last executing test programs: 2.335468157s ago: executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000000)={0x0, 0x0, 0x9, 0x1, 0x200, &(0x7f0000000880)="1ae19337aa151f36ae49bb3f8cb95c3c0d0000f1e55efaaf098d47a70eb36a7309000000000000000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aa017887420cc7b4d11d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da02a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c1758585757126e5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) 2.226499824s ago: executing program 2: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet6_opts(r0, 0x29, 0x1e, 0x0, &(0x7f00000010c0)) 2.12286354s ago: executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x35c, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x2, 0x4, 0x1, 0x0, r5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$inet(0x2, 0x2, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x2, 0x2, 0x0) io_setup(0x0, &(0x7f0000000280)) finit_module(0xffffffffffffffff, 0x0, 0x0) 1.326713924s ago: executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000000)={0x0, 0x0, 0x9, 0x1, 0x200, &(0x7f0000000880)="1ae19337aa151f36ae49bb3f8cb95c3c0d0000f1e55efaaf098d47a70eb36a7309000000000000000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aa017887420cc7b4d11d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da02a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c1758585757126e5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) 1.322975694s ago: executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000040)={0x0, 0x0, 0x0, r1, 0xbbbbbbbb}) 1.249528716s ago: executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETFB(r0, 0xc01c64ad, &(0x7f00000001c0)) 1.209464092s ago: executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006}]}, 0x10) syz_open_dev$usbfs(&(0x7f0000000100), 0x0, 0x0) r1 = socket(0x200000100000011, 0x803, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'xfrm0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000100)="4dcdc7d96a760000002100050000000000060000", 0x34, 0x0, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xe0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) keyctl$clear(0x11, 0xfffffffffffffffd) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xb, &(0x7f0000000340)=@framed={{}, [@printk={@p, {}, {}, {}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x5}, {}, {0x85, 0x0, 0x0, 0xb0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032"], 0xf8}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001c0001000000eeffffffffffff"], 0x14}}, 0x0) 1.142244283s ago: executing program 2: r0 = syz_open_dev$I2C(&(0x7f0000000180), 0x0, 0x0) ioctl$I2C_RDWR(r0, 0x707, 0x0) 1.085311721s ago: executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f0000000380)='map_files\x00') r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f00000001c0)=ANY=[@ANYBLOB='-'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0) openat$cgroup_netprio_ifpriomap(r1, &(0x7f0000000000), 0x2, 0x0) 1.061440665s ago: executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) splice(r1, 0x0, r0, 0x0, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 1.047228947s ago: executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x16}]}) bpf$ENABLE_STATS(0x20, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0x0, 0x2, 0x0, 0x1}, 0x48) ioctl$BTRFS_IOC_SCRUB_CANCEL(r0, 0xc0182101, 0x20000000) 963.23767ms ago: executing program 0: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x80000008, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6}]}, 0x10) listen(r0, 0x3) 924.210077ms ago: executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0xf}, @NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x4}]}}}]}]}], {0x14}}, 0x84}}, 0x0) 902.43311ms ago: executing program 0: r0 = open(&(0x7f0000000100)='./bus\x00', 0x400145042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x12, r0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000200)={0x1d, r2}, 0x10) sendmsg$can_bcm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d7fe68ca7e4d5d5bdbe70000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r2, @ANYBLOB="480b0000f1"], 0x20000600}}, 0x0) 861.749596ms ago: executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000000)={0x0, 0x0, 0x9, 0x1, 0x200, &(0x7f0000000880)="1ae19337aa151f36ae49bb3f8cb95c3c0d0000f1e55efaaf098d47a70eb36a7309000000000000000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aa017887420cc7b4d11d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da02a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c1758585757126e5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) 822.503402ms ago: executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r1 = socket(0xa, 0x5, 0x0) bind$l2tp6(r1, &(0x7f0000000040)={0xa, 0xfc00, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3d}}}, 0x20) sendto$l2tp6(r1, &(0x7f0000000180)='P', 0x1, 0x41, &(0x7f0000001140)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, 0x20) r2 = socket(0xa, 0x5, 0x0) bind$l2tp6(r2, &(0x7f00000000c0)={0xa, 0xfc00, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x28}}}, 0x20) sendto$l2tp6(r2, &(0x7f0000000080)='\x00', 0x1, 0x0, &(0x7f0000001140)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, 0x20) r3 = socket(0xa, 0x5, 0x0) bind$l2tp6(r3, &(0x7f00000000c0)={0xa, 0xfc00, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x20) sendto$l2tp6(r3, &(0x7f0000000080)='\x00', 0x1, 0x0, &(0x7f0000001140)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, 0x20) close_range(r0, 0xffffffffffffffff, 0x0) 811.509854ms ago: executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x41}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x70) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r0, 0xe0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001640)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 799.878756ms ago: executing program 0: syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x9, 0x2a8, &(0x7f0000000500)="$eJzs3F9IU38Yx/HHPz/1Z+hGRFBQPeVNRRzcrgMdoRENjHJhCcExz2rstI2dsZqEWxB400U3/buuIEIQoosgELvoKpTwrovuvPMiu0oiOjGnudnUMnWS79fF9rDn+zl8z58dtu9g08fvXouGHSNspqS6oUqq2yUns1XilWpZkJMj10fe7zt34eLpQDDYcVa1M9Dt86tq84HR3pvDh8ZSO86/bH5dL+PeS9Mz/qnx3eN7pr93X404GnE0Fk+pqX3xeMrssy3tv+9EDdUztmU6lkZijpUs6YfteCKRUTPW39SYSFqOo2Yso1Ero6m4ppIZNa+YkZgahqFNjYKVDacfBZbvhp7Puq7MpN65bn1OXNfNv9iwidNDhc2df9ctOv93Kj0lbKKim3qDiD2UDqVDhedCPxCWiNhiSat45JvkrxH38Yg7d6nkH2/4R4KTR9++UVWvDNrZ+Xw2HaopzfvEI95CpqBQd54Kdvi0oDT/nzQW5/3ikV3l8/6y+To53FKUN8Qjk5clLrZMjB78MtU19GAhP+hTPdEVXJL/X/oXD9OzzxU6PwAAAAAAAAAArIWhP5VdvzfyA24PqGrTkn4hX+73gaXr861l1+drZW9tZfcdAAAAAIDtwskMRE3btpJ/WeS/yq/Hdv694smt3x+8v3PlMS1tNRPtH3KJrbBff1B87dkS0ygtZH71abXBNev8TlksPq3Ldqrm57f8mJO9H1+sup26X47PcsY2/q4EAAAAYCMsfuhvk2z4VTrbc+xepecEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB2s4a/HJt4WK6l+WLn03KtSu8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADASn4EAAD//xAR0Ao=") r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000840)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x3, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000ffe600010000000019b42a0b000021d087dba7358cfb592a16d9bb1b390e372c075a215a3858a9aed9b565c3c3184708e20ea85d74d9f682b9bb4233080e89fef6a6b55f43c6d5dbd06070c6d3dbbdddd508a6c533101020f6871108781a342e1134f4f5ff5d81167fce437f8e97c0fd8a700d0da14eac53ce9514c586bf5c63dbc0a33035baa9cb10e2198a21882d0646d730006096e1549d7d3a3254f22bc770444ee44b87ed2bde1d8b18c962e63ca6a22a962a027fcf164417c0ba702f6552a7d90d0716fe11b00c2561e50ec78132d7ce02eae324832fd5d67ad67ecf19e098e2008b78fb52281574c06616d4edcfe10f9d5c8eee16a18974c4eb927cc640628313ae8a524aad1f4759fd1c8f5596e9c787abd90da583bd6e9f36c0e5d33395440daa328ecafdfaaa75fcb460bb2b461a0fb5aba25dc57775745ca8e153ecd53164bed5ebd97359a7d9b0176a9b24be6f9e7615530aff2e7f746e05700aae5e2592bb8c39ba592702c5507d48bdfe61be64e971a76849b116e635929b43e17aac8aa07b8e0266f0cfcd39b738bdedef8b850b4f4fcc06aeace9389dc074df5c2a8ba30727845c30d71920694d91155929503a342566b1951b4d39ad590a285be8c5179c1e5ab03bd9270be3a1541c0b00fd122bf1fad44892156a8ee5bf0f360aa1d8f36cfc9df07bca31210dc42f1cf3893c8b5cacddcf2d4f3648c593d54d4b08b34fbfe86a94be3e3c6b973f92b17331836cefeef517b777ad91acb3990c92f3e90f921f6fbcc2adfb7e9fa92c899bd1f734703f77cc0da9fa"], &(0x7f0000000340)='GPL\x00'}, 0x78) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0xe}}) syz_genetlink_get_family_id$batadv(&(0x7f00000003c0), 0xffffffffffffffff) read$FUSE(0xffffffffffffffff, &(0x7f0000002480)={0x2020}, 0x2020) sendmmsg$unix(r3, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000001480)="38cfa062425b2665a639bd71a9e2acd37cc7777873a5b116c65aa8435a0254996dece6de399c55c23e95a048553cea2c9c061bd5e2551e4e433fd794192fc467c76ec1f54e4d9c02af6412fc5ba007a11d1c238d2fb23b2e867f2b51810e41654cf214a6ec4f9b8f775348ef15131f4a3f59bbf59c0eefe9476f168dbfed22b1e35d1b9f66c51df3843bf7207386a37fc89ce9d4e8a0ffb8ec7a5ef27b67edc13b018707cf11cc52a23d24729a6b41e8291e1b31791a64d94bb6958a86c51f19305344c0fe2b99d95fce730fb833cbae8f3f70ffac29157b65797f67c4b063a5c07e95c556c9bb845539f8cf0352b2dbf6a76e1103c44b72cefeedd3e7add86dc16f0c80c20f81aa7a25d47ac1882d5065f5e5a1ca38132c09220423fc2d1fa58db8fb0e9ac7129dc7a84488e16a814435164446bbb435e472a9df109f3e8cd1b7feb2a29e0833e3deb6b59a6667dcdc3e0e2e6df5c3827efa190f736d7263f9eb4d8f726c4ee77116cb4f5d9119c1788c69fc3095013c233a6975626c21680e5ecd1a6be08d69ace2b0222773f627711cbb85f004e8ed7066767c3bd184787de7ccfdf47c64bd17891f1407f7c5ed475ac7b3b9d7a7d82fa1e20f9af0f3ed5907f6983b2aade55081f856e451384161977f169446445ca81dcac5a1295003a82b82365047876092be4f9b69b72ce18d62240f24f0619e105e90f5e33ec696393fbb44f82bf5026a15c41fda240e296cbdb2339319cb7c05ab8ec7fff9431a38d058a0b217a0e2c09a6a07c9de4298d0026e391e346e4817a346860099650f7c4b7b4f800cad492da6dc99474dc7cf511f9eb00521b3517534bb678c21f30e14acdf7071c81b2928b7b78bb8561a45e0c062c503181e65aeccbe0faa60e5b32f64724835ccebc37ab9dab2cb9f574d051579a2fdc1ffdbacecba443b57375deedfdeb1d33ea1eb9cd47972d7dbd825969a0a5a2ca7b8934396b4719615392a3a3a6f6ea00972365082ead224ae103d2cb2c2ec344919972cc0988615d274e924beb21e7c5a6438e0e315ea3827cdd0cb4515561ef147404c0d1d4216d1a5ee1d8fe92bdf35bcb4414d8202904e80aec0575bedbd1290cf4d20aa4ea69f442859bf017332bfb2a4dcd41e9d7f33c5f2aa7841574cdb2d1c483a19d1cb7a41e7584e983490e8f0f29e519b1589534b410624b98d5244581f182b94b081f4263591c02b1e7314a25dcb9a093628144e44730a91803ba9db47334abcda87e675bfd399bc7060ca2abb2c571146f015e22ae845a9b903ea02cf362498ea52092b280404c71b4006f4e3b963a154aaa333149bfd0e4ba697c01fe5b6e3ece04a3fd110e3297dc67a8f29a90fe61202afd7b1b6a4379f04a1459670baf84c3e45161e9bf9cd2ecdc1b3c679dde2c0f90bf9e506e043a3236548d59e576050bcbca04bb7984209d283ae5ec96b222439dbbfed49e442a302860eeb56245c1df3833bdab5b7ef96176bf8e05046778fa0dfe1a5c0d8d596ba771b5ac1a799bfc7d0366e1d2caf919fd43bbfda97d58289f85bcf497d5ebc24f28700512e477f544fea8581c168b2b94847c235dc4b6ed4901e92f243f3be383e91a8085962082f6c2f8715cbab4497dc8c9ce29d5185b8ca7f45c141d2dba5ce13425e72dd12e056255f7564952ac6b1342f7612bedf3819d87c48a3b4cd3cf3576a1775ca2d769eb148c07b6e8014c2c1e8d79c419c43fb90209273a92c95e4e03df6681e9173e863061629ec6d6cef64c04f4b6cc3ec96931c34149bcaefcc9d5fb234211e173068e8c5e49117e1c450e4aa18ca382c94e236e5c2f26eb18a17f1f57eddb83a7306f927b853e2ac75bc5f6e40f681cb03c1688d78a324e0310225a1e9cc8c6115c8066373f752f11faffc3ed692d1e794a002b33282ce82e61488cdf8d9ec532ee6795e33a93df1e0a6c84ed331d7cdd5feaadcdcae26c44a1794e3e02bf20e18b97752f3b7267eeae36e7c27f7e23cf55ed9005623f71fc4f8d5d7fb6f1c00fab1d794597663c396c1b193fa8867652c982b832ff2e76f1ed04c5b0ac23fd45f4f693d73c227e2df50230420abf342c5e3245352fba929ef0af4329377c982b8ba64b94ee409f7c09f0c9407ae0ea755124c4cc0e3ef586ebf9ae4e735becc17be9820fc30dcd0e4af56c25388ccc14b4404e5d43038afa1e3359a8e05aa836c65f21a0e3fb8e940b4c000db90df681124bc9d5f575783f10b2d19668d35c6e2225c615aa670e693f77c0284a9c5975bfbcfe6a7161ab739f44e549f274e8e87df579af53c55523144ddf4ef1c13c8121c305da1d6abc300ccfcedabf0245b09b0b461cc72c691bd2b68db5a6fcbd1efbd7950288a719d9945a41515e7beb273637c06b0e8c3cb5b84d36cad7ef9155ccafb55f2159a554b9712e0db79dcb74fb119edece1ab30b6e10629a77897d0f2f241ad3032fa667387597d6729db60714df8f0fe979385b68cec928419309301fe7ca58c298ad80a02fe7f71198e65ccb488b0e1eaa9a08c9d35ada2c76ed8a494063bd4c96ccf284ec7cc8d80ff6b7293057f545444fb7189bad2dc2a48a6138cf866c33bd59dc97daa281e6d04c7cb183be58accc347e8b15b78862979cb59fe5671fd25953d83f3a9b024a2c0f60043c1b478bff7de081d9e661ed753e270bdc41a8c64eedf6923395bd1a75686ce0c44e8b184832180603b3ce32cbc271c713d2c04f153f794e2cc51a7e7d1e19af521ed477a7b914c96847ba7e7ce53537516af897e6baae0e352cb4699d228fcd5292ffe30077bfc13e5e611b247b2b5fa8df69b12a6f5474ac5e6549987af8a6a44356457b0e549e20380744966d0be4b4d4f14f6b7587d8b63e801a1192b45d993d61cefed2099bc96f807d87fbafdf838b7a3c959c871d8f93f6fe29ccd270ed17afefcac4b204b53e87881c2c44e97e7587bfd7e340565bc4e49a5ad00607745464acd33953cd611b2d72d1459da1764fbc879243206829643ae45f6908af11e53a1d9f67aecdab5fc39f0640b3b052995e4b06f98c23db82c6bc95abf4863d8d359454d2e942a2315ecb11068ab8aaaa33f0807742cae79a1c919f39e4978d398d375d7e6ee10e450fb6d7f2cdc69dcc9036132b4859bea23a2f6765532ab100cecded09ceebdd742e85a61e5442c33ca06a9f30848f90191d7350d51626a5b596961a46320b0251f55206a766d04ba6dbfd6f44a2beef7196733fcd9333b52fe37d7c212dc51f81166fbb676f5412e85ecb74538b7ac9d7172e48fcf6c17e524994ef90faa7701a0b807b38fbf69bb02acf96220d37ac8ba1253e134124787e5ef0e8234c1f1f840677a39afffdd1dd170d4a53e983b5583cc6693e10e62c845e5721ab0d03b2f390a1d1d9b24902df31d0da91ec8b4a7437d385cd79f40847dea29ace0227c109457b36f6e4b40c99c0f2fe217ab3e534283f079db80e670346f034ff026882700cb43e54d9ca0e9d0bd69b25bd998c108f3bb637f6f9d1d5488fa403ad2240108faf6d9e613f6c59d70dabe3abf2819a9ea3ee02ff18814e44e89cb74688336e5bd935d2ac39f97604abc593846ec01cd072601046c8ef101e83b6741e1af699f0136864f4f4aeadb7ca281a2f62f1d3fab3823b24b1e702db6f332414c9d92ae24b99745c9f90d81364044415a6f5d56393fb63df9049e1f595ddeab02d7fa3c047823a08060979bdca66600c025dafae181a57f8992b339c15df43ffa2f345d5c4b2191d946196b0e3f3a8b89c97a9f1ba7ea45a9f50a2befc959c9691b9d1fc440fdaa6e8698007a685eb146deca5a3a05b4d0e59187136942c51fedbdf12a70984a53f2e4e139ae94355672bdcbd645c1d36f3fbbf48aa9b3e39f368f95faf957c79e8499330205f79302788a516cd255b52249ebca1fe3be085264e33e055afaa68cba9c2b54ec56fef823e22500feb131a7a296386ad522a348492a3dfd3a8652de6d4857f4631aefecddcbd20c96778bb8fa6057d6b94c3f7060ce7105990d1d67de7ee876d7a9fc7b3b4d2e69e4320bf9af255376e3dba464f1808fb376a3b52341b4725ef54ea80999faf16270005257dbd25ece729eb94352b93640f598f79bc0b8189ff00696aceb97a0a642eb1b8da8bf6ab3b9084ee4038b6a32a6cf36aaaf65f8b72552e92d4431d6af72a6740ff2f56c880efd9d20a33e1e32d474b4b3ad0362f7e70f805e5a4340bd91037958b5bb2ac7abc8440691a2f6d6f3635df8006caf119852d2ab53ddd31333552e66df09161d2cb1d8b57f881fa82041c301621288d94ec5d5b391b825c1f6d3d526722ad09b583c4625804ae2f043e4fece488c66f5d3887e7ce00a3230b89e06c27b8b9ce0efa355c111ded4cd026f5e9fafbffdc7b07787fe9979775b43793c0ff0f3623700a21e64ff7132ecfd425cce9946869e333c13ea51f34d96d978a821b232b65a995d9089b9039af398f64fa1a1c5adda71f441af736ff8e179184a42b930e5ce932348e2497d46c560d931e586b640a1f3fe49a85461e1a3715d0c2faf4d84511503feec043e6eda289646f56f8991482e75fe5d457d3800b47af33e46613d2455dc4e7b8d8fa09c09b294539fcf263806e654cecf0c42127ddda906ee0b989fdbf21c3bc7f1fc975330009ded780991858b621e934ae35aadd411a992ea26f11c13e5c27182e3965a4026c80b54637f2f8d92b9e24b2028b216543d8a3c1710a9b627b40c76042c88803d8b5baf8ea2d782a5ce4c624ba622b891a78a7adee085b8c9ebe1d87fd155ea06f7ab1c474f8dfe9a41472471319d2fe9ff64d1b15cc0d6845c148ff0881c2c56166a0a27197589496d558b0f306a24af4a01f99c6727b065a17ee47491ee967f29c1a2a7bc78909f833077e72af76bd3e10bda2d237c97623a28e314584727814ee321ac7aa0be0d97e7f5a1deda7aed21c7cd5804e6e7b950177cbe2d98ab15b3f65e012e2aeb8839132e36e388243f3d120982e04054cb5759393ee9e1b388586be6c3bdf1c51f606d9da06f3dc740f2935900188e23ab065db27cb7ce6288beadf5e20d019d724005b13f749ad399dc83351c0f477494245cd921138c0f0f54aa394eb0637b627b91df893781b6e71c9572ccbb53b03725576c0a6be8e5b9f4ba12542da65a6c5aa3079a75a52b1178227cb79f8cd3231a8c2914b4159bfe328bcbc784e43e53656747bfa92722efd2a207ea16bdcb4b5b4b2a5912a0c9c35e0affc04cdeaeaffe1af540b70b2ba66f1c24d9a75e96f49ef46263e46d53396c28917860609081b42d7679eed0f0493381997c46d73048c69b81e83ad52a1b8fe775a8caf827972cbf0f5e3745e3eecfe3db2d955273ced1b759f396bcba0ac6f353ab75de8afd1fb93addb046eee238a6f037d9c1efb1249fdc77c90684bdb07c24a12e8d8d80f08395b23032c2a0cf20ea1937ea4f18ffcfa64e48262e2738aba96e22f59c4363309eeb9ef13616fd6042d929a27fb6296c8e77dc688154d4949e035246b6cecb6f3ac6b840f98f4bdee00470418b1ddddc869df4b6ccf41ccd86fbe72d1f8d0666ad52c7cb69d8886ea3dc703b0bf35fdb6b73472964ae4b8130a9c299639a98bd96d17bca32704ed8e8e04605", 0xfa1}, {&(0x7f0000000900)="2602cd9325d8c83dc65a536bd797cf87981a41bb5244f4a5847ed528881646dd976c42c34bdc4875962e2118442372892b2d0589d66d656c3a422d89af77c1f49c9d6f87cd527a8e81e32300caeec2e024c70dfeb5a4a874e72e95b79275f1bc2b7debf2951ac8b83c41c1ee060db3cc228f1cfa38c750a87751e995435cc143e9df87c1dfd6dabe82c2bc533feb9d86843f64a3f5fe108043bd4eebfd72d088f204c802b96184262b612c1686a172033d9870106dc1b38a45ce4403013bc9136565d71a", 0xc4}], 0x2, &(0x7f0000000b40)=ANY=[@ANYBLOB="24000000000000000100000001000000", @ANYRES32=r0, @ANYRES32, @ANYRES32, @ANYRES32=r0, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000c894b568039c7ed9ef2510b9cb22dbbfdf492313dda43125470a2a5eea94e0993f4a6439fb6f644d0ee8f9a51f9fe5f4bbb8786c0e73ef805117f06ce0e6ecc3133d3e9121e4e13dbd8e2f2ec7dc5867978bc4ac6494fc094aac2a09993965e9b69c78468c714da8a1a73a836124eee922941fd5b683cd74e07d5ef4bbfbc91712cae897f71f0a89fe0b18524f80644d04ee558b3f0b0dafc7af347bb8f80a4c2144e4c44f57c557b4a3db0dcada458c31e432930e5d50f948cf96c2417970ffa82036b408125c5f41618cb38f979800448a76c2fc28d9982e44da0489287e39d730bbb21d66f861bebb", @ANYRES32=r1, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32=r2, @ANYRES32], 0x88, 0x24000800}}], 0x1, 0x0) r4 = open(&(0x7f0000000100)='./file0\x00', 0x60c2, 0x0) r5 = open$dir(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) write(r4, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e6", 0x1e0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010004b0400000000000000007a000000", @ANYRES32=r8, @ANYBLOB="00000000140012800b00010062726964676500000403028005002700"], 0x3c}}, 0x0) sendfile(r4, r5, 0x0, 0xef85) 747.321664ms ago: executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000500)=@polexpire={0xe0, 0x1b, 0x1, 0x0, 0x0, {{{@in6=@private0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, [@sec_ctx={0xc, 0x8, {0x5a}}, @mark={0xc}, @XFRMA_IF_ID={0x8}]}, 0xe0}}, 0x0) 694.276422ms ago: executing program 1: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006}]}, 0x10) syz_open_dev$usbfs(&(0x7f0000000100), 0x0, 0x0) r1 = socket(0x200000100000011, 0x803, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'xfrm0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000100)="4dcdc7d96a760000002100050000000000060000", 0x34, 0x0, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xe0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) keyctl$clear(0x11, 0xfffffffffffffffd) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xb, &(0x7f0000000340)=@framed={{}, [@printk={@p, {}, {}, {}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x5}, {}, {0x85, 0x0, 0x0, 0xb0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032"], 0xf8}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001c0001000000eeffffffffffff"], 0x14}}, 0x0) 555.723734ms ago: executing program 3: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet6_opts(r0, 0x29, 0x1e, 0x0, &(0x7f00000010c0)) 520.520729ms ago: executing program 4: socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$tipc(0x1e, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pselect6(0x40, &(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000080)=0xfffffffa) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "00769a7d8200010000001495595915303d6000"}) r1 = syz_open_pts(r0, 0x0) ioctl$TCFLSH(r1, 0x540b, 0x0) 513.319341ms ago: executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) listen(r0, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000100)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@timestamp_addr={0x44, 0x4, 0xf0}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) 444.630571ms ago: executing program 3: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f0000000380)='map_files\x00') r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f00000001c0)=ANY=[@ANYBLOB='-'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0) openat$cgroup_netprio_ifpriomap(r1, &(0x7f0000000000), 0x2, 0x0) 315.265181ms ago: executing program 3: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x80000008, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6}]}, 0x10) listen(r0, 0x3) 199.6668ms ago: executing program 1: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r2) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r4) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0x0, 0x2, 0x5}, 0x48) setsockopt$sock_attach_bpf(r5, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) sendmsg$tipc(r5, &(0x7f00000027c0)={&(0x7f0000000100), 0x10, 0x0}, 0x0) sendmsg$tipc(r5, &(0x7f0000000000)={&(0x7f0000000080), 0x10, 0x0}, 0x0) 178.367403ms ago: executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0xf}, @NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x4}]}}}]}]}], {0x14}}, 0x84}}, 0x0) 139.670529ms ago: executing program 2: r0 = gettid() r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) listen(r1, 0x0) accept4$x25(r1, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 4.19386ms ago: executing program 3: syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x4000, &(0x7f00000000c0)={[{@bsdgroups}, {@grpquota}, {@i_version}, {@errors_remount}, {@nomblk_io_submit}]}, 0x2, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', r0, &(0x7f0000000600)='./bus\x00', 0x0) 0s ago: executing program 1: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) kernel console output (not intermixed with test programs): ces/virtual/input/input29 [ 737.855126][ T4027] tipc: Left network mode [ 737.869156][ T3605] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 737.870294][T13922] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 737.911393][ T3605] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 737.925287][ T3605] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 737.933611][ T3605] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 737.945355][ T3605] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 737.949762][T13922] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 737.961714][ T3605] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 738.001352][T13922] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 738.032024][T13922] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 738.201734][ T22] tipc: Node number set to 8432298 [ 738.325941][T13929] loop3: detected capacity change from 0 to 64 [ 738.393581][T13908] loop4: detected capacity change from 0 to 40427 [ 738.409577][T13908] F2FS-fs (loop4): Wrong segment_count / block_count (64 > 16384) [ 738.409606][T13908] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 738.415523][T13923] loop2: detected capacity change from 0 to 32768 [ 738.466431][T13926] A link change request failed with some changes committed already. Interface ip6tnl0 may have been left with an inconsistent configuration, please check. [ 738.498419][T13908] F2FS-fs (loop4): Found nat_bits in checkpoint [ 738.592404][T13923] XFS (loop2): DAX unsupported by block device. Turning off DAX. [ 738.603196][T13923] XFS (loop2): Mounting V5 Filesystem [ 738.657370][T13908] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 738.671432][T13908] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 738.715204][T13923] XFS (loop2): Ending clean mount [ 738.732067][T13923] XFS (loop2): Quotacheck needed: Please wait. [ 738.744434][T13946] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 738.847696][T13923] XFS (loop2): Quotacheck: Done. [ 738.864634][T13924] chnl_net:caif_netlink_parms(): no params data found [ 738.903451][T13951] tipc: Enabled bearer , priority 0 [ 738.946670][T12199] XFS (loop2): Unmounting Filesystem [ 738.968790][T12894] syz-executor.4: attempt to access beyond end of device [ 738.968790][T12894] loop4: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 739.069730][T12894] syz-executor.4: attempt to access beyond end of device [ 739.069730][T12894] loop4: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 739.183632][T12894] syz-executor.4: attempt to access beyond end of device [ 739.183632][T12894] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 739.199949][T13924] bridge0: port 1(bridge_slave_0) entered blocking state [ 739.222801][T13924] bridge0: port 1(bridge_slave_0) entered disabled state [ 739.232672][T13924] device bridge_slave_0 entered promiscuous mode [ 739.279036][T13924] bridge0: port 2(bridge_slave_1) entered blocking state [ 739.289159][T13924] bridge0: port 2(bridge_slave_1) entered disabled state [ 739.298407][T13924] device bridge_slave_1 entered promiscuous mode [ 739.405697][T13924] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 739.438879][T13924] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 739.646063][T13924] team0: Port device team_slave_0 added [ 739.736416][T13924] team0: Port device team_slave_1 added [ 739.769735][ T4027] device hsr_slave_0 left promiscuous mode [ 739.778290][ T4027] device hsr_slave_1 left promiscuous mode [ 739.787220][ T4027] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 739.796533][ T4027] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 739.806448][ T4027] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 739.814224][ T4027] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 739.826384][ T4027] device bridge_slave_1 left promiscuous mode [ 739.833097][ T4027] bridge0: port 2(bridge_slave_1) entered disabled state [ 739.843327][ T4027] device bridge_slave_0 left promiscuous mode [ 739.850063][ T4027] bridge0: port 1(bridge_slave_0) entered disabled state [ 739.864279][ T4027] device veth1_macvtap left promiscuous mode [ 739.871768][ T4027] device veth0_macvtap left promiscuous mode [ 739.877916][ T4027] device veth1_vlan left promiscuous mode [ 739.885062][ T4027] device veth0_vlan left promiscuous mode [ 740.031578][ T3605] Bluetooth: hci4: command tx timeout [ 740.131257][ T7] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 740.375605][ T4027] team0 (unregistering): Port device team_slave_1 removed [ 740.399810][ T4027] team0 (unregistering): Port device team_slave_0 removed [ 740.427526][ T4027] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 740.457566][ T4027] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 740.571668][ T7] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 740.584184][ T7] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 740.594692][ T7] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 740.626758][ T7] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 740.637135][ T7] usb 3-1: config 0 descriptor?? [ 740.657796][ T4027] bond0 (unregistering): Released all slaves [ 740.733354][ T3600] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 740.748195][ T3600] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 740.767470][ T3600] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 740.778534][ T3600] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 740.787217][ T3600] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 740.794917][ T3600] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 740.878995][T13924] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 740.886746][T13924] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 740.918161][T13924] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 740.934402][T13924] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 740.944003][T13924] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 740.972687][T13924] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 741.070652][T13924] device hsr_slave_0 entered promiscuous mode [ 741.088367][T13924] device hsr_slave_1 entered promiscuous mode [ 741.109096][T13924] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 741.118456][T13924] Cannot create hsr debugfs directory [ 741.143228][ T7] cm6533_jd 0003:0D8C:0022.0015: unknown main item tag 0x0 [ 741.169901][ T7] cm6533_jd 0003:0D8C:0022.0015: unknown main item tag 0x0 [ 741.197855][ T7] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0D8C:0022.0015/input/input30 [ 741.259513][ T7] cm6533_jd 0003:0D8C:0022.0015: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 742.111153][ T3605] Bluetooth: hci4: command tx timeout [ 742.313856][ T22] usb 3-1: USB disconnect, device number 18 acpid: input device has been disconnected, fd 3 [ 742.374749][T13991] loop3: detected capacity change from 0 to 512 [ 742.405656][T13991] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 742.470303][T13990] netlink: 'syz-executor.0': attribute type 10 has an invalid length. [ 742.515520][T11043] EXT4-fs (loop3): unmounting filesystem. [ 742.520090][T13990] 8021q: adding VLAN 0 to HW filter on device team0 [ 742.603573][T13996] netlink: 'syz-executor.0': attribute type 10 has an invalid length. [ 742.615879][T13996] bridge0: port 3(team0) entered blocking state [ 742.625320][T13996] bridge0: port 3(team0) entered disabled state [ 742.636244][T13996] device team0 entered promiscuous mode [ 742.644256][T13996] device team_slave_0 entered promiscuous mode [ 742.650731][T13996] device team_slave_1 entered promiscuous mode [ 742.857002][ T3605] Bluetooth: hci0: command tx timeout [ 742.970131][T13976] chnl_net:caif_netlink_parms(): no params data found [ 742.990496][T14010] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 744.720718][ T3600] Bluetooth: hci4: command tx timeout [ 744.791199][ T7] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 744.911476][ T3600] Bluetooth: hci0: command tx timeout [ 745.040085][T13976] bridge0: port 1(bridge_slave_0) entered blocking state [ 745.051104][ T7] usb 4-1: Using ep0 maxpacket: 8 [ 745.071906][T13976] bridge0: port 1(bridge_slave_0) entered disabled state [ 745.090016][T13976] device bridge_slave_0 entered promiscuous mode [ 745.138255][T13976] bridge0: port 2(bridge_slave_1) entered blocking state [ 745.151964][T13976] bridge0: port 2(bridge_slave_1) entered disabled state [ 745.171567][T13976] device bridge_slave_1 entered promiscuous mode [ 745.201307][ T7] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 745.217083][ T7] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 745.249056][ T7] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 745.271806][T13976] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 745.286445][ T7] usb 4-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 745.323391][T13976] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 745.521408][ T7] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice= 0.6e [ 745.549140][ T7] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 745.562748][ T7] usb 4-1: Product: syz [ 745.567334][ T7] usb 4-1: Manufacturer: syz [ 745.587635][T14022] loop2: detected capacity change from 0 to 32768 [ 745.596327][ T7] usb 4-1: SerialNumber: syz [ 745.636425][T14022] XFS (loop2): DAX unsupported by block device. Turning off DAX. [ 745.646594][T14022] XFS (loop2): Mounting V5 Filesystem [ 745.668205][T13976] team0: Port device team_slave_0 added [ 745.714317][T13976] team0: Port device team_slave_1 added [ 745.720800][T13924] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 745.804253][T14022] XFS (loop2): Ending clean mount [ 745.806267][T13924] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 745.838099][T14022] XFS (loop2): Quotacheck needed: Please wait. [ 745.849300][T13976] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 745.873439][T13976] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 745.922618][ T7] adutux 4-1:168.0: interrupt endpoints not found [ 745.931088][T13976] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 745.950584][ T7] usb 4-1: USB disconnect, device number 29 [ 745.952500][T13924] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 745.999498][T14022] XFS (loop2): Quotacheck: Done. [ 746.030301][T13976] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 746.079405][T13976] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 746.144374][T13976] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 746.155838][T12199] XFS (loop2): Unmounting Filesystem [ 746.262092][T13924] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 746.423804][T13976] device hsr_slave_0 entered promiscuous mode [ 746.448019][T13976] device hsr_slave_1 entered promiscuous mode [ 746.469426][T13976] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 746.497807][T13976] Cannot create hsr debugfs directory [ 746.751208][ T3600] Bluetooth: hci4: command tx timeout [ 746.915349][T14047] loop3: detected capacity change from 0 to 2048 [ 746.924871][T14049] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.2'. [ 746.992026][T14047] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 747.000790][T14047] ext4 filesystem being mounted at /root/syzkaller-testdir2875875448/syzkaller.X238ur/186/file0 supports timestamps until 2038 (0x7fffffff) [ 747.015921][ T3600] Bluetooth: hci0: command tx timeout [ 747.081106][T14047] loop3: detected capacity change from 2048 to 0 [ 747.088906][T13976] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 747.108149][ C1] I/O error, dev loop3, sector 16 op 0x0:(READ) flags 0x3000 phys_seg 1 prio class 2 [ 747.121298][T14047] EXT4-fs error (device loop3): ext4_wait_block_bitmap:573: comm syz-executor.3: Cannot read block bitmap - block_group = 0, block_bitmap = 2 [ 747.152917][ T1255] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.159439][ T1255] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.176519][ T2464] loop: Write error at byte offset 9223372036854775807, length 4096. [ 747.193735][ C1] I/O error, dev loop3, sector 0 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2 [ 747.203383][ C1] I/O error, dev loop3, sector 0 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2 [ 747.212888][ C1] Buffer I/O error on dev loop3, logical block 0, lost sync page write [ 747.221196][T14047] EXT4-fs (loop3): I/O error while writing superblock [ 747.232846][T13924] 8021q: adding VLAN 0 to HW filter on device bond0 [ 747.239974][T14049] netlink: 'syz-executor.2': attribute type 10 has an invalid length. [ 747.335652][ C1] I/O error, dev loop3, sector 128 op 0x0:(READ) flags 0x3000 phys_seg 1 prio class 2 [ 747.400473][T13976] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 747.430895][T11043] EXT4-fs (loop3): unmounting filesystem. [ 747.460980][ T4979] loop: Write error at byte offset 9223372036854775807, length 4096. [ 747.469151][ C1] I/O error, dev loop3, sector 0 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2 [ 747.478731][ C1] I/O error, dev loop3, sector 0 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2 [ 747.488250][ C1] Buffer I/O error on dev loop3, logical block 0, lost sync page write [ 747.496638][T11043] EXT4-fs (loop3): I/O error while writing superblock [ 747.502443][T13924] 8021q: adding VLAN 0 to HW filter on device team0 [ 747.510540][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 747.538573][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 747.546646][T14055] loop2: detected capacity change from 0 to 2048 [ 747.574960][ T4979] loop: Write error at byte offset 9223372036855037951, length 4096. [ 747.588809][T13976] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 747.607599][ C1] I/O error, dev loop3, sector 512 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2 [ 747.617459][ C1] Buffer I/O error on dev loop3, logical block 64, lost sync page write [ 747.644539][T14055] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 747.668767][T14054] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 747.686534][T14054] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 747.713542][T14054] EXT4-fs (loop2): This should not happen!! Data will be lost [ 747.713542][T14054] [ 747.731066][T14054] EXT4-fs (loop2): Total free blocks count 0 [ 747.738071][T14054] EXT4-fs (loop2): Free/Dirty block details [ 747.746886][T14054] EXT4-fs (loop2): free_blocks=2415919104 [ 747.754467][ T3821] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 747.762973][T14054] EXT4-fs (loop2): dirty_blocks=16 [ 747.768113][T14054] EXT4-fs (loop2): Block reservation details [ 747.775141][ T3821] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 747.781378][T14054] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 747.785210][ T3821] bridge0: port 1(bridge_slave_0) entered blocking state [ 747.796253][ T3821] bridge0: port 1(bridge_slave_0) entered forwarding state [ 747.821233][T12199] EXT4-fs (loop2): unmounting filesystem. [ 747.874256][T13976] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 747.919854][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 747.935123][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 747.948401][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 747.957491][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 747.964754][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 748.010472][ T3821] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 748.030773][ T3821] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 748.079269][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 748.090898][T14067] loop2: detected capacity change from 0 to 512 [ 748.115398][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 748.138438][T14067] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 748.151358][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 748.160263][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 748.192427][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 748.193040][T14067] EXT4-fs (loop2): 1 truncate cleaned up [ 748.212059][T14067] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 748.231211][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 748.250107][T14067] EXT4-fs warning (device loop2): ext4_group_add:1743: No reserved GDT blocks, can't resize [ 748.276320][T13924] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 748.353081][T12199] EXT4-fs (loop2): unmounting filesystem. [ 748.362684][T13924] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 748.392065][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 748.400533][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 748.424803][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 748.564511][ T26] audit: type=1804 audit(1718463719.524:589): pid=14073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir2627434786/syzkaller.I24N0E/234/bus" dev="sda1" ino=1942 res=1 errno=0 [ 748.694494][ T4027] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 748.753303][ T3605] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 748.779903][ T3605] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 748.783829][T14080] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 748.800279][ T3605] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 748.814800][ T3605] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 748.826401][ T3605] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 748.834564][ T3605] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 748.895695][ T4027] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 748.944400][T13976] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 749.002701][ T4027] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 749.025628][T13976] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 749.043183][T13976] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 749.081859][ T3605] Bluetooth: hci0: command tx timeout [ 749.095016][ T4027] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 749.116122][T14087] netlink: 'syz-executor.0': attribute type 10 has an invalid length. [ 749.134907][T14087] device team0 left promiscuous mode [ 749.140264][T14087] device team_slave_0 left promiscuous mode [ 749.151676][T14087] device team_slave_1 left promiscuous mode [ 749.158529][T14087] bridge0: port 3(team0) entered disabled state [ 749.168799][T14087] 8021q: adding VLAN 0 to HW filter on device team0 [ 749.189071][T13976] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 749.220850][T13924] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 749.234294][T14092] netlink: 'syz-executor.0': attribute type 10 has an invalid length. [ 749.243845][T14092] bridge0: port 3(team0) entered blocking state [ 749.250285][T14092] bridge0: port 3(team0) entered disabled state [ 749.258281][T14092] device team0 entered promiscuous mode [ 749.264211][T14092] device team_slave_0 entered promiscuous mode [ 749.270723][T14092] device team_slave_1 entered promiscuous mode [ 749.290284][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 749.298134][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 749.346216][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 749.363141][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 749.412933][ T3955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 749.422531][ T3955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 749.468055][ T3955] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 749.476739][ T3955] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 749.497068][T13924] device veth0_vlan entered promiscuous mode [ 749.597774][T13924] device veth1_vlan entered promiscuous mode [ 749.786248][ T4027] tipc: Left network mode [ 749.831440][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 749.844118][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 749.870354][T13924] device veth0_macvtap entered promiscuous mode [ 749.914088][T13976] 8021q: adding VLAN 0 to HW filter on device bond0 [ 749.982142][T13976] 8021q: adding VLAN 0 to HW filter on device team0 [ 750.062588][T13976] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 750.082417][T13976] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 750.098360][ T4027] tipc: Disabling bearer [ 750.106407][ T4027] tipc: Left network mode [ 750.110442][T14081] chnl_net:caif_netlink_parms(): no params data found [ 750.128001][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 750.137328][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 750.733316][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 750.741861][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 750.750895][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 750.759543][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 750.766758][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 750.775138][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 750.784387][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 750.794490][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 750.801861][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 750.820839][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 750.836206][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 750.846574][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 750.855479][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 750.864875][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 750.874007][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 750.884056][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 750.893544][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 750.903649][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 750.911361][ T3600] Bluetooth: hci2: command tx timeout [ 750.913624][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 750.949429][T13924] device veth1_macvtap entered promiscuous mode [ 751.126388][ T3821] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 751.139669][ T3821] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 751.150678][ T3821] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 751.172451][ T3821] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 751.189537][T13924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 751.237506][T13924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 751.256460][T13924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 751.281128][T13924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 751.292501][T13924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 751.303289][T13924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 751.314294][T13924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 751.325664][T13924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 751.348255][T13924] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 751.470386][ T3964] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 751.480720][ T3964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 751.502044][T13924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 751.515638][T13924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 751.526567][T13924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 751.537188][T13924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 751.549346][T13924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 751.562081][T13924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 751.572759][T13924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 751.583375][T13924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 751.595341][T13924] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 751.634227][ T3964] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 751.648838][ T3964] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 751.662426][T13924] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 751.671342][T13924] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 751.680190][T13924] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 751.690355][T13924] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 751.747436][T13976] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 751.840588][T14081] bridge0: port 1(bridge_slave_0) entered blocking state [ 751.857176][T14081] bridge0: port 1(bridge_slave_0) entered disabled state [ 751.882387][T14081] device bridge_slave_0 entered promiscuous mode [ 751.903434][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 751.912026][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 751.947670][T14081] bridge0: port 2(bridge_slave_1) entered blocking state [ 751.962195][T14081] bridge0: port 2(bridge_slave_1) entered disabled state [ 751.970544][T14081] device bridge_slave_1 entered promiscuous mode [ 752.106350][T14081] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 752.194457][T14135] loop2: detected capacity change from 0 to 2048 [ 752.216350][T14081] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 752.303684][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 752.321755][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 752.338213][T14135] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 752.421214][T14134] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 752.450310][T14134] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 752.457317][T14081] team0: Port device team_slave_0 added [ 752.470572][T14134] EXT4-fs (loop2): This should not happen!! Data will be lost [ 752.470572][T14134] [ 752.480789][T14134] EXT4-fs (loop2): Total free blocks count 0 [ 752.491339][T14134] EXT4-fs (loop2): Free/Dirty block details [ 752.497286][T14134] EXT4-fs (loop2): free_blocks=2415919104 [ 752.504233][T14081] team0: Port device team_slave_1 added [ 752.518370][T14134] EXT4-fs (loop2): dirty_blocks=16 [ 752.533468][T14134] EXT4-fs (loop2): Block reservation details [ 752.546646][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 752.561416][T14134] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 752.647592][T12199] EXT4-fs (loop2): unmounting filesystem. [ 752.658585][ T5704] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 752.706045][ T5704] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 752.782948][T14081] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 752.789920][T14081] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 752.851385][T14081] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 752.884500][T14081] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 752.900990][T14081] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 752.981236][T14081] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 752.992016][ T3605] Bluetooth: hci2: command tx timeout [ 753.036336][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 753.049264][T14148] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 753.356456][T14081] device hsr_slave_0 entered promiscuous mode [ 753.374631][T14081] device hsr_slave_1 entered promiscuous mode [ 753.387301][T14081] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 753.396508][T14081] Cannot create hsr debugfs directory [ 753.466598][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 753.480017][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 753.555635][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 753.567241][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 753.578259][T13976] device veth0_vlan entered promiscuous mode [ 753.629261][T13976] device veth1_vlan entered promiscuous mode [ 753.650740][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 753.663906][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 753.682874][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 753.808755][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 753.823934][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 753.842070][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 753.860252][T13976] device veth0_macvtap entered promiscuous mode [ 753.930679][T13976] device veth1_macvtap entered promiscuous mode [ 754.017045][ T4027] device hsr_slave_0 left promiscuous mode [ 754.024670][ T4027] device hsr_slave_1 left promiscuous mode [ 754.032296][ T4027] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 754.039845][ T4027] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 754.049760][ T4027] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 754.058370][ T4027] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 754.073691][ T4027] device bridge_slave_1 left promiscuous mode [ 754.080089][ T4027] bridge0: port 2(bridge_slave_1) entered disabled state [ 754.089531][ T4027] device bridge_slave_0 left promiscuous mode [ 754.106708][ T4027] bridge0: port 1(bridge_slave_0) entered disabled state [ 754.109844][T14151] loop1: detected capacity change from 0 to 40427 [ 754.132938][T14151] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 754.147080][T14151] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 754.147115][ T4027] device hsr_slave_0 left promiscuous mode [ 754.159574][T14151] F2FS-fs (loop1): invalid crc value [ 754.182102][ T4027] device hsr_slave_1 left promiscuous mode [ 754.198550][ T4027] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 754.215640][T14151] F2FS-fs (loop1): Found nat_bits in checkpoint [ 754.231133][ T4027] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 754.251160][ T4027] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 754.258815][ T4027] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 754.283469][ T4027] device bridge_slave_1 left promiscuous mode [ 754.289731][ T4027] bridge0: port 2(bridge_slave_1) entered disabled state [ 754.315264][ T4027] device bridge_slave_0 left promiscuous mode [ 754.323205][ T4027] bridge0: port 1(bridge_slave_0) entered disabled state [ 754.332278][T14151] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 754.339386][T14151] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 754.354438][ T4027] device veth1_macvtap left promiscuous mode [ 754.360517][ T4027] device veth0_macvtap left promiscuous mode [ 754.366910][ T4027] device veth1_vlan left promiscuous mode [ 754.373191][ T4027] device veth0_vlan left promiscuous mode [ 754.382732][ T4027] device veth1_macvtap left promiscuous mode [ 754.389152][ T4027] device veth0_macvtap left promiscuous mode [ 754.397436][ T4027] device veth1_vlan left promiscuous mode [ 754.403484][ T4027] device veth0_vlan left promiscuous mode [ 754.925591][T14180] loop1: detected capacity change from 0 to 16 [ 754.936660][T14180] erofs: (device loop1): mounted with root inode @ nid 36. [ 755.081643][ T3605] Bluetooth: hci2: command tx timeout [ 755.120309][ T4027] team0 (unregistering): Port device team_slave_1 removed [ 755.146787][ T4027] team0 (unregistering): Port device team_slave_0 removed [ 755.178443][ T4027] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 755.206421][ T4027] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 755.305909][ T4027] bond0 (unregistering): Released all slaves [ 755.539954][ T4027] team0 (unregistering): Port device team_slave_1 removed [ 755.556821][ T4027] team0 (unregistering): Port device team_slave_0 removed [ 755.572345][ T4027] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 755.589415][ T4027] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 755.697458][ T4027] bond0 (unregistering): Released all slaves [ 755.767373][T14159] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 755.776941][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 755.802386][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 755.811067][T14173] netlink: 'syz-executor.2': attribute type 10 has an invalid length. [ 755.860153][T14173] 8021q: adding VLAN 0 to HW filter on device team0 [ 755.895466][T14175] netlink: 'syz-executor.2': attribute type 10 has an invalid length. [ 755.921720][T14175] bridge0: port 3(team0) entered blocking state [ 755.942805][T14175] bridge0: port 3(team0) entered disabled state [ 756.107405][T14175] device team0 entered promiscuous mode [ 756.221150][T14175] device team_slave_0 entered promiscuous mode [ 756.286028][T14175] device team_slave_1 entered promiscuous mode [ 756.745676][T13976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 756.814394][T13976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 756.837031][T13976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 756.857075][T13976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 756.868616][T13976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 756.885655][T13976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 756.927207][T13976] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 756.943368][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 756.971240][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 757.063935][T13976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 757.077162][T13976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 757.120495][T13976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 757.141047][T13976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 757.151990][ T3605] Bluetooth: hci2: command tx timeout [ 757.180987][T13976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 757.228244][T13976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 757.288689][T13976] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 757.305398][ T3964] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 757.317002][ T3964] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 757.345054][T13976] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 757.369620][T13976] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 757.398998][T13976] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 757.413027][T13976] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 758.711499][ T4638] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 758.727642][ T4638] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 758.818001][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 759.063487][ T2464] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 759.145351][T14219] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 759.153286][ T2464] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 759.220842][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 759.969613][T14081] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 760.128788][T14233] loop4: detected capacity change from 0 to 512 [ 760.129893][T14081] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 760.149856][T14233] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 760.150544][T14236] loop1: detected capacity change from 0 to 512 [ 760.185660][T14081] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 760.188957][T14233] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (20904!=33349) [ 760.209650][T14236] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 760.213822][T14081] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 760.242810][T14233] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 760.264330][T14233] EXT4-fs (loop4): orphan cleanup on readonly fs [ 760.289206][T14233] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #2: block 4: comm syz-executor.4: lblock 0 mapped to illegal pblock 4 (length 1) [ 760.354019][T14233] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -117 [ 760.360638][T13924] EXT4-fs (loop1): unmounting filesystem. [ 760.362418][T14233] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 760.552872][T13976] EXT4-fs (loop4): unmounting filesystem. [ 761.422347][T14081] 8021q: adding VLAN 0 to HW filter on device bond0 [ 761.482250][T14250] loop1: detected capacity change from 0 to 2048 [ 761.527806][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 761.541822][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 761.586073][T14081] 8021q: adding VLAN 0 to HW filter on device team0 [ 761.614988][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 761.634618][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 761.664912][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 761.673535][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 761.721857][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 761.730177][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 761.782259][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 761.811142][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 761.818375][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 761.845749][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 761.872025][T14259] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 761.889383][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 761.928098][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 761.943868][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 761.985483][T14262] device vlan2 entered promiscuous mode [ 762.021100][T14262] device bridge0 entered promiscuous mode [ 762.066829][T14262] device bridge0 left promiscuous mode [ 762.181680][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 762.200757][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 762.220218][T14271] loop4: detected capacity change from 0 to 512 [ 762.232080][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 762.265446][T14246] loop2: detected capacity change from 0 to 40427 [ 762.280588][T14081] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 762.295749][T14081] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 762.297944][T14271] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 762.307115][T14246] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 762.307146][T14246] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 762.309759][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 762.342227][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 762.344692][T14246] F2FS-fs (loop2): invalid crc value [ 762.351185][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 762.364704][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 762.374189][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 762.455375][T14246] F2FS-fs (loop2): Found nat_bits in checkpoint [ 762.484118][T13976] EXT4-fs (loop4): unmounting filesystem. [ 762.800091][T14285] loop4: detected capacity change from 0 to 16 [ 762.818367][T14285] erofs: (device loop4): mounted with root inode @ nid 36. [ 763.066368][T14246] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 763.107077][T14246] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 764.019398][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 764.035726][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 764.071487][T14081] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 764.157105][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 764.166850][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 764.232283][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 764.245622][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 764.292883][T14081] device veth0_vlan entered promiscuous mode [ 764.330528][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 764.341877][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 764.571596][T14081] device veth1_vlan entered promiscuous mode [ 764.975155][T14304] loop2: detected capacity change from 0 to 2048 [ 765.117589][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 765.151278][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 765.170351][T14081] device veth0_macvtap entered promiscuous mode [ 765.179952][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 765.189909][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 765.202120][T14081] device veth1_macvtap entered promiscuous mode [ 765.218287][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 765.245531][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 765.319372][T14081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 765.369150][T14081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.377654][T14308] loop4: detected capacity change from 0 to 512 [ 765.397470][T14308] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 765.410963][T14081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 765.421285][T14308] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (20904!=33349) [ 765.441028][T14081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.450903][T14081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 765.466072][T14308] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 765.484838][T14081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.507145][T14081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 765.508506][T14308] EXT4-fs (loop4): orphan cleanup on readonly fs [ 765.531157][T14308] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #2: block 4: comm syz-executor.4: lblock 0 mapped to illegal pblock 4 (length 1) [ 765.550739][T14308] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -117 [ 765.561543][T14308] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 765.571086][T14081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.622433][T14081] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 765.666262][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 765.682756][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 765.727283][T14081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 765.748448][T13976] EXT4-fs (loop4): unmounting filesystem. [ 765.778207][T14081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.805127][T14081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 765.834426][T14081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.848771][T14081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 765.883622][T14081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.909812][T14081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 765.932571][T14081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.951055][T14081] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 765.966573][T14311] device vlan2 entered promiscuous mode [ 765.979534][T14311] device bridge0 entered promiscuous mode [ 765.988980][T14311] device bridge0 left promiscuous mode [ 766.050674][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 766.071295][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 766.110707][T14081] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.153526][T14081] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.180079][T14081] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.209021][T14081] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.436525][ T4768] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 766.456896][ T4768] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 766.495109][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 766.583835][ T4768] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 766.630573][ T4768] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 766.689180][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 766.896448][T14337] loop2: detected capacity change from 0 to 512 [ 766.972305][T14337] EXT4-fs: Ignoring removed nomblk_io_submit option [ 767.082143][T14337] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 767.101133][T14337] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 767.176960][T14337] EXT4-fs (loop2): 1 truncate cleaned up [ 767.185671][T14337] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 767.239201][T14337] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 767.296164][T14337] EXT4-fs (loop2): re-mounted. Quota mode: writeback. [ 767.356209][T12199] EXT4-fs (loop2): unmounting filesystem. [ 767.680716][T14333] loop4: detected capacity change from 0 to 32768 [ 767.814633][T14341] loop3: detected capacity change from 0 to 32768 [ 767.841039][ T26] audit: type=1326 audit(1718463738.794:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14348 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3deea7cea9 code=0x0 [ 767.859702][T14341] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz-executor.3 (14341) [ 767.893791][T14341] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 767.909326][T14341] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 767.920184][T14341] BTRFS info (device loop3): use zlib compression, level 3 [ 767.934321][T14341] BTRFS info (device loop3): using free space tree [ 768.054228][T14341] BTRFS info (device loop3): enabling ssd optimizations [ 768.342194][T14081] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 769.215225][ T3642] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 769.291879][T14343] loop1: detected capacity change from 0 to 65536 [ 769.387840][T14343] XFS (loop1): Mounting V5 Filesystem [ 769.418332][T14343] XFS (loop1): Ending clean mount [ 769.438333][T14343] XFS (loop1): Quotacheck needed: Please wait. [ 769.467970][ T3642] usb 5-1: Using ep0 maxpacket: 8 [ 769.610348][T14343] XFS (loop1): Quotacheck: Done. [ 769.615754][ T3642] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 769.714222][T13924] XFS (loop1): Unmounting Filesystem [ 769.821287][ T3642] usb 5-1: New USB device found, idVendor=05ac, idProduct=0215, bcdDevice= 0.40 [ 769.840624][ T3642] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 769.859472][ T3642] usb 5-1: Product: syz [ 769.865471][ T3642] usb 5-1: Manufacturer: syz [ 769.870428][ T3642] usb 5-1: SerialNumber: syz [ 770.130039][ T3642] usbhid 5-1:1.0: couldn't find an input interrupt endpoint [ 770.330087][ T3642] usb 5-1: USB disconnect, device number 23 [ 771.495649][ T26] audit: type=1800 audit(1718463742.454:591): pid=14394 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1965 res=0 errno=0 [ 771.507053][T14413] loop4: detected capacity change from 0 to 1024 [ 771.567458][ T4979] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 771.626570][ T26] audit: type=1800 audit(1718463742.584:592): pid=14413 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.4" name="file1" dev="loop4" ino=20 res=0 errno=0 [ 771.805426][ T5704] hfsplus: b-tree write err: -5, ino 4 [ 771.823478][ T4979] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 772.003667][ T4979] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 772.205850][T14426] loop4: detected capacity change from 0 to 512 [ 772.240380][ T4979] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 772.257734][T14426] EXT4-fs: Ignoring removed nomblk_io_submit option [ 772.292325][T14426] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 772.312524][T14426] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -2 [ 772.342790][T14426] EXT4-fs (loop4): 1 truncate cleaned up [ 772.348931][T14426] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 772.473836][ T3600] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 772.487837][ T3600] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 772.551522][ T3600] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 772.564083][ T3600] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 772.572130][ T3600] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 772.579937][ T3600] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 772.653909][T14426] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 772.692643][T14426] EXT4-fs (loop4): re-mounted. Quota mode: writeback. [ 773.299653][T13976] EXT4-fs (loop4): unmounting filesystem. [ 773.652640][T14417] loop2: detected capacity change from 0 to 32768 [ 773.779127][T14446] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 773.886737][T14458] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.2'. [ 773.896998][T14458] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 773.917289][T14458] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 773.943055][T14458] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 774.020627][T14431] chnl_net:caif_netlink_parms(): no params data found [ 774.674679][ T3600] Bluetooth: hci2: command tx timeout [ 775.286180][T14431] bridge0: port 1(bridge_slave_0) entered blocking state [ 775.301516][T14431] bridge0: port 1(bridge_slave_0) entered disabled state [ 775.309703][T14431] device bridge_slave_0 entered promiscuous mode [ 775.381363][T14431] bridge0: port 2(bridge_slave_1) entered blocking state [ 775.409517][T14431] bridge0: port 2(bridge_slave_1) entered disabled state [ 775.428441][T14431] device bridge_slave_1 entered promiscuous mode [ 775.476447][ T26] audit: type=1800 audit(1718463746.434:593): pid=14494 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file1" dev="sda1" ino=1948 res=0 errno=0 [ 775.512673][T14490] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 775.567327][T14431] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 775.580080][T14431] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 775.758641][T14431] team0: Port device team_slave_0 added [ 775.794051][T14431] team0: Port device team_slave_1 added [ 775.822055][T14431] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 775.830043][T14431] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 775.857310][T14431] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 777.056498][ T3600] Bluetooth: hci2: command tx timeout [ 777.697687][T14431] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 777.718945][T14431] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 777.784449][T14431] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 777.905362][T14519] loop1: detected capacity change from 0 to 1024 [ 778.310525][ T4979] device hsr_slave_0 left promiscuous mode [ 778.407000][ T4979] device hsr_slave_1 left promiscuous mode [ 778.716148][ T4979] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 778.739609][ T4979] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 778.765636][ T4979] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 778.773786][ T4979] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 778.783171][ T4979] device bridge_slave_1 left promiscuous mode [ 778.789806][ T4979] bridge0: port 2(bridge_slave_1) entered disabled state [ 778.814594][T14517] loop4: detected capacity change from 0 to 4096 [ 778.823259][ T4979] device bridge_slave_0 left promiscuous mode [ 778.830156][ T4979] bridge0: port 1(bridge_slave_0) entered disabled state [ 778.837308][T14517] ntfs3: loop4: Different NTFS' sector size (2048) and media sector size (512) [ 778.864350][ T4979] device veth1_macvtap left promiscuous mode [ 778.878223][ T4979] device veth0_macvtap left promiscuous mode [ 778.887535][ T4979] device veth1_vlan left promiscuous mode [ 778.898548][ T4979] device veth0_vlan left promiscuous mode [ 778.910110][T14517] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 779.039320][T13976] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22. [ 779.072053][ T3605] Bluetooth: hci2: command tx timeout [ 779.407349][ T4979] team0 (unregistering): Port device team_slave_1 removed [ 779.425972][ T4979] team0 (unregistering): Port device team_slave_0 removed [ 779.439456][ T4979] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 779.462614][ T4979] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 779.544334][ T4979] bond0 (unregistering): Released all slaves [ 779.704819][T14431] device hsr_slave_0 entered promiscuous mode [ 779.730886][T14431] device hsr_slave_1 entered promiscuous mode [ 779.766525][T14539] loop1: detected capacity change from 0 to 1024 [ 779.819979][ T26] audit: type=1800 audit(1718463750.774:594): pid=14539 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.1" name="file1" dev="loop1" ino=20 res=0 errno=0 [ 779.943207][ T9] hfsplus: b-tree write err: -5, ino 4 [ 780.111383][ T3600] Bluetooth: hci3: command 0x0406 tx timeout [ 780.191766][T14556] loop2: detected capacity change from 0 to 1024 [ 781.152905][ T3605] Bluetooth: hci2: command tx timeout [ 781.481866][T14576] loop2: detected capacity change from 0 to 64 [ 782.547942][T14585] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 782.924376][T14596] loop4: detected capacity change from 0 to 1024 [ 783.794411][T14431] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 783.852984][T14431] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 783.907507][T14431] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 783.939982][T14431] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 784.033970][ T26] audit: type=1804 audit(1718463754.994:595): pid=14610 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir2627434786/syzkaller.I24N0E/287/file0" dev="sda1" ino=1954 res=1 errno=0 [ 784.146733][T14613] loop2: detected capacity change from 0 to 512 [ 784.213008][T14613] EXT4-fs: Ignoring removed bh option [ 784.248059][T14431] 8021q: adding VLAN 0 to HW filter on device bond0 [ 784.259668][T14615] futex_wake_op: syz-executor.0 tries to shift op by 35; fix this program [ 784.322755][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 784.339250][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 784.349368][T14613] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #16: comm syz-executor.2: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 19200(19200) [ 784.383879][T14431] 8021q: adding VLAN 0 to HW filter on device team0 [ 784.430131][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 784.441838][T14613] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz-executor.2: couldn't read orphan inode 16 (err -117) [ 784.453110][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 784.471557][T14613] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 784.491175][T14613] ext4 filesystem being mounted at /root/syzkaller-testdir325051567/syzkaller.2IPmI5/146/file1 supports timestamps until 2038 (0x7fffffff) [ 784.507972][ T3664] bridge0: port 1(bridge_slave_0) entered blocking state [ 784.515337][ T3664] bridge0: port 1(bridge_slave_0) entered forwarding state [ 784.552464][T14620] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 784.608116][T12199] EXT4-fs (loop2): unmounting filesystem. [ 784.659170][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 784.663792][T14623] loop4: detected capacity change from 0 to 512 [ 784.678605][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 784.696062][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 784.708676][ T4557] bridge0: port 2(bridge_slave_1) entered blocking state [ 784.716013][ T4557] bridge0: port 2(bridge_slave_1) entered forwarding state [ 784.745518][T14623] EXT4-fs error (device loop4): __ext4_fill_super:5399: inode #2: comm syz-executor.4: casefold flag without casefold feature [ 784.780514][T14621] bridge0: port 4(macvlan2) entered blocking state [ 784.795134][T14623] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 784.817600][T14621] bridge0: port 4(macvlan2) entered disabled state [ 784.822706][T14623] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 784.825997][T14621] device macvlan2 entered promiscuous mode [ 784.847702][T14621] device veth5 entered promiscuous mode [ 784.898707][T14620] device veth5 left promiscuous mode [ 784.917974][T14620] bridge0: port 4(macvlan2) entered disabled state [ 784.962825][T14605] loop1: detected capacity change from 0 to 32768 [ 784.975004][T14620] device macvlan2 left promiscuous mode [ 784.978686][T14605] jfs_mount: dbMount failed w/rc = -5 [ 784.996899][T14605] Mount JFS Failure: -5 [ 785.001157][T14605] jfs_mount failed w/return code = -5 [ 785.001228][T14620] bridge0: port 4(macvlan2) entered disabled state [ 785.223824][T14632] loop2: detected capacity change from 0 to 1024 [ 786.067530][ T3967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 786.076918][ T3967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 786.103984][ T3967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 786.119430][ T3967] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 786.162693][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 786.182567][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 786.212138][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 786.231618][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 786.275939][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 786.316993][T14431] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 786.373469][T14431] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 786.426902][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 786.437595][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 786.984063][T13976] EXT4-fs (loop4): unmounting filesystem. [ 787.251403][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 787.259132][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 787.295104][T14431] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 787.368824][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 787.397591][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 787.446180][T14431] device veth0_vlan entered promiscuous mode [ 787.460544][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 787.479775][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 787.510742][T14666] device syz_tun entered promiscuous mode [ 787.530257][T14431] device veth1_vlan entered promiscuous mode [ 787.563946][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 787.582017][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 787.590267][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 787.626466][T14642] loop1: detected capacity change from 0 to 32768 [ 787.671357][ T3821] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 787.680235][ T3821] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 787.690368][ T3821] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 787.703129][T14431] device veth0_macvtap entered promiscuous mode [ 787.721174][T14642] XFS (loop1): Mounting V5 Filesystem [ 787.746958][T14431] device veth1_macvtap entered promiscuous mode [ 787.775810][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 787.786808][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 787.797476][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 787.808293][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 787.818558][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 787.829726][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 787.844255][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 787.858373][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 787.870951][T14431] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 787.878949][T14642] XFS (loop1): Ending clean mount [ 787.884220][T14642] XFS (loop1): Quotacheck needed: Please wait. [ 787.888783][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 787.904809][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 787.915284][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 787.936713][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 787.970999][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 787.990959][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 787.995182][T14642] XFS (loop1): Quotacheck: Done. [ 788.031778][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 788.053927][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 788.075919][T13924] XFS (loop1): Unmounting Filesystem [ 788.086820][T14431] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 788.123510][T14663] device syz_tun left promiscuous mode [ 788.182503][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 788.218779][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 788.247558][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 788.257027][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 788.283208][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 788.318220][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 788.363727][T14431] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 788.376923][ T1222] block nbd4: Attempted send on invalid socket [ 788.383291][ T1222] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 788.407201][T14431] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 788.419283][T14431] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 788.434186][T14686] hfsplus: unable to find HFS+ superblock [ 788.452656][T14431] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 788.707945][ T4766] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 788.747407][ T4766] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 788.774494][ T4768] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 788.791642][ T4768] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 788.797127][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 788.867122][ T3821] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 789.067457][T14702] 9pnet: Found fid 0 not clunked [ 789.182874][T14693] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 789.434195][T14693] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 789.638904][T14693] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 789.676715][T14718] netlink: 11 bytes leftover after parsing attributes in process `syz-executor.2'. [ 789.691137][T14718] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 789.709487][T14719] device syz_tun entered promiscuous mode [ 789.828893][T14693] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 789.979790][T14715] device syz_tun left promiscuous mode [ 790.139259][T14693] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 790.178005][T14693] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 790.222819][T14693] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 790.258130][T14693] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 790.433459][T14747] loop4: detected capacity change from 0 to 512 [ 790.462099][T14747] EXT4-fs: Ignoring removed mblk_io_submit option [ 790.481150][T14747] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 790.502031][T14747] EXT4-fs (loop4): Test dummy encryption mode enabled [ 790.553485][T14747] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 790.571442][T14747] System zones: 1-12 [ 790.586312][T14747] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #15: comm syz-executor.4: casefold flag without casefold feature [ 790.626044][T14747] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.4: missing EA_INODE flag [ 790.655061][ T52] block nbd2: Attempted send on invalid socket [ 790.658468][T14747] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor.4: error while reading EA inode 12 err=-117 [ 790.662224][ T52] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 790.688606][T14758] hfsplus: unable to find HFS+ superblock [ 790.693629][T14747] EXT4-fs (loop4): 1 orphan inode deleted [ 790.700290][T14747] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 790.885078][T13976] EXT4-fs (loop4): unmounting filesystem. [ 790.908292][T14765] device wireguard0 entered promiscuous mode [ 791.640740][T14770] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 791.703911][T14785] loop2: detected capacity change from 0 to 512 [ 791.718687][T14785] EXT4-fs: Ignoring removed bh option [ 791.770132][T14785] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #16: comm syz-executor.2: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 19200(19200) [ 791.801271][T14785] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz-executor.2: couldn't read orphan inode 16 (err -117) [ 791.821365][T14785] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 791.832086][T14785] ext4 filesystem being mounted at /root/syzkaller-testdir325051567/syzkaller.2IPmI5/167/file1 supports timestamps until 2038 (0x7fffffff) [ 791.972292][T14770] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 792.077413][T12199] EXT4-fs (loop2): unmounting filesystem. [ 792.117580][T14770] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 792.340342][T14770] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 792.567935][T14770] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 793.017257][T14770] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 793.387838][T14770] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 793.427329][T14770] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 793.673360][T14832] loop4: detected capacity change from 0 to 512 [ 793.700246][T14832] EXT4-fs: Ignoring removed bh option [ 793.767254][T14832] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #16: comm syz-executor.4: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 19200(19200) [ 793.844345][T14832] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz-executor.4: couldn't read orphan inode 16 (err -117) [ 793.917670][T14832] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 793.931266][ T4557] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 793.959675][T14832] ext4 filesystem being mounted at /root/syzkaller-testdir3865300573/syzkaller.3ZGUCr/56/file1 supports timestamps until 2038 (0x7fffffff) [ 794.038703][T14842] device syz_tun entered promiscuous mode [ 794.063404][T13976] EXT4-fs (loop4): unmounting filesystem. [ 794.181047][ T4557] usb 1-1: Using ep0 maxpacket: 8 [ 794.198269][T14841] device syz_tun left promiscuous mode [ 794.301358][ T4557] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 794.479563][T14862] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 794.631454][ T4557] usb 1-1: New USB device found, idVendor=05ac, idProduct=0215, bcdDevice= 0.40 [ 794.751730][ T4557] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 794.872347][ T4557] usb 1-1: Product: syz [ 794.928274][ T4557] usb 1-1: Manufacturer: syz [ 794.987093][ T4557] usb 1-1: SerialNumber: syz [ 795.464190][ T4557] usbhid 1-1:1.0: couldn't find an input interrupt endpoint [ 795.504655][T14862] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 795.597089][T14862] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 795.675056][ T3957] usb 1-1: USB disconnect, device number 22 [ 795.696957][T14862] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 795.844550][ T7] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 795.985335][T14860] loop4: detected capacity change from 0 to 32768 [ 795.995532][T14860] jfs_mount: dbMount failed w/rc = -5 [ 796.001632][T14860] Mount JFS Failure: -5 [ 796.006250][T14860] jfs_mount failed w/return code = -5 [ 796.147451][T14884] loop2: detected capacity change from 0 to 1024 [ 796.162331][ T7] usb 4-1: Using ep0 maxpacket: 8 [ 796.291757][ T7] usb 4-1: config index 0 descriptor too short (expected 292, got 36) [ 796.378461][ T7] usb 4-1: config 56 has an invalid interface number: 191 but max is 0 [ 796.509097][ T7] usb 4-1: config 56 descriptor has 1 excess byte, ignoring [ 796.645458][ T7] usb 4-1: config 56 has no interface number 0 [ 796.741761][ T7] usb 4-1: too many endpoints for config 56 interface 191 altsetting 98: 229, using maximum allowed: 30 [ 797.022239][ T7] usb 4-1: config 56 interface 191 altsetting 98 bulk endpoint 0x1 has invalid maxpacket 640 [ 797.039673][ T7] usb 4-1: config 56 interface 191 altsetting 98 bulk endpoint 0x81 has invalid maxpacket 43 [ 797.051895][ T7] usb 4-1: config 56 interface 191 altsetting 98 has 2 endpoint descriptors, different from the interface descriptor's value: 229 [ 797.069199][ T7] usb 4-1: config 56 interface 191 has no altsetting 0 [ 797.171644][ T7] usb 4-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=f8.11 [ 797.211710][ T7] usb 4-1: New USB device strings: Mfr=13, Product=0, SerialNumber=0 [ 797.228449][ T7] usb 4-1: Manufacturer: syz [ 797.258012][T14889] device syz_tun entered promiscuous mode [ 797.403900][T14888] device syz_tun left promiscuous mode [ 797.459993][T14895] loop4: detected capacity change from 0 to 256 [ 797.565371][T14897] loop2: detected capacity change from 0 to 4096 [ 797.576410][T14897] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 797.593835][ C0] usb 4-1: NFC: Urb failure (status -71) [ 797.621006][ C0] usb 4-1: NFC: Urb failure (status -71) [ 797.651204][ T7] usb 4-1: NFC: Unable to get FW version [ 797.658800][ T7] pn533_usb: probe of 4-1:56.191 failed with error -71 [ 797.671884][ T7] usb 4-1: USB disconnect, device number 30 [ 797.709213][ T26] audit: type=1800 audit(1718463768.664:596): pid=14897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=33 res=0 errno=0 [ 797.756449][ T26] audit: type=1800 audit(1718463768.714:597): pid=14897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=33 res=0 errno=0 [ 797.816399][T14898] block nbd4: shutting down sockets [ 797.947713][T14862] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.985888][T14862] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 798.022276][T14862] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 798.048352][T14862] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 798.378629][T14918] binder: 14908:14918 ioctl c0306201 200003c0 returned -14 [ 798.731757][ T3642] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 799.136514][T14928] loop1: detected capacity change from 0 to 256 [ 799.161362][ T3642] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 799.190340][ T3642] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 799.222171][T14933] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 799.293844][T14933] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 799.311475][ T3642] usb 1-1: New USB device found, idVendor=44b7, idProduct=0000, bcdDevice= 0.00 [ 799.320583][ T3642] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 799.332427][ T3642] usb 1-1: SerialNumber: syz [ 799.404617][T14939] block nbd1: shutting down sockets [ 799.643412][ T26] audit: type=1326 audit(1718463770.604:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14948 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f51ace7cea9 code=0x0 [ 799.678096][ T3642] usb 1-1: USB disconnect, device number 23 [ 799.917088][T14945] loop3: detected capacity change from 0 to 32768 [ 799.985383][T14947] loop1: detected capacity change from 0 to 32768 [ 800.002727][T14947] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz-executor.1 (14947) [ 800.029106][T14947] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 800.050098][T14947] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 800.070341][T14947] BTRFS info (device loop1): force zlib compression, level 3 [ 800.090595][T14947] BTRFS info (device loop1): enabling auto defrag [ 800.100729][T14947] BTRFS info (device loop1): enabling disk space caching [ 800.136953][T14947] BTRFS info (device loop1): max_inline at 0 [ 800.143215][T14947] BTRFS info (device loop1): force clearing of disk cache [ 800.150835][T14947] BTRFS info (device loop1): turning on sync discard [ 800.197603][T14947] BTRFS info (device loop1): disk space caching is enabled [ 800.368199][T14947] BTRFS info (device loop1): enabling ssd optimizations [ 800.400523][T14947] BTRFS info (device loop1): rebuilding free space tree [ 800.500764][T14947] BTRFS info (device loop1): disabling free space tree [ 800.508204][T14947] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 800.519256][T14947] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 800.662348][T14985] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 800.691369][T13924] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 800.734652][T14985] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 801.061276][ T3642] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 801.111016][ T7] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 801.167214][T14998] device wireguard0 entered promiscuous mode [ 801.301344][ T3642] usb 5-1: Using ep0 maxpacket: 8 [ 801.431193][ T3642] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 801.462541][T14999] loop1: detected capacity change from 0 to 32768 [ 801.511500][ T7] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 801.526833][ T7] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 801.636910][ T7] usb 1-1: New USB device found, idVendor=44b7, idProduct=0000, bcdDevice= 0.00 [ 801.650313][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 801.663960][ T3642] usb 5-1: New USB device found, idVendor=05ac, idProduct=0215, bcdDevice= 0.40 [ 801.674540][ T3642] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 801.704888][ T7] usb 1-1: SerialNumber: syz [ 801.714852][ T3642] usb 5-1: Product: syz [ 801.720185][ T3642] usb 5-1: Manufacturer: syz [ 801.730701][ T3642] usb 5-1: SerialNumber: syz [ 801.765329][ T26] audit: type=1326 audit(1718463772.724:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15008 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3deea7cea9 code=0x0 [ 801.936602][ T3961] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 802.015271][ T3642] usbhid 5-1:1.0: couldn't find an input interrupt endpoint [ 802.029112][ T7] usb 1-1: USB disconnect, device number 24 [ 802.233737][ T152] usb 5-1: USB disconnect, device number 24 [ 802.311214][ T3961] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 802.331027][ T3961] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 802.347759][ T3961] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 802.369725][ T3961] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 802.481351][ T3961] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 802.500662][ T3961] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 802.517892][ T3961] usb 2-1: Manufacturer: syz [ 802.525098][ T3961] usb 2-1: config 0 descriptor?? [ 803.002941][ T3961] appleir 0003:05AC:8243.0016: unknown main item tag 0x0 [ 803.023830][ T3961] appleir 0003:05AC:8243.0016: No inputs registered, leaving [ 803.078130][ T3961] appleir 0003:05AC:8243.0016: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 803.214507][T15041] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 803.293309][ T3961] usb 2-1: USB disconnect, device number 23 [ 803.329532][T15049] loop2: detected capacity change from 0 to 512 [ 803.374982][T15049] EXT4-fs error (device loop2): __ext4_fill_super:5399: inode #2: comm syz-executor.2: casefold flag without casefold feature [ 803.444999][T15059] (unnamed net_device) (uninitialized): option mode: invalid value (38) [ 803.453815][T15049] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 803.466620][T15049] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 803.786939][T15079] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 804.024540][T15083] loop1: detected capacity change from 0 to 4096 [ 804.057296][T15083] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 804.171325][ T26] audit: type=1800 audit(1718463775.134:600): pid=15083 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=33 res=0 errno=0 [ 804.235478][ T26] audit: type=1800 audit(1718463775.164:601): pid=15083 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=33 res=0 errno=0 [ 804.394288][T15088] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 804.429287][T15100] loop1: detected capacity change from 0 to 256 [ 804.472362][T15100] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 804.497107][T15088] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 804.608470][T12199] EXT4-fs (loop2): unmounting filesystem. [ 804.627908][T15088] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 804.825287][T15110] loop2: detected capacity change from 0 to 2048 [ 804.874175][T15088] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 804.878772][T15110] loop2: p3 p4 < > [ 804.894236][T15110] loop2: p3 start 4284289 is beyond EOD, truncated [ 806.723592][T15088] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 806.789755][T15116] loop1: detected capacity change from 0 to 2048 [ 806.806157][T15088] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 806.816903][T15116] NILFS (loop1): invalid segment: Sequence number mismatch [ 806.824481][T15116] NILFS (loop1): trying rollback from an earlier position [ 806.841450][T15116] NILFS (loop1): recovery complete [ 806.851665][T15088] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 806.861658][T15119] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 806.921782][T15088] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 806.943597][T15118] loop4: detected capacity change from 0 to 1024 [ 807.016399][T15118] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 807.961218][T15118] input: syz1 as /devices/virtual/input/input31 [ 808.319830][T13976] EXT4-fs (loop4): unmounting filesystem. [ 808.340343][T15145] loop1: detected capacity change from 0 to 2048 [ 808.424338][T15145] loop1: p3 p4 < > [ 808.430213][T15145] loop1: p3 start 4284289 is beyond EOD, truncated [ 808.592897][ T1255] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.599284][ T1255] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.850635][T15170] loop3: detected capacity change from 0 to 1024 [ 808.923965][T15170] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 809.132106][T15170] input: syz1 as /devices/virtual/input/input32 [ 809.271679][T15186] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 809.792699][T14431] EXT4-fs (loop3): unmounting filesystem. [ 810.921112][ T26] audit: type=1326 audit(1718463781.864:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15203 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5f2dc7cea9 code=0x0 [ 811.532468][T15215] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 812.390128][T15232] binder: 15224:15232 ioctl c0306201 200003c0 returned -14 [ 812.408421][ T7] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 813.193600][ T7] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 813.204079][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 813.212366][ T7] usb 1-1: Product: syz [ 813.231101][ T7] usb 1-1: Manufacturer: syz [ 813.235951][ T7] usb 1-1: SerialNumber: syz [ 813.293294][ T7] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 813.422053][T15240] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 813.441166][T15240] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 813.531160][ T3821] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 813.927179][ T3821] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 813.928310][T15249] device macvlan2 entered promiscuous mode [ 813.950474][T15249] device vlan1 entered promiscuous mode [ 813.955352][ T3821] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 813.979731][ T3821] usb 2-1: config 1 interface 0 has no altsetting 1 [ 813.986757][ T7] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 813.987198][T15249] team0: Port device macvlan2 added [ 814.007104][ T3821] usb 2-1: config 1 interface 1 has no altsetting 0 [ 814.181603][ T3821] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 814.201269][ T3821] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 814.209839][ T3821] usb 2-1: Product: syz [ 814.217374][T15223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 814.227443][T15223] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 814.235275][ T3821] usb 2-1: Manufacturer: syz [ 814.240079][ T3821] usb 2-1: SerialNumber: syz [ 814.558315][T15264] loop2: detected capacity change from 0 to 2048 [ 814.587602][T15264] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 814.606147][T15264] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 814.925987][ T152] usb 1-1: USB disconnect, device number 25 [ 815.287853][ T3821] usb 2-1: selecting invalid altsetting 0 [ 815.295589][ T7] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 815.302671][ T3821] usb 2-1: selecting invalid altsetting 0 [ 815.308512][ T3821] cdc_ncm 2-1:1.0: bind() failure [ 815.314217][ T7] ath9k_htc: Failed to initialize the device [ 815.325907][ T152] usb 1-1: ath9k_htc: USB layer deinitialized [ 815.330848][ T3821] usb 2-1: selecting invalid altsetting 0 [ 815.338123][ T3821] usbtest: probe of 2-1:1.1 failed with error -22 [ 815.353041][ T3821] usb 2-1: USB disconnect, device number 24 [ 815.619321][T15274] overlayfs: missing 'lowerdir' [ 815.673153][T15274] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 815.906962][T15281] device macvlan2 entered promiscuous mode [ 815.937050][T15281] device vlan1 entered promiscuous mode [ 816.009737][T15281] team0: Port device macvlan2 added [ 816.611832][ T26] audit: type=1326 audit(1718463787.574:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15291 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f2dc7cea9 code=0x7ffc0000 [ 816.765129][ T26] audit: type=1326 audit(1718463787.594:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15291 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=163 compat=0 ip=0x7f5f2dc7cea9 code=0x7ffc0000 [ 816.887951][ T26] audit: type=1326 audit(1718463787.594:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15291 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f2dc7cea9 code=0x7ffc0000 [ 817.058413][T15299] loop4: detected capacity change from 0 to 2048 [ 817.098755][T15299] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 817.118253][T15299] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 817.743750][ T26] audit: type=1326 audit(1718463787.594:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15291 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f2dc7cea9 code=0x7ffc0000 [ 817.817450][T15302] loop3: detected capacity change from 0 to 512 [ 817.884920][T15302] EXT4-fs error (device loop3): __ext4_fill_super:5399: inode #2: comm syz-executor.3: casefold flag without casefold feature [ 817.912739][T15302] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 817.946587][T15302] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 818.138791][T15308] overlayfs: missing 'lowerdir' [ 818.159509][T15308] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 818.369318][T15288] loop1: detected capacity change from 0 to 40427 [ 818.440251][T15288] F2FS-fs (loop1): invalid crc value [ 818.513076][T15288] F2FS-fs (loop1): Found nat_bits in checkpoint [ 818.658948][T15288] F2FS-fs (loop1): Cannot turn on quotas: -2 on 0 [ 818.703826][T15288] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 819.476772][ T26] audit: type=1800 audit(1718463790.024:607): pid=15334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="loop1" ino=10 res=0 errno=0 [ 819.620404][T14431] EXT4-fs (loop3): unmounting filesystem. [ 819.698217][T13924] syz-executor.1: attempt to access beyond end of device [ 819.698217][T13924] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 819.759998][ T26] audit: type=1326 audit(1718463790.724:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15335 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51ace7cea9 code=0x7ffc0000 [ 819.861590][ T26] audit: type=1326 audit(1718463790.754:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15335 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51ace7cea9 code=0x7ffc0000 [ 819.978346][ T26] audit: type=1326 audit(1718463790.754:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15335 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=163 compat=0 ip=0x7f51ace7cea9 code=0x7ffc0000 [ 820.047858][T15343] loop3: detected capacity change from 0 to 4096 [ 820.074360][ T26] audit: type=1326 audit(1718463790.754:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15335 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51ace7cea9 code=0x7ffc0000 [ 820.102707][T15343] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 820.168703][ T26] audit: type=1326 audit(1718463790.754:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15335 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51ace7cea9 code=0x7ffc0000 [ 821.273316][T15367] loop2: detected capacity change from 0 to 512 [ 821.304984][T15367] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 821.427841][T15367] EXT4-fs (loop2): 1 truncate cleaned up [ 821.437729][T15367] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 821.593061][T12199] EXT4-fs (loop2): unmounting filesystem. [ 822.090993][ T3821] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 822.099437][T15411] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 822.248087][T15415] sg_write: data in/out 768/64756 bytes for SCSI command 0x0-- guessing data in; [ 822.248087][T15415] program syz-executor.1 not setting count and/or reply_len properly [ 822.361098][ T3821] usb 5-1: Using ep0 maxpacket: 8 [ 822.496855][ T3821] usb 5-1: config 53 interface 0 altsetting 0 has an invalid endpoint with address 0x14, skipping [ 822.513225][ T3821] usb 5-1: config 53 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 822.546837][ T3821] usb 5-1: config 53 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 822.576953][ T3821] usb 5-1: config 53 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 822.600377][ T3821] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8d.58 [ 822.627286][ T3821] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 822.685674][T15393] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 823.801239][ T3821] usb 5-1: string descriptor 0 read error: -71 [ 823.812218][ T3821] usb 5-1: USB disconnect, device number 25 [ 825.953769][T15457] overlayfs: missing 'lowerdir' [ 826.016323][T15465] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 826.379338][T15481] loop4: detected capacity change from 0 to 2048 [ 826.412647][T15481] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 828.410190][T13976] UDF-fs: error (device loop4): udf_read_inode: (ino 1440) failed !bh [ 828.482268][T13976] UDF-fs: error (device loop4): udf_read_inode: (ino 1440) failed !bh [ 828.612539][T15506] loop3: detected capacity change from 0 to 1024 [ 828.730365][T15512] block nbd2: shutting down sockets [ 828.872415][T15506] hfsplus: cannot replace xattr [ 828.967303][ T46] hfsplus: b-tree write err: -5, ino 4 [ 829.390357][T15538] loop3: detected capacity change from 0 to 128 [ 829.804035][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 829.804078][ T26] audit: type=1800 audit(1718463800.744:618): pid=15540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=1048824 res=0 errno=0 [ 829.845228][T15540] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 830.378178][ T26] audit: type=1804 audit(1718463800.754:619): pid=15540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir540280062/syzkaller.G1F6Cl/74/file0/file0" dev="loop3" ino=1048824 res=1 errno=0 [ 830.409201][ T3605] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 830.440369][ T3605] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 830.450130][ T3605] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 830.464161][ T3605] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 830.473690][ T3605] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 830.481543][ T3605] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 830.601447][T15548] block nbd0: shutting down sockets [ 830.684688][T15520] loop1: detected capacity change from 0 to 40427 [ 830.733125][T15520] F2FS-fs (loop1): Invalid segment count (0) [ 830.739176][T15520] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 830.797155][T15520] F2FS-fs (loop1): invalid crc value [ 830.841940][T15520] F2FS-fs (loop1): Found nat_bits in checkpoint [ 830.917156][T15520] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 830.931013][T15520] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 831.027077][T13924] syz-executor.1: attempt to access beyond end of device [ 831.027077][T13924] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 831.112019][T15541] chnl_net:caif_netlink_parms(): no params data found [ 831.250554][ T4638] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 831.411346][ T4638] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 831.502859][ T4638] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 831.524650][T15541] bridge0: port 1(bridge_slave_0) entered blocking state [ 831.533004][T15541] bridge0: port 1(bridge_slave_0) entered disabled state [ 831.552505][T15541] device bridge_slave_0 entered promiscuous mode [ 831.570120][T15541] bridge0: port 2(bridge_slave_1) entered blocking state [ 831.609827][T15541] bridge0: port 2(bridge_slave_1) entered disabled state [ 831.621148][T15541] device bridge_slave_1 entered promiscuous mode [ 831.667704][ T4638] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 831.668572][T15546] loop2: detected capacity change from 0 to 40427 [ 831.693104][T15546] F2FS-fs (loop2): invalid crc value [ 831.709060][T15577] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 831.729938][T15546] F2FS-fs (loop2): Found nat_bits in checkpoint [ 831.788345][T15541] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 831.833263][T15541] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 831.834149][T15546] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0 [ 831.869960][T15546] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 831.902409][T15588] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 832.020630][T15541] team0: Port device team_slave_0 added [ 832.086052][T15541] team0: Port device team_slave_1 added [ 833.019500][ T26] audit: type=1800 audit(1718463803.234:620): pid=15596 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file1" dev="loop2" ino=10 res=0 errno=0 [ 833.046788][ T3600] Bluetooth: hci0: command tx timeout [ 833.093384][T15541] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 833.182888][T12199] syz-executor.2: attempt to access beyond end of device [ 833.182888][T12199] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 833.210406][T15541] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 833.291036][T15541] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 833.395013][T15541] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 833.428196][T15541] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 833.538316][T15541] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 833.640682][T15614] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 833.685973][T15541] device hsr_slave_0 entered promiscuous mode [ 833.699068][T15541] device hsr_slave_1 entered promiscuous mode [ 833.710404][T15541] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 833.724036][T15541] Cannot create hsr debugfs directory [ 833.953571][T15616] loop3: detected capacity change from 0 to 512 [ 834.038721][T15616] EXT4-fs error (device loop3): __ext4_fill_super:5399: inode #2: comm syz-executor.3: casefold flag without casefold feature [ 834.122062][T15616] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 834.210758][T15616] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 834.364175][T15620] loop2: detected capacity change from 0 to 1024 [ 834.428948][T15600] loop1: detected capacity change from 0 to 40427 [ 834.449110][T15600] F2FS-fs (loop1): Invalid segment count (0) [ 834.465212][T15600] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 834.524687][T15600] F2FS-fs (loop1): invalid crc value [ 834.569612][T15600] F2FS-fs (loop1): Found nat_bits in checkpoint [ 834.640792][T15620] hfsplus: cannot replace xattr [ 834.647353][ T4638] device hsr_slave_0 left promiscuous mode [ 834.686079][ T46] hfsplus: b-tree write err: -5, ino 4 [ 834.716379][ T4638] device hsr_slave_1 left promiscuous mode [ 834.732279][T15600] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 834.739774][T15600] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 834.786837][ T4638] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 834.813102][ T4638] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 834.826518][ T4638] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 834.843698][ T4638] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 834.881359][T13924] syz-executor.1: attempt to access beyond end of device [ 834.881359][T13924] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 834.882997][ T4638] device bridge_slave_1 left promiscuous mode [ 834.913316][ T4638] bridge0: port 2(bridge_slave_1) entered disabled state [ 834.960371][ T4638] device bridge_slave_0 left promiscuous mode [ 834.968482][ T4638] bridge0: port 1(bridge_slave_0) entered disabled state [ 835.013723][ T4638] device veth1_macvtap left promiscuous mode [ 835.028323][ T4638] device veth0_macvtap left promiscuous mode [ 835.036638][ T4638] device veth1_vlan left promiscuous mode [ 835.043933][ T4638] device veth0_vlan left promiscuous mode [ 835.152005][ T3600] Bluetooth: hci0: command tx timeout [ 835.246150][T15633] loop2: detected capacity change from 0 to 128 [ 835.274584][T15633] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 835.325693][T15633] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 835.700773][ T4638] team0 (unregistering): Port device team_slave_1 removed [ 835.761625][ T4638] team0 (unregistering): Port device team_slave_0 removed [ 835.797625][ T4638] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 835.821475][ T4638] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 835.954940][ T4638] bond0 (unregistering): Released all slaves [ 835.966369][T15651] loop2: detected capacity change from 0 to 512 [ 835.979205][T15651] EXT4-fs: Ignoring removed nobh option [ 836.007609][T15651] EXT4-fs: Ignoring removed i_version option [ 836.017594][T15651] EXT4-fs: Ignoring removed nomblk_io_submit option [ 836.105463][T15651] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 836.125719][T15651] ext4 filesystem being mounted at /root/syzkaller-testdir325051567/syzkaller.2IPmI5/239/file0 supports timestamps until 2038 (0x7fffffff) [ 836.188237][T15651] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 46 vs 39667 free clusters [ 836.196892][T14431] EXT4-fs (loop3): unmounting filesystem. [ 836.263036][T15660] loop1: detected capacity change from 0 to 16 [ 836.281488][T15660] erofs: (device loop1): mounted with root inode @ nid 36. [ 836.329334][T15660] overlayfs: failed to get redirect (-117) [ 836.338560][T12199] EXT4-fs (loop2): unmounting filesystem. [ 836.780697][T15541] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 836.880660][T15541] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 836.952793][T15541] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 837.068621][T15541] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 837.231201][ T3600] Bluetooth: hci0: command tx timeout [ 837.363332][T15668] infiniband Syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 837.428558][T15541] 8021q: adding VLAN 0 to HW filter on device bond0 [ 837.462935][ T3821] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 837.482130][ T3821] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 837.493950][T15541] 8021q: adding VLAN 0 to HW filter on device team0 [ 837.586799][ T3967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 837.611073][ T3967] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 837.619642][ T3967] bridge0: port 1(bridge_slave_0) entered blocking state [ 837.626953][ T3967] bridge0: port 1(bridge_slave_0) entered forwarding state [ 837.708622][T15679] netlink: 'syz-executor.1': attribute type 21 has an invalid length. [ 837.728046][T15679] netlink: 156 bytes leftover after parsing attributes in process `syz-executor.1'. [ 837.754070][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 837.782993][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 837.821839][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 837.830410][ T3957] bridge0: port 2(bridge_slave_1) entered blocking state [ 837.837574][ T3957] bridge0: port 2(bridge_slave_1) entered forwarding state [ 837.879655][T15686] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload [ 837.888110][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 837.909479][T15688] loop3: detected capacity change from 0 to 512 [ 837.952629][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 837.968290][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 837.987496][T15688] EXT4-fs: Ignoring removed nobh option [ 838.008775][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 838.016777][T15688] EXT4-fs: Ignoring removed i_version option [ 838.039694][T15690] loop2: detected capacity change from 0 to 2048 [ 838.047518][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 838.056283][T15688] EXT4-fs: Ignoring removed nomblk_io_submit option [ 838.071119][T15690] NILFS (loop2): invalid segment: Sequence number mismatch [ 838.078488][T15690] NILFS (loop2): trying rollback from an earlier position [ 838.096680][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 838.114312][T15690] NILFS (loop2): recovery complete [ 838.147527][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 838.159008][T15688] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 838.179156][T15693] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 838.197499][T15688] ext4 filesystem being mounted at /root/syzkaller-testdir540280062/syzkaller.G1F6Cl/91/file0 supports timestamps until 2038 (0x7fffffff) [ 838.218654][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 838.263083][T15541] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 838.347713][T15541] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 838.404155][T15688] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 46 vs 39667 free clusters [ 838.440199][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 839.256277][T14431] EXT4-fs (loop3): unmounting filesystem. [ 839.279886][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 839.288933][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 839.317043][ T3600] Bluetooth: hci0: command tx timeout [ 839.477492][T15705] loop3: detected capacity change from 0 to 4096 [ 839.637176][T15715] netlink: 'syz-executor.0': attribute type 21 has an invalid length. [ 839.682613][T15715] netlink: 156 bytes leftover after parsing attributes in process `syz-executor.0'. [ 839.733191][ T3821] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 839.740696][ T3821] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 839.780731][T15541] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 840.009281][T15727] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 840.834099][T15732] loop1: detected capacity change from 0 to 512 [ 840.883834][T15732] EXT4-fs: Ignoring removed nobh option [ 840.920248][T15732] EXT4-fs: Ignoring removed i_version option [ 840.971637][T15732] EXT4-fs: Ignoring removed nomblk_io_submit option [ 841.060246][T15732] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 841.081619][T15732] ext4 filesystem being mounted at /root/syzkaller-testdir2213271901/syzkaller.JT5g6A/107/file0 supports timestamps until 2038 (0x7fffffff) [ 841.166826][T15732] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 46 vs 39667 free clusters [ 841.322222][ T3967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 841.342405][ T3967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 841.378252][T15757] netlink: 'syz-executor.2': attribute type 21 has an invalid length. [ 841.391896][T13924] EXT4-fs (loop1): unmounting filesystem. [ 841.392816][T15753] loop3: detected capacity change from 0 to 4096 [ 841.401256][T15757] netlink: 156 bytes leftover after parsing attributes in process `syz-executor.2'. [ 841.448233][T15541] device veth0_vlan entered promiscuous mode [ 841.493421][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 841.506065][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 841.538066][T15541] device veth1_vlan entered promiscuous mode [ 841.566547][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 841.580344][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 841.593808][T15762] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 841.604203][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 841.690658][T15764] infiniband Syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 841.708792][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 841.720473][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 841.745561][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 841.784524][T15541] device veth0_macvtap entered promiscuous mode [ 841.824294][T15541] device veth1_macvtap entered promiscuous mode [ 841.883158][T15541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 841.910927][T15541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 841.920797][T15541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 842.011321][T15541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 842.021349][T15541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 842.032851][T15541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 842.042782][T15541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 842.053777][T15541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 842.082589][T15541] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 842.113776][T15541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 842.173634][T15541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 842.268912][T15541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 842.287172][T15541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 842.298009][T15541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 842.309414][T15541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 842.319615][T15541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 842.330869][T15541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 842.502017][T15541] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 842.949622][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 842.958355][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 842.967903][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 842.978113][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 842.990602][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 843.000365][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 843.011659][T15541] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 843.039537][T15541] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 843.078988][T15541] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 843.106683][T15541] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 843.134295][T15790] netlink: 'syz-executor.1': attribute type 21 has an invalid length. [ 843.147146][T15793] loop2: detected capacity change from 0 to 512 [ 843.159406][T15790] netlink: 156 bytes leftover after parsing attributes in process `syz-executor.1'. [ 843.164077][T15793] EXT4-fs: Ignoring removed nobh option [ 843.181471][T15793] EXT4-fs: Ignoring removed i_version option [ 843.187980][T15793] EXT4-fs: Ignoring removed nomblk_io_submit option [ 843.298402][T15794] loop3: detected capacity change from 0 to 4096 [ 843.345193][T15793] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 843.370614][T15793] ext4 filesystem being mounted at /root/syzkaller-testdir325051567/syzkaller.2IPmI5/253/file0 supports timestamps until 2038 (0x7fffffff) [ 843.396661][T15793] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 46 vs 39667 free clusters [ 843.452199][ T5704] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 843.460839][ T5704] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 843.508741][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 843.533186][T12199] EXT4-fs (loop2): unmounting filesystem. [ 843.579210][ T4766] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 843.597000][ T4766] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 843.668221][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 844.708776][T15820] infiniband Syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 844.909981][T15818] loop4: detected capacity change from 0 to 256 [ 844.918617][T15828] netlink: 'syz-executor.0': attribute type 21 has an invalid length. [ 844.956893][ T26] audit: type=1326 audit(1718463815.914:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15829 comm="syz-executor.2" exe="/root/syz-executor.2" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3deea7cea9 code=0x0 [ 844.997755][T15828] netlink: 156 bytes leftover after parsing attributes in process `syz-executor.0'. [ 845.026418][T15818] PKCS8: Unsupported PKCS#8 version [ 845.057534][T15835] loop1: detected capacity change from 0 to 512 [ 845.087436][T15835] EXT4-fs: Ignoring removed nobh option [ 845.098776][T15835] EXT4-fs: Ignoring removed i_version option [ 845.128252][T15835] EXT4-fs: Ignoring removed nomblk_io_submit option [ 845.169176][T15835] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 845.179119][T15835] ext4 filesystem being mounted at /root/syzkaller-testdir2213271901/syzkaller.JT5g6A/117/file0 supports timestamps until 2038 (0x7fffffff) [ 845.203253][T15818] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 845.213754][T15835] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 46 vs 39667 free clusters [ 845.242566][ T26] audit: type=1326 audit(1718463816.194:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15842 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0526c7cea9 code=0x0 [ 845.309983][T13924] EXT4-fs (loop1): unmounting filesystem. [ 845.461634][T15850] loop1: detected capacity change from 0 to 2048 [ 845.473953][T15850] NILFS (loop1): invalid segment: Sequence number mismatch [ 845.481467][T15850] NILFS (loop1): trying rollback from an earlier position [ 845.592120][T15850] NILFS (loop1): recovery complete [ 845.603501][T15852] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 845.903607][T15853] loop3: detected capacity change from 0 to 2048 [ 847.127839][T15853] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 847.149549][T15853] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 847.875146][T15858] loop2: detected capacity change from 0 to 2048 [ 847.887436][T15858] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 847.915059][T15866] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 847.977900][T15858] NILFS error (device loop2): nilfs_check_page: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 848.005498][T15858] Remounting filesystem read-only [ 848.014559][T15858] ax25_connect(): syz-executor.2 uses autobind, please contact jreuter@yaina.de [ 848.274424][T15877] loop4: detected capacity change from 0 to 16 [ 848.322370][T15877] erofs: (device loop4): mounted with root inode @ nid 36. [ 848.386289][T15877] overlayfs: failed to get redirect (-117) [ 848.397964][T15882] loop1: detected capacity change from 0 to 256 [ 848.473054][T15858] NILFS (loop2): mounting fs with errors [ 848.503539][T15858] NILFS error (device loop2): nilfs_check_page: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 848.523289][T15858] Remounting filesystem read-only [ 848.581607][ T26] audit: type=1326 audit(1718463819.544:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15885 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5f2dc7cea9 code=0x0 [ 848.623568][T15891] block nbd1: shutting down sockets [ 848.755610][T15895] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 848.884698][ T26] audit: type=1800 audit(1718463819.844:624): pid=15904 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1965 res=0 errno=0 [ 849.228942][T15924] loop1: detected capacity change from 0 to 2048 [ 849.252371][T15924] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 849.342206][T15925] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 849.377129][T15924] NILFS error (device loop1): nilfs_check_page: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 849.396184][T15931] ax25_connect(): syz-executor.1 uses autobind, please contact jreuter@yaina.de [ 849.396247][T15924] Remounting filesystem read-only [ 849.668606][T15939] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 849.786637][ T26] audit: type=1800 audit(1718463820.744:625): pid=15941 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1966 res=0 errno=0 [ 849.876882][T15918] NILFS (loop1): mounting fs with errors [ 849.902569][T15918] NILFS error (device loop1): nilfs_check_page: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 849.941003][T15918] Remounting filesystem read-only [ 850.220842][ T26] audit: type=1326 audit(1718463821.174:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15955 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3deea7cea9 code=0x0 [ 850.359170][ T26] audit: type=1800 audit(1718463821.314:627): pid=15968 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1965 res=0 errno=0 [ 850.943374][T15994] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 851.329494][T16004] ------------[ cut here ]------------ [ 851.336123][T16004] refcount_t: decrement hit 0; leaking memory. [ 851.373192][T16004] WARNING: CPU: 0 PID: 16004 at lib/refcount.c:31 refcount_warn_saturate+0x16d/0x1a0 [ 851.383169][T16004] Modules linked in: [ 851.387119][T16004] CPU: 0 PID: 16004 Comm: syz-executor.1 Not tainted 6.1.93-syzkaller #0 [ 851.395709][T16004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 851.406248][T16004] RIP: 0010:refcount_warn_saturate+0x16d/0x1a0 [ 851.412537][T16004] Code: c7 c7 00 09 3d 8b e8 e2 39 1a fd 0f 0b e9 6e ff ff ff e8 96 3c 52 fd c6 05 31 42 27 0a 01 48 c7 c7 60 09 3d 8b e8 c3 39 1a fd <0f> 0b e9 4f ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c b2 fe ff [ 851.433064][T16004] RSP: 0018:ffffc9000399fb48 EFLAGS: 00010246 [ 851.439340][T16004] RAX: de4416b10cf8aa00 RBX: 0000000000000004 RCX: ffff88801f788000 [ 851.447563][T16004] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 851.455855][T16004] RBP: 0000000000000004 R08: ffffffff815292de R09: fffff52000733ec9 [ 851.463916][T16004] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88807ac6e5b8 [ 851.472145][T16004] R13: 0000000000000000 R14: ffff88807ac6e5fc R15: dffffc0000000000 [ 851.480267][T16004] FS: 00005555572f0480(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 851.489429][T16004] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 851.496144][T16004] CR2: 00007f5f245f6000 CR3: 0000000022e7c000 CR4: 00000000003506f0 [ 851.504297][T16004] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 851.512434][T16004] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 851.520520][T16004] Call Trace: [ 851.523870][T16004] [ 851.526822][T16004] ? __warn+0x15a/0x520 [ 851.531119][T16004] ? refcount_warn_saturate+0x16d/0x1a0 [ 851.536714][T16004] ? report_bug+0x2af/0x500 [ 851.541313][T16004] ? refcount_warn_saturate+0x16d/0x1a0 [ 851.546916][T16004] ? handle_bug+0x3d/0x70 [ 851.551536][T16004] ? exc_invalid_op+0x16/0x40 [ 851.556562][T16004] ? asm_exc_invalid_op+0x16/0x20 [ 851.561758][T16004] ? __warn_printk+0x28e/0x350 [ 851.566750][T16004] ? refcount_warn_saturate+0x16d/0x1a0 [ 851.572385][T16004] ? refcount_warn_saturate+0x16d/0x1a0 [ 851.578008][T16004] ref_tracker_free+0x6a0/0x7d0 [ 851.583071][T16004] ? _raw_spin_unlock_irqrestore+0x8b/0x130 [ 851.589027][T16004] ? lockdep_hardirqs_on+0x94/0x130 [ 851.594693][T16004] ? refcount_inc+0x80/0x80 [ 851.599239][T16004] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 851.605451][T16004] ax25_release+0x3ef/0x940 [ 851.610088][T16004] sock_close+0xcd/0x230 [ 851.614631][T16004] ? sock_mmap+0x90/0x90 [ 851.618924][T16004] __fput+0x3b7/0x890 [ 851.623119][T16004] task_work_run+0x246/0x300 [ 851.627810][T16004] ? task_work_cancel+0x2b0/0x2b0 [ 851.632974][T16004] ? exit_to_user_mode_loop+0x39/0x100 [ 851.638640][T16004] exit_to_user_mode_loop+0xde/0x100 [ 851.644152][T16004] exit_to_user_mode_prepare+0xb1/0x140 [ 851.649743][T16004] syscall_exit_to_user_mode+0x60/0x270 [ 851.655474][T16004] do_syscall_64+0x47/0xb0 [ 851.660001][T16004] ? clear_bhb_loop+0x45/0xa0 [ 851.664896][T16004] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 851.671125][T16004] RIP: 0033:0x7f85b367cea9 [ 851.675959][T16004] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 851.695673][T16004] RSP: 002b:00007fffca625378 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 851.704267][T16004] RAX: 0000000000000000 RBX: 00000000000cfd37 RCX: 00007f85b367cea9 [ 851.712585][T16004] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 851.720583][T16004] RBP: ffffffffffffffff R08: 0000000000000001 R09: 0000000300000000 [ 851.728727][T16004] R10: 00007f85b3600000 R11: 0000000000000246 R12: 00007f85b37b3f80 [ 851.736946][T16004] R13: 00007f85b37b3f8c R14: 0000000000000032 R15: 00007f85b37b5980 [ 851.745023][T16004] [ 851.748066][T16004] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 851.755372][T16004] CPU: 0 PID: 16004 Comm: syz-executor.1 Not tainted 6.1.93-syzkaller #0 [ 851.763808][T16004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 851.773974][T16004] Call Trace: [ 851.777347][T16004] [ 851.780310][T16004] dump_stack_lvl+0x1e3/0x2cb [ 851.785393][T16004] ? nf_tcp_handle_invalid+0x642/0x642 [ 851.790891][T16004] ? panic+0x764/0x764 [ 851.795126][T16004] ? 0xffffffffa00007d0 [ 851.799309][T16004] ? vscnprintf+0x59/0x80 [ 851.803871][T16004] panic+0x318/0x764 [ 851.807889][T16004] ? __warn+0x169/0x520 [ 851.812080][T16004] ? memcpy_page_flushcache+0xfc/0xfc [ 851.817647][T16004] __warn+0x348/0x520 [ 851.821673][T16004] ? refcount_warn_saturate+0x16d/0x1a0 [ 851.827455][T16004] report_bug+0x2af/0x500 [ 851.831823][T16004] ? refcount_warn_saturate+0x16d/0x1a0 [ 851.837417][T16004] handle_bug+0x3d/0x70 [ 851.841601][T16004] exc_invalid_op+0x16/0x40 [ 851.846304][T16004] asm_exc_invalid_op+0x16/0x20 [ 851.851195][T16004] RIP: 0010:refcount_warn_saturate+0x16d/0x1a0 [ 851.857662][T16004] Code: c7 c7 00 09 3d 8b e8 e2 39 1a fd 0f 0b e9 6e ff ff ff e8 96 3c 52 fd c6 05 31 42 27 0a 01 48 c7 c7 60 09 3d 8b e8 c3 39 1a fd <0f> 0b e9 4f ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c b2 fe ff [ 851.879396][T16004] RSP: 0018:ffffc9000399fb48 EFLAGS: 00010246 [ 851.885500][T16004] RAX: de4416b10cf8aa00 RBX: 0000000000000004 RCX: ffff88801f788000 [ 851.893816][T16004] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 851.901821][T16004] RBP: 0000000000000004 R08: ffffffff815292de R09: fffff52000733ec9 [ 851.909910][T16004] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88807ac6e5b8 [ 851.917911][T16004] R13: 0000000000000000 R14: ffff88807ac6e5fc R15: dffffc0000000000 [ 851.926183][T16004] ? __warn_printk+0x28e/0x350 [ 851.931086][T16004] ? refcount_warn_saturate+0x16d/0x1a0 [ 851.936741][T16004] ref_tracker_free+0x6a0/0x7d0 [ 851.942146][T16004] ? _raw_spin_unlock_irqrestore+0x8b/0x130 [ 851.948118][T16004] ? lockdep_hardirqs_on+0x94/0x130 [ 851.953346][T16004] ? refcount_inc+0x80/0x80 [ 851.957885][T16004] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 851.963857][T16004] ax25_release+0x3ef/0x940 [ 851.968417][T16004] sock_close+0xcd/0x230 [ 851.972729][T16004] ? sock_mmap+0x90/0x90 [ 851.977008][T16004] __fput+0x3b7/0x890 [ 851.981033][T16004] task_work_run+0x246/0x300 [ 851.985667][T16004] ? task_work_cancel+0x2b0/0x2b0 [ 851.990736][T16004] ? exit_to_user_mode_loop+0x39/0x100 [ 851.996310][T16004] exit_to_user_mode_loop+0xde/0x100 [ 852.001624][T16004] exit_to_user_mode_prepare+0xb1/0x140 [ 852.007207][T16004] syscall_exit_to_user_mode+0x60/0x270 [ 852.012885][T16004] do_syscall_64+0x47/0xb0 [ 852.017436][T16004] ? clear_bhb_loop+0x45/0xa0 [ 852.022154][T16004] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 852.028095][T16004] RIP: 0033:0x7f85b367cea9 [ 852.032538][T16004] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 852.052435][T16004] RSP: 002b:00007fffca625378 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 852.061039][T16004] RAX: 0000000000000000 RBX: 00000000000cfd37 RCX: 00007f85b367cea9 [ 852.069037][T16004] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 852.077123][T16004] RBP: ffffffffffffffff R08: 0000000000000001 R09: 0000000300000000 [ 852.085471][T16004] R10: 00007f85b3600000 R11: 0000000000000246 R12: 00007f85b37b3f80 [ 852.093462][T16004] R13: 00007f85b37b3f8c R14: 0000000000000032 R15: 00007f85b37b5980 [ 852.101485][T16004] [ 852.104761][T16004] Kernel Offset: disabled [ 852.109219][T16004] Rebooting in 86400 seconds..