ T5229] syz.1.486: attempt to access beyond end of device [ 160.636286][ T5229] loop1: rw=0, sector=184, nr_sectors = 1 limit=128 [ 160.649481][ T5154] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 160.656995][ T5229] Buffer I/O error on dev loop1, logical block 184, async page read [ 160.665437][ T5229] Buffer I/O error on dev loop1, logical block 177, async page read [ 160.678269][ T5154] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 160.698643][ T5229] Buffer I/O error on dev loop1, logical block 178, async page read [ 160.821232][ T5116] 8021q: adding VLAN 0 to HW filter on device bond0 [ 160.928366][ T5116] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.936050][ T3863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 160.956302][ T3657] Bluetooth: hci0: command tx timeout [ 160.965182][ T3863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.986889][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 161.002243][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 161.303538][ T33] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.310802][ T33] bridge0: port 1(bridge_slave_0) entered forwarding state [ 161.350705][ T4251] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 161.376829][ T4251] ath9k_htc: Failed to initialize the device [ 161.545996][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 161.657148][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 161.699895][ T33] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.707121][ T33] bridge0: port 2(bridge_slave_1) entered forwarding state [ 161.785243][ T7] usb 1-1: ath9k_htc: USB layer deinitialized [ 161.795977][ T5154] 8021q: adding VLAN 0 to HW filter on device bond0 [ 161.824082][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 161.848938][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 161.873017][ T5252] netlink: 8 bytes leftover after parsing attributes in process `syz.2.495'. [ 161.900488][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 161.912128][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 161.921839][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 161.931630][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 161.950840][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 161.977521][ T5252] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 161.979751][ T5154] 8021q: adding VLAN 0 to HW filter on device team0 [ 162.006974][ T5255] ipt_CLUSTERIP: Please specify destination IP [ 162.019630][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 162.022729][ T5252] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 162.030638][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 162.045559][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 162.072320][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 162.098336][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 162.136448][ T5116] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 162.152792][ T5116] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 162.173943][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 162.183973][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 162.193046][ T33] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.200188][ T33] bridge0: port 1(bridge_slave_0) entered forwarding state [ 162.209949][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 162.222335][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 162.231280][ T33] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.238467][ T33] bridge0: port 2(bridge_slave_1) entered forwarding state [ 162.255787][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 162.264906][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 162.387733][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 162.399203][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 162.411152][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 162.432610][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 162.453386][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 162.484026][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 162.503179][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 162.534697][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 162.561229][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 162.577971][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 162.612219][ T5154] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 162.656098][ T5154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 162.702834][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 162.737727][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 163.668108][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 163.676735][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 163.734019][ T5116] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 163.755072][ T5290] ALSA: seq fatal error: cannot create timer (-22) [ 163.916713][ T26] kauditd_printk_skb: 30 callbacks suppressed [ 163.916732][ T26] audit: type=1326 audit(1728044445.954:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5296 comm="syz.2.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 163.943546][ T5298] netlink: 12 bytes leftover after parsing attributes in process `syz.1.509'. [ 163.990342][ T26] audit: type=1326 audit(1728044445.954:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5296 comm="syz.2.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 164.057045][ T26] audit: type=1326 audit(1728044446.004:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5296 comm="syz.2.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 164.124287][ T26] audit: type=1326 audit(1728044446.004:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5296 comm="syz.2.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 164.137312][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 164.180699][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 164.192931][ T26] audit: type=1326 audit(1728044446.004:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5296 comm="syz.2.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 164.196840][ T5154] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 164.272895][ T26] audit: type=1326 audit(1728044446.014:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5296 comm="syz.2.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 164.331287][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 164.355003][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 164.365554][ T26] audit: type=1326 audit(1728044446.014:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5296 comm="syz.2.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 164.447428][ T5154] device veth0_vlan entered promiscuous mode [ 164.481807][ T5154] device veth1_vlan entered promiscuous mode [ 164.551566][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 164.591902][ T26] audit: type=1326 audit(1728044446.014:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5296 comm="syz.2.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 164.630851][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 164.689076][ T26] audit: type=1326 audit(1728044446.024:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5296 comm="syz.2.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 164.916036][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 165.111554][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 165.149117][ T26] audit: type=1326 audit(1728044446.024:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5296 comm="syz.2.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 165.331742][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 165.401015][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 165.496024][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 165.531825][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 165.567371][ T5154] device veth0_macvtap entered promiscuous mode [ 165.617125][ T5154] device veth1_macvtap entered promiscuous mode [ 165.659115][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 165.672112][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 165.703134][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 165.720614][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 165.774696][ T5154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 165.792744][ T5154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.809251][ T5154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 165.823075][ T5154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.824316][ T5334] loop1: detected capacity change from 0 to 2048 [ 165.838363][ T5154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 165.850327][ T5154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.863466][ T5154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 165.874417][ T5154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.887321][ T5154] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 165.888047][ T5334] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 165.913832][ T5116] device veth0_vlan entered promiscuous mode [ 165.924624][ T3714] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 165.937468][ T3714] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 165.949400][ T3714] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 165.963725][ T3714] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 165.981883][ T5154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 166.010138][ T5154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.030597][ T5154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 166.058780][ T5154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.075187][ T5154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 166.087613][ T5154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.098210][ T5154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 166.109646][ T5154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.121639][ T5154] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 166.124567][ T4907] EXT4-fs (loop1): unmounting filesystem. [ 166.134404][ T5154] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 166.143642][ T5154] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 166.154670][ T5154] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 166.163490][ T5154] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 166.182802][ T3714] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 166.195670][ T3714] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 166.215967][ T3714] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 166.235256][ T3714] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 166.259675][ T5116] device veth1_vlan entered promiscuous mode [ 166.349005][ T3943] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 166.381109][ T3943] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 166.395819][ T5116] device veth0_macvtap entered promiscuous mode [ 166.414390][ T3943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 166.432924][ T3943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 166.450930][ T3945] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 166.466688][ T5116] device veth1_macvtap entered promiscuous mode [ 166.482691][ T3945] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 166.502013][ T3943] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 166.511665][ T3943] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 166.538246][ T3943] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 166.588898][ T3943] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 166.608567][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 166.625989][ T3943] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 166.643424][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.664608][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 166.677224][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.692843][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 166.734758][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.779140][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 166.809742][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.837366][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 166.867192][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.894995][ T5116] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 166.932216][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 166.941708][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 166.958698][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 167.012517][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 167.032676][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.043316][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 167.054944][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.083300][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 167.100694][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.120456][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 167.140313][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.152516][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 167.175231][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.225763][ T5116] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 167.261706][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 167.286163][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 167.321290][ T5116] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.330177][ T5116] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.377533][ T5116] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.402898][ T5116] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.972144][ T5426] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 168.091198][ T5426] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 168.214765][ T3699] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 168.221124][ T5415] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 168.244502][ T3699] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 168.271640][ T5431] hub 2-0:1.0: USB hub found [ 168.288934][ T5431] hub 2-0:1.0: 1 port detected [ 168.297569][ T3699] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 168.375898][ T5431] sg_write: data in/out 18/14 bytes for SCSI command 0x4-- guessing data in; [ 168.375898][ T5431] program syz.0.539 not setting count and/or reply_len properly [ 168.687677][ T5451] netlink: 4 bytes leftover after parsing attributes in process `syz.4.548'. [ 168.697977][ T5451] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 168.705658][ T5451] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 168.715673][ T5451] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 168.725416][ T5451] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 169.941173][ T26] kauditd_printk_skb: 29 callbacks suppressed [ 169.941190][ T26] audit: type=1326 audit(1728044451.984:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5469 comm="syz.4.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c8017dff9 code=0x7ffc0000 [ 169.980821][ T26] audit: type=1326 audit(1728044452.004:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5469 comm="syz.4.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f8c8017dff9 code=0x7ffc0000 [ 170.097455][ T26] audit: type=1326 audit(1728044452.004:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5469 comm="syz.4.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c8017dff9 code=0x7ffc0000 [ 170.171402][ T26] audit: type=1326 audit(1728044452.014:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5469 comm="syz.4.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c8017dff9 code=0x7ffc0000 [ 170.260066][ T5483] device sit0 entered promiscuous mode [ 170.298618][ T5483] netlink: 'syz.3.561': attribute type 1 has an invalid length. [ 170.338444][ T5489] loop2: detected capacity change from 0 to 128 [ 170.338617][ T5483] netlink: 1 bytes leftover after parsing attributes in process `syz.3.561'. [ 170.355987][ T5489] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 170.410362][ T26] audit: type=1804 audit(1728044452.444:497): pid=5489 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.564" name="/newroot/48/file0/file0" dev="loop2" ino=1048649 res=1 errno=0 [ 170.529807][ T5426] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 170.748479][ T5506] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 170.835486][ T26] audit: type=1326 audit(1728044452.874:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5510 comm="syz.2.573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 170.859786][ T26] audit: type=1326 audit(1728044452.904:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5510 comm="syz.2.573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 170.885073][ T26] audit: type=1326 audit(1728044452.924:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5510 comm="syz.2.573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 170.915631][ T26] audit: type=1326 audit(1728044452.954:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5510 comm="syz.2.573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 170.970599][ T26] audit: type=1326 audit(1728044452.954:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5510 comm="syz.2.573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 171.052587][ T5517] netlink: 20 bytes leftover after parsing attributes in process `syz.1.575'. [ 171.367943][ T5531] loop2: detected capacity change from 0 to 512 [ 171.413382][ T5531] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 171.468867][ T5531] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e12c, mo2=0002] [ 171.517342][ T5531] EXT4-fs (loop2): orphan cleanup on readonly fs [ 171.592211][ T5544] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 171.594936][ T5531] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.583: bg 0: block 361: padding at end of block bitmap is not set [ 171.654949][ T5531] EXT4-fs (loop2): Remounting filesystem read-only [ 171.674996][ T5531] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6172: Corrupt filesystem [ 171.716267][ T5531] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #11: comm syz.2.583: attempt to clear invalid blocks 33619980 len 1 [ 171.744534][ T5531] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.583: invalid indirect mapped block 1811939328 (level 0) [ 171.764348][ T5531] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.583: invalid indirect mapped block 2185560079 (level 1) [ 171.779423][ T5531] EXT4-fs (loop2): 1 truncate cleaned up [ 171.785202][ T5531] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 171.857412][ T5552] loop1: detected capacity change from 0 to 128 [ 171.919570][ T5531] EXT4-fs warning (device loop2): dx_probe:893: inode #2: comm syz.2.583: dx entry: limit 0 != root limit 125 [ 171.968650][ T5531] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.583: Corrupt directory, running e2fsck is recommended [ 171.988539][ T5553] bio_check_eod: 152 callbacks suppressed [ 171.988561][ T5553] syz.1.593: attempt to access beyond end of device [ 171.988561][ T5553] loop1: rw=2049, sector=145, nr_sectors = 624 limit=128 [ 172.014198][ T5552] syz.1.593[5552] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 172.014325][ T5552] syz.1.593[5552] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 172.070798][ T4824] EXT4-fs (loop2): unmounting filesystem. [ 172.096406][ T5550] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.156450][ T5552] syz.1.593: attempt to access beyond end of device [ 172.156450][ T5552] loop1: rw=0, sector=177, nr_sectors = 1 limit=128 [ 172.192501][ T5551] syz.1.593: attempt to access beyond end of device [ 172.192501][ T5551] loop1: rw=0, sector=177, nr_sectors = 1 limit=128 [ 172.224808][ T5551] buffer_io_error: 150 callbacks suppressed [ 172.224830][ T5551] Buffer I/O error on dev loop1, logical block 177, async page read [ 172.228697][ T5556] loop3: detected capacity change from 0 to 4096 [ 172.243937][ T5551] syz.1.593: attempt to access beyond end of device [ 172.243937][ T5551] loop1: rw=0, sector=178, nr_sectors = 1 limit=128 [ 172.268954][ T5550] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.284112][ T5551] Buffer I/O error on dev loop1, logical block 178, async page read [ 172.300441][ T5551] syz.1.593: attempt to access beyond end of device [ 172.300441][ T5551] loop1: rw=0, sector=179, nr_sectors = 1 limit=128 [ 172.315320][ T5551] Buffer I/O error on dev loop1, logical block 179, async page read [ 172.337136][ T5562] loop2: detected capacity change from 0 to 16 [ 172.347110][ T5551] syz.1.593: attempt to access beyond end of device [ 172.347110][ T5551] loop1: rw=0, sector=180, nr_sectors = 1 limit=128 [ 172.347365][ T5556] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 172.369865][ T5562] erofs: (device loop2): mounted with root inode @ nid 36. [ 172.379918][ T5551] Buffer I/O error on dev loop1, logical block 180, async page read [ 172.399818][ T5550] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.420631][ T5551] syz.1.593: attempt to access beyond end of device [ 172.420631][ T5551] loop1: rw=0, sector=181, nr_sectors = 1 limit=128 [ 172.434091][ T5551] Buffer I/O error on dev loop1, logical block 181, async page read [ 172.442213][ T5551] syz.1.593: attempt to access beyond end of device [ 172.442213][ T5551] loop1: rw=0, sector=182, nr_sectors = 1 limit=128 [ 172.457461][ T5551] Buffer I/O error on dev loop1, logical block 182, async page read [ 172.467995][ T5551] syz.1.593: attempt to access beyond end of device [ 172.467995][ T5551] loop1: rw=0, sector=183, nr_sectors = 1 limit=128 [ 172.482199][ T5551] Buffer I/O error on dev loop1, logical block 183, async page read [ 172.490438][ T5551] syz.1.593: attempt to access beyond end of device [ 172.490438][ T5551] loop1: rw=0, sector=184, nr_sectors = 1 limit=128 [ 172.503941][ T5551] Buffer I/O error on dev loop1, logical block 184, async page read [ 172.526348][ T5551] Buffer I/O error on dev loop1, logical block 177, async page read [ 172.553150][ T5551] Buffer I/O error on dev loop1, logical block 178, async page read [ 173.358456][ T5550] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.361818][ T5154] EXT4-fs (loop3): unmounting filesystem. [ 173.580975][ T5570] 9pnet: Could not find request transport: r [ 173.607014][ T5550] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.646559][ T5550] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.707333][ T5576] loop4: detected capacity change from 0 to 512 [ 173.742717][ T5550] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.789828][ T5550] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.825674][ T5576] EXT4-fs (loop4): too many log groups per flexible block group [ 173.899034][ T5586] overlayfs: missing 'lowerdir' [ 174.024102][ T5576] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 174.107849][ T5576] EXT4-fs (loop4): mount failed [ 174.495328][ T5588] can0: slcan on ttyS3. [ 174.615909][ T5590] can0 (unregistered): slcan off ttyS3. [ 176.026346][ T5626] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 176.160311][ T5628] netlink: 12 bytes leftover after parsing attributes in process `syz.2.616'. [ 176.336726][ T5637] loop2: detected capacity change from 0 to 1024 [ 176.344114][ T5637] EXT4-fs: Ignoring removed orlov option [ 176.376254][ T5637] EXT4-fs: Ignoring removed nomblk_io_submit option [ 176.409866][ T5638] overlayfs: missing 'lowerdir' [ 176.680894][ T5637] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a802e018, mo2=0002] [ 176.815457][ T5637] System zones: 0-1, 3-12 [ 176.961404][ T5637] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 177.156723][ T4824] EXT4-fs (loop2): unmounting filesystem. [ 177.315591][ T26] kauditd_printk_skb: 49 callbacks suppressed [ 177.315608][ T26] audit: type=1326 audit(1728044459.354:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5649 comm="syz.2.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 177.356704][ T26] audit: type=1326 audit(1728044459.394:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5649 comm="syz.2.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 177.464216][ T26] audit: type=1326 audit(1728044459.394:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5649 comm="syz.2.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 177.532876][ T26] audit: type=1326 audit(1728044459.394:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5649 comm="syz.2.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 177.555799][ T26] audit: type=1326 audit(1728044459.394:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5649 comm="syz.2.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 177.579453][ T26] audit: type=1326 audit(1728044459.394:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5649 comm="syz.2.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 178.193562][ T26] audit: type=1326 audit(1728044459.434:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5649 comm="syz.2.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 178.231591][ T5661] netlink: 24 bytes leftover after parsing attributes in process `syz.3.627'. [ 178.326277][ T26] audit: type=1326 audit(1728044459.434:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5649 comm="syz.2.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 178.449589][ T26] audit: type=1326 audit(1728044459.434:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5649 comm="syz.2.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 178.528395][ T26] audit: type=1326 audit(1728044459.444:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5649 comm="syz.2.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 178.778387][ T5652] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 178.846151][ T5652] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 178.879127][ T5652] bond0 (unregistering): Released all slaves [ 178.959409][ T5681] overlayfs: missing 'lowerdir' [ 179.800537][ T5691] loop4: detected capacity change from 0 to 16 [ 179.820806][ T5691] erofs: (device loop4): mounted with root inode @ nid 36. [ 179.937302][ T5675] syz.1.634[5675] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 179.937451][ T5675] syz.1.634[5675] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 179.987354][ T5675] netlink: 64 bytes leftover after parsing attributes in process `syz.1.634'. [ 180.140554][ T5701] bio_check_eod: 154 callbacks suppressed [ 180.140575][ T5701] syz.4.639: attempt to access beyond end of device [ 180.140575][ T5701] loop4: rw=0, sector=8, nr_sectors = 32 limit=16 [ 180.168744][ T5701] syz.4.639: attempt to access beyond end of device [ 180.168744][ T5701] loop4: rw=0, sector=8, nr_sectors = 32 limit=16 [ 180.957022][ T5707] loop2: detected capacity change from 0 to 512 [ 180.999888][ T5707] EXT4-fs error (device loop2): ext4_acquire_dquot:6800: comm syz.2.646: Failed to acquire dquot type 1 [ 181.029774][ T5707] EXT4-fs (loop2): 1 truncate cleaned up [ 181.138940][ T5707] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 181.190788][ T5707] ext4 filesystem being mounted at /65/file0 supports timestamps until 2038 (0x7fffffff) [ 181.278039][ T5707] EXT4-fs error (device loop2): ext4_acquire_dquot:6800: comm syz.2.646: Failed to acquire dquot type 1 [ 181.393896][ T5728] overlayfs: missing 'lowerdir' [ 181.696613][ T4824] EXT4-fs (loop2): unmounting filesystem. [ 182.949543][ T5745] loop2: detected capacity change from 0 to 16 [ 182.982185][ T5745] erofs: (device loop2): mounted with root inode @ nid 36. [ 183.046188][ T4253] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x4 [ 183.242091][ T4253] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x2 [ 183.250450][ T4253] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 183.258239][ T4253] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 183.268583][ T4253] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 183.276449][ T4253] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 183.284220][ T4253] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 183.297473][ T4253] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 183.305338][ T4253] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 183.314367][ T4253] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 183.346913][ T4253] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 183.374683][ T5757] syz.2.655: attempt to access beyond end of device [ 183.374683][ T5757] loop2: rw=0, sector=8, nr_sectors = 32 limit=16 [ 183.394162][ T5757] syz.2.655: attempt to access beyond end of device [ 183.394162][ T5757] loop2: rw=0, sector=8, nr_sectors = 32 limit=16 [ 183.446607][ T4253] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 183.458857][ T4253] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 183.467102][ T4253] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 183.483117][ T4253] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 183.563391][ T4253] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 183.576709][ T4253] hid-generic 0000:3000000:0000.0002: hidraw0: HID v0.00 Device [sy] on syz0 [ 183.904487][ T5766] loop1: detected capacity change from 0 to 1024 [ 183.957460][ T5766] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 184.031794][ T5766] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 184.089505][ T5766] syz.1.665[5766] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 184.089622][ T5766] syz.1.665[5766] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 184.410482][ T5779] overlayfs: missing 'lowerdir' [ 186.043129][ T4907] EXT4-fs (loop1): unmounting filesystem. [ 186.070508][ T3656] Bluetooth: hci2: command 0x0406 tx timeout [ 186.077590][ T3656] Bluetooth: hci4: command 0x0406 tx timeout [ 186.294353][ T26] kauditd_printk_skb: 77 callbacks suppressed [ 186.294372][ T26] audit: type=1326 audit(1728044468.334:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5793 comm="syz.1.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 186.396843][ T26] audit: type=1326 audit(1728044468.384:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5793 comm="syz.1.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 186.494328][ T26] audit: type=1326 audit(1728044468.384:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5793 comm="syz.1.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 186.574769][ T26] audit: type=1326 audit(1728044468.384:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5793 comm="syz.1.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 186.658110][ T26] audit: type=1326 audit(1728044468.384:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5793 comm="syz.1.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 186.751299][ T26] audit: type=1326 audit(1728044468.384:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5793 comm="syz.1.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 186.836410][ T26] audit: type=1326 audit(1728044468.384:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5793 comm="syz.1.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 186.884855][ T5814] loop1: detected capacity change from 0 to 2048 [ 186.916879][ T26] audit: type=1326 audit(1728044468.384:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5793 comm="syz.1.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 186.990057][ T26] audit: type=1326 audit(1728044468.384:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5793 comm="syz.1.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 187.050338][ T26] audit: type=1326 audit(1728044468.384:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5793 comm="syz.1.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 187.226888][ T5814] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 187.914254][ T5814] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 188.014616][ T5814] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 4 with max blocks 28 with error 28 [ 188.040413][ T5839] syz.4.691[5839] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 188.040523][ T5839] syz.4.691[5839] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 188.078236][ T5839] loop4: detected capacity change from 0 to 512 [ 188.080408][ T5814] EXT4-fs (loop1): This should not happen!! Data will be lost [ 188.080408][ T5814] [ 188.112394][ T5814] EXT4-fs (loop1): Total free blocks count 0 [ 188.144701][ T5814] EXT4-fs (loop1): Free/Dirty block details [ 188.161166][ T5814] EXT4-fs (loop1): free_blocks=2415919104 [ 188.169604][ T5839] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 188.177310][ T5814] EXT4-fs (loop1): dirty_blocks=32 [ 188.193877][ T5814] EXT4-fs (loop1): Block reservation details [ 188.197622][ T5839] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038 (0x7fffffff) [ 188.200105][ T5814] EXT4-fs (loop1): i_reserved_data_blocks=2 [ 188.214223][ T5847] Illegal XDP return value 4294967274 on prog (id 332) dev N/A, expect packet loss! [ 188.229156][ T5811] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28 [ 188.284766][ T5839] EXT4-fs error (device loop4): ext4_do_update_inode:5224: inode #2: comm syz.4.691: corrupted inode contents [ 188.348560][ T5839] EXT4-fs (loop4): Remounting filesystem read-only [ 188.363536][ T5839] EXT4-fs error (device loop4): ext4_dirty_inode:6086: inode #2: comm syz.4.691: mark_inode_dirty error [ 188.396341][ T5839] EXT4-fs error (device loop4): ext4_do_update_inode:5224: inode #2: comm syz.4.691: corrupted inode contents [ 188.427875][ T5839] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz.4.691: mark_inode_dirty error [ 188.526408][ T5116] EXT4-fs (loop4): unmounting filesystem. [ 188.642884][ T5861] loop2: detected capacity change from 0 to 1024 [ 188.664377][ T5861] EXT4-fs: Ignoring removed oldalloc option [ 188.727690][ T5861] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a802c018, mo2=0002] [ 188.743872][ T5861] System zones: 0-1, 3-12 [ 188.749418][ T5861] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 188.761650][ T5861] syz.2.698[5861] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 188.761757][ T5861] syz.2.698[5861] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 188.995993][ T5861] netlink: 4 bytes leftover after parsing attributes in process `syz.2.698'. [ 189.032641][ T5876] xt_TPROXY: Can be used only with -p tcp or -p udp [ 189.991362][ T4824] EXT4-fs (loop2): unmounting filesystem. [ 190.033242][ T5882] can0: slcan on ttyS3. [ 190.216091][ T5875] can0 (unregistered): slcan off ttyS3. [ 190.305253][ T5897] netlink: 4 bytes leftover after parsing attributes in process `syz.4.708'. [ 190.517878][ T5907] tipc: Started in network mode [ 190.537970][ T5907] tipc: Node identity 7a2919472f22, cluster identity 4711 [ 190.552067][ T5907] tipc: Enabled bearer , priority 7 [ 190.733212][ T5913] loop2: detected capacity change from 0 to 128 [ 191.678045][ T4245] tipc: Node number set to 1426790727 [ 191.688314][ T26] kauditd_printk_skb: 130 callbacks suppressed [ 191.688331][ T26] audit: type=1326 audit(1728044473.724:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5914 comm="syz.0.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2c4ef7dff9 code=0x7ffc0000 [ 191.737684][ T26] audit: type=1326 audit(1728044473.724:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5914 comm="syz.0.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c4ef7dff9 code=0x7ffc0000 [ 191.765553][ T26] audit: type=1326 audit(1728044473.724:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5914 comm="syz.0.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c4ef7dff9 code=0x7ffc0000 [ 191.800782][ T26] audit: type=1326 audit(1728044473.754:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5914 comm="syz.0.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2c4ef7dff9 code=0x7ffc0000 [ 191.942457][ T26] audit: type=1326 audit(1728044473.754:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5914 comm="syz.0.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c4ef7dff9 code=0x7ffc0000 [ 192.039299][ T26] audit: type=1326 audit(1728044473.754:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5914 comm="syz.0.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c4ef7dff9 code=0x7ffc0000 [ 192.104822][ T26] audit: type=1326 audit(1728044473.764:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5914 comm="syz.0.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2c4ef7dff9 code=0x7ffc0000 [ 192.210670][ T26] audit: type=1326 audit(1728044473.774:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5914 comm="syz.0.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c4ef7dff9 code=0x7ffc0000 [ 192.295886][ T26] audit: type=1326 audit(1728044473.774:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5914 comm="syz.0.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c4ef7dff9 code=0x7ffc0000 [ 192.380306][ T26] audit: type=1326 audit(1728044473.784:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5914 comm="syz.0.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2c4ef7dff9 code=0x7ffc0000 [ 193.900603][ T3643] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 193.909594][ T3643] Bluetooth: hci3: Injecting HCI hardware error event [ 193.919462][ T3643] Bluetooth: hci3: hardware error 0x00 [ 194.222251][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.228596][ T1272] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.216991][ T5943] netlink: 4 bytes leftover after parsing attributes in process `syz.3.729'. [ 195.232908][ T5943] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 195.245690][ T5943] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 195.256400][ T5943] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 195.267657][ T5943] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 195.460073][ T5952] qrtr: Invalid version 27 [ 195.584392][ T27] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 196.478518][ T3643] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 196.485351][ T3643] Bluetooth: hci7: Controller not accepting commands anymore: ncmd = 0 [ 196.501581][ T3643] Bluetooth: hci7: Injecting HCI hardware error event [ 196.509407][ T3643] Bluetooth: hci7: hardware error 0x00 [ 196.935152][ T27] usb 5-1: device not accepting address 2, error -71 [ 197.019197][ T26] kauditd_printk_skb: 30 callbacks suppressed [ 197.019211][ T26] audit: type=1326 audit(1728044479.054:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.1.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 197.084078][ T26] audit: type=1326 audit(1728044479.064:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.1.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 197.113504][ T26] audit: type=1326 audit(1728044479.104:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.1.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 197.144945][ T26] audit: type=1326 audit(1728044479.104:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.1.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 197.175626][ T26] audit: type=1326 audit(1728044479.104:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.1.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 197.207375][ T26] audit: type=1326 audit(1728044479.104:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.1.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 197.244953][ T26] audit: type=1326 audit(1728044479.104:820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.1.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 197.276963][ T26] audit: type=1326 audit(1728044479.104:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.1.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 197.315726][ T26] audit: type=1326 audit(1728044479.104:822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.1.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 197.404856][ T26] audit: type=1326 audit(1728044479.104:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.1.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 197.624532][ T5990] syz.1.747 uses obsolete (PF_INET,SOCK_PACKET) [ 198.346878][ T6002] loop3: detected capacity change from 0 to 512 [ 198.418030][ T6002] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 198.429211][ T6002] ext4 filesystem being mounted at /46/bus supports timestamps until 2038 (0x7fffffff) [ 198.620419][ T3643] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 198.647604][ T5154] EXT4-fs (loop3): unmounting filesystem. [ 200.828645][ T6056] loop4: detected capacity change from 0 to 2048 [ 201.025013][ T6066] netlink: 4 bytes leftover after parsing attributes in process `syz.2.773'. [ 201.058511][ T6066] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 201.078815][ T6066] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 201.411459][ T6066] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 201.522205][ T6066] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 202.574448][ T6088] netlink: 'syz.2.783': attribute type 10 has an invalid length. [ 202.669370][ T6091] loop3: detected capacity change from 0 to 1024 [ 202.698934][ T6088] team0: Port device netdevsim0 added [ 202.741125][ T6091] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 202.823567][ T6098] netlink: 'syz.2.783': attribute type 10 has an invalid length. [ 202.843278][ T6098] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 202.936259][ T6098] team0: Failed to send options change via netlink (err -105) [ 202.948070][ T5154] EXT4-fs (loop3): unmounting filesystem. [ 202.963438][ T6098] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 202.998651][ T6098] team0: Port device netdevsim0 removed [ 203.348106][ T6126] netlink: 4 bytes leftover after parsing attributes in process `syz.2.794'. [ 203.681828][ T6139] loop3: detected capacity change from 0 to 512 [ 203.696830][ T6139] EXT4-fs: Ignoring removed oldalloc option [ 203.736760][ T6139] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 203.849823][ T6139] EXT4-fs (loop3): 1 truncate cleaned up [ 203.864780][ T6139] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 204.258736][ T6148] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280 [ 204.361821][ T5154] EXT4-fs (loop3): unmounting filesystem. [ 204.834512][ T26] kauditd_printk_skb: 38 callbacks suppressed [ 204.834530][ T26] audit: type=1326 audit(1728044486.874:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6152 comm="syz.3.804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17a697dff9 code=0x7ffc0000 [ 204.945678][ T26] audit: type=1326 audit(1728044486.874:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6152 comm="syz.3.804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f17a697dff9 code=0x7ffc0000 [ 205.010351][ T26] audit: type=1326 audit(1728044486.874:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6152 comm="syz.3.804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17a697dff9 code=0x7ffc0000 [ 205.080263][ T26] audit: type=1326 audit(1728044486.874:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6152 comm="syz.3.804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f17a697dff9 code=0x7ffc0000 [ 205.144333][ T26] audit: type=1326 audit(1728044486.884:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6152 comm="syz.3.804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17a697dff9 code=0x7ffc0000 [ 205.214259][ T26] audit: type=1326 audit(1728044486.884:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6152 comm="syz.3.804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f17a697dff9 code=0x7ffc0000 [ 205.289584][ T26] audit: type=1326 audit(1728044486.884:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6152 comm="syz.3.804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17a697dff9 code=0x7ffc0000 [ 205.370345][ T26] audit: type=1326 audit(1728044486.904:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6152 comm="syz.3.804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17a697dff9 code=0x7ffc0000 [ 205.457245][ T26] audit: type=1326 audit(1728044486.994:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6154 comm="syz.2.805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 205.560466][ T26] audit: type=1326 audit(1728044486.994:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6154 comm="syz.2.805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 205.594330][ T6180] netlink: 4 bytes leftover after parsing attributes in process `syz.3.812'. [ 205.925341][ T6191] syz.4.818[6191] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 205.925439][ T6191] syz.4.818[6191] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 206.126811][ T6200] netlink: 20 bytes leftover after parsing attributes in process `syz.3.822'. [ 206.288758][ T6206] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 207.124127][ T6222] netlink: 4 bytes leftover after parsing attributes in process `syz.2.829'. [ 207.534288][ T6234] netlink: 20 bytes leftover after parsing attributes in process `syz.0.834'. [ 208.128400][ T6250] netlink: 12 bytes leftover after parsing attributes in process `syz.0.841'. [ 208.337913][ T6263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.843'. [ 208.844737][ T6285] device bond1 entered promiscuous mode [ 208.854186][ T6285] 8021q: adding VLAN 0 to HW filter on device bond1 [ 209.035398][ T6285] bond1 (unregistering): Released all slaves [ 209.079029][ T6289] loop3: detected capacity change from 0 to 512 [ 209.086261][ T6289] EXT4-fs: Ignoring removed mblk_io_submit option [ 209.095749][ T6289] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 209.104589][ T6258] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 209.112033][ T6258] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 209.142867][ T6258] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 209.160282][ T6258] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 209.170713][ T6258] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 209.202868][ T6258] Bluetooth: hci4: Suspend notifier action (1) failed: -4 [ 209.253229][ T6289] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c118, mo2=0002] [ 209.270076][ T6258] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 209.280377][ T6289] System zones: 1-12 [ 209.285323][ T6258] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 209.293655][ T6258] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 209.301310][ T6258] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 209.304479][ T6289] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2186: inode #15: comm syz.3.852: corrupted in-inode xattr [ 209.308296][ T6258] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 209.329221][ T6289] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.852: couldn't read orphan inode 15 (err -117) [ 209.339937][ T6258] Bluetooth: hci0: Suspend notifier action (1) failed: -4 [ 209.345368][ T6289] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 209.433757][ T5154] EXT4-fs (loop3): unmounting filesystem. [ 209.574118][ T6298] netlink: 4 bytes leftover after parsing attributes in process `syz.0.856'. [ 209.616299][ T6298] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 209.626221][ T6298] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 209.659815][ T6298] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 209.677993][ T6298] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 209.767058][ T6301] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 209.922859][ T6305] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_batadv, syncid = 0, id = 0 [ 209.934114][ T6304] IPVS: stopping master sync thread 6305 ... [ 210.380339][ T3643] Bluetooth: hci2: command 0x0406 tx timeout [ 211.212411][ T3643] Bluetooth: hci4: command 0x0406 tx timeout [ 211.341915][ T3656] Bluetooth: hci1: command 0x0c1a tx timeout [ 211.341963][ T3643] Bluetooth: hci0: command 0x0c1a tx timeout [ 211.889218][ T6361] syz.3.881[6361] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 211.889323][ T6361] syz.3.881[6361] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 211.915520][ T26] kauditd_printk_skb: 71 callbacks suppressed [ 211.915536][ T26] audit: type=1326 audit(1728044493.954:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6360 comm="syz.3.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17a697dff9 code=0x7ffc0000 [ 212.020297][ T26] audit: type=1326 audit(1728044493.994:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6360 comm="syz.3.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7f17a697dff9 code=0x7ffc0000 [ 212.078488][ T26] audit: type=1326 audit(1728044493.994:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6360 comm="syz.3.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17a697dff9 code=0x7ffc0000 [ 212.125770][ T26] audit: type=1326 audit(1728044494.164:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6367 comm="syz.2.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 212.165292][ T6366] loop3: detected capacity change from 0 to 2048 [ 212.180406][ T26] audit: type=1326 audit(1728044494.164:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6367 comm="syz.2.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 212.225205][ T26] audit: type=1326 audit(1728044494.164:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6367 comm="syz.2.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 212.248379][ T26] audit: type=1326 audit(1728044494.164:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6367 comm="syz.2.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 212.276561][ T26] audit: type=1326 audit(1728044494.164:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6367 comm="syz.2.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 212.300640][ T26] audit: type=1326 audit(1728044494.184:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6367 comm="syz.2.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f64cbf7c990 code=0x7ffc0000 [ 212.340077][ T6366] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 212.387561][ T6366] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.883: bg 0: block 234: padding at end of block bitmap is not set [ 212.405634][ T26] audit: type=1326 audit(1728044494.194:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6367 comm="syz.2.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64cbf7dff9 code=0x7ffc0000 [ 212.465707][ T6366] EXT4-fs (loop3): Remounting filesystem read-only [ 212.472818][ T3656] Bluetooth: hci2: command 0x0406 tx timeout [ 212.575476][ T5154] EXT4-fs (loop3): unmounting filesystem. [ 212.716349][ T6380] netlink: 4 bytes leftover after parsing attributes in process `syz.3.888'. [ 213.272570][ T6394] loop3: detected capacity change from 0 to 128 [ 213.285713][ T6394] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 213.301046][ T3656] Bluetooth: hci4: command 0x0406 tx timeout [ 213.335142][ T6394] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 213.483326][ T3643] Bluetooth: hci0: command 0x0c1a tx timeout [ 213.489772][ T3656] Bluetooth: hci1: command 0x0c1a tx timeout [ 214.428175][ T6423] netlink: 12 bytes leftover after parsing attributes in process `syz.2.907'. [ 214.552905][ T6427] loop3: detected capacity change from 0 to 512 [ 214.560135][ T6427] journal_path: Lookup failure for './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' [ 214.587071][ T6427] EXT4-fs: error: could not find journal device path [ 215.855144][ T6445] netlink: 'syz.2.915': attribute type 3 has an invalid length. [ 216.971232][ T3656] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 216.987961][ T3656] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 216.997612][ T3656] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 217.007776][ T3656] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 217.170970][ T3656] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 217.178433][ T3656] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 218.186229][ T26] kauditd_printk_skb: 112 callbacks suppressed [ 218.186247][ T26] audit: type=1326 audit(1728044756.217:1065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6487 comm="syz.3.933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17a697dff9 code=0x7ffc0000 [ 218.264477][ T26] audit: type=1326 audit(1728044756.257:1066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6487 comm="syz.3.933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17a697dff9 code=0x7ffc0000 [ 218.312021][ T26] audit: type=1326 audit(1728044756.257:1067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6487 comm="syz.3.933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f17a697dff9 code=0x7ffc0000 [ 218.337441][ T26] audit: type=1326 audit(1728044756.257:1068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6487 comm="syz.3.933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17a697dff9 code=0x7ffc0000 [ 218.361314][ T26] audit: type=1326 audit(1728044756.257:1069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6487 comm="syz.3.933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17a697dff9 code=0x7ffc0000 [ 218.383794][ T26] audit: type=1326 audit(1728044756.257:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6487 comm="syz.3.933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f17a697c990 code=0x7ffc0000 [ 218.406903][ T26] audit: type=1326 audit(1728044756.257:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6487 comm="syz.3.933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17a697dff9 code=0x7ffc0000 [ 218.429379][ T26] audit: type=1326 audit(1728044756.257:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6487 comm="syz.3.933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17a697dff9 code=0x7ffc0000 [ 218.490267][ T26] audit: type=1326 audit(1728044756.257:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6487 comm="syz.3.933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f17a697dff9 code=0x7ffc0000 [ 218.544486][ T26] audit: type=1326 audit(1728044756.257:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6487 comm="syz.3.933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17a697dff9 code=0x7ffc0000 [ 218.548581][ T6476] chnl_net:caif_netlink_parms(): no params data found [ 218.712292][ T6476] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.728444][ T6476] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.751346][ T6476] device bridge_slave_0 entered promiscuous mode [ 218.773099][ T6476] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.800476][ T6476] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.815368][ T6476] device bridge_slave_1 entered promiscuous mode [ 218.855296][ T6511] netlink: 596 bytes leftover after parsing attributes in process `syz.1.937'. [ 218.904264][ T6476] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 218.936004][ T6476] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.044889][ T6476] team0: Port device team_slave_0 added [ 219.083560][ T6476] team0: Port device team_slave_1 added [ 219.156500][ T6476] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 219.170148][ T6476] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.197756][ T6476] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 219.210969][ T6476] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 219.218013][ T6476] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.260497][ T3656] Bluetooth: hci8: command tx timeout [ 219.284151][ T6476] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 219.404740][ T6476] device hsr_slave_0 entered promiscuous mode [ 219.431786][ T6476] device hsr_slave_1 entered promiscuous mode [ 219.438950][ T6476] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 219.447308][ T6476] Cannot create hsr debugfs directory [ 219.803718][ T6476] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.972355][ T6476] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.122609][ T6476] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.253539][ T6476] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.536336][ T6476] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 220.557070][ T6476] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 220.577104][ T6476] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 220.599475][ T6476] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 220.672722][ T6554] netlink: 20 bytes leftover after parsing attributes in process `syz.2.956'. [ 220.737799][ T6556] netlink: 20 bytes leftover after parsing attributes in process `syz.1.958'. [ 220.749936][ T6556] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0' [ 220.823353][ T6476] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.866233][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.877034][ T6558] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 220.884193][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 220.922768][ T6476] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.965471][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 220.980323][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 221.017514][ T4968] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.024718][ T4968] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.063906][ T6563] No such timeout policy "syz0" [ 221.068096][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 221.081587][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 221.091318][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 221.104944][ T4968] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.112185][ T4968] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.122939][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 221.140340][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 221.149532][ T6568] netlink: 8 bytes leftover after parsing attributes in process `syz.1.963'. [ 221.317310][ T6476] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 221.340312][ T3656] Bluetooth: hci8: command tx timeout [ 221.354449][ T6476] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 221.368873][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 221.387817][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 221.405489][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 221.415337][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 221.424531][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 221.433606][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 221.443097][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 221.466116][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 221.601160][ T6579] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 221.695539][ T6587] netlink: 20 bytes leftover after parsing attributes in process `syz.1.969'. [ 221.715560][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 221.728147][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 221.830154][ T6579] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.033323][ T6579] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.212965][ T6579] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.296966][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 222.308987][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 222.343082][ T6476] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 222.377920][ T6579] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.419505][ T6579] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.455545][ T6579] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.479620][ T6579] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.986959][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 223.002270][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 223.065307][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 223.076305][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 223.104193][ T6476] device veth0_vlan entered promiscuous mode [ 223.112167][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 223.131868][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 223.167645][ T6476] device veth1_vlan entered promiscuous mode [ 223.211144][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 223.223240][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 223.243247][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 223.275119][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 223.294976][ T6476] device veth0_macvtap entered promiscuous mode [ 223.317314][ T6476] device veth1_macvtap entered promiscuous mode [ 223.348020][ T6476] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.377092][ T6476] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.392816][ T6476] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.403693][ T6476] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.418203][ T6476] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 223.424577][ T48] Bluetooth: hci8: command tx timeout [ 223.435330][ T6476] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.446587][ T6476] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.457854][ T6476] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.468538][ T6476] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.480837][ T6476] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 223.488287][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 223.499613][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 223.508913][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 223.518308][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 223.527940][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 223.537610][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 223.563209][ T6638] netlink: 'syz.3.985': attribute type 4 has an invalid length. [ 223.571339][ T26] kauditd_printk_skb: 268 callbacks suppressed [ 223.571355][ T26] audit: type=1326 audit(1728044761.597:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6640 comm="syz.1.990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 223.646574][ T6476] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.655507][ T26] audit: type=1326 audit(1728044761.607:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6640 comm="syz.1.990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc9fff7c990 code=0x7ffc0000 [ 223.673521][ T6476] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.707094][ T6476] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.717071][ T26] audit: type=1326 audit(1728044761.607:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6640 comm="syz.1.990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc9fff7c990 code=0x7ffc0000 [ 223.728182][ T6476] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.748286][ T26] audit: type=1326 audit(1728044761.607:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6640 comm="syz.1.990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 223.748330][ T26] audit: type=1326 audit(1728044761.607:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6640 comm="syz.1.990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=81 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 223.748366][ T26] audit: type=1326 audit(1728044761.607:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6640 comm="syz.1.990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 223.823200][ T26] audit: type=1326 audit(1728044761.607:1349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6640 comm="syz.1.990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 223.849301][ T26] audit: type=1326 audit(1728044761.607:1350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6640 comm="syz.1.990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 223.908178][ T26] audit: type=1326 audit(1728044761.607:1351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6640 comm="syz.1.990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 223.944220][ T26] audit: type=1326 audit(1728044761.637:1352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6640 comm="syz.1.990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 224.055293][ T3773] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.106933][ T3773] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.129502][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 224.269316][ T3773] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.286190][ T3773] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.290846][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 224.311272][ T153] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 224.570507][ T153] usb 4-1: device descriptor read/64, error -71 [ 224.860752][ T153] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 224.965653][ T6661] loop6: detected capacity change from 0 to 7 [ 224.983254][ T6661] Dev loop6: unable to read RDB block 7 [ 224.991425][ T6661] loop6: unable to read partition table [ 224.997306][ T6661] loop6: partition table beyond EOD, truncated [ 225.007027][ T6661] loop_reread_partitions: partition scan of loop6 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨â·û [ 225.007027][ T6661] ) failed (rc=-5) [ 225.130648][ T153] usb 4-1: device descriptor read/64, error -71 [ 225.266451][ T153] usb usb4-port1: attempt power cycle [ 225.289034][ T6672] device hsr_slave_0 left promiscuous mode [ 225.328855][ T6672] device hsr_slave_1 left promiscuous mode [ 225.384672][ T6677] usb usb1: usbfs: process 6677 (syz.4.1004) did not claim interface 0 before use [ 225.500868][ T3656] Bluetooth: hci8: command tx timeout [ 225.824098][ T153] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 225.931192][ T153] usb 4-1: device descriptor read/8, error -71 [ 226.221389][ T153] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 226.341370][ T153] usb 4-1: device descriptor read/8, error -71 [ 226.595886][ T153] usb usb4-port1: unable to enumerate USB device [ 227.131277][ T6714] Device name cannot be null; rc = [-22] [ 227.180725][ T48] Bluetooth: hci1: command 0x0c1a tx timeout [ 228.039470][ T6700] loop4: detected capacity change from 0 to 32768 [ 228.057945][ T6700] XFS: ikeep mount option is deprecated. [ 228.073358][ T6700] XFS: ikeep mount option is deprecated. [ 228.227326][ T6700] XFS (loop4): Mounting V5 Filesystem [ 228.515471][ T6700] XFS (loop4): Ending clean mount [ 229.176185][ T6700] loop4: detected capacity change from 32768 to 0 [ 229.207917][ T6745] device syzkaller0 entered promiscuous mode [ 229.275709][ T4241] XFS (loop4): Metadata CRC error detected at xfs_refcountbt_read_verify+0x39/0xc0, xfs_refcountbt block 0x18 [ 229.290408][ T4241] XFS (loop4): Unmount and run xfs_repair [ 229.296232][ T4241] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 229.304035][ T4241] 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 229.323354][ T4241] 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 229.337626][ T4241] 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 229.346614][ T4241] 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 229.355627][ T4241] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 229.364559][ T4241] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 229.373553][ T4241] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 229.382769][ T4241] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 229.396274][ T6747] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x26e/0x370" at daddr 0x18 len 4 error 74 [ 229.422881][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 230.104422][ T6476] XFS (loop4): Unmounting Filesystem [ 230.219257][ T6757] loop3: detected capacity change from 0 to 128 [ 230.271887][ T6757] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 230.310788][ T6757] ext4 filesystem being mounted at /112/file0 supports timestamps until 2038 (0x7fffffff) [ 231.151192][ T5154] EXT4-fs (loop3): unmounting filesystem. [ 233.993461][ T6803] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1048'. [ 234.009755][ T6803] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 234.017460][ T6803] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 234.031362][ T6803] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 234.039065][ T6803] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 234.364606][ T6809] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 235.260944][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 235.320618][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 235.329714][ T0] NOHZ tick-stop error: local softirq work is pending, handler #108!!! [ 235.330227][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10a!!! [ 235.330755][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10a!!! [ 235.335742][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10a!!! [ 235.335854][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10a!!! [ 235.335962][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10a!!! [ 235.336079][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10a!!! [ 238.521436][ T6855] loop4: detected capacity change from 0 to 512 [ 238.529751][ T6856] Device name cannot be null; rc = [-22] [ 238.537453][ T6855] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 238.554681][ T6851] loop3: detected capacity change from 0 to 1024 [ 238.589121][ T6855] EXT4-fs (loop4): 1 truncate cleaned up [ 238.600618][ T6851] EXT4-fs: test_dummy_encryption requires encrypt feature [ 238.606374][ T6855] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 238.742142][ T26] kauditd_printk_skb: 105 callbacks suppressed [ 238.742159][ T26] audit: type=1326 audit(1728044776.777:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6852 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a6b97dff9 code=0x7ffc0000 [ 238.918707][ T26] audit: type=1326 audit(1728044776.777:1459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6852 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a6b97dff9 code=0x7ffc0000 [ 238.956898][ T26] audit: type=1326 audit(1728044776.777:1460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6852 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=118 compat=0 ip=0x7f9a6b97dff9 code=0x7ffc0000 [ 238.979354][ C1] vkms_vblank_simulate: vblank timer overrun [ 240.157258][ T3656] Bluetooth: hci8: command tx timeout [ 240.164584][ T26] audit: type=1326 audit(1728044776.777:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6852 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a6b97dff9 code=0x7ffc0000 [ 240.208710][ T6476] EXT4-fs (loop4): unmounting filesystem. [ 240.240447][ T26] audit: type=1326 audit(1728044776.777:1462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6852 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a6b97dff9 code=0x7ffc0000 [ 240.264954][ T26] audit: type=1326 audit(1728044776.817:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6852 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9a6b97dff9 code=0x7ffc0000 [ 240.287595][ T26] audit: type=1326 audit(1728044776.817:1464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6852 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a6b97dff9 code=0x7ffc0000 [ 240.312912][ T26] audit: type=1326 audit(1728044776.817:1465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6852 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a6b97dff9 code=0x7ffc0000 [ 240.312955][ T26] audit: type=1326 audit(1728044776.817:1466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6852 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f9a6b97dff9 code=0x7ffc0000 [ 240.312991][ T26] audit: type=1326 audit(1728044776.817:1467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6852 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a6b97dff9 code=0x7ffc0000 [ 241.643501][ T6889] loop3: detected capacity change from 0 to 2048 [ 241.694307][ T6889] Alternate GPT is invalid, using primary GPT. [ 241.710489][ T6889] loop3: p1 p2 p3 [ 241.754486][ T6889] ufs: You didn't specify the type of your ufs filesystem [ 241.754486][ T6889] [ 241.754486][ T6889] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 241.754486][ T6889] [ 241.754486][ T6889] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 241.785664][ C1] vkms_vblank_simulate: vblank timer overrun [ 241.892817][ T6889] ufs: ufstype=old is supported read-only [ 242.987080][ T6902] Device name cannot be null; rc = [-22] [ 244.188777][ T26] kauditd_printk_skb: 11 callbacks suppressed [ 244.188796][ T26] audit: type=1326 audit(1728044782.217:1479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6911 comm="syz.1.1084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 244.250342][ T26] audit: type=1326 audit(1728044782.257:1480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6911 comm="syz.1.1084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 244.332737][ T26] audit: type=1326 audit(1728044782.277:1481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6911 comm="syz.1.1084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 244.356132][ T26] audit: type=1326 audit(1728044782.277:1482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6911 comm="syz.1.1084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 244.356175][ T26] audit: type=1326 audit(1728044782.277:1483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6911 comm="syz.1.1084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 244.356213][ T26] audit: type=1326 audit(1728044782.277:1484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6911 comm="syz.1.1084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc9fff7c990 code=0x7ffc0000 [ 244.356249][ T26] audit: type=1326 audit(1728044782.277:1485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6911 comm="syz.1.1084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 244.356285][ T26] audit: type=1326 audit(1728044782.277:1486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6911 comm="syz.1.1084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 244.356320][ T26] audit: type=1326 audit(1728044782.277:1487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6911 comm="syz.1.1084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 244.356357][ T26] audit: type=1326 audit(1728044782.277:1488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6911 comm="syz.1.1084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9fff7dff9 code=0x7ffc0000 [ 244.765266][ T4227] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 245.921267][ T4227] usb 5-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44 [ 245.940296][ T4227] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.020499][ T6939] random: crng reseeded on system resumption [ 247.102096][ T4227] usb 5-1: config 0 descriptor?? [ 247.252645][ T4227] pwc: Samsung MPC-C10 USB webcam detected. [ 247.368817][ T6948] sp0: Synchronizing with TNC [ 247.551541][ T4227] pwc: send_video_command error -71 [ 247.559358][ T4227] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 247.569274][ T4227] Philips webcam: probe of 5-1:0.0 failed with error -71 [ 247.578022][ T4227] usb 5-1: USB disconnect, device number 4 [ 250.910108][ T7011] trusted_key: encrypted_key: master key parameter '' is invalid [ 252.070372][ T27] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 252.320276][ T27] usb 2-1: Using ep0 maxpacket: 8 [ 252.450697][ T27] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 252.462490][ T27] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 252.483919][ T27] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 252.493977][ T27] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 252.504265][ T27] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 252.517973][ T27] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 252.527225][ T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.806895][ T7015] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 252.817456][ T27] usb 2-1: usb_control_msg returned -32 [ 252.825433][ T27] usbtmc 2-1:16.0: can't read capabilities [ 252.831738][ T7015] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 252.857788][ T27] usb 2-1: USB disconnect, device number 6 [ 255.667448][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.679563][ T1272] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.786462][ T7086] netlink: 'syz.3.1153': attribute type 4 has an invalid length. [ 255.823639][ T7086] netlink: 'syz.3.1153': attribute type 4 has an invalid length. [ 258.496336][ T48] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 258.507987][ T48] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 258.521776][ T48] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 258.530388][ T48] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 258.541719][ T48] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 258.549281][ T48] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 258.591372][ T3642] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 258.830497][ T3642] usb 5-1: Using ep0 maxpacket: 8 [ 258.950510][ T3642] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 200 [ 258.982899][ T3642] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 259.024340][ T3642] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 259.066976][ T3642] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 259.110566][ T3642] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 259.145175][ T3642] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.174382][ T3642] usb 5-1: config 0 descriptor?? [ 259.191085][ T7124] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 259.221710][ T7140] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 259.375761][ T7128] chnl_net:caif_netlink_parms(): no params data found [ 259.562515][ T4227] usb 5-1: USB disconnect, device number 5 [ 259.576798][ T7128] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.588037][ T7128] bridge0: port 1(bridge_slave_0) entered disabled state [ 259.597649][ T7128] device bridge_slave_0 entered promiscuous mode [ 259.614515][ T7128] bridge0: port 2(bridge_slave_1) entered blocking state [ 259.627160][ T7128] bridge0: port 2(bridge_slave_1) entered disabled state [ 259.637231][ T7128] device bridge_slave_1 entered promiscuous mode [ 259.710308][ T3642] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 259.710875][ T7128] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 259.739130][ T7153] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1175'. [ 259.754550][ T7128] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 259.819520][ T7128] team0: Port device team_slave_0 added [ 259.829172][ T7128] team0: Port device team_slave_1 added [ 259.867817][ T7128] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 259.887361][ T7128] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 259.921532][ T7128] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 259.934878][ T7128] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 259.941939][ T7128] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 259.968047][ T3642] usb 1-1: Using ep0 maxpacket: 16 [ 259.974711][ T7128] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 260.028454][ T7128] device hsr_slave_0 entered promiscuous mode [ 260.036136][ T7128] device hsr_slave_1 entered promiscuous mode [ 260.055797][ T7128] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 260.065867][ T7128] Cannot create hsr debugfs directory [ 260.100735][ T3642] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 260.108879][ T3642] usb 1-1: config 0 has no interface number 0 [ 260.137201][ T3642] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 260.160416][ T3642] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 260.310519][ T3642] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 260.327718][ T3642] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 260.364868][ T3642] usb 1-1: Product: syz [ 260.369088][ T3642] usb 1-1: SerialNumber: syz [ 260.377930][ T3642] usb 1-1: config 0 descriptor?? [ 260.413337][ T7128] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.432298][ T3642] cm109 1-1:0.8: invalid payload size 0, expected 4 [ 260.446412][ T3642] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input18 [ 260.493236][ T7128] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.565277][ T7128] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.709612][ T48] Bluetooth: hci9: command tx timeout [ 260.739894][ T7128] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.782410][ T4227] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 260.945898][ T7176] hub 9-0:1.0: USB hub found [ 260.954891][ T7176] hub 9-0:1.0: 8 ports detected [ 261.699008][ T7179] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 261.728139][ T7128] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 261.735619][ T4227] usb 5-1: config 0 has an invalid descriptor of length 7, skipping remainder of the config [ 261.751804][ T4227] usb 5-1: New USB device found, idVendor=050d, idProduct=011b, bcdDevice=6f.a4 [ 261.761692][ T4227] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.772641][ T4227] usb 5-1: config 0 descriptor?? [ 261.785934][ T7128] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 261.824153][ T4227] usb 5-1: bad CDC descriptors [ 261.829973][ T7128] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 261.842393][ T4227] usb 5-1: bad CDC descriptors [ 261.861046][ T7128] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 261.957898][ T7182] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1185'. [ 261.967967][ T7182] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 261.976345][ T7182] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 261.995231][ T7182] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 262.003422][ T7182] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 262.028698][ T4227] usb 5-1: USB disconnect, device number 6 [ 262.250684][ T7128] 8021q: adding VLAN 0 to HW filter on device bond0 [ 262.307595][ T3725] usb 1-1: USB disconnect, device number 5 [ 262.313878][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 262.314222][ C0] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 262.330836][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 262.343310][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 262.346441][ T3725] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 262.387072][ T7128] 8021q: adding VLAN 0 to HW filter on device team0 [ 262.417190][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 262.428449][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 262.437459][ T5426] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.444764][ T5426] bridge0: port 1(bridge_slave_0) entered forwarding state [ 262.453621][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 262.468418][ T5419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 262.477477][ T5419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 262.486357][ T5419] bridge0: port 2(bridge_slave_1) entered blocking state [ 262.493529][ T5419] bridge0: port 2(bridge_slave_1) entered forwarding state [ 262.507923][ T5419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 262.522575][ T5419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 262.536897][ T5419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 262.548060][ T5419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 262.558308][ T5419] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 262.574504][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 262.584709][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 262.607544][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 262.616904][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 262.645601][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 262.655514][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 262.669858][ T7128] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 262.688126][ T26] kauditd_printk_skb: 13 callbacks suppressed [ 262.688144][ T26] audit: type=1326 audit(1728044800.717:1502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7187 comm="syz.4.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a6b97dff9 code=0x7ffc0000 [ 262.720419][ T26] audit: type=1326 audit(1728044800.717:1503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7187 comm="syz.4.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a6b97dff9 code=0x7ffc0000 [ 262.744419][ T26] audit: type=1326 audit(1728044800.727:1504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7187 comm="syz.4.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9a6b97dff9 code=0x7ffc0000 [ 262.769765][ T26] audit: type=1326 audit(1728044800.727:1505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7187 comm="syz.4.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a6b97dff9 code=0x7ffc0000 [ 262.780457][ T48] Bluetooth: hci9: command tx timeout [ 262.798546][ T26] audit: type=1326 audit(1728044800.727:1506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7187 comm="syz.4.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a6b97dff9 code=0x7ffc0000 [ 262.843997][ T26] audit: type=1326 audit(1728044800.727:1507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7187 comm="syz.4.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9a6b97c990 code=0x7ffc0000 [ 262.902657][ T26] audit: type=1326 audit(1728044800.747:1508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7187 comm="syz.4.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a6b97dff9 code=0x7ffc0000 [ 262.980014][ T26] audit: type=1326 audit(1728044800.747:1509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7187 comm="syz.4.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9a6b97dff9 code=0x7ffc0000 [ 263.030386][ T26] audit: type=1326 audit(1728044800.747:1510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7187 comm="syz.4.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a6b97dff9 code=0x7ffc0000 [ 263.089448][ T26] audit: type=1326 audit(1728044800.747:1511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7187 comm="syz.4.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9a6b97dff9 code=0x7ffc0000 [ 263.169911][ T5417] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 263.178441][ T5417] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 263.193864][ T7128] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 263.226447][ T5417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 263.236503][ T5417] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 263.303822][ T5417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 263.334744][ T5417] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 263.347201][ T5417] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 263.357175][ T4227] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 263.357376][ T5417] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 263.379798][ T7128] device veth0_vlan entered promiscuous mode [ 263.507918][ T7208] hub 9-0:1.0: USB hub found [ 263.514693][ T7208] hub 9-0:1.0: 8 ports detected [ 263.834566][ T7128] device veth1_vlan entered promiscuous mode [ 263.890470][ T7207] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 264.282729][ T5422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 264.301472][ T5422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 264.324438][ T7128] device veth0_macvtap entered promiscuous mode [ 264.348308][ T7217] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1196'. [ 264.358237][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 264.382950][ T7128] device veth1_macvtap entered promiscuous mode [ 264.413521][ T4227] usb 5-1: Using ep0 maxpacket: 8 [ 264.454490][ T7128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 264.470085][ T7128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 264.486729][ T7128] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 264.494564][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 264.507030][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 264.521614][ T7128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 264.535950][ T7128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 264.546392][ T4227] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 264.563679][ T7128] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 264.571260][ T4227] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 264.583382][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 264.590482][ T4227] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 264.598771][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 264.602373][ T4227] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 264.623297][ T7128] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.632456][ T7128] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.641336][ T4227] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 264.652842][ T7128] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.662075][ T7128] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.669792][ T4227] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 264.680010][ T4227] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.689913][ T4227] usb 5-1: config 0 descriptor?? [ 264.759606][ T48] Bluetooth: hci10: urb ffff888028bd8c00 submission failed (90) [ 264.806870][ T4968] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 264.824854][ T4968] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 264.842948][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 264.849686][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 264.857548][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 264.860376][ T48] Bluetooth: hci9: command tx timeout [ 264.880911][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 264.986651][ T4248] usb 5-1: USB disconnect, device number 7 [ 265.720779][ T7238] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1203'. [ 266.221746][ T7246] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1207'. [ 267.936556][ T7270] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1214'. [ 268.215234][ T48] Bluetooth: hci9: command tx timeout [ 271.100459][ T7291] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1221'. [ 271.118603][ T7291] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1221'. [ 271.131757][ T7291] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1221'. [ 272.939521][ T7313] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1228'. [ 273.452624][ T7322] Device name cannot be null; rc = [-22] [ 273.682265][ T3656] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 273.695793][ T3656] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 273.714760][ T3656] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 273.740764][ T3656] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 273.764822][ T3656] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 273.776356][ T3656] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 275.566866][ T7321] chnl_net:caif_netlink_parms(): no params data found [ 275.830775][ T48] Bluetooth: hci10: command tx timeout [ 275.889289][ T7321] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.909096][ T7321] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.948152][ T7321] device bridge_slave_0 entered promiscuous mode [ 275.989079][ T7321] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.016064][ T7321] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.047419][ T7321] device bridge_slave_1 entered promiscuous mode [ 276.181566][ T7321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 276.241249][ T7321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 276.387404][ T7321] team0: Port device team_slave_0 added [ 276.439430][ T7321] team0: Port device team_slave_1 added [ 276.559368][ T7321] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 276.587034][ T7321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.686808][ T7321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 276.734056][ T7321] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 276.753997][ T7321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.844070][ T7321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 277.036279][ T7321] device hsr_slave_0 entered promiscuous mode [ 277.151583][ T7321] device hsr_slave_1 entered promiscuous mode [ 277.185080][ T7321] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 277.210297][ T7321] Cannot create hsr debugfs directory [ 277.901532][ T48] Bluetooth: hci10: command tx timeout [ 278.258566][ T7321] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.414727][ T7321] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.744898][ T7321] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.220223][ T48] Bluetooth: hci10: command tx timeout [ 281.343860][ T7321] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.627702][ T7321] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 281.664659][ T7321] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 281.714595][ T7321] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 281.760856][ T7321] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 282.095369][ T7321] 8021q: adding VLAN 0 to HW filter on device bond0 [ 282.153047][ T5422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 282.165770][ T5422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 282.212286][ T7321] 8021q: adding VLAN 0 to HW filter on device team0 [ 282.254148][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 282.275327][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 282.308080][ T5426] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.315264][ T5426] bridge0: port 1(bridge_slave_0) entered forwarding state [ 282.374718][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 282.412011][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 282.451459][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 282.480883][ T5426] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.488140][ T5426] bridge0: port 2(bridge_slave_1) entered forwarding state [ 282.556796][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 282.597216][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 282.625979][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 282.673906][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 282.718018][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 282.750000][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 282.803338][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 282.832552][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 282.872743][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 282.907588][ T7321] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 282.948475][ T7321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 282.986648][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 283.004646][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 283.220623][ T3656] Bluetooth: hci10: command tx timeout [ 284.538138][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 284.554598][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 284.570571][ T28] INFO: task syz.2.295:4641 blocked for more than 144 seconds. [ 284.578196][ T28] Not tainted 6.1.112-syzkaller #0 [ 284.601322][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 284.617295][ T7321] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 284.620334][ T28] task:syz.2.295 state:D stack:24512 pid:4641 ppid:4284 flags:0x00004004 [ 284.645589][ T28] Call Trace: [ 284.648943][ T28] [ 284.660323][ T28] __schedule+0x143f/0x4570 [ 284.664965][ T28] ? release_firmware_map_entry+0x186/0x186 [ 284.680239][ T28] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 284.699913][ T28] ? print_irqtrace_events+0x210/0x210 [ 284.703694][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 284.705727][ T28] ? _raw_spin_lock_irq+0xdb/0x110 [ 284.718947][ T28] schedule+0xbf/0x180 [ 284.723325][ T28] ? down_read+0x69f/0xa30 [ 284.727874][ T28] schedule_preempt_disabled+0xf/0x20 [ 284.731982][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 284.733453][ T28] down_read+0x6ff/0xa30 [ 284.745958][ T28] ? __down_common+0x8b0/0x8b0 [ 284.751001][ T28] ? do_raw_spin_lock+0x14a/0x370 [ 284.756163][ T28] ? do_raw_spin_unlock+0x137/0x8a0 [ 284.762145][ T28] iterate_supers+0xac/0x1e0 [ 284.767335][ T28] ? ksys_sync+0x1c0/0x1c0 [ 284.772041][ T28] ksys_sync+0xb9/0x1c0 [ 284.776402][ T28] ? sync_filesystem+0x220/0x220 [ 284.782454][ T28] ? syscall_enter_from_user_mode+0x2e/0x230 [ 284.788597][ T28] ? syscall_enter_from_user_mode+0x2e/0x230 [ 284.797648][ T28] __do_sys_sync+0xa/0x10 [ 284.805974][ T28] do_syscall_64+0x3b/0xb0 [ 284.810691][ T3699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 284.819380][ T3699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 284.830766][ T28] ? clear_bhb_loop+0x45/0xa0 [ 284.835612][ T28] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 284.845457][ T3699] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 284.854085][ T28] RIP: 0033:0x7f8818f7dff9 [ 284.858962][ T28] RSP: 002b:00007f8819cc2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2 [ 284.872866][ T3699] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 284.880740][ T28] RAX: ffffffffffffffda RBX: 00007f8819135f80 RCX: 00007f8818f7dff9 [ 284.889538][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 284.901039][ T7321] device veth0_vlan entered promiscuous mode [ 284.906357][ T28] RBP: 00007f8818ff0296 R08: 0000000000000000 R09: 0000000000000000 [ 284.915237][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 284.923935][ T28] R13: 0000000000000000 R14: 00007f8819135f80 R15: 00007fffeea91028 [ 284.932542][ T7321] device veth1_vlan entered promiscuous mode [ 284.932548][ T28] [ 284.938709][ T28] [ 284.938709][ T28] Showing all locks held in the system: [ 284.949619][ T28] 3 locks held by kworker/0:0/7: [ 284.958636][ T28] #0: ffff888017c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 284.969952][ T28] #1: ffffc900000c7d20 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 284.982244][ T28] #2: ffff888029301240 (&data->fib_lock){+.+.}-{3:3}, at: nsim_fib_event_work+0x2cd/0x4120 [ 284.999859][ T28] 1 lock held by rcu_tasks_kthre/12: [ 285.006326][ T28] #0: ffffffff8d32b1d0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xe30 [ 285.012349][ T7321] device veth0_macvtap entered promiscuous mode [ 285.024971][ T28] 1 lock held by rcu_tasks_trace/13: [ 285.025063][ T3699] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 285.038067][ T28] #0: ffffffff8d32b9d0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xe30 [ 285.039232][ T3699] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 285.049695][ T28] 3 locks held by kworker/1:1/27: [ 285.062049][ T3699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 285.070036][ T28] #0: ffff888017e88938 ((wq_completion)pm){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 285.074891][ T3699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 285.082184][ T28] #1: ffffc90000a3fd20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 285.093766][ T3699] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 285.108351][ T28] #2: ffff8880282bb190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5730 [ 285.119452][ T28] 1 lock held by khungtaskd/28: [ 285.124462][ T28] #0: ffffffff8d32b000 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290 [ 285.127300][ T7321] device veth1_macvtap entered promiscuous mode [ 285.134744][ T28] 2 locks held by getty/3404: [ 285.149591][ T28] #0: ffff88814b0ba098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 285.156515][ T7321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 285.160143][ T28] #1: ffffc900031262f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a7/0x1db0 [ 285.171713][ T7321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.185839][ T28] 1 lock held by syz.0.181/4234: [ 285.190296][ T7321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 285.195253][ T28] #0: ffff8880535c20e0 (&type->s_umount_key#47 [ 285.208954][ T7321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.211128][ T28] /1 [ 285.217386][ T7321] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 285.230318][ T27] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 285.243577][ T28] ){+.+.}-{3:3}, at: alloc_super+0x217/0x930 [ 285.249800][ T28] 3 locks held by kworker/1:13/4241: [ 285.255375][ T28] #0: ffff888017c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 285.266458][ T28] #1: ffffc900033bfd20 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 285.278858][ T28] #2: ffff88807917d240 (&data->fib_lock){+.+.}-{3:3}, at: nsim_fib_event_work+0x2cd/0x4120 [ 285.288049][ T7321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 285.299838][ T7321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.305042][ T28] 3 locks held by kworker/0:12/4248: [ 285.315249][ T28] #0: ffff88814af19938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 285.316699][ T7321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 285.326481][ T28] #1: ffffc9000341fd20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 285.341406][ T7321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.350769][ T28] #2: ffffffff8e4fa7e8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xcc/0x16b0 [ 285.364711][ T7321] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 285.369760][ T28] 3 locks held by kworker/1:16/4253: [ 285.376918][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 285.385177][ T28] #0: ffff88814af19938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 285.390052][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 285.400389][ T28] #1: ffffc9000346fd20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 285.416903][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 285.424479][ T28] #2: ffffffff8e4fa7e8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xcc/0x16b0 [ 285.424563][ T28] 1 lock held by syz.2.295/4641: [ 285.424577][ T28] #0: [ 285.433831][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 285.442448][ T28] ffff8880535c20e0 [ 285.453342][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 285.458673][ T28] (&type->s_umount_key#48){++++}-{3:3}, at: iterate_supers+0xac/0x1e0 [ 285.474285][ T7321] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.480421][ T28] 1 lock held by syz.1.321/4726: [ 285.480443][ T28] #0: ffff8880547180e0 (&type->s_umount_key#47/1){+.+.}-{3:3}, at: alloc_super+0x217/0x930 [ 285.480537][ T28] 1 lock held by syz.4.825/6208: [ 285.480550][ T28] #0: ffff8880535c20e0 [ 285.493270][ T7321] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.494327][ T28] ( [ 285.509159][ T7321] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.510964][ T27] usb 3-1: Using ep0 maxpacket: 16 [ 285.523642][ T7321] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.528172][ T28] &type->s_umount_key#48){++++}-{3:3}, at: iterate_supers+0xac/0x1e0 [ 285.556139][ T28] 1 lock held by syz.2.1100/6952: [ 285.561822][ T28] #0: ffff8880295d00e0 (&type->s_umount_key#47/1){+.+.}-{3:3}, at: alloc_super+0x217/0x930 [ 285.572206][ T28] 1 lock held by syz.3.1176/7156: [ 285.577267][ T28] #0: ffff88804724e0e0 (&type->s_umount_key#47/1){+.+.}-{3:3}, at: alloc_super+0x217/0x930 [ 285.589392][ T28] 3 locks held by syz-executor/7321: [ 285.594895][ T28] #0: ffffffff8e4fa7e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7c1/0xff0 [ 285.604609][ T28] #1: ffff888049fd13e8 (&wg->device_update_lock){+.+.}-{3:3}, at: wg_open+0x224/0x410 [ 285.615339][ T28] #2: ffffffff8d3305f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x4f0/0x930 [ 285.626398][ T28] 1 lock held by syz.0.1235/7336: [ 285.632734][ T28] #0: ffff8880535c20e0 (&type->s_umount_key#48){++++}-{3:3}, at: iterate_supers+0xac/0x1e0 [ 285.643164][ T27] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 285.654179][ T28] [ 285.656539][ T28] ============================================= [ 285.656539][ T28] [ 285.669349][ T27] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 285.683979][ T28] NMI backtrace for cpu 1 [ 285.688415][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.1.112-syzkaller #0 [ 285.696437][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 285.706607][ T28] Call Trace: [ 285.709911][ T28] [ 285.712877][ T28] dump_stack_lvl+0x1e3/0x2cb [ 285.717613][ T28] ? preempt_schedule_thunk+0x16/0x18 [ 285.723015][ T28] ? nf_tcp_handle_invalid+0x642/0x642 [ 285.728493][ T28] ? panic+0x764/0x764 [ 285.732585][ T28] ? vprintk_emit+0x622/0x740 [ 285.737401][ T28] ? printk_sprint+0x490/0x490 [ 285.742212][ T28] ? nmi_cpu_backtrace+0x252/0x560 [ 285.747373][ T28] nmi_cpu_backtrace+0x4e1/0x560 [ 285.752424][ T28] ? nmi_trigger_cpumask_backtrace+0x3f0/0x3f0 [ 285.758630][ T28] ? _printk+0xd1/0x111 [ 285.762807][ T28] ? panic+0x764/0x764 [ 285.766911][ T28] ? __wake_up_klogd+0xcc/0x100 [ 285.771777][ T28] ? panic+0x764/0x764 [ 285.775910][ T28] ? nmi_trigger_cpumask_backtrace+0xe0/0x3f0 [ 285.781992][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 285.788084][ T28] nmi_trigger_cpumask_backtrace+0x1ae/0x3f0 [ 285.794107][ T28] watchdog+0xf88/0xfd0 [ 285.798310][ T28] ? watchdog+0x1f8/0xfd0 [ 285.802683][ T28] kthread+0x28d/0x320 [ 285.806759][ T28] ? hungtask_pm_notify+0x50/0x50 [ 285.811793][ T28] ? kthread_blkcg+0xd0/0xd0 [ 285.816393][ T28] ret_from_fork+0x1f/0x30 [ 285.820844][ T28] [ 285.825624][ T28] Sending NMI from CPU 1 to CPUs 0: [ 285.831222][ C0] NMI backtrace for cpu 0 [ 285.831234][ C0] CPU: 0 PID: 3642 Comm: kworker/0:4 Not tainted 6.1.112-syzkaller #0 [ 285.831252][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 285.831262][ C0] Workqueue: mld mld_ifc_work [ 285.831283][ C0] RIP: 0010:__siphash_unaligned+0x0/0x3d0 [ 285.831306][ C0] Code: 35 45 71 f9 03 48 c7 c7 c0 ab 2c 8c 5b 41 5c 41 5d 41 5e 41 5f 5d e9 3f 16 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc <55> 41 57 41 56 41 55 41 54 53 48 83 ec 30 49 89 d7 48 89 f5 48 89 [ 285.831331][ C0] RSP: 0018:ffffc9000415efe8 EFLAGS: 00000282 [ 285.831345][ C0] RAX: ffffffff889a4727 RBX: 0000000000000000 RCX: ffff88802cff5940 [ 285.831358][ C0] RDX: ffffffff97752c40 RSI: 0000000000000048 RDI: ffffc9000415f0a8 [ 285.831370][ C0] RBP: 0000000000000000 R08: ffffffff889a46cf R09: ffffffff889a4383 [ 285.831382][ C0] R10: 0000000000000002 R11: ffff88802cff5940 R12: 1ffff9200082be18 [ 285.831394][ C0] R13: ffffffff97752c40 R14: ffffc9000415f0a8 R15: ffffc9000415f0c4 [ 285.831407][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 285.831422][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 285.831434][ C0] CR2: 00007f9a6bb08178 CR3: 000000007b962000 CR4: 00000000003506f0 [ 285.831450][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 285.831460][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 285.831470][ C0] Call Trace: [ 285.831476][ C0] [ 285.831482][ C0] ? nmi_cpu_backtrace+0x3de/0x560 [ 285.831500][ C0] ? read_lock_is_recursive+0x10/0x10 [ 285.831528][ C0] ? nmi_trigger_cpumask_backtrace+0x3f0/0x3f0 [ 285.831546][ C0] ? nmi_handle+0x25/0x440 [ 285.831581][ C0] ? nmi_cpu_backtrace_handler+0x8/0x10 [ 285.831608][ C0] ? nmi_handle+0x12e/0x440 [ 285.831633][ C0] ? nmi_handle+0x25/0x440 [ 285.831659][ C0] ? __show_mem+0x420/0x420 [ 285.831677][ C0] ? default_do_nmi+0x62/0x150 [ 285.831695][ C0] ? exc_nmi+0xa8/0x100 [ 285.831712][ C0] ? end_repeat_nmi+0x16/0x31 [ 285.831740][ C0] ? ___skb_get_hash+0x83/0x800 [ 285.831765][ C0] ? ___skb_get_hash+0x3cf/0x800 [ 285.831790][ C0] ? ___skb_get_hash+0x427/0x800 [ 285.831816][ C0] ? __show_mem+0x420/0x420 [ 285.831834][ C0] ? __show_mem+0x420/0x420 [ 285.831853][ C0] ? __show_mem+0x420/0x420 [ 285.831872][ C0] [ 285.831877][ C0] [ 285.831882][ C0] ___skb_get_hash+0x440/0x800 [ 285.831911][ C0] __skb_get_hash+0xb3/0x350 [ 285.831938][ C0] ? __skb_get_hash_symmetric+0x970/0x970 [ 285.831963][ C0] ? skb_vlan_inet_prepare+0x4d0/0x6c0 [ 285.831988][ C0] ? skb_tunnel_info+0x310/0x310 [ 285.832011][ C0] geneve_xmit+0x7f4/0x3550 [ 285.832040][ C0] ? geneve_xmit+0x14a/0x3550 [ 285.832057][ C0] ? skb_network_protocol+0x5a4/0x7a0 [ 285.832077][ C0] ? geneve_stop+0x1d0/0x1d0 [ 285.832092][ C0] ? __lock_acquire+0x125b/0x1f80 [ 285.832116][ C0] ? validate_xmit_xfrm+0xb4/0x10b0 [ 285.832147][ C0] ? skb_crc32c_csum_help+0x540/0x540 [ 285.832171][ C0] ? xfrm_init_replay+0x2a0/0x2a0 [ 285.832200][ C0] ? validate_xmit_skb+0x881/0x10e0 [ 285.832223][ C0] dev_hard_start_xmit+0x261/0x8c0 [ 285.832251][ C0] __dev_queue_xmit+0x1bb1/0x3cf0 [ 285.832278][ C0] ? __dev_queue_xmit+0x2d6/0x3cf0 [ 285.832301][ C0] ? netdev_core_pick_tx+0x320/0x320 [ 285.832327][ C0] ? mark_lock+0x9a/0x340 [ 285.832354][ C0] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 285.832382][ C0] ? __ipv6_neigh_lookup_noref+0x59b/0x730 [ 285.832409][ C0] ? ip6_finish_output2+0xcb9/0x15f0 [ 285.832436][ C0] ip6_finish_output2+0xeae/0x15f0 [ 285.832466][ C0] ? ip6_finish_output2+0x698/0x15f0 [ 285.832490][ C0] ? nf_hook+0x450/0x450 [ 285.832517][ C0] ? ip6_mtu+0x7d/0x3e0 [ 285.832544][ C0] ip6_finish_output+0x6a0/0xa80 [ 285.832574][ C0] NF_HOOK+0x167/0x530 [ 285.832591][ C0] ? mld_send_report+0x2e0/0x2e0 [ 285.832609][ C0] ? NF_HOOK+0x530/0x530 [ 285.832630][ C0] mld_sendpack+0x85e/0xde0 [ 285.832653][ C0] ? mld_sendpack+0x1e0/0xde0 [ 285.832669][ C0] ? add_grec+0x19a0/0x19a0 [ 285.832695][ C0] mld_ifc_work+0x7d7/0xc90 [ 285.832716][ C0] ? process_one_work+0x7a9/0x11d0 [ 285.832735][ C0] process_one_work+0x8a9/0x11d0 [ 285.832762][ C0] ? worker_detach_from_pool+0x260/0x260 [ 285.832785][ C0] ? _raw_spin_lock_irqsave+0x120/0x120 [ 285.832806][ C0] ? kthread_data+0x4e/0xc0 [ 285.832834][ C0] ? wq_worker_running+0x97/0x190 [ 285.832851][ C0] worker_thread+0xa47/0x1200 [ 285.832877][ C0] ? _raw_spin_unlock+0x40/0x40 [ 285.832904][ C0] kthread+0x28d/0x320 [ 285.832918][ C0] ? worker_clr_flags+0x190/0x190 [ 285.832936][ C0] ? kthread_blkcg+0xd0/0xd0 [ 285.832952][ C0] ret_from_fork+0x1f/0x30 [ 285.832983][ C0] [ 285.837278][ T27] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 285.838789][ T7321] ieee80211 phy35: Selected rate control algorithm 'minstrel_ht' [ 285.841844][ T27] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 285.926950][ T5426] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 285.938059][ T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.952940][ T7321] ieee80211 phy36: Selected rate control algorithm 'minstrel_ht' [ 285.972856][ T5426] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 285.979181][ T27] usb 3-1: config 0 descriptor?? [ 286.003532][ T5426] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 286.006573][ T5415] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 286.055416][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 286.055436][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.1.112-syzkaller #0 [ 286.055461][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 286.055475][ T28] Call Trace: [ 286.055488][ T28] [ 286.055497][ T28] dump_stack_lvl+0x1e3/0x2cb [ 286.055542][ T28] ? nf_tcp_handle_invalid+0x642/0x642 [ 286.055579][ T28] ? panic+0x764/0x764 [ 286.055606][ T28] ? llist_add_batch+0x160/0x1d0 [ 286.055645][ T28] ? vscnprintf+0x59/0x80 [ 286.055677][ T28] panic+0x318/0x764 [ 286.055705][ T28] ? nmi_trigger_cpumask_backtrace+0x2bf/0x3f0 [ 286.055731][ T28] ? memcpy_page_flushcache+0xfc/0xfc [ 286.055764][ T28] ? nmi_trigger_cpumask_backtrace+0x2bf/0x3f0 [ 286.055785][ T28] ? nmi_trigger_cpumask_backtrace+0x338/0x3f0 [ 286.055812][ T28] ? nmi_trigger_cpumask_backtrace+0x33d/0x3f0 [ 286.055840][ T28] watchdog+0xfc7/0xfd0 [ 286.055876][ T28] ? watchdog+0x1f8/0xfd0 [ 286.055910][ T28] kthread+0x28d/0x320 [ 286.055930][ T28] ? hungtask_pm_notify+0x50/0x50 [ 286.055959][ T28] ? kthread_blkcg+0xd0/0xd0 [ 286.055982][ T28] ret_from_fork+0x1f/0x30 [ 286.056028][ T28] [ 286.058903][ T28] Kernel Offset: disabled [ 286.504178][ T28] Rebooting in 86400 seconds..