last executing test programs: 21.504326245s ago: executing program 0 (id=1200): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000004780)={'team0\x00', &(0x7f0000000080)=@ethtool_link_settings={0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}) 20.908409222s ago: executing program 0 (id=1202): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f00000000c0)={0x80000000000000b1}, 0x8) 20.67142142s ago: executing program 0 (id=1205): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002300007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x7a) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = fsopen(&(0x7f0000000000)='erofs\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r5, 0x2, &(0x7f0000000040)='dax\x00', &(0x7f0000000080)="b0", 0x1) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) close(r6) 19.104258508s ago: executing program 0 (id=1207): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@private=0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x0) 18.650749659s ago: executing program 0 (id=1210): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r0 = io_uring_setup(0x3d11, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_FILES2(r0, 0xd, &(0x7f0000000440)={0x1, 0x0, 0x0, &(0x7f0000000380)=[{0x0}], 0x0}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/4\x00') read$char_usb(r1, &(0x7f0000000000)=""/178, 0xb2) 18.290207954s ago: executing program 0 (id=1212): r0 = syz_open_dev$radio(&(0x7f0000000040), 0x0, 0x2) ioctl$VIDIOC_G_PRIORITY(r0, 0x80045643, 0x0) 9.704517581s ago: executing program 2 (id=1252): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r2 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) ftruncate(r3, 0x2000009) sendfile(r2, r3, 0x0, 0x7ffff000) splice(r1, 0x0, r0, 0x0, 0x3, 0x1) 9.343103643s ago: executing program 2 (id=1255): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400) ioctl$TUNSETOFFLOAD(r0, 0x40107446, 0x0) 9.105360753s ago: executing program 1 (id=1259): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x8, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) setsockopt$sock_linger(r0, 0x1, 0x3d, &(0x7f0000000080), 0x8) sendmmsg$sock(r0, &(0x7f0000000a80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@timestamping={{0x14, 0x1, 0x3d}}], 0x18}}], 0x1, 0x0) 8.970886842s ago: executing program 1 (id=1261): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="680000000206011e0000000000000000000000000e0003006269746d61703a697000000005000400000000000900020073797a300000000020000780050003001c0000000c0001800800014008000000050014002000000005000500020000000500010006"], 0x68}}, 0x0) 8.751252412s ago: executing program 1 (id=1264): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="580000000206030000000000000000000000000005000100070000000900020073797a30000000000c000780080006400000000011000300686173683a69702c706f727400000000050005000a000000050004"], 0x58}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 8.302857017s ago: executing program 2 (id=1266): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000108500000008000000bf08fffff900000055090100000000009500000000ec0000bf916a0000000000b7020000000000008500000000000000b70000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x3}, 0x90) 7.779816206s ago: executing program 3 (id=1268): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x7) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r1, 0x80089419, 0x0) 7.693328369s ago: executing program 1 (id=1269): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x6, 0x0, &(0x7f0000000400)=[@transaction], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = userfaultfd(0x801) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) listen(r4, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000001400)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r4}}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ppoll(&(0x7f0000000140)=[{r1}], 0x1, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x10, 0x0, &(0x7f0000000440)=[@request_death], 0x0, 0x0, 0x0}) 7.608318588s ago: executing program 2 (id=1270): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) ioprio_set$pid(0x2, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r0, 0x0, 0x0) 7.379264778s ago: executing program 2 (id=1271): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000000340), 0xc) setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, &(0x7f00000001c0)=0x6, 0x4) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff", 0x58}], 0x1) 7.202155691s ago: executing program 2 (id=1273): memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12010100000000105801000100000000000109022400010000002009040000010300000009210000000122dc01090589"], 0x0) r1 = eventfd2(0x0, 0x0) write$eventfd(r1, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000400)={0x2020}, 0x2020) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @multicast2}, 0x10, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d2eaebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17", 0x14b}], 0x1}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r3, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=@framed={{0x1e, 0xa, 0xa, 0x0, 0x0, 0x79, 0x10, 0x10}}, 0x0}, 0x90) r7 = socket$nl_generic(0x10, 0x3, 0x10) bind$vsock_stream(r7, &(0x7f0000000000)={0x10}, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000880)={0x1c, r6, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12011003000012002505a8a4f0"], 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0) 6.941601616s ago: executing program 3 (id=1275): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) ioctl$EVIOCSKEYCODE_V2(r0, 0x40044591, 0x0) 6.916436433s ago: executing program 5 (id=1276): bpf$PROG_LOAD(0x5, 0x0, 0x0) getpid() process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030021000b63d25a80648c2594f90124fc60350c030b022e0009083582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x3000}, 0x0) 6.666896187s ago: executing program 3 (id=1278): ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r1, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @local}}, 0x24) sendmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000001880)=[{{0x0, 0x2, 0x0}}], 0xf000, 0x10002, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) 6.573502206s ago: executing program 1 (id=1279): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000005000000850000002a00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='neigh_update\x00', r0}, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000040)={{0x2, 0x0, @multicast2}, {}, 0x0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'ip6gre0\x00'}) 6.558542534s ago: executing program 5 (id=1280): socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='wbt_step\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f00000000000000000000850000000e000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000400)='sys_exit\x00', r1}, 0x10) getresuid(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) creat(&(0x7f0000000040)='./file0\x00', 0x0) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='./file0\x00', 0xa000032a) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) readv(r5, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/256, 0x10}], 0x2) syz_mount_image$udf(&(0x7f0000000a40), &(0x7f0000000000)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4400, &(0x7f0000000100)=ANY=[@ANYBLOB="73686f72746164000000006d653d3030303030303030303030303030303030b030342c6e6f6164696e6963622c7569643d00", @ANYRESHEX, @ANYRES64=0x0], 0x1, 0xa1b, &(0x7f0000001540)="$eJzs209sm+d9B/Dfw1eyaadrFbd1kzbLWLQIPKUN5P9KvAH2rApt5iZGZWXzZTBlyQ4R/askF043tB42oAjQg1FgPWzAkMsOA3bwDrvsFOwwDBg2GDsMxYp2Wrpm6Y3BBuS0aXhfPpQoWY7VOLZk+/Mx7C/58veSzx+afMmHbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEb/1lVNDB9N2twIAuJ9eGvvG0GHv/wDwSDnn8z8AAAAAAAAAAAAAAOx0KYr4s0jx6k/a6UJ1vaN+pjV75er4yOjmu+1JkaIWRVVf/q0fPHT4yNFjx4e7+cH7f9SejJfHzp1qnJ6bmV+YWlycmmyMz7Yuzk1Obfke7nb/jQarAWjMvHZl8tKlxcah5w6vu/nqwDu7H9s/cOL4i+f3dWvHR0ZHx3pq+vo/9KPf4nZneOyKIn4WKerfezc1I6IWdz8Wd3ju3Gt7qk4MVp0YHxmtOjLdas4ulTemWq6qRQz07HSyO0b3YS7uSiPiWtn8ssGDZffG5psLzYnpqcbZ5sJSa6k1N5tqndaW/RmIWgyniPmIaBe33l1/FPHvkeL777fTREQU3XF4tjox+M7tqd2DPm5BX9m3IuJmPABztoPtjiLeiBQ/OD8UF/O4VsP2TMTXy3w64ptlLkdcz9dT+QR5KuK9TZ5PPFj6ooh/ihRzqZ0mu3Nfva6ceaXxtdlLcz213deVB/794X7a4a9N9ShionrFb6cPf7ADAAAAAMDOU8TfRoobMwfSfPSuKbZmLzfONSemO98Kd7/7b+S9VlZWVgZSJxs5h3KezHk254Wc8zmv5bye882cN3K+lfNmzuWc7ZxRy4+fs5FzKOfJnGdzXsg5n/Nazus538x5I+dbOW/mXM7ZzhnWvQAAAAAAAADYYfZEET+OFF/4m29V5xVHdV76J04MH/jqF3vPGf/MHe6nrH0uIm7E1s7J7c+nDqda+eej7xdbU48ivpPP//vD7W4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwrWpRxGcixQ/faKdIEdGIuBCdXC62u3UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAh1FPRZyOFL/4Sr26fjMiPhsR/7dS/omI5ZUNtrvFAAAAAAAAAMAtUhFDkeLxJ9tpICKuDryz+7H9AyeOv3h+XxFFpLKkt/7lsXOnGqfnZuYXphYXpyYb47Oti3OTU1t9uPqZ1uyVq+Mjo/ekM3e05x63f0/99Nz86wuty68ubXr73vqpicWlhebFzW+OPVGLGOrdMlg1eHxktGr0dKs5W+2aardpYC2isdXOAAAAAAAAAPDQ2JuKOBopXm0dSd11477Omv+vdK4Vq7V/8QdrvwWY3pBdvb8f2MrltNWGDlYL743xkdHRsZ7Nff23lpZtSqmIv44Un/vdJ6r18BR7N10bL+t2RYpj3zqS6wY+V9adXFdVHxwfGW28NDf75VPT03MXm0vNiempxth88+KWfzgAAAAAAAAAAPfQ3lTEn0eK3xu6mbrnnef1/77OtZ71/9+oltAr9bQ+V1Vr+x+v1vY7lz9xYrgx+mu3234v1v/LNqVUxL9Fisd//4nqfPru+v/Qhtqy7r8jxb/+41O5rrarrDvY7U7nHi+1pqeGUh6rzz/brY2q9niu/eRa7cGy9vOR4i+fWV87nGs/tVZ7qKz940jxv0c3r/30Wu3hsvaPIsVvv93o1u4ta8/k2v1rtc9dnJuevNOwlvP/d5Hi7C++mrp9vu389/z+49qGXHXLnH/w5Y9q/gd6tl3L8/rjPP8H7zD/fx8p/uSnT+W6ztgfyrc/Xv27Nv+/Eyn+61fX1x7LtfvWag9utVvbrZz/L0WKEz/60Wqf8/znkV2bod75/2zf+lx9lmzT/D/es20gt+vwLzkWj6LF17/9WnN6emrBBRdccGH1wna/MnE/lO///xwpXjhTS93jmPz+/7HOtbXjv/e/s/b+/8KGXLVN7//7era9kI9a+vsi6ksz8/37I+qLr3/7y62Z5uWpy1Ozw8eOHnl++Nix5/t3dY/t1i5teegeCuX8n4kUr/z0X1Y/x6w//tv8+H/vhly1TfP/yd4+rTuu2fJQPJLK+b8eKb779rurnzc/6Pi/+/n/wBfW5+r/v22a/0/1bKt+4//xiOd7th34dMSprT4WAAAAPGT25nXyP/31f1g953395//4Yre29/uf29kJ5/8DAAAAAMCjbm8q4q8ixf8MfSl1zyHbyu8/Jzfkqm36/d/+nm2T9+m8li0PMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADpSiiKcjxas/aaflorzeUT/Tmr1ydXxkdPPd9qRIUYuiqi//1g8eOnzk6LHjw9384P0/ak/Gy2PnTjVOz83ML0wtLk5NNsZnWxfnJqe2fA93u/9Gg9UANGZeuzJ56dJi49Bzh9fdfHXgnd2P7R84cfzF8/u6teMjo6NjPTV9/R/60W+RbrN9VxRxKVLUv/du+o8iohZ3PxZ3eO7ca3uqTgxWnRgfGa06Mt1qzi6VN6ZarqpFDPTsdLI7RvdhLu5KI+Ja2fyywYNl98bmmwvNiempxtnmwlJrqTU3m2qd1pb9GYhaDKeI+YhoF7feXX8UMREpvv9+O71dRBTdcXj2pbFvDB2+c3tq96CPvVa+u+nmvrJvRcTNeADmbAfbHUV8LFL84PxQ/KzojGs1bM9EfL3MpyO+WeZyxPV8PZVPkKci3tvk+cSDpS+KOBsp5lI7/WeR5756XTnzSuNrs5fmemq7rysP/PvD/bTDX5vqUcTPq1f8dvq5/88AAAAAAA+RIn4zUtyYOZCq9cHVNcXW7OXGuebEdOdr/e53/42818rKyspA6mQj51DOkznP5ryQcz7ntZzXc76Z80bOt3LezLmcs50zavnxczZyDuU8mfNszgs553Ney3k955s5b+R8K+fNnMs52znD9+QAAAAAAADADlSLIp6IFD98o51Wis4C74Xo5LJ1zofe/wcAAP//Vsw/Lg==") creat(&(0x7f0000000280)='./file1\x00', 0x0) 4.58568587s ago: executing program 5 (id=1282): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x1c, 0x1, 0x4, 0x801, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x24, 0x1, 0x4, 0x301, 0x0, 0x0, {}, [@NFULA_CFG_FLAGS={0x6}, @NFULA_CFG_CMD={0x5, 0x1, 0x2}]}, 0x24}}, 0x0) 4.515548737s ago: executing program 4 (id=1283): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r2 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) ftruncate(r3, 0x2000009) sendfile(r2, r3, 0x0, 0x7ffff000) splice(r1, 0x0, r0, 0x0, 0x3, 0x1) 4.21702544s ago: executing program 5 (id=1284): r0 = fsopen(&(0x7f0000000140)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, &(0x7f0000000180)='auto_da_alloc', 0x0) 4.001885222s ago: executing program 5 (id=1285): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x8, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) setsockopt$sock_linger(r0, 0x1, 0x3d, &(0x7f0000000080), 0x8) sendmmsg$sock(r0, &(0x7f0000000a80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@timestamping={{0x14, 0x1, 0x3d}}], 0x18}}], 0x1, 0x0) 3.929253519s ago: executing program 4 (id=1286): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x7) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r1, 0x80089419, 0x0) 3.701249275s ago: executing program 5 (id=1287): r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b03d25a80648c2594f90124fc60100c030000040009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) 2.840040366s ago: executing program 4 (id=1288): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) io_setup(0x2, &(0x7f0000000200)=0x0) r2 = eventfd2(0x0, 0x0) io_getevents(0x0, 0x4, 0x0, &(0x7f0000000540), 0x0) ppoll(&(0x7f0000000180)=[{r2, 0x11}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socketpair$unix(0x1, 0x0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r3, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0xffffffa8}], 0x1, 0x800, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) tkill(0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r3, 0x58, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000300)={'syztnl0\x00', &(0x7f0000000540)={'syztnl0\x00', r5, 0x10, 0x8000, 0x200, 0x3, {{0x37, 0x4, 0x2, 0x3, 0xdc, 0x66, 0x0, 0x0, 0x2f, 0x0, @multicast1, @rand_addr=0x64010102, {[@ra={0x94, 0x4}, @ra={0x94, 0x4}, @cipso={0x86, 0x2c, 0x0, [{0x1, 0x10, "b1c477729992bce20e65bc0ae63b"}, {0x2, 0x9, "a9ea393a40838d"}, {0x0, 0xd, "a5289f539fc62418d2b5a1"}]}, @timestamp={0x44, 0xc, 0xed, 0x0, 0x2, [0x8, 0x6]}, @ssrr={0x89, 0x3, 0x31}, @timestamp_addr={0x44, 0x2c, 0x66, 0x1, 0x3, [{@broadcast, 0x9}, {@rand_addr=0x64010101, 0x3ff}, {@local, 0x5ef}, {@remote, 0x8}, {@multicast2}]}, @timestamp_prespec={0x44, 0x4c, 0xeb, 0x3, 0x6, [{@broadcast, 0x7}, {@empty, 0x6}, {@remote, 0x8}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0xfff}, {@local}, {@empty, 0x3f}, {@multicast2, 0xb}, {@broadcast}]}, @timestamp_addr={0x44, 0xc, 0x6e, 0x1, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}}]}]}}}}}) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2={0xff, 0x5}}, 0x1c) write$P9_RGETLOCK(r3, &(0x7f0000000f00)=ANY=[@ANYBLOB="5c0200003702000202000000000000", @ANYRES32, @ANYBLOB="3e02dec7eedf7e87dc36868ac2b57e08916deb7d6f61dc6dae8a5f91540bf13ecba6f1023096e8f6b466d4068dd810a3efa159fe660d5d6fa1ff78379b29afa208861e3ded8f5ff930524a621cd835f7e32ae25711be5eaac829f4482e57f6d263182b61623301c45aeb829789650c5c0110d469e2ee79e9d8f473660d12f48931ee3ed3bcdfc518a9f9fd9e2eaa3545e8d00f6e301e87b71f7746a684c17c24fd93cfc3158bbbfa4ea38d9f915983b3ca7dd803d8a3fe114fec61b87e93cd28d1032c9cbe3d3c88ff4f2c8b47109e2c358e7033036d090000005f32fa11cc33aa6b30f12bd1fce40da0e71554bbca5ec363299923bac39ccc603a0fc60b3a7dac0bbdd949781acf505d93c450d89a9982885015a191e0e6fe79374ec9b2dba9162ad667234c63b4071738ec4b0d87d0e9fc4ad9525ded3c69732c3772913b137f65b4f659320f4984d9b5667b47f8e998d687ba162897d2eed76d86f6b999765026389d0d5ce20aa7a46942c2715d3756cb3d1cc6419ebc85ee3a4b9ea05f05742123f301ffd2f4d2d5742efe32ec0596b525a6198cd95af16c9c04b49bc20fe9aab1235ac0c9e7dae59c2d76e7a0bba8beb402ef07f4f7c7b85d70e90cc9a6e58cb8804d03786f2fc15abe36d0cf817c98c59c29b85ef56a48d8d0d35c390fd881d5b2ac45870b697338c89e15e760b87d545bc580c5ce4a127dcca79f645cc2eaf658160725db85caf1194d21d64e966b72655a54ebbc9f43aa9f5142ac274739b1abfecfa774995b8f2bae2c4d4db51ee5eab3c7348e3ab0fb5f92685e4c"], 0xd7) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) io_submit(r1, 0x1, &(0x7f0000000140)=[&(0x7f0000000000)={0x1802, 0xc00, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x3, r2}]) syz_mount_image$udf(&(0x7f0000000200), &(0x7f0000000000)='./bus\x00', 0x4440, &(0x7f0000000100)=ANY=[@ANYBLOB='shortad,rootdir=00000000000000000002,noadinicb\x00\x00\x00\x00=', @ANYRESDEC=0x0, @ANYRES32], 0x1, 0xa1b, &(0x7f0000001540)="$eJzs209sm+d9B/Dfw1eyaadrFbd1kzbLWLQIPKUN5P9KvAH2rApt5iZGZWXzZTBlyQ4R/askF043tB42oAjQg1FgPWzAkMsOA3bwDrvsFOwwDBg2GDsMxYp2Wrpm6Y3BBuS0aXhfPpQoWY7VOLZk+/Mx7C/58veSzx+afMmHbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEb/1lVNDB9N2twIAuJ9eGvvG0GHv/wDwSDnn8z8AAAAAAAAAAAAAAOx0KYr4s0jx6k/a6UJ1vaN+pjV75er4yOjmu+1JkaIWRVVf/q0fPHT4yNFjx4e7+cH7f9SejJfHzp1qnJ6bmV+YWlycmmyMz7Yuzk1Obfke7nb/jQarAWjMvHZl8tKlxcah5w6vu/nqwDu7H9s/cOL4i+f3dWvHR0ZHx3pq+vo/9KPf4nZneOyKIn4WKerfezc1I6IWdz8Wd3ju3Gt7qk4MVp0YHxmtOjLdas4ulTemWq6qRQz07HSyO0b3YS7uSiPiWtn8ssGDZffG5psLzYnpqcbZ5sJSa6k1N5tqndaW/RmIWgyniPmIaBe33l1/FPHvkeL777fTREQU3XF4tjox+M7tqd2DPm5BX9m3IuJmPABztoPtjiLeiBQ/OD8UF/O4VsP2TMTXy3w64ptlLkdcz9dT+QR5KuK9TZ5PPFj6ooh/ihRzqZ0mu3Nfva6ceaXxtdlLcz213deVB/794X7a4a9N9ShionrFb6cPf7ADAAAAAMDOU8TfRoobMwfSfPSuKbZmLzfONSemO98Kd7/7b+S9VlZWVgZSJxs5h3KezHk254Wc8zmv5bye882cN3K+lfNmzuWc7ZxRy4+fs5FzKOfJnGdzXsg5n/Nazus538x5I+dbOW/mXM7ZzhnWvQAAAAAAAADYYfZEET+OFF/4m29V5xVHdV76J04MH/jqF3vPGf/MHe6nrH0uIm7E1s7J7c+nDqda+eej7xdbU48ivpPP//vD7W4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwrWpRxGcixQ/faKdIEdGIuBCdXC62u3UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAh1FPRZyOFL/4Sr26fjMiPhsR/7dS/omI5ZUNtrvFAAAAAAAAAMAtUhFDkeLxJ9tpICKuDryz+7H9AyeOv3h+XxFFpLKkt/7lsXOnGqfnZuYXphYXpyYb47Oti3OTU1t9uPqZ1uyVq+Mjo/ekM3e05x63f0/99Nz86wuty68ubXr73vqpicWlhebFzW+OPVGLGOrdMlg1eHxktGr0dKs5W+2aardpYC2isdXOAAAAAAAAAPDQ2JuKOBopXm0dSd11477Omv+vdK4Vq7V/8QdrvwWY3pBdvb8f2MrltNWGDlYL743xkdHRsZ7Nff23lpZtSqmIv44Un/vdJ6r18BR7N10bL+t2RYpj3zqS6wY+V9adXFdVHxwfGW28NDf75VPT03MXm0vNiempxth88+KWfzgAAAAAAAAAAPfQ3lTEn0eK3xu6mbrnnef1/77OtZ71/9+oltAr9bQ+V1Vr+x+v1vY7lz9xYrgx+mu3234v1v/LNqVUxL9Fisd//4nqfPru+v/Qhtqy7r8jxb/+41O5rrarrDvY7U7nHi+1pqeGUh6rzz/brY2q9niu/eRa7cGy9vOR4i+fWV87nGs/tVZ7qKz940jxv0c3r/30Wu3hsvaPIsVvv93o1u4ta8/k2v1rtc9dnJuevNOwlvP/d5Hi7C++mrp9vu389/z+49qGXHXLnH/w5Y9q/gd6tl3L8/rjPP8H7zD/fx8p/uSnT+W6ztgfyrc/Xv27Nv+/Eyn+61fX1x7LtfvWag9utVvbrZz/L0WKEz/60Wqf8/znkV2bod75/2zf+lx9lmzT/D/es20gt+vwLzkWj6LF17/9WnN6emrBBRdccGH1wna/MnE/lO///xwpXjhTS93jmPz+/7HOtbXjv/e/s/b+/8KGXLVN7//7era9kI9a+vsi6ksz8/37I+qLr3/7y62Z5uWpy1Ozw8eOHnl++Nix5/t3dY/t1i5teegeCuX8n4kUr/z0X1Y/x6w//tv8+H/vhly1TfP/yd4+rTuu2fJQPJLK+b8eKb779rurnzc/6Pi/+/n/wBfW5+r/v22a/0/1bKt+4//xiOd7th34dMSprT4WAAAAPGT25nXyP/31f1g953395//4Yre29/uf29kJ5/8DAAAAAMCjbm8q4q8ixf8MfSl1zyHbyu8/Jzfkqm36/d/+nm2T9+m8li0PMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADpSiiKcjxas/aaflorzeUT/Tmr1ydXxkdPPd9qRIUYuiqi//1g8eOnzk6LHjw9384P0/ak/Gy2PnTjVOz83ML0wtLk5NNsZnWxfnJqe2fA93u/9Gg9UANGZeuzJ56dJi49Bzh9fdfHXgnd2P7R84cfzF8/u6teMjo6NjPTV9/R/60W+RbrN9VxRxKVLUv/du+o8iohZ3PxZ3eO7ca3uqTgxWnRgfGa06Mt1qzi6VN6ZarqpFDPTsdLI7RvdhLu5KI+Ja2fyywYNl98bmmwvNiempxtnmwlJrqTU3m2qd1pb9GYhaDKeI+YhoF7feXX8UMREpvv9+O71dRBTdcXj2pbFvDB2+c3tq96CPvVa+u+nmvrJvRcTNeADmbAfbHUV8LFL84PxQ/KzojGs1bM9EfL3MpyO+WeZyxPV8PZVPkKci3tvk+cSDpS+KOBsp5lI7/WeR5756XTnzSuNrs5fmemq7rysP/PvD/bTDX5vqUcTPq1f8dvq5/88AAAAAAA+RIn4zUtyYOZCq9cHVNcXW7OXGuebEdOdr/e53/42818rKyspA6mQj51DOkznP5ryQcz7ntZzXc76Z80bOt3LezLmcs50zavnxczZyDuU8mfNszgs553Ney3k955s5b+R8K+fNnMs52znD9+QAAAAAAADADlSLIp6IFD98o51Wis4C74Xo5LJ1zofe/wcAAP//Vsw/Lg==") 2.67651959s ago: executing program 3 (id=1289): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) ioctl$EVIOCSKEYCODE_V2(r0, 0x40044591, 0x0) 1.768795235s ago: executing program 3 (id=1290): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) getpid() socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) prlimit64(0xffffffffffffffff, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r4, 0x0, 0xf3a, 0x0) tee(r3, r1, 0x8, 0x0) write$binfmt_script(r4, 0x0, 0xfffffe48) 1.630391094s ago: executing program 4 (id=1291): bpf$PROG_LOAD(0x5, 0x0, 0x0) getpid() process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030021000b63d25a80648c2594f90124fc60350c030b022e0009083582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x3000}, 0x0) 1.397335941s ago: executing program 4 (id=1292): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100)) r2 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r2, 0x80045017, 0x0) r3 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) r4 = timerfd_create(0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r6 = socket(0x22, 0x2, 0x4) getsockname(r6, 0x0, 0x0) preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) fcntl$getflags(r5, 0x40a) poll(&(0x7f00000003c0), 0x0, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r8 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r8, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x34, r9, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r8, 0xc06864ce, &(0x7f0000000440)={r10, 0x0, 0x0, 0x0, 0x0, [0x0], [], [], [0x0, 0x401]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r7, 0xc00c642d, &(0x7f0000000080)={r11, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r8, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r12}) timerfd_settime(r4, 0x3, 0x0, 0x0) write$snddsp(r3, &(0x7f0000000200)="a38d", 0x5a) ioctl$SNDRV_PCM_IOCTL_REWIND(r3, 0x40084146, &(0x7f0000000180)=0x4) close_range(r0, 0xffffffffffffffff, 0x0) 721.511324ms ago: executing program 3 (id=1293): socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='wbt_step\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f00000000000000000000850000000e000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000400)='sys_exit\x00', r1}, 0x10) getresuid(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) creat(&(0x7f0000000040)='./file0\x00', 0x0) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='./file0\x00', 0xa000032a) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) readv(r5, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/256, 0x10}], 0x2) syz_mount_image$udf(&(0x7f0000000a40), &(0x7f0000000000)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4400, &(0x7f0000000100)=ANY=[@ANYBLOB="73686f72746164000000006d653d3030303030303030303030303030303030b030342c6e6f6164696e6963622c7569643d00", @ANYRESHEX, @ANYRES64=0x0], 0x1, 0xa1b, &(0x7f0000001540)="$eJzs209sm+d9B/Dfw1eyaadrFbd1kzbLWLQIPKUN5P9KvAH2rApt5iZGZWXzZTBlyQ4R/askF043tB42oAjQg1FgPWzAkMsOA3bwDrvsFOwwDBg2GDsMxYp2Wrpm6Y3BBuS0aXhfPpQoWY7VOLZk+/Mx7C/58veSzx+afMmHbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEb/1lVNDB9N2twIAuJ9eGvvG0GHv/wDwSDnn8z8AAAAAAAAAAAAAAOx0KYr4s0jx6k/a6UJ1vaN+pjV75er4yOjmu+1JkaIWRVVf/q0fPHT4yNFjx4e7+cH7f9SejJfHzp1qnJ6bmV+YWlycmmyMz7Yuzk1Obfke7nb/jQarAWjMvHZl8tKlxcah5w6vu/nqwDu7H9s/cOL4i+f3dWvHR0ZHx3pq+vo/9KPf4nZneOyKIn4WKerfezc1I6IWdz8Wd3ju3Gt7qk4MVp0YHxmtOjLdas4ulTemWq6qRQz07HSyO0b3YS7uSiPiWtn8ssGDZffG5psLzYnpqcbZ5sJSa6k1N5tqndaW/RmIWgyniPmIaBe33l1/FPHvkeL777fTREQU3XF4tjox+M7tqd2DPm5BX9m3IuJmPABztoPtjiLeiBQ/OD8UF/O4VsP2TMTXy3w64ptlLkdcz9dT+QR5KuK9TZ5PPFj6ooh/ihRzqZ0mu3Nfva6ceaXxtdlLcz213deVB/794X7a4a9N9ShionrFb6cPf7ADAAAAAMDOU8TfRoobMwfSfPSuKbZmLzfONSemO98Kd7/7b+S9VlZWVgZSJxs5h3KezHk254Wc8zmv5bye882cN3K+lfNmzuWc7ZxRy4+fs5FzKOfJnGdzXsg5n/Nazus538x5I+dbOW/mXM7ZzhnWvQAAAAAAAADYYfZEET+OFF/4m29V5xVHdV76J04MH/jqF3vPGf/MHe6nrH0uIm7E1s7J7c+nDqda+eej7xdbU48ivpPP//vD7W4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwrWpRxGcixQ/faKdIEdGIuBCdXC62u3UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAh1FPRZyOFL/4Sr26fjMiPhsR/7dS/omI5ZUNtrvFAAAAAAAAAMAtUhFDkeLxJ9tpICKuDryz+7H9AyeOv3h+XxFFpLKkt/7lsXOnGqfnZuYXphYXpyYb47Oti3OTU1t9uPqZ1uyVq+Mjo/ekM3e05x63f0/99Nz86wuty68ubXr73vqpicWlhebFzW+OPVGLGOrdMlg1eHxktGr0dKs5W+2aardpYC2isdXOAAAAAAAAAPDQ2JuKOBopXm0dSd11477Omv+vdK4Vq7V/8QdrvwWY3pBdvb8f2MrltNWGDlYL743xkdHRsZ7Nff23lpZtSqmIv44Un/vdJ6r18BR7N10bL+t2RYpj3zqS6wY+V9adXFdVHxwfGW28NDf75VPT03MXm0vNiempxth88+KWfzgAAAAAAAAAAPfQ3lTEn0eK3xu6mbrnnef1/77OtZ71/9+oltAr9bQ+V1Vr+x+v1vY7lz9xYrgx+mu3234v1v/LNqVUxL9Fisd//4nqfPru+v/Qhtqy7r8jxb/+41O5rrarrDvY7U7nHi+1pqeGUh6rzz/brY2q9niu/eRa7cGy9vOR4i+fWV87nGs/tVZ7qKz940jxv0c3r/30Wu3hsvaPIsVvv93o1u4ta8/k2v1rtc9dnJuevNOwlvP/d5Hi7C++mrp9vu389/z+49qGXHXLnH/w5Y9q/gd6tl3L8/rjPP8H7zD/fx8p/uSnT+W6ztgfyrc/Xv27Nv+/Eyn+61fX1x7LtfvWag9utVvbrZz/L0WKEz/60Wqf8/znkV2bod75/2zf+lx9lmzT/D/es20gt+vwLzkWj6LF17/9WnN6emrBBRdccGH1wna/MnE/lO///xwpXjhTS93jmPz+/7HOtbXjv/e/s/b+/8KGXLVN7//7era9kI9a+vsi6ksz8/37I+qLr3/7y62Z5uWpy1Ozw8eOHnl++Nix5/t3dY/t1i5teegeCuX8n4kUr/z0X1Y/x6w//tv8+H/vhly1TfP/yd4+rTuu2fJQPJLK+b8eKb779rurnzc/6Pi/+/n/wBfW5+r/v22a/0/1bKt+4//xiOd7th34dMSprT4WAAAAPGT25nXyP/31f1g953395//4Yre29/uf29kJ5/8DAAAAAMCjbm8q4q8ixf8MfSl1zyHbyu8/Jzfkqm36/d/+nm2T9+m8li0PMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADpSiiKcjxas/aaflorzeUT/Tmr1ydXxkdPPd9qRIUYuiqi//1g8eOnzk6LHjw9384P0/ak/Gy2PnTjVOz83ML0wtLk5NNsZnWxfnJqe2fA93u/9Gg9UANGZeuzJ56dJi49Bzh9fdfHXgnd2P7R84cfzF8/u6teMjo6NjPTV9/R/60W+RbrN9VxRxKVLUv/du+o8iohZ3PxZ3eO7ca3uqTgxWnRgfGa06Mt1qzi6VN6ZarqpFDPTsdLI7RvdhLu5KI+Ja2fyywYNl98bmmwvNiempxtnmwlJrqTU3m2qd1pb9GYhaDKeI+YhoF7feXX8UMREpvv9+O71dRBTdcXj2pbFvDB2+c3tq96CPvVa+u+nmvrJvRcTNeADmbAfbHUV8LFL84PxQ/KzojGs1bM9EfL3MpyO+WeZyxPV8PZVPkKci3tvk+cSDpS+KOBsp5lI7/WeR5756XTnzSuNrs5fmemq7rysP/PvD/bTDX5vqUcTPq1f8dvq5/88AAAAAAA+RIn4zUtyYOZCq9cHVNcXW7OXGuebEdOdr/e53/42818rKyspA6mQj51DOkznP5ryQcz7ntZzXc76Z80bOt3LezLmcs50zavnxczZyDuU8mfNszgs553Ney3k955s5b+R8K+fNnMs52znD9+QAAAAAAADADlSLIp6IFD98o51Wis4C74Xo5LJ1zofe/wcAAP//Vsw/Lg==") creat(&(0x7f0000000280)='./file1\x00', 0x0) 161.03774ms ago: executing program 4 (id=1294): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @xfrm={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x68}}, 0x0) 0s ago: executing program 1 (id=1295): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x1c, 0x1, 0x4, 0x801, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x24, 0x1, 0x4, 0x301, 0x0, 0x0, {}, [@NFULA_CFG_FLAGS={0x6}, @NFULA_CFG_CMD={0x5, 0x1, 0x2}]}, 0x24}}, 0x0) kernel console output (not intermixed with test programs): : (device loop1): mounted with root inode @ nid 36. [ 169.283646][ T5978] erofs: (device loop1): z_erofs_fill_inode_lazy: unknown HEAD2 format 8 for nid 36, please upgrade kernel [ 169.300921][ T5443] veth0_vlan: entered promiscuous mode [ 169.349483][ T5978] erofs: (device loop1): z_erofs_fill_inode_lazy: unknown HEAD2 format 8 for nid 36, please upgrade kernel [ 169.361647][ T5978] erofs: (device loop1): z_erofs_read_folio: read error -95 @ 0 of nid 36 [ 169.414241][ T5370] veth0_macvtap: entered promiscuous mode [ 169.438192][ T5443] veth1_vlan: entered promiscuous mode [ 169.594662][ T5847] hsr_slave_0: entered promiscuous mode [ 169.631404][ T5847] hsr_slave_1: entered promiscuous mode [ 169.771551][ T5370] veth1_macvtap: entered promiscuous mode [ 170.023790][ T5103] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 170.038331][ T5103] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 170.047682][ T5103] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 170.057936][ T5103] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 170.066945][ T5103] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 170.083717][ T5103] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 170.249639][ T36] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.632568][ T5370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 170.643977][ T5370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 170.655981][ T5370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.237528][ T5106] Bluetooth: hci4: command tx timeout [ 173.272381][ T5370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.316987][ T5370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.400949][ T5370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.453788][ T5370] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 173.576409][ T36] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.786139][ T5443] veth0_macvtap: entered promiscuous mode [ 173.926727][ T5370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.996829][ T5370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.018456][ T5370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.034543][ T5370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.044575][ T5370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.065344][ T5370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.086830][ T5370] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 174.173115][ T6001] ptrace attach of "./syz-executor exec"[5107] was attempted by " %F9c6\x0d \x07BD'HɧR^a\x07|QO JyE~>ZYW<\x0b\x09ީNCJR,pfm< /a~Un~Mݾ1U[.^t߷+ʟ&&Y1d#&nPBVXZ1T\x22J;\x0d/Ȗ·#5H}n: ۆRs4erI=뾌¹lj^-A*gm}؁3\x0c\x0bv1*`^MJA\x09 _6%1ۜ)A yz*\x22rU5{XÅs >\x0aH*`~Lj!/\x1b%Ol9ZJrdL/\x0cG€&H'KDOL46޿o8\x0b,SDo޽4pt{&KSr7|\x0ad̂qI~<6xǍz8pO!wƍFli?Qo\x0aVkrk9:5EV\x07pFULyR%;/d=mI,Z:\x1b.Dc8+SsW5V?Ct:W:Y_tKeVb;zR\x0dѝ9!3_ta\x0cEܡ&W#d%F%0xߔ,hb`\x22u357l XFaH.DN Ч9E8ՁQ<6Ztpi̺c:= [ 174.263007][ T36] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.905408][ T5443] veth1_macvtap: entered promiscuous mode [ 175.043619][ T36] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.115490][ T5370] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.143989][ T5370] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.160735][ T5370] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.177550][ T5370] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.235061][ T6006] trusted_key: syz.5.284 sent an empty control message without MSG_MORE. [ 175.262438][ T5106] Bluetooth: hci4: command tx timeout [ 175.382853][ T5443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 175.421600][ T5443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.448624][ T6010] loop1: detected capacity change from 0 to 512 [ 175.455102][ T5443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 175.482160][ T6010] ext4: Bad value for 'stripe' [ 175.488736][ T5443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.505431][ T5443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 175.517753][ T5443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.528241][ T5443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 175.540735][ T5443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.554434][ T5443] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 175.819340][ T5443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.830061][ T5443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.841521][ T5443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.854225][ T5443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.864635][ T5443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.876328][ T5443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.886613][ T5443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.897367][ T5443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.934072][ T5443] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 175.989026][ T5162] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 176.201571][ T5162] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 176.213915][ T5162] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.228907][ T5162] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 176.238905][ T5162] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 176.262837][ T5162] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 176.274865][ T5162] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 176.305790][ T5162] usb 6-1: Manufacturer: syz [ 176.320882][ T5162] usb 6-1: config 0 descriptor?? [ 176.443783][ T5443] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.462189][ T5443] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.481058][ T5443] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.497711][ T5443] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.655736][ T36] bridge_slave_1: left allmulticast mode [ 176.667437][ T36] bridge_slave_1: left promiscuous mode [ 176.674584][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.701237][ T36] bridge_slave_0: left allmulticast mode [ 176.706936][ T36] bridge_slave_0: left promiscuous mode [ 176.721495][ T6021] mmap: syz.1.291 (6021) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 176.730640][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.781782][ T5162] appleir 0003:05AC:8243.0003: unknown main item tag 0x0 [ 176.796068][ T5162] appleir 0003:05AC:8243.0003: No inputs registered, leaving [ 176.832977][ T5162] appleir 0003:05AC:8243.0003: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 177.338758][ T5106] Bluetooth: hci4: command tx timeout [ 177.374204][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 177.390054][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 177.406633][ T36] bond0 (unregistering): Released all slaves [ 177.709269][ T780] usb 6-1: USB disconnect, device number 2 [ 177.959131][ T5983] chnl_net:caif_netlink_parms(): no params data found [ 177.959853][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 177.985526][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 178.175375][ T6039] loop1: detected capacity change from 0 to 256 [ 178.310290][ T36] hsr_slave_0: left promiscuous mode [ 178.317228][ T36] hsr_slave_1: left promiscuous mode [ 178.335521][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 178.346092][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 178.365721][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 178.376684][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 178.434970][ T36] veth1_macvtap: left promiscuous mode [ 178.443231][ T36] veth0_macvtap: left promiscuous mode [ 178.449231][ T36] veth1_vlan: left promiscuous mode [ 178.455233][ T36] veth0_vlan: left promiscuous mode [ 179.419209][ T5106] Bluetooth: hci4: command tx timeout [ 180.139948][ T36] team0 (unregistering): Port device team_slave_1 removed [ 180.194811][ T36] team0 (unregistering): Port device team_slave_0 removed [ 180.778124][ T5847] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 180.904501][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 180.933385][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 180.948389][ T5847] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 181.070460][ T5847] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 181.130804][ T5983] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.138081][ T5983] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.156141][ T5983] bridge_slave_0: entered allmulticast mode [ 181.174120][ T5983] bridge_slave_0: entered promiscuous mode [ 181.198908][ T5983] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.217634][ T5983] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.230618][ T5983] bridge_slave_1: entered allmulticast mode [ 181.243519][ T5983] bridge_slave_1: entered promiscuous mode [ 181.270416][ T5847] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 181.492325][ T2441] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 181.518728][ T2441] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 181.570918][ T5983] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 182.126942][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 182.172463][ T5983] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 182.182531][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 182.204608][ T6074] ptrace attach of "./syz-executor exec"[5096] was attempted by " %F9c6\x0d \x07BD'HɧR^a\x07|QO JyE~>ZYW<\x0b\x09ީNCJR,pfm< /a~Un~Mݾ1U[.^t߷+ʟ&&Y1d#&nPBVXZ1T\x22J;\x0d/Ȗ·#5H}n: ۆRs4erI=뾌¹lj^-A*gm}؁3\x0c\x0bv1*`^MJA\x09 _6%1ۜ)A yz*\x22rU5{XÅs >\x0aH*`~Lj!/\x1b%Ol9ZJrdL/\x0cG€&H'KDOL46޿o8\x0b,SDo޽4pt{&KSr7|\x0ad̂qI~<6xǍz8pO!wƍFli?Qo\x0aVkrk9:5EV\x07pFULyR%;/d=mI,Z:\x1b.Dc8+SsW5V?Ct:W:Y_tKeVb;zR\x0dѝ9!3_ta\x0cEܡ&W#d%F%0xߔ,hb`\x22u357l XFaH.DN Ч9E8ՁQ<6Ztpi̺c:= [ 183.100699][ T6076] loop5: detected capacity change from 0 to 128 [ 183.358231][ T6078] Cannot find del_set index 0 as target [ 183.367244][ T6076] VFS: unable to find oldfs superblock on device loop5 [ 183.494476][ T5983] team0: Port device team_slave_0 added [ 183.560548][ T5983] team0: Port device team_slave_1 added [ 183.714125][ T6085] loop5: detected capacity change from 0 to 512 [ 183.764014][ T5983] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 183.823946][ T5983] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 183.933530][ T6085] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2234: inode #15: comm syz.5.311: corrupted in-inode xattr: invalid ea_ino [ 183.950757][ T5983] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 183.962118][ T6085] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.311: couldn't read orphan inode 15 (err -117) [ 184.022235][ T6085] EXT4-fs (loop5): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 184.069695][ T5983] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 184.077135][ T5983] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.116149][ T5983] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 184.175830][ T6089] netlink: 8 bytes leftover after parsing attributes in process `syz.0.82'. [ 184.509752][ T5983] hsr_slave_0: entered promiscuous mode [ 184.575118][ T5983] hsr_slave_1: entered promiscuous mode [ 184.608537][ T5983] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 184.621630][ T5096] EXT4-fs (loop5): unmounting filesystem 00000007-0000-0000-0000-000000000000. [ 184.646963][ T5983] Cannot create hsr debugfs directory [ 185.025854][ T6108] loop4: detected capacity change from 0 to 512 [ 185.066627][ T6108] ext4: Bad value for 'stripe' [ 185.087412][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.282352][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.547111][ T5161] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.554395][ T5161] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.591503][ T6113] Cannot find del_set index 0 as target [ 185.755145][ T5161] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.762830][ T5161] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.001864][ T6121] program syz.5.325 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 186.727305][ T6124] pim6reg1: entered promiscuous mode [ 186.738750][ T6124] pim6reg1: entered allmulticast mode [ 187.776943][ T6144] Cannot find del_set index 0 as target [ 187.798559][ T5983] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 187.814668][ T5983] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 188.064204][ T5983] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 188.181834][ T5983] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 188.424200][ T5106] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 188.433712][ T5106] Bluetooth: hci1: Injecting HCI hardware error event [ 188.444933][ T5106] Bluetooth: hci1: hardware error 0x00 [ 188.616529][ T6148] loop4: detected capacity change from 0 to 1024 [ 188.738728][ T6148] hfsplus: Filesystem is marked locked, mounting read-only. [ 188.881797][ T6148] warning: `syz.4.337' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 189.310808][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 189.452989][ T4858] IPVS: starting estimator thread 0... [ 189.569850][ T6164] IPVS: using max 19 ests per chain, 45600 per kthread [ 189.658146][ T5983] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.710067][ T5847] veth0_vlan: entered promiscuous mode [ 189.761969][ T5983] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.836682][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.844082][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.868054][ T5847] veth1_vlan: entered promiscuous mode [ 189.922360][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.929636][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.084743][ T6170] netlink: 'syz.0.346': attribute type 1 has an invalid length. [ 190.302528][ T6171] pim6reg1: entered promiscuous mode [ 190.307992][ T6171] pim6reg1: entered allmulticast mode [ 190.422620][ T5847] veth0_macvtap: entered promiscuous mode [ 190.629137][ T5106] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 190.760391][ T5847] veth1_macvtap: entered promiscuous mode [ 190.880459][ T6179] Cannot find del_set index 0 as target [ 191.008937][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 191.043414][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.076104][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 191.128224][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.165939][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 191.201544][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.254695][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 191.298576][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.376230][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 191.435545][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 191.496924][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.548738][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 191.574895][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.585284][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 191.616812][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.635202][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 191.646151][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.667805][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 191.735874][ T5847] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.779742][ T5847] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.828731][ T5847] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.851615][ T5847] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.856910][ T6202] loop0: detected capacity change from 0 to 512 [ 191.931906][ T6202] ext4: Bad value for 'stripe' [ 192.430925][ T2424] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 192.478315][ T2424] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 192.719934][ T6209] pim6reg1: entered promiscuous mode [ 192.725290][ T6209] pim6reg1: entered allmulticast mode [ 192.939574][ T5983] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.994025][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.008400][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.304357][ T5983] veth0_vlan: entered promiscuous mode [ 193.325128][ T6225] netlink: 132 bytes leftover after parsing attributes in process `syz.5.368'. [ 193.401477][ T5983] veth1_vlan: entered promiscuous mode [ 193.486423][ T6227] 9pnet_virtio: no channels available for device [ 193.627520][ T5983] veth0_macvtap: entered promiscuous mode [ 193.657892][ T5983] veth1_macvtap: entered promiscuous mode [ 193.777525][ T5983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 193.791687][ T5983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.808199][ T5983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 193.810616][ T5983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.810652][ T5983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 193.810682][ T5983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.810704][ T5983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 193.810733][ T5983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.810761][ T5983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 193.810788][ T5983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.817463][ T5983] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 193.857964][ T5983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.858001][ T5983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.858020][ T5983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.858054][ T5983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.858150][ T5983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.858178][ T5983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.858198][ T5983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.858226][ T5983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.858247][ T5983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.860808][ T5983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.864377][ T5983] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 193.889845][ T5983] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.889977][ T5983] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.890046][ T5983] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.890108][ T5983] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.067878][ T6242] netlink: 'syz.1.375': attribute type 1 has an invalid length. [ 194.067970][ T6242] netlink: 112860 bytes leftover after parsing attributes in process `syz.1.375'. [ 194.067999][ T6242] netlink: 'syz.1.375': attribute type 1 has an invalid length. [ 194.319579][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 194.319612][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 194.451192][ T6245] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 194.578451][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 194.578486][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 194.855666][ T5161] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 195.028406][ T5161] usb 1-1: Using ep0 maxpacket: 16 [ 195.048096][ T5161] usb 1-1: config 0 has an invalid interface descriptor of length 8, skipping [ 195.078143][ T5161] usb 1-1: config 0 descriptor has 1 excess byte, ignoring [ 195.089906][ T5161] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 195.136145][ T5161] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 195.155415][ T5161] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.174549][ T5161] usb 1-1: Product: syz [ 195.179611][ T5161] usb 1-1: Manufacturer: syz [ 195.187464][ T5161] usb 1-1: SerialNumber: syz [ 195.254284][ T5161] usb 1-1: config 0 descriptor?? [ 195.312418][ T6263] input: syz1 as /devices/virtual/input/input5 [ 195.780346][ T6279] netlink: 'syz.5.391': attribute type 11 has an invalid length. [ 195.838666][ T2754] IPVS: starting estimator thread 0... [ 195.867647][ T6283] xt_NFQUEUE: number of total queues is 0 [ 195.940617][ T6282] IPVS: using max 14 ests per chain, 33600 per kthread [ 196.467058][ T6296] netlink: 132 bytes leftover after parsing attributes in process `syz.4.400'. [ 197.184149][ T6311] unsupported nlmsg_type 40 [ 197.398875][ T5161] usb 1-1: USB disconnect, device number 2 [ 197.468943][ T6314] loop3: detected capacity change from 0 to 512 [ 198.040572][ T6314] EXT4-fs error (device loop3): ext4_xattr_inode_iget:435: comm syz.3.405: Parent and EA inode have the same ino 15 [ 198.087327][ T6314] EXT4-fs (loop3): Remounting filesystem read-only [ 198.098938][ T6314] EXT4-fs (loop3): 1 orphan inode deleted [ 198.128500][ T6321] netlink: 'syz.4.407': attribute type 1 has an invalid length. [ 198.140814][ T6314] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 198.177383][ T6321] netlink: 112860 bytes leftover after parsing attributes in process `syz.4.407'. [ 198.207399][ T6321] netlink: 'syz.4.407': attribute type 1 has an invalid length. [ 198.459649][ T6325] xt_NFQUEUE: number of total queues is 0 [ 198.496997][ T5983] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 198.715774][ T6334] loop5: detected capacity change from 0 to 128 [ 198.791408][ T6334] VFS: unable to find oldfs superblock on device loop5 [ 199.255135][ T6349] loop5: detected capacity change from 0 to 512 [ 199.457498][ T6360] netlink: 'syz.1.425': attribute type 1 has an invalid length. [ 199.475818][ T6360] netlink: 112860 bytes leftover after parsing attributes in process `syz.1.425'. [ 199.523697][ T6360] netlink: 'syz.1.425': attribute type 1 has an invalid length. [ 199.532555][ T6349] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2234: inode #15: comm syz.5.414: corrupted in-inode xattr: invalid ea_ino [ 199.547638][ T6349] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.414: couldn't read orphan inode 15 (err -117) [ 199.574473][ T6362] loop0: detected capacity change from 0 to 512 [ 199.586698][ T6349] EXT4-fs (loop5): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 199.653364][ T6362] EXT4-fs error (device loop0): ext4_xattr_inode_iget:435: comm syz.0.426: Parent and EA inode have the same ino 15 [ 199.750152][ T6362] EXT4-fs (loop0): Remounting filesystem read-only [ 199.756801][ T6362] EXT4-fs (loop0): 1 orphan inode deleted [ 199.875554][ T6362] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 200.261140][ T5443] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.300325][ T6374] input: syz1 as /devices/virtual/input/input6 [ 200.334340][ T5096] EXT4-fs (loop5): unmounting filesystem 00000007-0000-0000-0000-000000000000. [ 201.346786][ T29] audit: type=1326 audit(1719581895.055:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6386 comm="syz.1.435" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f430ed75b29 code=0x0 [ 201.533042][ T6394] loop4: detected capacity change from 0 to 47 [ 201.699535][ T29] audit: type=1800 audit(1719581895.405:8): pid=6399 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.440" name="file1" dev="sda1" ino=1988 res=0 errno=0 [ 201.746210][ T6399] loop3: detected capacity change from 0 to 256 [ 201.782228][ T29] audit: type=1800 audit(1719581895.445:9): pid=6399 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.440" name="file1" dev="sda1" ino=1988 res=0 errno=0 [ 201.788214][ T6400] loop2: detected capacity change from 0 to 256 [ 201.803679][ T6402] netlink: 'syz.5.441': attribute type 11 has an invalid length. [ 202.290660][ T6405] loop0: detected capacity change from 0 to 32768 [ 202.363018][ T6405] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.442 (6405) [ 202.614391][ T6400] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 202.654467][ T6399] FAT-fs (loop3): Directory bread(block 64) failed [ 202.787136][ T6399] FAT-fs (loop3): Directory bread(block 65) failed [ 202.904582][ T6399] FAT-fs (loop3): Directory bread(block 66) failed [ 203.041703][ T6399] FAT-fs (loop3): Directory bread(block 67) failed [ 203.171464][ T6399] FAT-fs (loop3): Directory bread(block 68) failed [ 203.295782][ T6399] FAT-fs (loop3): Directory bread(block 69) failed [ 203.405745][ T6399] FAT-fs (loop3): Directory bread(block 70) failed [ 203.501335][ T6399] FAT-fs (loop3): Directory bread(block 71) failed [ 203.541473][ T6399] FAT-fs (loop3): Directory bread(block 72) failed [ 203.548157][ T6399] FAT-fs (loop3): Directory bread(block 73) failed [ 203.572008][ T6405] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 203.584196][ T6405] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 203.593119][ T6405] BTRFS info (device loop0): using free-space-tree [ 203.734700][ T6420] loop5: detected capacity change from 0 to 512 [ 203.878855][ T6420] EXT4-fs error (device loop5): ext4_xattr_inode_iget:435: comm syz.5.444: Parent and EA inode have the same ino 15 [ 203.948669][ T29] audit: type=1800 audit(1719581897.635:10): pid=6399 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.440" name="file2" dev="loop3" ino=1048673 res=0 errno=0 [ 203.957337][ T6430] loop1: detected capacity change from 0 to 256 [ 204.010648][ T6420] EXT4-fs (loop5): Remounting filesystem read-only [ 204.017420][ T6420] EXT4-fs (loop5): 1 orphan inode deleted [ 204.052463][ T6399] syz.3.440: attempt to access beyond end of device [ 204.052463][ T6399] loop3: rw=2049, sector=1224, nr_sectors = 4 limit=256 [ 204.069210][ T29] audit: type=1800 audit(1719581897.705:11): pid=6399 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.440" name="file2" dev="loop3" ino=1048673 res=0 errno=0 [ 204.069457][ T6420] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 204.321164][ T6437] loop2: detected capacity change from 0 to 16 [ 205.346521][ T1242] ieee802154 phy0 wpan0: encryption failed: -22 [ 205.365736][ T1242] ieee802154 phy1 wpan1: encryption failed: -22 [ 205.380262][ T6437] erofs: (device loop2): mounted with root inode @ nid 36. [ 205.428417][ T6436] syz.2.445: attempt to access beyond end of device [ 205.428417][ T6436] loop2: rw=0, sector=14552337248, nr_sectors = 16 limit=16 [ 205.693451][ T5096] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.837242][ T5443] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 205.956970][ T6444] loop3: detected capacity change from 0 to 64 [ 206.209935][ T6447] netlink: 12 bytes leftover after parsing attributes in process `syz.5.450'. [ 207.093682][ T6457] loop3: detected capacity change from 0 to 1024 [ 207.169235][ T6457] ext4: Bad value for 'barrier' [ 207.435611][ T6461] 9pnet_virtio: no channels available for device [ 207.448478][ T29] audit: type=1326 audit(1719581901.155:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6460 comm="syz.1.455" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f430ed75b29 code=0x0 [ 207.739142][ T6470] loop3: detected capacity change from 0 to 47 [ 208.856725][ T6477] loop2: detected capacity change from 0 to 128 [ 208.971749][ T6477] VFS: unable to find oldfs superblock on device loop2 [ 209.065106][ T4858] IPVS: starting estimator thread 0... [ 209.120855][ T29] audit: type=1804 audit(1719581902.835:13): pid=6487 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.462" name="/root/syzkaller.AdNgyQ/24/bus" dev="sda1" ino=1987 res=1 errno=0 [ 209.152219][ T6484] loop4: detected capacity change from 0 to 512 [ 209.168662][ T6485] IPVS: using max 19 ests per chain, 45600 per kthread [ 209.242037][ T6490] loop3: detected capacity change from 0 to 256 [ 209.276245][ T6484] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2234: inode #12: comm syz.4.464: corrupted in-inode xattr: invalid ea_ino [ 209.316354][ T6493] loop2: detected capacity change from 0 to 512 [ 209.323038][ T6484] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.464: couldn't read orphan inode 12 (err -117) [ 209.402540][ T6484] EXT4-fs (loop4): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 209.460943][ T6493] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2234: inode #15: comm syz.2.460: corrupted in-inode xattr: invalid ea_ino [ 209.500699][ T6493] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.460: couldn't read orphan inode 15 (err -117) [ 209.693323][ T6493] EXT4-fs (loop2): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 209.937915][ T5370] EXT4-fs (loop4): unmounting filesystem 00000005-0000-0000-0000-000000000000. [ 210.547822][ T6486] loop5: detected capacity change from 0 to 32768 [ 210.600237][ T6486] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.463 (6486) [ 210.651913][ T5847] EXT4-fs (loop2): unmounting filesystem 00000007-0000-0000-0000-000000000000. [ 210.688164][ T6486] BTRFS info (device loop5): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 210.709556][ T6486] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 210.719944][ T6486] BTRFS info (device loop5): using free-space-tree [ 210.900784][ T6509] loop4: detected capacity change from 0 to 256 [ 211.004799][ T6509] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 211.679511][ T6531] input: syz1 as /devices/virtual/input/input7 [ 211.770144][ T29] audit: type=1804 audit(1719581905.475:14): pid=6509 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.470" name="/root/syzkaller.0dlWIk/40/file0/bus" dev="loop4" ino=1048705 res=1 errno=0 [ 211.888509][ T29] audit: type=1804 audit(1719581905.525:15): pid=6509 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.470" name="/root/syzkaller.0dlWIk/40/file0/bus" dev="loop4" ino=1048705 res=1 errno=0 [ 211.935460][ T5096] BTRFS info (device loop5): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 212.763529][ T6545] loop0: detected capacity change from 0 to 512 [ 212.833861][ T6545] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2234: inode #12: comm syz.0.479: corrupted in-inode xattr: invalid ea_ino [ 212.873857][ T6540] loop2: detected capacity change from 0 to 8192 [ 212.926990][ T6545] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.479: couldn't read orphan inode 12 (err -117) [ 212.954188][ T6550] loop3: detected capacity change from 0 to 256 [ 213.008108][ T6540] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 213.036776][ T6545] EXT4-fs (loop0): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 213.972120][ T5443] EXT4-fs (loop0): unmounting filesystem 00000005-0000-0000-0000-000000000000. [ 216.304808][ T6569] loop5: detected capacity change from 0 to 2048 [ 216.379743][ T6590] loop2: detected capacity change from 0 to 256 [ 216.386898][ T6569] EXT4-fs (loop5): invalid inodes per group: 0 [ 216.386898][ T6569] [ 216.529611][ T6590] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 216.829782][ T29] audit: type=1804 audit(1719581910.495:16): pid=6590 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.491" name="/root/syzkaller.5bS9Mh/23/file0/bus" dev="loop2" ino=1048710 res=1 errno=0 [ 216.930658][ T29] audit: type=1804 audit(1719581910.575:17): pid=6590 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.491" name="/root/syzkaller.5bS9Mh/23/file0/bus" dev="loop2" ino=1048710 res=1 errno=0 [ 217.180197][ T6605] loop5: detected capacity change from 0 to 2048 [ 217.249309][ T6605] UDF-fs: error (device loop5): udf_process_sequence: Primary Volume Descriptor not found! [ 217.254581][ T6609] program syz.4.500 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 217.313196][ T6609] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 217.351634][ T6605] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 217.563298][ T6607] loop3: detected capacity change from 0 to 8192 [ 217.604833][ T6614] loop2: detected capacity change from 0 to 256 [ 217.635657][ T6607] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 217.923626][ T6621] netlink: 12 bytes leftover after parsing attributes in process `syz.0.506'. [ 222.452820][ T6644] program syz.0.515 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 222.508969][ T6644] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 222.576060][ T6649] loop2: detected capacity change from 0 to 256 [ 222.669595][ T6649] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 222.699925][ T5103] Bluetooth: hci5: command 0x0406 tx timeout [ 223.415907][ T6639] loop4: detected capacity change from 0 to 2048 [ 223.758439][ T29] audit: type=1804 audit(1719581917.405:18): pid=6649 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.514" name="/root/syzkaller.5bS9Mh/25/file0/bus" dev="loop2" ino=1048715 res=1 errno=0 [ 223.803647][ T29] audit: type=1804 audit(1719581917.425:19): pid=6649 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.514" name="/root/syzkaller.5bS9Mh/25/file0/bus" dev="loop2" ino=1048715 res=1 errno=0 [ 224.355272][ T6673] loop4: detected capacity change from 0 to 256 [ 224.467323][ T6666] loop1: detected capacity change from 0 to 8192 [ 224.539391][ T6666] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 226.152238][ T29] audit: type=1804 audit(1719581919.845:20): pid=6688 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.529" name="/root/syzkaller.5bS9Mh/26/bus" dev="sda1" ino=1960 res=1 errno=0 [ 227.653877][ T6696] netlink: 8 bytes leftover after parsing attributes in process `syz.5.531'. [ 229.568772][ T6731] loop3: detected capacity change from 0 to 256 [ 229.616351][ T6722] loop1: detected capacity change from 0 to 4096 [ 229.664197][ T6722] ntfs3: Invalid value for umask. [ 232.707105][ T6790] netlink: 202920 bytes leftover after parsing attributes in process `syz.0.568'. [ 232.928705][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 234.063385][ T6820] loop5: detected capacity change from 0 to 4096 [ 234.111986][ T6820] ntfs3: loop5: Different NTFS sector size (2048) and media sector size (512). [ 234.152702][ T6831] loop3: detected capacity change from 0 to 256 [ 234.222096][ T6831] exfat: Deprecated parameter 'namecase' [ 234.258347][ T29] audit: type=1804 audit(1719581927.965:21): pid=6828 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.582" name="/root/syzkaller.uqRcuj/142/cgroup.controllers" dev="sda1" ino=1987 res=1 errno=0 [ 234.283019][ T6820] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 234.366660][ T6831] exFAT-fs (loop3): error, invalid access to FAT (entry 0x00000005) bogus content (0x00000fff) [ 234.392431][ T6831] exFAT-fs (loop3): Filesystem has been set read-only [ 234.423240][ T6831] exFAT-fs (loop3): failed to load upcase table [ 234.443504][ T6831] exFAT-fs (loop3): failed to recognize exfat type [ 234.487722][ T6828] netlink: 4068 bytes leftover after parsing attributes in process `syz.1.582'. [ 235.275444][ T2398] ntfs3: loop5: ino=5, ntfs3_write_inode failed, -22. [ 236.533419][ T6892] loop1: detected capacity change from 0 to 256 [ 236.577465][ T6894] loop0: detected capacity change from 0 to 256 [ 236.638521][ T6892] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 238.059966][ T5106] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 238.069015][ T5106] Bluetooth: hci5: Injecting HCI hardware error event [ 238.079854][ T5103] Bluetooth: hci5: hardware error 0x00 [ 238.125029][ T6899] loop2: detected capacity change from 0 to 4096 [ 238.168475][ T6899] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 238.237467][ T6899] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 238.258420][ T2754] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 238.614649][ T6911] loop0: detected capacity change from 0 to 32768 [ 238.653561][ T6911] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.614 (6911) [ 238.694592][ T6911] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 238.705333][ T6911] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm [ 238.713885][ T6911] BTRFS info (device loop0): using free-space-tree [ 238.741623][ T2754] usb 4-1: Using ep0 maxpacket: 8 [ 238.791937][ T2754] usb 4-1: config 135 has an invalid interface number: 230 but max is 0 [ 238.811982][ T2754] usb 4-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 238.866215][ T2754] usb 4-1: config 135 has no interface number 0 [ 238.900861][ T2754] usb 4-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 238.980107][ T6911] BTRFS info (device loop0): checking UUID tree [ 238.990426][ T2754] usb 4-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 239.024470][ T2754] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 239.182589][ T2754] usb 4-1: Product: syz [ 239.186825][ T2754] usb 4-1: Manufacturer: syz [ 239.198665][ T2754] usb 4-1: SerialNumber: syz [ 239.272783][ T6938] netlink: 40 bytes leftover after parsing attributes in process `syz.0.614'. [ 239.542798][ T2441] ntfs3: loop2: ino=5, ntfs3_write_inode failed, -22. [ 239.758936][ T5443] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 239.831055][ T29] audit: type=1800 audit(1719581933.545:22): pid=6940 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.622" name="file0" dev="sda1" ino=1972 res=0 errno=0 [ 240.223990][ T5103] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 240.587154][ T6948] loop4: detected capacity change from 0 to 4096 [ 240.621362][ T6948] ntfs3: Invalid value for umask. [ 240.909653][ T2754] usb 4-1: Found UVC 0.00 device syz (18ec:3288) [ 240.916889][ T2754] usb 4-1: No valid video chain found. [ 240.939718][ T2754] usb 4-1: USB disconnect, device number 4 [ 240.949185][ T2441] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.173348][ T2441] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.364698][ T6962] loop2: detected capacity change from 0 to 16 [ 241.396314][ T6962] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 241.411760][ T2441] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.673709][ T2441] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.760013][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 242.367462][ T2441] bridge_slave_1: left allmulticast mode [ 242.380256][ T2441] bridge_slave_1: left promiscuous mode [ 242.413053][ T2441] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.481451][ T2441] bridge_slave_0: left allmulticast mode [ 242.525098][ T2441] bridge_slave_0: left promiscuous mode [ 242.563912][ T2441] bridge0: port 1(bridge_slave_0) entered disabled state [ 243.097143][ T5106] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 243.116997][ T5106] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 243.134672][ T6996] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 243.148693][ T5106] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 243.180557][ T6996] overlayfs: missing 'lowerdir' [ 243.379471][ T5106] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 243.421303][ T5106] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 244.028294][ T5106] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 245.111495][ T6999] sched: RT throttling activated [ 245.918601][ T5105] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 246.128430][ T5105] usb 4-1: Using ep0 maxpacket: 8 [ 246.265941][ T7010] loop0: detected capacity change from 0 to 16 [ 246.285640][ T7010] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 246.628899][ T5106] Bluetooth: hci5: command tx timeout [ 246.670550][ T7014] loop4: detected capacity change from 0 to 4096 [ 246.685768][ T7014] ntfs3: loop4: Primary boot: invalid bytes per MFT record 2 (-1). [ 246.723085][ T7014] ntfs3: loop4: try to read out of volume at offset 0x1ffe00 [ 246.997222][ T2441] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 247.021531][ T2441] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 247.034208][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 247.077926][ T2441] bond0 (unregistering): Released all slaves [ 247.226065][ T5105] usb 4-1: device descriptor read/all, error -71 [ 247.226109][ T7021] netlink: 'syz.0.653': attribute type 9 has an invalid length. [ 247.288761][ T7021] netlink: 4 bytes leftover after parsing attributes in process `syz.0.653'. [ 247.341771][ T5106] Bluetooth: hci0: command 0x0406 tx timeout [ 247.536257][ T7030] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 247.575854][ T7030] overlayfs: missing 'lowerdir' [ 248.214161][ T7047] loop3: detected capacity change from 0 to 16 [ 248.280480][ T7047] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 248.705035][ T5103] Bluetooth: hci5: command tx timeout [ 248.786527][ T2441] hsr_slave_0: left promiscuous mode [ 248.850879][ T2441] hsr_slave_1: left promiscuous mode [ 248.907779][ T2441] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 248.924537][ T2441] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 249.022757][ T2441] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 249.057190][ T2441] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 249.180185][ T2441] veth1_macvtap: left promiscuous mode [ 249.198568][ T2441] veth0_macvtap: left promiscuous mode [ 249.210981][ T2441] veth1_vlan: left promiscuous mode [ 249.241227][ T2441] veth0_vlan: left promiscuous mode [ 249.637938][ T7072] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 249.662380][ T7072] overlayfs: missing 'lowerdir' [ 249.717126][ T7070] loop0: detected capacity change from 0 to 4096 [ 249.735105][ T7070] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 249.764479][ T7070] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 250.162173][ T36] ntfs3: loop0: ino=5, ntfs3_write_inode failed, -22. [ 250.782784][ T5103] Bluetooth: hci5: command tx timeout [ 250.847195][ T29] audit: type=1400 audit(1719581944.555:23): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=7084 comm="syz.3.678" [ 250.921543][ T7081] loop0: detected capacity change from 0 to 40427 [ 250.992144][ T7081] F2FS-fs (loop0): invalid crc value [ 251.027614][ T7081] F2FS-fs (loop0): Found nat_bits in checkpoint [ 251.136680][ T7081] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 251.254604][ T5443] syz-executor: attempt to access beyond end of device [ 251.254604][ T5443] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 251.306430][ T5443] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 252.132300][ T2441] team0 (unregistering): Port device team_slave_1 removed [ 252.262071][ T7104] loop3: detected capacity change from 0 to 256 [ 252.299680][ T7104] exFAT-fs (loop3): bogus fat length [ 252.318857][ T7104] exFAT-fs (loop3): failed to read boot sector [ 252.325755][ T7104] exFAT-fs (loop3): failed to recognize exfat type [ 252.357459][ T2441] team0 (unregistering): Port device team_slave_0 removed [ 252.464366][ T29] audit: type=1800 audit(1719581946.165:24): pid=7106 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.686" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 252.514282][ T29] audit: type=1800 audit(1719581946.225:25): pid=7106 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.686" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0 [ 252.899186][ T5103] Bluetooth: hci5: command tx timeout [ 253.802939][ T7118] Zero length message leads to an empty skb [ 254.529546][ T7061] netlink: 'syz.2.667': attribute type 9 has an invalid length. [ 254.551407][ T7061] netlink: 4 bytes leftover after parsing attributes in process `syz.2.667'. [ 255.140769][ T7131] loop4: detected capacity change from 0 to 512 [ 255.334326][ T7138] loop2: detected capacity change from 0 to 8 [ 255.451910][ T6993] chnl_net:caif_netlink_parms(): no params data found [ 255.740559][ T7138] unable to read fragment index table [ 256.761408][ T29] audit: type=1326 audit(1719581950.475:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.4.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1669f75b29 code=0x7ffc0000 [ 256.800502][ T29] audit: type=1326 audit(1719581950.495:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.4.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1669f75b29 code=0x7ffc0000 [ 256.828204][ T29] audit: type=1326 audit(1719581950.495:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.4.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1669f75b29 code=0x7ffc0000 [ 256.864714][ T7155] loop5: detected capacity change from 0 to 16 [ 256.924984][ T29] audit: type=1326 audit(1719581950.495:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.4.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1669f75b29 code=0x7ffc0000 [ 256.950668][ T7155] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 257.028200][ T29] audit: type=1326 audit(1719581950.495:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.4.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1669f75b29 code=0x7ffc0000 [ 257.134513][ T29] audit: type=1326 audit(1719581950.505:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.4.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1669f75b29 code=0x7ffc0000 [ 257.207501][ T7157] netlink: 'syz.2.701': attribute type 9 has an invalid length. [ 257.215379][ T7157] netlink: 4 bytes leftover after parsing attributes in process `syz.2.701'. [ 257.247253][ T2441] IPVS: stop unused estimator thread 0... [ 257.269955][ T29] audit: type=1326 audit(1719581950.515:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.4.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1669f75b29 code=0x7ffc0000 [ 257.308767][ T6993] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.326553][ T6993] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.344423][ T29] audit: type=1326 audit(1719581950.515:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.4.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1669f75b29 code=0x7ffc0000 [ 257.384460][ T6993] bridge_slave_0: entered allmulticast mode [ 257.406219][ T6993] bridge_slave_0: entered promiscuous mode [ 257.439338][ T29] audit: type=1326 audit(1719581950.515:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.4.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1669f75b29 code=0x7ffc0000 [ 257.501336][ T6993] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.524232][ T6993] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.571514][ T6993] bridge_slave_1: entered allmulticast mode [ 257.585251][ T29] audit: type=1326 audit(1719581950.585:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.4.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1669f75b29 code=0x7ffc0000 [ 257.627397][ T6993] bridge_slave_1: entered promiscuous mode [ 257.905796][ T6993] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 258.043335][ T7161] loop5: detected capacity change from 0 to 4096 [ 258.063511][ T7161] ntfs3: loop5: Primary boot: invalid bytes per MFT record 2 (-1). [ 258.087247][ T6993] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 258.101906][ T7161] ntfs3: loop5: try to read out of volume at offset 0x1ffe00 [ 258.514896][ T7177] loop2: detected capacity change from 0 to 512 [ 258.516309][ T7179] loop0: detected capacity change from 0 to 8 [ 258.546959][ T6993] team0: Port device team_slave_0 added [ 258.600978][ T6993] team0: Port device team_slave_1 added [ 258.607964][ T7179] unable to read fragment index table [ 259.412363][ T7191] block nbd5: shutting down sockets [ 259.805831][ T6993] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 259.814630][ T6993] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 259.871803][ T6993] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 259.900276][ T7187] kcapi: manufacturer command 0 unknown. [ 259.943923][ T6993] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 259.990288][ T6993] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 260.096086][ T6993] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 260.686177][ T6993] hsr_slave_0: entered promiscuous mode [ 260.763821][ T6993] hsr_slave_1: entered promiscuous mode [ 260.798727][ T6993] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 260.853794][ T6993] Cannot create hsr debugfs directory [ 261.137480][ T7215] loop3: detected capacity change from 0 to 4096 [ 261.195382][ T7215] ntfs3: loop3: Primary boot: invalid bytes per MFT record 2 (-1). [ 261.220968][ T7215] ntfs3: loop3: try to read out of volume at offset 0x1ffe00 [ 262.174586][ T7225] loop2: detected capacity change from 0 to 512 [ 262.353615][ T7228] 9pnet: p9_errstr2errno: server reported unknown error @Y7)-9Nn&.[N#T#1̣ёB [ 262.662425][ T7234] autofs: Bad value for 'fd' [ 263.132853][ T7236] loop0: detected capacity change from 0 to 40427 [ 263.155748][ T7236] F2FS-fs (loop0): invalid crc value [ 263.174834][ T7236] F2FS-fs (loop0): Found nat_bits in checkpoint [ 263.290623][ T7236] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 263.407372][ T6993] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 263.495193][ T6993] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 263.550063][ T5443] syz-executor: attempt to access beyond end of device [ 263.550063][ T5443] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 263.595014][ T6993] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 263.615830][ T5443] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 263.656201][ T6993] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 264.389592][ T6993] 8021q: adding VLAN 0 to HW filter on device bond0 [ 264.394969][ T7256] loop2: detected capacity change from 0 to 4096 [ 264.454779][ T7256] ntfs3: loop2: Primary boot: invalid bytes per MFT record 2 (-1). [ 264.493900][ T7256] ntfs3: loop2: try to read out of volume at offset 0x1ffe00 [ 264.576634][ T6993] 8021q: adding VLAN 0 to HW filter on device team0 [ 264.596194][ T7265] kcapi: manufacturer command 0 unknown. [ 264.660977][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.668519][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 264.724874][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.732312][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 264.858158][ T7270] loop4: detected capacity change from 0 to 16 [ 264.924277][ T7270] erofs: (device loop4): mounted with root inode @ nid 36. [ 265.096872][ T7270] syz.4.748: attempt to access beyond end of device [ 265.096872][ T7270] loop4: rw=0, sector=1049272, nr_sectors = 32 limit=16 [ 265.135860][ T7270] syz.4.748: attempt to access beyond end of device [ 265.135860][ T7270] loop4: rw=0, sector=8, nr_sectors = 32 limit=16 [ 265.236262][ T7270] erofs: (device loop4): z_erofs_read_folio: read error -117 @ 16 of nid 36 [ 265.286264][ T7270] erofs: (device loop4): erofs_readdir: fail to readdir of logical block 16 of nid 36 [ 265.298197][ T7271] syz.4.748: attempt to access beyond end of device [ 265.298197][ T7271] loop4: rw=0, sector=1049272, nr_sectors = 32 limit=16 [ 265.326531][ T7271] syz.4.748: attempt to access beyond end of device [ 265.326531][ T7271] loop4: rw=0, sector=8, nr_sectors = 32 limit=16 [ 265.395195][ T7271] erofs: (device loop4): z_erofs_read_folio: read error -117 @ 16 of nid 36 [ 265.492557][ T7271] erofs: (device loop4): erofs_readdir: fail to readdir of logical block 16 of nid 36 [ 265.743371][ T1242] ieee802154 phy0 wpan0: encryption failed: -22 [ 265.749916][ T1242] ieee802154 phy1 wpan1: encryption failed: -22 [ 266.079349][ T7280] loop3: detected capacity change from 0 to 40427 [ 266.133314][ T7280] F2FS-fs (loop3): invalid crc value [ 266.171807][ T7280] F2FS-fs (loop3): Found nat_bits in checkpoint [ 266.258205][ T7280] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 266.383693][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 266.383720][ T29] audit: type=1800 audit(1719581960.095:46): pid=7285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.752" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 266.476984][ T29] audit: type=1800 audit(1719581960.135:47): pid=7285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.752" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 266.540458][ T5983] syz-executor: attempt to access beyond end of device [ 266.540458][ T5983] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 266.594249][ T5983] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 267.237277][ T6993] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 267.771683][ T6993] veth0_vlan: entered promiscuous mode [ 268.068022][ T7302] dvmrp5: entered allmulticast mode [ 268.810377][ T6993] veth1_vlan: entered promiscuous mode [ 269.135044][ T6993] veth0_macvtap: entered promiscuous mode [ 269.244023][ T6993] veth1_macvtap: entered promiscuous mode [ 269.464650][ T6993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.502667][ T6993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.558346][ T6993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.622094][ T6993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.658996][ T6993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.708332][ T6993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.718220][ T6993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.762755][ T6993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.804440][ T6993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.834219][ T6993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.877268][ T6993] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 269.929176][ T6993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.982969][ T6993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.017180][ T6993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.058569][ T6993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.078061][ T7323] autofs: Bad value for 'fd' [ 270.103042][ T6993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.139219][ T6993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.178378][ T6993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.228355][ T6993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.248496][ T6993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.288446][ T6993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.334517][ T6993] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 270.390920][ T6993] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.442499][ T6993] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.466534][ T6993] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.503461][ T6993] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.136330][ T2467] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 271.182392][ T2467] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 271.339627][ T7353] loop3: detected capacity change from 0 to 512 [ 271.350768][ T2467] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 271.383035][ T2467] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.947594][ T7376] loop4: detected capacity change from 0 to 16 [ 272.990240][ T7376] erofs: (device loop4): mounted with root inode @ nid 36. [ 273.044301][ T7376] syz.4.786: attempt to access beyond end of device [ 273.044301][ T7376] loop4: rw=0, sector=1049272, nr_sectors = 32 limit=16 [ 273.063041][ T7381] process 'syz.3.788' launched './file0' with NULL argv: empty string added [ 273.101996][ T7376] syz.4.786: attempt to access beyond end of device [ 273.101996][ T7376] loop4: rw=0, sector=8, nr_sectors = 32 limit=16 [ 273.157295][ T7376] erofs: (device loop4): z_erofs_read_folio: read error -117 @ 16 of nid 36 [ 273.176683][ T7376] erofs: (device loop4): erofs_readdir: fail to readdir of logical block 16 of nid 36 [ 273.238722][ T7382] syz.4.786: attempt to access beyond end of device [ 273.238722][ T7382] loop4: rw=0, sector=1049272, nr_sectors = 32 limit=16 [ 273.319327][ T7382] syz.4.786: attempt to access beyond end of device [ 273.319327][ T7382] loop4: rw=0, sector=8, nr_sectors = 32 limit=16 [ 273.348543][ T7382] erofs: (device loop4): z_erofs_read_folio: read error -117 @ 16 of nid 36 [ 273.385407][ T7382] erofs: (device loop4): erofs_readdir: fail to readdir of logical block 16 of nid 36 [ 274.958852][ T7419] loop2: detected capacity change from 0 to 64 [ 275.548961][ T7424] loop3: detected capacity change from 0 to 16 [ 275.619092][ T7424] erofs: (device loop3): mounted with root inode @ nid 36. [ 275.741640][ T7424] syz.3.807: attempt to access beyond end of device [ 275.741640][ T7424] loop3: rw=0, sector=1049272, nr_sectors = 32 limit=16 [ 275.812118][ T7420] loop1: detected capacity change from 0 to 65536 [ 275.864849][ T7424] syz.3.807: attempt to access beyond end of device [ 275.864849][ T7424] loop3: rw=0, sector=8, nr_sectors = 32 limit=16 [ 275.901586][ T7424] erofs: (device loop3): z_erofs_read_folio: read error -117 @ 16 of nid 36 [ 276.004491][ T7420] XFS (loop1): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 276.014360][ T7424] erofs: (device loop3): erofs_readdir: fail to readdir of logical block 16 of nid 36 [ 276.175197][ T7420] XFS (loop1): Ending clean mount [ 276.188889][ T7430] syz.3.807: attempt to access beyond end of device [ 276.188889][ T7430] loop3: rw=0, sector=1049272, nr_sectors = 32 limit=16 [ 276.227742][ T7420] XFS (loop1): Quotacheck needed: Please wait. [ 276.308574][ T7430] syz.3.807: attempt to access beyond end of device [ 276.308574][ T7430] loop3: rw=0, sector=8, nr_sectors = 32 limit=16 [ 276.371854][ T7430] erofs: (device loop3): z_erofs_read_folio: read error -117 @ 16 of nid 36 [ 276.438433][ T7430] erofs: (device loop3): erofs_readdir: fail to readdir of logical block 16 of nid 36 [ 276.514301][ T5106] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 276.524920][ T5106] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 276.533804][ T5106] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 276.549161][ T5106] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 276.557742][ T5106] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 276.565615][ T5106] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 276.566720][ T7420] XFS (loop1): Quotacheck: Done. [ 277.820586][ T6993] XFS (loop1): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 278.175225][ T2398] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.619071][ T5106] Bluetooth: hci0: command tx timeout [ 278.643285][ T2398] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.811064][ T7465] openvswitch: netlink: Unknown nsh attribute 0 [ 279.013507][ T7469] loop3: detected capacity change from 0 to 64 [ 279.082895][ T2398] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.256626][ T7471] loop2: detected capacity change from 0 to 512 [ 279.412720][ T2398] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.228709][ T7477] loop0: detected capacity change from 0 to 16 [ 280.299609][ T7477] erofs: (device loop0): mounted with root inode @ nid 36. [ 280.432306][ T7477] syz.0.825: attempt to access beyond end of device [ 280.432306][ T7477] loop0: rw=0, sector=1049272, nr_sectors = 32 limit=16 [ 280.546272][ T7477] syz.0.825: attempt to access beyond end of device [ 280.546272][ T7477] loop0: rw=0, sector=8, nr_sectors = 32 limit=16 [ 280.673805][ T7477] erofs: (device loop0): z_erofs_read_folio: read error -117 @ 16 of nid 36 [ 280.708458][ T5106] Bluetooth: hci0: command tx timeout [ 280.766030][ T7477] erofs: (device loop0): erofs_readdir: fail to readdir of logical block 16 of nid 36 [ 280.848958][ T7486] syz.0.825: attempt to access beyond end of device [ 280.848958][ T7486] loop0: rw=0, sector=1049272, nr_sectors = 32 limit=16 [ 280.904140][ T7486] syz.0.825: attempt to access beyond end of device [ 280.904140][ T7486] loop0: rw=0, sector=8, nr_sectors = 32 limit=16 [ 280.976640][ T7486] erofs: (device loop0): z_erofs_read_folio: read error -117 @ 16 of nid 36 [ 281.027995][ T7486] erofs: (device loop0): erofs_readdir: fail to readdir of logical block 16 of nid 36 [ 281.194678][ T7442] chnl_net:caif_netlink_parms(): no params data found [ 281.280139][ T2398] bridge_slave_1: left allmulticast mode [ 281.285850][ T2398] bridge_slave_1: left promiscuous mode [ 281.322539][ T2398] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.405773][ T2398] bridge_slave_0: left allmulticast mode [ 281.434742][ T2398] bridge_slave_0: left promiscuous mode [ 281.450998][ T2398] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.485715][ T7506] kcapi: manufacturer command 0 unknown. [ 282.785142][ T5103] Bluetooth: hci0: command tx timeout [ 283.178573][ T5103] Bluetooth: hci2: command 0x0406 tx timeout [ 283.489319][ T2398] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 283.558646][ T2398] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 283.636375][ T2398] bond0 (unregistering): Released all slaves [ 283.750257][ T7499] sch_tbf: burst 1399 is lower than device veth0_to_team mtu (1514) ! [ 283.888717][ T7503] dvmrp5: entered allmulticast mode [ 284.411350][ T7536] loop0: detected capacity change from 0 to 64 [ 284.752515][ T7543] loop2: detected capacity change from 0 to 256 [ 284.839097][ T7543] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x72685a33, utbl_chksum : 0xe619d30d) [ 284.858439][ T5106] Bluetooth: hci0: command tx timeout [ 285.307444][ T7442] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.346770][ T7442] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.369486][ T7442] bridge_slave_0: entered allmulticast mode [ 285.394912][ T7442] bridge_slave_0: entered promiscuous mode [ 285.446223][ T7442] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.484712][ T7442] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.500085][ T7568] syz.5.853 (7568) used greatest stack depth: 19992 bytes left [ 285.530795][ T7442] bridge_slave_1: entered allmulticast mode [ 285.905842][ T7442] bridge_slave_1: entered promiscuous mode [ 286.421180][ T2398] hsr_slave_0: left promiscuous mode [ 286.481659][ T2398] hsr_slave_1: left promiscuous mode [ 286.590343][ T2398] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 286.597901][ T2398] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 286.655450][ T7580] loop0: detected capacity change from 0 to 1024 [ 286.676485][ T7584] loop5: detected capacity change from 0 to 128 [ 286.707181][ T2398] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 286.715956][ T2398] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 286.772918][ T7589] netlink: 'syz.2.859': attribute type 1 has an invalid length. [ 286.795113][ T7589] netlink: 112860 bytes leftover after parsing attributes in process `syz.2.859'. [ 286.868116][ T2398] veth1_macvtap: left promiscuous mode [ 286.905097][ T2398] veth0_macvtap: left promiscuous mode [ 286.937123][ T2398] veth1_vlan: left promiscuous mode [ 286.970565][ T2398] veth0_vlan: left promiscuous mode [ 287.089540][ T7580] EXT4-fs: Ignoring removed nomblk_io_submit option [ 289.145540][ T7640] loop3: detected capacity change from 0 to 256 [ 289.234404][ T7640] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x72685a33, utbl_chksum : 0xe619d30d) [ 289.934860][ T5165] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 290.150052][ T5165] usb 6-1: config 36 has too many interfaces: 248, using maximum allowed: 32 [ 290.172432][ T5165] usb 6-1: config 36 has 1 interface, different from the descriptor's value: 248 [ 290.220760][ T5165] usb 6-1: config 36 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 290.267910][ T5165] usb 6-1: config 36 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0 [ 290.283214][ T2398] team0 (unregistering): Port device team_slave_1 removed [ 290.295049][ T5165] usb 6-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 290.977970][ T2398] team0 (unregistering): Port device team_slave_0 removed [ 290.990850][ T7665] loop3: detected capacity change from 0 to 64 [ 291.229316][ T5165] usb 6-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 291.237641][ T5165] usb 6-1: Manufacturer: syz [ 291.246774][ T5165] usb 6-1: SerialNumber: syz [ 291.531059][ T5165] yealink 6-1:36.0: invalid payload size 0, expected 16 [ 291.552571][ T5165] input: Yealink usb-p1k as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:36.0/input/input11 [ 291.591816][ C0] yealink 6-1:36.0: urb_ctl_callback - urb status -71 [ 291.599613][ C0] yealink 6-1:36.0: urb_ctl_callback - urb status -71 [ 291.614623][ C0] yealink 6-1:36.0: urb_ctl_callback - urb status -71 [ 291.621838][ C0] yealink 6-1:36.0: urb_ctl_callback - urb status -71 [ 291.628993][ C0] yealink 6-1:36.0: urb_ctl_callback - urb status -71 [ 291.636352][ C0] yealink 6-1:36.0: urb_ctl_callback - urb status -71 [ 291.643497][ C0] yealink 6-1:36.0: urb_ctl_callback - urb status -71 [ 291.650621][ C0] yealink 6-1:36.0: urb_ctl_callback - urb status -71 [ 291.657426][ C0] yealink 6-1:36.0: urb_ctl_callback - usb_submit_urb failed -90 [ 291.759488][ T5165] usb 6-1: USB disconnect, device number 3 [ 291.825280][ T7678] loop3: detected capacity change from 0 to 256 [ 291.889310][ T7678] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x72685a33, utbl_chksum : 0xe619d30d) [ 292.075985][ T7681] kcapi: manufacturer command 0 unknown. [ 293.127268][ T29] audit: type=1326 audit(1719581986.835:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7695 comm="syz.5.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b1975b29 code=0x7fc00000 [ 294.157462][ T5103] Bluetooth: hci4: command 0x0406 tx timeout [ 294.258455][ T29] audit: type=1326 audit(1719581987.955:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7695 comm="syz.5.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe2b1975b29 code=0x7fc00000 [ 294.329387][ T7630] netlink: 'syz.0.875': attribute type 5 has an invalid length. [ 294.389418][ T7442] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 294.535505][ T7442] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 294.887098][ T7442] team0: Port device team_slave_0 added [ 294.971830][ T7442] team0: Port device team_slave_1 added [ 295.256924][ T7442] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 295.278746][ T7442] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 295.368189][ T7442] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 295.395792][ T7442] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 295.414703][ T2398] IPVS: stop unused estimator thread 0... [ 295.430836][ T7442] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 295.533696][ T7442] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 296.121737][ T7442] hsr_slave_0: entered promiscuous mode [ 296.145693][ T7442] hsr_slave_1: entered promiscuous mode [ 296.173210][ T7442] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 296.193394][ T7442] Cannot create hsr debugfs directory [ 296.767670][ T7757] loop3: detected capacity change from 0 to 16 [ 296.772826][ T29] audit: type=1326 audit(1719581990.475:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7746 comm="syz.0.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0039f75b29 code=0x7fc00000 [ 296.813487][ T7757] erofs: (device loop3): mounted with root inode @ nid 36. [ 297.138963][ T7766] loop5: detected capacity change from 0 to 64 [ 297.322525][ T29] audit: type=1326 audit(1719581991.035:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7746 comm="syz.0.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0039f75b29 code=0x7fc00000 [ 297.719288][ T7774] loop5: detected capacity change from 0 to 64 [ 298.163233][ T7782] netlink: 4 bytes leftover after parsing attributes in process `syz.3.928'. [ 298.500519][ T7442] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 298.574390][ T7442] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 298.719244][ T7442] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 298.794836][ T7801] loop1: detected capacity change from 0 to 64 [ 298.801195][ T7442] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 299.898996][ T29] audit: type=1326 audit(1719581993.615:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7804 comm="syz.0.938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0039f75b29 code=0x7fc00000 [ 299.921204][ C1] vkms_vblank_simulate: vblank timer overrun [ 299.998993][ T29] audit: type=1326 audit(1719581993.695:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7804 comm="syz.0.938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0039f75b29 code=0x7fc00000 [ 300.092283][ T7818] loop2: detected capacity change from 0 to 64 [ 300.294970][ T7442] 8021q: adding VLAN 0 to HW filter on device bond0 [ 300.404016][ T7442] 8021q: adding VLAN 0 to HW filter on device team0 [ 300.453887][ T5105] bridge0: port 1(bridge_slave_0) entered blocking state [ 300.457383][ T7826] loop1: detected capacity change from 0 to 1024 [ 300.467678][ T5105] bridge0: port 1(bridge_slave_0) entered forwarding state [ 300.483180][ T7826] EXT4-fs: Ignoring removed nomblk_io_submit option [ 300.596254][ T5105] bridge0: port 2(bridge_slave_1) entered blocking state [ 300.603561][ T5105] bridge0: port 2(bridge_slave_1) entered forwarding state [ 301.344212][ T7844] loop2: detected capacity change from 0 to 64 [ 301.789944][ T29] audit: type=1326 audit(1719581995.505:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7850 comm="syz.5.954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b1975b29 code=0x7fc00000 [ 302.018907][ T7442] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 302.364078][ T29] audit: type=1326 audit(1719581996.065:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7850 comm="syz.5.954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe2b1975b29 code=0x7fc00000 [ 302.647818][ T7885] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 303.273319][ T7901] kcapi: manufacturer command 0 unknown. [ 303.523869][ T7907] loop3: detected capacity change from 0 to 64 [ 303.727808][ T7442] veth0_vlan: entered promiscuous mode [ 303.826746][ T7442] veth1_vlan: entered promiscuous mode [ 303.838699][ T7912] loop2: detected capacity change from 0 to 512 [ 303.874187][ T7913] netlink: 4 bytes leftover after parsing attributes in process `syz.1.976'. [ 303.979479][ T7912] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 304.044900][ T7912] ext4 filesystem being mounted at /root/syzkaller.5bS9Mh/118/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 304.227881][ T7442] veth0_macvtap: entered promiscuous mode [ 304.291158][ T7442] veth1_macvtap: entered promiscuous mode [ 304.371859][ T29] audit: type=1326 audit(1719581998.085:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7917 comm="syz.1.978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9facd75b29 code=0x7fc00000 [ 304.500165][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 304.511768][ T7442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 304.540600][ T7442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 304.551169][ T7442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 304.594550][ T7442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 304.604736][ T7442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 304.615734][ T7442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 304.633098][ T7442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 304.644202][ T7442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 304.656076][ T7442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 304.680694][ T7442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 304.706908][ T7442] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 304.859397][ T7442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 304.902048][ T7442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 304.912210][ T7442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 304.923831][ T29] audit: type=1326 audit(1719581998.625:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7917 comm="syz.1.978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9facd75b29 code=0x7fc00000 [ 304.960860][ T7442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 305.057604][ T7442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 305.082037][ T7442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 305.106596][ T7442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 305.130659][ T7442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 305.147921][ T7442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 305.159075][ T7442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 305.189927][ T7442] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 305.317904][ T7442] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.362648][ T7442] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.406375][ T7442] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.425164][ T7932] loop1: detected capacity change from 0 to 4096 [ 305.438339][ T7442] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.517708][ T7936] raw_sendmsg: syz.3.983 forgot to set AF_INET. Fix it! [ 305.658107][ T7939] loop5: detected capacity change from 0 to 512 [ 305.751720][ T7939] EXT4-fs: Ignoring removed nomblk_io_submit option [ 305.844598][ T7939] EXT4-fs: old and new quota format mixing [ 306.030425][ T2467] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 306.076798][ T2467] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 306.179825][ T2467] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 306.198397][ T2467] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 307.549574][ T7969] loop1: detected capacity change from 0 to 64 [ 308.505707][ T7965] loop0: detected capacity change from 0 to 16 [ 308.579431][ T7965] erofs: (device loop0): mounted with root inode @ nid 36. [ 309.205804][ T7987] kcapi: manufacturer command 0 unknown. [ 309.423746][ T29] audit: type=1800 audit(1719582003.115:58): pid=7996 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1001" name="file1" dev="sda1" ino=2000 res=0 errno=0 [ 309.601566][ T8000] loop5: detected capacity change from 0 to 2048 [ 309.667042][ T8000] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 309.712605][ T8005] loop1: detected capacity change from 0 to 512 [ 309.718997][ T8000] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 309.805116][ T8005] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 309.853067][ T8005] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 310.049207][ T8005] EXT4-fs (loop1): 1 truncate cleaned up [ 310.094471][ T8005] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 310.353083][ T8005] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2234: inode #15: comm syz.1.1004: corrupted in-inode xattr: overlapping e_value [ 310.533056][ T8005] EXT4-fs warning (device loop1): ext4_xattr_set_entry:1765: inode #15: comm syz.1.1004: unable to update i_inline_off [ 310.596801][ T8014] loop5: detected capacity change from 0 to 65 [ 310.622696][ T8005] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2855: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 311.105946][ T8026] EXT4-fs error (device loop1): ext4_xattr_ibody_get:653: inode #15: comm syz.1.1004: corrupted in-inode xattr: overlapping e_value [ 311.180693][ T8029] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1009'. [ 311.253502][ T8026] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2234: inode #15: comm syz.1.1004: corrupted in-inode xattr: overlapping e_value [ 313.409430][ T8014] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 314.122487][ T8014] BFS-fs: bfs_fill_super(): NOTE: filesystem loop5 was created with 512 inodes, the real maximum is 511, mounting anyway [ 314.241610][ T8014] BFS-fs: bfs_fill_super(): Last block not available on loop5: 262208 [ 314.580438][ T8034] loop3: detected capacity change from 0 to 64 [ 314.923301][ T8035] loop0: detected capacity change from 0 to 4096 [ 315.262496][ T8040] loop5: detected capacity change from 0 to 16 [ 315.359776][ T8040] erofs: (device loop5): mounted with root inode @ nid 36. [ 315.524985][ T29] audit: type=1804 audit(1719582009.225:59): pid=8035 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1012" name=2F726F6F742F73797A6B616C6C65722E41644E6779512F3132392F131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D3382F66696C6531 dev="loop0" ino=33 res=1 errno=0 [ 315.560742][ T29] audit: type=1800 audit(1719582009.265:60): pid=8035 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1012" name="file1" dev="loop0" ino=33 res=0 errno=0 [ 315.597913][ T6993] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 316.061149][ T29] audit: type=1800 audit(1719582009.775:61): pid=8056 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1018" name="file1" dev="sda1" ino=1997 res=0 errno=0 [ 317.165311][ T8070] loop2: detected capacity change from 0 to 8192 [ 317.241349][ T8083] loop5: detected capacity change from 0 to 65 [ 317.277753][ T8085] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1026'. [ 317.328408][ T8083] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 317.365074][ T8083] BFS-fs: bfs_fill_super(): NOTE: filesystem loop5 was created with 512 inodes, the real maximum is 511, mounting anyway [ 317.479220][ T8083] BFS-fs: bfs_fill_super(): Last block not available on loop5: 262208 [ 318.064567][ T8099] 9pnet: p9_errstr2errno: server reported unknown error @΂(QhQI [ 318.146754][ T8095] netlink: 'syz.3.1029': attribute type 9 has an invalid length. [ 318.177646][ T8095] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1029'. [ 318.234860][ T8105] kcapi: manufacturer command 0 unknown. [ 318.448123][ T8104] netlink: 'syz.3.1029': attribute type 9 has an invalid length. [ 318.482716][ T8104] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1029'. [ 318.516625][ T8108] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2354 [ 319.086402][ T8112] loop1: detected capacity change from 0 to 4096 [ 320.282091][ T8131] loop3: detected capacity change from 0 to 128 [ 320.351786][ T8131] FAT-fs (loop3): Unrecognized mount option "" or missing value [ 320.809701][ T8136] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1043'. [ 320.957084][ T8139] loop3: detected capacity change from 0 to 512 [ 321.005406][ T8139] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 321.047340][ T8139] EXT4-fs (loop3): orphan cleanup on readonly fs [ 321.076419][ T8139] Quota error (device loop3): v2_read_file_info: Block with free entry 32513 out of range (1, 6). [ 321.145113][ T8139] EXT4-fs warning (device loop3): ext4_enable_quotas:7074: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 321.246931][ T8139] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 321.275413][ T8139] EXT4-fs error (device loop3): ext4_orphan_get:1394: inode #16: comm syz.3.1044: casefold flag without casefold feature [ 321.320155][ T8139] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.1044: couldn't read orphan inode 16 (err -117) [ 321.365575][ T8139] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 321.569276][ T8139] TCP segment has incorrect auth options set for [fe80::bb].0->[ff02::1].20002 [FSP.] [ 321.628764][ T8155] 9pnet: p9_errstr2errno: server reported unknown error @΂(QhQI [ 321.796866][ T5983] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 321.854933][ T8156] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2354 [ 322.200019][ T8166] loop5: detected capacity change from 0 to 1024 [ 322.376742][ T8166] EXT4-fs error (device loop5): __ext4_fill_super:5447: inode #2: comm syz.5.1054: casefold flag without casefold feature [ 322.439107][ T8166] EXT4-fs (loop5): get root inode failed [ 322.444809][ T8166] EXT4-fs (loop5): mount failed [ 322.605467][ T8177] loop2: detected capacity change from 0 to 128 [ 322.665002][ T8177] FAT-fs (loop2): Unrecognized mount option "" or missing value [ 322.760504][ T8166] loop5: detected capacity change from 0 to 256 [ 323.935270][ T8186] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000001) [ 323.943805][ T8186] FAT-fs (loop5): Filesystem has been set read-only [ 324.384846][ T8188] kcapi: manufacturer command 0 unknown. [ 324.440433][ T8195] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1062'. [ 324.646046][ T8198] loop5: detected capacity change from 0 to 1024 [ 324.705165][ T8198] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 324.732921][ T8201] loop1: detected capacity change from 0 to 512 [ 324.785797][ T8198] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 324.820886][ T8198] EXT4-fs (loop5): orphan cleanup on readonly fs [ 324.845439][ T8201] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 324.856678][ T8201] EXT4-fs (loop1): orphan cleanup on readonly fs [ 324.876985][ T8201] Quota error (device loop1): v2_read_file_info: Block with free entry 32513 out of range (1, 6). [ 324.934566][ T8201] EXT4-fs warning (device loop1): ext4_enable_quotas:7074: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 324.941396][ T8198] EXT4-fs error (device loop5): ext4_map_blocks:689: inode #3: block 3: comm syz.5.1064: lblock 3 mapped to illegal pblock 3 (length 1) [ 324.998204][ T8201] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 325.053881][ T8198] Quota error (device loop5): write_blk: dquota write failed [ 325.062714][ T8201] EXT4-fs error (device loop1): ext4_orphan_get:1394: inode #16: comm syz.1.1065: casefold flag without casefold feature [ 325.074488][ T8198] Quota error (device loop5): find_free_dqentry: Can't write quota data block 3 [ 325.122763][ T8201] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.1065: couldn't read orphan inode 16 (err -117) [ 325.130576][ T8209] loop0: detected capacity change from 0 to 16 [ 325.152090][ T8198] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 325.169244][ T8198] EXT4-fs error (device loop5): ext4_acquire_dquot:6858: comm syz.5.1064: Failed to acquire dquot type 0 [ 325.247227][ T8209] erofs: (device loop0): mounted with root inode @ nid 36. [ 325.276636][ T8198] EXT4-fs error (device loop5): ext4_map_blocks:580: inode #3: block 3: comm syz.5.1064: lblock 3 mapped to illegal pblock 3 (length 1) [ 325.320254][ T8201] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 325.355969][ T8198] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 325.380205][ T8198] EXT4-fs error (device loop5): ext4_acquire_dquot:6858: comm syz.5.1064: Failed to acquire dquot type 0 [ 325.412808][ T8198] EXT4-fs error (device loop5): ext4_free_blocks:6589: comm syz.5.1064: Freeing blocks not in datazone - block = 0, count = 4096 [ 325.467299][ T8198] EXT4-fs error (device loop5): ext4_map_blocks:580: inode #3: block 3: comm syz.5.1064: lblock 3 mapped to illegal pblock 3 (length 1) [ 325.539757][ T8201] TCP segment has incorrect auth options set for [fe80::bb].0->[ff02::1].20002 [FSP.] [ 325.694787][ T8198] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 325.757016][ T8198] EXT4-fs error (device loop5): ext4_acquire_dquot:6858: comm syz.5.1064: Failed to acquire dquot type 0 [ 325.821921][ T8198] EXT4-fs (loop5): 1 orphan inode deleted [ 325.850380][ T8198] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 325.879397][ T6993] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 326.292475][ T8218] EXT4-fs error (device loop5): ext4_search_dir:1547: inode #2: block 16: comm syz.5.1064: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 326.367122][ T8221] loop4: detected capacity change from 0 to 512 [ 326.617784][ T8221] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 326.703742][ T8228] loop1: detected capacity change from 0 to 128 [ 326.746213][ T8221] ext4 filesystem being mounted at /root/syzkaller.QwjkZU/20/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 326.771301][ T8228] FAT-fs (loop1): Unrecognized mount option "" or missing value [ 326.812950][ T8231] loop3: detected capacity change from 0 to 1024 [ 326.826191][ T5096] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 326.872949][ T8221] EXT4-fs error (device loop4): ext4_do_update_inode:5075: inode #2: comm syz.4.1073: corrupted inode contents [ 326.905812][ T8231] EXT4-fs error (device loop3): __ext4_fill_super:5447: inode #2: comm syz.3.1076: casefold flag without casefold feature [ 326.929372][ T8221] EXT4-fs error (device loop4): ext4_dirty_inode:5935: inode #2: comm syz.4.1073: mark_inode_dirty error [ 326.970752][ T8221] EXT4-fs error (device loop4): ext4_do_update_inode:5075: inode #2: comm syz.4.1073: corrupted inode contents [ 327.019002][ T8231] EXT4-fs (loop3): get root inode failed [ 327.050377][ T8231] EXT4-fs (loop3): mount failed [ 327.068441][ T8221] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz.4.1073: mark_inode_dirty error [ 327.191618][ T1242] ieee802154 phy0 wpan0: encryption failed: -22 [ 327.199356][ T1242] ieee802154 phy1 wpan1: encryption failed: -22 [ 327.241144][ T8234] EXT4-fs error (device loop4): ext4_do_update_inode:5075: inode #2: comm syz.4.1073: corrupted inode contents [ 327.247983][ T8210] loop2: detected capacity change from 0 to 32768 [ 327.280135][ T8234] EXT4-fs error (device loop4): ext4_dirty_inode:5935: inode #2: comm syz.4.1073: mark_inode_dirty error [ 327.286313][ T8231] loop3: detected capacity change from 0 to 256 [ 327.326088][ T8210] XFS: noikeep mount option is deprecated. [ 327.334413][ T8234] EXT4-fs error (device loop4): ext4_do_update_inode:5075: inode #2: comm syz.4.1073: corrupted inode contents [ 327.433731][ T8210] XFS (loop2): DAX unsupported by block device. Turning off DAX. [ 327.449304][ T8210] XFS (loop2): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 327.454526][ T8236] EXT4-fs error (device loop4): ext4_do_update_inode:5075: inode #2: comm syz.4.1073: corrupted inode contents [ 327.768998][ T8236] EXT4-fs error (device loop4): add_dirent_to_buf:2212: inode #2: comm syz.4.1073: mark_inode_dirty error [ 328.233447][ T8210] XFS (loop2): AIL initialisation failed: error -12 [ 328.244723][ T8251] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000001) [ 328.252684][ T8251] FAT-fs (loop3): Filesystem has been set read-only [ 328.441303][ T8210] XFS (loop2): log mount failed [ 328.482701][ T8221] EXT4-fs error (device loop4): ext4_do_update_inode:5075: inode #2: comm syz.4.1073: corrupted inode contents [ 328.562487][ T8258] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1081'. [ 328.813945][ T8261] 9pnet: p9_errstr2errno: server reported unknown error @΂(QhQI [ 329.002486][ T8250] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 329.096239][ T7442] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 329.257049][ T8267] loop3: detected capacity change from 0 to 512 [ 329.273573][ T8267] EXT4-fs: Invalid journal IO priority (must be 0-7) [ 330.644506][ T8281] loop4: detected capacity change from 0 to 1024 [ 330.665764][ T8284] loop1: detected capacity change from 0 to 128 [ 330.721157][ T8284] FAT-fs (loop1): Unrecognized mount option "" or missing value [ 330.743091][ T8281] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 330.835142][ T8290] netlink: 209844 bytes leftover after parsing attributes in process `syz.5.1093'. [ 330.838772][ T8281] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 330.886938][ T8281] EXT4-fs (loop4): orphan cleanup on readonly fs [ 330.911254][ T8281] EXT4-fs error (device loop4): ext4_map_blocks:689: inode #3: block 3: comm syz.4.1090: lblock 3 mapped to illegal pblock 3 (length 1) [ 331.006171][ T8296] loop1: detected capacity change from 0 to 512 [ 331.022759][ T8281] Quota error (device loop4): write_blk: dquota write failed [ 331.035476][ T8281] Quota error (device loop4): find_free_dqentry: Can't write quota data block 3 [ 331.053689][ T8296] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 331.066798][ T8281] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 331.077323][ T8296] ext4 filesystem being mounted at /root/syzkaller.s2OWZB/52/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 331.096539][ T8281] EXT4-fs error (device loop4): ext4_acquire_dquot:6858: comm syz.4.1090: Failed to acquire dquot type 0 [ 331.110035][ T8281] EXT4-fs error (device loop4): ext4_map_blocks:580: inode #3: block 3: comm syz.4.1090: lblock 3 mapped to illegal pblock 3 (length 1) [ 331.125946][ T8281] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 331.138455][ T8281] EXT4-fs error (device loop4): ext4_acquire_dquot:6858: comm syz.4.1090: Failed to acquire dquot type 0 [ 331.191395][ T8281] EXT4-fs error (device loop4): ext4_free_blocks:6589: comm syz.4.1090: Freeing blocks not in datazone - block = 0, count = 4096 [ 331.230597][ T8281] EXT4-fs error (device loop4): ext4_map_blocks:580: inode #3: block 3: comm syz.4.1090: lblock 3 mapped to illegal pblock 3 (length 1) [ 331.272731][ T8304] netlink: 'syz.2.1096': attribute type 9 has an invalid length. [ 331.280924][ T8281] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 331.320302][ T8304] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1096'. [ 331.330273][ T8296] EXT4-fs error (device loop1): ext4_do_update_inode:5075: inode #2: comm syz.1.1097: corrupted inode contents [ 331.348824][ T8281] EXT4-fs error (device loop4): ext4_acquire_dquot:6858: comm syz.4.1090: Failed to acquire dquot type 0 [ 331.369408][ T8296] EXT4-fs error (device loop1): ext4_dirty_inode:5935: inode #2: comm syz.1.1097: mark_inode_dirty error [ 331.399165][ T8281] EXT4-fs (loop4): 1 orphan inode deleted [ 331.423361][ T8281] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 331.435753][ T8296] EXT4-fs error (device loop1): ext4_do_update_inode:5075: inode #2: comm syz.1.1097: corrupted inode contents [ 331.500658][ T8296] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #2: comm syz.1.1097: mark_inode_dirty error [ 331.551057][ T8306] EXT4-fs error (device loop1): ext4_do_update_inode:5075: inode #2: comm syz.1.1097: corrupted inode contents [ 331.580614][ T8306] EXT4-fs error (device loop1): ext4_dirty_inode:5935: inode #2: comm syz.1.1097: mark_inode_dirty error [ 331.593676][ T8305] netlink: 'syz.2.1096': attribute type 9 has an invalid length. [ 331.624182][ T8305] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1096'. [ 331.679941][ T8306] EXT4-fs error (device loop1): ext4_do_update_inode:5075: inode #2: comm syz.1.1097: corrupted inode contents [ 331.762898][ T8308] EXT4-fs error (device loop1): ext4_do_update_inode:5075: inode #2: comm syz.1.1097: corrupted inode contents [ 331.825780][ T8308] EXT4-fs error (device loop1): add_dirent_to_buf:2212: inode #2: comm syz.1.1097: mark_inode_dirty error [ 331.907167][ T8316] EXT4-fs error (device loop4): ext4_search_dir:1547: inode #2: block 16: comm syz.4.1090: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 332.086445][ T8296] EXT4-fs error (device loop1): ext4_do_update_inode:5075: inode #2: comm syz.1.1097: corrupted inode contents [ 332.265787][ T8320] loop5: detected capacity change from 0 to 16 [ 332.379427][ T8320] erofs: (device loop5): mounted with root inode @ nid 36. [ 332.417828][ T7442] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 332.431526][ T6993] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 333.083656][ T8303] loop0: detected capacity change from 0 to 32768 [ 333.134698][ T8303] XFS: noikeep mount option is deprecated. [ 333.215933][ T8303] XFS (loop0): DAX unsupported by block device. Turning off DAX. [ 333.254467][ T8303] XFS (loop0): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 333.265360][ T8342] loop4: detected capacity change from 0 to 128 [ 333.274764][ T8342] FAT-fs (loop4): Unrecognized mount option "" or missing value [ 333.470704][ T8303] XFS (loop0): Ending clean mount [ 333.849149][ T8353] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2354 [ 333.865283][ T8355] netlink: 'syz.1.1114': attribute type 9 has an invalid length. [ 333.896609][ T5443] XFS (loop0): Unmounting Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 333.917269][ T8355] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1114'. [ 333.971163][ T8365] loop2: detected capacity change from 0 to 1024 [ 334.041356][ T8365] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 334.093968][ T8361] netlink: 'syz.1.1114': attribute type 9 has an invalid length. [ 334.131252][ T8365] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 334.161364][ T8361] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1114'. [ 334.189268][ T8365] EXT4-fs (loop2): orphan cleanup on readonly fs [ 334.253960][ T8365] EXT4-fs error (device loop2): ext4_map_blocks:689: inode #3: block 3: comm syz.2.1116: lblock 3 mapped to illegal pblock 3 (length 1) [ 334.313953][ T8365] Quota error (device loop2): write_blk: dquota write failed [ 334.399315][ T8365] Quota error (device loop2): find_free_dqentry: Can't write quota data block 3 [ 334.447851][ T8371] loop5: detected capacity change from 0 to 1764 [ 334.448685][ T8365] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 334.496566][ T8371] iso9660: Bad value for 'check' [ 334.504995][ T8365] EXT4-fs error (device loop2): ext4_acquire_dquot:6858: comm syz.2.1116: Failed to acquire dquot type 0 [ 334.540388][ T8365] EXT4-fs error (device loop2): ext4_map_blocks:580: inode #3: block 3: comm syz.2.1116: lblock 3 mapped to illegal pblock 3 (length 1) [ 334.601540][ T8365] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 334.630556][ T8365] EXT4-fs error (device loop2): ext4_acquire_dquot:6858: comm syz.2.1116: Failed to acquire dquot type 0 [ 334.678489][ T8365] EXT4-fs error (device loop2): ext4_free_blocks:6589: comm syz.2.1116: Freeing blocks not in datazone - block = 0, count = 4096 [ 334.713548][ T8365] EXT4-fs error (device loop2): ext4_map_blocks:580: inode #3: block 3: comm syz.2.1116: lblock 3 mapped to illegal pblock 3 (length 1) [ 334.809963][ T8365] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 334.838838][ T8365] EXT4-fs error (device loop2): ext4_acquire_dquot:6858: comm syz.2.1116: Failed to acquire dquot type 0 [ 334.947297][ T8365] EXT4-fs (loop2): 1 orphan inode deleted [ 335.016138][ T8365] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 335.524165][ T8382] EXT4-fs error (device loop2): ext4_search_dir:1547: inode #2: block 16: comm syz.2.1116: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 336.111359][ T8388] loop1: detected capacity change from 0 to 16 [ 336.142749][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 336.219743][ T8388] erofs: (device loop1): mounted with root inode @ nid 36. [ 336.349867][ T8396] loop3: detected capacity change from 0 to 2048 [ 336.495227][ T8396] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 336.543234][ T8396] ext4 filesystem being mounted at /root/syzkaller.nf437f/140/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 336.621296][ T8396] EXT4-fs (loop3): Online resizing not supported with bigalloc [ 336.723720][ T5983] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 337.035919][ T8409] loop5: detected capacity change from 0 to 2048 [ 337.065272][ T8409] udf: Unknown parameter 'ioWq$Qp@charset' [ 337.086015][ T8417] loop3: detected capacity change from 0 to 64 [ 337.324279][ T8419] loop4: detected capacity change from 0 to 1764 [ 337.392050][ T8419] iso9660: Bad value for 'check' [ 337.504223][ T29] audit: type=1326 audit(1719582031.215:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8412 comm="syz.1.1135" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9facd75b29 code=0x0 [ 337.617736][ T8421] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1135'. [ 337.981699][ T8430] loop3: detected capacity change from 0 to 1024 [ 338.768949][ T8426] loop5: detected capacity change from 0 to 128 [ 338.811038][ T8426] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 338.958456][ T8426] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 338.994379][ T8430] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 339.018592][ T29] audit: type=1804 audit(1719582032.725:63): pid=8434 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1143" name="/root/syzkaller.AdNgyQ/148/file0" dev="sda1" ino=1971 res=1 errno=0 [ 339.045836][ T8430] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 339.069931][ T8430] EXT4-fs (loop3): orphan cleanup on readonly fs [ 339.213312][ T8430] EXT4-fs error (device loop3): ext4_map_blocks:689: inode #3: block 3: comm syz.3.1141: lblock 3 mapped to illegal pblock 3 (length 1) [ 339.315103][ T8430] Quota error (device loop3): write_blk: dquota write failed [ 339.330518][ T8430] Quota error (device loop3): find_free_dqentry: Can't write quota data block 3 [ 339.359325][ T8430] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 339.386392][ T8430] EXT4-fs error (device loop3): ext4_acquire_dquot:6858: comm syz.3.1141: Failed to acquire dquot type 0 [ 339.429592][ T8430] EXT4-fs error (device loop3): ext4_map_blocks:580: inode #3: block 3: comm syz.3.1141: lblock 3 mapped to illegal pblock 3 (length 1) [ 339.517555][ T8430] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 339.578554][ T8430] EXT4-fs error (device loop3): ext4_acquire_dquot:6858: comm syz.3.1141: Failed to acquire dquot type 0 [ 339.634882][ T8430] EXT4-fs error (device loop3): ext4_free_blocks:6589: comm syz.3.1141: Freeing blocks not in datazone - block = 0, count = 4096 [ 339.659100][ T8445] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1148'. [ 339.720253][ T8430] EXT4-fs error (device loop3): ext4_map_blocks:580: inode #3: block 3: comm syz.3.1141: lblock 3 mapped to illegal pblock 3 (length 1) [ 339.746290][ T8445] netlink: 'syz.2.1148': attribute type 1 has an invalid length. [ 339.795361][ T8445] netlink: 244 bytes leftover after parsing attributes in process `syz.2.1148'. [ 339.812647][ T8430] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 339.848550][ T8430] EXT4-fs error (device loop3): ext4_acquire_dquot:6858: comm syz.3.1141: Failed to acquire dquot type 0 [ 339.924266][ T8430] EXT4-fs (loop3): 1 orphan inode deleted [ 339.951240][ T8430] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 340.428860][ T8458] EXT4-fs error (device loop3): ext4_search_dir:1547: inode #2: block 16: comm syz.3.1141: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 340.492839][ T8461] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1152'. [ 340.622627][ T8451] Cannot find add_set index 0 as target [ 340.831586][ T8464] netlink: 'syz.1.1153': attribute type 40 has an invalid length. [ 340.981020][ T5983] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 341.260722][ T29] audit: type=1326 audit(1719582034.975:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8469 comm="syz.1.1158" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9facd75b29 code=0x0 [ 341.601234][ T8481] loop4: detected capacity change from 0 to 64 [ 341.641226][ T8476] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1156'. [ 341.650552][ T4858] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 341.872384][ T4858] usb 4-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 341.882621][ T4858] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.900161][ T4858] usb 4-1: config 0 descriptor?? [ 341.929324][ T4858] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input17 [ 342.282263][ T8485] loop0: detected capacity change from 0 to 1024 [ 342.318789][ T5162] usb 4-1: USB disconnect, device number 7 [ 342.393954][ T8485] EXT4-fs error (device loop0): __ext4_fill_super:5447: inode #2: comm syz.0.1162: casefold flag without casefold feature [ 342.440285][ T8487] input: syz0 as /devices/virtual/input/input18 [ 342.485155][ T8485] EXT4-fs (loop0): get root inode failed [ 342.493505][ T8485] EXT4-fs (loop0): mount failed [ 342.737047][ T8485] loop0: detected capacity change from 0 to 256 [ 344.478434][ T8503] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 344.486317][ T8503] FAT-fs (loop0): Filesystem has been set read-only [ 345.000922][ T8510] loop3: detected capacity change from 0 to 2048 [ 345.001062][ T8518] netlink: 'syz.0.1171': attribute type 8 has an invalid length. [ 345.034704][ T8510] udf: Unknown parameter 'ioWq$Qp@charset' [ 345.046555][ T8518] netlink: 'syz.0.1171': attribute type 1 has an invalid length. [ 345.065312][ T8518] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.1171'. [ 345.504556][ T8530] loop3: detected capacity change from 0 to 128 [ 345.547269][ T8530] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 345.640498][ T8530] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 345.724955][ T8532] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1178'. [ 346.097428][ T8543] loop1: detected capacity change from 0 to 64 [ 346.280801][ T8529] Cannot find add_set index 0 as target [ 346.690261][ T8552] input: syz0 as /devices/virtual/input/input19 [ 346.764748][ T8554] loop3: detected capacity change from 0 to 1024 [ 346.825987][ T8554] EXT4-fs error (device loop3): __ext4_fill_super:5447: inode #2: comm syz.3.1185: casefold flag without casefold feature [ 346.864764][ T8554] EXT4-fs (loop3): get root inode failed [ 346.873350][ T8554] EXT4-fs (loop3): mount failed [ 347.114569][ T8554] loop3: detected capacity change from 0 to 256 [ 347.501418][ T8562] loop2: detected capacity change from 0 to 2048 [ 348.231706][ T8572] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000001) [ 348.239695][ T8572] FAT-fs (loop3): Filesystem has been set read-only [ 348.454586][ T8562] Alternate GPT is invalid, using primary GPT. [ 348.455006][ T8575] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1187'. [ 348.501936][ T8562] loop2: p1 p2 p3 [ 348.836173][ T8583] loop4: detected capacity change from 0 to 64 [ 349.511549][ T5162] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 349.566198][ T29] audit: type=1800 audit(1719582043.265:65): pid=8598 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1201" name="bus" dev="sda1" ino=2005 res=0 errno=0 [ 349.586597][ C1] vkms_vblank_simulate: vblank timer overrun [ 349.636739][ T8579] loop5: detected capacity change from 0 to 2048 [ 349.653825][ T8579] EXT4-fs (loop5): invalid inodes per group: 0 [ 349.653825][ T8579] [ 349.732837][ T5162] usb 2-1: Using ep0 maxpacket: 16 [ 349.742266][ T5162] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 349.794999][ T5162] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 349.848516][ T5162] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.898709][ T5162] usb 2-1: config 0 descriptor?? [ 351.663193][ T8613] loop5: detected capacity change from 0 to 1024 [ 351.697712][ T8610] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 351.729566][ T8610] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 351.806022][ T8613] EXT4-fs error (device loop5): __ext4_fill_super:5447: inode #2: comm syz.5.1206: casefold flag without casefold feature [ 351.866801][ T5162] hid (null): unknown global tag 0x14 [ 351.884234][ T5162] hid (null): unknown global tag 0xe [ 351.888769][ T8613] EXT4-fs (loop5): get root inode failed [ 351.898014][ T5162] hid (null): report_id 513379493 is invalid [ 351.905026][ T5162] hid (null): unknown global tag 0xc [ 351.917371][ T5162] hid-generic 0003:0158:0100.0004: unknown main item tag 0x1 [ 351.925219][ T5162] hid-generic 0003:0158:0100.0004: unexpected long global item [ 351.933007][ T8613] EXT4-fs (loop5): mount failed [ 351.941972][ T5162] hid-generic 0003:0158:0100.0004: probe with driver hid-generic failed with error -22 [ 351.996197][ T8620] input: syz0 as /devices/virtual/input/input20 [ 352.217920][ T8613] loop5: detected capacity change from 0 to 256 [ 352.328131][ T8612] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1203'. [ 353.102419][ T8632] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000001) [ 353.110501][ T8632] FAT-fs (loop5): Filesystem has been set read-only [ 353.215600][ T5162] usb 2-1: USB disconnect, device number 2 [ 353.903293][ T29] audit: type=1800 audit(1719582303.612:66): pid=8644 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1217" name="bus" dev="sda1" ino=1991 res=0 errno=0 [ 353.978611][ T8646] loop2: detected capacity change from 0 to 64 [ 354.454624][ T8652] loop5: detected capacity change from 0 to 2048 [ 354.621333][ T8652] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 354.715413][ T29] audit: type=1800 audit(1719582560.392:67): pid=8652 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1219" name="bus" dev="loop5" ino=1367 res=0 errno=0 [ 355.532325][ T8657] loop1: detected capacity change from 0 to 2048 [ 355.626274][ T8657] udf: Unknown parameter 'ioWq$Qp@charset' [ 356.097318][ T8660] loop3: detected capacity change from 0 to 512 [ 356.214658][ T8664] loop1: detected capacity change from 0 to 128 [ 356.249132][ T8664] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 356.411595][ T8664] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 356.795569][ T5103] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 356.807565][ T5103] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 356.832008][ T5103] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 356.846195][ T5103] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 356.857885][ T5103] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 356.872146][ T5103] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 356.938458][ T2441] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.352462][ T2441] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.675666][ T2441] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.045313][ T29] audit: type=1800 audit(1719582563.752:68): pid=8693 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1232" name="bus" dev="sda1" ino=1994 res=0 errno=0 [ 358.246787][ T2441] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.292992][ T8686] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1229'. [ 359.018697][ T5106] Bluetooth: hci1: command tx timeout [ 359.132889][ T8711] loop2: detected capacity change from 0 to 64 [ 359.280152][ T8712] netlink: 201400 bytes leftover after parsing attributes in process `syz.4.1239'. [ 359.393596][ T8674] chnl_net:caif_netlink_parms(): no params data found [ 359.466726][ T2441] bridge_slave_1: left allmulticast mode [ 359.498774][ T2441] bridge_slave_1: left promiscuous mode [ 359.504842][ T2441] bridge0: port 2(bridge_slave_1) entered disabled state [ 359.624150][ T2441] bridge_slave_0: left allmulticast mode [ 359.678306][ T2441] bridge_slave_0: left promiscuous mode [ 359.684537][ T2441] bridge0: port 1(bridge_slave_0) entered disabled state [ 359.998525][ T29] audit: type=1800 audit(1719582821.708:69): pid=8729 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1247" name="bus" dev="sda1" ino=1996 res=0 errno=0 [ 360.164453][ T8735] loop5: detected capacity change from 0 to 16 [ 360.180636][ T8735] erofs: (device loop5): mounted with root inode @ nid 36. [ 361.100277][ T5106] Bluetooth: hci1: command tx timeout [ 361.194321][ T8749] netlink: 201400 bytes leftover after parsing attributes in process `syz.5.1254'. [ 361.413779][ T2441] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 361.447429][ T2441] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 361.484400][ T2441] bond0 (unregistering): Released all slaves [ 361.853624][ T29] audit: type=1804 audit(1719583079.566:70): pid=8767 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.1260" name="/root/syzkaller.lQlbTt/250/file0" dev="sda1" ino=1975 res=1 errno=0 [ 361.900436][ T8767] loop5: detected capacity change from 0 to 1024 [ 361.933407][ T8767] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 363.158124][ T8782] sp0: Synchronizing with TNC [ 363.178413][ T5106] Bluetooth: hci1: command tx timeout [ 363.564967][ T8674] bridge0: port 1(bridge_slave_0) entered blocking state [ 363.590685][ T8674] bridge0: port 1(bridge_slave_0) entered disabled state [ 363.598231][ T8674] bridge_slave_0: entered allmulticast mode [ 363.614037][ T8674] bridge_slave_0: entered promiscuous mode [ 363.625844][ T8674] bridge0: port 2(bridge_slave_1) entered blocking state [ 363.634763][ T8674] bridge0: port 2(bridge_slave_1) entered disabled state [ 363.643572][ T8674] bridge_slave_1: entered allmulticast mode [ 363.658602][ T8674] bridge_slave_1: entered promiscuous mode [ 363.778617][ T2754] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 363.947144][ T8808] loop4: detected capacity change from 0 to 512 [ 363.984657][ T2441] hsr_slave_0: left promiscuous mode [ 363.994841][ T2441] hsr_slave_1: left promiscuous mode [ 363.997474][ T8808] EXT4-fs: Invalid journal IO priority (must be 0-7) [ 364.002334][ T2754] usb 3-1: Using ep0 maxpacket: 16 [ 364.024416][ T2441] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 364.051091][ T2754] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 364.073387][ T2441] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 364.094827][ T2754] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 364.109438][ T2441] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 364.142579][ T2754] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.150948][ T2441] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 364.197393][ T2754] usb 3-1: config 0 descriptor?? [ 364.488440][ T2441] veth1_macvtap: left promiscuous mode [ 364.495965][ T2441] veth0_macvtap: left promiscuous mode [ 364.502951][ T2441] veth1_vlan: left promiscuous mode [ 364.508637][ T2441] veth0_vlan: left promiscuous mode [ 365.258494][ T5106] Bluetooth: hci1: command tx timeout [ 365.669047][ T29] audit: type=1804 audit(1719583083.376:71): pid=8821 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.1280" name="/root/syzkaller.lQlbTt/255/file0" dev="sda1" ino=1971 res=1 errno=0 [ 365.691559][ C1] vkms_vblank_simulate: vblank timer overrun [ 365.721114][ T8821] loop5: detected capacity change from 0 to 1024 [ 365.747593][ T8821] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 365.780944][ T8823] loop4: detected capacity change from 0 to 1024 [ 365.976204][ T8823] hfsplus: bad catalog entry type [ 366.047866][ T8825] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 366.078626][ T8825] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 366.144458][ T2754] hid (null): unknown global tag 0x14 [ 366.163374][ T2754] hid (null): unknown global tag 0xe [ 366.175976][ T2754] hid (null): report_id 513379493 is invalid [ 366.201342][ T2754] hid (null): unknown global tag 0xc [ 366.280936][ T2754] hid-generic 0003:0158:0100.0005: unknown main item tag 0x1 [ 366.306077][ T2754] hid-generic 0003:0158:0100.0005: unexpected long global item [ 366.350219][ T2754] hid-generic 0003:0158:0100.0005: probe with driver hid-generic failed with error -22 [ 367.053336][ T8840] netlink: 'syz.5.1287': attribute type 3 has an invalid length. [ 367.071129][ T8840] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.1287'. [ 367.611157][ T8836] Falling back ldisc for ptm0. [ 368.017374][ T2441] team0 (unregistering): Port device team_slave_1 removed [ 368.057517][ T8844] loop4: detected capacity change from 0 to 1024 [ 368.187599][ T8844] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 368.810589][ T2441] team0 (unregistering): Port device team_slave_0 removed [ 370.043466][ T29] audit: type=1804 audit(1719583087.756:72): pid=8860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1293" name="/root/syzkaller.nf437f/164/file0" dev="sda1" ino=1992 res=1 errno=0 [ 370.139966][ T8861] loop3: detected capacity change from 0 to 1024 [ 370.159900][ T8861] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 370.218492][ T5106] Bluetooth: hci5: command 0x0406 tx timeout [ 370.422803][ T8674] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 370.511209][ T8824] ------------[ cut here ]------------ [ 370.517317][ T8824] WARNING: CPU: 1 PID: 8824 at net/mac80211/rx.c:5345 ieee80211_rx_list+0x14c7/0x2e90 [ 370.527207][ T8824] Modules linked in: [ 370.531468][ T8824] CPU: 1 PID: 8824 Comm: syz.2.1273 Not tainted 6.10.0-rc5-syzkaller-00200-g5bbd9b249880 #0 [ 370.542327][ T8824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 370.552604][ T8824] RIP: 0010:ieee80211_rx_list+0x14c7/0x2e90 [ 370.558655][ T8824] Code: 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e ca 19 00 00 8b 53 70 4c 89 ee 48 89 ef e8 a4 da fd ff e9 fa ef ff ff e8 ca 26 30 f7 90 <0f> 0b 90 e9 15 ec ff ff e8 bc 26 30 f7 90 0f 0b 90 e9 f3 ef ff ff [ 370.578744][ T8824] RSP: 0018:ffffc90014a8eee8 EFLAGS: 00010246 [ 370.584982][ T8824] RAX: 0000000000040000 RBX: 0000000000000000 RCX: ffffc900104e0000 [ 370.593140][ T8824] RDX: 0000000000040000 RSI: ffffffff8a5f0846 RDI: 0000000000000005 [ 370.601268][ T8824] RBP: ffff88802438b140 R08: 0000000000000005 R09: 0000000000000000 SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 370.609354][ T8824] R10: 0000000000000000 R11: 0000000000000003 R12: ffff88802438b140 [ 370.618123][ T8824] R13: ffff88802438b218 R14: 0000000000000000 R15: 0000000000000001 [ 370.626915][ T8824] FS: 00007f6035fff6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 370.635968][ T8824] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 370.642677][ T8824] CR2: 00007f671dc17fa4 CR3: 000000007c536000 CR4: 0000000000350ef0 [ 370.651309][ T8824] Call Trace: [ 370.654657][ T8824] [ 370.657622][ T8824] ? show_regs+0x8c/0xa0 [ 370.662048][ T8824] ? __warn+0xe5/0x3c0 [ 370.666190][ T8824] ? ieee80211_rx_list+0x14c7/0x2e90 [ 370.671653][ T8824] ? report_bug+0x3c0/0x580 [ 370.676226][ T8824] ? handle_bug+0x3d/0x70 [ 370.680698][ T8824] ? exc_invalid_op+0x17/0x50 [ 370.685473][ T8824] ? asm_exc_invalid_op+0x1a/0x20 [ 370.690729][ T8824] ? ieee80211_rx_list+0x14c6/0x2e90 [ 370.696140][ T8824] ? ieee80211_rx_list+0x14c7/0x2e90 [ 370.702389][ T8824] ? ieee80211_rx_list+0x14c6/0x2e90 [ 370.707770][ T8824] ? srso_alias_return_thunk+0x5/0xfbef5 [ 370.713995][ T8824] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 370.720013][ T8824] ? srso_alias_return_thunk+0x5/0xfbef5 [ 370.725804][ T8824] ? __pfx_lock_acquire+0x10/0x10 [ 370.730948][ T8824] ? srso_alias_return_thunk+0x5/0xfbef5 [ 370.736685][ T8824] ? lock_acquire+0x1b1/0x560 [ 370.741495][ T8824] ? srso_alias_return_thunk+0x5/0xfbef5 [ 370.747288][ T8824] ? find_held_lock+0x2d/0x110 [ 370.752240][ T8824] ? srso_alias_return_thunk+0x5/0xfbef5 [ 370.757960][ T8824] ? skb_dequeue+0x126/0x180 [ 370.762703][ T8824] ieee80211_rx_napi+0xdd/0x400 [ 370.767640][ T8824] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 370.773270][ T8824] ? lockdep_hardirqs_on+0x7c/0x110 [ 370.778701][ T8824] ? srso_alias_return_thunk+0x5/0xfbef5 [ 370.784391][ T8824] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 370.790325][ T8824] ieee80211_handle_queued_frames+0xd5/0x130 [ 370.796388][ T8824] ieee80211_stop_device+0x1e/0xe0 [ 370.801658][ T8824] ieee80211_do_stop+0x18bd/0x2200 [ 370.806874][ T8824] ? srso_alias_return_thunk+0x5/0xfbef5 [ 370.812647][ T8824] ? __pfx_ieee80211_do_stop+0x10/0x10 [ 370.818752][ T8824] ? __pfx_lock_release+0x10/0x10 [ 370.823851][ T8824] ? mark_held_locks+0x9f/0xe0 [ 370.829128][ T8824] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 370.835035][ T8824] ieee80211_stop+0x11e/0x6b0 [ 370.839820][ T8824] ? __pfx_ieee80211_stop+0x10/0x10 [ 370.845098][ T8824] __dev_close_many+0x1c8/0x310 [ 370.850114][ T8824] ? __pfx___dev_close_many+0x10/0x10 [ 370.855601][ T8824] ? __pfx_lock_release+0x10/0x10 [ 370.862541][ T8824] dev_close_many+0x24c/0x6a0 [ 370.867295][ T8824] ? srso_alias_return_thunk+0x5/0xfbef5 [ 370.873111][ T8824] ? ref_tracker_alloc+0x2ef/0x5b0 [ 370.878327][ T8824] ? __pfx_dev_close_many+0x10/0x10 [ 370.883593][ T8824] ? srso_alias_return_thunk+0x5/0xfbef5 [ 370.889454][ T8824] ? __mutex_unlock_slowpath+0x164/0x650 [ 370.895304][ T8824] dev_close+0x181/0x230 [ 370.899657][ T8824] ? __pfx_dev_close+0x10/0x10 [ 370.904537][ T8824] nl80211_del_interface+0xec/0x190 [ 370.909867][ T8824] genl_family_rcv_msg