last executing test programs: 4.298500528s ago: executing program 0 (id=2003): r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000080)="aefdda9d240103005a90f57f02703aeff0f64eb9ee07962c220852f426072a00", 0x20}], 0x1) unshare(0x22020600) pselect6(0x40, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0) 3.908116174s ago: executing program 4 (id=2007): pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) bind$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) write$binfmt_misc(r1, &(0x7f0000000240), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x714f, 0x0) 3.461303435s ago: executing program 2 (id=2012): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="240000000104010200000180000000000000000008000540000000000500010001"], 0x24}}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r0, 0x0, 0x0) 3.373191759s ago: executing program 2 (id=2013): capset(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000001380)='ns/cgroup\x00') open_by_handle_at(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="20000000f10000000a"], 0x0) 3.372875795s ago: executing program 0 (id=2014): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x84}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xa7f10723c5e5444d}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r3, r1}, 0x14) syz_emit_ethernet(0x0, 0x0, 0x0) 3.351899197s ago: executing program 2 (id=2015): openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x141042, 0x1) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180), 0x10044, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfd', @ANYRESOCT=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 3.312570227s ago: executing program 0 (id=2016): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x4008001}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}, 0x1, 0x0, 0x0, 0x880}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@delchain={0x24, 0x66, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x9, 0xffe0}, {0xc, 0xffff}, {0xffe0}}}, 0x24}}, 0x0) 3.253333724s ago: executing program 2 (id=2017): r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x2, 0x9}}, 0xffffff69) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @mcast1, 0x4}, {0xa, 0x4e23, 0x7, @remote, 0x5}, r1, 0x7}}, 0x48) 3.226721792s ago: executing program 0 (id=2018): prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() syz_open_pts(0xffffffffffffffff, 0x101580) sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) shmctl$IPC_RMID(0x0, 0x0) unshare(0x28000600) epoll_create1(0x80000) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x49, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x242, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=ANY=[@ANYRES16=r3, @ANYBLOB="010826bd7000030000000b00000008000300", @ANYRES32=r5, @ANYBLOB="faff5080080008800400010004000600"], 0x2c}}, 0x20000000) 1.602311666s ago: executing program 0 (id=2019): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) r0 = creat(&(0x7f0000000080)='./file0/file1\x00', 0x90) write$cgroup_type(r0, 0x0, 0x0) unlink(&(0x7f0000000100)='./file0/file1\x00') link(&(0x7f00000000c0)='./file0/file1\x00', &(0x7f0000000180)='./file1\x00') 1.530171071s ago: executing program 4 (id=2020): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7) sendmsg$nl_route(r1, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x8}, {0xfff1, 0xffff}, {0x6}}}, 0x24}}, 0x4000800) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000980)=@delchain={0x24, 0x66, 0xf31, 0xfffffff8, 0x0, {0x0, 0x0, 0x0, r3, {0xb, 0xc}, {0xf, 0xffff}, {0x0, 0x1b}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1.52983629s ago: executing program 2 (id=2021): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r1, &(0x7f00000005c0)={0xa, 0x0, 0xffff8001, @mcast2, 0x80000001, 0x3}, 0x20) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000000000000000000008500000029000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000800000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r2, 0x0, 0xe, 0x0, &(0x7f0000000280)="000000789dcd2e7a0c54883d6071", 0x0, 0x4bc7, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010) socket$kcm(0xa, 0x922000000003, 0x11) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r4, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r5, 0x2, 0x0, 0x1, 0x0, {0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), r6) sendmsg$L2TP_CMD_SESSION_DELETE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01000cbd70100400000005000000080009000200000008000c00a80a000008000b0002000000060001000700000005001300f700000005001200"], 0x44}, 0x1, 0x0, 0x0, 0x40811}, 0x20) 1.519948673s ago: executing program 3 (id=2022): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) listen(r0, 0x20) r1 = syz_io_uring_setup(0x760d, &(0x7f0000000300)={0x0, 0xaee2, 0x1000, 0x3, 0x39e}, &(0x7f00000000c0)=0x0, &(0x7f0000000180)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) shutdown(r0, 0x0) 1.478035504s ago: executing program 1 (id=2023): r0 = epoll_create(0xeed) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff7000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000ff1000/0xc000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x51) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x1, 0x800000c1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) r2 = openat$random(0xffffffffffffff9c, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f00000000c0)={0x20000003}) 1.409764406s ago: executing program 4 (id=2024): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)=@xdp={0x2c, 0x2, 0x0, 0x3b}, 0x80, 0x0}, 0x24048082) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x20000880) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe33) 1.404437993s ago: executing program 3 (id=2025): r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000080)="aefdda9d240103005a90f57f02703aeff0f64eb9ee07962c220852f426072a000000000000", 0x25}], 0x1) unshare(0x22020600) pselect6(0x40, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0) 1.286194242s ago: executing program 1 (id=2026): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x84}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xa7f10723c5e5444d}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r3, r1}, 0x14) syz_emit_ethernet(0x0, 0x0, 0x0) 1.273030178s ago: executing program 4 (id=2027): openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x141042, 0x1) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180), 0x10044, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno', @ANYRESOCT=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 1.16382979s ago: executing program 1 (id=2028): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x4008001}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}, 0x1, 0x0, 0x0, 0x880}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@delchain={0x24, 0x66, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x9, 0xffe0}, {0xc, 0xffff}, {0xffe0}}}, 0x24}}, 0x0) 1.15148973s ago: executing program 4 (id=2029): move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0) 1.05772909s ago: executing program 1 (id=2030): pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) bind$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) write$binfmt_misc(r1, &(0x7f0000000240), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x714f, 0x0) 962.908915ms ago: executing program 4 (id=2031): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0) timer_create(0x3, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 608.956243ms ago: executing program 2 (id=2032): pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) syz_open_procfs(0x0, &(0x7f0000000280)='fd/3\x00') epoll_create1(0x0) write$binfmt_misc(r1, &(0x7f0000000240), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x714f, 0x0) 586.48108ms ago: executing program 0 (id=2033): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000002c0), 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0xd9, 0x4) readv(r0, &(0x7f00000006c0)=[{&(0x7f0000001b80)=""/4064, 0xfe0}], 0x1) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x218b09, &(0x7f0000000440)={[{@nogrpid}, {@noblock_validity}, {@discard}, {@errors_remount}, {@mblk_io_submit, 0x0}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7}}, {@mblk_io_submit}, {@journal_dev={'journal_dev', 0x3d, 0x3}}, {@mblk_io_submit}, {@i_version}, {@minixdf}, {@nolazytime}, {@test_dummy_encryption}, {@prjquota}, {@nouid32}, {@data_writeback}, {@data_err_abort}], [{@smackfshat={'smackfshat', 0x3d, '-@):.#})#'}}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fsname={'fsname', 0x3d, 'errors=remount-ro'}}], 0x2c}, 0x2, 0x4fc, &(0x7f0000000e40)="$eJzs3MtrXNUfAPDvnSRN0ja/5FeffWhHqxAUmyZ9Lly0RaEbQVCkLmOSltq0lSZCW4JNRVpwofQvUNwJ/gWudCMqLhS3FrciFMmm0YWM3Jl7x0kmk1cnGdN8PjDTc+5j7vnee0/nPOYmgE2rmL4lEdsj4peI6K1k525QrPwzOzM18ufM1EgSpdJrfyTl7e7NTI3km+b7bcsy/YWIwgdJ7K4/bOfE1Wvnh8fHxy5nCwYmC1nqwvDZsbNjF4eOHTt0sPvokaHDTYkzLdO9Xe9d2rPz1Ju3Xxk5ffut775Iy1vK1tfGUdFXft+y7CO01S0pRnHuuazx7PKLviH01KST9vS90LrCsGzpXZtero5y/e+NtnKuojdefr+lhQPWVKlUKnXWLa1+l02XaiVJZYdS6UYJeAAk0eoSAK2Rf9Hfm0l7qlMj9f3gB9vdE1HuAaVxz3ZFRDX+9nIPtthX6Rt1rNHxH46I09N/fZK+YsFxCACA5vrqRMStk5V2R/6qrCnEozXb/S+bG+qLiP9HxI6IeChrvzwSUd72sYh4vGafnmXMAhTn5evbPz91Z4na5mrTpO2/F7O5rfxVWVMteV9bluspx9+RnDk3PnYgOyf90dGZ5gfrP7o6rPb1Sz9/3Oj4xZr2X/pKj5+3BbNy/N4+b4BudHhy+H7jzt29UT6x1+vjT6I9yVMROyNi1yo+Pz1n5577fE+j9XPi76y0v+fG/1HjD29fRYEafMTszNR0zIs/svm/pDw/eeGdgYmr1144Vzs/OXj0yNDhga4YHzswkN8V9b7/8earWbKuG7HI9c+rxppOpKXXf+uC93915rIvTVXnaydWfoybd2417NOs/P7fWr7/tySvl3P5/OyV4cnJy4MRW5Lp+uVD/+59Zbh7zvZp/P37Fq7/OyL+/jTbb3dEpDfxExHxZETszcr+VEQ8HRH7Fon/25PPvN2oC7l0/GsrjX90Rde/UeL4DxELr2o7/82XdQf+sFgXf0c0uv6Hyqn+bMno8GTXUnEtVtLaxH2fQAAAANgA9kbE9kgK+7OBpu1RKOzfH7GtOoIyMfn8mUvvXhytPCPQFx2FfKSrt2Y8dDAbG07z6V5DNfl0/cHyuHGpVCp1p/m0/z7e09rQYdPb1qD+p36rf6QFeNCsaB6t0RNtwIY0v/7fWfaezf9BBrC+mvA7GmCDUv9h81p2/V+rp+CAllmo/l+PmG1BUYB1tlD9f6NuyfF1KQuwvvT/YfNaff33YwDY6Hz/w6a0rIfkV5HYcWqRbZL2tTlo40QhFv8rAH0R+ZK8TbP4B/5aiGhOCduaGmn3nGtaWHCbrmjGsaKw5DbtK/hDDOubKPw3ilFJdEbEEndv9Wa7nieurXXBypXgs9b+7wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD//gkAAP//hALPcw==") sendmsg$can_bcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="050000000308000000000000", @ANYRES64=0x0, @ANYRES64=r0], 0x80}}, 0x0) 409.417886ms ago: executing program 3 (id=2034): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7) sendmsg$nl_route(r1, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x8}, {0xfff1, 0xffff}, {0x6}}}, 0x24}}, 0x4000800) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000980)=@delchain={0x24, 0x66, 0xf31, 0xfffffff8, 0x0, {0x0, 0x0, 0x0, r3, {0xb, 0xc}, {0xf, 0xffff}, {0x0, 0x1b}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) 222.59969ms ago: executing program 3 (id=2035): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) listen(r0, 0x20) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}}) io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0) shutdown(r0, 0x0) 147.330332ms ago: executing program 1 (id=2036): r0 = epoll_create(0xeed) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff7000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000ff1000/0xc000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x51) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x1, 0x800000c1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) r2 = openat$random(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, 0x0) 90.093144ms ago: executing program 3 (id=2037): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)=@xdp={0x2c, 0x2, 0x0, 0x3b}, 0x80, 0x0}, 0x24048082) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000880) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe33) 1.04388ms ago: executing program 1 (id=2038): mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x5031, 0xffffffffffffffff, 0xc2dcc000) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./bus\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x7b0, &(0x7f0000001680)="$eJzs3c1rXOUaAPDnTCZNmvbe5MKFe3UVEDRQmpgaWwUXFRciWCjo2nZIpqFmkimZSWlCwBYR3AgqLgTddKEbP+rOrR9b/S9ctVRNixFBGTmTmWTSzKRJOsnU5PeDk3ne85H3PHO+3pnzciaAA2sw/ZOJeCQi3k0i+mvjk4jorkbZiNMr8y1/Uo5YWhxPolJ55ZekOs/dpcXxaFgmdaRW+H9EfPdWxLHMxnpL810RUcjPrhTTwqWR0vzC8YvTucn8ZH7m5OjY2IlTT5862b5cf/tx4eit91584svTf7z5vxvvfJ/E6Tham9aYR7sMxmDtPelO38J1Xmh3ZR2WdHoF2JFM7eDLRnoO6I+uagQA7GdvREQFADhgEtd/ADhg6t8D3F1aHK8Pnf1GYm/dfj4ielfyX64NK1OytXt2vdX7oH13k3V3RpKIGGhD/YMR8fHXr32eDrFL9yEBmrl6LSLODwxuPP8nG/osbNeTKy8NV5k1h2qvg/eMd/6DvfNN2v55pln7L7Pa/okm7Z+eJsfuTtz3+D/chko2kbb/nouI5Q3tv9VOawNdtdK/qm2+7uTCxUI+Pbf9OyKGorsnLY9uUsfQnb/utJrW2P779f3XP0vrT1/X5sjczPasX2YiV849SM6Nbl+LeDTbLP9kdfsnLdq/Z7dYx0vPvv1Rq2lp/mm+9WFd/t31uXavT1LlesTjTbf/Wo+2NBopT7fonzhS3R1G6jtFE1/99GFfq/obt386pPXXPwvshXT7922e/0BS7a+5MJUrFPKzpZVjfzt+uN7/batp988/czN77dN1y6T7/6Hk1Wpcb0dcyZXLs6MRh5KXN44/sbZsvVyfP81/6LHmx/9m+3+6a57fYv7ZWz9/sWn+Rzq7/Se2tf2bBelJusWkqVzhxvJUV6v6t7T9e8aq0VBtzFbOf63W9N7gQd47AAAAAAAAAAAAAAAAAAAAAAAAANiqTEQcjSQzvBpnMsPDK7/h/d/oyxSKpfKxC8W5mYmo/lb2QHRn6o+67G94Hupo7Xn49fKJe8pPRcR/IuKDnsNJ/TmKEx3OHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqjrT4/f+Iq51eNQBgN/U2H12p7PWKAAB7psX1HwDYx1z/AeDgcf0HgINn69f/SkWnAADYH3b6+T/JtnlFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2K/OnjmTDpXflxbH0/LE5fm5qeLl4xP50tTw9Nz48Hhx9tLwZLE4WcgPjxen7/f/CsXipbGYmbsyUs6XyiOl+YVz08W5mfK5i9O5yfy5fPeeZAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA21OaX5jKFQr5WcEOgsrDsRqdD7pqu9Nu15X8Wak8JCmvBcnDsRrtCXqjFnT4xAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwD/F3AAAA//+RpSaW") pwritev2(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x6a000}], 0x1, 0x7000, 0x0, 0x3) 0s ago: executing program 3 (id=2039): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000500)={0x2, 0x1, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f0000000b40)={0x54, 0x1, 0x1, {0x0, 0x1}, {0x60, 0x2}, @period={0x59, 0x0, 0x8, 0x2, 0x448, {0x2, 0x8, 0x679c, 0x401}, 0x0, 0x0}}) write$char_usb(r1, &(0x7f0000000040)="e2", 0x2250) kernel console output (not intermixed with test programs): ] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.463920][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.473484][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.480674][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.488196][ T5833] bridge_slave_1: entered allmulticast mode [ 88.495845][ T5833] bridge_slave_1: entered promiscuous mode [ 88.504057][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.511019][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.537460][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.551872][ T5832] team0: Port device team_slave_0 added [ 88.563991][ T5849] Bluetooth: hci0: command tx timeout [ 88.610280][ T5832] team0: Port device team_slave_1 added [ 88.632597][ T5849] Bluetooth: hci3: command tx timeout [ 88.632939][ T51] Bluetooth: hci2: command tx timeout [ 88.638339][ T5849] Bluetooth: hci4: command tx timeout [ 88.644424][ T51] Bluetooth: hci1: command tx timeout [ 88.664511][ T5834] team0: Port device team_slave_0 added [ 88.708335][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.715466][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.741529][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.755343][ T5834] team0: Port device team_slave_1 added [ 88.761745][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.768886][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.795390][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.809075][ T5836] team0: Port device team_slave_0 added [ 88.817886][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.860690][ T5836] team0: Port device team_slave_1 added [ 88.868906][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.885189][ T5845] hsr_slave_0: entered promiscuous mode [ 88.891855][ T5845] hsr_slave_1: entered promiscuous mode [ 88.911448][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.918524][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.944906][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.957963][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.965275][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.991581][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.086097][ T5833] team0: Port device team_slave_0 added [ 89.098035][ T5832] hsr_slave_0: entered promiscuous mode [ 89.105231][ T5832] hsr_slave_1: entered promiscuous mode [ 89.111481][ T5832] debugfs: 'hsr0' already exists in 'hsr' [ 89.117416][ T5832] Cannot create hsr debugfs directory [ 89.125299][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.132267][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.158909][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.183623][ T5833] team0: Port device team_slave_1 added [ 89.215162][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.222164][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.248522][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.331907][ T5834] hsr_slave_0: entered promiscuous mode [ 89.338607][ T5834] hsr_slave_1: entered promiscuous mode [ 89.345232][ T5834] debugfs: 'hsr0' already exists in 'hsr' [ 89.350988][ T5834] Cannot create hsr debugfs directory [ 89.391999][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.399155][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.425250][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.485864][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.493026][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.519123][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.551846][ T5836] hsr_slave_0: entered promiscuous mode [ 89.558880][ T5836] hsr_slave_1: entered promiscuous mode [ 89.565382][ T5836] debugfs: 'hsr0' already exists in 'hsr' [ 89.571132][ T5836] Cannot create hsr debugfs directory [ 89.818248][ T5833] hsr_slave_0: entered promiscuous mode [ 89.825200][ T5833] hsr_slave_1: entered promiscuous mode [ 89.831440][ T5833] debugfs: 'hsr0' already exists in 'hsr' [ 89.837962][ T5833] Cannot create hsr debugfs directory [ 90.232014][ T5845] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 90.255251][ T5845] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 90.280577][ T5845] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 90.312082][ T5845] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 90.409689][ T5832] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 90.450380][ T5832] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 90.488184][ T5832] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 90.501981][ T5832] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 90.587310][ T5834] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 90.621823][ T5834] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 90.632739][ T51] Bluetooth: hci0: command tx timeout [ 90.635406][ T5834] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 90.683749][ T5834] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 90.713019][ T51] Bluetooth: hci1: command tx timeout [ 90.713041][ T5851] Bluetooth: hci4: command tx timeout [ 90.713070][ T5851] Bluetooth: hci2: command tx timeout [ 90.718719][ T5849] Bluetooth: hci3: command tx timeout [ 90.782392][ T5833] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 90.804873][ T5833] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 90.865769][ T5833] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 90.877383][ T5833] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 90.990045][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.005142][ T5836] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 91.018499][ T5836] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 91.040412][ T5836] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 91.060083][ T5836] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 91.114103][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.146544][ T2997] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.153872][ T2997] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.173672][ T2997] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.180852][ T2997] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.270558][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.354852][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.371066][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.428871][ T1146] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.436133][ T1146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.470706][ T1146] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.477943][ T1146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.507607][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.550948][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.570621][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.615756][ T1146] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.622996][ T1146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.686653][ T1146] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.693885][ T1146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.710068][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.729086][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.758476][ T1163] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.765667][ T1163] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.775498][ T1163] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.782706][ T1163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.808996][ T1146] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.816330][ T1146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.889623][ T1146] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.896919][ T1146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.940259][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.229739][ T5845] veth0_vlan: entered promiscuous mode [ 92.304617][ T5845] veth1_vlan: entered promiscuous mode [ 92.386285][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.579515][ T5832] veth0_vlan: entered promiscuous mode [ 92.597881][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.616002][ T5845] veth0_macvtap: entered promiscuous mode [ 92.641797][ T5845] veth1_macvtap: entered promiscuous mode [ 92.666981][ T5832] veth1_vlan: entered promiscuous mode [ 92.705163][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.720585][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.728004][ T5849] Bluetooth: hci0: command tx timeout [ 92.774629][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.797914][ T5849] Bluetooth: hci3: command tx timeout [ 92.797932][ T5851] Bluetooth: hci2: command tx timeout [ 92.797963][ T5851] Bluetooth: hci4: command tx timeout [ 92.803600][ T5849] Bluetooth: hci1: command tx timeout [ 92.838292][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.867990][ T5834] veth0_vlan: entered promiscuous mode [ 92.898636][ T5832] veth0_macvtap: entered promiscuous mode [ 92.910208][ T2997] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.950098][ T5834] veth1_vlan: entered promiscuous mode [ 92.965408][ T2997] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.979466][ T5832] veth1_macvtap: entered promiscuous mode [ 92.999939][ T5836] veth0_vlan: entered promiscuous mode [ 93.008535][ T2997] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.018847][ T2997] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.095604][ T5836] veth1_vlan: entered promiscuous mode [ 93.140302][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.219815][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.261681][ T5836] veth0_macvtap: entered promiscuous mode [ 93.268381][ T1146] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.280909][ T5834] veth0_macvtap: entered promiscuous mode [ 93.287352][ T1146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.316904][ T5834] veth1_macvtap: entered promiscuous mode [ 93.327937][ T5836] veth1_macvtap: entered promiscuous mode [ 93.335652][ T1146] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.344799][ T1146] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.377421][ T1146] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.386586][ T2997] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.402674][ T5833] veth0_vlan: entered promiscuous mode [ 93.443867][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.465815][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.480244][ T5833] veth1_vlan: entered promiscuous mode [ 93.485989][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.530797][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.549062][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.569973][ T5845] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 93.639933][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.682982][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.703321][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.715327][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.728024][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.752785][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.761589][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.800653][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.825885][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.876712][ T5833] veth0_macvtap: entered promiscuous mode [ 93.887966][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.898217][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.944591][ T5833] veth1_macvtap: entered promiscuous mode [ 93.991846][ T1146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.009311][ T1146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.087641][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.121615][ T2997] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.158490][ T2997] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.187261][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.245697][ T1163] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.256279][ T1163] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.316429][ T5968] loop0: detected capacity change from 0 to 256 [ 94.338589][ T5968] ======================================================= [ 94.338589][ T5968] WARNING: The mand mount option has been deprecated and [ 94.338589][ T5968] and is ignored by this kernel. Remove the mand [ 94.338589][ T5968] option from the mount to silence this warning. [ 94.338589][ T5968] ======================================================= [ 94.375399][ T1163] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.395899][ T1163] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.409223][ T2997] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.441891][ T2997] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.496868][ T5968] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 94.530837][ T1146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.554593][ T1146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.615900][ T1146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.635790][ T1146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.794611][ T5851] Bluetooth: hci0: command tx timeout [ 94.873087][ T51] Bluetooth: hci1: command tx timeout [ 94.874880][ T5844] Bluetooth: hci2: command tx timeout [ 94.878659][ T5851] Bluetooth: hci4: command tx timeout [ 94.884135][ T5849] Bluetooth: hci3: command tx timeout [ 94.902701][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.911049][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.736494][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.755328][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.221954][ T6002] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 96.379474][ T6006] xt_CT: You must specify a L4 protocol and not use inversions on it [ 96.435008][ T6006] hub 6-0:1.0: USB hub found [ 96.442623][ T6006] hub 6-0:1.0: 1 port detected [ 96.518922][ T6006] loop0: detected capacity change from 0 to 512 [ 97.028794][ T799] cfg80211: failed to load regulatory.db [ 97.278072][ T6006] EXT4-fs (loop0): Invalid default hash set in the superblock [ 97.561132][ T6002] warning: `syz.2.14' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 98.472080][ T6026] Set syz1 is full, maxelem 2 reached [ 98.658384][ T6032] loop1: detected capacity change from 0 to 512 [ 98.862514][ T6032] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.22: inode has both inline data and extents flags [ 99.234557][ T6032] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 99.242662][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 99.258678][ C1] EXT4-fs (loop1): initial error at time 1769523923: ext4_orphan_get:1391: inode 15 [ 99.268156][ C1] EXT4-fs (loop1): last error at time 1769523923: ext4_orphan_get:1391: inode 15 [ 99.311818][ T6032] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.22: couldn't read orphan inode 15 (err -117) [ 99.344022][ T6032] loop1: lost filesystem error report for type 5 error -117 [ 99.347183][ T6032] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 99.575704][ T5834] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.872829][ T6050] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 99.906346][ T6050] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 100.013678][ T6055] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 100.425018][ T6065] xt_CT: You must specify a L4 protocol and not use inversions on it [ 100.465612][ T6065] hub 6-0:1.0: USB hub found [ 100.473149][ T6065] hub 6-0:1.0: 1 port detected [ 100.534840][ T6065] loop1: detected capacity change from 0 to 512 [ 100.609461][ T6065] EXT4-fs (loop1): Invalid default hash set in the superblock [ 101.639745][ T6069] loop4: detected capacity change from 0 to 512 [ 101.814968][ T6069] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.953059][ T6069] ext4 filesystem being mounted at /5/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 102.893227][ T5833] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.633925][ T6111] netlink: 64 bytes leftover after parsing attributes in process `syz.0.40'. [ 107.327917][ T6117] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 107.516774][ T6122] netlink: 40 bytes leftover after parsing attributes in process `syz.4.46'. [ 107.737559][ T6126] xt_CT: You must specify a L4 protocol and not use inversions on it [ 107.775034][ T6126] hub 6-0:1.0: USB hub found [ 107.781187][ T6126] hub 6-0:1.0: 1 port detected [ 107.835957][ T6126] loop0: detected capacity change from 0 to 512 [ 107.931142][ T6126] EXT4-fs (loop0): Invalid default hash set in the superblock [ 108.442340][ T6128] loop1: detected capacity change from 0 to 128 [ 108.492280][ T6128] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 108.612715][ T6128] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 108.814057][ T30] audit: type=1800 audit(1769523933.049:2): pid=6128 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.48" name="file2" dev="loop1" ino=1048606 res=0 errno=0 [ 109.003638][ T6128] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 109.179377][ T6143] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 109.585173][ T1163] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 109.778227][ T6156] netlink: 64 bytes leftover after parsing attributes in process `syz.2.55'. [ 111.061411][ T6165] loop2: detected capacity change from 0 to 128 [ 111.113896][ T6168] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 111.329193][ T5925] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 111.353918][ T6174] loop2: detected capacity change from 0 to 512 [ 111.429228][ T6174] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.542812][ T5925] usb 4-1: Using ep0 maxpacket: 16 [ 111.558736][ T6174] ext4 filesystem being mounted at /16/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 111.583678][ T6148] loop4: detected capacity change from 0 to 32768 [ 111.601746][ T5925] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 111.741190][ T6148] JBD2: Ignoring recovery information on journal [ 111.832682][ T5925] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 111.841768][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.869815][ T6148] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 111.882850][ T5925] usb 4-1: Product: syz [ 111.887064][ T5925] usb 4-1: Manufacturer: syz [ 111.891692][ T5925] usb 4-1: SerialNumber: syz [ 112.026562][ T5925] usb 4-1: config 0 descriptor?? [ 112.066785][ T5845] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.106250][ T5925] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 112.116377][ T5925] em28xx 4-1:0.0: DVB interface 0 found: bulk [ 112.285701][ T6188] loop0: detected capacity change from 0 to 8192 [ 112.404970][ T5925] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 112.424947][ T6190] (syz.4.54,6190,0):ocfs2_dio_end_io:2401 ERROR: Direct IO failed, bytes = -4 [ 112.688890][ T5925] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 112.708543][ T5925] em28xx 4-1:0.0: board has no eeprom [ 112.748606][ T6205] loop2: detected capacity change from 0 to 128 [ 112.757516][ T5833] ocfs2: Unmounting device (7,4) on (node local) [ 112.832015][ T6206] xt_CT: You must specify a L4 protocol and not use inversions on it [ 112.944818][ T5925] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 113.230023][ T6205] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 113.279939][ T5925] em28xx 4-1:0.0: dvb set to bulk mode. [ 113.448617][ T24] em28xx 4-1:0.0: Binding DVB extension [ 113.486530][ T6205] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 113.553299][ T5925] usb 4-1: USB disconnect, device number 2 [ 113.635003][ T5925] em28xx 4-1:0.0: Disconnecting em28xx [ 113.682782][ T30] audit: type=1800 audit(1769523937.929:3): pid=6205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.68" name="file2" dev="loop2" ino=1048612 res=0 errno=0 [ 113.843294][ T6205] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 113.860601][ T24] em28xx 4-1:0.0: Registering input extension [ 113.924069][ T5925] em28xx 4-1:0.0: Closing input extension [ 114.050021][ T5925] em28xx 4-1:0.0: Freeing device [ 114.521778][ T3029] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 115.007652][ T6238] syz.2.77 uses obsolete (PF_INET,SOCK_PACKET) [ 115.307948][ T6250] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.324214][ T6250] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.937596][ T6252] loop0: detected capacity change from 0 to 164 [ 116.048309][ T6252] Symlink component flag not implemented [ 116.092906][ T6252] Symlink component flag not implemented (7) [ 116.103357][ T6257] Symlink component flag not implemented (7) [ 116.532834][ T6270] xt_CT: You must specify a L4 protocol and not use inversions on it [ 118.195277][ T6280] loop0: detected capacity change from 0 to 256 [ 118.396044][ T6280] FAT-fs (loop0): Directory bread(block 64) failed [ 118.402833][ T6280] FAT-fs (loop0): Directory bread(block 65) failed [ 118.410043][ T6280] FAT-fs (loop0): Directory bread(block 66) failed [ 118.416744][ T6280] FAT-fs (loop0): Directory bread(block 67) failed [ 118.423937][ T6280] FAT-fs (loop0): Directory bread(block 68) failed [ 118.430579][ T6280] FAT-fs (loop0): Directory bread(block 69) failed [ 118.437744][ T6280] FAT-fs (loop0): Directory bread(block 70) failed [ 118.444443][ T6280] FAT-fs (loop0): Directory bread(block 71) failed [ 118.451518][ T6280] FAT-fs (loop0): Directory bread(block 72) failed [ 118.458203][ T6280] FAT-fs (loop0): Directory bread(block 73) failed [ 120.719736][ T6301] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.729531][ T6301] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.614996][ T6328] loop4: detected capacity change from 0 to 128 [ 121.669220][ T6328] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 121.707320][ T6328] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 121.753512][ T30] audit: type=1800 audit(1769523945.999:4): pid=6328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.100" name="file2" dev="loop4" ino=1048615 res=0 errno=0 [ 121.827314][ T36] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 121.852921][ T6328] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 122.233121][ T6345] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.247932][ T6345] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.810547][ T6349] netlink: 8 bytes leftover after parsing attributes in process `syz.0.109'. [ 122.828023][ T6349] syz_tun: entered promiscuous mode [ 122.837758][ T6349] syz_tun: left promiscuous mode [ 122.941817][ T6352] loop3: detected capacity change from 0 to 1024 [ 123.178196][ T6352] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.494502][ T6352] evm: overlay not supported [ 123.829279][ T6380] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 123.874241][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.068446][ T6384] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.083239][ T6384] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.963446][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 124.972828][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 124.981661][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.113714][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 125.121970][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 125.294818][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.360183][ T6403] Illegal XDP return value 4294967294 on prog (id 4) dev syz_tun, expect packet loss! [ 125.370102][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 125.547988][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 125.557032][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 125.622709][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.717291][ T6410] xt_bpf: check failed: parse error [ 127.380488][ T6428] xt_bpf: check failed: parse error [ 127.835348][ T6438] fuse: Unknown parameter '0x0000000000000006' [ 129.765129][ T6459] xt_bpf: check failed: parse error [ 131.280888][ T6469] loop0: detected capacity change from 0 to 512 [ 131.501064][ T6469] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 131.542696][ T6469] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 131.605581][ T6479] fuse: Unknown parameter 'fd0x0000000000000006' [ 131.857449][ T6469] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 132.093576][ T6469] EXT4-fs (loop0): 1 truncate cleaned up [ 132.205165][ T6469] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 132.393195][ T30] audit: type=1800 audit(1769523956.629:5): pid=6469 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.149" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 133.678178][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.890769][ T6502] xt_bpf: check failed: parse error [ 135.864245][ T6519] loop0: detected capacity change from 0 to 512 [ 135.885793][ T6519] ext4: Unknown parameter '"' [ 138.003856][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.010397][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.438707][ T6538] xt_bpf: check failed: parse error [ 139.758185][ T6563] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.773122][ T6563] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.292638][ T6566] xt_bpf: check failed: parse error [ 141.539955][ T6579] Zero length message leads to an empty skb [ 143.822808][ T6610] xt_bpf: check failed: parse error [ 145.078848][ T6620] loop3: detected capacity change from 0 to 1024 [ 145.134770][ T6620] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 145.442154][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.498052][ T6627] loop0: detected capacity change from 0 to 8192 [ 145.977435][ T6637] loop3: detected capacity change from 0 to 512 [ 146.164353][ T6637] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.704398][ T6650] netlink: 16 bytes leftover after parsing attributes in process `syz.0.218'. [ 146.864476][ T6650] tipc: Started in network mode [ 146.869527][ T6650] tipc: Node identity ac1414aa, cluster identity 4711 [ 146.938781][ T6650] tipc: Enabled bearer , priority 10 [ 147.909579][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.044223][ T5910] tipc: Node number set to 2886997162 [ 148.222770][ T6672] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 148.312578][ T5925] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 148.433897][ T6514] Set syz1 is full, maxelem 65536 reached [ 148.512583][ T5925] usb 4-1: Using ep0 maxpacket: 16 [ 148.520657][ T5925] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 148.533884][ T5925] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 148.544160][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.552192][ T5925] usb 4-1: Product: syz [ 148.572544][ T5925] usb 4-1: Manufacturer: syz [ 148.587287][ T5925] usb 4-1: SerialNumber: syz [ 148.614390][ T5925] usb 4-1: config 0 descriptor?? [ 148.669101][ T5925] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 148.688770][ T5925] em28xx 4-1:0.0: DVB interface 0 found: bulk [ 148.972903][ T5925] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 149.070359][ T5925] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 149.099964][ T5925] em28xx 4-1:0.0: board has no eeprom [ 149.196953][ T5925] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 149.232434][ T5925] em28xx 4-1:0.0: dvb set to bulk mode. [ 149.248491][ T24] em28xx 4-1:0.0: Binding DVB extension [ 149.293618][ T5925] usb 4-1: USB disconnect, device number 3 [ 149.324907][ T5925] em28xx 4-1:0.0: Disconnecting em28xx [ 149.369715][ T24] em28xx 4-1:0.0: Registering input extension [ 149.387293][ T5925] em28xx 4-1:0.0: Closing input extension [ 149.438000][ T5925] em28xx 4-1:0.0: Freeing device [ 149.716880][ T6710] xt_bpf: check failed: parse error [ 150.728225][ T6734] xt_CT: You must specify a L4 protocol and not use inversions on it [ 151.542721][ T6738] netlink: 128 bytes leftover after parsing attributes in process `syz.3.255'. [ 151.812476][ T24] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 152.003692][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 152.030418][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 152.083191][ T24] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 152.106733][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.121563][ T6751] capability: warning: `syz.2.260' uses 32-bit capabilities (legacy support in use) [ 152.148520][ T24] usb 1-1: Product: syz [ 152.165905][ T24] usb 1-1: Manufacturer: syz [ 152.190543][ T24] usb 1-1: SerialNumber: syz [ 152.225917][ T24] usb 1-1: config 0 descriptor?? [ 152.255289][ T24] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 152.309699][ T24] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 152.502187][ T6758] loop3: detected capacity change from 0 to 512 [ 152.535281][ T24] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 152.563835][ T6758] EXT4-fs: Mount option(s) incompatible with ext2 [ 152.638254][ T24] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 152.671929][ T24] em28xx 1-1:0.0: board has no eeprom [ 152.756580][ T24] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 152.768382][ T24] em28xx 1-1:0.0: dvb set to bulk mode. [ 152.784917][ T5925] em28xx 1-1:0.0: Binding DVB extension [ 152.891489][ T5925] em28xx 1-1:0.0: Registering input extension [ 152.902014][ T24] usb 1-1: USB disconnect, device number 2 [ 152.931969][ T24] em28xx 1-1:0.0: Disconnecting em28xx [ 152.949993][ T24] em28xx 1-1:0.0: Closing input extension [ 153.006091][ T24] em28xx 1-1:0.0: Freeing device [ 153.860096][ T6797] xt_CT: You must specify a L4 protocol and not use inversions on it [ 155.968381][ T6826] loop3: detected capacity change from 0 to 1024 [ 156.040494][ T6826] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 156.522670][ T6845] xt_CT: You must specify a L4 protocol and not use inversions on it [ 156.833587][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.251089][ T6847] loop0: detected capacity change from 0 to 512 [ 157.335354][ T6847] EXT4-fs: Mount option(s) incompatible with ext2 [ 159.055848][ T6869] netlink: 16 bytes leftover after parsing attributes in process `syz.0.299'. [ 159.353528][ T6874] binder: 6853:6874 ioctl 400c620e 200000000400 returned -22 [ 160.786830][ T6908] Bluetooth: MGMT ver 1.23 [ 160.793143][ T6896] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 162.251919][ T6930] loop3: detected capacity change from 0 to 1024 [ 162.293887][ T6932] loop0: detected capacity change from 0 to 256 [ 162.312520][ T5849] Bluetooth: hci0: command 0x0401 tx timeout [ 162.322660][ T5851] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 162.374479][ T6930] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 162.525820][ T6932] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 162.598096][ T6932] FAT-fs (loop0): Filesystem has been set read-only [ 162.640118][ T6930] EXT4-fs error (device loop3): mb_free_blocks:2047: group 0, inode 26: block 161:freeing already freed block (bit 10); block bitmap corrupt. [ 162.665518][ T6932] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 162.755844][ T6932] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 162.813598][ T6932] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 163.113479][ T6932] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 163.140224][ T6932] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 163.183008][ T6932] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 163.191773][ T6932] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 163.340426][ T30] audit: type=1800 audit(1769523987.579:6): pid=6932 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.320" name="file1" dev="loop0" ino=1048619 res=0 errno=0 [ 163.433930][ T5851] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 163.446289][ T5851] Bluetooth: hci3: Injecting HCI hardware error event [ 163.454793][ T5849] Bluetooth: hci3: hardware error 0x00 [ 163.652062][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 164.438876][ T6973] xt_CT: You must specify a L4 protocol and not use inversions on it [ 164.473543][ T6973] hub 6-0:1.0: USB hub found [ 164.479763][ T6973] hub 6-0:1.0: 1 port detected [ 164.534887][ T5851] Bluetooth: hci0: command 0x0401 tx timeout [ 165.672484][ T5849] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 166.144545][ T6988] netlink: 64 bytes leftover after parsing attributes in process `syz.2.340'. [ 166.713741][ T5849] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 166.722315][ T5849] Bluetooth: hci4: Injecting HCI hardware error event [ 166.730279][ T5849] Bluetooth: hci4: hardware error 0x00 [ 166.952559][ T6992] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 167.033984][ T6994] loop3: detected capacity change from 0 to 256 [ 167.045700][ T6994] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 167.147119][ T6994] FAT-fs (loop3): Directory bread(block 64) failed [ 167.172910][ T6994] FAT-fs (loop3): Directory bread(block 65) failed [ 167.181673][ T6994] FAT-fs (loop3): Directory bread(block 66) failed [ 167.202562][ T6994] FAT-fs (loop3): Directory bread(block 67) failed [ 167.235673][ T6994] FAT-fs (loop3): Directory bread(block 68) failed [ 167.256166][ T6994] FAT-fs (loop3): Directory bread(block 69) failed [ 167.300572][ T6994] FAT-fs (loop3): Directory bread(block 70) failed [ 167.352558][ T6994] FAT-fs (loop3): Directory bread(block 71) failed [ 167.390870][ T6994] FAT-fs (loop3): Directory bread(block 72) failed [ 167.409996][ T6994] FAT-fs (loop3): Directory bread(block 73) failed [ 167.495650][ T7002] xt_CT: You must specify a L4 protocol and not use inversions on it [ 167.531253][ T7002] hub 6-0:1.0: USB hub found [ 167.538444][ T7002] hub 6-0:1.0: 1 port detected [ 167.599892][ T7002] loop0: detected capacity change from 0 to 512 [ 167.702124][ T7002] EXT4-fs (loop0): Invalid default hash set in the superblock [ 169.122780][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 169.571959][ T7017] xt_CT: You must specify a L4 protocol and not use inversions on it [ 171.141285][ T7033] netlink: 'syz.4.356': attribute type 12 has an invalid length. [ 171.172541][ T7033] netlink: 'syz.4.356': attribute type 5 has an invalid length. [ 171.220735][ T7033] netlink: 'syz.4.356': attribute type 2 has an invalid length. [ 171.278498][ T7033] netlink: 'syz.4.356': attribute type 7 has an invalid length. [ 171.322848][ T7033] netlink: 108 bytes leftover after parsing attributes in process `syz.4.356'. [ 171.941311][ T7052] xt_CT: You must specify a L4 protocol and not use inversions on it [ 173.371011][ T7055] 9p: Bad value for 'rfdno' [ 173.908969][ T7065] xt_CT: You must specify a L4 protocol and not use inversions on it [ 175.519579][ T7075] syzkaller0: entered promiscuous mode [ 175.525774][ T7075] syzkaller0: entered allmulticast mode [ 175.723566][ T7082] 9p: Bad value for 'rfdno' [ 175.873246][ T7087] netlink: 64 bytes leftover after parsing attributes in process `syz.4.376'. [ 177.018137][ T7107] xt_CT: You must specify a L4 protocol and not use inversions on it [ 177.087226][ T7107] loop0: detected capacity change from 0 to 512 [ 177.946499][ T7107] EXT4-fs (loop0): Invalid default hash set in the superblock [ 178.982807][ T5910] kernel write not supported for file /165/net/rt_cache (pid: 5910 comm: kworker/0:4) [ 179.030463][ T7121] loop0: detected capacity change from 0 to 256 [ 179.272849][ T7126] netlink: 64 bytes leftover after parsing attributes in process `syz.4.392'. [ 180.938356][ T24] kernel write not supported for file /203/net/rt_cache (pid: 24 comm: kworker/1:0) [ 181.159257][ T7159] netlink: 64 bytes leftover after parsing attributes in process `syz.1.404'. [ 182.091663][ T7176] netlink: 28 bytes leftover after parsing attributes in process `syz.4.413'. [ 183.376561][ T7216] syzkaller0: entered promiscuous mode [ 183.412508][ T7216] syzkaller0: entered allmulticast mode [ 183.906596][ T7239] netlink: 830 bytes leftover after parsing attributes in process `syz.3.440'. [ 183.938284][ T7233] netlink: 16 bytes leftover after parsing attributes in process `syz.4.438'. [ 183.951060][ T7233] tipc: Started in network mode [ 183.956073][ T7233] tipc: Node identity ac1414aa, cluster identity 4711 [ 183.964205][ T7233] tipc: Enabled bearer , priority 10 [ 184.973405][ T29] tipc: Node number set to 2886997162 [ 185.523777][ T7282] xt_CT: You must specify a L4 protocol and not use inversions on it [ 188.185580][ T7328] xt_CT: You must specify a L4 protocol and not use inversions on it [ 189.861036][ T7350] loop0: detected capacity change from 0 to 512 [ 189.924197][ T7350] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 190.102935][ T7350] EXT4-fs (loop0): 1 orphan inode deleted [ 190.132499][ T7350] EXT4-fs (loop0): 1 truncate cleaned up [ 190.195283][ T7350] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.442819][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.642916][ T7381] tipc: Enabling of bearer rejected, failed to enable media [ 191.058288][ T7392] netlink: 8 bytes leftover after parsing attributes in process `syz.2.495'. [ 191.371140][ T7397] xt_CT: You must specify a L4 protocol and not use inversions on it [ 192.460582][ T7404] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 192.557004][ T7404] batadv_slave_0: entered promiscuous mode [ 193.581572][ T7427] loop0: detected capacity change from 0 to 256 [ 193.818519][ T5956] kernel read not supported for file /252/net/udp (pid: 5956 comm: kworker/0:6) [ 193.960955][ T7438] loop3: detected capacity change from 0 to 512 [ 193.997347][ T7438] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 194.035844][ T7438] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 194.046102][ T7438] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e04ce018, mo2=0002] [ 194.063741][ T7438] System zones: 0-1, 15-15, 18-18, 34-34 [ 194.108837][ T7438] EXT4-fs (loop3): orphan cleanup on readonly fs [ 194.126700][ T7438] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 194.137078][ T7438] EXT4-fs warning (device loop3): ext4_enable_quotas:7242: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 194.152651][ T7438] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 194.161193][ T7438] EXT4-fs (loop3): 1 truncate cleaned up [ 194.170350][ T7438] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 194.173939][ T7445] netlink: 8 bytes leftover after parsing attributes in process `syz.2.517'. [ 194.244398][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.392128][ T7454] Set syz1 is full, maxelem 2 reached [ 195.466679][ T7498] loop3: detected capacity change from 0 to 128 [ 195.614289][ T7503] syz.3.542: attempt to access beyond end of device [ 195.614289][ T7503] loop3: rw=2049, sector=145, nr_sectors = 8 limit=128 [ 195.670021][ T7503] syz.3.542: attempt to access beyond end of device [ 195.670021][ T7503] loop3: rw=2049, sector=161, nr_sectors = 8 limit=128 [ 195.797015][ T7503] syz.3.542: attempt to access beyond end of device [ 195.797015][ T7503] loop3: rw=2049, sector=177, nr_sectors = 8 limit=128 [ 195.825184][ T7507] netlink: 40 bytes leftover after parsing attributes in process `syz.2.546'. [ 195.867089][ T7503] syz.3.542: attempt to access beyond end of device [ 195.867089][ T7503] loop3: rw=2049, sector=193, nr_sectors = 8 limit=128 [ 195.932592][ T7503] syz.3.542: attempt to access beyond end of device [ 195.932592][ T7503] loop3: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 196.101610][ T7503] syz.3.542: attempt to access beyond end of device [ 196.101610][ T7503] loop3: rw=2049, sector=225, nr_sectors = 8 limit=128 [ 196.182623][ T7503] syz.3.542: attempt to access beyond end of device [ 196.182623][ T7503] loop3: rw=2049, sector=241, nr_sectors = 8 limit=128 [ 196.224326][ T7503] syz.3.542: attempt to access beyond end of device [ 196.224326][ T7503] loop3: rw=2049, sector=257, nr_sectors = 8 limit=128 [ 196.293100][ T7503] syz.3.542: attempt to access beyond end of device [ 196.293100][ T7503] loop3: rw=2049, sector=273, nr_sectors = 8 limit=128 [ 196.357164][ T7503] syz.3.542: attempt to access beyond end of device [ 196.357164][ T7503] loop3: rw=2049, sector=289, nr_sectors = 8 limit=128 [ 196.606147][ T7530] netlink: 104 bytes leftover after parsing attributes in process `syz.0.555'. [ 197.014613][ T7538] loop0: detected capacity change from 0 to 1024 [ 197.059510][ T7540] netlink: 40 bytes leftover after parsing attributes in process `syz.3.559'. [ 197.117500][ T7538] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 197.463697][ T7538] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4224: comm syz.0.558: Allocating blocks 497-513 which overlap fs metadata [ 197.535592][ T7538] EXT4-fs (loop0): pa ffff888034d900e8: logic 128, phys. 385, len 8 [ 197.543859][ T7538] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5467: group 0, free 0, pa_free 1 [ 197.604483][ T7538] EXT4-fs error (device loop0): mb_free_blocks:2047: group 0, inode 25: block 369:freeing already freed block (bit 23); block bitmap corrupt. [ 197.781417][ T7554] loop3: detected capacity change from 0 to 512 [ 197.882548][ T7554] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 197.933057][ T7554] System zones: 0-2, 18-18, 34-35 [ 197.954027][ T7554] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 198.019617][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 198.026385][ T7554] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 198.321825][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 198.492192][ T7577] netlink: 40 bytes leftover after parsing attributes in process `syz.3.570'. [ 198.827929][ T7586] batman_adv: batadv0: Adding interface: dummy0 [ 198.834407][ T7586] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 198.893546][ T7586] batman_adv: batadv0: Interface activated: dummy0 [ 198.908490][ T7589] batadv0: mtu less than device minimum [ 198.936813][ T7589] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 198.948971][ T7589] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 198.960756][ T7589] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 198.972607][ T7589] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 198.984397][ T7589] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 198.996288][ T7589] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 199.008141][ T7589] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 199.020010][ T7589] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 199.376651][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.433491][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.947826][ T7618] fuse: Unknown parameter 'gro' [ 202.934450][ T7646] No such timeout policy "syz1" [ 203.270644][ T7653] process 'syz.0.601' launched './file2' with NULL argv: empty string added [ 203.464587][ T7659] fuse: Unknown parameter 'gro' [ 204.024394][ T7660] xt_CT: You must specify a L4 protocol and not use inversions on it [ 206.570478][ T7676] xt_bpf: check failed: parse error [ 208.472516][ T7670] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 208.493318][ T5849] Bluetooth: hci0: command 0x0401 tx timeout [ 208.530652][ T7704] loop0: detected capacity change from 0 to 128 [ 208.891671][ T7704] bio_check_eod: 15 callbacks suppressed [ 208.891685][ T7704] syz.0.614: attempt to access beyond end of device [ 208.891685][ T7704] loop0: rw=2049, sector=145, nr_sectors = 8 limit=128 [ 208.998817][ T7704] syz.0.614: attempt to access beyond end of device [ 208.998817][ T7704] loop0: rw=2049, sector=161, nr_sectors = 8 limit=128 [ 209.083224][ T7704] syz.0.614: attempt to access beyond end of device [ 209.083224][ T7704] loop0: rw=2049, sector=177, nr_sectors = 8 limit=128 [ 209.150707][ T7704] syz.0.614: attempt to access beyond end of device [ 209.150707][ T7704] loop0: rw=2049, sector=193, nr_sectors = 8 limit=128 [ 209.188136][ T7704] syz.0.614: attempt to access beyond end of device [ 209.188136][ T7704] loop0: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 209.246613][ T7704] syz.0.614: attempt to access beyond end of device [ 209.246613][ T7704] loop0: rw=2049, sector=225, nr_sectors = 8 limit=128 [ 209.262736][ T7704] syz.0.614: attempt to access beyond end of device [ 209.262736][ T7704] loop0: rw=2049, sector=241, nr_sectors = 8 limit=128 [ 209.319883][ T7704] syz.0.614: attempt to access beyond end of device [ 209.319883][ T7704] loop0: rw=2049, sector=257, nr_sectors = 8 limit=128 [ 209.337945][ T7704] syz.0.614: attempt to access beyond end of device [ 209.337945][ T7704] loop0: rw=2049, sector=273, nr_sectors = 8 limit=128 [ 209.353169][ T7704] syz.0.614: attempt to access beyond end of device [ 209.353169][ T7704] loop0: rw=2049, sector=289, nr_sectors = 8 limit=128 [ 209.714641][ T7719] netlink: 12 bytes leftover after parsing attributes in process `syz.3.621'. [ 209.929840][ T7731] loop3: detected capacity change from 0 to 512 [ 209.999366][ T7731] EXT4-fs (loop3): 1 truncate cleaned up [ 210.014543][ T7731] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 210.058648][ T30] audit: type=1800 audit(1769524034.299:7): pid=7731 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.626" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 210.069979][ T7731] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.626: bg 0: block 465: padding at end of block bitmap is not set [ 210.125146][ T7731] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 210.159880][ T7731] EXT4-fs (loop3): This should not happen!! Data will be lost [ 210.159880][ T7731] [ 210.172625][ T7731] EXT4-fs (loop3): Total free blocks count 0 [ 210.207659][ T7731] EXT4-fs (loop3): Free/Dirty block details [ 210.239911][ T7731] EXT4-fs (loop3): free_blocks=0 [ 210.270699][ T7731] EXT4-fs (loop3): dirty_blocks=4 [ 210.281254][ T7731] EXT4-fs (loop3): Block reservation details [ 210.290104][ T7731] EXT4-fs (loop3): i_reserved_data_blocks=4 [ 210.390551][ T7744] loop0: detected capacity change from 0 to 128 [ 210.584664][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.958762][ T7754] netlink: 64 bytes leftover after parsing attributes in process `syz.2.632'. [ 211.675236][ T51] Bluetooth: hci0: command 0x0401 tx timeout [ 211.681370][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 211.687824][ T5840] Bluetooth: hci2: command 0x0406 tx timeout [ 212.063444][ T7767] netlink: 'syz.2.636': attribute type 29 has an invalid length. [ 212.528553][ T7753] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 213.114010][ T7796] capability: warning: `syz.1.648' uses deprecated v2 capabilities in a way that may be insecure [ 213.531723][ T7808] xt_CT: You must specify a L4 protocol and not use inversions on it [ 213.581991][ T7808] loop3: detected capacity change from 0 to 512 [ 213.609392][ T7808] EXT4-fs (loop3): Invalid default hash set in the superblock [ 213.972584][ T5851] Bluetooth: hci0: command 0x0401 tx timeout [ 214.002653][ T5849] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 215.225583][ T7807] netlink: 76 bytes leftover after parsing attributes in process `syz.1.651'. [ 215.548190][ T7831] loop3: detected capacity change from 0 to 512 [ 215.569110][ T7833] gre1: entered promiscuous mode [ 215.597590][ T7831] EXT4-fs: Mount option(s) incompatible with ext2 [ 215.917268][ T7841] loop0: detected capacity change from 0 to 512 [ 215.992676][ T5849] Bluetooth: hci0: command 0x0401 tx timeout [ 216.057386][ T7841] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 216.102920][ T7841] ext4 filesystem being mounted at /120/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 216.264795][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 217.411617][ T7889] syz.2.681 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 217.796386][ T7903] syzkaller0: entered promiscuous mode [ 217.822677][ T7903] syzkaller0: entered allmulticast mode [ 217.865459][ T7903] tipc: Enabled bearer , priority 0 [ 217.893927][ T7903] tipc: Resetting bearer [ 217.936454][ T7907] netlink: 16 bytes leftover after parsing attributes in process `syz.2.685'. [ 218.086217][ T7910] tipc: Started in network mode [ 218.140900][ T7910] tipc: Node identity ac1414aa, cluster identity 4711 [ 218.183167][ T7910] tipc: Enabled bearer , priority 10 [ 218.213015][ T7914] macvlan1: entered promiscuous mode [ 218.218664][ T7914] macvlan1: entered allmulticast mode [ 218.224817][ T7914] veth1_vlan: entered allmulticast mode [ 218.231179][ T7914] net_ratelimit: 11 callbacks suppressed [ 218.231196][ T7914] A link change request failed with some changes committed already. Interface macvlan1 may have been left with an inconsistent configuration, please check. [ 218.291438][ T7902] tipc: Resetting bearer [ 218.346921][ T7902] tipc: Disabling bearer [ 218.572635][ T7922] netlink: 16 bytes leftover after parsing attributes in process `syz.4.692'. [ 218.674768][ T7926] 9p: Bad value for 'wfdno' [ 218.884192][ T7933] loop3: detected capacity change from 0 to 128 [ 218.985652][ T30] audit: type=1800 audit(1769524043.229:8): pid=7933 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.697" name="bus" dev="loop3" ino=1048623 res=0 errno=0 [ 219.192685][ T5956] tipc: Node number set to 2886997162 [ 219.404853][ T5956] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 219.461973][ T7950] loop0: detected capacity change from 0 to 2048 [ 219.469507][ T5956] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 219.539330][ T7950] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 219.807660][ T7954] fido_id[7954]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 219.881353][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.955100][ T7972] netlink: 32 bytes leftover after parsing attributes in process `syz.4.713'. [ 220.095478][ T7976] loop3: detected capacity change from 0 to 512 [ 220.148835][ T7976] EXT4-fs: Mount option(s) incompatible with ext2 [ 220.269619][ T7988] netlink: 8 bytes leftover after parsing attributes in process `syz.2.721'. [ 220.299306][ T7986] loop0: detected capacity change from 0 to 1024 [ 220.404521][ T7986] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 220.450608][ T7986] ext4 filesystem being mounted at /132/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 220.531261][ T7986] EXT4-fs error (device loop0): ext4_map_blocks:818: inode #15: comm syz.0.720: lblock 0 mapped to illegal pblock 0 (length 1) [ 220.552101][ T7986] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 220.565816][ T7986] EXT4-fs (loop0): This should not happen!! Data will be lost [ 220.565816][ T7986] [ 220.580533][ T7986] EXT4-fs error (device loop0): ext4_map_blocks:776: inode #15: comm syz.0.720: lblock 0 mapped to illegal pblock 0 (length 1) [ 220.597625][ T7986] EXT4-fs error (device loop0): ext4_map_blocks:776: inode #15: comm syz.0.720: lblock 0 mapped to illegal pblock 0 (length 1) [ 220.613819][ T7986] EXT4-fs error (device loop0): ext4_map_blocks:776: inode #15: comm syz.0.720: lblock 0 mapped to illegal pblock 0 (length 1) [ 220.684949][ T7986] EXT4-fs error (device loop0): ext4_map_blocks:776: inode #15: comm syz.0.720: lblock 0 mapped to illegal pblock 0 (length 1) [ 220.720888][ T7986] EXT4-fs error (device loop0): ext4_map_blocks:776: inode #15: comm syz.0.720: lblock 0 mapped to illegal pblock 0 (length 1) [ 220.764312][ T8007] netlink: 32 bytes leftover after parsing attributes in process `syz.3.728'. [ 220.789724][ T7985] EXT4-fs error (device loop0): ext4_map_blocks:776: inode #15: comm syz.0.720: lblock 0 mapped to illegal pblock 0 (length 1) [ 220.812730][ T7985] EXT4-fs error (device loop0): ext4_map_blocks:776: inode #15: comm syz.0.720: lblock 0 mapped to illegal pblock 0 (length 1) [ 220.834507][ T7986] EXT4-fs error (device loop0): ext4_map_blocks:776: inode #15: comm syz.0.720: lblock 0 mapped to illegal pblock 0 (length 1) [ 220.848880][ T8004] EXT4-fs error (device loop0): ext4_map_blocks:776: inode #15: comm syz.0.720: lblock 0 mapped to illegal pblock 0 (length 1) [ 221.262630][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 221.697333][ T8044] netlink: 32 bytes leftover after parsing attributes in process `syz.1.741'. [ 222.185171][ T8073] loop3: detected capacity change from 0 to 1024 [ 222.276786][ T8077] netlink: 'syz.2.756': attribute type 29 has an invalid length. [ 223.118309][ T8111] 9p: Bad value for 'rfdno' [ 224.058180][ T30] audit: type=1326 audit(1769524048.299:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8154 comm="syz.3.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9aca99aeb9 code=0x7ffc0000 [ 224.136002][ T30] audit: type=1326 audit(1769524048.299:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8154 comm="syz.3.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9aca99aeb9 code=0x7ffc0000 [ 224.236719][ T30] audit: type=1326 audit(1769524048.329:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8154 comm="syz.3.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f9aca99aeb9 code=0x7ffc0000 [ 224.306888][ T30] audit: type=1326 audit(1769524048.329:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8154 comm="syz.3.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9aca99aeb9 code=0x7ffc0000 [ 224.490768][ T30] audit: type=1326 audit(1769524048.329:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8154 comm="syz.3.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9aca99aeb9 code=0x7ffc0000 [ 224.574050][ T30] audit: type=1326 audit(1769524048.329:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8154 comm="syz.3.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9aca99aeb9 code=0x7ffc0000 [ 224.810414][ T8169] loop0: detected capacity change from 0 to 128 [ 224.892561][ T30] audit: type=1326 audit(1769524048.329:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8154 comm="syz.3.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9aca99aeb9 code=0x7ffc0000 [ 225.016167][ T30] audit: type=1326 audit(1769524048.329:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8154 comm="syz.3.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9aca99aeb9 code=0x7ffc0000 [ 225.088664][ T30] audit: type=1326 audit(1769524048.329:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8154 comm="syz.3.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9aca99aeb9 code=0x7ffc0000 [ 225.138208][ T8180] batman_adv: batadv0: Interface deactivated: dummy0 [ 225.148374][ T8180] batman_adv: batadv0: Removing interface: dummy0 [ 225.225914][ T30] audit: type=1326 audit(1769524048.329:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8154 comm="syz.3.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9aca99aeb9 code=0x7ffc0000 [ 225.880433][ T8205] netlink: 32 bytes leftover after parsing attributes in process `syz.4.808'. [ 226.145121][ T8219] tipc: Enabling of bearer rejected, failed to enable media [ 226.813187][ T8248] netlink: 32 bytes leftover after parsing attributes in process `syz.0.821'. [ 227.488966][ T8264] syzkaller0: entered promiscuous mode [ 227.525432][ T8264] syzkaller0: entered allmulticast mode [ 227.555581][ T8268] loop3: detected capacity change from 0 to 128 [ 227.563930][ T8267] tipc: Enabled bearer , priority 0 [ 227.613751][ T8264] tipc: Resetting bearer [ 227.621912][ T8268] FAT-fs (loop3): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 227.782749][ T8263] tipc: Resetting bearer [ 227.916326][ T8263] tipc: Disabling bearer [ 228.096360][ T8278] netlink: 32 bytes leftover after parsing attributes in process `syz.2.833'. [ 230.149534][ T8310] netlink: 40 bytes leftover after parsing attributes in process `syz.1.847'. [ 231.203641][ T8326] xt_CT: You must specify a L4 protocol and not use inversions on it [ 232.333533][ T8329] 9pnet_fd: Insufficient options for proto=fd [ 233.118884][ T8342] loop3: detected capacity change from 0 to 128 [ 233.173955][ T8342] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 233.250175][ T8342] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 233.296542][ T8342] ext2 filesystem being mounted at /140/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 233.469438][ T5836] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 233.697103][ T8360] 9pnet_fd: Insufficient options for proto=fd [ 233.890904][ T8369] syzkaller1: entered promiscuous mode [ 233.899802][ T8369] syzkaller1: entered allmulticast mode [ 234.757810][ T8368] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 234.804355][ T30] kauditd_printk_skb: 18 callbacks suppressed [ 234.804373][ T30] audit: type=1326 audit(1769524059.049:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8409 comm="syz.2.888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa408b9aeb9 code=0x7ffc0000 [ 234.872596][ T30] audit: type=1326 audit(1769524059.049:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8409 comm="syz.2.888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa408b9aeb9 code=0x7ffc0000 [ 234.961558][ T30] audit: type=1326 audit(1769524059.099:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8409 comm="syz.2.888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa408b9aeb9 code=0x7ffc0000 [ 235.001061][ T8417] loop3: detected capacity change from 0 to 164 [ 235.069245][ T8417] Unable to read rock-ridge attributes [ 235.125184][ T8417] Unable to read rock-ridge attributes [ 235.155086][ T8417] bio_check_eod: 19 callbacks suppressed [ 235.155107][ T8417] syz.3.890: attempt to access beyond end of device [ 235.155107][ T8417] loop3: rw=8912896, sector=263328, nr_sectors = 4 limit=164 [ 235.214145][ T8417] syz.3.890: attempt to access beyond end of device [ 235.214145][ T8417] loop3: rw=8388608, sector=263328, nr_sectors = 4 limit=164 [ 235.263123][ T30] audit: type=1326 audit(1769524059.099:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8409 comm="syz.2.888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa408b9aeb9 code=0x7ffc0000 [ 235.337264][ T30] audit: type=1326 audit(1769524059.099:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8409 comm="syz.2.888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa408b9aeb9 code=0x7ffc0000 [ 235.382509][ T30] audit: type=1326 audit(1769524059.109:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8409 comm="syz.2.888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa408b9aeb9 code=0x7ffc0000 [ 235.424967][ T30] audit: type=1326 audit(1769524059.109:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8409 comm="syz.2.888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa408b9aeb9 code=0x7ffc0000 [ 235.472618][ T30] audit: type=1326 audit(1769524059.109:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8409 comm="syz.2.888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa408b9aeb9 code=0x7ffc0000 [ 235.524048][ T30] audit: type=1326 audit(1769524059.109:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8409 comm="syz.2.888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa408b9aeb9 code=0x7ffc0000 [ 235.633798][ T30] audit: type=1326 audit(1769524059.259:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8409 comm="syz.2.888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa408b9aeb9 code=0x7ffc0000 [ 235.912558][ T5849] Bluetooth: hci0: command 0x0401 tx timeout [ 237.472330][ T8447] fuse: Unknown parameter 'gro' [ 238.238213][ T8459] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 239.494879][ T8483] hub 6-0:1.0: USB hub found [ 239.501886][ T8483] hub 6-0:1.0: 1 port detected [ 239.563908][ T8483] loop3: detected capacity change from 0 to 512 [ 239.671980][ T8483] EXT4-fs (loop3): Invalid default hash set in the superblock [ 241.509298][ T8493] xt_CT: You must specify a L4 protocol and not use inversions on it [ 243.163422][ T8545] netlink: 16 bytes leftover after parsing attributes in process `syz.3.937'. [ 246.982666][ T8610] netlink: 8 bytes leftover after parsing attributes in process `syz.0.964'. [ 247.022152][ T8610] netlink: 16 bytes leftover after parsing attributes in process `syz.0.964'. [ 248.778058][ T8650] netlink: 'syz.3.981': attribute type 29 has an invalid length. [ 249.075929][ T8669] netlink: 7 bytes leftover after parsing attributes in process `syz.3.989'. [ 249.085523][ T8669] netlink: 28 bytes leftover after parsing attributes in process `syz.3.989'. [ 249.094939][ T8669] netlink: 28 bytes leftover after parsing attributes in process `syz.3.989'. [ 249.230121][ T8671] 9p: Bad value for 'rfdno' [ 249.945045][ T8705] tipc: Enabling of bearer rejected, failed to enable media [ 250.124482][ T8710] 9p: Bad value for 'source' [ 250.250246][ T8715] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1006'. [ 250.721922][ T8725] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1011'. [ 250.874707][ T8731] loop0: detected capacity change from 0 to 1024 [ 250.881993][ T8731] EXT4-fs: Ignoring removed orlov option [ 250.927025][ T8731] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 251.200270][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.266412][ T8741] netlink: 'syz.0.1017': attribute type 10 has an invalid length. [ 251.283893][ T8741] team0: Failed to send options change via netlink (err -105) [ 251.291609][ T8741] team0: Port device dummy0 added [ 251.299760][ T8741] netlink: 'syz.0.1017': attribute type 10 has an invalid length. [ 251.312303][ T8741] team0: Failed to send options change via netlink (err -105) [ 251.321539][ T8741] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 251.340950][ T8741] team0: Port device dummy0 removed [ 251.367206][ T8741] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 251.554063][ T8751] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1021'. [ 251.656486][ T8754] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1024'. [ 251.672562][ T5851] Bluetooth: hci0: command 0x0401 tx timeout [ 251.678889][ T5849] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 251.777259][ T8762] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1026'. [ 252.175130][ T8780] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1033'. [ 252.348694][ T8790] xt_hashlimit: size too large, truncated to 1048576 [ 252.407559][ T8795] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1040'. [ 252.808395][ T8816] loop3: detected capacity change from 0 to 512 [ 252.847469][ T8816] EXT4-fs: Ignoring removed mblk_io_submit option [ 252.857111][ T8816] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 252.881280][ T8816] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e028, mo2=0002] [ 252.891130][ T8816] EXT4-fs (loop3): orphan cleanup on readonly fs [ 252.923932][ T8816] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1045: bg 0: block 361: padding at end of block bitmap is not set [ 252.939413][ T8816] loop3: lost filesystem error report for type 5 error -117 [ 252.940764][ T8816] EXT4-fs (loop3): Remounting filesystem read-only [ 252.942494][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 252.961137][ C1] EXT4-fs (loop3): initial error at time 1769524077: ext4_validate_block_bitmap:441 [ 252.970596][ C1] EXT4-fs (loop3): last error at time 1769524077: ext4_validate_block_bitmap:441 [ 253.042117][ T8816] EXT4-fs (loop3): 1 truncate cleaned up [ 253.104824][ T8816] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 253.590862][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 254.317419][ T8854] __nla_validate_parse: 2 callbacks suppressed [ 254.317442][ T8854] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1060'. [ 254.547700][ T8866] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1067'. [ 254.610296][ T8868] netlink: 'syz.4.1066': attribute type 1 has an invalid length. [ 255.001154][ T8878] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1072'. [ 255.048504][ T8881] netlink: 'syz.4.1073': attribute type 29 has an invalid length. [ 255.326917][ T8888] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1078'. [ 255.426123][ T8891] netlink: 'syz.3.1079': attribute type 1 has an invalid length. [ 256.479403][ T8909] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1084'. [ 256.597418][ T8911] netlink: 'syz.4.1085': attribute type 29 has an invalid length. [ 256.866277][ T8925] netlink: 'syz.0.1092': attribute type 1 has an invalid length. [ 257.055246][ T8938] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1098'. [ 257.114108][ T8939] loop0: detected capacity change from 0 to 512 [ 257.172106][ T8941] netlink: 'syz.2.1099': attribute type 29 has an invalid length. [ 257.257378][ T8939] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 257.285540][ T8939] ext4 filesystem being mounted at /211/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 257.531108][ T8951] loop3: detected capacity change from 0 to 256 [ 257.674787][ T8951] FAT-fs (loop3): Directory bread(block 64) failed [ 257.681557][ T8951] FAT-fs (loop3): Directory bread(block 65) failed [ 257.688967][ T8951] FAT-fs (loop3): Directory bread(block 66) failed [ 257.695879][ T8951] FAT-fs (loop3): Directory bread(block 67) failed [ 257.703265][ T8951] FAT-fs (loop3): Directory bread(block 68) failed [ 257.709956][ T8951] FAT-fs (loop3): Directory bread(block 69) failed [ 257.717061][ T8951] FAT-fs (loop3): Directory bread(block 70) failed [ 257.723799][ T8951] FAT-fs (loop3): Directory bread(block 71) failed [ 257.731455][ T8951] FAT-fs (loop3): Directory bread(block 72) failed [ 257.738253][ T8951] FAT-fs (loop3): Directory bread(block 73) failed [ 259.243566][ T8957] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1102'. [ 259.722102][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 259.831789][ T8973] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1110'. [ 259.895101][ T8979] netlink: 'syz.1.1112': attribute type 29 has an invalid length. [ 260.375928][ T8996] atomic_op ffff88807c929198 conn xmit_atomic 0000000000000000 [ 260.444687][ T8998] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 260.799707][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.806193][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.094330][ T9020] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 261.672801][ T5849] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 261.679187][ T5851] Bluetooth: hci0: command 0x0401 tx timeout [ 262.151913][ T9043] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1140'. [ 262.173722][ T9043] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1140'. [ 263.112081][ T9078] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1153'. [ 263.138953][ T9078] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1153'. [ 263.419181][ T9090] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1159'. [ 263.865905][ T9110] 9p: Could not find request transport: fd0x0000000000000003 [ 263.991364][ T9118] loop3: detected capacity change from 0 to 512 [ 264.001592][ T9121] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1173'. [ 264.094634][ T9118] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 264.187751][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 264.187769][ T30] audit: type=1800 audit(1769524088.429:49): pid=9118 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1172" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 264.289391][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 264.671484][ T9152] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1186'. [ 265.184548][ T9173] fuse: Unknown parameter 'gro' [ 266.216684][ T9187] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1200'. [ 267.910175][ T9205] loop3: detected capacity change from 0 to 512 [ 268.014754][ T9205] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 268.027549][ T9205] ext4 filesystem being mounted at /199/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 268.429640][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 268.890345][ T9216] xt_CT: You must specify a L4 protocol and not use inversions on it [ 270.262983][ T9236] fuse: Unknown parameter 'gro' [ 270.983246][ T5925] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 271.152482][ T5925] usb 4-1: Using ep0 maxpacket: 16 [ 271.167783][ T5925] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 271.190433][ T5925] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 271.208161][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.230586][ T5925] usb 4-1: Product: syz [ 271.242459][ T5925] usb 4-1: Manufacturer: syz [ 271.254278][ T5925] usb 4-1: SerialNumber: syz [ 271.268138][ T9256] 9p: Could not find request transport: fd0xffffffffffffffff [ 271.279290][ T5925] usb 4-1: config 0 descriptor?? [ 271.432499][ T5851] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 271.438929][ T5851] Bluetooth: hci0: command 0x0401 tx timeout [ 271.505920][ T5925] usb 4-1: USB disconnect, device number 4 [ 272.100728][ T9282] 9p: Bad value for 'wfdno' [ 272.624250][ T9306] fuse: Unknown parameter 'gro' [ 273.828668][ T9321] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1254'. [ 273.914397][ T9323] loop3: detected capacity change from 0 to 512 [ 273.956987][ T9323] EXT4-fs: Ignoring removed mblk_io_submit option [ 274.021715][ T9323] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 274.093066][ T9323] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e028, mo2=0002] [ 274.138251][ T9323] EXT4-fs (loop3): orphan cleanup on readonly fs [ 274.184018][ T9323] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1255: bg 0: block 361: padding at end of block bitmap is not set [ 274.229591][ T9323] loop3: lost filesystem error report for type 5 error -117 [ 274.230130][ T9323] EXT4-fs (loop3): Remounting filesystem read-only [ 274.237549][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 274.237571][ C1] EXT4-fs (loop3): initial error at time 1769524098: ext4_validate_block_bitmap:441 [ 274.237599][ C1] EXT4-fs (loop3): last error at time 1769524098: ext4_validate_block_bitmap:441 [ 274.343093][ T9323] EXT4-fs (loop3): 1 truncate cleaned up [ 274.373749][ T9323] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 274.451236][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 274.909653][ T9348] loop0: detected capacity change from 0 to 512 [ 275.016638][ T9352] netlink: 'syz.3.1265': attribute type 29 has an invalid length. [ 275.029180][ T9348] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 275.080507][ T9348] ext4 filesystem being mounted at /242/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 275.225643][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 275.238493][ T9356] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1266'. [ 275.877077][ T9370] fuse: Unknown parameter 'gro' [ 277.140304][ T9381] netlink: 'syz.0.1276': attribute type 29 has an invalid length. [ 277.420406][ T9386] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1279'. [ 277.765625][ T9395] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1283'. [ 278.040964][ T9409] loop3: detected capacity change from 0 to 1024 [ 278.071706][ T9409] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 278.112359][ T9409] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 278.143526][ T9409] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 278.252197][ T9409] EXT4-fs error (device loop3): mb_free_blocks:2047: group 0, inode 21: block 241:freeing already freed block (bit 15); block bitmap corrupt. [ 278.379300][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 278.824695][ T9436] fuse: Unknown parameter 'gro' [ 280.106917][ T5849] Bluetooth: hci1: unexpected event for opcode 0x0000 [ 280.303699][ T9444] netlink: 'syz.1.1300': attribute type 1 has an invalid length. [ 280.570505][ T9444] macvlan2: entered promiscuous mode [ 280.596245][ T9444] macvlan2: entered allmulticast mode [ 280.618212][ T9444] bond1: entered promiscuous mode [ 280.635989][ T9444] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 280.701449][ T9444] bond1: left promiscuous mode [ 280.944710][ T9463] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1307'. [ 281.341174][ T9483] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1317'. [ 281.585312][ T9489] binder: 9471:9489 ioctl 400c620e 200000000400 returned -22 [ 281.713542][ T5849] Bluetooth: hci0: unexpected event for opcode 0x0000 [ 282.081099][ T9499] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1322'. [ 282.247080][ T9506] netlink: 'syz.3.1325': attribute type 29 has an invalid length. [ 282.669899][ T9520] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1332'. [ 282.747433][ T9524] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1334'. [ 282.762746][ T9526] netlink: 'syz.3.1335': attribute type 29 has an invalid length. [ 282.781701][ T9526] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1335'. [ 282.918698][ T29] IPVS: starting estimator thread 0... [ 283.015516][ T9533] IPVS: using max 26 ests per chain, 62400 per kthread [ 283.116404][ T9541] geneve2: entered promiscuous mode [ 283.266663][ T9552] 9pnet_fd: Insufficient options for proto=fd [ 283.346955][ T9554] loop3: detected capacity change from 0 to 512 [ 283.391034][ T9554] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 283.407252][ T9558] netlink: 'syz.2.1349': attribute type 29 has an invalid length. [ 283.416985][ T9562] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1348'. [ 283.418649][ T9558] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1349'. [ 283.475789][ T30] audit: type=1800 audit(1769524107.719:50): pid=9554 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1347" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 283.597436][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 283.666847][ T9574] netlink: 'syz.0.1356': attribute type 1 has an invalid length. [ 283.737830][ T9574] macvlan2: entered promiscuous mode [ 283.743460][ T9574] macvlan2: entered allmulticast mode [ 283.751141][ T9574] bond1: entered promiscuous mode [ 283.757449][ T9574] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 283.802748][ T9574] bond1: left promiscuous mode [ 283.891142][ T9578] delete_channel: no stack [ 284.172316][ T5849] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 284.181255][ T5849] Bluetooth: hci1: Injecting HCI hardware error event [ 284.190003][ T5849] Bluetooth: hci1: hardware error 0x00 [ 284.393431][ T9606] xt_hashlimit: size too large, truncated to 1048576 [ 284.967815][ T9634] xt_CT: You must specify a L4 protocol and not use inversions on it [ 285.138781][ T9640] syzkaller1: entered promiscuous mode [ 285.150303][ T9640] syzkaller1: entered allmulticast mode [ 285.411745][ T9650] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1387'. [ 286.522525][ T5851] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 286.531164][ T5851] Bluetooth: hci0: Injecting HCI hardware error event [ 286.539735][ T5844] Bluetooth: hci0: hardware error 0x00 [ 286.541409][ T5849] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 286.625878][ T9652] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3 [ 286.981124][ T9669] loop0: detected capacity change from 0 to 512 [ 287.009882][ T9669] EXT4-fs: Ignoring removed mblk_io_submit option [ 287.036185][ T9669] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 287.067397][ T9669] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e028, mo2=0002] [ 287.081410][ T9669] EXT4-fs (loop0): orphan cleanup on readonly fs [ 287.089302][ T9669] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1393: bg 0: block 361: padding at end of block bitmap is not set [ 287.104304][ T9669] loop0: lost filesystem error report for type 5 error -117 [ 287.111905][ T9669] EXT4-fs (loop0): Remounting filesystem read-only [ 287.119378][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 287.119402][ C1] EXT4-fs (loop0): initial error at time 1769524111: ext4_validate_block_bitmap:441 [ 287.119433][ C1] EXT4-fs (loop0): last error at time 1769524111: ext4_validate_block_bitmap:441 [ 287.153002][ T9669] EXT4-fs (loop0): 1 truncate cleaned up [ 287.175519][ T9669] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 287.325775][ T9676] syzkaller1: entered promiscuous mode [ 287.331307][ T9676] syzkaller1: entered allmulticast mode [ 287.958023][ T9686] xt_CT: You must specify a L4 protocol and not use inversions on it [ 288.842479][ T5844] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 288.872289][ T9686] loop3: detected capacity change from 0 to 512 [ 288.922753][ T9686] EXT4-fs (loop3): Invalid default hash set in the superblock [ 289.020148][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 289.468540][ T9700] hub 6-0:1.0: USB hub found [ 289.474885][ T9700] hub 6-0:1.0: 1 port detected [ 289.475136][ T9702] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3 [ 289.495236][ T9700] loop3: detected capacity change from 0 to 512 [ 289.506775][ T9700] EXT4-fs (loop3): Invalid default hash set in the superblock [ 289.941315][ T9718] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1414'. [ 290.572867][ T5956] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 290.738661][ T9727] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1416'. [ 290.784490][ T5956] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 290.794521][ T5956] usb 1-1: New USB device found, idVendor=056a, idProduct=033b, bcdDevice= 0.00 [ 290.812647][ T5956] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.881540][ T5956] usb 1-1: config 0 descriptor?? [ 291.410116][ T9748] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1425'. [ 291.862026][ T9773] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1437'. [ 291.974828][ T9779] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1439'. [ 292.308992][ T9798] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1448'. [ 292.329652][ T9794] loop3: detected capacity change from 0 to 1024 [ 292.391463][ T9794] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 292.445221][ T30] audit: type=1800 audit(1769524116.679:51): pid=9794 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1449" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 292.538944][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 292.616074][ T9808] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1452'. [ 292.893170][ T5956] usbhid 1-1:0.0: can't add hid device: -71 [ 292.899330][ T5956] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 292.944831][ T5956] usb 1-1: USB disconnect, device number 3 [ 292.959844][ T9823] loop3: detected capacity change from 0 to 512 [ 293.084065][ T9823] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 293.108141][ T9831] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1462'. [ 293.200680][ T30] audit: type=1800 audit(1769524117.439:52): pid=9823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1459" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 293.318010][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 293.409231][ T9844] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1468'. [ 293.566326][ T9851] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1472'. [ 294.435881][ T9862] loop0: detected capacity change from 0 to 1024 [ 294.463368][ T9862] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 294.604856][ T30] audit: type=1800 audit(1769524118.849:53): pid=9862 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1475" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 294.697758][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.956946][ T9880] hub 6-0:1.0: USB hub found [ 294.971317][ T9880] hub 6-0:1.0: 1 port detected [ 295.026382][ T9880] loop3: detected capacity change from 0 to 512 [ 295.063443][ T9880] EXT4-fs (loop3): Invalid default hash set in the superblock [ 295.637853][ T9898] loop0: detected capacity change from 0 to 512 [ 295.665102][ T9898] EXT4-fs: Ignoring removed mblk_io_submit option [ 295.760135][ T9898] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 295.805473][ T9898] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e028, mo2=0002] [ 295.823160][ T9898] EXT4-fs (loop0): orphan cleanup on readonly fs [ 295.871419][ T9898] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1488: bg 0: block 361: padding at end of block bitmap is not set [ 295.942471][ T9898] loop0: lost filesystem error report for type 5 error -117 [ 295.942948][ T9898] EXT4-fs (loop0): Remounting filesystem read-only [ 295.956903][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 295.956929][ C1] EXT4-fs (loop0): initial error at time 1769524120: ext4_validate_block_bitmap:441 [ 295.956959][ C1] EXT4-fs (loop0): last error at time 1769524120: ext4_validate_block_bitmap:441 [ 296.046600][ T9898] EXT4-fs (loop0): 1 truncate cleaned up [ 296.079719][ T9898] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 296.299095][ T9913] xt_CT: You must specify a L4 protocol and not use inversions on it [ 296.492173][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 298.036534][ T9942] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1507'. [ 298.831295][ T9953] netlink: 'syz.0.1509': attribute type 29 has an invalid length. [ 298.848253][ T9953] netlink: 'syz.0.1509': attribute type 29 has an invalid length. [ 298.857413][ T9953] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1509'. [ 300.337211][ T9981] netlink: 'syz.2.1519': attribute type 1 has an invalid length. [ 300.371706][ T9984] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1520'. [ 300.472765][ T9981] bond1: (slave gretap1): Enslaving as a backup interface with an up link [ 301.353634][T10008] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1531'. [ 301.497483][T10013] loop3: detected capacity change from 0 to 2048 [ 301.508398][T10014] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1532'. [ 301.574313][T10013] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 301.981215][T10029] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1537'. [ 302.585821][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 302.686501][T10036] loop3: detected capacity change from 0 to 1024 [ 303.105444][T10047] netlink: 'syz.0.1543': attribute type 1 has an invalid length. [ 303.121018][T10046] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1544'. [ 303.316448][T10049] bond2: (slave gretap2): Enslaving as a backup interface with an up link [ 304.042907][T10071] 9p: Bad value for 'wfdno' [ 304.455503][T10081] netlink: 'syz.0.1557': attribute type 1 has an invalid length. [ 304.942466][T10089] loop3: detected capacity change from 0 to 256 [ 305.142501][T10089] FAT-fs (loop3): Directory bread(block 64) failed [ 305.149236][T10089] FAT-fs (loop3): Directory bread(block 65) failed [ 305.156404][T10089] FAT-fs (loop3): Directory bread(block 66) failed [ 305.163114][T10089] FAT-fs (loop3): Directory bread(block 67) failed [ 305.170211][T10089] FAT-fs (loop3): Directory bread(block 68) failed [ 305.177070][T10089] FAT-fs (loop3): Directory bread(block 69) failed [ 305.184193][T10089] FAT-fs (loop3): Directory bread(block 70) failed [ 305.190818][T10089] FAT-fs (loop3): Directory bread(block 71) failed [ 305.197979][T10089] FAT-fs (loop3): Directory bread(block 72) failed [ 305.204633][T10089] FAT-fs (loop3): Directory bread(block 73) failed [ 306.946485][T10102] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3 [ 307.259786][T10109] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1567'. [ 307.373715][T10112] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1569'. [ 308.322714][ T5841] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 308.534453][ T5841] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 308.572493][ T5841] usb 4-1: New USB device found, idVendor=056a, idProduct=033b, bcdDevice= 0.00 [ 308.581590][ T5841] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 308.627534][T10133] xt_CT: You must specify a L4 protocol and not use inversions on it [ 308.723409][ T5841] usb 4-1: config 0 descriptor?? [ 308.751836][T10135] loop0: detected capacity change from 0 to 2048 [ 308.806440][T10135] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 308.930207][T10144] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1581'. [ 308.988862][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 310.618599][T10166] netlink: 'syz.4.1589': attribute type 1 has an invalid length. [ 310.649972][ T5841] usbhid 4-1:0.0: can't add hid device: -71 [ 310.717727][ T5841] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 310.797510][ T5841] usb 4-1: USB disconnect, device number 5 [ 310.967314][T10169] bond1: (slave gretap1): Enslaving as a backup interface with an up link [ 310.991303][T10177] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1592'. [ 311.024104][T10166] macvlan2: entered promiscuous mode [ 311.029681][T10166] macvlan2: entered allmulticast mode [ 311.036335][T10166] bond1: entered promiscuous mode [ 311.044606][T10166] gretap1: entered promiscuous mode [ 311.051138][T10166] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 311.079523][T10166] bond1: left promiscuous mode [ 311.084699][T10166] gretap1: left promiscuous mode [ 312.162872][ T5932] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 312.384881][ T5932] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 312.412393][ T5932] usb 1-1: New USB device found, idVendor=056a, idProduct=033b, bcdDevice= 0.00 [ 312.444398][ T5932] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.499078][ T5932] usb 1-1: config 0 descriptor?? [ 312.610192][T10216] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1608'. [ 312.640232][T10214] loop3: detected capacity change from 0 to 2048 [ 312.706246][T10214] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 312.765892][T10221] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1609'. [ 312.797317][T10223] netlink: 'syz.4.1610': attribute type 1 has an invalid length. [ 312.826849][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 312.929058][T10223] macvlan2: entered promiscuous mode [ 312.956432][T10223] macvlan2: entered allmulticast mode [ 312.964035][T10223] bond2: entered promiscuous mode [ 312.970486][T10223] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 312.993510][T10223] bond2: left promiscuous mode [ 313.555134][T10251] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1619'. [ 313.674752][T10256] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1622'. [ 313.829718][T10262] netlink: 'syz.4.1625': attribute type 1 has an invalid length. [ 313.983009][T10266] macvlan2: entered promiscuous mode [ 313.988386][T10266] macvlan2: entered allmulticast mode [ 314.021712][T10266] bond3: entered promiscuous mode [ 314.057602][T10266] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 314.140364][T10266] bond3: left promiscuous mode [ 314.207560][T10281] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1632'. [ 314.294833][T10288] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1634'. [ 314.436044][T10291] loop3: detected capacity change from 0 to 2048 [ 314.492484][ T5932] usbhid 1-1:0.0: can't add hid device: -71 [ 314.497583][T10291] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 314.498712][ T5932] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 314.649845][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 314.652204][ T5932] usb 1-1: USB disconnect, device number 4 [ 314.958415][T10313] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1645'. [ 315.088999][T10319] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1648'. [ 315.942187][T10332] loop3: detected capacity change from 0 to 128 [ 316.126956][T10336] loop0: detected capacity change from 0 to 1024 [ 316.183012][T10336] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 316.423695][T10347] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1656'. [ 317.021562][T10336] workqueue: Failed to create a rescuer kthread for wq "dio/overlay": -EINTR [ 317.109096][T10347] tipc: Enabling of bearer rejected, already enabled [ 317.457241][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 317.902438][ T5956] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 318.072641][ T5956] usb 1-1: Using ep0 maxpacket: 16 [ 318.093114][ T5956] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 318.231504][ T5956] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 318.261376][ T5956] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.275170][ T5956] usb 1-1: Product: syz [ 318.279390][ T5956] usb 1-1: Manufacturer: syz [ 318.285310][ T5956] usb 1-1: SerialNumber: syz [ 318.304451][ T5956] usb 1-1: config 0 descriptor?? [ 318.316260][ T5956] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 318.330030][ T5956] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 318.593510][ T5956] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 318.675892][ T5956] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 318.684370][ T5956] em28xx 1-1:0.0: board has no eeprom [ 318.697248][T10376] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3 [ 318.723782][T10363] em28xx 1-1:0.0: reading from i2c device at 0xfffe failed (error=-5) [ 318.765050][ T5956] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 318.792044][ T5956] em28xx 1-1:0.0: dvb set to bulk mode. [ 318.804966][ T5841] em28xx 1-1:0.0: Binding DVB extension [ 318.843392][ T5956] usb 1-1: USB disconnect, device number 5 [ 318.895250][ T5956] em28xx 1-1:0.0: Disconnecting em28xx [ 318.971198][ T5841] em28xx 1-1:0.0: Registering input extension [ 318.987092][ T5956] em28xx 1-1:0.0: Closing input extension [ 319.029530][ T5956] em28xx 1-1:0.0: Freeing device [ 319.781681][T10403] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1674'. [ 320.439811][T10405] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3 [ 320.672508][ T5925] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 320.778897][T10408] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1677'. [ 320.857560][T10409] tipc: Enabling of bearer rejected, already enabled [ 320.895043][ T5925] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 320.908989][ T5925] usb 1-1: New USB device found, idVendor=056a, idProduct=033b, bcdDevice= 0.00 [ 320.924358][ T5925] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.955097][ T5925] usb 1-1: config 0 descriptor?? [ 321.137872][ T5956] IPVS: starting estimator thread 0... [ 321.232585][T10423] IPVS: using max 37 ests per chain, 88800 per kthread [ 321.425151][T10427] loop3: detected capacity change from 0 to 1024 [ 321.492231][T10427] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 321.604140][T10427] EXT4-fs error (device loop3): mb_free_blocks:2047: group 0, inode 22: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 321.977980][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 322.168443][T10440] netlink: 'syz.3.1688': attribute type 13 has an invalid length. [ 322.431330][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.451043][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.481499][ T5925] usbhid 1-1:0.0: can't add hid device: -71 [ 322.561460][T10449] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1691'. [ 322.606686][ T5925] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 323.136081][ T5925] usb 1-1: USB disconnect, device number 6 [ 323.712200][T10478] loop3: detected capacity change from 0 to 2048 [ 323.928300][T10478] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 324.537755][T10490] C: renamed from team_slave_0 (while UP) [ 324.561575][T10490] netlink: 'syz.0.1710': attribute type 2 has an invalid length. [ 324.576158][T10490] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1710'. [ 324.603041][T10490] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 324.620899][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 325.095929][T10512] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1720'. [ 325.228537][T10517] loop3: detected capacity change from 0 to 512 [ 325.299577][T10518] xt_CT: You must specify a L4 protocol and not use inversions on it [ 325.734132][T10517] EXT4-fs error (device loop3): ext4_do_update_inode:5596: inode #3: comm syz.3.1722: corrupted inode contents [ 325.771831][T10517] loop3: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 325.792348][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 325.807996][ C0] EXT4-fs (loop3): initial error at time 1769524150: ext4_do_update_inode:5596: inode 3 [ 325.817820][ C0] EXT4-fs (loop3): last error at time 1769524150: ext4_do_update_inode:5596: inode 3 [ 325.898713][T10517] EXT4-fs error (device loop3): ext4_dirty_inode:6481: inode #3: comm syz.3.1722: mark_inode_dirty error [ 325.933548][T10524] 9pnet_fd: Insufficient options for proto=fd [ 325.948278][T10517] loop3: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 325.961425][T10517] EXT4-fs error (device loop3): ext4_do_update_inode:5596: inode #3: comm syz.3.1722: corrupted inode contents [ 326.065676][T10517] loop3: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 326.066164][T10517] EXT4-fs error (device loop3): __ext4_ext_dirty:207: inode #3: comm syz.3.1722: mark_inode_dirty error [ 326.171593][T10517] loop3: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 326.178585][T10517] Quota error (device loop3): write_blk: dquota write failed [ 326.244160][T10517] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 326.282440][T10517] EXT4-fs error (device loop3): ext4_acquire_dquot:7007: comm syz.3.1722: Failed to acquire dquot type 0 [ 326.323815][T10517] loop3: lost filesystem error report for type 5 error -117 [ 326.329561][T10517] EXT4-fs error (device loop3): ext4_do_update_inode:5596: inode #16: comm syz.3.1722: corrupted inode contents [ 326.418270][T10517] loop3: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 326.421794][T10517] EXT4-fs error (device loop3): ext4_dirty_inode:6481: inode #16: comm syz.3.1722: mark_inode_dirty error [ 326.491992][T10517] loop3: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 326.495346][T10517] EXT4-fs error (device loop3): ext4_do_update_inode:5596: inode #16: comm syz.3.1722: corrupted inode contents [ 326.555661][T10517] loop3: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 326.556210][T10517] EXT4-fs error (device loop3): __ext4_ext_dirty:207: inode #16: comm syz.3.1722: mark_inode_dirty error [ 326.630404][T10517] loop3: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 326.630953][T10517] EXT4-fs error (device loop3): ext4_do_update_inode:5596: inode #16: comm syz.3.1722: corrupted inode contents [ 326.855578][T10517] loop3: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 326.856091][T10517] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem [ 326.956813][T10517] loop3: lost filesystem error report for type 5 error -117 [ 326.957343][T10517] EXT4-fs error (device loop3): ext4_do_update_inode:5596: inode #16: comm syz.3.1722: corrupted inode contents [ 327.022661][T10517] loop3: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 327.027180][T10517] EXT4-fs error (device loop3): ext4_truncate:4614: inode #16: comm syz.3.1722: mark_inode_dirty error [ 327.128261][T10517] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem [ 327.152258][T10517] loop3: lost filesystem error report for type 5 error -117 [ 327.162962][T10517] EXT4-fs (loop3): 1 truncate cleaned up [ 327.194266][T10517] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 327.261537][T10517] ext4 filesystem being mounted at /314/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 327.275764][T10545] 9pnet_fd: Insufficient options for proto=fd [ 327.320947][T10517] EXT4-fs warning (device loop3): ext4_es_cache_extent:1082: inode #3: comm syz.3.1722: ES cache extent failed: add [1,1,41,0x1] conflict with existing [1,-2,576460752303423487,0x18] [ 327.320947][T10517] [ 327.388195][T10517] EXT4-fs error (device loop3): ext4_empty_dir:3118: inode #12: block 13: comm syz.3.1722: bad entry in directory: inode out of bounds - offset=24, inode=33554445, rec_len=16, size=4096 fake=0 [ 327.533742][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 327.545464][T10556] loop0: detected capacity change from 0 to 512 [ 327.648980][T10556] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 327.697364][T10556] ext4 filesystem being mounted at /324/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 328.488123][T10580] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3 [ 328.656126][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 328.904316][T10594] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1750'. [ 329.165167][T10607] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3 [ 330.562167][T10632] loop3: detected capacity change from 0 to 1024 [ 330.783309][T10646] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3 [ 330.801596][T10620] dvmrp1: entered allmulticast mode [ 330.840432][T10620] dvmrp1: left allmulticast mode [ 331.008466][T10654] loop3: detected capacity change from 0 to 512 [ 331.129633][T10654] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 331.195995][T10654] ext4 filesystem being mounted at /324/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 331.340548][T10661] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.119778][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 332.226868][T10661] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.301609][T10679] loop3: detected capacity change from 0 to 1024 [ 332.439152][T10661] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.740039][T10661] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 333.202548][ T12] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.294752][T10690] loop0: detected capacity change from 0 to 2048 [ 333.300241][ T5841] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 333.333304][ T12] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.393699][ T5841] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 333.411664][T10690] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 333.501019][ T36] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.542600][ T36] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.629006][T10697] fido_id[10697]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 333.645915][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 334.136610][T10719] 8021q: adding VLAN 0 to HW filter on device bond1 [ 334.208342][T10726] infiniband: Added to hash: ib_dev=ffff8880261bc000 (0)() ndev=ffff888059a18000 (29)(bond0) [ 334.524527][T10736] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.707482][T10736] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.877676][T10749] 9p: Bad value for 'rfdno' [ 334.901424][T10726] infiniband syz0: set active [ 334.915957][T10726] infiniband syz0: added bond0 [ 334.928125][T10726] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR [ 334.932282][T10726] infiniband syz0: Couldn't open port 1 [ 334.962149][T10736] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.972568][ T7629] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (5)(syz0) rdma_ndev=ffff888059a18000 (36)(bond0) cookie=ffff888058c84000 (9)(netdevsim1) start [ 334.972715][ T7629] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (5)(syz0) rdma_ndev=ffff888059a18000 (36)(bond0) cookie=ffff888058c84000 (9)(netdevsim1) end [ 335.097879][T10726] RDS/IB: syz0: added [ 335.130689][T10726] smc: adding ib device syz0 with port count 1 [ 335.143520][T10726] smc: ib device syz0 port 1 has no pnetid [ 335.155606][T10756] loop0: detected capacity change from 0 to 1024 [ 335.188796][T10736] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.199507][ T3029] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (12)(syz0) rdma_ndev=ffff888059a18000 (37)(bond0) cookie=ffff88802c59c000 (11)(netdevsim0) start [ 335.233013][ T3029] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (12)(syz0) rdma_ndev=ffff888059a18000 (37)(bond0) cookie=ffff88802c59c000 (5)(netdevsim0) end [ 335.285008][T10756] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 335.299213][T10760] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1817'. [ 335.395074][T10756] EXT4-fs error (device loop0): mb_free_blocks:2047: group 0, inode 22: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 335.490100][ T36] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.558592][ T36] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.660147][ T36] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.668697][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 335.719008][ T12] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.967859][T10777] mmap: syz.1.1819 (10777) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 336.834604][T10790] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3 [ 337.037742][ T7629] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (12)(syz0) rdma_ndev=ffff888059a18000 (34)(bond0) cookie=ffff88807bf64000 (23)(syz_tun) start [ 337.065062][ T7629] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (12)(syz0) rdma_ndev=ffff888059a18000 (34)(bond0) cookie=ffff88807bf64000 (20)(syz_tun) end [ 337.435976][T10809] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1832'. [ 340.197516][T10859] bridge0: port 2(bridge_slave_1) entered disabled state [ 340.218502][T10872] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1859'. [ 340.471759][T10877] netlink: 'syz.3.1861': attribute type 29 has an invalid length. [ 340.493536][T10877] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1861'. [ 341.624938][T10902] xt_hashlimit: size too large, truncated to 1048576 [ 341.834150][T10913] netlink: 'syz.1.1875': attribute type 29 has an invalid length. [ 341.856167][T10913] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1875'. [ 342.345493][T10933] loop0: detected capacity change from 0 to 1024 [ 343.801504][T10933] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 343.921908][T10933] EXT4-fs error (device loop0): ext4_xattr_inode_iget:441: comm syz.0.1884: inode #1919248754: comm syz.0.1884: iget: illegal inode # [ 344.022588][T10933] EXT4-fs (loop0): Remounting filesystem read-only [ 344.077504][T10933] EXT4-fs warning (device loop0): ext4_xattr_inode_inc_ref_all:1135: inode #19: comm syz.0.1884: cleanup dec ref error -30 [ 344.154775][T10933] EXT4-fs warning (device loop0): ext4_xattr_block_set:2200: inode #19: comm syz.0.1884: dec ref error=-30 [ 344.303093][T10951] C: renamed from team_slave_0 (while UP) [ 344.367214][T10951] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1887'. [ 344.418147][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 344.635840][T10955] xt_hashlimit: size too large, truncated to 1048576 [ 346.625562][T11003] xt_CT: You must specify a L4 protocol and not use inversions on it [ 346.746252][T11006] xt_hashlimit: size too large, truncated to 1048576 [ 347.219572][ T36] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (11)(syz0) rdma_ndev=ffff888059a18000 (33)(bond0) cookie=ffff8880383e4000 (12)(syzkaller1) start [ 347.282450][ T36] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (11)(syz0) rdma_ndev=ffff888059a18000 (33)(bond0) cookie=ffff8880383e4000 (3)(syzkaller1) end [ 347.606275][ T12] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (11)(syz0) rdma_ndev=ffff888059a18000 (33)(bond0) cookie=ffff8880478b8000 (11)(erspan0) start [ 347.654994][ T12] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (11)(syz0) rdma_ndev=ffff888059a18000 (33)(bond0) cookie=ffff8880478b8000 (4)(erspan0) end [ 347.694535][ T12] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (11)(syz0) rdma_ndev=ffff888059a18000 (33)(bond0) cookie=ffff888030d2a000 (3)(gretap0) start [ 347.761619][ T12] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (11)(syz0) rdma_ndev=ffff888059a18000 (33)(bond0) cookie=ffff888030d2a000 (3)(gretap0) end [ 348.901249][T11043] xt_hashlimit: size too large, truncated to 1048576 [ 349.256053][T11048] 9p: Could not find request transport: fd00000000000000000000004 [ 349.703779][T11063] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1931'. [ 350.889632][T11080] loop0: detected capacity change from 0 to 128 [ 350.948478][T11080] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 351.001328][T11080] ext4 filesystem being mounted at /361/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 351.103669][ T5832] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 351.390018][T11092] 9p: Could not find request transport: fd00000000000000000000004 [ 352.643245][T11145] xt_CT: You must specify a L4 protocol and not use inversions on it [ 353.102861][ T5925] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 353.156320][ T5925] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 353.185775][T11162] loop3: detected capacity change from 0 to 2048 [ 353.301636][T11162] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 353.460002][T11166] fido_id[11166]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 353.518241][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 353.798367][T11158] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 353.817075][T11158] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 353.971141][T11161] geneve2: entered promiscuous mode [ 354.507817][ T36] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (11)(syz0) rdma_ndev=ffff888059a18000 (32)(bond0) cookie=ffff888048606000 (11)(erspan0) start [ 354.562457][ T36] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (11)(syz0) rdma_ndev=ffff888059a18000 (32)(bond0) cookie=ffff888048606000 (4)(erspan0) end [ 354.609949][ T36] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (11)(syz0) rdma_ndev=ffff888059a18000 (32)(bond0) cookie=ffff888055cc6000 (3)(gretap0) start [ 354.646646][ T36] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (11)(syz0) rdma_ndev=ffff888059a18000 (32)(bond0) cookie=ffff888055cc6000 (3)(gretap0) end [ 355.534671][T11214] infiniband: Added to hash: ib_dev=ffff88807d3ac000 (0)() ndev=ffff8880320e8000 (27)(bond0) [ 355.572560][T11214] infiniband: Removed from hash: ib_dev=ffff88807d3ac000 (0)() ndev=ffff8880320e8000 (27)(bond0) [ 355.624744][T11214] rdma_rxe: rxe_newlink: failed to add bond0 [ 356.143322][ T5925] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 356.193083][T11226] 9pnet_fd: Insufficient options for proto=fd [ 356.302392][ T5925] usb 1-1: Using ep0 maxpacket: 16 [ 356.376131][ T5925] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 356.534181][ T5925] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 356.668899][ T5925] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 356.775962][ T5925] usb 1-1: Product: syz [ 356.829388][ T5925] usb 1-1: Manufacturer: syz [ 356.893269][ T5925] usb 1-1: SerialNumber: syz [ 356.980209][ T5925] usb 1-1: config 0 descriptor?? [ 357.016548][ T5925] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 357.038089][ T5925] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 357.272908][ T5925] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 357.310981][ T7629] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (11)(syz0) rdma_ndev=ffff888059a18000 (32)(bond0) cookie=ffff888031470000 (14)(netdevsim3) start [ 357.342903][T11244] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.362828][ T5925] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 357.375466][ T5925] em28xx 1-1:0.0: board has no eeprom [ 357.390663][ T7629] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (11)(syz0) rdma_ndev=ffff888059a18000 (32)(bond0) cookie=ffff888031470000 (8)(netdevsim3) end [ 357.482506][ T5925] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 357.490589][ T5925] em28xx 1-1:0.0: dvb set to bulk mode. [ 357.496321][ T5932] em28xx 1-1:0.0: Binding DVB extension [ 357.522591][ T5925] usb 1-1: USB disconnect, device number 7 [ 357.583885][ T5925] em28xx 1-1:0.0: Disconnecting em28xx [ 357.604531][ T58] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (11)(syz0) rdma_ndev=ffff888059a18000 (32)(bond0) cookie=ffff88805838c000 (13)(netdevsim2) start [ 357.630244][T11244] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.633450][ T5932] em28xx 1-1:0.0: Registering input extension [ 357.651585][ T5925] em28xx 1-1:0.0: Closing input extension [ 357.663220][ T58] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (11)(syz0) rdma_ndev=ffff888059a18000 (32)(bond0) cookie=ffff88805838c000 (8)(netdevsim2) end [ 357.729080][ T5925] em28xx 1-1:0.0: Freeing device [ 357.776564][ T12] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (11)(syz0) rdma_ndev=ffff888059a18000 (32)(bond0) cookie=ffff888079408000 (16)(netdevsim1) start [ 357.793268][T11244] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.812721][ T12] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (11)(syz0) rdma_ndev=ffff888059a18000 (32)(bond0) cookie=ffff888079408000 (8)(netdevsim1) end [ 358.067267][T11244] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.084981][ T12] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (11)(syz0) rdma_ndev=ffff888059a18000 (32)(bond0) cookie=ffff888057d94000 (8)(netdevsim0) start [ 358.129815][ T12] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff8880261bc000 (11)(syz0) rdma_ndev=ffff888059a18000 (32)(bond0) cookie=ffff888057d94000 (5)(netdevsim0) end [ 358.171173][T11254] xt_hashlimit: size too large, truncated to 1048576 [ 358.307002][T11263] 9pnet_fd: Insufficient options for proto=fd [ 358.382135][ T12] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.464026][ T12] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.473932][ T12] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.498583][ T12] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.715629][T11276] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2010'. [ 359.155915][T11288] 9pnet_fd: Insufficient options for proto=fd [ 361.246815][T11313] 9pnet_fd: Insufficient options for proto=fd [ 361.996468][T11331] loop0: detected capacity change from 0 to 512 [ 362.007528][T11331] EXT4-fs: Ignoring removed mblk_io_submit option [ 362.015621][T11331] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 362.043665][T11331] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e028, mo2=0002] [ 362.052255][T11331] EXT4-fs (loop0): orphan cleanup on readonly fs [ 362.060367][T11331] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2033: bg 0: block 361: padding at end of block bitmap is not set [ 362.078521][T11331] loop0: lost filesystem error report for type 5 error -117 [ 362.078944][T11331] EXT4-fs (loop0): Remounting filesystem read-only [ 362.086389][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 362.086411][ C0] EXT4-fs (loop0): initial error at time 1769524186: ext4_validate_block_bitmap:441 [ 362.086439][ C0] EXT4-fs (loop0): last error at time 1769524186: ext4_validate_block_bitmap:441 [ 362.122234][T11331] EXT4-fs (loop0): 1 truncate cleaned up [ 362.153243][T11331] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 362.547313][T11346] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 [#1] SMP KASAN PTI [ 362.559306][T11346] KASAN: null-ptr-deref in range [0x00000000000001c0-0x00000000000001c7] [ 362.567775][T11346] CPU: 0 UID: 0 PID: 11346 Comm: syz.3.2039 Not tainted syzkaller #0 PREEMPT(full) [ 362.577177][T11346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 362.587265][T11346] RIP: 0010:__queue_work+0xa2/0xf90 [ 362.592510][T11346] Code: 11 31 ff 89 ee e8 4e f4 37 00 85 ed 0f 85 ef 0c 00 00 e8 01 f0 37 00 4d 8d b7 c0 01 00 00 4c 89 f0 48 c1 e8 03 48 89 44 24 28 <42> 0f b6 04 20 84 c0 0f 85 22 0d 00 00 4c 89 34 24 41 8b 2e 89 ee [ 362.612152][T11346] RSP: 0018:ffffc90003f5f4d8 EFLAGS: 00010002 [ 362.618261][T11346] RAX: 0000000000000038 RBX: 0000000000000008 RCX: 0000000000080000 [ 362.626266][T11346] RDX: ffffc9000cae4000 RSI: 0000000000000a5e RDI: 0000000000000a5f [ 362.634276][T11346] RBP: 0000000000000000 R08: ffff88813ff72017 R09: 1ffff11027fee402 [ 362.642284][T11346] R10: dffffc0000000000 R11: ffffed1027fee403 R12: dffffc0000000000 [ 362.650382][T11346] R13: ffff88813ff72010 R14: 00000000000001c0 R15: 0000000000000000 [ 362.658400][T11346] FS: 00007f9acb7aa6c0(0000) GS:ffff8881252b4000(0000) knlGS:0000000000000000 [ 362.667372][T11346] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 362.674000][T11346] CR2: 00007f9aca9840c0 CR3: 000000007a076000 CR4: 00000000003526f0 [ 362.682009][T11346] Call Trace: [ 362.685314][T11346] [ 362.688276][T11346] ? __asan_memcpy+0x40/0x70 [ 362.692919][T11346] ? __tty_insert_flip_string_flags+0x3e9/0x430 [ 362.699207][T11346] queue_work_on+0x106/0x1d0 [ 362.703864][T11346] k_pad+0x4c4/0xa90 [ 362.707810][T11346] ? lock_acquire+0x106/0x330 [ 362.712521][T11346] ? __pfx_k_pad+0x10/0x10 [ 362.716971][T11346] ? notifier_chain_unregister+0x23d/0x280 [ 362.722817][T11346] ? atomic_notifier_call_chain+0x26/0x180 [ 362.728671][T11346] kbd_event+0x2ec1/0x40d0 [ 362.733130][T11346] ? __pfx_kbd_event+0x10/0x10 [ 362.737952][T11346] ? add_lock_to_list+0xc7/0x100 [ 362.742950][T11346] ? lockdep_unlock+0x5d/0xd0 [ 362.747678][T11346] ? __lock_acquire+0x146e/0x2cf0 [ 362.752768][T11346] ? __lock_acquire+0x6b5/0x2cf0 [ 362.757734][T11346] ? __lock_acquire+0x6b5/0x2cf0 [ 362.762706][T11346] ? __lock_acquire+0x6b5/0x2cf0 [ 362.767678][T11346] ? input_pass_values+0x8d/0x890 [ 362.772725][T11346] ? lock_acquire+0x106/0x330 [ 362.777434][T11346] ? input_pass_values+0x8d/0x890 [ 362.782483][T11346] input_handle_events_default+0xd4/0x1a0 [ 362.788235][T11346] ? input_pass_values+0x8d/0x890 [ 362.793281][T11346] input_pass_values+0x288/0x890 [ 362.798241][T11346] ? input_handle_event+0x70c/0xf30 [ 362.803463][T11346] input_event_dispose+0x330/0x6b0 [ 362.808600][T11346] input_inject_event+0x1dd/0x340 [ 362.813644][T11346] ? input_inject_event+0xb6/0x340 [ 362.818785][T11346] evdev_write+0x325/0x4c0 [ 362.823221][T11346] ? __lock_acquire+0x6b5/0x2cf0 [ 362.828178][T11346] ? __pfx_evdev_write+0x10/0x10 [ 362.833133][T11346] ? bpf_lsm_file_permission+0x9/0x20 [ 362.838530][T11346] ? security_file_permission+0x75/0x260 [ 362.844185][T11346] ? rw_verify_area+0x255/0x4d0 [ 362.849104][T11346] ? __pfx_evdev_write+0x10/0x10 [ 362.854058][T11346] vfs_write+0x29a/0xb90 [ 362.858326][T11346] ? __pfx_vfs_write+0x10/0x10 [ 362.863111][T11346] ? __fget_files+0x2a/0x420 [ 362.867717][T11346] ? __fget_files+0x2a/0x420 [ 362.872330][T11346] ? __fget_files+0x3a0/0x420 [ 362.877027][T11346] ? __fget_files+0x2a/0x420 [ 362.881635][T11346] ksys_write+0x150/0x270 [ 362.885994][T11346] ? __pfx_ksys_write+0x10/0x10 [ 362.890877][T11346] do_syscall_64+0xe2/0xf80 [ 362.895406][T11346] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.901613][T11346] ? trace_irq_disable+0x37/0x100 [ 362.906717][T11346] ? clear_bhb_loop+0x40/0x90 [ 362.911425][T11346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.917334][T11346] RIP: 0033:0x7f9aca99aeb9 [ 362.921788][T11346] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 362.941517][T11346] RSP: 002b:00007f9acb7aa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 362.949968][T11346] RAX: ffffffffffffffda RBX: 00007f9acac15fa0 RCX: 00007f9aca99aeb9 [ 362.958047][T11346] RDX: 0000000000002250 RSI: 0000200000000040 RDI: 0000000000000004 [ 362.966043][T11346] RBP: 00007f9acaa08c1f R08: 0000000000000000 R09: 0000000000000000 [ 362.974030][T11346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 362.982031][T11346] R13: 00007f9acac16038 R14: 00007f9acac15fa0 R15: 00007ffdd6ef9a18 [ 362.990063][T11346] [ 362.993185][T11346] Modules linked in: [ 362.997108][T11346] ---[ end trace 0000000000000000 ]--- [ 363.002581][T11346] RIP: 0010:__queue_work+0xa2/0xf90 [ 363.007928][T11346] Code: 11 31 ff 89 ee e8 4e f4 37 00 85 ed 0f 85 ef 0c 00 00 e8 01 f0 37 00 4d 8d b7 c0 01 00 00 4c 89 f0 48 c1 e8 03 48 89 44 24 28 <42> 0f b6 04 20 84 c0 0f 85 22 0d 00 00 4c 89 34 24 41 8b 2e 89 ee [ 363.027594][T11346] RSP: 0018:ffffc90003f5f4d8 EFLAGS: 00010002 [ 363.033691][T11346] RAX: 0000000000000038 RBX: 0000000000000008 RCX: 0000000000080000 [ 363.041681][T11346] RDX: ffffc9000cae4000 RSI: 0000000000000a5e RDI: 0000000000000a5f [ 363.049667][T11346] RBP: 0000000000000000 R08: ffff88813ff72017 R09: 1ffff11027fee402 [ 363.057656][T11346] R10: dffffc0000000000 R11: ffffed1027fee403 R12: dffffc0000000000 [ 363.065643][T11346] R13: ffff88813ff72010 R14: 00000000000001c0 R15: 0000000000000000 [ 363.073631][T11346] FS: 00007f9acb7aa6c0(0000) GS:ffff8881252b4000(0000) knlGS:0000000000000000 [ 363.082571][T11346] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 363.089168][T11346] CR2: 00007f9aca9840c0 CR3: 000000007a076000 CR4: 00000000003526f0 [ 363.097160][T11346] Kernel panic - not syncing: Fatal exception [ 363.103840][T11346] Kernel Offset: disabled [ 363.108169][T11346] Rebooting in 86400 seconds..