last executing test programs: 20.65291066s ago: executing program 3: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000340), 0xffffff46) r0 = gettid() r1 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=r0}, 0x0) rt_sigreturn() poll(0x0, 0x0, 0x64) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}}, 0x0) rt_sigreturn() mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) rt_sigpending(0x0, 0x0) mkdirat(0xffffffffffffffff, 0x0, 0x69) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x5421, &(0x7f0000000000)={'tunl0\x00'}) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f00000006c0)={0x1}) timer_settime(0x0, 0x0, 0x0, 0x0) 20.070897255s ago: executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB, @ANYRES32=r2, @ANYBLOB="0a00340002020202020200000400cc0004001e01090049"], 0x3c}}, 0x0) 19.507758367s ago: executing program 3: prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0xa, 0x7, 0x209}, 0x48) 14.766837295s ago: executing program 3: setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030021000b63d25a80648c2594f90124fc60350c030b022e0009083582c137153e370248078000f01708d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x3000}, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x84, 0x0, 0x0) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 14.141665173s ago: executing program 3: socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x40, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_QUANTUM={0x8, 0x6, 0x7e2438dd}]}}]}, 0x40}}, 0x0) 13.717331867s ago: executing program 3: syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x80000c, &(0x7f0000000bc0)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030303030342c6e6c733d61736369692c73657373696f6e3d3078666666666666666666666666666637662c747970653d883b7f382c63726561746f723dd4a620e92c6e6f6465636f6d706f73652c747970653d5dbcce902c756d61736b3d30303030303030303030303030303030303030303030312c63726561746f723d40f194712c626172726965722c63726561746f723d65fe04c22c6e6f6465636f6d706f73652c6465636f6d706f73652c63726561746f723d8a7222832c7569643d", @ANYRESDEC=0x0, @ANYBLOB="2c756d61736b3d30303030303030303030303030303030303030303030362c626172726965722c6e6f626172726965722c736d61636b66737472616e736d7574653d55dac73dddd1aa0ff491f57216572f1e671a989f42c64dc0b65d67d4250567573bb5e8d8c2d916d55de0fad0693e50202f126e0e71e930d123c47bc4a1d2ab46e52a07fd8ca501f330abb8b07d3a5364154ec1faf99b6a9779abe230ce8f5a290ef9442c7569643c", @ANYRES8, @ANYBLOB="101500000000", @ANYRES32, @ANYRESDEC, @ANYRES64], 0x1, 0x6f8, &(0x7f0000000300)="$eJzs3TtoJOcdAPD/rFarXQXOOvseTjBY+MAJEbmTTsiJ0uQSQlBhgnGK1OJO5xO30hlJDrojxHIefQpXqZxCnUkRnCrNQVLHGIJblYYEN67UKczszGpWu9pd6fS6+PcTs/PNfM/5z87M7g5iAvjaWpiK6tNIYmHqzc10eWd7tjmyPTuWZzcjohYRlYhqaxbJamS5d/IpvpmuzMsnh/Xz4fL8259/tfNFa6maT1n5Sr96PdS6V23lU0xGxEg+7zZ6SIufHOy+o727h7Y3rKS9hWnAbhSBiz89U6vwzPa6bLXzPv539tqv+lGOW+CCSlrXzS4TEeMRUY9oXfXzs0PlbEd38rbOewAAAABwVI2jV3lhN3ZjMy6dxnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/1X+/P8knypFejKS4vn/tXxd5OkLaPCDED8ba82fnv5gAAAAAAAAAODUvbobu7EZl4rlvSS75/9a6R7/N+K9WI+lWIubsRmLsREbsRYzETFRaqi2ubixsTaT1Yy40qfm7fi0R83bh4/xzglvMwAAAAAAAABccPUB+Q9Hu9f9Nhb27/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBFkESMtGbZdKVIT0SlGhH1iKil5bYiPi3Sz4mk18qnZz8OAAAAeCb1zsWkPkSdF96P3diMS8XyXpJ957+WfV+ux3uxGhuxHBvRjKW4l3+HTr/1V3a2Z5s727MrUZ9dSVf+/b97mVY7P/7ySEPPWozWbw+9e345K9GI+7GcrbkZdyOJVpeVvJWXd7Zn0/lKOq5sbB0+SMeU/CjXZzQjpfS99OX6J1n6j52/IlSPtInHMJZHpbeJLHe0HZHpfGxpjctFBHpHYuDeqfbtaSYq7V9+rvTvqXfMP+jf+/iBUj1/uTkXByNxOyrtPXStKxKjnZW//bePf/mgufrwwf31qYuzST29P7DEwUjMliJxvf974rmKxGDTWSSutpcX4mfxi5iKL8feirVYjl/FYmzE0mSRv5i/n9PXif6R+my8vPTWoJGkx+Rk+/zVa0yT0TGmmIyfZqnFeC3bp5diOZJ4FBFL8Ub2dztm2meD/T18dYijvjLEmbbkxneyWTtM0Ti87F+Ga/KkpHG9XIpr+Zw7keWV1+xH6cWeUSqudcNfj0qq38oTaQu/63t9OGsHIzFTisRLh71fWiH9c/apYb25+nDtweK7Q/b3ej5Pj6M/XKirRLqHX4x6vnGXs9ckO6ams7yX2lfYznjV8jsuLZWuvKvteq0j9efxKO51HKnfj7mYi/ms9LWs9GjXFSvNu95uqfMcnualn7Sq7Rs75c9bj6LZ+jwEwMU2/t3xWuM/jX81Pmr8vvGg8Wb9J2M/GHulFqP/HP1hdXrk9coryV/jo/jN/vd/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg+NYfP3m42GwurfVOVHpnJf1rLTb3igeJ9SnTkUjyR+UMUThZf/xkb2CD/RNj+fCOWf0kE8XTGstZxdMUOwtPnuIwkq2D+6s+eF8UT3kaooukK+Bp5WOPueh5f83oBdiVBxOTx6xe3q48UbxhS4WP/u5t9NpfIxHRq/CAE8fIM596gHN2a2Pl3Vvrj598b3ll8Z2ld5ZWR+fm5qfn596YvXV/ubk03XotVTj1h98CZ6X8caKtFhGvDq7b50GtAAAAAAAAAAAAwCk6i/+FOO9tBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5vC1NRfRpJzEzfnE6Xd7Znm+lUpPdLViOiEhHJryOSf0TcidYUE6XmksP6+XB5/u3Pv9r5Yr+talG+ErF1aL3hbOVTTEbESD4/qfbuDm6vtp8c65GdtCOTBuxGETg4b/8LAAD//6Nb8HA=") syz_open_dev$evdev(&(0x7f0000000040), 0x491782ce, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) inotify_init1(0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) 10.222880221s ago: executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x104, 0x4, 0x3e8, 0x0, 0x0, 0x100, 0x300, 0x300, 0x300, 0x4, 0x0, {[{{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x2}}}, {{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_vlan\x00', 'ipvlan1\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438) 9.757657518s ago: executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket(0x10, 0x803, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=@ipv4_getnetconf={0x1c, 0x52, 0x100, 0x0, 0x0, {}, [@NETCONFA_FORWARDING={0x8}]}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket$inet6_sctp(0xa, 0x0, 0x84) sendmsg$nl_route(r1, 0x0, 0x0) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @random="5dc413dd9f96"}, 0x14) 8.640236458s ago: executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) ioctl$SIOCSIFHWADDR(r0, 0x8b04, &(0x7f0000000040)={'wlan1\x00', @random="2f32458a0500"}) 7.981057453s ago: executing program 2: sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x60}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 6.771423369s ago: executing program 2: prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0xa, 0x7, 0x209}, 0x48) 5.465294296s ago: executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket(0x10, 0x803, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=@ipv4_getnetconf={0x1c, 0x52, 0x100, 0x0, 0x0, {}, [@NETCONFA_FORWARDING={0x8}]}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket$inet6_sctp(0xa, 0x0, 0x84) sendmsg$nl_route(r1, 0x0, 0x0) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @random="5dc413dd9f96"}, 0x14) 4.727475124s ago: executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000b00)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000e89f85000000040000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000ff000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='block_plug\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) 4.487963365s ago: executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000000)=0x1) 4.321711665s ago: executing program 0: socketpair$unix(0x1, 0x0, 0x0, 0x0) flock(0xffffffffffffffff, 0x0) r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket(0x1d, 0x0, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000200)={'vxcan1\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000080)={0x1d, r2, 0x2, {}, 0xfe}, 0x18) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000100)={'vxcan0\x00', 0x0}) socket(0x1d, 0x2, 0x6) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 4.107371626s ago: executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(0xffffffffffffffff, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x4c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x888e}, @NL80211_ATTR_FRAME={0x1c, 0x33, @data_frame={@msdu=@type10={{}, {}, @from_mac, @device_b, @broadcast}, @a_msdu}}]}, 0x4c}}, 0x0) 3.405960687s ago: executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'virt_wifi0\x00', 0x0}) socket$xdp(0x2c, 0x3, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100000000020000000000000000", @ANYRES32=r1], 0x20}}, 0x0) 3.126263985s ago: executing program 0: sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x60}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 3.068278602s ago: executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000", @ANYRES32=r2, @ANYBLOB="0a00340002020202020200000400cc0004001e01090049"], 0x3c}}, 0x0) 2.781909539s ago: executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) ftruncate(r0, 0xf2d) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f0000000040)='.\x00', 0x69000511) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x100000005) 2.643329682s ago: executing program 1: unshare(0x20040600) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) 2.33665695s ago: executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x5}], 0x4) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) 2.309939721s ago: executing program 4: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) socket(0x1e, 0x1, 0x0) write$binfmt_misc(r1, &(0x7f0000000740)=ANY=[], 0xfffffc8f) splice(r0, 0x0, r2, 0x0, 0x1800, 0x0) 2.145788139s ago: executing program 2: r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f0000000200)="03", 0x1, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x4) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000d379)={&(0x7f0000000080)=ANY=[@ANYBLOB="180000001400010300000000000000001e"], 0x18}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x1}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1c, 0x4, 0x2, 0x0, 0x800, 0xffffffffffffffff, 0x2}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x9, 0x4, 0x8, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000280)={r2, &(0x7f0000000340), &(0x7f00000001c0)=@tcp}, 0x20) r3 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c00000095000000000000002b4003fe37a077ae55f52c0d80a2749baca85309be96d5a45bbb29ea06f9cbc7eea15bc1ee369d2707231280f0415df341ab76de90db5ff7ffffffd075b373f51be98db7efbbe8e04acb807fbbabc68abdcce9f672b6bb61c302dfd5c1f870adac29fd64d33a3502fbeb1ed99dd0e792f24c420bfcc2635421d339ad521d6953b1137850d9e9ebf65ee988ea2dbee528678eacb4389adbb47efb7b3f19046c7f1bd1bf56e58555d96137f95b3aacd74ed1c8a8676468cf2405e48723c6b1ff3698422f88ffed8617dd64330f4c38ba86e3b50da03f4b1e4808aa5c9e9546d7190747c6abc5beab28cec4ff7faa3fab48cdb3d64cfd5d698416752a16f32a54ccef577832e4cf684fce2cb0bab7f6a5821b26483322000000000000596c6e1ac996b8a0924948750b6e52c09d53950e5c8143db8669f8a5bf6511df822532e3c78d019149651255048aab0399e5d6e317b6f3fbc2600ffc3c66c7244b7bcf6b78b5e8c0ee04ce344ceb084b4f2ef09b59a36a92b3874edc559e5bf58a567d385ba92df9121dfa257e60655dcbff581c75107b01b5baaf29ebaf24861c538fefcaecb52a6b69fc450e10645df60a9d50131466113c6aac5abbcf9e9f2f0384da3f9892af413bd87f51f7f0cf61096fd79327fa66effe89a72d7a75d40f0c1ad299f55eafcd52a39649ab6021e30f901933f11092"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106}, 0x18) socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0xe4}, 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, 0x0, 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000a00)="b011d08afc99cf6754d4c259d71c7596afc4a766", 0x14) recvmmsg(0xffffffffffffffff, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000340)=""/49, 0x31}], 0x1}}, {{0x0, 0x0, &(0x7f00000005c0)}}], 0x2, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001040)=ANY=[@ANYBLOB="380000000314010000000000000000080900020073797a30000000000800410072786500140033006c6f"], 0x38}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) getsockopt$sock_buf(r5, 0x1, 0x1a, &(0x7f0000000240)=""/47, &(0x7f0000000280)=0x2f) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000002080)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x18, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_ns={0x87, 0x0, 0x0, @empty, [{}, {}]}}}}}}, 0x0) 2.116058338s ago: executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) r1 = epoll_create1(0x80000) epoll_pwait(r1, &(0x7f0000000200)=[{}], 0x1, 0x6e, &(0x7f00000001c0)={[0x400000000000009]}, 0x8) close(r1) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x8, 0xc}, 0x48) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="2d0000001a00010a000000e7ffffffff090000000400000004000080"], 0x1c}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x0, 0x4, 0x4, 0x12}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) r6 = socket$inet6(0xa, 0x3, 0x2) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_DAT_CACHE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x4008810) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f00000004c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)={0x8c, r4, 0x4, 0x70bd25, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r7}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x6}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x7}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x28, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x20004010) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x4, [@func_proto={0x0, 0x0, 0x0, 0xd, 0xa}, @enum={0x0, 0x2, 0x0, 0x6, 0x4, [{0x2}, {}]}]}, {0x0, [0x0, 0x5f]}}, &(0x7f0000000f40)=""/4089, 0x44, 0xff9, 0x8}, 0x20) sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000005400e501000000000000000007000000", @ANYRES32=r10, @ANYBLOB="20000100", @ANYRES32=r10, @ANYBLOB="00000000ffffff0900000000000000dd0000"], 0x38}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800"/15, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bf194eb8cc117d8baea200000000000007020000f8ffffffb703000008000000b704000000000000850000e43a000300"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00'}) 1.152027966s ago: executing program 0: r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) write$binfmt_aout(r0, &(0x7f0000000480)={{0x10b, 0x0, 0x0, 0x2c7, 0x0, 0x0, 0x1c9, 0x9575}, '!', ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x621) syz_read_part_table(0x5c3, &(0x7f00000013c0)="$eJzs2zGrI1UUB/D/TDKTBFyijaUbsLFyC+vlrcrusmCxCNZ+BdlOEN4ERRu1srGwFrbZQrAS7B6C30B4PDtLEQu10CuTmeQlz0YMD1n4/YrJuWfOvWduMilveKrd/PLbUjLpw/VldlrX1TZe/pms3341ma0242bM9wVvPb5778HqYdWmjLkq+blL6iSnY2GbvLBbOKsx+maaTx7f/+jTz95r06W76Ku/SLqkzMaSspmbz9t/PPXv1WYt/ncvXfkZqt2l1+XZzDfRrWR4y/pLNx2i9sOj+z+5fbY+6YMyNF20l92T3DmsrnP64vACN/llnaZe7W6N2zjZPPUVs6SU0uwts/0XNHvdXvnux9Os2+HOZG9u73yRvHP+5svV3hpZ/dddAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwXcpoHDw3T6pk2o++eu1R13/W29rX2+kQ/NHPaMZJx3ly+2z5/geP6rxbqiEz/zXJJLfuP1Nms13d2DnNdlT/leT5xbH9y9ji5DC96r+F/HCznqSU5WW+2Tzk10mXN3ZzAQAAAAAAAAAAAAAAAAAA4Fh37z1YPayT8Sj77qx/yTypDg64T1J+K6XcSWkPllgk+f5ic2D+p2xP8Q/aZHkjyezjth5vdEkpN+bXuSf+vb8DAAD//5IcW2M=") bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x90) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r0, 0x0, 0x0}, 0x10) sendmsg$RDMA_NLDEV_CMD_SYS_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r1, 0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x2cc042, 0x100) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r2, 0xc0406619, &(0x7f0000000180)={@desc={0x1, 0x0, @desc4}}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) read$eventfd(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) eventfd(0x0) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xfffd, 0x0, 0x0, 0x0}) mount(&(0x7f00000000c0)=@filename='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='msdos\x00', 0x0, 0x0) 1.063689872s ago: executing program 1: epoll_create1(0x0) open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./bus\x00', 0x0, 0x1001, 0x0) open(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0) ioctl$BTRFS_IOC_DEFRAG(r0, 0xab04, 0x3) syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x3000080, &(0x7f0000000200)=ANY=[@ANYBLOB="71756965742c636f6465706167653d69736f383835392d31352c706172743d3078303030303030300000000000000000662c00a20000000700000000ede9debf530c3cc4d04b548919aca0c2937d4da1fc31dc42fc2e3e", @ANYRES8], 0x11, 0x2d2, &(0x7f0000000bc0)="$eJzs3U1rE1scx/HfmaRteht6pw+XC3fZa0E3UutG3KRIXoS4ELWJUAwVbQV1YxVXIrp371vwLQhuFN+Arlz5AiIII+fMZJJJJzMxNDMNfj9gmMycM+d/Mg/n/AfsCMAf60rzy9uL3+w/I1VUkV5cljxJNakq6R/9W3uwf7h32Gm3MvbTDRxbyyisaY4V2t1vp9WtKaoR8e23quqD6zAdQRDsfJV0UHYgKJW7+lN40kJ0dbrttcIjy/Z0wnpHJxzHrDFddfVQy2XHAQAoVzT+e9E4X4/m754nbUbD/qkc/yfVLTuAqQsytw6M/y7LCow9vn+7Tf18z6VwdrvXyxLHaXlu6Pu8wjMrMcE0eVmli8VbvL3XaZ/fvdtpeXqmRmSg2Lr7bIWnbk9OtBspuWmGMfpu0meUS64Pc7YP2yPiX5uwxYmZD+aTuW58vVErnv9VA2MPkztS/tCRCuPfGr1H10vfllJ022g0Gl6iyIpr5L+ohUhOL2vpGYl6Z9SKkg8I/Lw4Xa3VoVph7y7k1FoLa+0sJmpt976NqLWeaMv2Jj6bR7c3beaVuWo29F3v1ByY/3s2vk1lXpn9q8ZshkOB+8XD/synN1d1+/SPjRxHulZProl/xYVRof/IvqdhyJOMbS91S5e0fPDo8Z1Kp9O+bxdupizcq8dr5p5LqWVKWPDUX6Oj/qYFhQ8ij9XqDUpFhnruRHdo7x+5he1VVkgHT82ZUMZC82OxJ1IZCwXdo1Cq/kHPLfq+kIBQNDfvCvO/gXxly0327IefMU/PnZBFewzsHDvOgGqJ+qtu6a/fyuCWRmdw4+Zc/5+VzsSrfgY5LfpRnLMhyJr6Waapz7rB838AAAAAAAAAAAAAAAAAAIBZU8R/Jyi7jwAAAAAAAAAAAAAAAAAAAAAAzLr4/b/qvf9X473/d/gvf1fCN7ycyPt/X++L9/8C0/crAAD//zZmik0=") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000010180)={'#! ', './file0'}, 0x10017) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) name_to_handle_at(0xffffffffffffffff, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f00000006c0)=ANY=[@ANYBLOB="28000000020000001cc1c4dca49019834e5b32a8f1f21c720000000033939d34f0242bd79999b05da33b50bc0000000088c44249c4346b45db2eda4e244859759b811afff3899c42b381e702e7b9e06a37"], &(0x7f0000000100), 0x1200) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='memory.swap.events\x00', 0x0, 0x0) r2 = openat$cachefiles(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f00000002c0)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffff]}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000280), 0xfea7) writev(r2, &(0x7f00000000c0)=[{0x0}], 0x1) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x43400) 843.227506ms ago: executing program 4: sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002ac0)=@delchain={0x260, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0x2c, 0x2, [@TCA_FLOWER_KEY_ARP_OP={0x5}, @TCA_FLOWER_KEY_ICMPV6_CODE={0x5}, @TCA_FLOWER_KEY_TCP_DST_MASK={0x6}, @TCA_FLOWER_KEY_UDP_SRC_MASK={0x6}, @TCA_FLOWER_KEY_ICMPV6_TYPE={0x5}]}}, @filter_kind_options=@f_route={{0xa}, {0x1e8, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_POLICE={0x6c, 0x5, [@TCA_POLICE_RATE64={0xc}, @TCA_POLICE_TBF={0x3c}, @TCA_POLICE_RESULT={0x8}, @TCA_POLICE_PEAKRATE64={0xc}, @TCA_POLICE_RATE64={0xc}]}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_ACT={0x168, 0x6, [@m_connmark={0x11c, 0x0, 0x0, 0x0, {{0xd}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c}, @TCA_CONNMARK_PARMS={0x1c}]}, {0xb1, 0x6, "66396e732cf67237ecb590a592c571fa73ca19ec26dea927df7162b385d80fe15ca7f5cb6a4d958bd18714cd4f89f48d039d7da0dc8795f6ad32634b6b66cf821e93079c15dda212b0b37b761850342ebe270d64e92b80cf9114d976338d2dbd729e033dcd00b517933d3e64d73a30fc4e9a29d250104fa297e7a7f17405df935efe7e4806b65a797a850f6a8d8e2c8a8b9f56953d1262211f307b4af9617b04c9c48dea9e41ef304ac3365b6d"}, {0xc}, {0xc}}}, @m_bpf={0x48, 0x0, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6}, @TCA_ACT_BPF_OPS={0x14, 0x4, [{}, {}]}]}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x260}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x60}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 105.051812ms ago: executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket(0x10, 0x803, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=@ipv4_getnetconf={0x1c, 0x52, 0x100, 0x0, 0x0, {}, [@NETCONFA_FORWARDING={0x8}]}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket$inet6_sctp(0xa, 0x0, 0x84) sendmsg$nl_route(r1, 0x0, 0x0) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @random="5dc413dd9f96"}, 0x14) 0s ago: executing program 0: syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==") r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x0) fallocate(r0, 0x0, 0x0, 0x1001f0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) fallocate(r1, 0x3, 0x1800, 0x10000) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r3, &(0x7f00000001c0)={&(0x7f00000003c0)=@id, 0x10, &(0x7f00000007c0)=[{&(0x7f0000000180)="57e6e32083a328c2da3964066135e463f922081ae50887ede09da114c1daa077f9611f8aa81d", 0x26}, {&(0x7f0000000280)="b57af26468ffde59db204ffaa467c0af523b9e6d93dd62dad3d2f90b45e80eb530982e2a1a0b9ebc2c7113d4f93982f87d0ced6312bdcaa996c13c02d027870ae0bdbed8b104a10605ae3939cfa8e7d4ae5e2f97b5958bed4a4430c01d04f980fac5e88de756ec949e14a35bfb3f32197c05b451", 0x74}, {&(0x7f0000000300)="3d408cd47846fd99d1d1a4df38e0afdd03a817bf3b4673e575b2c253bae12d98c4f3e4e6d317ba457f2d0de6e1fbc5a43bae0d257cda31fb579139135de49db225bf75a3dea059b4a7a9808dd72eb1bd84d0cf9959907ad6b1e1ec718aa8d5004fd0acd19045d8d6e0f04b6b4497bb3126e4ad0d033ef175a58f55d0993d32bb3a10246c0e9ed8956592d6b51d", 0x8d}, {&(0x7f0000000540)="a840c8a67da22f1b2c4e068bb1ad9c499f093b4480b55eb7b9408f5400cc74932ab986ca937640a84378eb6446626516e84b0055936bb61fac109e2624e86903d729b0b10b4f16db7da1fa3aaa808fe333de0c9316c2412cb9ed2d604f8b3fa52416302221487c294ae9dc54783573eb5e7c1027fc39fa60c39afee14fb7cf3e6ef0041470dfd6a4a356a1d7e20a437bcadc7f0b5afa9f9d68bccd88", 0x9c}, {&(0x7f0000000600)="c016c55101fc98bba00b0c2946a2b285871ce0494875c9d8979d34a99a409dcb328a6ff1e31414ec38af8d9348d49550faf55f18c1d9f281054ffbe9a13132e9a05e0542a376762a4d799b6b4f0311f62189f67e7708285a203492767e25e6bc4d28d6d3f8d9f50c2660483f8f942ecb733e84f8619101c2ec2ec357bec450d092e6068a319a9f761d766e6ac151f3f3cb790dda0a6dbc381be1a87e4d992bc55e39f166e65d1a5997bc4d255f00c45f6264f7b459ce6fc78a91f8935fa3aa5fe8be532e06387d82f07e", 0xca}], 0x5, &(0x7f0000000840)="a6d462c399e20d9d7ab19933a9b3d0e1d617be45eb50440e1e51f20cd773cd1b34e2669a511f6292d81a777376560dc1daae580d2419af271bdd485f32ddaa3679178bcbe6ff6f5d5d758535afbe2a930342eaa16108a32d9d31fbfe8bf4d89784440c3ff3fef2f998aebc9634", 0x6d}, 0x80) recvmsg(r2, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1, 0x0, 0xfffffffffffffe25}, 0x0) kernel console output (not intermixed with test programs): =collect_data cause=failed comm="syz-executor.3" name="file0" dev="loop3" ino=1862 res=0 errno=0 [ 521.991704][ T8478] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 522.786563][ T8488] loop1: detected capacity change from 0 to 64 [ 523.454238][ T29] audit: type=1326 audit(1718322229.732:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c0707cea9 code=0x7ffc0000 [ 523.477665][ T29] audit: type=1326 audit(1718322229.742:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c0707cea9 code=0x7ffc0000 [ 523.500803][ T29] audit: type=1326 audit(1718322229.752:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1c0707cea9 code=0x7ffc0000 [ 523.526101][ T29] audit: type=1326 audit(1718322229.752:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c0707cea9 code=0x7ffc0000 [ 523.551024][ T29] audit: type=1326 audit(1718322229.802:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1c0707cea9 code=0x7ffc0000 [ 523.574233][ T29] audit: type=1326 audit(1718322229.802:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c0707cea9 code=0x7ffc0000 [ 523.597507][ T29] audit: type=1326 audit(1718322229.802:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=279 compat=0 ip=0x7f1c0707cea9 code=0x7ffc0000 [ 523.627992][ T29] audit: type=1326 audit(1718322229.802:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c0707cea9 code=0x7ffc0000 [ 523.651743][ T29] audit: type=1326 audit(1718322229.802:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c0707cea9 code=0x7ffc0000 [ 523.674871][ T29] audit: type=1800 audit(1718322229.972:149): pid=8496 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1966 res=0 errno=0 [ 524.504228][ T8499] loop2: detected capacity change from 0 to 2048 [ 524.685896][ T8499] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 525.265686][ T5079] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 525.521661][ T8504] loop1: detected capacity change from 0 to 1024 [ 525.629085][ T8504] EXT4-fs: Ignoring removed nomblk_io_submit option [ 525.691194][ T8504] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 525.700516][ T8504] EXT4-fs (loop1): Test dummy encryption mode enabled [ 525.793871][ T8504] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c855c01c, mo2=0003] [ 526.286334][ T8504] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 526.633004][ T1226] ieee802154 phy0 wpan0: encryption failed: -22 [ 526.641026][ T1226] ieee802154 phy1 wpan1: encryption failed: -22 [ 528.715659][ T8502] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 528.875182][ T8523] loop2: detected capacity change from 0 to 64 [ 529.152658][ T5080] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 529.663930][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 529.664002][ T29] audit: type=1800 audit(1718322236.002:152): pid=8533 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1962 res=0 errno=0 [ 529.861385][ T8536] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 530.390335][ T8544] loop4: detected capacity change from 0 to 2048 [ 530.498463][ T8544] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 530.867172][ T5081] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 534.081998][ T8] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 534.204304][ T8563] loop4: detected capacity change from 0 to 64 [ 534.337375][ T29] audit: type=1804 audit(1718322240.662:153): pid=8559 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2715025002/syzkaller.TzlIqE/217/cgroup.controllers" dev="sda1" ino=1961 res=1 errno=0 [ 534.368917][ T29] audit: type=1804 audit(1718322240.682:154): pid=8559 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir2715025002/syzkaller.TzlIqE/217/cgroup.controllers" dev="sda1" ino=1961 res=1 errno=0 [ 534.520354][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 534.531877][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 534.542168][ T8] usb 2-1: New USB device found, idVendor=172f, idProduct=0032, bcdDevice= 0.00 [ 534.552143][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.612789][ T8] usb 2-1: config 0 descriptor?? [ 534.753532][ T8560] loop2: detected capacity change from 0 to 1024 [ 534.783237][ T8560] EXT4-fs: Ignoring removed nomblk_io_submit option [ 534.826949][ T8560] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 534.836629][ T8560] EXT4-fs (loop2): Test dummy encryption mode enabled [ 534.967345][ T8560] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c855c01c, mo2=0003] [ 535.131470][ T8560] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 535.140545][ T8] waltop 0003:172F:0032.0004: hidraw0: USB HID v0.00 Device [HID 172f:0032] on usb-dummy_hcd.1-1/input0 [ 535.783689][ T8559] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 537.658381][ T29] audit: type=1800 audit(1718322243.872:155): pid=8577 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1970 res=0 errno=0 [ 538.363387][ T5134] usb 2-1: USB disconnect, device number 4 [ 538.493465][ T5079] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 538.968220][ T8580] loop4: detected capacity change from 0 to 2048 [ 539.153416][ T8580] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 539.428751][ T5081] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 539.603842][ T8596] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.896253][ T8600] loop4: detected capacity change from 0 to 64 [ 540.438612][ T8606] netlink: 264 bytes leftover after parsing attributes in process `syz-executor.2'. [ 540.796318][ T29] audit: type=1804 audit(1718322247.122:156): pid=8608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir926369760/syzkaller.GJxXOI/199/cgroup.controllers" dev="sda1" ino=1965 res=1 errno=0 [ 540.828453][ T29] audit: type=1804 audit(1718322247.122:157): pid=8608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir926369760/syzkaller.GJxXOI/199/cgroup.controllers" dev="sda1" ino=1965 res=1 errno=0 [ 541.262848][ T8610] loop4: detected capacity change from 0 to 1024 [ 541.366375][ T29] audit: type=1800 audit(1718322247.652:158): pid=8614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1968 res=0 errno=0 [ 541.406261][ T8610] EXT4-fs: Ignoring removed nomblk_io_submit option [ 541.445732][ T8610] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 541.455017][ T8610] EXT4-fs (loop4): Test dummy encryption mode enabled [ 541.509299][ T8610] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c855c01c, mo2=0003] [ 541.580632][ T8610] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 542.107437][ T8608] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 542.651013][ T5081] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 543.086971][ T5134] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 543.179262][ T8632] loop3: detected capacity change from 0 to 64 [ 543.365820][ T5134] usb 2-1: Using ep0 maxpacket: 16 [ 543.369550][ T8634] loop4: detected capacity change from 0 to 2048 [ 543.500806][ T5134] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 543.512238][ T5134] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 543.522362][ T5134] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 543.535634][ T5134] usb 2-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 543.545194][ T5134] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 543.564569][ T5134] usb 2-1: config 0 descriptor?? [ 543.582322][ T8634] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 543.616403][ T8636] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 543.815230][ T5081] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 543.828536][ T8636] loop0: detected capacity change from 0 to 1024 [ 543.854868][ T8636] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 543.900038][ T8642] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 543.900322][ T8636] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 543.937932][ T8636] EXT4-fs (loop0): orphan cleanup on readonly fs [ 543.967853][ T8636] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz-executor.0: Invalid block bitmap block 0 in block_group 0 [ 543.999627][ T8636] Quota error (device loop0): write_blk: dquota write failed [ 544.007671][ T8636] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 544.018084][ T8636] EXT4-fs error (device loop0): ext4_acquire_dquot:6882: comm syz-executor.0: Failed to acquire dquot type 0 [ 544.057661][ T8636] EXT4-fs error (device loop0): ext4_free_blocks:6576: comm syz-executor.0: Freeing blocks not in datazone - block = 0, count = 4096 [ 544.080543][ T8636] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz-executor.0: Invalid inode bitmap blk 0 in block_group 0 [ 544.118426][ T4351] Quota error (device loop0): do_check_range: Getting block 0 out of range 1-8 [ 544.128045][ T4351] EXT4-fs error (device loop0): ext4_release_dquot:6905: comm kworker/u8:31: Failed to release dquot type 0 [ 544.140936][ T5134] ryos 0003:1E7D:31CE.0005: unknown main item tag 0x0 [ 544.142307][ T8636] EXT4-fs error (device loop0) in ext4_free_inode:362: Corrupt filesystem [ 544.148003][ T5134] ryos 0003:1E7D:31CE.0005: unbalanced delimiter at end of report description [ 544.219410][ T5134] ryos 0003:1E7D:31CE.0005: parse failed [ 544.220091][ T8636] EXT4-fs (loop0): 1 orphan inode deleted [ 544.225659][ T5134] ryos 0003:1E7D:31CE.0005: probe with driver ryos failed with error -22 [ 544.232174][ T8636] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 544.328902][ T29] audit: type=1800 audit(1718322250.652:159): pid=8645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1967 res=0 errno=0 [ 544.350438][ T29] audit: type=1800 audit(1718322250.672:160): pid=8645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1967 res=0 errno=0 [ 544.385615][ T10] usb 2-1: USB disconnect, device number 5 [ 544.505244][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 545.112337][ T29] audit: type=1804 audit(1718322251.412:161): pid=8648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir926369760/syzkaller.GJxXOI/202/cgroup.controllers" dev="sda1" ino=1953 res=1 errno=0 [ 545.144139][ T29] audit: type=1804 audit(1718322251.432:162): pid=8648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir926369760/syzkaller.GJxXOI/202/cgroup.controllers" dev="sda1" ino=1953 res=1 errno=0 [ 545.445498][ T8648] loop4: detected capacity change from 0 to 1024 [ 545.464618][ T8648] EXT4-fs: Ignoring removed nomblk_io_submit option [ 545.480569][ T8648] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 545.489912][ T8648] EXT4-fs (loop4): Test dummy encryption mode enabled [ 545.500454][ T5134] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 545.619993][ T8648] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c855c01c, mo2=0003] [ 545.722086][ T8648] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 545.770034][ T5134] usb 2-1: Using ep0 maxpacket: 16 [ 545.920461][ T5134] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 545.932761][ T5134] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 545.948559][ T5134] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 545.963391][ T5134] usb 2-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 545.973234][ T5134] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.023550][ T5134] usb 2-1: config 0 descriptor?? [ 546.058411][ T8648] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 546.164813][ T8670] loop2: detected capacity change from 0 to 64 [ 546.483945][ T8657] syz-executor.1[8657] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 546.484602][ T8657] syz-executor.1[8657] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 546.655279][ T5081] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 546.727336][ T5134] ryos 0003:1E7D:31CE.0006: unknown main item tag 0x0 [ 546.734801][ T5134] ryos 0003:1E7D:31CE.0006: unbalanced delimiter at end of report description [ 546.797834][ T5134] ryos 0003:1E7D:31CE.0006: parse failed [ 546.804310][ T5134] ryos 0003:1E7D:31CE.0006: probe with driver ryos failed with error -22 [ 546.956000][ T5134] usb 2-1: USB disconnect, device number 6 [ 547.038539][ T8675] loop2: detected capacity change from 0 to 2048 [ 547.056159][ T29] audit: type=1800 audit(1718322253.362:163): pid=8677 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1956 res=0 errno=0 [ 547.080666][ T29] audit: type=1800 audit(1718322253.392:164): pid=8677 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1956 res=0 errno=0 [ 547.214902][ T8675] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 547.613822][ T5079] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 547.945290][ T8694] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 548.310288][ T8696] loop2: detected capacity change from 0 to 1024 [ 548.327099][ T8696] EXT4-fs: Ignoring removed orlov option [ 548.333311][ T8696] EXT4-fs: Ignoring removed nomblk_io_submit option [ 548.410042][ T8696] EXT4-fs (loop2): Test dummy encryption mode enabled [ 548.491963][ T8696] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 548.576615][ T8696] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 548.645798][ T8701] syz-executor.4[8701] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 548.646339][ T8701] syz-executor.4[8701] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 548.897877][ T8703] loop4: detected capacity change from 0 to 64 [ 549.189921][ T29] audit: type=1326 audit(1718322255.452:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8704 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c0707cea9 code=0x7ffc0000 [ 549.216346][ T29] audit: type=1326 audit(1718322255.462:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8704 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c0707cea9 code=0x7ffc0000 [ 549.242705][ T29] audit: type=1326 audit(1718322255.472:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8704 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1c0707cea9 code=0x7ffc0000 [ 549.266353][ T29] audit: type=1326 audit(1718322255.492:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8704 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c0707cea9 code=0x7ffc0000 [ 549.289805][ T29] audit: type=1326 audit(1718322255.492:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8704 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1c0707cea9 code=0x7ffc0000 [ 549.317914][ T29] audit: type=1326 audit(1718322255.502:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8704 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c0707cea9 code=0x7ffc0000 [ 549.345380][ T29] audit: type=1326 audit(1718322255.502:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8704 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=74 compat=0 ip=0x7f1c0707cea9 code=0x7ffc0000 [ 549.368673][ T29] audit: type=1326 audit(1718322255.502:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8704 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c0707cea9 code=0x7ffc0000 [ 549.600370][ T29] audit: type=1800 audit(1718322255.922:173): pid=8707 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1956 res=0 errno=0 [ 549.624914][ T29] audit: type=1800 audit(1718322255.932:174): pid=8707 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1956 res=0 errno=0 [ 549.923437][ T8686] loop3: detected capacity change from 0 to 32768 [ 549.987120][ T8686] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (8686) [ 550.066814][ T8686] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 550.078317][ T8686] BTRFS info (device loop3): using sha256 (sha256-generic) checksum algorithm [ 550.089844][ T8686] BTRFS info (device loop3): using free-space-tree [ 550.333874][ T8686] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 550.335019][ T8686] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 550.349642][ T8686] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 550.364318][ T8686] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 550.375209][ T8686] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 550.415191][ T8716] loop1: detected capacity change from 0 to 2048 [ 550.630446][ T8716] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 550.801456][ T8686] BTRFS error (device loop3): open_ctree failed [ 551.490860][ T5080] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 552.020140][ T5134] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 552.500021][ T5134] usb 5-1: Using ep0 maxpacket: 16 [ 552.774934][ T5134] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 552.786244][ T5134] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 552.801365][ T5134] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 552.816046][ T5134] usb 5-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 552.825461][ T5134] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.021844][ T5134] usb 5-1: config 0 descriptor?? [ 553.555845][ T8751] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 553.946442][ T5134] ryos 0003:1E7D:31CE.0007: unknown main item tag 0x0 [ 553.953756][ T5134] ryos 0003:1E7D:31CE.0007: unbalanced delimiter at end of report description [ 554.045908][ T5134] ryos 0003:1E7D:31CE.0007: parse failed [ 554.052181][ T5134] ryos 0003:1E7D:31CE.0007: probe with driver ryos failed with error -22 [ 554.107263][ T5134] usb 5-1: USB disconnect, device number 5 [ 554.500172][ T29] audit: type=1800 audit(1718322260.782:175): pid=8760 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1965 res=0 errno=0 [ 554.521627][ T29] audit: type=1800 audit(1718322260.812:176): pid=8760 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1965 res=0 errno=0 [ 554.551407][ T29] audit: type=1800 audit(1718322260.812:177): pid=8760 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1965 res=0 errno=0 [ 556.163415][ T8770] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 556.324296][ T8770] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 556.867366][ T8774] warning: `syz-executor.0' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 557.599131][ T8776] loop4: detected capacity change from 0 to 2048 [ 557.801981][ T8776] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 558.268867][ T5081] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 558.973812][ T8791] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 559.095952][ T29] audit: type=1800 audit(1718322265.412:178): pid=8793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1952 res=0 errno=0 [ 559.117851][ T29] audit: type=1800 audit(1718322265.412:179): pid=8793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1952 res=0 errno=0 [ 559.139016][ T29] audit: type=1800 audit(1718322265.432:180): pid=8793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1952 res=0 errno=0 [ 560.589919][ T8808] loop1: detected capacity change from 0 to 2048 [ 560.821825][ T8808] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 561.264052][ T5080] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 561.360362][ T29] audit: type=1800 audit(1718322267.662:181): pid=8824 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1957 res=0 errno=0 [ 561.381699][ T29] audit: type=1800 audit(1718322267.682:182): pid=8824 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1957 res=0 errno=0 [ 561.405720][ T29] audit: type=1800 audit(1718322267.682:183): pid=8824 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1957 res=0 errno=0 [ 561.966677][ T8840] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 563.062769][ T8855] loop3: detected capacity change from 0 to 2048 [ 563.078519][ T29] audit: type=1800 audit(1718322269.412:184): pid=8857 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1961 res=0 errno=0 [ 563.099972][ T29] audit: type=1800 audit(1718322269.422:185): pid=8857 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1961 res=0 errno=0 [ 563.210710][ T8855] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 563.780581][ T5090] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 564.325361][ T8877] loop2: detected capacity change from 0 to 512 [ 564.407268][ T8877] EXT4-fs (loop2): blocks per group (71) and clusters per group (20800) inconsistent [ 564.447035][ T8833] loop4: detected capacity change from 0 to 32768 [ 564.460986][ T8833] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (8833) [ 564.518869][ T8833] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 564.529588][ T8833] BTRFS info (device loop4): using sha256 (sha256-generic) checksum algorithm [ 564.541231][ T8833] BTRFS info (device loop4): using free-space-tree [ 564.709978][ T8833] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 564.711182][ T8833] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 564.722483][ T8833] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 564.732446][ T8833] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 564.742415][ T8833] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 564.752535][ T8833] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 564.762953][ T8833] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 564.772760][ T8833] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 564.786724][ T8833] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 564.798485][ T8833] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 564.809213][ T8833] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 565.219164][ T8900] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 565.253843][ T8833] BTRFS error (device loop4): open_ctree failed [ 566.079436][ T8] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 566.179373][ T8905] overlay: Unknown parameter 'obj_role' [ 567.476976][ T8915] loop3: detected capacity change from 0 to 2048 [ 567.552299][ T8] usb 2-1: config index 0 descriptor too short (expected 10770, got 27) [ 567.561159][ T8] usb 2-1: config 48 has too many interfaces: 93, using maximum allowed: 32 [ 567.570210][ T8] usb 2-1: config 48 has an invalid descriptor of length 235, skipping remainder of the config [ 567.580919][ T8] usb 2-1: config 48 has 0 interfaces, different from the descriptor's value: 93 [ 567.617303][ T8915] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 567.931092][ T8] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 567.940969][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 568.025508][ T8] usb 2-1: can't set config #48, error -71 [ 568.061956][ T8922] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 568.085208][ T8] usb 2-1: USB disconnect, device number 7 [ 568.312922][ T29] audit: type=1800 audit(1718322274.632:186): pid=8928 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1946 res=0 errno=0 [ 568.334724][ T29] audit: type=1800 audit(1718322274.662:187): pid=8928 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1946 res=0 errno=0 [ 568.352334][ T5090] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 569.098290][ T8942] loop4: detected capacity change from 0 to 512 [ 569.167080][ T8942] EXT4-fs (loop4): blocks per group (71) and clusters per group (20800) inconsistent [ 569.754130][ T8952] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 571.426411][ T8946] loop1: detected capacity change from 0 to 32768 [ 571.491566][ T8946] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (8946) [ 571.571090][ T8946] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 571.581871][ T8946] BTRFS info (device loop1): using sha256 (sha256-generic) checksum algorithm [ 571.593205][ T8946] BTRFS info (device loop1): using free-space-tree [ 571.729294][ T8967] loop2: detected capacity change from 0 to 2048 [ 571.920216][ T8967] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 572.021615][ T29] audit: type=1800 audit(1718322278.352:188): pid=8986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1968 res=0 errno=0 [ 572.043003][ T29] audit: type=1800 audit(1718322278.372:189): pid=8986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1968 res=0 errno=0 [ 572.388365][ T29] audit: type=1800 audit(1718322278.682:190): pid=8946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 errno=0 [ 572.522017][ T5079] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 572.726583][ T5080] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 573.837922][ T9016] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 574.590006][ T29] audit: type=1800 audit(1718322280.902:191): pid=9023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1960 res=0 errno=0 [ 574.615290][ T29] audit: type=1800 audit(1718322280.912:192): pid=9023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1960 res=0 errno=0 [ 574.775690][ T9025] loop2: detected capacity change from 0 to 2048 [ 574.902741][ T9025] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 575.027938][ T29] audit: type=1804 audit(1718322281.362:193): pid=9025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2715025002/syzkaller.TzlIqE/247/file1/bus" dev="loop2" ino=18 res=1 errno=0 [ 575.438904][ T5079] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 576.173602][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 577.158986][ T29] audit: type=1800 audit(1718322283.472:194): pid=9058 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1966 res=0 errno=0 [ 577.184086][ T29] audit: type=1800 audit(1718322283.502:195): pid=9058 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1966 res=0 errno=0 [ 577.520937][ T9035] loop1: detected capacity change from 0 to 32768 [ 577.588865][ T9035] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (9035) [ 577.674354][ T9035] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 577.690205][ T9035] BTRFS info (device loop1): using sha256 (sha256-generic) checksum algorithm [ 577.702970][ T9035] BTRFS info (device loop1): using free-space-tree [ 578.111943][ T9080] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 578.157279][ T9081] loop2: detected capacity change from 0 to 2048 [ 578.252593][ T9035] BTRFS error (device loop1): open_ctree failed [ 578.296605][ T9081] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 578.541150][ T29] audit: type=1804 audit(1718322284.852:196): pid=9081 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2715025002/syzkaller.TzlIqE/250/file1/bus" dev="loop2" ino=18 res=1 errno=0 [ 578.997499][ T5079] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 580.081059][ T29] audit: type=1800 audit(1718322286.362:197): pid=9104 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1961 res=0 errno=0 [ 580.102405][ T29] audit: type=1800 audit(1718322286.362:198): pid=9104 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1961 res=0 errno=0 [ 580.914012][ T9120] loop4: detected capacity change from 0 to 2048 [ 580.991873][ T9120] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 581.108867][ T9128] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 581.216995][ T29] audit: type=1804 audit(1718322287.502:199): pid=9120 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir926369760/syzkaller.GJxXOI/231/file1/bus" dev="loop4" ino=18 res=1 errno=0 [ 581.483657][ T5081] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 582.137878][ T29] audit: type=1800 audit(1718322288.442:200): pid=9142 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1966 res=0 errno=0 [ 582.159386][ T29] audit: type=1800 audit(1718322288.472:201): pid=9142 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1966 res=0 errno=0 [ 582.181092][ T29] audit: type=1804 audit(1718322288.472:202): pid=9142 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3979224297/syzkaller.wGuUFo/262/bus" dev="sda1" ino=1966 res=1 errno=0 [ 582.321120][ T9112] loop2: detected capacity change from 0 to 32768 [ 582.373972][ T9112] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (9112) [ 582.474403][ T9112] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 582.485945][ T9112] BTRFS info (device loop2): using sha256 (sha256-generic) checksum algorithm [ 582.501599][ T9112] BTRFS info (device loop2): using free-space-tree [ 582.706453][ T5088] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 583.204583][ T29] audit: type=1800 audit(1718322289.492:203): pid=9112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=263 res=0 errno=0 [ 583.384078][ T9173] loop4: detected capacity change from 0 to 2048 [ 583.528139][ T9173] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 583.646598][ T5079] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 584.049366][ T5081] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 585.338852][ T9152] loop0: detected capacity change from 0 to 32768 [ 585.401084][ T9152] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (9152) [ 585.496539][ T9152] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 585.507259][ T9152] BTRFS info (device loop0): using sha256 (sha256-generic) checksum algorithm [ 585.508442][ T9190] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 585.518349][ T9152] BTRFS info (device loop0): using free-space-tree [ 585.611648][ T9152] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 585.612821][ T9152] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 585.623252][ T9152] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 585.633873][ T9152] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 585.644225][ T9152] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 585.654123][ T9152] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 585.668908][ T9152] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 585.680236][ T9152] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 585.690038][ T9152] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 585.700540][ T9152] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 585.713510][ T9152] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 585.724731][ T9152] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 585.754491][ T9169] loop3: detected capacity change from 0 to 32768 [ 585.787133][ T9152] BTRFS error (device loop0): open_ctree failed [ 585.850605][ T9169] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (9169) [ 587.250306][ T9216] loop1: detected capacity change from 0 to 2048 [ 587.425757][ T9216] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 587.734943][ T1226] ieee802154 phy0 wpan0: encryption failed: -22 [ 587.741959][ T1226] ieee802154 phy1 wpan1: encryption failed: -22 [ 587.924335][ T5080] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 587.965341][ T9227] syz-executor.2[9227] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 587.965876][ T9227] syz-executor.2[9227] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 588.003122][ T9227] syz-executor.2[9227] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 588.016364][ T9227] syz-executor.2[9227] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 588.843093][ T9212] loop4: detected capacity change from 0 to 32768 [ 588.897580][ T9239] loop2: detected capacity change from 0 to 512 [ 588.938543][ T9212] BTRFS: device /dev/loop4 (7:4) using temp-fsid f1df6bc3-bbc3-46ae-9390-dc3c8a4d6f79 [ 588.953341][ T9212] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (9212) [ 588.995248][ T9239] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e02d, mo2=0002] [ 589.021266][ T9239] System zones: 1-12 [ 589.035545][ T9212] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 589.049529][ T9212] BTRFS info (device loop4): using sha256 (sha256-generic) checksum algorithm [ 589.061812][ T9212] BTRFS info (device loop4): using free-space-tree [ 589.066102][ T9239] EXT4-fs error (device loop2): __ext4_iget:4913: inode #11: block 393240: comm syz-executor.2: invalid block [ 589.130377][ T9239] EXT4-fs (loop2): Remounting filesystem read-only [ 589.137261][ T9239] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 589.288681][ T9241] loop3: detected capacity change from 0 to 4096 [ 589.338917][ T9241] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 589.443202][ T5079] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 589.518027][ T9261] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 589.565218][ T5081] BTRFS info (device loop4): last unmount of filesystem f1df6bc3-bbc3-46ae-9390-dc3c8a4d6f79 [ 589.631420][ T9241] ntfs3: loop3: Failed to initialize $Extend/$ObjId. [ 590.507631][ T9267] loop3: detected capacity change from 0 to 2048 [ 590.631068][ T9267] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 590.815230][ T9265] loop2: detected capacity change from 0 to 8192 [ 590.933906][ T9237] loop0: detected capacity change from 0 to 32768 [ 591.050100][ T29] audit: type=1804 audit(1718322297.352:204): pid=9265 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2715025002/syzkaller.TzlIqE/262/file0/bus" dev="loop2" ino=1048666 res=1 errno=0 [ 591.129441][ T29] audit: type=1804 audit(1718322297.432:205): pid=9281 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir2715025002/syzkaller.TzlIqE/262/file0/bus" dev="loop2" ino=1048666 res=1 errno=0 [ 591.155851][ T29] audit: type=1804 audit(1718322297.442:206): pid=9265 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2715025002/syzkaller.TzlIqE/262/file0/bus" dev="loop2" ino=1048666 res=1 errno=0 [ 591.246747][ T9237] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=crc64,background_compression=zstd,str_hash=crc64,nojournal_transaction_names [ 591.265578][ T9237] bcachefs (loop0): recovering from clean shutdown, journal seq 8 [ 591.367396][ T5090] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 591.533104][ T9237] bcachefs (loop0): alloc_read... done [ 591.539127][ T9237] bcachefs (loop0): stripes_read... done [ 591.545998][ T9237] bcachefs (loop0): snapshots_read... done [ 591.617823][ T9237] bcachefs (loop0): journal_replay... done [ 591.624266][ T9237] bcachefs (loop0): resume_logged_ops... done [ 591.678850][ T9237] bcachefs (loop0): going read-write [ 591.702285][ T9237] bcachefs (loop0): bch2_gc_thread_start(): error EINTR [ 591.714236][ T9237] bcachefs (loop0): error starting gc thread [ 591.721904][ T9237] bcachefs (loop0): bch2_fs_start(): error starting filesystem EINTR [ 591.730389][ T9237] bcachefs (loop0): shutting down [ 591.735603][ T9237] bcachefs (loop0): going read-only [ 591.741151][ T9237] bcachefs (loop0): finished waiting for writes to stop [ 591.748360][ T9237] bcachefs (loop0): flushing journal and stopping allocators, journal seq 8 [ 591.795558][ T9237] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 8 [ 591.842056][ T9237] bcachefs (loop0): shutdown complete, journal seq 9 [ 591.849612][ T9237] bcachefs (loop0): marking filesystem clean [ 591.938233][ T9237] bcachefs (loop0): shutdown complete [ 594.403623][ T9312] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 594.609167][ T9313] loop3: detected capacity change from 0 to 2048 [ 594.720533][ T9313] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 595.046272][ T5090] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 595.827712][ T9303] loop4: detected capacity change from 0 to 32768 [ 595.880151][ T9303] BTRFS: device /dev/loop4 (7:4) using temp-fsid 80909f79-3375-4592-8c67-4360414f9f37 [ 595.890147][ T9303] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (9303) [ 595.994850][ T9303] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 596.005650][ T9303] BTRFS info (device loop4): using sha256 (sha256-generic) checksum algorithm [ 596.021367][ T9303] BTRFS info (device loop4): using free-space-tree [ 596.304914][ T9303] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 596.305955][ T9303] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 596.322095][ T9303] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 596.334753][ T9303] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 596.396142][ T9303] BTRFS error (device loop4): open_ctree failed [ 597.676080][ T9358] loop1: detected capacity change from 0 to 2048 [ 597.826898][ T9358] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 598.352253][ T9373] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 598.353971][ T5080] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 601.512856][ T9401] loop2: detected capacity change from 0 to 2048 [ 601.661232][ T9401] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 601.835708][ T9382] loop1: detected capacity change from 0 to 32768 [ 601.906859][ T9382] BTRFS: device /dev/loop1 (7:1) using temp-fsid 69e29212-3be5-49b2-b196-422fdb3e5788 [ 601.918043][ T9382] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (9382) [ 602.034527][ T9382] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 602.045405][ T9382] BTRFS info (device loop1): using sha256 (sha256-generic) checksum algorithm [ 602.060948][ T9382] BTRFS info (device loop1): using free-space-tree [ 602.147897][ T9382] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 602.148918][ T9382] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 602.163263][ T9382] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 602.174853][ T9382] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 602.184788][ T9382] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 602.194756][ T9382] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 602.204626][ T9382] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 602.214985][ T9382] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 602.228034][ T9382] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 602.238714][ T9382] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 602.249819][ T9382] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 602.263934][ T9382] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 602.313847][ T5079] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 602.338561][ T9382] BTRFS error (device loop1): open_ctree failed [ 602.910477][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 603.160300][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 603.395521][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 603.582622][ T10] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 603.595273][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 603.604514][ T10] usb 4-1: SerialNumber: syz [ 603.886615][ T10] usb 4-1: config 0 descriptor?? [ 603.971192][ T10] usb 4-1: Found UVC 0.00 device (05ac:8501) [ 603.978559][ T10] usb 4-1: No valid video chain found. [ 605.045590][ T9442] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 605.468469][ T7136] usb 4-1: USB disconnect, device number 2 [ 605.524205][ T9444] loop2: detected capacity change from 0 to 128 [ 605.610230][ T9444] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 605.673248][ T9444] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 606.476747][ T9453] loop3: detected capacity change from 0 to 2048 [ 606.629093][ T9453] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 607.754962][ T5090] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 609.760717][ T9488] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 611.935985][ T9508] loop2: detected capacity change from 0 to 2048 [ 611.940202][ T9480] loop1: detected capacity change from 0 to 32768 [ 611.967189][ T9480] read_mapping_page failed! [ 611.972341][ T9480] jfs_mount: Failed to read AGGREGATE_I [ 611.978317][ T9480] Mount JFS Failure: -5 [ 611.985335][ T9480] jfs_mount failed w/return code = -5 [ 612.105163][ T9508] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 612.704307][ T5079] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 615.853540][ T9543] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 617.207304][ T9555] loop3: detected capacity change from 0 to 2048 [ 617.364677][ T9555] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 617.944011][ T5090] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 621.256398][ T9591] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 621.484401][ T9579] loop3: detected capacity change from 0 to 32768 [ 623.096434][ T9593] loop1: detected capacity change from 0 to 2048 [ 623.417416][ T9593] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 624.181820][ T5080] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 624.900353][ T9616] syz-executor.4[9616] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 624.900907][ T9616] syz-executor.4[9616] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 627.429680][ C0] sched: RT throttling activated [ 627.591847][ T9626] loop1: detected capacity change from 0 to 1024 [ 627.656738][ T9626] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 627.695839][ T9626] JBD2: no valid journal superblock found [ 627.702434][ T9626] EXT4-fs (loop1): Could not load journal inode [ 628.000199][ T9633] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 628.526031][ T9636] loop4: detected capacity change from 0 to 2048 [ 628.697658][ T9636] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 629.269339][ T5081] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 632.855092][ T6399] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.013285][ T6399] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.186916][ T9670] loop4: detected capacity change from 0 to 128 [ 633.214741][ T9669] loop1: detected capacity change from 0 to 256 [ 633.727738][ T9669] FAT-fs (loop1): Unrecognized mount option "00000000000000000000005" or missing value [ 633.748316][ T6399] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 634.374413][ T6399] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 634.504465][ T9675] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 634.803927][ T5088] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 634.823779][ T5088] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 634.834708][ T5088] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 634.866693][ T5088] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 634.879609][ T5088] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 634.889846][ T5088] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 634.944849][ T6399] bridge_slave_1: left allmulticast mode [ 634.950982][ T6399] bridge_slave_1: left promiscuous mode [ 634.957537][ T6399] bridge0: port 2(bridge_slave_1) entered disabled state [ 635.049029][ T6399] bridge_slave_0: left allmulticast mode [ 635.055287][ T6399] bridge_slave_0: left promiscuous mode [ 635.062067][ T6399] bridge0: port 1(bridge_slave_0) entered disabled state [ 635.883298][ T6399] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 635.976014][ T6399] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 636.016766][ T6399] bond0 (unregistering): Released all slaves [ 636.073031][ T9686] netlink: 228 bytes leftover after parsing attributes in process `syz-executor.4'. [ 636.991065][ T5088] Bluetooth: hci1: command tx timeout [ 637.246923][ T6399] hsr_slave_0: left promiscuous mode [ 637.273112][ T6399] hsr_slave_1: left promiscuous mode [ 637.297999][ T6399] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 637.305990][ T6399] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 637.358504][ T6399] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 637.361973][ T9709] loop3: detected capacity change from 0 to 256 [ 637.366354][ T6399] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 637.410910][ T9709] FAT-fs (loop3): Unrecognized mount option "00000000000000000000005" or missing value [ 637.422165][ T6399] veth1_macvtap: left promiscuous mode [ 637.427899][ T6399] veth0_macvtap: left promiscuous mode [ 637.433922][ T6399] veth1_vlan: left promiscuous mode [ 637.439468][ T6399] veth0_vlan: left promiscuous mode [ 638.146815][ T9722] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 638.285014][ T6399] team0 (unregistering): Port device team_slave_1 removed [ 638.366494][ T6399] team0 (unregistering): Port device team_slave_0 removed [ 639.071390][ T5088] Bluetooth: hci1: command tx timeout [ 639.088321][ T9676] chnl_net:caif_netlink_parms(): no params data found [ 639.297178][ T9727] loop3: detected capacity change from 0 to 2048 [ 639.491871][ T9727] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 639.876091][ T9746] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 639.958891][ T5090] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 640.483657][ T9752] loop0: detected capacity change from 0 to 256 [ 640.532547][ T9752] FAT-fs (loop0): Unrecognized mount option "00000000000000000000005" or missing value [ 640.699336][ T9676] bridge0: port 1(bridge_slave_0) entered blocking state [ 640.707177][ T9676] bridge0: port 1(bridge_slave_0) entered disabled state [ 640.714993][ T9676] bridge_slave_0: entered allmulticast mode [ 640.724058][ T9676] bridge_slave_0: entered promiscuous mode [ 640.868643][ T9676] bridge0: port 2(bridge_slave_1) entered blocking state [ 640.876909][ T9676] bridge0: port 2(bridge_slave_1) entered disabled state [ 640.884764][ T9676] bridge_slave_1: entered allmulticast mode [ 640.893868][ T9676] bridge_slave_1: entered promiscuous mode [ 641.159901][ T5088] Bluetooth: hci1: command tx timeout [ 641.204821][ T9676] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 641.228127][ T9676] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 641.387724][ T9767] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 641.419414][ T9676] team0: Port device team_slave_0 added [ 641.518500][ T9676] team0: Port device team_slave_1 added [ 641.817190][ T9676] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 641.825467][ T9676] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 641.851796][ T9676] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 642.104111][ T9676] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 642.112838][ T9676] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 642.139870][ T9676] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 642.453155][ T9783] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 642.540647][ T9676] hsr_slave_0: entered promiscuous mode [ 642.572513][ T9676] hsr_slave_1: entered promiscuous mode [ 642.609823][ T9676] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 642.615641][ T9782] loop4: detected capacity change from 0 to 2048 [ 642.617604][ T9676] Cannot create hsr debugfs directory [ 642.722537][ T9782] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 643.226804][ T5081] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 643.257874][ T5088] Bluetooth: hci1: command tx timeout [ 643.931472][ T9794] loop1: detected capacity change from 0 to 256 [ 644.022344][ T9794] FAT-fs (loop1): Unrecognized mount option "00000000000000000000005" or missing value [ 644.024013][ T9797] binder: BINDER_SET_CONTEXT_MGR already set [ 644.043398][ T9797] binder: 9796:9797 ioctl 4018620d 20000040 returned -16 [ 644.057416][ T9676] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 644.180759][ T9676] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 644.252089][ T9676] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 644.371619][ T9676] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 645.506578][ T9676] 8021q: adding VLAN 0 to HW filter on device bond0 [ 645.782053][ T9676] 8021q: adding VLAN 0 to HW filter on device team0 [ 645.906249][ T7136] bridge0: port 1(bridge_slave_0) entered blocking state [ 645.914043][ T7136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 646.032490][ T9821] loop1: detected capacity change from 0 to 2048 [ 646.045305][ T7135] bridge0: port 2(bridge_slave_1) entered blocking state [ 646.053110][ T7135] bridge0: port 2(bridge_slave_1) entered forwarding state [ 646.261985][ T9821] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 646.868436][ T5080] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 647.686882][ T9676] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 648.005444][ T9842] binder: BINDER_SET_CONTEXT_MGR already set [ 648.014167][ T9842] binder: 9841:9842 ioctl 4018620d 20000040 returned -16 [ 648.082117][ T9676] veth0_vlan: entered promiscuous mode [ 648.196814][ T9676] veth1_vlan: entered promiscuous mode [ 648.481614][ T9676] veth0_macvtap: entered promiscuous mode [ 648.580861][ T9676] veth1_macvtap: entered promiscuous mode [ 648.769360][ T9676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 648.781322][ T9676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 648.791464][ T9676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 648.802305][ T9676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 648.812401][ T9676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 648.823210][ T9676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 648.835402][ T9676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 648.849243][ T9676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 648.865409][ T9676] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 648.988249][ T9676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 649.000406][ T9676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 649.010642][ T9676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 649.021469][ T9676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 649.031572][ T9676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 649.042345][ T9676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 649.056533][ T9676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 649.068551][ T9676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 649.087175][ T9676] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 649.182851][ T1226] ieee802154 phy0 wpan0: encryption failed: -22 [ 649.189518][ T1226] ieee802154 phy1 wpan1: encryption failed: -22 [ 649.302041][ T9676] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 649.311336][ T9676] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 649.320761][ T9676] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 649.329896][ T9676] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 651.793171][ T9881] loop1: detected capacity change from 0 to 2048 [ 651.972363][ T9881] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 652.450366][ T5080] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 654.698941][ T9935] loop4: detected capacity change from 0 to 2048 [ 654.822030][ T9935] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 654.987278][ T6419] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 654.997782][ T6419] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 655.176607][ T5081] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 655.178903][ T6407] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 655.197050][ T6407] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 656.912149][ T9986] loop0: detected capacity change from 0 to 2048 [ 657.000964][ T9986] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 657.404362][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 657.925317][T10009] ip6gretap1: entered promiscuous mode [ 657.978008][ T5128] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 658.040792][T10010] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 658.114606][ T5128] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 658.290765][ T3152] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 658.988790][T10021] binder: BINDER_SET_CONTEXT_MGR already set [ 658.995332][T10021] binder: 10020:10021 ioctl 4018620d 20000040 returned -16 [ 659.215919][ T25] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 659.255733][T10026] loop3: detected capacity change from 0 to 2048 [ 659.311402][ T6399] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 659.320293][ T6399] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 659.420976][T10026] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 659.630372][ T25] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 659.643865][ T25] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00 [ 659.653267][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 659.741918][ T25] usb 5-1: config 0 descriptor?? [ 659.807424][ T25] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 659.888970][ T5088] Bluetooth: hci0: unexpected event for opcode 0x200c [ 659.900699][ T5090] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 660.105942][ T29] audit: type=1804 audit(1718322366.422:207): pid=10023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir926369760/syzkaller.GJxXOI/289/cgroup.controllers" dev="sda1" ino=1954 res=1 errno=0 [ 660.166770][ T25] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 660.173165][ T5128] usb 5-1: USB disconnect, device number 6 [ 662.100532][T10059] binder: BINDER_SET_CONTEXT_MGR already set [ 662.106821][T10059] binder: 10058:10059 ioctl 4018620d 20000040 returned -16 [ 662.504885][T10063] loop1: detected capacity change from 0 to 2048 [ 662.560619][ T5088] Bluetooth: hci0: unexpected event for opcode 0x200c [ 662.642366][T10063] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 663.114375][ T5080] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 663.390304][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 663.585467][T10087] binder: BINDER_SET_CONTEXT_MGR already set [ 663.595607][T10087] binder: 10086:10087 ioctl 4018620d 20000040 returned -16 [ 663.805081][T10094] ip6gretap1: entered promiscuous mode [ 663.842240][ T25] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 663.854778][T10096] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 663.953637][ T5088] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 663.962337][ T5088] Bluetooth: hci0: Injecting HCI hardware error event [ 663.970062][ T5088] Bluetooth: hci0: hardware error 0x00 [ 664.332711][ T6428] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 664.754875][T10112] loop0: detected capacity change from 0 to 256 [ 664.802766][T10109] loop1: detected capacity change from 0 to 2048 [ 664.900308][T10109] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 664.920293][ T25] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 665.404008][ T4351] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 665.412884][ T4351] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 665.500582][ T5080] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 666.030269][ T5088] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 666.300704][ T7135] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 666.723674][T10106] loop4: detected capacity change from 0 to 32768 [ 666.802206][T10106] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (10106) [ 666.909820][T10106] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 666.920440][T10106] BTRFS info (device loop4): using sha256 (sha256-generic) checksum algorithm [ 666.931743][T10106] BTRFS info (device loop4): using free-space-tree [ 667.412165][T10163] loop3: detected capacity change from 0 to 256 [ 667.476577][T10106] BTRFS error (device loop4): open_ctree failed [ 667.627686][T10165] loop0: detected capacity change from 0 to 2048 [ 667.770527][T10165] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 668.226003][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 669.494983][T10202] loop0: detected capacity change from 0 to 256 [ 669.711072][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 670.180471][T10208] loop3: detected capacity change from 0 to 2048 [ 670.293021][T10208] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 670.787892][ T5090] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 672.190234][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 672.526092][T10247] ip6gretap1: entered promiscuous mode [ 672.562282][ T25] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 672.571760][T10249] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 672.725004][ T6407] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 672.921399][T10252] loop2: detected capacity change from 0 to 2048 [ 673.201548][T10252] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 673.565775][ T25] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 673.651674][ T9676] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 673.805154][ T6428] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 673.813975][ T6428] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 674.603727][ T7135] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 675.270843][T10285] loop4: detected capacity change from 0 to 128 [ 675.300255][T10287] loop3: detected capacity change from 0 to 64 [ 675.356954][T10288] 9pnet_fd: Insufficient options for proto=fd [ 675.529866][T10287] syz-executor.3: attempt to access beyond end of device [ 675.529866][T10287] loop3: rw=34817, sector=39, nr_sectors = 30 limit=64 [ 675.544484][T10287] syz-executor.3: attempt to access beyond end of device [ 675.544484][T10287] loop3: rw=34817, sector=72, nr_sectors = 2 limit=64 [ 675.636577][T10287] syz-executor.3: attempt to access beyond end of device [ 675.636577][T10287] loop3: rw=34817, sector=76, nr_sectors = 500 limit=64 [ 675.667548][T10295] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 676.154512][T10308] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 677.082760][T10324] 9pnet_fd: Insufficient options for proto=fd [ 677.953677][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 678.012064][T10341] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 678.075762][T10344] loop3: detected capacity change from 0 to 1024 [ 678.119098][T10344] EXT4-fs: Ignoring removed nomblk_io_submit option [ 678.160956][T10344] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 678.262175][T10344] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 678.294524][T10344] System zones: 0-1, 3-36 [ 678.324850][T10344] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 678.507264][ T29] audit: type=1326 audit(1718322384.812:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10343 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8631a7cea9 code=0x0 [ 678.581009][T10351] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 678.590269][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 678.781796][ C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 679.096905][ T5090] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 680.651230][ T5134] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 681.051519][ T5134] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 681.062103][ T5134] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 681.071427][ T5134] usb 4-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 681.360355][ T5134] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 681.370003][ T5134] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 681.378254][ T5134] usb 4-1: Product: syz [ 681.382780][ T5134] usb 4-1: Manufacturer: syz [ 681.387599][ T5134] usb 4-1: SerialNumber: syz [ 681.964422][ T5134] usb 4-1: 0:2 : does not exist [ 681.984481][T10378] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 682.031048][ T5134] usb 4-1: USB disconnect, device number 3 [ 682.491370][T10386] loop0: detected capacity change from 0 to 512 [ 682.498451][T10390] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 682.545592][T10386] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 682.555624][T10386] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz-executor.0: invalid indirect mapped block 2683928664 (level 1) [ 682.590415][T10386] EXT4-fs (loop0): Remounting filesystem read-only [ 682.635015][T10386] EXT4-fs (loop0): 1 truncate cleaned up [ 682.645653][T10386] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 682.758984][T10386] Bluetooth: MGMT ver 1.22 [ 682.874531][T10395] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 682.956745][T10399] loop4: detected capacity change from 0 to 512 [ 682.963355][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 683.083836][T10399] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 683.158796][T10399] EXT4-fs (loop4): warning: checktime reached, running e2fsck is recommended [ 683.186810][T10399] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz-executor.4: bg 0: block 18: invalid block bitmap [ 683.201317][T10399] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6537: Corrupt filesystem [ 683.214503][T10399] EXT4-fs (loop4): 1 truncate cleaned up [ 683.220677][T10399] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 683.233678][T10399] ext2 filesystem being mounted at /root/syzkaller-testdir926369760/syzkaller.GJxXOI/302/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 683.423823][T10407] EXT4-fs error (device loop4): ext4_map_blocks:580: inode #2: block 3: comm syz-executor.4: lblock 0 mapped to illegal pblock 3 (length 1) [ 686.921210][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 688.428689][ T5081] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 689.056346][T10435] loop3: detected capacity change from 0 to 512 [ 689.176965][T10435] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 689.203512][T10435] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz-executor.3: invalid indirect mapped block 2683928664 (level 1) [ 689.281382][T10435] EXT4-fs (loop3): Remounting filesystem read-only [ 689.344272][T10435] EXT4-fs (loop3): 1 truncate cleaned up [ 689.350525][T10435] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 689.373109][T10448] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 689.470923][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 689.625461][T10452] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 689.691164][ T5090] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 689.858122][T10457] ip6gretap1: entered promiscuous mode [ 689.912981][ T5134] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 689.944185][T10460] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 690.015614][ T4351] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 690.166179][ T5134] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 691.080865][ T6428] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 691.089455][ T6428] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 691.340047][ T7136] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 691.590151][T10490] loop4: detected capacity change from 0 to 512 [ 691.656504][T10492] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 691.694844][T10490] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 691.742734][T10490] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz-executor.4: invalid indirect mapped block 2683928664 (level 1) [ 691.810420][T10490] EXT4-fs (loop4): Remounting filesystem read-only [ 691.873827][T10490] EXT4-fs (loop4): 1 truncate cleaned up [ 691.880128][T10490] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 692.107788][T10503] ip6gretap1: entered promiscuous mode [ 692.165167][ T7135] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 692.290247][ T5081] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 692.637843][ T6428] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 692.894241][T10517] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 692.910614][ T7135] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 693.638926][T10537] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 693.715357][ T6428] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 693.725819][ T6428] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 694.278570][T10544] loop0: detected capacity change from 0 to 512 [ 694.420841][T10544] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 694.490979][T10544] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz-executor.0: invalid indirect mapped block 2683928664 (level 1) [ 694.571976][T10544] EXT4-fs (loop0): Remounting filesystem read-only [ 694.592701][ T43] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 694.635590][T10544] EXT4-fs (loop0): 1 truncate cleaned up [ 694.643033][T10544] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 694.751445][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 694.856522][T10560] loop2: detected capacity change from 0 to 1024 [ 695.003654][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 696.039434][T10582] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 696.403648][T10592] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 696.933541][T10598] loop4: detected capacity change from 0 to 512 [ 697.013070][T10598] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 697.024014][T10598] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz-executor.4: invalid indirect mapped block 2683928664 (level 1) [ 697.092962][T10598] EXT4-fs (loop4): Remounting filesystem read-only [ 697.136978][T10598] EXT4-fs (loop4): 1 truncate cleaned up [ 697.143036][T10598] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 697.161096][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 697.377719][T10600] 9pnet: Could not find request transport: fd0x0000000000000004 [ 697.630212][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 697.656987][ T5081] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 699.951557][ T6428] hfsplus: b-tree write err: -5, ino 4 [ 700.710898][T10640] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 700.874895][T10642] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 701.194623][T10647] loop0: detected capacity change from 0 to 512 [ 701.329041][T10647] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 701.355549][T10647] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz-executor.0: invalid indirect mapped block 2683928664 (level 1) [ 701.393010][T10648] 9pnet: Could not find request transport: fd0x0000000000000004 [ 701.434885][T10647] EXT4-fs (loop0): Remounting filesystem read-only [ 701.467746][T10647] EXT4-fs (loop0): 1 truncate cleaned up [ 701.477464][T10647] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 701.744865][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 702.181939][T10662] loop0: detected capacity change from 0 to 2048 [ 702.271244][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 702.336746][T10662] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 702.351526][T10665] loop3: detected capacity change from 0 to 1024 [ 702.993233][T10671] binder: BINDER_SET_CONTEXT_MGR already set [ 702.999422][T10671] binder: 10670:10671 ioctl 4018620d 20000040 returned -16 [ 704.190207][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 704.462509][T10689] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 705.299481][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 705.382167][T10692] 9pnet: Could not find request transport: fd0x0000000000000004 [ 705.476649][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 705.685083][T10698] loop4: detected capacity change from 0 to 512 [ 705.851000][T10698] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 705.932587][T10698] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz-executor.4: invalid indirect mapped block 2683928664 (level 1) [ 705.973829][T10709] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 705.978518][T10698] EXT4-fs (loop4): Remounting filesystem read-only [ 706.049139][T10698] EXT4-fs (loop4): 1 truncate cleaned up [ 706.055238][T10698] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 706.334452][ T5081] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 707.723099][T10738] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 707.835596][T10740] 9pnet_fd: Insufficient options for proto=fd [ 708.148339][T10746] loop3: detected capacity change from 0 to 512 [ 708.206357][T10746] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 708.260861][T10746] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz-executor.3: invalid indirect mapped block 2683928664 (level 1) [ 708.310910][T10746] EXT4-fs (loop3): Remounting filesystem read-only [ 708.356398][T10746] EXT4-fs (loop3): 1 truncate cleaned up [ 708.362642][T10746] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 708.706761][ T5090] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 709.669147][T10771] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 710.040949][T10778] 9pnet_fd: Insufficient options for proto=fd [ 710.357247][T10781] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 710.610894][ T1226] ieee802154 phy0 wpan0: encryption failed: -22 [ 710.617650][ T1226] ieee802154 phy1 wpan1: encryption failed: -22 [ 710.667996][T10783] loop3: detected capacity change from 0 to 512 [ 710.744429][T10783] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 710.778190][T10783] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz-executor.3: invalid indirect mapped block 2683928664 (level 1) [ 710.795204][T10783] EXT4-fs (loop3): Remounting filesystem read-only [ 710.825279][T10783] EXT4-fs (loop3): 1 truncate cleaned up [ 710.831480][T10783] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 711.186502][ T5090] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 711.252011][ T5128] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 711.437561][T10796] loop2: detected capacity change from 0 to 512 [ 711.546420][T10796] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 711.562379][T10796] ext4 filesystem being mounted at /root/syzkaller-testdir2414771213/syzkaller.62pAyC/42/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 711.650876][ T5128] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 711.662446][ T5128] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 711.673938][ T5128] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 711.687337][ T5128] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 711.697138][ T5128] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 711.734081][ T5128] usb 2-1: config 0 descriptor?? [ 711.764146][T10788] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 712.158404][ T9676] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 712.253389][ T5128] plantronics 0003:047F:FFFF.0008: unknown main item tag 0xd [ 712.296031][ T5128] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 712.391299][ T5128] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 712.514124][ T5128] usb 2-1: USB disconnect, device number 8 [ 712.672414][T10820] loop4: detected capacity change from 0 to 1024 [ 712.688541][T10826] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 712.811927][T10827] 9pnet_fd: Insufficient options for proto=fd [ 712.999362][T10834] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 713.406129][T10836] loop2: detected capacity change from 0 to 512 [ 713.585155][T10836] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 713.613542][T10836] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz-executor.2: invalid indirect mapped block 2683928664 (level 1) [ 713.675706][T10836] EXT4-fs (loop2): Remounting filesystem read-only [ 713.695131][T10836] EXT4-fs (loop2): 1 truncate cleaned up [ 713.701595][T10836] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 714.162753][ T9676] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 714.948940][T10866] 9pnet_fd: Insufficient options for proto=fd [ 715.281664][T10871] loop2: detected capacity change from 0 to 1024 [ 715.336850][T10871] EXT4-fs: Ignoring removed nobh option [ 715.438192][T10881] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 715.584106][T10871] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 716.317937][T10892] loop0: detected capacity change from 0 to 512 [ 716.388232][T10892] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 716.461011][T10892] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz-executor.0: invalid indirect mapped block 2683928664 (level 1) [ 716.494765][T10892] EXT4-fs (loop0): Remounting filesystem read-only [ 716.526237][T10892] EXT4-fs (loop0): 1 truncate cleaned up [ 716.538406][T10892] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 716.951643][ T3152] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 716.975786][ T9676] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 716.987467][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 716.990206][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 717.127187][ T3152] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 717.330111][ T3152] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 717.483573][ T3152] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 717.900269][ T3152] bridge_slave_1: left allmulticast mode [ 717.906234][ T3152] bridge_slave_1: left promiscuous mode [ 717.913076][ T3152] bridge0: port 2(bridge_slave_1) entered disabled state [ 717.961121][ T3152] bridge_slave_0: left allmulticast mode [ 717.972785][ T3152] bridge_slave_0: left promiscuous mode [ 717.979685][ T3152] bridge0: port 1(bridge_slave_0) entered disabled state [ 718.024260][T10914] 9pnet_fd: Insufficient options for proto=fd [ 718.698075][ T3152] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 718.715243][T10922] loop0: detected capacity change from 0 to 1024 [ 718.758288][ T3152] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 718.845481][ T3152] bond0 (unregistering): Released all slaves [ 718.872150][T10922] EXT4-fs: Ignoring removed nobh option [ 718.980016][T10932] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 719.091856][T10922] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 719.925710][ T3152] hsr_slave_0: left promiscuous mode [ 719.965650][ T3152] hsr_slave_1: left promiscuous mode [ 719.996661][ T3152] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 720.004982][ T3152] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 720.032472][ T3152] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 720.040302][ T3152] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 720.069466][T10943] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 720.080782][ T3152] veth1_macvtap: left promiscuous mode [ 720.086523][ T3152] veth0_macvtap: left promiscuous mode [ 720.092877][ T3152] veth1_vlan: left promiscuous mode [ 720.098432][ T3152] veth0_vlan: left promiscuous mode [ 720.839160][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 721.151026][T10098] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 721.162567][T10098] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 721.177512][T10098] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 721.191921][T10098] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 721.204678][T10098] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 721.214367][T10098] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 721.262294][ T3152] team0 (unregistering): Port device team_slave_1 removed [ 721.302536][ T3152] team0 (unregistering): Port device team_slave_0 removed [ 722.205309][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 722.750349][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 723.073506][T10963] loop1: detected capacity change from 0 to 1024 [ 723.125763][T10963] EXT4-fs: Ignoring removed nobh option [ 723.311752][T10098] Bluetooth: hci0: command tx timeout [ 723.355084][T10963] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 723.648880][T10947] chnl_net:caif_netlink_parms(): no params data found [ 724.481754][ T5080] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 724.580676][ T6419] hfsplus: b-tree write err: -5, ino 4 [ 725.164948][T10947] bridge0: port 1(bridge_slave_0) entered blocking state [ 725.172855][T10947] bridge0: port 1(bridge_slave_0) entered disabled state [ 725.180685][T10947] bridge_slave_0: entered allmulticast mode [ 725.189817][T10947] bridge_slave_0: entered promiscuous mode [ 725.340558][T10947] bridge0: port 2(bridge_slave_1) entered blocking state [ 725.348252][T10947] bridge0: port 2(bridge_slave_1) entered disabled state [ 725.356407][T10947] bridge_slave_1: entered allmulticast mode [ 725.365542][T10947] bridge_slave_1: entered promiscuous mode [ 725.390591][T10098] Bluetooth: hci0: command tx timeout [ 725.553616][T10976] syz-executor.4[10976] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 725.554171][T10976] syz-executor.4[10976] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 725.642095][T10976] pim6reg1: entered promiscuous mode [ 725.665112][T10976] pim6reg1: entered allmulticast mode [ 725.700116][T10947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 725.828220][T10947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 725.989426][ T5088] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 726.005494][ T5088] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 726.014716][ T5088] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 726.071670][ T5088] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 726.090742][ T5088] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 726.099868][ T5088] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 726.231307][T10947] team0: Port device team_slave_0 added [ 726.354223][T10947] team0: Port device team_slave_1 added [ 726.792173][T10947] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 726.799342][T10947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 726.826423][T10947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 726.947321][T10982] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 727.008661][T10947] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 727.017320][T10947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 727.043791][T10947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 727.512161][T10098] Bluetooth: hci0: command tx timeout [ 727.663253][T10947] hsr_slave_0: entered promiscuous mode [ 727.678094][T10947] hsr_slave_1: entered promiscuous mode [ 727.696923][T10947] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 727.706305][T10947] Cannot create hsr debugfs directory [ 727.858551][ T3152] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 727.990878][ T3152] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 728.117264][ T5088] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 728.127348][T10977] chnl_net:caif_netlink_parms(): no params data found [ 728.128731][ T5088] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 728.148164][ T5088] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 728.182697][ T7136] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 728.196608][ T5088] Bluetooth: hci1: command tx timeout [ 728.212222][ T3152] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 728.231371][T10992] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 728.245418][ T5088] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 728.311104][ T5088] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 728.407197][T10994] loop4: detected capacity change from 0 to 512 [ 728.417958][ T3152] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 728.476042][T10994] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 728.525051][T10994] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz-executor.4: invalid indirect mapped block 2683928664 (level 1) [ 728.591173][T10994] EXT4-fs (loop4): Remounting filesystem read-only [ 728.612479][T10994] EXT4-fs (loop4): 1 truncate cleaned up [ 728.622310][T10994] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 728.710592][ T7136] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 728.726258][ T7136] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 728.740437][ T7136] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 728.749985][ T7136] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 728.781777][T10989] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 728.911368][ T5081] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 728.954245][ T3152] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 729.061964][ T3152] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 729.155866][ T3152] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 729.383398][ T3152] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 729.513096][T11006] loop4: detected capacity change from 0 to 1024 [ 729.550895][T10098] Bluetooth: hci0: command tx timeout [ 729.557360][T10977] bridge0: port 1(bridge_slave_0) entered blocking state [ 729.565153][T10977] bridge0: port 1(bridge_slave_0) entered disabled state [ 729.573066][T10977] bridge_slave_0: entered allmulticast mode [ 729.582408][T10977] bridge_slave_0: entered promiscuous mode [ 729.597577][T11006] EXT4-fs: Ignoring removed nobh option [ 729.649121][T10977] bridge0: port 2(bridge_slave_1) entered blocking state [ 729.657021][T10977] bridge0: port 2(bridge_slave_1) entered disabled state [ 729.664917][T10977] bridge_slave_1: entered allmulticast mode [ 729.674023][T10977] bridge_slave_1: entered promiscuous mode [ 729.759005][T11006] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 729.943271][T10977] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 730.015074][ T7136] aiptek 4-1:17.0: Aiptek using 400 ms programming speed [ 730.024986][ T7136] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input6 [ 730.126561][ T3152] bridge_slave_1: left allmulticast mode [ 730.130619][ T7136] usb 4-1: USB disconnect, device number 4 [ 730.132804][ T3152] bridge_slave_1: left promiscuous mode [ 730.139767][ C1] aiptek 4-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 730.145075][ T3152] bridge0: port 2(bridge_slave_1) entered disabled state [ 730.184366][ T3152] bridge_slave_0: left allmulticast mode [ 730.192304][ T3152] bridge_slave_0: left promiscuous mode [ 730.199833][ T3152] bridge0: port 1(bridge_slave_0) entered disabled state [ 730.218694][ T3152] bridge_slave_1: left allmulticast mode [ 730.224819][ T3152] bridge_slave_1: left promiscuous mode [ 730.231681][ T3152] bridge0: port 2(bridge_slave_1) entered disabled state [ 730.247563][ T3152] bridge_slave_0: left allmulticast mode [ 730.256289][ T3152] bridge_slave_0: left promiscuous mode [ 730.265666][ T3152] bridge0: port 1(bridge_slave_0) entered disabled state [ 730.276115][T10098] Bluetooth: hci1: command tx timeout [ 730.430357][T10098] Bluetooth: hci2: command tx timeout [ 730.785606][T11014] loop3: detected capacity change from 0 to 1024 [ 731.257258][ T3152] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 731.312508][ T3152] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 731.329997][ T3152] bond0 (unregistering): Released all slaves [ 731.363708][ T3152] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 731.387865][ T3152] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 731.424269][ T3152] bond0 (unregistering): Released all slaves [ 731.451844][T10977] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 731.824804][T10990] chnl_net:caif_netlink_parms(): no params data found [ 731.980985][T10977] team0: Port device team_slave_0 added [ 732.049498][ T5081] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 732.084355][T10947] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 732.122521][T10977] team0: Port device team_slave_1 added [ 732.263222][T10947] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 732.363660][T10098] Bluetooth: hci1: command tx timeout [ 732.519909][T10098] Bluetooth: hci2: command tx timeout [ 732.562685][T10947] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 732.632596][T10977] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 732.639950][T10977] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 732.666825][T10977] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 732.705990][T10947] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 732.819006][T10977] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 732.826497][T10977] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 732.853829][T10977] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 733.137895][ T3152] hsr_slave_0: left promiscuous mode [ 733.153073][ T3152] hsr_slave_1: left promiscuous mode [ 733.186558][ T3152] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 733.194700][ T3152] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 733.215802][ T3152] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 733.226261][ T3152] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 733.352337][ T3152] hsr_slave_0: left promiscuous mode [ 733.374479][ T3152] hsr_slave_1: left promiscuous mode [ 733.406468][ T3152] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 733.414456][ T3152] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 733.438729][ T3152] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 733.446619][ T3152] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 733.490278][ T3152] veth1_macvtap: left promiscuous mode [ 733.496011][ T3152] veth0_macvtap: left promiscuous mode [ 733.502176][ T3152] veth1_vlan: left promiscuous mode [ 733.507706][ T3152] veth0_vlan: left promiscuous mode [ 733.571169][ T3152] veth1_macvtap: left promiscuous mode [ 733.576904][ T3152] veth0_macvtap: left promiscuous mode [ 733.583065][ T3152] veth1_vlan: left promiscuous mode [ 734.174222][ T5088] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 734.184144][ T5088] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 734.193552][ T5088] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 734.221507][ T5088] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 734.257197][ T5088] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 734.269993][ T5088] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 734.432238][ T5088] Bluetooth: hci1: command tx timeout [ 734.669875][T10098] Bluetooth: hci2: command tx timeout [ 734.724857][ T3152] team0 (unregistering): Port device team_slave_1 removed [ 734.761901][ T3152] team0 (unregistering): Port device team_slave_0 removed [ 735.588445][ T3152] team0 (unregistering): Port device team_slave_1 removed [ 735.623584][ T3152] team0 (unregistering): Port device team_slave_0 removed [ 735.881533][ T6410] hfsplus: b-tree write err: -5, ino 4 [ 736.278036][T10977] hsr_slave_0: entered promiscuous mode [ 736.308166][T10977] hsr_slave_1: entered promiscuous mode [ 736.514261][T10098] Bluetooth: hci3: command tx timeout [ 736.693058][T10990] bridge0: port 1(bridge_slave_0) entered blocking state [ 736.701007][T10990] bridge0: port 1(bridge_slave_0) entered disabled state [ 736.712332][T10990] bridge_slave_0: entered allmulticast mode [ 736.722398][T10990] bridge_slave_0: entered promiscuous mode [ 736.763049][T10098] Bluetooth: hci2: command tx timeout [ 736.854237][T10990] bridge0: port 2(bridge_slave_1) entered blocking state [ 736.863821][T10990] bridge0: port 2(bridge_slave_1) entered disabled state [ 736.872866][T10990] bridge_slave_1: entered allmulticast mode [ 736.881932][T10990] bridge_slave_1: entered promiscuous mode [ 737.103530][T10990] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 737.138848][T10990] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 737.532056][T10990] team0: Port device team_slave_0 added [ 737.648437][T10990] team0: Port device team_slave_1 added [ 737.882166][T10990] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 737.889327][T10990] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 737.916380][T10990] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 737.971180][T10990] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 737.978317][T10990] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 738.004874][T10990] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 738.050504][T11023] chnl_net:caif_netlink_parms(): no params data found [ 738.194068][T10947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 738.599909][T10098] Bluetooth: hci3: command tx timeout [ 738.603761][T10990] hsr_slave_0: entered promiscuous mode [ 738.642337][T10990] hsr_slave_1: entered promiscuous mode [ 738.674270][T10990] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 738.682327][T10990] Cannot create hsr debugfs directory [ 739.035217][T10947] 8021q: adding VLAN 0 to HW filter on device team0 [ 739.127220][ T5124] bridge0: port 1(bridge_slave_0) entered blocking state [ 739.135001][ T5124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 739.149298][T10977] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 739.221110][T10977] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 739.293253][T10977] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 739.370177][ T5124] bridge0: port 2(bridge_slave_1) entered blocking state [ 739.377865][ T5124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 739.390155][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 739.490061][T10977] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 740.328144][T11023] bridge0: port 1(bridge_slave_0) entered blocking state [ 740.335962][T11023] bridge0: port 1(bridge_slave_0) entered disabled state [ 740.345234][T11023] bridge_slave_0: entered allmulticast mode [ 740.356665][T11023] bridge_slave_0: entered promiscuous mode [ 740.424767][ T3152] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 740.513104][T11023] bridge0: port 2(bridge_slave_1) entered blocking state [ 740.522986][T11023] bridge0: port 2(bridge_slave_1) entered disabled state [ 740.530796][T11023] bridge_slave_1: entered allmulticast mode [ 740.539885][T11023] bridge_slave_1: entered promiscuous mode [ 740.578064][ T3152] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 740.670328][T10098] Bluetooth: hci3: command tx timeout [ 740.752192][ T3152] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 740.924240][T11023] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 740.999505][T10990] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 741.053838][ T3152] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 741.129372][T11023] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 741.143014][T10990] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 741.367616][T10990] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 741.390742][T10990] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 741.460412][T11023] team0: Port device team_slave_0 added [ 741.508507][T11023] team0: Port device team_slave_1 added [ 741.829459][T11023] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 741.838183][T11023] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 741.864496][T11023] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 741.921785][ T3152] bridge_slave_1: left allmulticast mode [ 741.930004][ T3152] bridge_slave_1: left promiscuous mode [ 741.936726][ T3152] bridge0: port 2(bridge_slave_1) entered disabled state [ 741.954977][ T3152] bridge_slave_0: left allmulticast mode [ 741.961073][ T3152] bridge_slave_0: left promiscuous mode [ 741.967300][ T3152] bridge0: port 1(bridge_slave_0) entered disabled state [ 742.367638][ T3152] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 742.384798][ T3152] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 742.401793][ T3152] bond0 (unregistering): Released all slaves [ 742.451360][T11023] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 742.458502][T11023] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 742.484974][T11023] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 742.567870][T10947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 742.751844][T10098] Bluetooth: hci3: command tx timeout [ 742.784019][T10977] 8021q: adding VLAN 0 to HW filter on device bond0 [ 742.831208][T11023] hsr_slave_0: entered promiscuous mode [ 742.845881][T11023] hsr_slave_1: entered promiscuous mode [ 742.859386][T11023] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 742.867781][T11023] Cannot create hsr debugfs directory [ 743.044982][T10977] 8021q: adding VLAN 0 to HW filter on device team0 [ 743.171286][ T7136] bridge0: port 1(bridge_slave_0) entered blocking state [ 743.178938][ T7136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 743.379385][ T5129] bridge0: port 2(bridge_slave_1) entered blocking state [ 743.387242][ T5129] bridge0: port 2(bridge_slave_1) entered forwarding state [ 743.436962][ T3152] hsr_slave_0: left promiscuous mode [ 743.446095][ T3152] hsr_slave_1: left promiscuous mode [ 743.454153][ T3152] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 743.464452][ T3152] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 743.477562][ T3152] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 743.485360][ T3152] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 743.503634][ T3152] veth1_macvtap: left promiscuous mode [ 743.509305][ T3152] veth0_macvtap: left promiscuous mode [ 743.515224][ T3152] veth1_vlan: left promiscuous mode [ 743.521384][ T3152] veth0_vlan: left promiscuous mode [ 744.009860][ T3152] team0 (unregistering): Port device team_slave_1 removed [ 744.059358][ T3152] team0 (unregistering): Port device team_slave_0 removed [ 744.679321][T10947] veth0_vlan: entered promiscuous mode [ 744.901161][T10947] veth1_vlan: entered promiscuous mode [ 744.995723][T10990] 8021q: adding VLAN 0 to HW filter on device bond0 [ 745.268152][T10990] 8021q: adding VLAN 0 to HW filter on device team0 [ 745.398221][ T4489] bridge0: port 1(bridge_slave_0) entered blocking state [ 745.406051][ T4489] bridge0: port 1(bridge_slave_0) entered forwarding state [ 745.488915][T10947] veth0_macvtap: entered promiscuous mode [ 745.544632][T11023] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 745.604221][T10947] veth1_macvtap: entered promiscuous mode [ 745.618779][T11023] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 745.621551][T11057] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 745.690112][ T4489] bridge0: port 2(bridge_slave_1) entered blocking state [ 745.697773][ T4489] bridge0: port 2(bridge_slave_1) entered forwarding state [ 745.722161][T11023] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 745.881542][T11023] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 745.982153][T10947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 745.993031][T10947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.007713][T10947] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 746.210245][T10947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 746.221198][T10947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.236927][T10947] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 746.358531][T10947] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 746.369198][T10947] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 746.378514][T10947] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 746.387734][T10947] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 747.334496][T10977] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 747.596053][T11023] 8021q: adding VLAN 0 to HW filter on device bond0 [ 747.875606][T11023] 8021q: adding VLAN 0 to HW filter on device team0 [ 747.997121][T10977] veth0_vlan: entered promiscuous mode [ 748.083183][ T5124] bridge0: port 1(bridge_slave_0) entered blocking state [ 748.090712][ T5124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 748.103726][ T5124] bridge0: port 2(bridge_slave_1) entered blocking state [ 748.111194][ T5124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 748.220407][T10977] veth1_vlan: entered promiscuous mode [ 748.675262][T10977] veth0_macvtap: entered promiscuous mode [ 748.734598][T10990] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 748.840449][T10977] veth1_macvtap: entered promiscuous mode [ 749.088177][T10977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 749.101726][T10977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 749.112978][T10977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 749.123743][T10977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 749.138851][T10977] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 749.363653][T10990] veth0_vlan: entered promiscuous mode [ 749.446930][T10977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 749.457854][T10977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 749.467956][T10977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 749.478618][T10977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 749.492890][T10977] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 749.610007][T10990] veth1_vlan: entered promiscuous mode [ 749.787144][T10977] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 749.797798][T10977] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 749.808448][T10977] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 749.819844][T10977] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 750.125034][T10990] veth0_macvtap: entered promiscuous mode [ 750.218426][T10990] veth1_macvtap: entered promiscuous mode [ 750.504747][T10990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 750.517581][T10990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 750.528838][T10990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 750.539786][T10990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 750.549830][T10990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 750.560418][T10990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 750.573659][T10990] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 750.719967][T10990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 750.731869][T10990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 750.743017][T10990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 750.754079][T10990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 750.764188][T10990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 750.774932][T10990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 750.789789][T10990] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 750.867869][T10990] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 750.878656][T10990] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 750.887794][T10990] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 750.896913][T10990] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 750.929346][T11023] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 752.181546][T11103] loop3: detected capacity change from 0 to 1024 [ 753.119689][T11023] veth0_vlan: entered promiscuous mode [ 753.192054][T11023] veth1_vlan: entered promiscuous mode [ 753.504170][T11023] veth0_macvtap: entered promiscuous mode [ 753.549652][T11023] veth1_macvtap: entered promiscuous mode [ 753.735178][T11023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 753.747006][T11023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 753.757229][T11023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 753.767952][T11023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 753.778067][T11023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 753.788850][T11023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 753.799830][T11023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 753.812027][T11023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 753.830192][T11023] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 754.025877][T11023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 754.040224][T11023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 754.051206][T11023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 754.061942][T11023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 754.072101][T11023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 754.082827][T11023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 754.092918][T11023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 754.103641][T11023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 754.129923][T11023] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 754.181187][T11023] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 754.190374][T11023] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 754.199392][T11023] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 754.208483][T11023] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 754.263759][ T4489] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 754.272065][ T4489] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 754.452803][ T6399] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 754.461509][ T6399] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 756.302540][ T6399] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 756.310887][ T6399] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 756.429255][ T6399] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 756.440685][ T6399] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 756.856216][ T6410] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 756.864604][ T6410] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 756.959502][ T6428] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 756.972387][ T6428] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 757.091328][T11158] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 759.704940][T11186] bridge: RTM_NEWNEIGH with invalid state 0x0 [ 760.116898][T11192] syz-executor.1 uses obsolete (PF_INET,SOCK_PACKET) [ 760.481568][ T6412] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 760.489990][ T6412] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 760.776482][ T6410] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 760.784807][ T6410] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 761.623474][T11207] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 762.964342][ T29] audit: type=1804 audit(1718322469.272:209): pid=11219 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir4169665678/syzkaller.AASsKB/2/file1" dev="sda1" ino=1953 res=1 errno=0 [ 763.685893][T11230] lo speed is unknown, defaulting to 1000 [ 763.697240][T11230] lo speed is unknown, defaulting to 1000 [ 763.704808][T11230] lo speed is unknown, defaulting to 1000 [ 764.225916][T11230] infiniband syz0: set active [ 764.231120][T11230] infiniband syz0: added lo [ 764.247396][ T4489] lo speed is unknown, defaulting to 1000 [ 764.547059][T11230] RDS/IB: syz0: added [ 764.553206][T11230] smc: adding ib device syz0 with port count 1 [ 764.562736][T11230] smc: ib device syz0 port 1 has pnetid [ 764.571451][T11230] lo speed is unknown, defaulting to 1000 [ 764.951132][T11238] loop0: detected capacity change from 0 to 2048 [ 764.969231][ T5134] lo speed is unknown, defaulting to 1000 [ 764.999448][T11238] loop0: p1 p3 < > p4 < p5 > [ 765.004926][T11238] loop0: partition table partially beyond EOD, truncated [ 765.012803][T11238] loop0: p1 size 33024 extends beyond EOD, truncated [ 765.065551][T11230] lo speed is unknown, defaulting to 1000 [ 765.116434][T11238] loop0: p3 start 4284289 is beyond EOD, truncated [ 765.179212][T11238] loop0: p5 size 33024 extends beyond EOD, truncated [ 765.219759][T11240] loop1: detected capacity change from 0 to 64 [ 765.568436][T11230] lo speed is unknown, defaulting to 1000 [ 765.601637][T11240] ===================================================== [ 765.608932][T11240] BUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x30b/0x3f0 [ 765.617190][T11240] hfs_revalidate_dentry+0x30b/0x3f0 [ 765.622865][T11240] path_openat+0x1101/0x5b00 [ 765.627654][T11240] do_filp_open+0x20e/0x590 [ 765.634037][T11240] do_sys_openat2+0x1bf/0x2f0 [ 765.638914][T11240] __x64_sys_openat+0x2a1/0x310 [ 765.644087][T11240] x64_sys_call+0x3a64/0x3b50 [ 765.648996][T11240] do_syscall_64+0xcf/0x1e0 [ 765.654007][T11240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.660281][T11240] [ 765.662693][T11240] Uninit was created at: [ 765.667154][T11240] __alloc_pages+0x9d6/0xe70 [ 765.672056][T11240] new_slab+0x2de/0x1400 [ 765.676468][T11240] ___slab_alloc+0x121d/0x34a0 [ 765.682992][T11240] kmem_cache_alloc_lru+0x6da/0xc20 [ 765.688361][T11240] hfs_alloc_inode+0x5a/0xd0 [ 765.701470][T11240] alloc_inode+0x86/0x460 [ 765.705964][T11240] iget_locked+0x2bf/0xee0 [ 765.712742][T11240] hfs_btree_open+0x16c/0x1aa0 [ 765.717680][T11240] hfs_mdb_get+0x1fe2/0x28b0 [ 765.722937][T11240] hfs_fill_super+0x1cf6/0x23c0 [ 765.727985][T11240] mount_bdev+0x397/0x520 [ 765.732658][T11240] hfs_mount+0x4d/0x60 [ 765.736913][T11240] legacy_get_tree+0x114/0x290 [ 765.742345][T11240] vfs_get_tree+0xa7/0x570 [ 765.746970][T11240] do_new_mount+0x71f/0x15e0 [ 765.751898][T11240] path_mount+0x742/0x1f20 [ 765.756500][T11240] __se_sys_mount+0x725/0x810 [ 765.761505][T11240] __x64_sys_mount+0xe4/0x150 [ 765.766382][T11240] x64_sys_call+0x2bf4/0x3b50 [ 765.771541][T11240] do_syscall_64+0xcf/0x1e0 [ 765.776250][T11240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.782485][T11240] [ 765.784912][T11240] CPU: 0 PID: 11240 Comm: syz-executor.1 Not tainted 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 765.801535][T11240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 765.813545][T11240] ===================================================== [ 765.820694][T11240] Disabling lock debugging due to kernel taint [ 765.826968][T11240] Kernel panic - not syncing: kmsan.panic set ... [ 765.833579][T11240] CPU: 0 PID: 11240 Comm: syz-executor.1 Tainted: G B 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 765.845310][T11240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 765.855504][T11240] Call Trace: [ 765.858893][T11240] [ 765.861923][T11240] dump_stack_lvl+0x216/0x2d0 [ 765.866814][T11240] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 765.872822][T11240] dump_stack+0x1e/0x30 [ 765.877177][T11240] panic+0x4e2/0xcd0 [ 765.881276][T11240] ? kmsan_get_metadata+0xf1/0x1d0 [ 765.886594][T11240] kmsan_report+0x2d5/0x2e0 [ 765.891284][T11240] ? kmsan_get_metadata+0x146/0x1d0 [ 765.896662][T11240] ? __msan_warning+0x95/0x120 [ 765.901590][T11240] ? hfs_revalidate_dentry+0x30b/0x3f0 [ 765.907271][T11240] ? path_openat+0x1101/0x5b00 [ 765.912239][T11240] ? do_filp_open+0x20e/0x590 [ 765.917113][T11240] ? do_sys_openat2+0x1bf/0x2f0 [ 765.922149][T11240] ? __x64_sys_openat+0x2a1/0x310 [ 765.927363][T11240] ? x64_sys_call+0x3a64/0x3b50 [ 765.932416][T11240] ? do_syscall_64+0xcf/0x1e0 [ 765.937296][T11240] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.943581][T11240] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 765.949584][T11240] ? link_path_walk+0x9c7/0x1490 [ 765.954713][T11240] ? filter_irq_stacks+0x60/0x1a0 [ 765.959951][T11240] ? kmsan_get_metadata+0x146/0x1d0 [ 765.965326][T11240] ? kmsan_get_metadata+0x146/0x1d0 [ 765.970703][T11240] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 765.976710][T11240] ? __rcu_read_unlock+0x7b/0xe0 [ 765.981888][T11240] ? __d_lookup+0x8bf/0x940 [ 765.986591][T11240] ? filter_irq_stacks+0x60/0x1a0 [ 765.991844][T11240] ? kmsan_get_metadata+0x146/0x1d0 [ 765.997219][T11240] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 766.003217][T11240] __msan_warning+0x95/0x120 [ 766.007984][T11240] hfs_revalidate_dentry+0x30b/0x3f0 [ 766.013489][T11240] ? __pfx_hfs_revalidate_dentry+0x10/0x10 [ 766.019508][T11240] path_openat+0x1101/0x5b00 [ 766.024356][T11240] do_filp_open+0x20e/0x590 [ 766.029095][T11240] do_sys_openat2+0x1bf/0x2f0 [ 766.033966][T11240] __x64_sys_openat+0x2a1/0x310 [ 766.039027][T11240] x64_sys_call+0x3a64/0x3b50 [ 766.043912][T11240] do_syscall_64+0xcf/0x1e0 [ 766.048621][T11240] ? clear_bhb_loop+0x25/0x80 [ 766.053512][T11240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 766.059628][T11240] RIP: 0033:0x7f6cd927cea9 [ 766.064189][T11240] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 766.083993][T11240] RSP: 002b:00007f6cd9f380c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 766.092582][T11240] RAX: ffffffffffffffda RBX: 00007f6cd93b3f80 RCX: 00007f6cd927cea9 [ 766.100713][T11240] RDX: 000000000000275a RSI: 0000000020000080 RDI: ffffffffffffff9c [ 766.108839][T11240] RBP: 00007f6cd92ebff4 R08: 0000000000000000 R09: 0000000000000000 [ 766.116951][T11240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 766.125062][T11240] R13: 000000000000000b R14: 00007f6cd93b3f80 R15: 00007ffd301afec8 [ 766.133201][T11240] [ 766.136542][T11240] Kernel Offset: disabled [ 766.140928][T11240] Rebooting in 86400 seconds..