last executing test programs: 32.249961861s ago: executing program 1 (id=149): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x20008000) 32.216386337s ago: executing program 1 (id=150): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x1e2e81) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f0000000100)={0x80, 0x1, 'client1\x00', 0xffffffff80000004, "00000000ffffffe3", "e4a18560d99f00", 0x800000}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 32.215369939s ago: executing program 1 (id=151): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000340)=@generic={&(0x7f0000000300)='./file0\x00', r0}, 0x18) 32.154765278s ago: executing program 1 (id=152): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x80000, 0x0) 32.154614631s ago: executing program 1 (id=153): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) unshare(0x22020400) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40505330, &(0x7f0000000680)={0x800104, 0x2, 0x2, 0x6, 0x97c4, 0xfffffffe}) 29.313246387s ago: executing program 1 (id=246): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000240)={0x2, &(0x7f0000000400)=[{0x28, 0x0, 0x0, 0xfffff010}, {0x6, 0xa5, 0x0, 0xa}]}, 0x10) syz_emit_ethernet(0x46, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff87"], 0x0) 29.228258709s ago: executing program 32 (id=246): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000240)={0x2, &(0x7f0000000400)=[{0x28, 0x0, 0x0, 0xfffff010}, {0x6, 0xa5, 0x0, 0xa}]}, 0x10) syz_emit_ethernet(0x46, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff87"], 0x0) 9.120670146s ago: executing program 2 (id=755): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) socket(0x10, 0x5, 0x0) socket$inet6(0xa, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) syz_clone3(0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r2, &(0x7f0000000140)="1ba0000016001d0d89fdc5cbdd045798707bed4dca141a780f0f8e", 0xff3b, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCGARP(0xffffffffffffffff, 0x8954, 0x0) recvfrom$inet6(r2, &(0x7f0000000000)=""/42, 0x2a, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f00000002c0)=[{&(0x7f0000000000)="48050000150019", 0x7}], 0x1) r3 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r3, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 9.025595683s ago: executing program 2 (id=763): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, 0x0, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18) sendmmsg$sock(r0, &(0x7f0000000280)=[{{0x0, 0x41, &(0x7f0000000080)=[{&(0x7f0000000040)="e5c8811827e8b0", 0x7}], 0x1}}], 0x1, 0x0) 8.954805683s ago: executing program 2 (id=767): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000001100)='./file1\x00', 0x0, &(0x7f0000000200)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@usrjquota}, {@errors_remount}, {@dioread_lock}, {@max_batch_time={'max_batch_time', 0x3d, 0x5}}, {@mblk_io_submit}, {@minixdf}, {@barrier_val}, {@nombcache}, {}]}, 0x45, 0x7b6, &(0x7f0000001140)="$eJzs3c9rG1ceAPDvyPLPZNdeWNjNngwLu4EQeZ31JruwsF72sBQaCLSnHpoYWTGpZStYcoiNaRNKoZdCW3prLzn356X02h+HXtr/oySkrROa0kNxGf2wZVtyrMSWkubzgYne07zRe995ozcvmrEUwBNrPP0nE3EsIl5PIkbrzycR0V9NZSOma+Xura/l0yWJjY1nvkuqZe6ur+WjaZvUkXrmjxHx+SsRJzK76y2vrM7PFIuFpXp+orJweaK8snry0sLMXGGusHh6cmrq1Jl/nDn9UOENN2d++Hr16K03/v/XD6Z/evkPH772RRLTcbS+rjmOgzIe4/V90p/uwm3+d9CV9czHL+6jUNMRkD3MxtChtGP66r1yLEajb6/+Ge5mywCAw/JSRGy009d2DQDwWEtq5///9LodAEC3ND4HuLu+lm8svf1Eortu/zcihobqudr1zVo6W79mN1S9DjpyN9l2ZSSJiLEDqH88It755Pn30iUO6TokQCvXrkfEhbHx3eN/suuehU79rfXTc82Z8R0rjX/QPZ+m859/tpr/ZTbnP9Fi/jPY4r37IO7//s/cPIBq2krnf/9uurftXlP8dWN99dxvqnO+/uTipWIhHdt+GxHHo38wzU/uUcfxOz/fabeuef73/ZsvvJvWnz5ulcjczA5u32Z2pjLzMDE3u3094k/ZVvGn4/9gtf+TNvPfc/X0wH3qeOpfr77dbl0afxpvY9kd/+HauBHxl5b9n2yWSfa8P3GiejhMNA6KFj6ajpF29Y9nt/o/XdL6G/8X6Ia0/0f2jn8sab5fs7zvl968W+yrG6OftSvUfPy3jr/18T+QPFtNN469qzOVytJkxEDy9O7nT21t28g3yqfxH/9z6/d/Y/xrcfw/l77+hX3uiOytb99/8PgPVxr/bEf933Eihu7N97Wrf3/9P7Vtm/2Mf/tt4IPuNwAAAAAAAAAAAAAAAAAAAAAAAADoRCYijkaSyW2mM5lcrvYb3r+PkUyxVK6cuFhaXpyN6m9lj0V/pvFVl6NN34c6Wf8+/Eb+1I783yPidxHx1uBwNZ/Ll4qzvQ4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOqOtPn9/9Q3gzsK9/WihQDAoRhyYgeAJ02Szfa6CQBAtw11VHr40NoBAHRPZ+d/AODXwPkfAJ489zn/7/wzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjUubNn02Xjx/W1fJqfvbKyPF+6cnK2UJ7PLSznc/nS0uXcXKk0Vyzk8qWFti90rfZQLJUuT8Xi8tWJSqFcmSivrJ5fKC0vVs5fWpiZK5wv9HctMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYv/LK6vxMsVhYkuhJYv7LWj88Ku2R6CwR12r996i05+ASMbA1Sgz3ZnACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAz8EgAA//99gB7t") r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], 0x0, 0x0, 0x1}}, 0x3c) 8.852225256s ago: executing program 2 (id=772): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/vlan/vlan1\x00') r1 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r1, 0x8983, 0x0) write$binfmt_script(r0, 0x0, 0x0) r2 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x20) symlinkat(&(0x7f0000000000)='.\x00', r3, &(0x7f0000000140)='./file0\x00') openat(r3, &(0x7f00000000c0)='./file0\x00', 0x515a02, 0x52abe154ad664fa4) socket$unix(0x1, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') 8.794595828s ago: executing program 2 (id=777): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r3}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x87}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x5c93067603d2de2a}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0xe, 0x0, &(0x7f00000003c0)="c274386d178550cb864bd57221bc", 0x0, 0x1200000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 7.917929557s ago: executing program 2 (id=790): r0 = socket$netlink(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x401, 0x28, 0xffffffffffffffff, 0xc}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000018110000000000000004000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010005000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$LINK_DETACH(0x22, &(0x7f0000000140), 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x18) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r4) sendmsg$DEVLINK_CMD_RATE_NEW(r4, &(0x7f0000000540)={0x0, 0xa1ff, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r5, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) r6 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000003c0)=0x2) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r7, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) 1.510382463s ago: executing program 4 (id=907): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x28}, 0x1c) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) 1.452902915s ago: executing program 4 (id=910): r0 = syz_open_dev$evdev(&(0x7f00000001c0), 0x104, 0xa8000) ioctl$EVIOCGNAME(r0, 0x80404506, &(0x7f0000000180)=""/38) 644.990213ms ago: executing program 4 (id=914): socket$unix(0x1, 0x5, 0x0) unshare(0x42000000) close(0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x1c, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x9, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7177}]}, 0x0) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000540)={0x0, @qipcrtr={0x2a, 0x0, 0x2}, @vsock={0x28, 0x0, 0x0, @hyper}, @isdn={0x22, 0x7, 0x6, 0x6, 0x2}, 0x6, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000500)='wg0\x00', 0x9, 0x5, 0x6}) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 643.993329ms ago: executing program 0 (id=916): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x20004, 0x1000, 0x1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018", @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000005f0005"], 0x20}}, 0x0) 602.399771ms ago: executing program 0 (id=919): r0 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 563.844856ms ago: executing program 4 (id=920): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) flock(r1, 0x2) r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) flock(r2, 0x2) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) 563.472621ms ago: executing program 4 (id=922): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0xfc, 0x0, 0x7ffc0002}]}) r0 = socket(0x1000000000000010, 0x80802, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001100)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000200000000000c00095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36b26fb0b71d0e6adfefcf1d8f7faf75e0f226bd99eea7960717142fa9ea4318123741c4a0e168c1886d0d4d94f2f4e345c652fbc16ee988e6e0dc8cedf3ce99fbfbf9b0a4def23d410f6296b32a334388107200759cda9036b4e369a9e152ddcc7f05a5f3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c3b35967deabe802f5ab3e89bd6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ececb0cd2b6d357b85a0218ce740068725837074e098ee207d2f73902fbcfcf49822775985bf32d715f5888b24efa000000000000ffffffdf000000000000000000000089a7b9b00000000000000000000000000000b27cf3d1848a54d7132be1ffb0adf9deab29ea3323aa9fdfb52faf449c3bfd09000000b91ab219efdebb7b3de8f67581cf796a1d4223b9ff7ffcad3f6c962b9f292324b7ab7f91a31cf41ab11f12fb1e0a494034127de7c6592df1a6c64d8f20a67745409e011f1264d43e153b3d34899f40159e800ea2474b544035a30b23bcee46762c2093bcc9eae5dff5adbdee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d337c56abf1128744bab6677fcb78e313841ec309baed0495f06d058a75fa4c81e5c9f42d9383e41d277b10392a912ffaf6f658f3fadd16286744f839c3f128f8f92d0992239eafce5c1b3f97a297c9e49a0c3510ef74080e6d1e0c8a868a353409e34d3e82279637598f37ad380a447483cac394c7bbdcd0e3b1c39b6e00916de48a4e70f03cc4146a77af02c1d4cef5379da860aed8477dfa8ceefb405005c6977c78cdbf37704ec73755539280b064bda154910fe050038ec9e47de89298b7bf4d769ccc18eede00e8ca5457870eb30d211e23ccc8e06cd58b61799257ab55ff413c86ba9affb12ec757c7234c270246c87a901160e6c07bc6cf8809c3a0d46ff7f008000000000ad1e1f493354b2822b98371d000000167d78e65b90eba0768e825972ea3b774a1467c89fa0f82e8440105051e5510a33dcda5e143fbfff161c12ca389cbe4c51b3fa00675cd1b66c5fd9c26a54d43fa050645bd9109b7e7131421c0f39113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a84a4e3344b155cc20f49e298727340e97cdefb40e56e9cfad973347d0de7ba4754ff231a1b033d8f931ba3442b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2ef79b8d4c2ff030000000000000007b82e6044f643068cd47ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c99220002af8c5e53d52c83ac3fa7c3a3ee6c08384865b66d2b4dcb5dd9cba16b64ebbbf8702ae12c77e6e34991a225c120a3c950942fe0bc9f2a1a7506d35e5b439edeb7088aeda890cf8a4a6f31ba6d9b8cb098f935bdcbb29fd0f1a342c9eed00000000ab6648a9dea0b6c91996d65da6c24a702a86c814459f3cdaaf99000000000000000000bfb32c826563c518d0ad23bc83ba3f3757210a057eff7615c868bd7d74233da1a3b56d4e04a7ec4792b1c4cffddbbdcfdd23ab5268f1b3d08ebb8ce498cbaaf5aaab812201d1aba3d70471fcd9b466569f3ef72f39d87fcccab514fc02b70be8629c9b73ce7bc4be7f8be71cb7b2d0a4acff8f6abe7dbad64dfa44966945d93c33b038ce0d890f851811e387723a25dda119f64b35e71c5400000000000000000000000000000034c751ebdf3f20a95b817ea3df3d6c0002a41783058e56c70afe8016b3dd9dc7785b36e609f173cc6b893ecd138289709839747837d6a6283b3452c57a5d44cacd363589845637071320921d22c1663964eddec902fc7cc33158bc306d8c3bdae8108a23d2dc96a5cdb518f58832ec0906aaec43659c79c8ad37b0f961f3beaa3e02f7762c5dd633d13b5e487e996597b2ab42c898b7dd8390e13b395aacce4683e55bcfe8c17615257364365fd48bd77da79e52ce9adfe6dca9c42c4d719347f39ef006c2df747ee6adb7cd04faf05c36de72354c64ebaf28a3de18607ebc4b70f50f71dae565749568a23319232dc213342fb472e98c9a412199ce7976bee5eaf40e60cb3fbe8b92dae5008e92d17d05ce74ffffe74ae71d5b8bd43a4e0bf0390335aa489689f5e3a4ac5adca96caab658b43cd499d95d3876c220d147ad1d0e626621d88f1370982f663793cac52ea0d14e595ff1f56427a0a813bb3b84d31d021eeea8faeff25bb66f5940d08a5509a66fc43962bcb2f7415bc38e355e80ec935aa6fe2d74bd475d89449fb46320fee40faff2fd005549fe6a042bd95decfde5e166971935f4cfd9c9e5bfd2d803644f4e5b7e6dc1a7a35df7134e2fad79269bf24bea4eb0213068e3054d9e4a8d1a9eb032cb390e2016d0ce10549728cb4732dc5adab16fa19ac70780b29e079be27c95d3dd2bd91a584c46d84d430fc6ea31ce0ba62fa27be9f6bc435203da7c3a5d68bf4dd4f81cbfaa1c87a15b9272853c9837db930952dca667194b71815a9eb49b495360dcdf31e0e560857d0541a916d6b5469ac1b36babc5a91e1d58925f20d9d5f8a0da3c30711b0d101cabceffbe072be69613ea0003c6e9bb5cd2413c8ddc17cfa319cf7aaeed0ffb07a08f8fb439f709dfe0732fe42192819870bdd87d5f612ade03540a28be446095269d9ea5a60bba1f2462f9921f2a731dbcf1d03964ea1e4f79514914d37877f57617b60fa2b58aa694fcb023024653c4b73efb12a57ffc6f8943262b77be933051e12bd4d768a422ea652d45b04a9c43b5c97fc3edea7002d51a0a74889334ee"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x29}, 0x48) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000000)=r1, 0x4) sendmsg(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="5500000018007fd500fe01b2a4a280930a06000000a843089100fe800c00080008001100080000002d000f009b2c136ef75afb83de448daa72540d8102d2c55327c43ab82286ef1fdd20642383656d4d2449155037", 0x55}], 0x1}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYRESHEX], 0x0, 0x80, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r2, 0x0, 0xfffffffffffffffd}, 0x18) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="180000000000000000000000000000001801000025332ff00a0aa26c8b8fa895b4f2003ccece62ea668e9d1cccac1c4da3cdadd89d0e88cd0ac3da84acbb0a487de5b5c18a8790f8defc13ba2a6623820b6cc69b44adfadd6c5885b186251af946bcc4db69876234b1d7504a2d89488cb24d90841a4f0dc00d1e38099196d6730c3c34bcc9a247f9554c42622c9b5ebcd9716a4a5dc5135ae58415f032123f085f2c09099cba25bc125aeb6677a58bf9423f19", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa2000000000000070200bf77bdfbf29acb5800f8ffffffb703000008000000b704000000000000850000002400000095de781eade149097a5d40585014f8fc2e16a547fa0b58151ae357183b47c10e6bb33961e76e96e346ac4ab409cd5cfc05f9cbe5f582b3a5da517126912daa507d48e461d926a26f8b4faf43d777426954e0669ecfdb09a0ac1f61bc3cab0ba9cb470ba026fd67a72558f13c03e4b99444048087145b5aa52a5c3b"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) r5 = socket$kcm(0x2, 0x922000000001, 0x106) unshare(0x20040400) setsockopt$sock_attach_bpf(r5, 0x1, 0x25, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18) connect$phonet_pipe(r4, &(0x7f0000000000)={0x23, 0x0, 0x0, 0x1}, 0x10) 526.814158ms ago: executing program 0 (id=924): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x40, 0x2, [@TCA_BASIC_EMATCHES={0x3c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0x1c, 0x2, 0x0, 0x0, {{0x0, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc}, @TCA_EM_META_LVALUE={0x4}]}}]}]}]}}]}, 0x70}}, 0x0) 504.478534ms ago: executing program 0 (id=927): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket(0x400000000010, 0x3, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) sendmsg$nl_route_sched(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r5, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, 0x0, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_IIF={0x8, 0x4, r5}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20008800) 451.352227ms ago: executing program 4 (id=930): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000900)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfffffd9d) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='kmem_cache_free\x00', r3}, 0x18) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) sendfile(r0, r1, 0x0, 0x8000002b) 397.914058ms ago: executing program 0 (id=932): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x4f, 0x0, 0x0, 0x0, 0x1}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) sigaltstack(0x0, 0x0) 396.737311ms ago: executing program 3 (id=933): syz_mount_image$ext4(&(0x7f00000007c0)='ext4\x00', &(0x7f00000006c0)='./file1\x00', 0x40, &(0x7f00000000c0)={[{@user_xattr}, {@nodioread_nolock}]}, 0x1, 0x576, &(0x7f0000000140)="$eJzs3T1sG2UfAPD/neO3X3nf9JXeVwLUoQKkIlV1kn5AYWpXRKVKHZBYIHLcqIoTV7EDTZQh3StEBwSoS9lgYAQxMCAWRlYWEDNSRSOQmg5g5K80TZzglDouud9POvuee87+P8+d/499pzs5gMw62nhII56OiItJxMi6uqFoVx5trbe6slS8v7JUTKJev/RLEklE3FtZKnbWT9rPhyJiOSKeiohv8hHH081xqwuL0xPlcmmuXR6tzVwdrS4snrgyMzFVmirNnnrp5TNnT58ZPzm+/mX36+tL+Z319caPN9+98d2rt29++tmR5eL7E0mci+F23fp+PE6tbZKPcxuWn+5HsAFKBt0AHkmuneeNVPp/jESunfXd1Ed2tWlAn9X3RdSBjErkP2RU53dA4/i3M+3m748751sHII24q+2pVTPUOjcR+5vHJgd/TR46Mmkcbx7ezYayJy1fj4ixoaHNn/+k/fl7dGOPo4H01dfnWztq8/5P18af6DL+DHfOnf5NnfFvddP49yB+bovx72KPMX5/46ePtox/PeKZrvGTtfhJl/hpRLzVY/xbr395dqu6+scRx6J7/I5k+/PDo5evlEtjrceuMb46duSV7fp/cIv4rXO2+5tfM922f5fT2l198e3nzy5vE/+F57bf/922/4GIeK/H+P+998lrW9XduZ7cbfwK2On+TyIft3uM/+K5oz/0uCoAAAAAAAAAALADafNatiQtrM2naaHQuof3f3EwLVeqteOXK/Ozk61r3g5HPu1caTXSKieN8nj7etxO+eSG8qlcO2DuQLNcKFbKkwPuOwAAAAAAAAAAAAAAAAAAADwpDm24//+3XPP+/41/Vw3sVVv/5Tew18l/yK6H8z8ZWDuA3ef7HzKrLv8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/AAAAAAAAAAAAAAAAAAAAAAAAAADoi4sXLjSm+v2VpWKjPDm0MD9defvEZKk6XZiZLxaKlbmrhalKZapcKhQrM3/1fkmlcnUsZuevjdZK1dpodWHxzZnK/GznP0VL+b73CAAAAAAAAAAAAAAAAAAAAP55hptTkhYiIm3Op2mhEPHviDicRHL5Srk0FhH/iYjvc/l9jfL4oBsNAAAAAAAAAAAAAAAAAAAAe0x1YXF6olwuzWVkZmgnK0fE8uNtRuMdd/yqfHtfPSnb0EwWZgY8MAEAAAAAAAAAAAAAAAAAQAY9uOm311f80d8GAQAAAAAAAAAAAAAAAAAAQCalPycR0ZiOjTw/vLH2X8lqrvkcEe/cuvTBtYlabW68sfzu2vLah+3lJwfRfqBXnTzt5DEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQHVhcXqiXC7N9XFm0H0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBR/BgAA///eANcP") socket$inet6_mptcp(0xa, 0x1, 0x106) unshare(0x20000400) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x80000000000, 0x0, 0xfffffffffffff30a, 0x5}, &(0x7f0000000000)={0x1f, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffffffffffe, 0x9}, 0x0, 0x0, 0x0) 338.500503ms ago: executing program 0 (id=935): syz_usbip_server_init(0x1) syz_usbip_server_init(0x1) openat$autofs(0xffffffffffffff9c, 0x0, 0x40002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000900)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0xfffffd9d) sendfile(r1, r2, 0x0, 0x8000002b) 302.409147ms ago: executing program 3 (id=936): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18) sendmmsg$sock(r0, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000080)}}], 0x1, 0x0) 256.345835ms ago: executing program 5 (id=937): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x3c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x3c}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x14, 0x9, 0x6, 0x201}, 0x14}, 0x1, 0x0, 0x0, 0x10000047}, 0x24000004) sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000680)={0x34, 0x6, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x844}, 0x840) 244.266316ms ago: executing program 5 (id=938): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x40, 0x2, [@TCA_BASIC_EMATCHES={0x3c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0x1c, 0x2, 0x0, 0x0, {{0x0, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc}, @TCA_EM_META_LVALUE={0x4}]}}]}]}]}}]}, 0x70}}, 0x0) 219.699121ms ago: executing program 5 (id=939): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_GET(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, r2, 0x1, 0x0, 0x25cfdbfc, {0x54}}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x40010) 186.025812ms ago: executing program 5 (id=940): r0 = socket$kcm(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}}) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@ipv6_newrule={0x30, 0x20, 0x0, 0x70bd25, 0x25dfdbfc, {0xa, 0x10, 0x80, 0x7f, 0x5, 0x0, 0x0, 0x7, 0x19}, [@FRA_SRC={0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}]}, 0x30}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, r3) sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x4040840) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="380000005400e501fcffffff000000000700", @ANYRES32=r5, @ANYBLOB="20000100", @ANYRES32=r5], 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x10) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, 0x0, 0x0) sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x40954}, 0x20040814) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@setlink={0x3c, 0x13, 0x1, 0x4, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, r4}, @IFLA_ALT_IFNAME={0x14, 0x35, 'dummy0\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8004010}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000080)={'dummy0\x00'}) 185.634427ms ago: executing program 3 (id=941): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x20004, 0x1000, 0x1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018", @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000005f0005"], 0x20}}, 0x0) 185.225488ms ago: executing program 5 (id=942): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket(0x400000000010, 0x3, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) sendmsg$nl_route_sched(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r5, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, 0x0, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_IIF={0x8, 0x4, r5}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20008800) 132.960158ms ago: executing program 3 (id=943): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000004c0)='kfree\x00', r0, 0x0, 0x1}, 0x18) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, 0x0, 0x20000091) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]}) r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x9, 0x80, 0x0, 0x0, 0x101, 0x0}) close_range(r1, 0xffffffffffffffff, 0x0) 58.760564ms ago: executing program 3 (id=944): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) getsockname$packet(r2, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="4400000010000104001007fb5c360dff9fe30000", @ANYRES32=r3, @ANYBLOB="0100000000000000240012000c000100627269646765000e140002000800070005"], 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x11, 0x8100, r3, 0x1, 0x0, 0x6, @local}, 0x14) 21.511505ms ago: executing program 3 (id=945): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDGKBSENT(r2, 0x4b48, &(0x7f0000000540)={0x80, "4e25b2ad6240a8f2a153b9456cec0a9ed0d614253c5a90620ceb6fbb8d737bd129fde1d16bfe582cb55f88c00b5a96518ecf05ae060ea2127fbae857e21de7803fcf8e6c3c729f2b7e4f6d15ce810392828c72bd873f9107716607ea1f3d9f73eeab59943249a3e38de6a26a24f69683f9c431253ca56adb8b7566b384f7dd041fdfe0aa2bdc9062f3c3eddbec7386ac0a4c9a2d974ba5ada4ade835435976c88c61eea358cf7859581f83b632fed69b9ba585fd023ca2634cd350ba3de843fa2b886de079238edb74c0d989897ff85799852b44479f686e3740e9b2c7520cdc742f4dbd4e0547f21a13304281a61871c928e8c7998955e5920f6dc703b77ab548e8fe5f921194c1ce65ef3cf183bc783e8a91a8eb457cc6ee51442dc88ea8c735671b78084ce159cf807ad147a843520ffef27b4e5fd00eba7b942532761d9079d699faece0f6ff2c8f460d0d07bb131be743beb35557c02d0827dcbfa1018ec35a96200a5c1a4e71f0b08aec92b4808eca7954987bd1e62624d134880e74609877447b8d5e941aaa5f601a0591a0abfe8d866a251d7baa6d10f85e2274b4915547747cbacff71b2ae462121b3af31b2aa6d8fb4f1d23f7e7042f04ed124c0764bc2642ece794d797f595b49c5139ee33cbd4657c6ec1da60a4fbbf2742ea632362155e0484fda303574ab66de9de754924ffa95944bbefd7c89bbcb9f7a40b"}) 0s ago: executing program 5 (id=946): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b0000000700000008000000a6ad6a"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000000}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r3}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50) kernel console output (not intermixed with test programs): 360697][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 24.361419][ T52] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 24.361972][ T52] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 24.362448][ T52] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 24.362660][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 24.362860][ T52] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 24.363029][ T52] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 24.363290][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 24.363507][ T52] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 24.364378][ T52] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 24.364919][ T52] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 24.365065][ T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 24.365274][ T52] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 24.365798][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 24.367056][ T6128] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 24.367670][ T6558] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 24.367884][ T6558] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 24.368171][ T6558] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 24.368568][ T6128] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 24.368768][ T6128] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 24.368962][ T6128] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 24.370015][ T6128] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 24.377485][ T6128] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 24.386148][ T6562] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 24.393838][ T6562] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 24.528182][ T6550] chnl_net:caif_netlink_parms(): no params data found [ 24.579338][ T6557] chnl_net:caif_netlink_parms(): no params data found [ 24.604907][ T6548] chnl_net:caif_netlink_parms(): no params data found [ 24.616851][ T6550] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.618322][ T6550] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.619849][ T6550] bridge_slave_0: entered allmulticast mode [ 24.621541][ T6550] bridge_slave_0: entered promiscuous mode [ 24.630595][ T6550] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.630654][ T6550] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.630725][ T6550] bridge_slave_1: entered allmulticast mode [ 24.631154][ T6550] bridge_slave_1: entered promiscuous mode [ 24.636910][ T6555] chnl_net:caif_netlink_parms(): no params data found [ 24.671086][ T6550] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 24.677216][ T6548] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.677293][ T6548] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.677358][ T6548] bridge_slave_0: entered allmulticast mode [ 24.677917][ T6548] bridge_slave_0: entered promiscuous mode [ 24.678622][ T6548] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.678637][ T6548] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.678677][ T6548] bridge_slave_1: entered allmulticast mode [ 24.679118][ T6548] bridge_slave_1: entered promiscuous mode [ 24.680801][ T6549] chnl_net:caif_netlink_parms(): no params data found [ 24.688574][ T6550] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 24.701462][ T6557] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.701503][ T6557] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.701558][ T6557] bridge_slave_0: entered allmulticast mode [ 24.701997][ T6557] bridge_slave_0: entered promiscuous mode [ 24.702673][ T6557] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.702737][ T6557] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.702782][ T6557] bridge_slave_1: entered allmulticast mode [ 24.703192][ T6557] bridge_slave_1: entered promiscuous mode [ 24.725333][ T6548] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 24.727632][ T6550] team0: Port device team_slave_0 added [ 24.728487][ T6550] team0: Port device team_slave_1 added [ 24.732475][ T6555] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.732533][ T6555] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.732590][ T6555] bridge_slave_0: entered allmulticast mode [ 24.733005][ T6555] bridge_slave_0: entered promiscuous mode [ 24.735423][ T6555] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.735480][ T6555] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.735528][ T6555] bridge_slave_1: entered allmulticast mode [ 24.735942][ T6555] bridge_slave_1: entered promiscuous mode [ 24.747884][ T6548] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 24.765794][ T6557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 24.768301][ T6557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 24.773439][ T6550] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 24.773461][ T6550] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 24.773485][ T6550] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 24.774416][ T6550] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 24.774423][ T6550] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 24.774438][ T6550] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 24.783088][ T6555] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 24.783358][ T6549] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.783414][ T6549] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.783465][ T6549] bridge_slave_0: entered allmulticast mode [ 24.784940][ T6549] bridge_slave_0: entered promiscuous mode [ 24.786012][ T6549] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.786028][ T6549] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.786081][ T6549] bridge_slave_1: entered allmulticast mode [ 24.786525][ T6549] bridge_slave_1: entered promiscuous mode [ 24.802370][ T6548] team0: Port device team_slave_0 added [ 24.808699][ T6555] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 24.817696][ T6557] team0: Port device team_slave_0 added [ 24.818921][ T6557] team0: Port device team_slave_1 added [ 24.820258][ T6548] team0: Port device team_slave_1 added [ 24.825211][ T6550] hsr_slave_0: entered promiscuous mode [ 24.826686][ T6550] hsr_slave_1: entered promiscuous mode [ 24.835546][ T6549] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 24.838349][ T6549] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 24.850381][ T6548] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 24.851724][ T6548] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 24.853890][ T6548] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 24.854674][ T6555] team0: Port device team_slave_0 added [ 24.855697][ T6548] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 24.855707][ T6548] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 24.855725][ T6548] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 24.866486][ T6557] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 24.866514][ T6557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 24.866528][ T6557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 24.867338][ T6557] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 24.867345][ T6557] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 24.867356][ T6557] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 24.882899][ T6555] team0: Port device team_slave_1 added [ 24.896936][ T6557] hsr_slave_0: entered promiscuous mode [ 24.897242][ T6557] hsr_slave_1: entered promiscuous mode [ 24.897421][ T6557] debugfs: 'hsr0' already exists in 'hsr' [ 24.897457][ T6557] Cannot create hsr debugfs directory [ 24.906151][ T6555] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 24.906170][ T6555] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 24.906184][ T6555] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 24.906680][ T6555] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 24.906687][ T6555] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 24.906697][ T6555] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 24.921225][ T6549] team0: Port device team_slave_0 added [ 24.922028][ T6549] team0: Port device team_slave_1 added [ 24.939359][ T6555] hsr_slave_0: entered promiscuous mode [ 24.939678][ T6555] hsr_slave_1: entered promiscuous mode [ 24.939859][ T6555] debugfs: 'hsr0' already exists in 'hsr' [ 24.939869][ T6555] Cannot create hsr debugfs directory [ 24.948433][ T6549] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 24.948458][ T6549] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 24.948471][ T6549] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 24.957212][ T6548] hsr_slave_0: entered promiscuous mode [ 24.958545][ T6548] hsr_slave_1: entered promiscuous mode [ 24.959798][ T6548] debugfs: 'hsr0' already exists in 'hsr' [ 24.960810][ T6548] Cannot create hsr debugfs directory [ 24.965915][ T6549] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 24.966955][ T6549] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 24.970823][ T6549] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 25.022788][ T6549] hsr_slave_0: entered promiscuous mode [ 25.024224][ T6549] hsr_slave_1: entered promiscuous mode [ 25.025609][ T6549] debugfs: 'hsr0' already exists in 'hsr' [ 25.027570][ T6549] Cannot create hsr debugfs directory [ 25.110673][ T6550] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 25.119651][ T6550] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 25.122166][ T6550] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 25.126824][ T6550] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 25.149383][ T6557] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 25.151805][ T6557] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 25.155202][ T6557] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 25.159595][ T6557] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 25.174809][ T6550] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.174855][ T6550] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.175009][ T6550] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.175032][ T6550] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.181078][ T6555] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 25.183355][ T6555] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 25.186015][ T6555] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 25.188142][ T6555] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 25.202099][ T6557] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.202149][ T6557] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.202219][ T6557] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.202246][ T6557] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.210314][ T6555] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.210357][ T6555] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.210509][ T6555] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.210532][ T6555] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.240420][ T6548] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 25.242914][ T6548] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 25.247224][ T6548] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 25.250945][ T6557] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.256432][ T6548] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 25.271123][ T6550] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.278661][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.279937][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.282188][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.283350][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.286489][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.288264][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.301235][ T6555] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.303423][ T6557] 8021q: adding VLAN 0 to HW filter on device team0 [ 25.311765][ T6550] 8021q: adding VLAN 0 to HW filter on device team0 [ 25.315690][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.315776][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.316136][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.316152][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.319504][ T6555] 8021q: adding VLAN 0 to HW filter on device team0 [ 25.329422][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.329458][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.332496][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.332526][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.341214][ T6557] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 25.343072][ T6557] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 25.345928][ T6549] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 25.348180][ T6549] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 25.357549][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.357737][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.361255][ T6549] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 25.363477][ T6549] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 25.372170][ T2157] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.372207][ T2157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.441933][ T6557] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 25.447910][ T6548] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.475774][ T6548] 8021q: adding VLAN 0 to HW filter on device team0 [ 25.488609][ T6550] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 25.493170][ T6549] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.494581][ T2157] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.494603][ T2157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.494933][ T2157] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.494950][ T2157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.502985][ T6557] veth0_vlan: entered promiscuous mode [ 25.510482][ T6555] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 25.512480][ T6557] veth1_vlan: entered promiscuous mode [ 25.523332][ T6550] veth0_vlan: entered promiscuous mode [ 25.531443][ T6550] veth1_vlan: entered promiscuous mode [ 25.544521][ T6555] veth0_vlan: entered promiscuous mode [ 25.547253][ T6555] veth1_vlan: entered promiscuous mode [ 25.550441][ T6549] 8021q: adding VLAN 0 to HW filter on device team0 [ 25.565528][ T2157] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.565576][ T2157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.572143][ T6550] veth0_macvtap: entered promiscuous mode [ 25.573117][ T1469] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.573134][ T1469] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.577126][ T6557] veth0_macvtap: entered promiscuous mode [ 25.587675][ T6550] veth1_macvtap: entered promiscuous mode [ 25.602749][ T6557] veth1_macvtap: entered promiscuous mode [ 25.609236][ T6550] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 25.610760][ T6550] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 25.614266][ T2157] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.622435][ T6555] veth0_macvtap: entered promiscuous mode [ 25.623999][ T2157] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.625553][ T2157] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.627077][ T2157] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.633407][ T6557] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 25.635876][ T6555] veth1_macvtap: entered promiscuous mode [ 25.645471][ T6555] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 25.649229][ T6555] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 25.651418][ T6557] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 25.662560][ T4887] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.662639][ T4887] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.662685][ T4887] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.662837][ T4887] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.686706][ T15] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.693947][ T6548] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 25.699742][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 25.701264][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 25.711437][ T15] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.711492][ T15] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.711520][ T15] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.720196][ T6549] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 25.737430][ T1469] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 25.737463][ T1469] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 25.780099][ T6549] veth0_vlan: entered promiscuous mode [ 25.781592][ T6549] veth1_vlan: entered promiscuous mode [ 25.781657][ T4887] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 25.781666][ T4887] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 25.805013][ T15] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 25.805043][ T15] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 25.808194][ T6550] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 25.818230][ T6549] veth0_macvtap: entered promiscuous mode [ 25.832221][ T6549] veth1_macvtap: entered promiscuous mode [ 25.834970][ T4887] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 25.834993][ T4887] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 25.849872][ T1469] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 25.849907][ T1469] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 25.869277][ T6549] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 25.886503][ T6549] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 25.891814][ T6667] loop2: detected capacity change from 0 to 1024 [ 25.916910][ T6548] veth0_vlan: entered promiscuous mode [ 25.917118][ T2157] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.917189][ T2157] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.917212][ T2157] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.917230][ T2157] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.953502][ T6548] veth1_vlan: entered promiscuous mode [ 25.983460][ T6548] veth0_macvtap: entered promiscuous mode [ 25.988316][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 25.989896][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 26.261335][ T6548] veth1_macvtap: entered promiscuous mode [ 26.263837][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 26.263863][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 26.278327][ T6548] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 26.285081][ T6548] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 26.291545][ T15] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.291627][ T15] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.291656][ T15] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.291679][ T15] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.352891][ T1469] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 26.352925][ T1469] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 26.358518][ T31] audit: type=1326 audit(26.330:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6675 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb555c068 code=0x7ffc0000 [ 26.364492][ T31] audit: type=1326 audit(26.340:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6675 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=279 compat=0 ip=0xffffb555c068 code=0x7ffc0000 [ 26.367850][ T31] audit: type=1326 audit(26.340:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6675 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffffb555c09c code=0x7ffc0000 [ 26.384271][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 26.384298][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 26.400689][ T1469] hfsplus: b-tree write err: -5, ino 3 [ 26.417543][ T31] audit: type=1326 audit(26.390:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6675 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffffb555a730 code=0x7ffc0000 [ 26.424002][ T6128] Bluetooth: hci1: command tx timeout [ 26.424804][ T6561] Bluetooth: hci4: command tx timeout [ 26.424895][ T6561] Bluetooth: hci3: command tx timeout [ 26.424958][ T6561] Bluetooth: hci0: command tx timeout [ 26.425015][ T6561] Bluetooth: hci2: command tx timeout [ 26.428713][ T6670] loop3: detected capacity change from 0 to 32768 [ 26.474718][ T31] audit: type=1326 audit(26.450:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6675 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=215 compat=0 ip=0xffffb555c10c code=0x7ffc0000 [ 26.480080][ T31] audit: type=1326 audit(26.450:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6675 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffb555a594 code=0x7ffc0000 [ 26.483804][ T31] audit: type=1326 audit(26.460:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6675 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffffb555bb90 code=0x7ffc0000 [ 26.490199][ T6676] loop1: detected capacity change from 0 to 40427 [ 26.493193][ T31] audit: type=1326 audit(26.460:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6675 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=57 compat=0 ip=0xffffb555a96c code=0x7ffc0000 [ 26.497710][ T31] audit: type=1326 audit(26.460:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6675 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=57 compat=0 ip=0xffffb555a96c code=0x7ffc0000 [ 26.497762][ T31] audit: type=1326 audit(26.460:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6675 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=34 compat=0 ip=0xffffb555a474 code=0x7ffc0000 [ 26.507337][ T6676] F2FS-fs (loop1): Small segment_count (9 < 1 * 24) [ 26.509497][ T6676] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 26.600556][ T6676] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 26.919192][ T6693] loop4: detected capacity change from 0 to 64 [ 26.943439][ T6676] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 26.943517][ T6676] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 26.961610][ T6670] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow [ 26.961651][ T6670] allowing incompatible features above 0.0: (unknown version) [ 26.961672][ T6670] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 26.961689][ T6670] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0 [ 26.961719][ T6670] bcachefs (loop3): initializing new filesystem [ 26.974778][ T6670] bcachefs (loop3): going read-write [ 27.006245][ T6670] bcachefs (loop3): marking superblocks [ 27.023970][ T6670] bcachefs (loop3): initializing freespace [ 27.029769][ T6670] bcachefs (loop3): done initializing freespace [ 27.038549][ T6670] bcachefs (loop3): reading snapshots table [ 27.038605][ T6670] bcachefs (loop3): reading snapshots done [ 27.069484][ T6549] syz-executor: attempt to access beyond end of device [ 27.069484][ T6549] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 27.069629][ T6549] CPU: 1 UID: 0 PID: 6549 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 27.069640][ T6549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 27.069645][ T6549] Call trace: [ 27.069647][ T6549] show_stack+0x2c/0x3c (C) [ 27.069659][ T6549] __dump_stack+0x30/0x40 [ 27.069665][ T6549] dump_stack_lvl+0xd8/0x12c [ 27.069671][ T6549] dump_stack+0x1c/0x28 [ 27.069675][ T6549] f2fs_handle_critical_error+0x34c/0x4b8 [ 27.069685][ T6549] f2fs_stop_checkpoint+0x5c/0x70 [ 27.069693][ T6549] f2fs_write_end_io+0x768/0xa70 [ 27.069700][ T6549] bio_endio+0x804/0x840 [ 27.069709][ T6549] submit_bio_noacct+0x158/0x176c [ 27.069715][ T6549] submit_bio+0x3b4/0x550 [ 27.069720][ T6549] f2fs_submit_write_bio+0x13c/0x324 [ 27.069726][ T6549] __submit_merged_bio+0x254/0x704 [ 27.069732][ T6549] __submit_merged_write_cond+0x23c/0x4ac [ 27.069738][ T6549] f2fs_write_data_pages+0x1d28/0x2634 [ 27.069744][ T6549] do_writepages+0x270/0x468 [ 27.069752][ T6549] filemap_fdatawrite+0x14c/0x1f4 [ 27.069760][ T6549] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 27.069766][ T6549] f2fs_write_checkpoint+0x690/0x16a0 [ 27.069771][ T6549] kill_f2fs_super+0x21c/0x584 [ 27.069777][ T6549] deactivate_locked_super+0xc4/0x12c [ 27.069785][ T6549] deactivate_super+0xe0/0x100 [ 27.069791][ T6549] cleanup_mnt+0x31c/0x3ac [ 27.069804][ T6549] __cleanup_mnt+0x20/0x30 [ 27.069809][ T6549] task_work_run+0x1dc/0x260 [ 27.069818][ T6549] do_notify_resume+0x174/0x1f4 [ 27.069827][ T6549] el0_svc+0xb8/0x180 [ 27.069835][ T6549] el0t_64_sync_handler+0x84/0x12c [ 27.069841][ T6549] el0t_64_sync+0x198/0x19c [ 27.071262][ T6549] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 27.071324][ T6549] CPU: 1 UID: 0 PID: 6549 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 27.071333][ T6549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 27.071337][ T6549] Call trace: [ 27.071340][ T6549] show_stack+0x2c/0x3c (C) [ 27.071349][ T6549] __dump_stack+0x30/0x40 [ 27.071355][ T6549] dump_stack_lvl+0xd8/0x12c [ 27.071360][ T6549] dump_stack+0x1c/0x28 [ 27.071365][ T6549] f2fs_handle_critical_error+0x34c/0x4b8 [ 27.071372][ T6549] f2fs_stop_checkpoint+0x5c/0x70 [ 27.071379][ T6549] f2fs_write_end_io+0x768/0xa70 [ 27.071386][ T6549] bio_endio+0x804/0x840 [ 27.071392][ T6549] submit_bio_noacct+0x158/0x176c [ 27.071397][ T6549] submit_bio+0x3b4/0x550 [ 27.071401][ T6549] f2fs_submit_write_bio+0x13c/0x324 [ 27.071407][ T6549] __submit_merged_bio+0x254/0x704 [ 27.071417][ T6549] __submit_merged_write_cond+0x23c/0x4ac [ 27.071423][ T6549] f2fs_write_data_pages+0x1d28/0x2634 [ 27.071430][ T6549] do_writepages+0x270/0x468 [ 27.071437][ T6549] filemap_fdatawrite+0x14c/0x1f4 [ 27.071445][ T6549] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 27.071450][ T6549] f2fs_write_checkpoint+0x690/0x16a0 [ 27.071456][ T6549] kill_f2fs_super+0x21c/0x584 [ 27.071462][ T6549] deactivate_locked_super+0xc4/0x12c [ 27.071470][ T6549] deactivate_super+0xe0/0x100 [ 27.071476][ T6549] cleanup_mnt+0x31c/0x3ac [ 27.071481][ T6549] __cleanup_mnt+0x20/0x30 [ 27.071486][ T6549] task_work_run+0x1dc/0x260 [ 27.071492][ T6549] do_notify_resume+0x174/0x1f4 [ 27.071498][ T6549] el0_svc+0xb8/0x180 [ 27.071504][ T6549] el0t_64_sync_handler+0x84/0x12c [ 27.071509][ T6549] el0t_64_sync+0x198/0x19c [ 27.072434][ T6670] bcachefs (loop3): done starting filesystem [ 27.073283][ T6549] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 27.152652][ T6688] loop2: detected capacity change from 0 to 32768 [ 27.159992][ T6688] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.7 (6688) [ 27.183018][ T6698] Bluetooth: MGMT ver 1.23 [ 27.187700][ T6698] loop0: detected capacity change from 0 to 512 [ 27.234481][ T6698] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 27.247539][ T6688] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 27.247604][ T6688] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm [ 27.529165][ T6688] BTRFS info (device loop2): rebuilding free space tree [ 27.537590][ T6550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 27.553231][ T6688] BTRFS info (device loop2): disabling free space tree [ 27.553276][ T6688] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 27.553297][ T6688] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 27.589282][ T6721] loop4: detected capacity change from 0 to 2048 [ 27.589649][ T6721] EXT4-fs: Ignoring removed mblk_io_submit option [ 27.633059][ T6557] bcachefs (loop3): shutting down [ 27.635802][ T6557] bcachefs (loop3): going read-only [ 27.635933][ T6557] bcachefs (loop3): finished waiting for writes to stop [ 27.674851][ T6557] bcachefs (loop3): flushing journal and stopping allocators, journal seq 3 [ 27.682608][ T6721] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 27.703264][ T6723] loop0: detected capacity change from 0 to 40427 [ 27.705645][ T6723] F2FS-fs: heap/no_heap options were deprecated [ 27.736255][ T6723] F2FS-fs (loop0): Wrong secs_per_zone / total_sections (4285726721, 24) [ 27.736302][ T6723] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 27.739904][ T6723] F2FS-fs (loop0): invalid crc value [ 27.768774][ T6721] overlayfs: fs on './file0/../file0' does not support file handles, falling back to index=off,nfs_export=off. [ 27.768844][ T6721] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 27.779166][ T6555] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 27.782357][ T6557] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3 [ 27.785567][ T6557] bcachefs (loop3): clean shutdown complete, journal seq 4 [ 27.787643][ T6557] bcachefs (loop3): marking filesystem clean [ 27.789039][ T6723] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 27.792744][ T6723] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 27.792784][ T6723] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 28.131564][ T6557] bcachefs (loop3): shutdown complete [ 28.152163][ T6548] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 28.241474][ T6736] F2FS-fs (loop0): Corrupted max_depth of 3: 127 [ 28.507643][ T6739] use of bytesused == 0 is deprecated and will be removed in the future, [ 28.507673][ T6739] use the actual size instead. [ 28.511031][ T6562] Bluetooth: hci2: command tx timeout [ 28.511074][ T6562] Bluetooth: hci0: command tx timeout [ 28.511091][ T6562] Bluetooth: hci3: command tx timeout [ 28.511105][ T6562] Bluetooth: hci4: command tx timeout [ 28.511117][ T6562] Bluetooth: hci1: command tx timeout [ 29.065318][ T6747] loop1: detected capacity change from 0 to 32768 [ 29.102872][ T6755] syz.2.18 uses obsolete (PF_INET,SOCK_PACKET) [ 29.468043][ T6784] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 29.523423][ T6789] netlink: 4 bytes leftover after parsing attributes in process `syz.2.33'. [ 29.536110][ T6789] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 29.536153][ T6789] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 29.538006][ T6789] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 29.538019][ T6789] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 29.583277][ T6798] : renamed from bond0 (while UP) [ 29.735458][ T6804] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 29.735666][ T6804] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 29.742910][ T6804] all: renamed from lo (while UP) [ 29.762552][ T6804] netlink: 'syz.4.39': attribute type 13 has an invalid length. [ 29.764345][ T6804] netlink: 'syz.4.39': attribute type 17 has an invalid length. [ 29.804700][ T6804] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 29.876685][ T6815] loop3: detected capacity change from 0 to 32768 [ 29.877096][ T6815] btrfs: Deprecated parameter 'usebackuproot' [ 29.877164][ T6815] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 29.877176][ T6815] btrfs: Unknown parameter 'check_int' [ 30.036747][ T6820] loop3: detected capacity change from 0 to 2048 [ 30.057990][ T6820] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 30.067606][ T6557] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 30.298629][ T6838] loop3: detected capacity change from 0 to 512 [ 30.387868][ T6847] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.55' sets config #0 [ 30.397249][ T6849] loop4: detected capacity change from 0 to 512 [ 30.400418][ T6849] EXT4-fs warning (device loop4): ext4_multi_mount_protect:292: Invalid MMP block in superblock [ 30.426529][ T6853] process 'syz.2.57' launched './file1' with NULL argv: empty string added [ 30.428480][ T6851] loop3: detected capacity change from 0 to 512 [ 30.432610][ T6851] EXT4-fs: Ignoring removed oldalloc option [ 30.439031][ T6851] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 30.439073][ T6851] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 30.445675][ T6851] EXT4-fs (loop3): 1 truncate cleaned up [ 30.446135][ T6851] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 30.458716][ T6859] vhci_hcd: invalid port number 254 [ 30.458742][ T6859] vhci_hcd: GetPortErrorCount req not supported for USB 2.0 roothub [ 30.482216][ T6861] 9pnet_fd: Insufficient options for proto=fd [ 30.482770][ T6861] netlink: 28 bytes leftover after parsing attributes in process `syz.2.61'. [ 30.482788][ T6861] netlink: 32 bytes leftover after parsing attributes in process `syz.2.61'. [ 30.482799][ T6861] netlink: 28 bytes leftover after parsing attributes in process `syz.2.61'. [ 30.483431][ T6861] netlink: 32 bytes leftover after parsing attributes in process `syz.2.61'. [ 30.496266][ T6557] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 30.568738][ T6873] netlink: 'syz.2.65': attribute type 4 has an invalid length. [ 30.570698][ T6869] loop0: detected capacity change from 0 to 2048 [ 30.583891][ T6128] Bluetooth: hci1: command tx timeout [ 30.584277][ T6128] Bluetooth: hci4: command tx timeout [ 30.584305][ T6128] Bluetooth: hci3: command tx timeout [ 30.584323][ T6128] Bluetooth: hci0: command tx timeout [ 30.584338][ T6128] Bluetooth: hci2: command tx timeout [ 30.592210][ T6873] netlink: 'syz.2.65': attribute type 4 has an invalid length. [ 30.597122][ T6784] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 30.607174][ T6869] EXT4-fs (loop0): failed to initialize system zone (-117) [ 30.607250][ T6869] EXT4-fs (loop0): mount failed [ 30.639455][ T6784] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 30.641916][ T6880] loop4: detected capacity change from 0 to 1024 [ 30.642645][ T6880] ======================================================= [ 30.642645][ T6880] WARNING: The mand mount option has been deprecated and [ 30.642645][ T6880] and is ignored by this kernel. Remove the mand [ 30.642645][ T6880] option from the mount to silence this warning. [ 30.642645][ T6880] ======================================================= [ 30.642723][ T6880] EXT4-fs: Ignoring removed nobh option [ 30.642735][ T6880] EXT4-fs: Ignoring removed bh option [ 30.688657][ T6880] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 30.719302][ T6784] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 30.748605][ T6896] loop0: detected capacity change from 0 to 512 [ 30.757130][ T6896] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 30.777432][ T6896] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.75: invalid indirect mapped block 4294967295 (level 0) [ 30.781597][ T6896] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.75: invalid indirect mapped block 4294967295 (level 1) [ 30.788368][ T6896] EXT4-fs (loop0): 1 orphan inode deleted [ 30.788401][ T6896] EXT4-fs (loop0): 1 truncate cleaned up [ 30.795925][ T6896] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 30.827570][ T12] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.834735][ T42] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.835735][ T42] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.836113][ T42] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.837182][ T6550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 30.838416][ T6548] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 30.840937][ T6907] loop3: detected capacity change from 0 to 512 [ 30.862485][ T6913] netlink: 'syz.0.81': attribute type 3 has an invalid length. [ 30.870568][ T6909] loop1: detected capacity change from 0 to 2048 [ 30.880063][ T6907] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 30.880865][ T6907] EXT4-fs (loop3): mount failed [ 30.902778][ T6909] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 30.955141][ T6925] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 30.963497][ T6549] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 31.075328][ T6931] loop3: detected capacity change from 0 to 2048 [ 31.138204][ T6567] loop3: p2 p3 p7 [ 31.156163][ T6931] loop3: p2 p3 p7 [ 31.198474][ T6537] udevd[6537]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 31.202382][ T6539] udevd[6539]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory [ 31.205800][ T6567] udevd[6567]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 31.222973][ T6537] udevd[6537]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 31.227440][ T6539] udevd[6539]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory [ 31.230734][ T6567] udevd[6567]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 31.315892][ T6951] netlink: 20 bytes leftover after parsing attributes in process `syz.3.97'. [ 31.315934][ T6951] netlink: 8 bytes leftover after parsing attributes in process `syz.3.97'. [ 31.317983][ T6951] vlan2: entered promiscuous mode [ 31.317995][ T6951] gretap0: entered promiscuous mode [ 31.335077][ T6953] netlink: 'syz.1.98': attribute type 1 has an invalid length. [ 31.336743][ T6953] netlink: 224 bytes leftover after parsing attributes in process `syz.1.98'. [ 31.376601][ T31] kauditd_printk_skb: 173 callbacks suppressed [ 31.376638][ T31] audit: type=1326 audit(31.350:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6959 comm="syz.3.101" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbbd5c068 code=0x7ffc0000 [ 31.377003][ T31] audit: type=1326 audit(31.350:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6959 comm="syz.3.101" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbbd5c068 code=0x7ffc0000 [ 31.377517][ T31] audit: type=1326 audit(31.350:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6959 comm="syz.3.101" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffffbbd5c068 code=0x7ffc0000 [ 31.377601][ T31] audit: type=1326 audit(31.350:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6959 comm="syz.3.101" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbbd5c068 code=0x7ffc0000 [ 31.377717][ T31] audit: type=1326 audit(31.350:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6959 comm="syz.3.101" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffffbbd5c068 code=0x7ffc0000 [ 31.377772][ T31] audit: type=1326 audit(31.350:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6959 comm="syz.3.101" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbbd5c068 code=0x7ffc0000 [ 31.377839][ T31] audit: type=1326 audit(31.350:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6959 comm="syz.3.101" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbbd5c068 code=0x7ffc0000 [ 31.377938][ T31] audit: type=1326 audit(31.350:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6959 comm="syz.3.101" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffbbd5c068 code=0x7ffc0000 [ 31.378098][ T31] audit: type=1326 audit(31.350:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6959 comm="syz.3.101" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbbd5c068 code=0x7ffc0000 [ 31.378152][ T31] audit: type=1326 audit(31.350:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6959 comm="syz.3.101" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbbd5c068 code=0x7ffc0000 [ 31.430956][ T6964] $Hÿ: renamed from bond0 (while UP) [ 31.449331][ T6964] $Hÿ: entered promiscuous mode [ 31.451033][ T6964] bond_slave_0: entered promiscuous mode [ 31.452278][ T6964] bond_slave_1: entered promiscuous mode [ 31.489717][ T6969] loop3: detected capacity change from 0 to 1024 [ 31.502141][ T6969] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 31.525162][ T6969] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 1: comm syz.3.105: lblock 1 mapped to illegal pblock 1 (length 3) [ 31.526481][ T6969] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 3 with error 117 [ 31.526512][ T6969] EXT4-fs (loop3): This should not happen!! Data will be lost [ 31.526512][ T6969] [ 31.566903][ T6557] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 31.763162][ T7020] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 31.808252][ T7025] loop1: detected capacity change from 0 to 512 [ 31.810506][ T7025] journal_path: Non-blockdev passed as './bus' [ 31.811865][ T7025] EXT4-fs: error: could not find journal device path [ 32.019472][ T7057] netlink: 12 bytes leftover after parsing attributes in process `syz.0.138'. [ 32.229053][ T7072] loop0: detected capacity change from 0 to 8192 [ 32.557859][ T7112] netlink: 8 bytes leftover after parsing attributes in process `syz.4.161'. [ 32.559898][ T7113] loop2: detected capacity change from 0 to 512 [ 32.567598][ T7113] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 32.567711][ T7113] EXT4-fs (loop2): orphan cleanup on readonly fs [ 32.567949][ T7113] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 32.568143][ T7113] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 32.569054][ T7113] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.160: bg 0: block 40: padding at end of block bitmap is not set [ 32.569184][ T7113] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 32.569563][ T7113] EXT4-fs (loop2): 1 truncate cleaned up [ 32.570007][ T7113] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 32.587682][ T6555] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.589219][ T7116] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0 [ 32.656184][ T7124] rdma_op 00000000598108a2 conn xmit_rdma 0000000000000000 [ 32.659879][ T7124] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 32.663085][ T7124] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 32.664493][ T6562] Bluetooth: hci2: command tx timeout [ 32.664518][ T6562] Bluetooth: hci0: command tx timeout [ 32.664535][ T6562] Bluetooth: hci3: command tx timeout [ 32.664549][ T6562] Bluetooth: hci4: command tx timeout [ 32.847816][ T7142] Zero length message leads to an empty skb [ 33.073071][ T7163] loop4: detected capacity change from 0 to 1024 [ 33.076286][ T7163] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 33.078209][ T7163] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 33.085300][ T7163] JBD2: no valid journal superblock found [ 33.086499][ T7163] EXT4-fs (loop4): Could not load journal inode [ 33.116823][ T26] cfg80211: failed to load regulatory.db [ 33.352733][ T7200] loop4: detected capacity change from 0 to 512 [ 33.357822][ T7200] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 33.374781][ T7200] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #16: comm syz.4.201: invalid indirect mapped block 4294967295 (level 0) [ 33.375101][ T7200] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #16: comm syz.4.201: invalid indirect mapped block 4294967295 (level 1) [ 33.375752][ T7200] EXT4-fs (loop4): 1 orphan inode deleted [ 33.375764][ T7200] EXT4-fs (loop4): 1 truncate cleaned up [ 33.376491][ T7200] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.388143][ T6548] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.409480][ T7205] loop4: detected capacity change from 0 to 1024 [ 33.409890][ T7205] EXT4-fs: Ignoring removed orlov option [ 33.409901][ T7205] EXT4-fs: Ignoring removed nomblk_io_submit option [ 33.418683][ T7205] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.433986][ T6548] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.460027][ T7210] loop4: detected capacity change from 0 to 2048 [ 33.485043][ T6567] Alternate GPT is invalid, using primary GPT. [ 33.485091][ T6567] loop4: p1 p2 p3 [ 33.490429][ T7210] Alternate GPT is invalid, using primary GPT. [ 33.492048][ T7210] loop4: p1 p2 p3 [ 33.526346][ T6567] udevd[6567]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 33.531639][ T6539] udevd[6539]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 33.536121][ T6537] udevd[6537]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 33.544999][ T6537] udevd[6537]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 34.064670][ T7234] loop0: detected capacity change from 0 to 512 [ 34.066473][ T7234] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 34.069621][ T7234] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.213: invalid indirect mapped block 4294967295 (level 0) [ 34.069873][ T7234] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.213: invalid indirect mapped block 4294967295 (level 1) [ 34.071311][ T7234] EXT4-fs (loop0): 1 orphan inode deleted [ 34.071323][ T7234] EXT4-fs (loop0): 1 truncate cleaned up [ 34.087111][ T7234] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 34.101939][ T6550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.205557][ T7237] geneve2: entered promiscuous mode [ 34.205591][ T7237] geneve2: entered allmulticast mode [ 34.206304][ T6752] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 34.206417][ T6752] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 34.206442][ T6752] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 34.206454][ T6752] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 34.259252][ T7241] loop0: detected capacity change from 0 to 2048 [ 34.294287][ T7241] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 34.363196][ T7254] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.216: bg 0: block 345: padding at end of block bitmap is not set [ 34.366986][ T7254] EXT4-fs (loop0): Remounting filesystem read-only [ 34.369618][ T42] EXT4-fs warning (device loop0): ext4_convert_unwritten_extents:4984: inode #15: block 1: len 15: ext4_ext_map_blocks returned -30 [ 34.396097][ T6550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.481696][ T7264] syz.3.225 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 34.652255][ T7280] loop3: detected capacity change from 0 to 512 [ 34.658700][ T7280] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 34.661101][ T7286] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 34.679838][ T7280] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.231: Failed to acquire dquot type 1 [ 34.683789][ T7280] EXT4-fs (loop3): 1 truncate cleaned up [ 34.685370][ T7280] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.732776][ T6557] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.819182][ T7301] __nla_validate_parse: 3 callbacks suppressed [ 34.820425][ T7301] netlink: 268 bytes leftover after parsing attributes in process `syz.3.235'. [ 34.960752][ T7317] loop9: detected capacity change from 0 to 7 [ 34.961083][ T7317] Buffer I/O error on dev loop9, logical block 0, async page read [ 34.961128][ T7317] Buffer I/O error on dev loop9, logical block 0, async page read [ 34.961163][ T7317] Buffer I/O error on dev loop9, logical block 0, async page read [ 34.961195][ T7317] Buffer I/O error on dev loop9, logical block 0, async page read [ 34.961233][ T7317] Buffer I/O error on dev loop9, logical block 0, async page read [ 34.961267][ T7317] Buffer I/O error on dev loop9, logical block 0, async page read [ 34.961307][ T7317] Buffer I/O error on dev loop9, logical block 0, async page read [ 34.961329][ T7317] ldm_validate_partition_table(): Disk read failed. [ 34.961343][ T7317] Buffer I/O error on dev loop9, logical block 0, async page read [ 34.961380][ T7317] Buffer I/O error on dev loop9, logical block 0, async page read [ 34.961416][ T7317] Buffer I/O error on dev loop9, logical block 0, async page read [ 34.961464][ T7317] Dev loop9: unable to read RDB block 0 [ 34.961548][ T7317] loop9: unable to read partition table [ 34.961605][ T7317] loop9: partition table beyond EOD, truncated [ 34.961613][ T7317] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ â·û [ 34.961613][ T7317] ) failed (rc=-5) [ 34.964957][ T7317] netlink: 'syz.3.242': attribute type 4 has an invalid length. [ 34.976659][ T7322] vlan2: entered allmulticast mode [ 34.976671][ T7322] macvtap0: entered allmulticast mode [ 34.976678][ T7322] veth0_macvtap: entered allmulticast mode [ 35.024533][ T7317] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.102421][ T7333] loop0: detected capacity change from 0 to 512 [ 35.102780][ T7333] EXT4-fs: Ignoring removed i_version option [ 35.111896][ T7317] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.112297][ T7333] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 35.114938][ T7333] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 35.115093][ T7333] EXT4-fs (loop0): 1 truncate cleaned up [ 35.115519][ T7333] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.144725][ T6550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.240961][ T6562] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 35.241487][ T6562] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 35.241853][ T6562] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 35.242165][ T6562] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 35.243070][ T6562] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 35.273281][ T7337] loop0: detected capacity change from 0 to 8192 [ 35.290604][ T4887] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.316292][ T7317] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.347394][ T7344] netlink: 8 bytes leftover after parsing attributes in process `syz.0.249'. [ 35.347429][ T7344] netlink: 4 bytes leftover after parsing attributes in process `syz.0.249'. [ 35.372862][ T4887] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.407247][ T7317] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.445288][ T4887] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.509880][ T7338] chnl_net:caif_netlink_parms(): no params data found [ 35.533998][ T4887] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.570824][ T7319] loop4: detected capacity change from 0 to 1024 [ 35.593034][ T12] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.599527][ T7319] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 35.601101][ T7319] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 35.606359][ T7319] EXT4-fs error (device loop4): ext4_get_journal_inode:5796: inode #32: comm syz.4.243: iget: special inode unallocated [ 35.609043][ T7355] netlink: 'syz.0.251': attribute type 21 has an invalid length. [ 35.609069][ T7355] netlink: 'syz.0.251': attribute type 4 has an invalid length. [ 35.614960][ T7319] EXT4-fs (loop4): Remounting filesystem read-only [ 35.616117][ T7319] EXT4-fs (loop4): no journal found [ 35.616140][ T7319] EXT4-fs (loop4): can't get journal size [ 35.619428][ T7319] EXT4-fs (loop4): filesystem is read-only [ 35.627952][ T7319] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 35.650118][ T42] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.650170][ T42] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.661577][ T7355] loop0: detected capacity change from 0 to 764 [ 35.676000][ T7355] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 35.678592][ T7355] random: crng reseeded on system resumption [ 35.685245][ T7338] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.685295][ T7338] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.685371][ T7338] bridge_slave_0: entered allmulticast mode [ 35.685790][ T7338] bridge_slave_0: entered promiscuous mode [ 35.694915][ T7355] Restarting kernel threads ... [ 35.696414][ T7355] Done restarting kernel threads. [ 35.717043][ T42] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.723238][ T7338] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.723288][ T7338] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.723387][ T7338] bridge_slave_1: entered allmulticast mode [ 35.727151][ T7338] bridge_slave_1: entered promiscuous mode [ 35.774558][ T7338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 35.802301][ T7338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 35.883355][ T7338] team0: Port device team_slave_0 added [ 35.886260][ T7338] team0: Port device team_slave_1 added [ 35.898933][ T4887] bridge_slave_1: left allmulticast mode [ 35.898974][ T4887] bridge_slave_1: left promiscuous mode [ 35.899491][ T4887] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.907303][ T4887] bridge_slave_0: left allmulticast mode [ 35.907332][ T4887] bridge_slave_0: left promiscuous mode [ 35.908198][ T4887] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.928953][ T6548] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.968098][ T7368] loop3: detected capacity change from 0 to 512 [ 35.974327][ T7368] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 36.227370][ T7379] loop0: detected capacity change from 0 to 512 [ 36.230559][ T7379] msdos: Bad value for 'time_offset' [ 36.249518][ T7379] sctp: [Deprecated]: syz.0.257 (pid 7379) Use of struct sctp_assoc_value in delayed_ack socket option. [ 36.249518][ T7379] Use struct sctp_sack_info instead [ 36.426559][ T4887] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 36.445752][ T4887] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 36.475368][ T4887] bond0 (unregistering): Released all slaves [ 36.483486][ T7365] syz_tun: entered allmulticast mode [ 36.499081][ T7338] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.499108][ T7338] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.499789][ T6557] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.499876][ T7338] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.502277][ T7338] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.502286][ T7338] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.502300][ T7338] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.579917][ T7338] hsr_slave_0: entered promiscuous mode [ 36.584568][ T7338] hsr_slave_1: entered promiscuous mode [ 36.584810][ T7338] debugfs: 'hsr0' already exists in 'hsr' [ 36.584824][ T7338] Cannot create hsr debugfs directory [ 36.647248][ T31] kauditd_printk_skb: 178 callbacks suppressed [ 36.647292][ T31] audit: type=1326 audit(36.620:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7396 comm="syz.2.263" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8d95c068 code=0x7ffc0000 [ 36.647322][ T31] audit: type=1326 audit(36.620:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7396 comm="syz.2.263" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8d95c068 code=0x7ffc0000 [ 36.656202][ T31] audit: type=1326 audit(36.620:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7396 comm="syz.2.263" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8d95c068 code=0x7ffc0000 [ 36.656245][ T31] audit: type=1326 audit(36.620:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7396 comm="syz.2.263" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8d95c068 code=0x7ffc0000 [ 36.656264][ T31] audit: type=1326 audit(36.620:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7396 comm="syz.2.263" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8d95c068 code=0x7ffc0000 [ 36.656280][ T31] audit: type=1326 audit(36.620:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7396 comm="syz.2.263" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8d95c068 code=0x7ffc0000 [ 36.656293][ T31] audit: type=1326 audit(36.620:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7396 comm="syz.2.263" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8d95c068 code=0x7ffc0000 [ 36.656306][ T31] audit: type=1326 audit(36.620:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7396 comm="syz.2.263" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8d95c068 code=0x7ffc0000 [ 36.656317][ T31] audit: type=1326 audit(36.620:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7396 comm="syz.2.263" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8d95c068 code=0x7ffc0000 [ 36.656329][ T31] audit: type=1326 audit(36.620:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7396 comm="syz.2.263" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8d95c068 code=0x7ffc0000 [ 36.694373][ T7402] netlink: 'syz.4.261': attribute type 4 has an invalid length. [ 36.731486][ T7404] loop2: detected capacity change from 0 to 1024 [ 36.731877][ T7404] EXT4-fs: inline encryption not supported [ 36.731886][ T7404] EXT4-fs: Ignoring removed i_version option [ 36.732241][ T7404] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 36.747103][ T7404] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #3: block 1: comm syz.2.265: lblock 1 mapped to illegal pblock 1 (length 1) [ 36.747505][ T7404] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.265: Failed to acquire dquot type 0 [ 36.748363][ T7404] EXT4-fs error (device loop2): ext4_free_blocks:6696: comm syz.2.265: Freeing blocks not in datazone - block = 0, count = 4096 [ 36.749129][ T7404] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.265: Invalid inode bitmap blk 0 in block_group 0 [ 36.750772][ T7404] EXT4-fs error (device loop2) in ext4_free_inode:361: Corrupt filesystem [ 36.751383][ T7404] EXT4-fs (loop2): 1 orphan inode deleted [ 36.755989][ T7399] syzkaller0: entered promiscuous mode [ 36.756004][ T7399] syzkaller0: entered allmulticast mode [ 36.764529][ T42] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:3: lblock 1 mapped to illegal pblock 1 (length 1) [ 36.765457][ T42] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:3: Failed to release dquot type 0 [ 36.766684][ T7404] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.769194][ T7404] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 1: comm syz.2.265: lblock 1 mapped to illegal pblock 1 (length 1) [ 36.769870][ T7404] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.265: Failed to acquire dquot type 0 [ 36.771542][ T7404] netlink: 5252 bytes leftover after parsing attributes in process `syz.2.265'. [ 36.771574][ T7404] netlink: 5252 bytes leftover after parsing attributes in process `syz.2.265'. [ 36.837030][ T6555] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.303980][ T6562] Bluetooth: hci1: command tx timeout [ 37.446475][ T4887] hsr_slave_0: left promiscuous mode [ 37.448055][ T4887] hsr_slave_1: left promiscuous mode [ 37.448373][ T4887] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 37.448391][ T4887] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 37.450207][ T4887] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 37.450218][ T4887] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 37.464605][ T4887] veth1_macvtap: left promiscuous mode [ 37.466300][ T4887] veth0_macvtap: left promiscuous mode [ 37.467850][ T4887] veth1_vlan: left promiscuous mode [ 37.468942][ T4887] veth0_vlan: left promiscuous mode [ 37.640572][ T4887] team0 (unregistering): Port device team_slave_1 removed [ 37.653257][ T4887] team0 (unregistering): Port device team_slave_0 removed [ 37.804103][ T7338] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 37.807420][ T7338] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 37.839222][ T7338] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 37.841913][ T7338] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 37.875523][ T7471] netlink: 4 bytes leftover after parsing attributes in process `syz.2.284'. [ 37.916737][ T7471] team0 (unregistering): Port device team_slave_0 removed [ 37.919725][ T7471] team0 (unregistering): Port device team_slave_1 removed [ 37.956086][ T7338] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.958778][ T7338] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.962750][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.962804][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.971420][ T15] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.971460][ T15] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.986894][ T7338] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 37.989908][ T7338] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 38.088909][ T7338] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.148498][ T7516] loop0: detected capacity change from 0 to 128 [ 38.271323][ T6811] 0: reclassify loop, rule prio 0, protocol 800 [ 38.316132][ T7338] veth0_vlan: entered promiscuous mode [ 38.338000][ T7338] veth1_vlan: entered promiscuous mode [ 38.364259][ T41] kworker/u8:2: attempt to access beyond end of device [ 38.364259][ T41] loop0: rw=1, sector=145, nr_sectors = 16 limit=128 [ 38.364397][ T41] kworker/u8:2: attempt to access beyond end of device [ 38.364397][ T41] loop0: rw=1, sector=169, nr_sectors = 8 limit=128 [ 38.364427][ T41] kworker/u8:2: attempt to access beyond end of device [ 38.364427][ T41] loop0: rw=1, sector=185, nr_sectors = 8 limit=128 [ 38.364454][ T41] kworker/u8:2: attempt to access beyond end of device [ 38.364454][ T41] loop0: rw=1, sector=201, nr_sectors = 8 limit=128 [ 38.364907][ T41] kworker/u8:2: attempt to access beyond end of device [ 38.364907][ T41] loop0: rw=1, sector=217, nr_sectors = 8 limit=128 [ 38.364940][ T41] kworker/u8:2: attempt to access beyond end of device [ 38.364940][ T41] loop0: rw=1, sector=233, nr_sectors = 8 limit=128 [ 38.364969][ T41] kworker/u8:2: attempt to access beyond end of device [ 38.364969][ T41] loop0: rw=1, sector=249, nr_sectors = 8 limit=128 [ 38.364999][ T41] kworker/u8:2: attempt to access beyond end of device [ 38.364999][ T41] loop0: rw=1, sector=265, nr_sectors = 8 limit=128 [ 38.365027][ T41] kworker/u8:2: attempt to access beyond end of device [ 38.365027][ T41] loop0: rw=1, sector=281, nr_sectors = 8 limit=128 [ 38.365053][ T41] kworker/u8:2: attempt to access beyond end of device [ 38.365053][ T41] loop0: rw=1, sector=297, nr_sectors = 8 limit=128 [ 38.370426][ T7338] veth0_macvtap: entered promiscuous mode [ 38.408715][ T7338] veth1_macvtap: entered promiscuous mode [ 38.411731][ T7338] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.431259][ T7338] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.445512][ T6752] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.445596][ T6752] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.445647][ T6752] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.445698][ T6752] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.470439][ T7538] loop0: detected capacity change from 0 to 512 [ 38.478795][ T7538] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 38.499515][ T7538] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.297: Failed to acquire dquot type 1 [ 38.500062][ T7538] EXT4-fs (loop0): 1 truncate cleaned up [ 38.500477][ T7538] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.523475][ T6752] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.523506][ T6752] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.547464][ T7550] netlink: 256 bytes leftover after parsing attributes in process `syz.4.300'. [ 38.547498][ T7550] ksmbd: Unknown IPC event: 3, ignore. [ 38.557168][ T6550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.562150][ T15] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.562184][ T15] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.383640][ T6562] Bluetooth: hci1: command tx timeout [ 39.423156][ T7650] netlink: 'syz.4.311': attribute type 4 has an invalid length. [ 39.490601][ T7564] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 39.496363][ T7564] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 39.505463][ T7564] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 39.508791][ T7564] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 39.509063][ T7564] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 39.513354][ T7564] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 39.515127][ T7564] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 39.515312][ T7564] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 39.518617][ T7564] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 39.534517][ T7564] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 39.534771][ T7564] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 39.544374][ C0] 0: reclassify loop, rule prio 0, protocol 800 [ 39.567079][ T7564] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 39.568641][ T7564] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 39.568682][ T7564] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 39.569838][ T7660] loop4: detected capacity change from 0 to 512 [ 39.570423][ T7564] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 39.572999][ T7660] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 39.586724][ T7660] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #16: comm syz.4.315: invalid indirect mapped block 4294967295 (level 0) [ 39.586904][ T7660] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #16: comm syz.4.315: invalid indirect mapped block 4294967295 (level 1) [ 39.589036][ T7660] EXT4-fs (loop4): 1 orphan inode deleted [ 39.589045][ T7660] EXT4-fs (loop4): 1 truncate cleaned up [ 39.589476][ T7660] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.633455][ T6548] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.642119][ T7668] netlink: 16399 bytes leftover after parsing attributes in process `syz.0.317'. [ 39.713993][ T7679] loop4: detected capacity change from 0 to 128 [ 39.714307][ T7679] EXT4-fs: Ignoring removed nobh option [ 39.722532][ T7679] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 39.824949][ T6548] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 39.877435][ T7694] netlink: 'syz.0.323': attribute type 4 has an invalid length. [ 39.917693][ T7700] bpf: Bad value for 'gid' [ 39.940858][ T7700] loop4: detected capacity change from 0 to 8192 [ 39.955295][ T6567] loop4: p1 p2 < > p3 p4 < p5 > [ 39.956335][ T6567] loop4: partition table partially beyond EOD, truncated [ 39.957736][ T6567] loop4: p1 size 100663296 extends beyond EOD, truncated [ 39.963179][ T6567] loop4: p2 start 591104 is beyond EOD, truncated [ 39.964413][ T6567] loop4: p3 start 33572980 is beyond EOD, truncated [ 39.966146][ T6567] loop4: p5 size 100663296 extends beyond EOD, truncated [ 39.974790][ T7700] loop4: p1 p2 < > p3 p4 < p5 > [ 39.975890][ T7700] loop4: partition table partially beyond EOD, truncated [ 39.977531][ T7700] loop4: p1 size 100663296 extends beyond EOD, truncated [ 39.979800][ T7700] loop4: p2 start 591104 is beyond EOD, truncated [ 39.981033][ T7700] loop4: p3 start 33572980 is beyond EOD, truncated [ 39.982988][ T7700] loop4: p5 size 100663296 extends beyond EOD, truncated [ 40.057148][ T6567] udevd[6567]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 40.060128][ T6537] udevd[6537]: inotify_add_watch(7, /dev/loop4p5, 10) failed: No such file or directory [ 40.061349][ T7662] udevd[7662]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 40.074100][ T7662] udevd[7662]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 40.076479][ T6567] udevd[6567]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 40.079024][ T6537] udevd[6537]: inotify_add_watch(7, /dev/loop4p5, 10) failed: No such file or directory [ 40.372547][ T7713] loop2: detected capacity change from 0 to 2048 [ 40.406634][ T7713] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 40.438278][ T7712] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 40.466122][ T7724] loop3: detected capacity change from 0 to 512 [ 40.482593][ T7724] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a846e02c, mo2=0002] [ 40.482659][ T7724] System zones: 1-12 [ 40.482990][ T7724] EXT4-fs error (device loop3): dx_probe:791: inode #2: comm syz.3.337: Directory hole found for htree index block 0 [ 40.491765][ T6555] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 40.495444][ T7724] EXT4-fs (loop3): Remounting filesystem read-only [ 40.499391][ T7724] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -117 [ 40.501674][ T7724] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 40.502224][ T7731] loop0: detected capacity change from 0 to 512 [ 40.502820][ T7731] journal_path: Non-blockdev passed as './bus' [ 40.502834][ T7731] EXT4-fs: error: could not find journal device path [ 40.523227][ T7733] netlink: 'syz.5.342': attribute type 4 has an invalid length. [ 40.527962][ T7724] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.548019][ T7737] smc: net device bond0 applied user defined pnetid SYZ0 [ 40.549687][ T7737] smc: net device bond0 erased user defined pnetid SYZ0 [ 40.618307][ T7724] EXT4-fs (loop3): can't enable nombcache during remount [ 40.627708][ T7744] 9pnet: p9_errstr2errno: server reported unknown error [ 40.734414][ T7753] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.337' sets config #0 [ 40.744572][ T6562] Bluetooth: hci0: command 0x0c1a tx timeout [ 40.998638][ T6557] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.073410][ T7769] netlink: 'syz.4.355': attribute type 4 has an invalid length. [ 41.108176][ T7773] loop2: detected capacity change from 0 to 2048 [ 41.140710][ T7773] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.145782][ T7777] tipc: Started in network mode [ 41.146866][ T7777] tipc: Node identity 0a6bd99c6a08, cluster identity 4711 [ 41.148914][ T7777] tipc: Enabled bearer , priority 0 [ 41.154581][ T7777] tipc: Disabling bearer [ 41.166230][ T6555] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.247874][ T7789] bridge1: entered promiscuous mode [ 41.247908][ T7789] bridge1: entered allmulticast mode [ 41.266700][ T7797] loop4: detected capacity change from 0 to 512 [ 41.270997][ T7795] random: crng reseeded on system resumption [ 41.362354][ T7806] netlink: 'syz.4.370': attribute type 4 has an invalid length. [ 41.827153][ T6562] Bluetooth: hci4: command 0x0c1a tx timeout [ 41.827225][ T6562] Bluetooth: hci3: command 0x0c1a tx timeout [ 41.827259][ T6562] Bluetooth: hci2: command 0x0c1a tx timeout [ 41.827281][ T6562] Bluetooth: hci1: command 0x0419 tx timeout [ 42.286163][ T7829] loop2: detected capacity change from 0 to 512 [ 42.312904][ T7829] __quota_error: 56 callbacks suppressed [ 42.312953][ T7829] Quota error (device loop2): v2_read_file_info: Free block number 1 out of range (1, 6). [ 42.313044][ T7829] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 42.324252][ T7829] EXT4-fs (loop2): mount failed [ 42.369068][ T7835] loop4: detected capacity change from 0 to 1024 [ 42.378949][ T7835] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.406595][ T7837] netlink: 14 bytes leftover after parsing attributes in process `+}[@'. [ 42.408334][ T7837] hsr_slave_0: left promiscuous mode [ 42.411540][ T7837] hsr_slave_1: left promiscuous mode [ 42.434178][ T7843] netlink: 24 bytes leftover after parsing attributes in process `syz.0.384'. [ 42.459456][ T7848] netlink: 'syz.0.386': attribute type 4 has an invalid length. [ 42.534737][ T6548] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.823634][ T6128] Bluetooth: hci0: command 0x0c1a tx timeout [ 42.865526][ T7866] loop2: detected capacity change from 0 to 736 [ 42.898809][ T7866] rock: directory entry would overflow storage [ 42.898850][ T7866] rock: sig=0x3b10, size=4, remaining=3 [ 43.070524][ T31] audit: type=1326 audit(43.040:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7892 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbbd5c068 code=0x7ffc0000 [ 43.070631][ T31] audit: type=1326 audit(43.040:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7892 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbbd5c068 code=0x7ffc0000 [ 43.071058][ T31] audit: type=1326 audit(43.040:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7892 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=176 compat=0 ip=0xffffbbd5c068 code=0x7ffc0000 [ 43.071118][ T31] audit: type=1326 audit(43.040:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7892 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbbd5c068 code=0x7ffc0000 [ 43.071262][ T31] audit: type=1326 audit(43.040:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7892 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbbd5c068 code=0x7ffc0000 [ 43.071374][ T31] audit: type=1326 audit(43.040:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7892 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=433 compat=0 ip=0xffffbbd5c068 code=0x7ffc0000 [ 43.071435][ T31] audit: type=1326 audit(43.040:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7892 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbbd5c068 code=0x7ffc0000 [ 43.071499][ T31] audit: type=1326 audit(43.040:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7892 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbbd5c068 code=0x7ffc0000 [ 43.071675][ T31] audit: type=1326 audit(43.040:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7892 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffbbd5c068 code=0x7ffc0000 [ 43.124910][ T7896] netlink: 4 bytes leftover after parsing attributes in process `syz.0.397'. [ 43.127151][ T7896] netlink: 32 bytes leftover after parsing attributes in process `syz.0.397'. [ 43.227576][ T7913] netlink: 'syz.3.401': attribute type 4 has an invalid length. [ 43.395136][ T7859] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 43.395250][ T7859] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 43.395326][ T7859] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 43.395386][ T7859] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 43.395439][ T7859] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 43.519125][ T7965] netlink: '+}[@': attribute type 7 has an invalid length. [ 43.519161][ T7965] netlink: 8 bytes leftover after parsing attributes in process `+}[@'. [ 43.523323][ T7965] loop5: detected capacity change from 0 to 1024 [ 43.535545][ T7985] loop2: detected capacity change from 0 to 512 [ 43.581109][ T7985] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 43.587145][ T7965] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 43.589769][ T7965] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.598398][ T7985] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.628650][ T8012] netlink: 'syz.3.412': attribute type 4 has an invalid length. [ 43.703745][ T7985] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 43.792118][ T6555] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.817255][ T7338] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.955384][ T8043] pimreg: entered allmulticast mode [ 43.962456][ T8043] pimreg: left allmulticast mode [ 44.290217][ T8049] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.382153][ T8058] netlink: 'syz.2.429': attribute type 21 has an invalid length. [ 44.387126][ T8058] netlink: 'syz.2.429': attribute type 4 has an invalid length. [ 44.403684][ T8065] macvtap0: refused to change device tx_queue_len [ 44.485546][ T8049] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.547630][ T8049] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.611540][ T8049] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.858935][ T8104] loop3: detected capacity change from 0 to 1024 [ 44.862207][ T12] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.873051][ T12] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.878135][ T12] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.880013][ T8104] EXT4-fs: inline encryption not supported [ 44.883309][ T8104] EXT4-fs: Ignoring removed i_version option [ 44.888957][ T8104] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 44.893777][ T6752] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.903890][ T6562] Bluetooth: hci0: command 0x0c1a tx timeout [ 44.912497][ T8104] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 2: comm syz.3.448: lblock 2 mapped to illegal pblock 2 (length 1) [ 44.912623][ T8104] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 48: comm syz.3.448: lblock 0 mapped to illegal pblock 48 (length 1) [ 44.912696][ T8104] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.448: Failed to acquire dquot type 0 [ 44.912781][ T8104] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 44.912991][ T8104] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.448: mark_inode_dirty error [ 44.913101][ T8104] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 44.913133][ T8104] EXT4-fs (loop3): 1 orphan inode deleted [ 44.917400][ T8104] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.926466][ T12] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:0: lblock 1 mapped to illegal pblock 1 (length 1) [ 44.927389][ T12] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:0: Failed to release dquot type 0 [ 45.022489][ T6557] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.029289][ T6557] EXT4-fs error (device loop3): __ext4_get_inode_loc:4861: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 45.032462][ T6557] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 45.047894][ T6557] EXT4-fs error (device loop3): ext4_quota_off:7217: inode #3: comm syz-executor: mark_inode_dirty error [ 45.407833][ T8148] netlink: 4 bytes leftover after parsing attributes in process `syz.3.456'. [ 45.463606][ T6128] Bluetooth: hci4: command 0x0c1a tx timeout [ 45.463649][ T6128] Bluetooth: hci3: command 0x0c1a tx timeout [ 45.463681][ T6128] Bluetooth: hci2: command 0x0c1a tx timeout [ 45.467005][ T6562] Bluetooth: hci1: command 0x0419 tx timeout [ 45.490221][ T8140] netlink: 12 bytes leftover after parsing attributes in process `syz.3.456'. [ 45.684927][ T8173] netlink: 12 bytes leftover after parsing attributes in process `syz.0.467'. [ 46.113732][ T8210] vhci_hcd: invalid port number 96 [ 46.113767][ T8210] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 46.307704][ T8229] capability: warning: `syz.3.486' uses deprecated v2 capabilities in a way that may be insecure [ 46.517862][ T8259] autofs4:pid:8259:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.137), cmd(0xc018937b) [ 46.517893][ T8259] autofs4:pid:8259:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937b) [ 46.571980][ T8266] netlink: 224 bytes leftover after parsing attributes in process `syz.3.494'. [ 46.572008][ T8266] ksmbd: Unknown IPC event: 4, ignore. [ 46.827371][ T8312] netlink: 'syz.2.503': attribute type 11 has an invalid length. [ 46.829078][ T8312] netlink: 'syz.2.503': attribute type 11 has an invalid length. [ 46.830450][ T8312] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.503'. [ 46.832841][ T8311] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 47.252584][ T8329] mmap: syz.4.510 (8329) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 47.543653][ T6128] Bluetooth: hci3: command 0x0c1a tx timeout [ 47.543696][ T6128] Bluetooth: hci4: command 0x0c1a tx timeout [ 47.546019][ T6561] Bluetooth: hci2: command 0x0c1a tx timeout [ 47.547008][ T6562] Bluetooth: hci1: command 0x0419 tx timeout [ 47.648925][ T8349] loop0: detected capacity change from 0 to 136 [ 47.650435][ T8349] Attempt to read inode for relocated directory [ 48.501503][ T8355] loop0: detected capacity change from 0 to 512 [ 48.501874][ T8355] EXT4-fs: Ignoring removed i_version option [ 48.549868][ T8355] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.587961][ T8355] EXT4-fs error (device loop0): ext4_readdir:264: inode #12: block 32: comm syz.0.519: path /111/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 48.600204][ T8355] EXT4-fs (loop0): Remounting filesystem read-only [ 48.605603][ T8365] __nla_validate_parse: 2 callbacks suppressed [ 48.606566][ T8365] netlink: 4 bytes leftover after parsing attributes in process `syz.4.522'. [ 48.631618][ T8365] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 48.631677][ T8365] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 48.654226][ T8365] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 48.654266][ T8365] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 48.717268][ T6550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.768734][ T8380] netlink: 4 bytes leftover after parsing attributes in process `syz.0.527'. [ 48.791630][ T8380] bridge0: entered promiscuous mode [ 48.791709][ T8380] macvtap1: entered promiscuous mode [ 48.791762][ T8380] macvtap1: entered allmulticast mode [ 48.791768][ T8380] bridge0: entered allmulticast mode [ 48.856604][ T8388] loop4: detected capacity change from 0 to 128 [ 48.878606][ T8385] syzkaller0: entered promiscuous mode [ 48.879980][ T8388] FAT-fs (loop4): Directory bread(block 32) failed [ 48.880013][ T8388] FAT-fs (loop4): Directory bread(block 33) failed [ 48.880047][ T8388] FAT-fs (loop4): Directory bread(block 34) failed [ 48.880062][ T8388] FAT-fs (loop4): Directory bread(block 35) failed [ 48.880085][ T8388] FAT-fs (loop4): Directory bread(block 36) failed [ 48.880098][ T8388] FAT-fs (loop4): Directory bread(block 37) failed [ 48.880120][ T8388] FAT-fs (loop4): Directory bread(block 38) failed [ 48.880133][ T8388] FAT-fs (loop4): Directory bread(block 39) failed [ 48.880154][ T8388] FAT-fs (loop4): Directory bread(block 40) failed [ 48.880167][ T8388] FAT-fs (loop4): Directory bread(block 41) failed [ 48.894791][ T8385] syzkaller0: entered allmulticast mode [ 48.955160][ T8388] bio_check_eod: 101 callbacks suppressed [ 48.955199][ T8388] +}[@: attempt to access beyond end of device [ 48.955199][ T8388] loop4: rw=0, sector=4108, nr_sectors = 4 limit=128 [ 48.955334][ T8388] FAT-fs (loop4): Filesystem has been set read-only [ 48.955415][ T8388] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 49.086442][ T8419] loop4: detected capacity change from 0 to 512 [ 49.087087][ T8419] EXT4-fs: Ignoring removed i_version option [ 49.093181][ T8416] loop3: detected capacity change from 0 to 512 [ 49.108018][ T8419] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.112698][ T8419] EXT4-fs error (device loop4): ext4_readdir:264: inode #12: block 32: comm syz.4.538: path /150/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 49.116825][ T8419] EXT4-fs (loop4): Remounting filesystem read-only [ 49.131448][ T8416] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.539: invalid indirect mapped block 4294967295 (level 1) [ 49.138085][ T8416] EXT4-fs (loop3): Remounting filesystem read-only [ 49.140044][ T8416] EXT4-fs (loop3): 2 truncates cleaned up [ 49.141890][ T8416] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.175514][ T6548] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.194038][ T8425] netlink: 60 bytes leftover after parsing attributes in process `+}[@'. [ 49.196920][ T6557] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.311515][ T8435] loop4: detected capacity change from 0 to 512 [ 49.319950][ T8435] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.343003][ T6811] Process accounting resumed [ 49.359247][ T6548] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.633717][ T6562] Bluetooth: hci1: command 0x0419 tx timeout [ 49.692293][ T8451] loop5: detected capacity change from 0 to 512 [ 49.694003][ T8451] EXT4-fs: Ignoring removed i_version option [ 49.705477][ T8451] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.723625][ T8451] EXT4-fs error (device loop5): ext4_readdir:264: inode #12: block 32: comm syz.5.550: path /31/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 49.731020][ T8451] EXT4-fs (loop5): Remounting filesystem read-only [ 49.765691][ T7338] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.787904][ T8454] loop5: detected capacity change from 0 to 1024 [ 49.788240][ T8454] EXT4-fs: Ignoring removed orlov option [ 49.808033][ T8454] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.837605][ T7338] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.230071][ T8471] loop2: detected capacity change from 0 to 512 [ 50.234870][ T8471] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.557: casefold flag without casefold feature [ 50.234988][ T8471] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.557: couldn't read orphan inode 15 (err -117) [ 50.235485][ T8471] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.268872][ T6555] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.313065][ T8485] loop0: detected capacity change from 0 to 512 [ 50.316350][ T8485] EXT4-fs: Ignoring removed i_version option [ 50.327905][ T8485] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.340173][ T8485] EXT4-fs error (device loop0): ext4_readdir:264: inode #12: block 32: comm syz.0.561: path /118/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 50.342303][ T8485] EXT4-fs (loop0): Remounting filesystem read-only [ 50.371508][ T31] kauditd_printk_skb: 360 callbacks suppressed [ 50.371550][ T31] audit: type=1326 audit(50.340:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8492 comm="syz.4.564" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb115c068 code=0x7ffc0000 [ 50.371586][ T31] audit: type=1326 audit(50.340:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8492 comm="syz.4.564" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb115c068 code=0x7ffc0000 [ 50.371610][ T31] audit: type=1326 audit(50.340:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8492 comm="syz.4.564" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=86 compat=0 ip=0xffffb115c068 code=0x7ffc0000 [ 50.371633][ T31] audit: type=1326 audit(50.340:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8492 comm="syz.4.564" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb115c068 code=0x7ffc0000 [ 50.451591][ T6550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.614169][ T8522] Illegal XDP return value 1610968023 on prog (id 23) dev syz_tun, expect packet loss! [ 50.701223][ T8528] lo speed is unknown, defaulting to 1000 [ 50.701263][ T8528] lo speed is unknown, defaulting to 1000 [ 50.747645][ T8528] lo speed is unknown, defaulting to 1000 [ 50.761231][ T8528] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 50.791042][ T8528] lo speed is unknown, defaulting to 1000 [ 50.795067][ T8528] lo speed is unknown, defaulting to 1000 [ 50.798543][ T8528] lo speed is unknown, defaulting to 1000 [ 50.801980][ T8528] lo speed is unknown, defaulting to 1000 [ 50.805459][ T8528] lo speed is unknown, defaulting to 1000 [ 50.943482][ T8531] netlink: 44 bytes leftover after parsing attributes in process `syz.5.576'. [ 50.950670][ T8531] netlink: 12 bytes leftover after parsing attributes in process `syz.5.576'. [ 50.987792][ T8539] loop3: detected capacity change from 0 to 512 [ 50.994506][ T8539] EXT4-fs: Ignoring removed i_version option [ 51.012398][ T8539] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.077850][ T6557] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.183199][ T7947] tipc: Subscription rejected, illegal request [ 51.197538][ T8565] netlink: 4 bytes leftover after parsing attributes in process `syz.0.585'. [ 51.201479][ T8565] netlink: 12 bytes leftover after parsing attributes in process `syz.0.585'. [ 51.296398][ T8585] loop3: detected capacity change from 0 to 164 [ 51.323294][ T8585] syz.3.591: attempt to access beyond end of device [ 51.323294][ T8585] loop3: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 51.323509][ T8585] syz.3.591: attempt to access beyond end of device [ 51.323509][ T8585] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 51.387500][ T8599] netlink: 4 bytes leftover after parsing attributes in process `syz.2.596'. [ 51.400990][ T8602] netlink: 68 bytes leftover after parsing attributes in process `syz.3.595'. [ 51.477496][ T8599] hsr_slave_1 (unregistering): left promiscuous mode [ 51.518716][ T8613] loop5: detected capacity change from 0 to 8192 [ 51.700372][ T8638] loop4: detected capacity change from 0 to 512 [ 51.705807][ T8638] EXT4-fs: Ignoring removed i_version option [ 51.744102][ T8638] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.763795][ T6548] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.824032][ T31] audit: type=1326 audit(51.790:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8655 comm="syz.4.612" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb115c068 code=0x7ffc0000 [ 51.829702][ T31] audit: type=1326 audit(51.800:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8655 comm="syz.4.612" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb115c068 code=0x7ffc0000 [ 51.833191][ T31] audit: type=1326 audit(51.800:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8655 comm="syz.4.612" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb115c068 code=0x7ffc0000 [ 51.838666][ T31] audit: type=1326 audit(51.800:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8655 comm="syz.4.612" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb115c068 code=0x7ffc0000 [ 51.840192][ T8658] loop3: detected capacity change from 0 to 736 [ 51.844634][ T31] audit: type=1326 audit(51.820:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8655 comm="syz.4.612" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb115c068 code=0x7ffc0000 [ 51.848345][ T31] audit: type=1326 audit(51.820:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8655 comm="syz.4.612" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb115c068 code=0x7ffc0000 [ 51.891774][ T8662] netlink: 4 bytes leftover after parsing attributes in process `syz.2.616'. [ 51.930951][ T8658] ISOFS: unable to read i-node block [ 51.931046][ T8658] isofs_fill_super: get root inode failed [ 51.985606][ T8669] loop4: detected capacity change from 0 to 1024 [ 52.028392][ T8669] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.048959][ T8669] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 52.050882][ T8669] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 1 with error 28 [ 52.050896][ T8669] EXT4-fs (loop4): This should not happen!! Data will be lost [ 52.050896][ T8669] [ 52.050903][ T8669] EXT4-fs (loop4): Total free blocks count 0 [ 52.050909][ T8669] EXT4-fs (loop4): Free/Dirty block details [ 52.050917][ T8669] EXT4-fs (loop4): free_blocks=20480 [ 52.050928][ T8669] EXT4-fs (loop4): dirty_blocks=32 [ 52.050934][ T8669] EXT4-fs (loop4): Block reservation details [ 52.050939][ T8669] EXT4-fs (loop4): i_reserved_data_blocks=2 [ 52.051871][ T8669] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 5 with error 28 [ 52.065361][ T8689] netlink: 'syz.0.625': attribute type 10 has an invalid length. [ 52.068377][ T8689] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.072239][ T8689] bond0: (slave team0): Enslaving as an active interface with an up link [ 52.076603][ T8690] 9pnet_fd: Insufficient options for proto=fd [ 52.302490][ T8718] netlink: 'syz.4.634': attribute type 13 has an invalid length. [ 52.385056][ T8730] loop4: detected capacity change from 0 to 512 [ 52.390839][ T8730] EXT4-fs error (device loop4): ext4_xattr_inode_iget:442: comm syz.4.637: error while reading EA inode 32 err=-116 [ 52.393227][ T8730] EXT4-fs (loop4): Remounting filesystem read-only [ 52.393298][ T8730] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 52.393338][ T8730] EXT4-fs (loop4): 1 orphan inode deleted [ 52.396021][ T8730] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.415195][ T6548] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.457532][ T8735] A link change request failed with some changes committed already. Interface ip6tnl0 may have been left with an inconsistent configuration, please check. [ 52.572678][ T8749] syzkaller0: entered allmulticast mode [ 52.574153][ T8749] syzkaller0: entered promiscuous mode [ 52.582840][ T8749] syzkaller0 (unregistering): left allmulticast mode [ 52.585767][ T8749] syzkaller0 (unregistering): left promiscuous mode [ 52.712278][ T8769] loop5: detected capacity change from 0 to 512 [ 52.712633][ T8769] journal_path: Non-blockdev passed as './bus' [ 52.712645][ T8769] EXT4-fs: error: could not find journal device path [ 52.787097][ T8783] capability: warning: `syz.2.650' uses 32-bit capabilities (legacy support in use) [ 53.260908][ T8808] loop0: detected capacity change from 0 to 512 [ 53.264926][ T8808] EXT4-fs: Ignoring removed i_version option [ 53.278022][ T8808] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.301682][ T6550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.502407][ T8842] loop0: detected capacity change from 0 to 512 [ 53.502767][ T8842] EXT4-fs: Ignoring removed i_version option [ 53.510436][ T8842] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.524706][ T8844] serio: Serial port ptm0 [ 53.531462][ T6550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.663359][ T8867] netlink: 'syz.0.684': attribute type 10 has an invalid length. [ 53.676090][ T8867] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 53.722500][ T8874] loop5: detected capacity change from 0 to 512 [ 53.722879][ T8874] EXT4-fs: Ignoring removed i_version option [ 53.731022][ T8874] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.740388][ T8869] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.755460][ T7338] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.758102][ T8875] smc: net device bond0 applied user defined pnetid SYZ0 [ 53.820776][ T8869] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.851665][ T8869] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.912252][ T8869] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.962012][ T8891] loop3: detected capacity change from 0 to 512 [ 54.031722][ T7947] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.046153][ T7947] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.046246][ T7947] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.048646][ T6752] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.104694][ T8902] tmpfs: Bad value for 'mpol' [ 54.265584][ T8928] __nla_validate_parse: 8 callbacks suppressed [ 54.265628][ T8928] netlink: 12 bytes leftover after parsing attributes in process `syz.2.701'. [ 54.265654][ T8928] netlink: 12 bytes leftover after parsing attributes in process `syz.2.701'. [ 54.418312][ T8953] netlink: 'syz.2.710': attribute type 13 has an invalid length. [ 54.483965][ T8953] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 54.489017][ T6614] lo speed is unknown, defaulting to 1000 [ 54.633163][ T8964] netlink: 12 bytes leftover after parsing attributes in process `syz.0.714'. [ 54.707037][ T8971] bridge1: entered promiscuous mode [ 54.729280][ T8973] loop5: detected capacity change from 0 to 512 [ 54.747055][ T8969] loop0: detected capacity change from 0 to 764 [ 54.752211][ T8969] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 54.758966][ T8973] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a846e02c, mo2=0002] [ 54.759040][ T8973] System zones: 1-12 [ 54.759189][ T8973] EXT4-fs error (device loop5): dx_probe:791: inode #2: comm syz.5.719: Directory hole found for htree index block 0 [ 54.761799][ T8973] EXT4-fs (loop5): Remounting filesystem read-only [ 54.761835][ T8973] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -117 [ 54.761880][ T8973] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -117 [ 54.762361][ T8973] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.795006][ T8973] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000. [ 54.810748][ T8978] netlink: 'syz.0.720': attribute type 4 has an invalid length. [ 54.820329][ T7338] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.850794][ T8983] IPv4: Oversized IP packet from 127.202.26.0 [ 54.927284][ T8993] netlink: 12 bytes leftover after parsing attributes in process `syz.2.727'. [ 54.997021][ T9004] loop2: detected capacity change from 0 to 512 [ 55.012117][ T9004] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a846e02c, mo2=0002] [ 55.012217][ T9004] System zones: 1-12 [ 55.012616][ T9004] EXT4-fs error (device loop2): dx_probe:791: inode #2: comm syz.2.732: Directory hole found for htree index block 0 [ 55.017039][ T9004] EXT4-fs (loop2): Remounting filesystem read-only [ 55.017077][ T9004] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -117 [ 55.017129][ T9004] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 55.025647][ T9009] netlink: 48 bytes leftover after parsing attributes in process `syz.3.734'. [ 55.029141][ T9007] netlink: 'syz.0.733': attribute type 4 has an invalid length. [ 55.047931][ T9004] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. [ 55.097614][ T9017] vhci_hcd: invalid port number 96 [ 55.099045][ T9017] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 55.144185][ T9025] netlink: 12 bytes leftover after parsing attributes in process `syz.5.742'. [ 55.230494][ T9036] loop2: detected capacity change from 0 to 512 [ 55.240372][ T9036] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a846e02c, mo2=0002] [ 55.240446][ T9036] System zones: 1-12 [ 55.240591][ T9036] EXT4-fs error (device loop2): dx_probe:791: inode #2: comm syz.2.748: Directory hole found for htree index block 0 [ 55.244010][ T9035] netlink: 'syz.5.746': attribute type 4 has an invalid length. [ 55.247565][ T9036] EXT4-fs (loop2): Remounting filesystem read-only [ 55.249166][ T9036] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -117 [ 55.251345][ T9036] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 55.285830][ T9036] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. [ 55.333022][ T9053] netlink: 4 bytes leftover after parsing attributes in process `syz.4.756'. [ 55.338073][ T9053] netlink: 12 bytes leftover after parsing attributes in process `syz.4.756'. [ 55.384271][ T9065] loop4: detected capacity change from 0 to 512 [ 55.388772][ T9062] netlink: 1347 bytes leftover after parsing attributes in process `syz.2.755'. [ 55.424885][ T9074] loop3: detected capacity change from 0 to 512 [ 55.426502][ T9065] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 55.426654][ T9065] EXT4-fs (loop4): orphan cleanup on readonly fs [ 55.432515][ T9065] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.760: corrupted inode contents [ 55.435103][ T9065] EXT4-fs (loop4): Remounting filesystem read-only [ 55.435306][ T9065] EXT4-fs (loop4): 1 truncate cleaned up [ 55.437201][ T6752] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 55.437827][ T6752] __quota_error: 124 callbacks suppressed [ 55.437855][ T6752] Quota error (device loop4): write_blk: dquota write failed [ 55.437872][ T6752] Quota error (device loop4): remove_free_dqentry: Can't write block (5) with free entries [ 55.437885][ T6752] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 55.437901][ T6752] Quota error (device loop4): write_blk: dquota write failed [ 55.437913][ T6752] Quota error (device loop4): free_dqentry: Can't move quota data block (5) to free list [ 55.437950][ T6752] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 55.437964][ T6752] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 55.438006][ T6752] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 55.439486][ T31] audit: type=1326 audit(55.410:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9077 comm="syz.5.766" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb995c068 code=0x7ffc0000 [ 55.442773][ T31] audit: type=1326 audit(55.410:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9077 comm="syz.5.766" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb995c068 code=0x7ffc0000 [ 55.444684][ T31] audit: type=1326 audit(55.410:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9077 comm="syz.5.766" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=194 compat=0 ip=0xffffb995c068 code=0x7ffc0000 [ 55.450377][ T31] audit: type=1326 audit(55.420:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9077 comm="syz.5.766" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb995c068 code=0x7ffc0000 [ 55.484656][ T9079] loop2: detected capacity change from 0 to 2048 [ 55.485244][ T9079] EXT4-fs: Ignoring removed mblk_io_submit option [ 55.512873][ T9082] netlink: 'syz.3.768': attribute type 4 has an invalid length. [ 55.580142][ T9091] netlink: 4 bytes leftover after parsing attributes in process `syz.5.771'. [ 55.690304][ T9105] loop5: detected capacity change from 0 to 512 [ 56.382154][ T9136] netlink: 'syz.0.789': attribute type 7 has an invalid length. [ 56.438414][ T9137] loop0: detected capacity change from 0 to 1024 [ 56.506526][ T9137] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 56.543355][ T9146] loop3: detected capacity change from 0 to 512 [ 56.581458][ T9145] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.613764][ T9149] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6) [ 56.613791][ T9149] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 56.622177][ T9145] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.639935][ T9149] vhci_hcd vhci_hcd.0: Device attached [ 56.642173][ T9149] vhci_hcd vhci_hcd.0: pdev(5) rhport(1) sockfd(8) [ 56.642193][ T9149] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 56.642256][ T9149] vhci_hcd vhci_hcd.0: Device attached [ 56.642658][ T9149] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 56.650663][ T9149] vhci_hcd vhci_hcd.0: pdev(5) rhport(3) sockfd(12) [ 56.650690][ T9149] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 56.651261][ T9149] vhci_hcd vhci_hcd.0: Device attached [ 56.656828][ T9145] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.663243][ T9149] vhci_hcd vhci_hcd.0: pdev(5) rhport(4) sockfd(14) [ 56.663271][ T9149] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 56.663343][ T9149] vhci_hcd vhci_hcd.0: Device attached [ 56.668583][ T9154] vhci_hcd: connection closed [ 56.668721][ T9159] vhci_hcd: connection closed [ 56.670905][ T6752] vhci_hcd: stop threads [ 56.671313][ T6752] vhci_hcd: release socket [ 56.671335][ T6752] vhci_hcd: disconnect device [ 56.671728][ T6752] vhci_hcd: stop threads [ 56.671733][ T6752] vhci_hcd: release socket [ 56.671741][ T6752] vhci_hcd: disconnect device [ 56.672147][ T9162] vhci_hcd: connection closed [ 56.672752][ T6752] vhci_hcd: stop threads [ 56.672759][ T6752] vhci_hcd: release socket [ 56.672766][ T6752] vhci_hcd: disconnect device [ 56.686055][ T9167] vhci_hcd: connection closed [ 56.686412][ T6752] vhci_hcd: stop threads [ 56.686441][ T6752] vhci_hcd: release socket [ 56.686454][ T6752] vhci_hcd: disconnect device [ 56.700571][ T9145] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.846105][ T9227] loop4: detected capacity change from 0 to 164 [ 57.877429][ T9227] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 59.436748][ T9253] __nla_validate_parse: 6 callbacks suppressed [ 59.436789][ T9253] netlink: 4 bytes leftover after parsing attributes in process `syz.4.833'. [ 59.465278][ T9255] netlink: 'syz.5.834': attribute type 4 has an invalid length. [ 59.485732][ T7957] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.486537][ T7947] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.486935][ T7947] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.486996][ T7947] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.503438][ T9157] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 59.542400][ T6551] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x4 [ 59.542432][ T6551] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x2 [ 59.542460][ T6551] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x3 [ 59.556626][ T6551] hid-generic 0000:3000000:0000.0001: hidraw0: HID v0.00 Device [sy] on syz0 [ 59.604742][ T9279] netlink: 4 bytes leftover after parsing attributes in process `syz.0.845'. [ 59.610481][ T9280] loop3: detected capacity change from 0 to 512 [ 59.632665][ T9273] fido_id[9273]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 59.671743][ T9157] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 59.677516][ T9280] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 59.677547][ T9280] FAT-fs (loop3): Filesystem has been set read-only [ 59.708924][ T9287] loop0: detected capacity change from 0 to 1024 [ 60.494780][ T9157] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.578687][ T9157] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.586383][ T9316] netlink: 'syz.3.855': attribute type 4 has an invalid length. [ 60.606037][ T9322] netlink: 4 bytes leftover after parsing attributes in process `syz.0.858'. [ 60.617618][ T9321] vhci_hcd: invalid port number 96 [ 60.617654][ T9321] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 60.707585][ T9325] netlink: 'syz.0.860': attribute type 4 has an invalid length. [ 60.710358][ T9325] loop0: detected capacity change from 0 to 764 [ 60.710717][ T9325] iso9660: Unknown parameter '€' [ 60.712446][ T9335] netlink: 12 bytes leftover after parsing attributes in process `syz.5.863'. [ 60.749787][ T9341] bond_slave_0: entered promiscuous mode [ 60.749829][ T9341] bond_slave_1: entered promiscuous mode [ 60.749926][ T9341] team_slave_0: entered promiscuous mode [ 60.749936][ T9341] team_slave_1: entered promiscuous mode [ 60.749950][ T9341] dummy0: entered promiscuous mode [ 60.752308][ T9341] bond_slave_0: left promiscuous mode [ 60.752321][ T9341] bond_slave_1: left promiscuous mode [ 60.752349][ T9341] team_slave_0: left promiscuous mode [ 60.752363][ T9341] team_slave_1: left promiscuous mode [ 60.753254][ T9341] dummy0: left promiscuous mode [ 60.775876][ T9345] netlink: 20 bytes leftover after parsing attributes in process `syz.4.868'. [ 60.879325][ T9349] netlink: 4 bytes leftover after parsing attributes in process `syz.5.870'. [ 60.912746][ T9351] netlink: 'syz.5.871': attribute type 4 has an invalid length. [ 61.513789][ T9354] netlink: 'syz.0.872': attribute type 7 has an invalid length. [ 61.515193][ T9354] netlink: 8 bytes leftover after parsing attributes in process `syz.0.872'. [ 61.579330][ T9366] loop3: detected capacity change from 0 to 1024 [ 61.599340][ T9369] netlink: 12 bytes leftover after parsing attributes in process `syz.5.880'. [ 61.619345][ T9374] netlink: 4 bytes leftover after parsing attributes in process `syz.0.881'. [ 61.657535][ T31] kauditd_printk_skb: 9 callbacks suppressed [ 61.657577][ T31] audit: type=1326 audit(61.630:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9377 comm="syz.4.884" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb115c068 code=0x7ffc0000 [ 61.657675][ T31] audit: type=1326 audit(61.630:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9377 comm="syz.4.884" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb115c068 code=0x7ffc0000 [ 61.679124][ T31] audit: type=1326 audit(61.650:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9377 comm="syz.4.884" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb115c068 code=0x7ffc0000 [ 61.679172][ T31] audit: type=1326 audit(61.650:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9377 comm="syz.4.884" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb115c068 code=0x7ffc0000 [ 61.679211][ T31] audit: type=1326 audit(61.650:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9377 comm="syz.4.884" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb115c068 code=0x7ffc0000 [ 61.679777][ T31] audit: type=1326 audit(61.650:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9377 comm="syz.4.884" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb115c068 code=0x7ffc0000 [ 61.679960][ T31] audit: type=1326 audit(61.650:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9377 comm="syz.4.884" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb115c068 code=0x7ffc0000 [ 61.680387][ T31] audit: type=1326 audit(61.650:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9377 comm="syz.4.884" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb115c068 code=0x7ffc0000 [ 61.680531][ T31] audit: type=1326 audit(61.650:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9377 comm="syz.4.884" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb115c068 code=0x7ffc0000 [ 61.680934][ T31] audit: type=1326 audit(61.650:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9377 comm="syz.4.884" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb115c068 code=0x7ffc0000 [ 61.696418][ T9381] loop5: detected capacity change from 0 to 164 [ 61.895612][ T9390] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 61.920817][ T9394] netlink: 'syz.0.888': attribute type 7 has an invalid length. [ 61.922302][ T9394] netlink: 8 bytes leftover after parsing attributes in process `syz.0.888'. [ 62.511800][ T9402] siw: device registration error -23 [ 62.877346][ T9432] netlink: 'syz.0.905': attribute type 7 has an invalid length. [ 62.919679][ T9434] loop5: detected capacity change from 0 to 8192 [ 63.725238][ T9447] batman_adv: batadv0: Adding interface: dummy0 [ 63.726401][ T9447] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.731313][ T9447] batman_adv: batadv0: Interface activated: dummy0 [ 63.761762][ T9450] lo speed is unknown, defaulting to 1000 [ 63.767431][ T9452] loop0: detected capacity change from 0 to 1024 [ 63.769522][ T9452] ext4: Unknown parameter 'seclabel' [ 63.829110][ T9459] netlink: 'syz.5.917': attribute type 4 has an invalid length. [ 63.883447][ T9469] netlink: 'syz.4.922': attribute type 15 has an invalid length. [ 63.901967][ T9475] loop3: detected capacity change from 0 to 512 [ 63.935511][ T9479] batman_adv: batadv0: Adding interface: dummy0 [ 63.936620][ T9479] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.941066][ T9479] batman_adv: batadv0: Interface activated: dummy0 [ 64.046750][ T9492] loop3: detected capacity change from 0 to 1024 [ 64.107321][ T9499] netlink: 'syz.5.934': attribute type 4 has an invalid length. [ 64.115072][ T9501] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 64.115093][ T9501] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 64.119599][ T9501] vhci_hcd vhci_hcd.0: Device attached [ 64.127962][ T9501] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(5) [ 64.127982][ T9501] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 64.131250][ T9501] vhci_hcd vhci_hcd.0: Device attached [ 64.310025][ T9522] vhci_hcd: invalid port number 96 [ 64.311050][ T9522] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 64.426667][ T6551] usb 2-1: new low-speed USB device number 2 using vhci_hcd [ 64.426779][ T9504] vhci_hcd: connection closed [ 64.427515][ T7957] vhci_hcd: stop threads [ 64.427673][ T7957] vhci_hcd: release socket [ 64.427793][ T9502] vhci_hcd: connection closed [ 64.428342][ T9503] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 64.428734][ T7957] vhci_hcd: disconnect device [ 64.428759][ T7957] vhci_hcd: stop threads [ 64.428763][ T7957] vhci_hcd: release socket [ 64.428802][ T7957] vhci_hcd: disconnect device [ 64.458112][ T1928] netdevsim netdevsim2 eth0: set [1, 0] t ** replaying previous printk message ** [ 64.458112][ T1928] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.459024][ T9157] Unable to handle kernel paging request at virtual address ffff7000218bb204 [ 64.459034][ T9157] KASAN: probably wild-memory-access in range [0xffff80010c5d9020-0xffff80010c5d9027] [ 64.459042][ T9157] Mem abort info: [ 64.459045][ T9157] ESR = 0x0000000096000006 [ 64.459049][ T9157] EC = 0x25: DABT (current EL), IL = 32 bits [ 64.459054][ T9157] SET = 0, FnV = 0 [ 64.459057][ T9157] EA = 0, S1PTW = 0 [ 64.459060][ T9157] FSC = 0x06: level 2 translation fault [ 64.459064][ T9157] Data abort info: [ 64.459066][ T9157] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000 [ 64.459070][ T9157] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 64.459074][ T9157] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 64.459078][ T9157] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000206ec9000 [ 64.459083][ T9157] [ffff7000218bb204] pgd=0000000000000000, p4d=000000023ea66003, pud=000000023ea65003, pmd=0000000000000000 [ 64.459200][ T9157] Internal error: Oops: 0000000096000006 [#1] SMP [ 64.474725][ T9157] Modules linked in: [ 64.475302][ T9157] CPU: 0 UID: 0 PID: 9157 Comm: syz.2.790 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 64.476869][ T9157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 64.478502][ T9157] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 64.479644][ T9157] pc : kasan_check_range+0x78/0x2a4 [ 64.480431][ T9157] lr : __kasan_check_write+0x20/0x30 [ 64.481236][ T9157] sp : ffff8000a2a76cd0 [ 64.481780][ T9157] x29: ffff8000a2a76cd0 x28: dfff800000000000 x27: 1fffe00019ef208e [ 64.482935][ T9157] x26: ffff0000c87769e0 x25: ffff0000cf790470 x24: 0000000000000000 [ 64.484150][ T9157] x23: 0000000000000000 x22: dfff800000000000 x21: 0000000000000000 [ 64.485419][ T9157] x20: ffff80010c5d9020 x19: ffff0000d6a96000 x18: 00000000ffffffff [ 64.486589][ T9157] x17: ffff800093507000 x16: ffff80008b007340 x15: 0000000000000001 [ 64.487704][ T9157] x14: 1ffff000218bb204 x13: 0000000000000000 x12: ffffffffffffffff [ 64.488786][ T9157] x11: ffff7000218bb204 x10: dfff800000000000 x9 : 1ffff000218bb204 [ 64.489974][ T9157] x8 : ffff80010c5d9027 x7 : ffff8000802310a8 x6 : ffff8000802312a4 [ 64.491118][ T9157] x5 : ffff0000f7102760 x4 : ffff8000a2a76a00 x3 : ffff800086580158 [ 64.492525][ T9157] x2 : 0000000000000001 x1 : 0000000000000008 x0 : ffff80010c5d9020 [ 64.493798][ T9157] Call trace: [ 64.494296][ T9157] kasan_check_range+0x78/0x2a4 (P) [ 64.495175][ T9157] __kasan_check_write+0x20/0x30 [ 64.495990][ T9157] nsim_queue_free+0xc8/0x164 [ 64.496726][ T9157] nsim_create+0xa78/0xd48 [ 64.497411][ T9157] __nsim_dev_port_add+0x544/0x898 [ 64.498186][ T9157] nsim_dev_port_add_all+0x50/0x114 [ 64.499000][ T9157] nsim_dev_reload_up+0x3e0/0x648 [ 64.499820][ T9157] devlink_reload+0x428/0x750 [ 64.500574][ T9157] devlink_nl_reload_doit+0x930/0xb0c [ 64.501488][ T9157] genl_family_rcv_msg_doit+0x1d8/0x2bc [ 64.502403][ T9157] genl_rcv_msg+0x450/0x624 [ 64.503167][ T9157] netlink_rcv_skb+0x220/0x3fc [ 64.503888][ T9157] genl_rcv+0x38/0x50 [ 64.504570][ T9157] netlink_unicast+0x694/0x8c4 [ 64.505324][ T9157] netlink_sendmsg+0x648/0x930 [ 64.506088][ T9157] ____sys_sendmsg+0x490/0x7b8 [ 64.506854][ T9157] ___sys_sendmsg+0x204/0x278 [ 64.507636][ T9157] __arm64_sys_sendmsg+0x184/0x238 [ 64.508478][ T9157] invoke_syscall+0x98/0x2b8 [ 64.509188][ T9157] el0_svc_common+0x130/0x23c [ 64.509927][ T9157] do_el0_svc+0x48/0x58 [ 64.510561][ T9157] el0_svc+0x58/0x180 [ 64.511096][ T9157] el0t_64_sync_handler+0x84/0x12c [ 64.511854][ T9157] el0t_64_sync+0x198/0x19c [ 64.512483][ T9157] Code: 5400014c b4000b8f aa2903ec 8b0e018c (3940016d) [ 64.513426][ T9157] ---[ end trace 0000000000000000 ]--- [ 64.747603][ T9157] Kernel panic - not syncing: Oops: Fatal exception in interrupt [ 64.748729][ T9157] SMP: stopping secondary CPUs [ 64.749491][ T9157] Kernel Offset: disabled [ 64.750161][ T9157] CPU features: 0x40000,00007800,109c1141,5427fea7 [ 64.751125][ T9157] Memory Limit: none [ 65.007239][ T9157] Rebooting in 86400 seconds..