last executing test programs: 5.146868661s ago: executing program 0 (id=2490): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000018c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000001980)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004}, 0x80) 4.876116816s ago: executing program 0 (id=2492): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002e00000008000300", @ANYBLOB="0a0034000202020202020000140049000bac0f0004ac0f"], 0x44}}, 0x0) 4.605518231s ago: executing program 0 (id=2494): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x4004884) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r3) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x3c, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0xb86}, @TCA_TBF_PARMS={0x28, 0x1, {{0xa, 0x2, 0xffff, 0x7, 0xcc, 0x3}, {0x0, 0x1, 0x7, 0x8, 0x7f, 0x9}, 0xa6, 0x7, 0x1bb6}}, @TCA_TBF_BURST={0x8, 0x6, 0x7f}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000840)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r6, {}, {0x2, 0xb}, {0xd, 0xa}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x4080) ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 4.047865552s ago: executing program 0 (id=2501): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000018c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000001980)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004}, 0x80) 3.815945127s ago: executing program 0 (id=2502): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002e00000008000300", @ANYBLOB="0a0034000202020202020000140049000bac0f0004ac0f"], 0x44}}, 0x0) 3.60853187s ago: executing program 0 (id=2506): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x840, 0x0, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0x180, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x16c, 0x1, [@m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xd, 0x5, 0x0, 0x3}, 0x8}}]}, {0xfffffdd6}, {0xc}, {0xc}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0xd4, 0x3, 0x0, 0x0, {{0x9}, {0xfffffe23, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0x0, 0x3, {0x2, 0xea3, 0x6}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x1d28}}, @TCA_GACT_PARMS={0x18, 0x2, {0xb66, 0xb3, 0x10000000, 0x34e, 0xffff}}, @TCA_GACT_PARMS={0x18, 0x2, {0x7ff, 0xd8, 0x0, 0x9, 0x100000e0}}]}, {0x52, 0x6, "a06b1d1931f3579c6d7c5159238a286074602c3726c701f3c0d5382de62a6e8c4fb714fcd674c66cd306a4f78d3d05530609c9b04b7483bd084d70df8e77e6fbd503917aa0a6c737cef0ed021b60"}, {0xc}, {0x1, 0x8, {0x2, 0x2}}}}]}]}, 0x180}}, 0x0) 1.818966765s ago: executing program 3 (id=2523): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYRES32=r2, @ANYBLOB="0a0034000202020202020000140049000bac0f0004ac0f"], 0x44}}, 0x0) 1.673227708s ago: executing program 3 (id=2525): socket(0x10, 0x3, 0x0) socket(0x2b, 0x80801, 0x1) socket$inet6(0xa, 0x80003, 0xff) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.swap.events\x00', 0x275a, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6(0xa, 0x5, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet6(0xa, 0x5, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x8f) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000", @ANYRES32=r2, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r3], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r2, {0xfff2}, {}, {0xa, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x39, 0x1}}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x4004140}, 0x0) 1.548196s ago: executing program 3 (id=2527): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), r0) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), r0) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000140)={0x34, r1, 0x1, 0x400000, 0x25dfdbfc, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @loopback}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @empty}, @NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x404c080}, 0x0) 1.401439203s ago: executing program 3 (id=2529): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)={0x80, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x45, 0xe, {{{}, {}, @broadcast, @device_a, @random="8e742f592bf6"}, 0x0, @default, 0x1, @void, @void, @void, @val={0x4, 0x6, {0x7f, 0x1, 0x7}}, @void, @val={0x5, 0x3, {0xeb, 0x3a, 0xb0}}, @void, @void, @void, @void, @val={0x72, 0x6}, @void, @val={0x76, 0x6, {0x8, 0x9, 0x11, 0x979}}}}, @NL80211_ATTR_IE_PROBE_RESP={0x4}, @NL80211_ATTR_IE_ASSOC_RESP={0x6, 0x80, [@supported_rates]}], @chandef_params, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x7}]}, 0x80}}, 0xc010) 1.338136434s ago: executing program 2 (id=2530): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x7}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56747, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0x11}, {0xffe6, 0xb}, {0xb, 0xc}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0xa0000}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4000000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 1.212517837s ago: executing program 3 (id=2531): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000018c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000001940)={0x0}, 0x1, 0x0, 0x0, 0x4004}, 0x80) 1.171891428s ago: executing program 1 (id=2532): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newsa={0x144, 0x10, 0x1, 0xbffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@local, 0x1, 0x794, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x9, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0x1ff}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0xfd, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @mark={0xc, 0x15, {0x35075a, 0x3}}]}, 0x144}, 0x1, 0x0, 0x0, 0x8801}, 0x10) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) 1.138448298s ago: executing program 3 (id=2533): sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=@base={0x6, 0x4, 0x8, 0x8}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) syz_clone(0x6a000000, 0x0, 0x0, 0x0, 0x0, 0x0) socket(0x10, 0x3, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) 1.002262191s ago: executing program 1 (id=2534): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYRES32=r2, @ANYBLOB="0a0034000202020202020000140049000bac0f0004ac0f"], 0x44}}, 0x0) 984.301202ms ago: executing program 2 (id=2535): socket(0x10, 0x3, 0x0) socket(0x2b, 0x80801, 0x1) socket$inet6(0xa, 0x80003, 0xff) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.swap.events\x00', 0x275a, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6(0xa, 0x5, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet6(0xa, 0x5, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x8f) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000", @ANYRES32=r2, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r3], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r2, {0xfff2}, {}, {0xa, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x39, 0x1}}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x4004140}, 0x0) 850.442084ms ago: executing program 1 (id=2536): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x328000, 0x1000}, 0x20) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000200)=0x1, 0x4) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) bind$xdp(r1, &(0x7f0000000100)={0x2c, 0xa, r3}, 0x10) bind$xdp(r0, &(0x7f0000000180)={0x2c, 0x1, r3, 0x0, r1}, 0x10) 701.122907ms ago: executing program 2 (id=2537): r0 = syz_open_dev$tty1(0xc, 0x4, 0x4) sched_setscheduler(0x0, 0x2, 0x0) unshare(0x8040600) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$PNPIPE_ENCAP(r1, 0x113, 0x1, &(0x7f0000000140)=0x1, 0x4) sched_setscheduler(0x0, 0x5, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) epoll_create1(0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000007c0)='uid_map\x00') preadv(r2, &(0x7f0000000200)=[{&(0x7f0000000380)=""/106, 0xbe}], 0x1, 0x40fb, 0x9) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000800)=ANY=[@ANYRESDEC=r2, @ANYRES32, @ANYBLOB="0000000000000000e4ad4026f0bfd31414d0e39f07595a420cacc0565f6233a18e9461b6d0a8603db189221ffc1ca98a202dac618506cbd9f7ca2dc7d00f62655d615c1b6943d23bffff1a944ccb3d0a541993a10b07d1ccfe00b497aac8ebd197d24d7f84fbfce574ae05d4ff4ade1f98e348f28069d931756126e799c9e8f217fec8666fc2aface71aa0f4200b39054dcfe75db006447523e686b949a3b35d2f5a58b9db2b79edd978800fdc94f531e866cba48af50b626b97a7a7eb9b8827c5de5f50c01ae36eb469d9c31e91697d27ec7fad8a3a72c10e210ae1b720afdf44def7b2f364788ed45f2bad0e848ba3", @ANYRES32, @ANYBLOB="f08e95a08f045dd7175ea1b5d7294fe1d63572e2757fbef7301a76e23bb7fedc58b053e9118cceb295935632a1430220ea661963afcf445be2b98b71015a7fd98ef26d02b8c7ea6709a646ab2e72e879a347a45a75cf58a66e7182a6215b92ba3f", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20) openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r5, 0x0, 0xfffffffffffff001}, 0x18) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) mount$bind(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0), 0x80004a, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r6, 0x408c5333, &(0x7f0000000580)={0x0, 0x1, 0x0, 'queue0\x00'}) r7 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x1e, &(0x7f00000000c0)=0x9cc, 0x4) setsockopt$inet_MCAST_MSFILTER(r7, 0x0, 0x30, 0x0, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a31000000002c0003800800014000000000180003801400010076657468315f746f5f626f6e6400000008000240000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e64000000080002"], 0x10c}}, 0x0) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x5, 0xc, 0x8009, 0x0, 0x9}) 632.112658ms ago: executing program 1 (id=2538): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x34, r2, 0x1, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY={0x10, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x5}, @NL80211_KEY_DEFAULT={0x4}]}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x2080}, 0x8010) 565.573149ms ago: executing program 1 (id=2539): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), r0) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000140)={0x34, r1, 0x1, 0x400000, 0x25dfdbfc, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @loopback}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @empty}, @NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x404c080}, 0x0) 427.915912ms ago: executing program 2 (id=2540): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)={0x80, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x45, 0xe, {{{}, {}, @broadcast, @device_a, @random="8e742f592bf6"}, 0x0, @default, 0x1, @void, @void, @void, @val={0x4, 0x6, {0x7f, 0x1, 0x7}}, @void, @val={0x5, 0x3, {0xeb, 0x3a, 0xb0}}, @void, @void, @void, @void, @val={0x72, 0x6}, @void, @val={0x76, 0x6, {0x8, 0x9, 0x11, 0x979}}}}, @NL80211_ATTR_IE_PROBE_RESP={0x4}, @NL80211_ATTR_IE_ASSOC_RESP={0x6, 0x80, [@supported_rates]}], @chandef_params, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x7}]}, 0x80}}, 0xc010) 358.746093ms ago: executing program 1 (id=2541): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x4004884) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r3) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x3c, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0xb86}, @TCA_TBF_PARMS={0x28, 0x1, {{0xa, 0x2, 0xffff, 0x7, 0xcc, 0x3}, {0x0, 0x1, 0x7, 0x8, 0x7f, 0x9}, 0xa6, 0x7, 0x1bb6}}, @TCA_TBF_BURST={0x8, 0x6, 0x7f}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000840)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r6, {}, {0x2, 0xb}, {0xd, 0xa}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x4080) ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 257.492225ms ago: executing program 2 (id=2542): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000018c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000001940)={0x0}, 0x1, 0x0, 0x0, 0x4004}, 0x80) 0s ago: executing program 2 (id=2543): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newsa={0x144, 0x10, 0x1, 0xbffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@local, 0x1, 0x794, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x9, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0x1ff}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0xfd, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @mark={0xc, 0x15, {0x35075a, 0x3}}]}, 0x144}, 0x1, 0x0, 0x0, 0x8801}, 0x10) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) kernel console output (not intermixed with test programs): "syz.1.1423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 278.948366][ T28] audit: type=1326 audit(1757693518.773:1681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9691 comm="syz.1.1425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 278.993502][ T9695] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.1426: bg 0: block 393: padding at end of block bitmap is not set [ 279.050493][ T9695] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6637: Corrupt filesystem [ 279.076549][ T28] audit: type=1326 audit(1757693518.773:1682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9691 comm="syz.1.1425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 279.107116][ T9695] EXT4-fs (loop2): 2 truncates cleaned up [ 279.124528][ T9695] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 279.335704][ T9504] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 279.901574][ T9712] loop2: detected capacity change from 0 to 1024 [ 280.103868][ T9712] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 280.218020][ T9712] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 280.644689][ T9504] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 280.796584][ T28] kauditd_printk_skb: 11 callbacks suppressed [ 280.796600][ T28] audit: type=1326 audit(1757693520.763:1694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9719 comm="syz.3.1433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 280.803094][ T9724] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1435'. [ 280.803126][ T9724] syz_tun: entered promiscuous mode [ 280.803145][ T9724] syz_tun: entered allmulticast mode [ 280.880819][ T28] audit: type=1326 audit(1757693520.793:1695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9719 comm="syz.3.1433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 280.948823][ T28] audit: type=1326 audit(1757693520.793:1696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9719 comm="syz.3.1433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 281.113710][ T9728] lo speed is unknown, defaulting to 1000 [ 281.589032][ T28] audit: type=1326 audit(1757693521.553:1697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9744 comm="syz.1.1446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 281.731498][ T28] audit: type=1326 audit(1757693521.573:1698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9744 comm="syz.1.1446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 281.756303][ T28] audit: type=1326 audit(1757693521.573:1699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9744 comm="syz.1.1446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 281.779546][ T28] audit: type=1326 audit(1757693521.573:1700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9744 comm="syz.1.1446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 281.946728][ T9747] loop3: detected capacity change from 0 to 1024 [ 282.143110][ T9747] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 282.204506][ T9747] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 282.576903][ T9752] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1447'. [ 282.686555][ T9755] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1449'. [ 282.700705][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 282.999802][ T28] audit: type=1326 audit(1757693522.963:1701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9768 comm="syz.3.1455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 283.059920][ T28] audit: type=1326 audit(1757693522.963:1702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9768 comm="syz.3.1455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 283.194088][ T28] audit: type=1326 audit(1757693522.963:1703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9768 comm="syz.3.1455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 284.487588][ T9787] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1461'. [ 285.236282][ T9809] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1472'. [ 285.772196][ T9824] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1479'. [ 285.968179][ T9828] loop3: detected capacity change from 0 to 512 [ 285.982789][ T9828] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 286.011670][ T9828] EXT4-fs (loop3): 1 truncate cleaned up [ 286.025132][ T9828] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 286.522693][ T28] kauditd_printk_skb: 53 callbacks suppressed [ 286.522709][ T28] audit: type=1326 audit(1757693526.483:1757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9846 comm="syz.1.1488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 286.555068][ T28] audit: type=1326 audit(1757693526.493:1758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9846 comm="syz.1.1488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 286.579113][ T28] audit: type=1326 audit(1757693526.523:1759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9846 comm="syz.1.1488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 286.636499][ T28] audit: type=1326 audit(1757693526.523:1760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9846 comm="syz.1.1488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 286.661818][ T28] audit: type=1326 audit(1757693526.523:1761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9846 comm="syz.1.1488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 286.847626][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 287.626555][ T9873] loop3: detected capacity change from 0 to 1024 [ 287.804437][ T9873] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 287.859125][ T9873] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 288.384050][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 288.612405][ T28] audit: type=1326 audit(1757693528.573:1762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.0.1498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 288.701305][ T28] audit: type=1326 audit(1757693528.573:1763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.0.1498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 288.701615][ T9884] syz.3.1501[9884] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 288.725726][ T9884] syz.3.1501[9884] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 288.785894][ T28] audit: type=1326 audit(1757693528.573:1764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.0.1498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 288.876900][ T28] audit: type=1326 audit(1757693528.573:1765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.0.1498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 289.065053][ T9896] loop2: detected capacity change from 0 to 256 [ 289.095769][ T9897] bond0: (slave dummy0): Releasing backup interface [ 289.119612][ T9897] bridge_slave_0: left allmulticast mode [ 289.130497][ T9897] bridge_slave_0: left promiscuous mode [ 289.148651][ T9897] bridge0: port 1(bridge_slave_0) entered disabled state [ 289.192290][ T9897] bridge_slave_1: left allmulticast mode [ 289.222879][ T9897] bridge_slave_1: left promiscuous mode [ 289.246738][ T9897] bridge0: port 2(bridge_slave_1) entered disabled state [ 289.295327][ T9897] bond0: (slave bond_slave_0): Releasing backup interface [ 289.339035][ T9897] bond0: (slave bond_slave_1): Releasing backup interface [ 289.453305][ T9897] team0: Port device team_slave_0 removed [ 289.510487][ T9897] team0: Port device team_slave_1 removed [ 289.545306][ T9897] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 289.559743][ T9897] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 289.578564][ T9897] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 289.596689][ T9897] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 289.638929][ T9898] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1505'. [ 289.719850][ T9896] tipc: Started in network mode [ 289.725706][ T9896] tipc: Node identity 4, cluster identity 4711 [ 289.734118][ T9896] tipc: Node number set to 4 [ 289.943207][ T28] audit: type=1326 audit(1757693529.903:1766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9907 comm="syz.1.1510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 290.316238][ T9919] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1515'. [ 290.557706][ T9926] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1513'. [ 290.567099][ T9926] netlink: 196 bytes leftover after parsing attributes in process `syz.3.1513'. [ 290.579060][ T9926] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1513'. [ 290.591249][ T9926] netlink: 196 bytes leftover after parsing attributes in process `syz.3.1513'. [ 291.136234][ T9930] loop2: detected capacity change from 0 to 512 [ 291.178320][ T9930] journal_path: Lookup failure for './bus' [ 291.184654][ T9930] EXT4-fs: error: could not find journal device path [ 291.569014][ T28] kauditd_printk_skb: 21 callbacks suppressed [ 291.569031][ T28] audit: type=1326 audit(1757693531.533:1788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.0.1519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 291.727167][ T28] audit: type=1326 audit(1757693531.533:1789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.0.1519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 291.852300][ T28] audit: type=1326 audit(1757693531.533:1790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.0.1519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 292.000471][ T28] audit: type=1326 audit(1757693531.573:1791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.0.1519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 292.157240][ T28] audit: type=1326 audit(1757693531.573:1792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.0.1519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 292.356667][ T28] audit: type=1326 audit(1757693531.573:1793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.0.1519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 292.548665][ T28] audit: type=1326 audit(1757693531.573:1794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.0.1519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 292.587763][ T28] audit: type=1326 audit(1757693531.593:1795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.0.1519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 292.657476][ T28] audit: type=1326 audit(1757693531.603:1796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.0.1519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 292.727215][ T28] audit: type=1326 audit(1757693531.603:1797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.0.1519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 293.499497][ T9969] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1535'. [ 293.763485][ T9973] netlink: 'syz.2.1536': attribute type 12 has an invalid length. [ 294.846972][ T9981] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1537'. [ 294.856856][ T9981] netlink: 196 bytes leftover after parsing attributes in process `syz.2.1537'. [ 294.867675][ T9981] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1537'. [ 294.877677][ T9981] netlink: 196 bytes leftover after parsing attributes in process `syz.2.1537'. [ 296.234187][ T9993] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1544'. [ 296.725183][T10002] loop2: detected capacity change from 0 to 512 [ 296.741594][ T28] kauditd_printk_skb: 52 callbacks suppressed [ 296.741610][ T28] audit: type=1326 audit(1757693536.703:1850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9998 comm="syz.0.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 296.777564][T10002] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 296.816242][T10002] EXT4-fs (loop2): 1 truncate cleaned up [ 296.823519][T10002] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 296.846488][ T28] audit: type=1326 audit(1757693536.743:1851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9998 comm="syz.0.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 296.925945][ T28] audit: type=1326 audit(1757693536.753:1852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9998 comm="syz.0.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 297.032104][ T28] audit: type=1326 audit(1757693536.763:1853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9998 comm="syz.0.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 297.207249][ T28] audit: type=1326 audit(1757693537.153:1854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10012 comm="syz.3.1552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 297.240663][ T28] audit: type=1326 audit(1757693537.163:1855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10012 comm="syz.3.1552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 297.284074][ T28] audit: type=1326 audit(1757693537.173:1856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10012 comm="syz.3.1552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 297.356524][ T28] audit: type=1326 audit(1757693537.173:1857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10012 comm="syz.3.1552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 297.406691][ T28] audit: type=1326 audit(1757693537.173:1858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10012 comm="syz.3.1552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 297.778027][ T9504] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 297.954259][T10017] loop2: detected capacity change from 0 to 2048 [ 298.006004][T10017] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 298.208998][ T9504] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 298.440198][ T28] audit: type=1326 audit(1757693538.403:1859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10032 comm="syz.3.1561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 298.593756][T10036] loop2: detected capacity change from 0 to 512 [ 298.612672][T10036] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 298.642358][T10036] EXT4-fs (loop2): 1 truncate cleaned up [ 298.652800][T10036] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 299.470508][ T9504] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 299.624375][T10050] sctp: [Deprecated]: syz.3.1569 (pid 10050) Use of struct sctp_assoc_value in delayed_ack socket option. [ 299.624375][T10050] Use struct sctp_sack_info instead [ 300.037149][T10055] syz.1.1568: attempt to access beyond end of device [ 300.037149][T10055] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 302.228845][T10078] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1579'. [ 302.320897][ T28] kauditd_printk_skb: 18 callbacks suppressed [ 302.320912][ T28] audit: type=1326 audit(1757693542.283:1878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10081 comm="syz.3.1580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 302.379881][ T28] audit: type=1326 audit(1757693542.283:1879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10081 comm="syz.3.1580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 302.402583][ T28] audit: type=1326 audit(1757693542.283:1880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10081 comm="syz.3.1580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 302.425022][ C0] vkms_vblank_simulate: vblank timer overrun [ 302.474592][ T28] audit: type=1326 audit(1757693542.283:1881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10081 comm="syz.3.1580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 302.538727][ T28] audit: type=1326 audit(1757693542.283:1882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10081 comm="syz.3.1580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 302.546827][T10088] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1582'. [ 303.093688][T10098] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1585'. [ 303.102858][T10098] netlink: 196 bytes leftover after parsing attributes in process `syz.1.1585'. [ 303.113541][T10098] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1585'. [ 303.123538][T10098] netlink: 196 bytes leftover after parsing attributes in process `syz.1.1585'. [ 303.585916][T10100] loop0: detected capacity change from 0 to 512 [ 303.631497][T10100] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 303.763229][T10100] EXT4-fs (loop0): 1 truncate cleaned up [ 303.787992][T10100] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 304.247796][ T28] audit: type=1326 audit(1757693544.213:1883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10108 comm="syz.3.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 304.366657][ T28] audit: type=1326 audit(1757693544.243:1884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10108 comm="syz.3.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 304.506531][ T28] audit: type=1326 audit(1757693544.243:1885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10108 comm="syz.3.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 304.567625][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 304.976266][T10113] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1594'. [ 305.206839][ C1] sd 0:0:1:0: [sda] tag#5491 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 305.216471][T10119] loop3: detected capacity change from 0 to 1024 [ 305.217477][ C1] sd 0:0:1:0: [sda] tag#5491 CDB: Write(6) 0a 00 00 00 00 00 00 00 00 00 00 00 [ 305.284302][T10119] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 305.465813][ T28] audit: type=1326 audit(1757693545.423:1886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10132 comm="syz.1.1600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 305.495947][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 305.526567][ T28] audit: type=1326 audit(1757693545.453:1887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10132 comm="syz.1.1600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 305.628409][T10135] 9pnet_fd: Insufficient options for proto=fd [ 305.668342][T10139] loop3: detected capacity change from 0 to 512 [ 305.687998][T10139] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 305.737940][T10139] EXT4-fs (loop3): 1 truncate cleaned up [ 305.778162][T10139] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 305.909421][T10145] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1604'. [ 305.983184][T10145] macvtap1: entered promiscuous mode [ 306.012876][T10145] bridge0: entered promiscuous mode [ 306.032870][T10145] macvtap1: entered allmulticast mode [ 306.063349][T10145] bridge0: entered allmulticast mode [ 306.073246][T10143] bridge0: left allmulticast mode [ 306.275523][T10143] bridge0: left promiscuous mode [ 306.427762][T10149] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1605'. [ 306.437070][T10149] netlink: 196 bytes leftover after parsing attributes in process `syz.1.1605'. [ 306.910878][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 307.237423][T10157] loop0: detected capacity change from 0 to 1024 [ 307.271485][T10157] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 307.331937][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 307.331952][ T28] audit: type=1326 audit(1757693547.293:1890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10160 comm="syz.2.1611" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963858eba9 code=0x7ffc0000 [ 307.456578][ T28] audit: type=1326 audit(1757693547.333:1891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10160 comm="syz.2.1611" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963858eba9 code=0x7ffc0000 [ 307.521555][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 307.542492][ T28] audit: type=1326 audit(1757693547.333:1892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10160 comm="syz.2.1611" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f963858eba9 code=0x7ffc0000 [ 307.617248][ T28] audit: type=1326 audit(1757693547.333:1893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10160 comm="syz.2.1611" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963858eba9 code=0x7ffc0000 [ 307.646581][ T28] audit: type=1326 audit(1757693547.333:1894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10160 comm="syz.2.1611" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963858eba9 code=0x7ffc0000 [ 308.223694][T10169] syzkaller1: entered promiscuous mode [ 308.246661][T10169] syzkaller1: entered allmulticast mode [ 308.292237][T10173] __nla_validate_parse: 3 callbacks suppressed [ 308.292259][T10173] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1616'. [ 308.725160][T10181] loop2: detected capacity change from 0 to 512 [ 308.740475][T10181] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 308.768897][T10181] EXT4-fs (loop2): 1 truncate cleaned up [ 308.778371][T10181] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 308.931797][ T28] audit: type=1326 audit(1757693548.893:1895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10189 comm="syz.0.1621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 308.935535][T10187] loop3: detected capacity change from 0 to 8192 [ 309.001524][ T28] audit: type=1326 audit(1757693548.933:1896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10189 comm="syz.0.1621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 309.065996][ T28] audit: type=1326 audit(1757693548.933:1897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10189 comm="syz.0.1621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 309.175858][T10196] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1623'. [ 309.336198][T10200] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1625'. [ 309.677706][ T9504] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 309.835314][ T28] audit: type=1326 audit(1757693549.793:1898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10211 comm="syz.3.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 309.906590][T10214] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1628'. [ 309.916582][T10214] netlink: 196 bytes leftover after parsing attributes in process `syz.0.1628'. [ 309.927182][T10214] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1628'. [ 309.937439][T10214] netlink: 196 bytes leftover after parsing attributes in process `syz.0.1628'. [ 310.145432][ T28] audit: type=1326 audit(1757693549.923:1899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10211 comm="syz.3.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 310.734696][T10227] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1635'. [ 311.101532][T10225] loop2: detected capacity change from 0 to 8192 [ 311.177175][T10233] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1638'. [ 311.631181][T10238] netlink: 'syz.2.1640': attribute type 13 has an invalid length. [ 311.660417][T10238] netlink: 'syz.2.1640': attribute type 17 has an invalid length. [ 311.822084][T10238] syz_tun: left promiscuous mode [ 311.849296][T10238] syz_tun: left allmulticast mode [ 312.025808][T10238] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 312.351687][T10248] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1645'. [ 312.629730][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 312.629745][ T28] audit: type=1326 audit(1757693552.593:1907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10262 comm="syz.0.1651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 312.686549][ T28] audit: type=1326 audit(1757693552.623:1908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10262 comm="syz.0.1651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 312.757045][ T28] audit: type=1326 audit(1757693552.623:1909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10262 comm="syz.0.1651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 312.814855][ T28] audit: type=1326 audit(1757693552.623:1910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10262 comm="syz.0.1651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 312.926916][T10266] loop0: detected capacity change from 0 to 8192 [ 313.315317][T10278] __nla_validate_parse: 2 callbacks suppressed [ 313.315357][T10278] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1655'. [ 313.331097][T10278] netlink: 196 bytes leftover after parsing attributes in process `syz.2.1655'. [ 313.341725][T10278] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1655'. [ 313.351475][T10278] netlink: 196 bytes leftover after parsing attributes in process `syz.2.1655'. [ 313.841916][T10280] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1658'. [ 314.148301][ T28] audit: type=1326 audit(1757693554.113:1911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10286 comm="syz.1.1661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 314.271093][ T28] audit: type=1326 audit(1757693554.113:1912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10286 comm="syz.1.1661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 314.348923][T10291] loop3: detected capacity change from 0 to 512 [ 314.381657][ T28] audit: type=1326 audit(1757693554.133:1913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10286 comm="syz.1.1661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 314.413246][T10291] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 314.471315][T10293] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1663'. [ 314.489634][ T28] audit: type=1326 audit(1757693554.133:1914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10286 comm="syz.1.1661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 314.555085][T10291] EXT4-fs (loop3): 1 truncate cleaned up [ 314.569341][T10291] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 315.137005][T10303] syz.0.1666[10303] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 315.137406][T10303] syz.0.1666[10303] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 315.341171][T10303] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 315.391453][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 315.530560][T10303] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 315.707228][T10303] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 315.754782][T10305] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1667'. [ 316.037769][T10303] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.063287][ T28] audit: type=1326 audit(1757693556.023:1915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10311 comm="syz.2.1671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963858eba9 code=0x7ffc0000 [ 316.116803][ T28] audit: type=1326 audit(1757693556.023:1916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10311 comm="syz.2.1671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963858eba9 code=0x7ffc0000 [ 316.274322][T10303] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.305497][T10303] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.347039][T10303] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.384623][T10303] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.393790][T10318] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1674'. [ 316.424895][T10319] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1673'. [ 316.577515][T10326] loop0: detected capacity change from 0 to 1024 [ 316.598016][T10326] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 316.616728][T10326] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 316.648961][T10326] JBD2: no valid journal superblock found [ 316.655651][T10328] loop3: detected capacity change from 0 to 2048 [ 316.666579][T10326] EXT4-fs (loop0): Could not load journal inode [ 316.735739][T10328] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 316.842597][T10334] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1679'. [ 316.930250][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 317.457262][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.469351][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.333853][T10355] loop0: detected capacity change from 0 to 2048 [ 318.494858][T10355] Alternate GPT is invalid, using primary GPT. [ 318.540447][T10355] loop0: p1 p2 p3 [ 318.546716][T10351] __nla_validate_parse: 7 callbacks suppressed [ 318.546733][T10351] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1686'. [ 318.768801][T10364] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1689'. [ 319.000682][T10366] loop3: detected capacity change from 0 to 512 [ 319.041878][T10366] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 319.143686][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 319.143703][ T28] audit: type=1326 audit(1757693559.023:1923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10367 comm="syz.0.1691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 319.217363][T10366] EXT4-fs (loop3): 1 truncate cleaned up [ 319.245814][T10366] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 319.270010][ T28] audit: type=1326 audit(1757693559.023:1924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10367 comm="syz.0.1691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 319.339300][T10376] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1695'. [ 319.376295][ T28] audit: type=1326 audit(1757693559.023:1925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10367 comm="syz.0.1691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 319.495443][ T28] audit: type=1326 audit(1757693559.023:1926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10367 comm="syz.0.1691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 319.616077][ T28] audit: type=1326 audit(1757693559.293:1927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10374 comm="syz.0.1694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 319.743520][ T28] audit: type=1326 audit(1757693559.293:1928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10374 comm="syz.0.1694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 319.832530][ T28] audit: type=1326 audit(1757693559.293:1929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10374 comm="syz.0.1694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 319.856768][ T28] audit: type=1326 audit(1757693559.293:1930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10374 comm="syz.0.1694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 319.880636][ T28] audit: type=1326 audit(1757693559.293:1931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10374 comm="syz.0.1694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 319.903305][ T28] audit: type=1326 audit(1757693559.293:1932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10374 comm="syz.0.1694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 319.959664][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 320.022861][T10380] loop0: detected capacity change from 0 to 8192 [ 320.130575][T10391] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1701'. [ 320.306567][T10399] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1705'. [ 320.589071][T10408] loop3: detected capacity change from 0 to 512 [ 320.772962][T10414] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1706'. [ 320.782229][T10414] netlink: 196 bytes leftover after parsing attributes in process `syz.1.1706'. [ 320.794600][T10414] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1706'. [ 320.804679][T10414] netlink: 196 bytes leftover after parsing attributes in process `syz.1.1706'. [ 320.857496][T10412] loop2: detected capacity change from 0 to 764 [ 320.990054][T10408] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 321.316867][T10408] EXT4-fs (loop3): 1 truncate cleaned up [ 321.344619][T10408] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 321.647523][T10422] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1713'. [ 321.919104][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 322.035410][T10428] syzkaller1: entered promiscuous mode [ 322.041181][T10428] syzkaller1: entered allmulticast mode [ 323.652363][T10466] unsupported nla_type 52263 [ 323.886563][T10470] __nla_validate_parse: 8 callbacks suppressed [ 323.886581][T10470] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1734'. [ 323.955192][T10470] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1734'. [ 324.269122][ T28] kauditd_printk_skb: 66 callbacks suppressed [ 324.269139][ T28] audit: type=1326 audit(1757693564.233:1999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10475 comm="syz.1.1738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 324.444344][ T28] audit: type=1326 audit(1757693564.273:2000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10475 comm="syz.1.1738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 324.565679][ T28] audit: type=1326 audit(1757693564.273:2001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10475 comm="syz.1.1738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 324.641421][T10486] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1742'. [ 324.655495][T10482] loop3: detected capacity change from 0 to 512 [ 324.683587][T10482] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 324.934480][T10491] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 325.021255][T10482] EXT4-fs (loop3): 1 truncate cleaned up [ 325.031434][T10482] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 325.119465][T10495] lo speed is unknown, defaulting to 1000 [ 325.176912][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 325.241355][T10505] loop3: detected capacity change from 0 to 512 [ 325.245444][T10505] EXT4-fs (loop3): couldn't mount as ext2 due to feature incompatibilities [ 325.314995][T10505] capability: warning: `syz.3.1746' uses 32-bit capabilities (legacy support in use) [ 325.560535][ T28] audit: type=1326 audit(1757693565.513:2002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10510 comm="syz.1.1749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 325.652103][ T28] audit: type=1326 audit(1757693565.513:2003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10510 comm="syz.1.1749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 325.675784][ C0] vkms_vblank_simulate: vblank timer overrun [ 325.726668][ T28] audit: type=1326 audit(1757693565.513:2004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10510 comm="syz.1.1749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 325.806523][ T28] audit: type=1326 audit(1757693565.513:2005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10510 comm="syz.1.1749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 325.872476][T10519] loop2: detected capacity change from 0 to 512 [ 325.889366][ T28] audit: type=1326 audit(1757693565.823:2006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10516 comm="syz.3.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 325.931216][T10519] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 325.962509][ T28] audit: type=1326 audit(1757693565.823:2007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10516 comm="syz.3.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 325.991675][T10521] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1751'. [ 326.012919][T10519] EXT4-fs (loop2): 1 truncate cleaned up [ 326.022603][T10519] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 326.027418][ T28] audit: type=1326 audit(1757693565.823:2008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10516 comm="syz.3.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 326.585678][ T9504] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 326.735354][T10525] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1753'. [ 326.744855][T10525] netlink: 196 bytes leftover after parsing attributes in process `syz.0.1753'. [ 326.754655][T10525] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1753'. [ 326.764044][T10525] netlink: 196 bytes leftover after parsing attributes in process `syz.0.1753'. [ 328.172978][T10550] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1766'. [ 328.888221][T10568] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1773'. [ 328.995003][T10570] IPv6: NLM_F_CREATE should be specified when creating new route [ 329.071818][T10574] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1776'. [ 329.123959][T10576] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1777'. [ 329.145511][T10576] unsupported nlmsg_type 40 [ 329.496682][ T28] kauditd_printk_skb: 27 callbacks suppressed [ 329.496700][ T28] audit: type=1326 audit(1757693569.443:2036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10588 comm="syz.1.1782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 329.517606][T10585] lo speed is unknown, defaulting to 1000 [ 329.589144][ T28] audit: type=1326 audit(1757693569.443:2037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10588 comm="syz.1.1782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 329.622789][ T28] audit: type=1326 audit(1757693569.443:2038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10588 comm="syz.1.1782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 329.645494][ T28] audit: type=1326 audit(1757693569.443:2039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10588 comm="syz.1.1782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 329.721820][ T28] audit: type=1326 audit(1757693569.683:2040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10598 comm="syz.3.1785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 329.781895][ T28] audit: type=1326 audit(1757693569.713:2041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10598 comm="syz.3.1785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 329.804387][ C0] vkms_vblank_simulate: vblank timer overrun [ 329.821022][ T28] audit: type=1326 audit(1757693569.713:2042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10598 comm="syz.3.1785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 329.878976][ T28] audit: type=1326 audit(1757693569.713:2043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10598 comm="syz.3.1785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 329.921560][T10605] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1787'. [ 329.925597][ T28] audit: type=1326 audit(1757693569.713:2044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10598 comm="syz.3.1785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 329.953184][ C0] vkms_vblank_simulate: vblank timer overrun [ 329.959936][ T28] audit: type=1326 audit(1757693569.713:2045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10598 comm="syz.3.1785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 330.537845][T10625] loop0: detected capacity change from 0 to 512 [ 330.548319][T10625] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 330.564061][T10625] EXT4-fs (loop0): 1 truncate cleaned up [ 330.571546][T10625] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 330.593200][T10627] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1797'. [ 330.628666][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 330.835347][T10639] autofs4:pid:10639:autofs_fill_super: called with bogus options [ 331.181181][T10653] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1807'. [ 331.260270][T10655] geneve2: entered promiscuous mode [ 331.265690][T10655] geneve2: entered allmulticast mode [ 331.818626][T10673] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1817'. [ 332.215247][T10688] IPv6: NLM_F_CREATE should be specified when creating new route [ 332.493849][T10698] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1828'. [ 332.798956][T10712] IPv6: NLM_F_CREATE should be specified when creating new route [ 333.028082][T10719] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1838'. [ 333.240164][T10721] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1836'. [ 333.250940][T10721] netlink: 196 bytes leftover after parsing attributes in process `syz.2.1836'. [ 335.052444][ T28] kauditd_printk_skb: 80 callbacks suppressed [ 335.052460][ T28] audit: type=1326 audit(1757693575.013:2126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10740 comm="syz.1.1854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 335.114270][ T28] audit: type=1326 audit(1757693575.013:2127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10740 comm="syz.1.1854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 335.136760][ C0] vkms_vblank_simulate: vblank timer overrun [ 335.158492][T10744] __nla_validate_parse: 2 callbacks suppressed [ 335.158511][T10744] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1848'. [ 335.173767][ T28] audit: type=1326 audit(1757693575.013:2128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10740 comm="syz.1.1854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 335.198718][ T28] audit: type=1326 audit(1757693575.013:2129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10740 comm="syz.1.1854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f518eba9 code=0x7ffc0000 [ 335.221172][ C0] vkms_vblank_simulate: vblank timer overrun [ 335.365536][T10752] loop2: detected capacity change from 0 to 512 [ 335.373871][T10752] EXT4-fs: Ignoring removed nobh option [ 335.395077][T10752] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #3: comm syz.2.1851: corrupted inode contents [ 335.409899][T10752] EXT4-fs error (device loop2): ext4_dirty_inode:6106: inode #3: comm syz.2.1851: mark_inode_dirty error [ 335.424644][T10752] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #3: comm syz.2.1851: corrupted inode contents [ 335.447027][T10752] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #3: comm syz.2.1851: mark_inode_dirty error [ 335.463275][T10752] Quota error (device loop2): write_blk: dquota write failed [ 335.472736][T10752] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 335.483230][T10752] EXT4-fs error (device loop2): ext4_acquire_dquot:6940: comm syz.2.1851: Failed to acquire dquot type 0 [ 335.509088][T10752] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #16: comm syz.2.1851: corrupted inode contents [ 335.539254][T10752] EXT4-fs error (device loop2): ext4_dirty_inode:6106: inode #16: comm syz.2.1851: mark_inode_dirty error [ 335.551554][T10752] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #16: comm syz.2.1851: corrupted inode contents [ 335.564482][T10752] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #16: comm syz.2.1851: mark_inode_dirty error [ 335.577740][T10762] loop0: detected capacity change from 0 to 512 [ 335.586319][T10752] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #16: comm syz.2.1851: corrupted inode contents [ 335.589886][T10762] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 335.616916][T10752] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 335.626933][T10752] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #16: comm syz.2.1851: corrupted inode contents [ 335.640829][T10752] EXT4-fs error (device loop2): ext4_truncate:4288: inode #16: comm syz.2.1851: mark_inode_dirty error [ 335.654908][T10752] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 335.665523][T10752] EXT4-fs (loop2): 1 truncate cleaned up [ 335.672984][T10752] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 335.685728][T10752] ext4 filesystem being mounted at /90/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 335.737452][T10762] EXT4-fs (loop0): 1 truncate cleaned up [ 335.745631][T10762] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 335.772231][ T9504] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 335.864269][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 336.138139][T10772] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1856'. [ 336.147633][T10772] netlink: 196 bytes leftover after parsing attributes in process `syz.1.1856'. [ 336.158866][T10772] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1856'. [ 336.169202][T10772] netlink: 196 bytes leftover after parsing attributes in process `syz.1.1856'. [ 336.623310][ T28] audit: type=1326 audit(1757693576.573:2130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10770 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 336.743234][ T28] audit: type=1326 audit(1757693576.583:2131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10770 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 336.853493][ T28] audit: type=1326 audit(1757693576.583:2132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10770 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 336.909138][T10777] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1861'. [ 336.942668][ T28] audit: type=1326 audit(1757693576.583:2133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10770 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=292 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 337.508104][T10790] loop0: detected capacity change from 0 to 512 [ 337.532386][T10790] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 337.564289][T10790] EXT4-fs (loop0): 1 truncate cleaned up [ 337.596278][T10790] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 337.795174][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 338.188522][T10805] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1873'. [ 338.413807][T10813] loop0: detected capacity change from 0 to 512 [ 338.451072][T10813] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 338.480359][T10813] EXT4-fs (loop0): 1 truncate cleaned up [ 338.500925][T10813] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 338.563411][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 338.864536][T10824] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1881'. [ 338.936013][T10826] loop0: detected capacity change from 0 to 1024 [ 338.957782][T10826] EXT4-fs: Ignoring removed bh option [ 338.966871][T10826] EXT4-fs (loop0): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 339.028023][T10826] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 339.109293][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 339.273821][T10835] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1885'. [ 339.370041][T10839] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1887'. [ 339.422007][T10841] loop0: detected capacity change from 0 to 512 [ 339.438537][T10841] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 339.470166][T10841] EXT4-fs (loop0): 1 truncate cleaned up [ 339.498310][T10841] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 339.695045][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 340.358197][T10865] loop0: detected capacity change from 0 to 512 [ 340.376986][T10865] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 340.389563][T10861] syzkaller1: entered promiscuous mode [ 340.395108][T10861] syzkaller1: entered allmulticast mode [ 340.399322][T10865] EXT4-fs (loop0): 1 truncate cleaned up [ 340.413966][T10865] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 340.513430][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 340.615517][ T28] kauditd_printk_skb: 41 callbacks suppressed [ 340.615535][ T28] audit: type=1326 audit(1757693580.573:2175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10868 comm="syz.0.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 340.687904][ T28] audit: type=1326 audit(1757693580.573:2176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10868 comm="syz.0.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 340.754000][T10871] loop3: detected capacity change from 0 to 128 [ 340.772211][ T28] audit: type=1326 audit(1757693580.583:2177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10868 comm="syz.0.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 340.843387][ T28] audit: type=1326 audit(1757693580.583:2178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10868 comm="syz.0.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 340.902314][T10875] __nla_validate_parse: 2 callbacks suppressed [ 340.902333][T10875] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1903'. [ 340.922833][ T28] audit: type=1326 audit(1757693580.793:2179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10872 comm="syz.0.1902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 340.955987][ T28] audit: type=1326 audit(1757693580.793:2180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10872 comm="syz.0.1902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 340.986444][ T28] audit: type=1326 audit(1757693580.803:2181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10872 comm="syz.0.1902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 341.046842][ T28] audit: type=1326 audit(1757693580.803:2182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10872 comm="syz.0.1902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 341.111805][ T28] audit: type=1326 audit(1757693580.803:2183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10872 comm="syz.0.1902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 341.155097][ T7153] kworker/u4:28: attempt to access beyond end of device [ 341.155097][ T7153] loop3: rw=1, sector=145, nr_sectors = 896 limit=128 [ 341.186611][ T28] audit: type=1326 audit(1757693580.803:2184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10872 comm="syz.0.1902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 341.412190][T10883] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1906'. [ 341.485736][T10885] loop0: detected capacity change from 0 to 512 [ 341.513070][T10885] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 341.557899][T10885] EXT4-fs (loop0): 1 truncate cleaned up [ 341.599324][T10885] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 341.624880][T10892] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1912'. [ 341.625769][T10890] loop2: detected capacity change from 0 to 1024 [ 341.634164][T10892] 1ªî{X¹¦: renamed from 30ªî{X¹¦ (while UP) [ 341.651145][T10890] EXT4-fs: Ignoring removed nobh option [ 341.659154][T10892] A link change request failed with some changes committed already. Interface 31ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 341.677850][T10890] EXT4-fs: Ignoring removed bh option [ 341.725004][T10890] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 341.727087][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 341.788107][T10890] EXT4-fs error (device loop2): mb_free_blocks:1938: group 0, inode 18: block 113:freeing already freed block (bit 7); block bitmap corrupt. [ 341.805906][T10899] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1913'. [ 341.957869][ T9504] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 341.961856][T10903] netlink: 'syz.0.1922': attribute type 39 has an invalid length. [ 341.975352][T10903] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1922'. [ 342.190678][T10913] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1919'. [ 342.613966][T10927] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1926'. [ 342.689469][T10929] netlink: 'syz.0.1927': attribute type 39 has an invalid length. [ 342.699148][T10929] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1927'. [ 342.832640][T10935] loop0: detected capacity change from 0 to 128 [ 342.864660][T10935] FAT-fs (loop0): Directory bread(block 32) failed [ 342.867053][T10937] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1931'. [ 342.879709][T10935] FAT-fs (loop0): Directory bread(block 33) failed [ 342.888580][T10935] FAT-fs (loop0): Directory bread(block 34) failed [ 342.895299][T10935] FAT-fs (loop0): Directory bread(block 35) failed [ 342.902135][T10935] FAT-fs (loop0): Directory bread(block 36) failed [ 342.911367][T10935] FAT-fs (loop0): Directory bread(block 37) failed [ 342.920401][T10935] FAT-fs (loop0): Directory bread(block 38) failed [ 342.930491][T10935] FAT-fs (loop0): Directory bread(block 39) failed [ 342.939565][T10935] FAT-fs (loop0): Directory bread(block 40) failed [ 342.946223][T10935] FAT-fs (loop0): Directory bread(block 41) failed [ 343.082370][T10935] syz.0.1930: attempt to access beyond end of device [ 343.082370][T10935] loop0: rw=0, sector=4112, nr_sectors = 4 limit=128 [ 343.097755][T10935] Buffer I/O error on dev loop0, logical block 1028, async page read [ 343.106084][T10935] syz.0.1930: attempt to access beyond end of device [ 343.106084][T10935] loop0: rw=0, sector=167964, nr_sectors = 4 limit=128 [ 343.126106][T10935] Buffer I/O error on dev loop0, logical block 41991, async page read [ 343.134906][T10935] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000a009) [ 343.143103][T10935] FAT-fs (loop0): Filesystem has been set read-only [ 343.150007][T10935] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000a009) [ 343.158016][T10935] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000a009) [ 343.165996][T10935] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000a009) [ 343.174347][T10935] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000a009) [ 343.183655][T10935] syz.0.1930: attempt to access beyond end of device [ 343.183655][T10935] loop0: rw=0, sector=4112, nr_sectors = 4 limit=128 [ 343.197230][T10935] Buffer I/O error on dev loop0, logical block 1028, async page read [ 343.205496][T10935] syz.0.1930: attempt to access beyond end of device [ 343.205496][T10935] loop0: rw=0, sector=167964, nr_sectors = 4 limit=128 [ 343.219169][T10935] Buffer I/O error on dev loop0, logical block 41991, async page read [ 343.471123][T10948] loop0: detected capacity change from 0 to 1024 [ 343.594108][T10944] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1933'. [ 343.622401][T10948] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 343.655281][T10948] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 343.672571][T10948] JBD2: no valid journal superblock found [ 343.678615][T10948] EXT4-fs (loop0): Could not load journal inode [ 343.702307][T10953] netlink: 'syz.3.1938': attribute type 39 has an invalid length. [ 344.122918][T10966] loop3: detected capacity change from 0 to 512 [ 344.147067][T10966] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 344.188171][T10966] EXT4-fs (loop3): 1 truncate cleaned up [ 344.196171][T10973] (null): rxe_set_mtu: Set mtu to 1024 [ 344.200221][T10966] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 344.413049][T10973] infiniband !yz!: set active [ 344.423254][T10973] infiniband !yz!: added team_slave_0 [ 344.517970][T10973] RDS/IB: !yz!: added [ 344.542047][T10973] smc: adding ib device !yz! with port count 1 [ 344.562365][T10973] smc: ib device !yz! port 1 has pnetid [ 345.002179][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 345.533824][T11005] loop0: detected capacity change from 0 to 512 [ 345.563755][T11005] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 345.591270][T11005] EXT4-fs (loop0): 1 truncate cleaned up [ 345.610176][T11005] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 345.969851][T11019] loop3: detected capacity change from 0 to 512 [ 346.003605][T11019] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 346.031741][T11019] ext4 filesystem being mounted at /519/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 346.070876][T11019] EXT4-fs (loop3): shut down requested (0) [ 346.172424][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 346.262890][T11026] __nla_validate_parse: 10 callbacks suppressed [ 346.262908][T11026] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1969'. [ 346.416289][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 346.868690][T11035] loop2: detected capacity change from 0 to 1024 [ 347.017019][T11035] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 347.067181][T11035] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 347.550568][ T28] kauditd_printk_skb: 308 callbacks suppressed [ 347.550586][ T28] audit: type=1326 audit(1757693587.513:2493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11037 comm="syz.0.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 347.609807][ T28] audit: type=1326 audit(1757693587.513:2494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11037 comm="syz.0.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 347.632409][ T28] audit: type=1326 audit(1757693587.543:2495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11037 comm="syz.0.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 347.638349][ T9504] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 347.655940][ T28] audit: type=1326 audit(1757693587.543:2496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11037 comm="syz.0.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 347.688294][ T28] audit: type=1326 audit(1757693587.543:2497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11037 comm="syz.0.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 347.766399][ T28] audit: type=1326 audit(1757693587.703:2498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11037 comm="syz.0.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 347.806460][ T28] audit: type=1326 audit(1757693587.703:2499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11037 comm="syz.0.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 347.861060][ T28] audit: type=1326 audit(1757693587.753:2500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11042 comm="syz.0.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fe7677c1465 code=0x7ffc0000 [ 347.924351][ T28] audit: type=1326 audit(1757693587.813:2501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11037 comm="syz.0.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 347.972828][T11044] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1975'. [ 347.976455][ T28] audit: type=1326 audit(1757693587.813:2502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11037 comm="syz.0.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe76778eba9 code=0x7ffc0000 [ 348.222248][T11050] loop0: detected capacity change from 0 to 512 [ 348.262859][T11050] EXT4-fs (loop0): orphan cleanup on readonly fs [ 348.303487][T11050] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.1977: bg 0: block 248: padding at end of block bitmap is not set [ 348.332279][T11055] loop2: detected capacity change from 0 to 512 [ 348.343573][T11055] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 348.356857][T11050] EXT4-fs error (device loop0): ext4_acquire_dquot:6940: comm syz.0.1977: Failed to acquire dquot type 1 [ 348.391612][T11050] EXT4-fs (loop0): 1 truncate cleaned up [ 348.433284][T11050] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 348.437633][T11055] EXT4-fs (loop2): 1 truncate cleaned up [ 348.472732][T11055] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 348.517903][T11061] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1977'. [ 348.908071][T11071] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1986'. [ 349.080742][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 349.195719][T11073] lo speed is unknown, defaulting to 1000 [ 349.307430][ T9504] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 349.768458][T11089] syzkaller0: entered promiscuous mode [ 349.774136][T11089] syzkaller0: entered allmulticast mode [ 349.796801][T11098] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1995'. [ 353.054203][T11101] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1994'. [ 353.063381][T11101] netlink: 196 bytes leftover after parsing attributes in process `syz.3.1994'. [ 353.073041][T11101] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1994'. [ 353.082229][T11101] netlink: 196 bytes leftover after parsing attributes in process `syz.3.1994'. [ 353.100104][T11117] lo speed is unknown, defaulting to 1000 [ 354.694634][T11149] loop2: detected capacity change from 0 to 512 [ 354.711490][T11149] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 354.779494][T11149] EXT4-fs (loop2): 1 truncate cleaned up [ 354.809041][T11149] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 354.992320][T11160] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2013'. [ 355.176411][T11157] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2011'. [ 355.185447][T11157] netlink: 196 bytes leftover after parsing attributes in process `syz.0.2011'. [ 355.194979][T11157] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2011'. [ 355.204333][T11157] netlink: 196 bytes leftover after parsing attributes in process `syz.0.2011'. [ 355.279155][T11163] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2014'. [ 355.616859][ T9504] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 355.742826][T11172] loop3: detected capacity change from 0 to 1024 [ 355.755673][T11175] loop0: detected capacity change from 0 to 512 [ 355.779015][T11172] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 355.790619][T11175] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 355.800909][T11172] EXT4-fs (loop3): filesystem has both journal inode and journal device! [ 355.820845][T11175] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 355.834004][T11175] ext4 filesystem being mounted at /506/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 355.862322][T11175] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.2021: corrupted xattr block 19: overlapping e_value [ 355.953825][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 356.112943][T11181] lo speed is unknown, defaulting to 1000 [ 357.704012][T11227] lo speed is unknown, defaulting to 1000 [ 358.429974][T11228] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 358.516694][T11232] __nla_validate_parse: 4 callbacks suppressed [ 358.516716][T11232] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2039'. [ 359.405719][T11240] loop3: detected capacity change from 0 to 1024 [ 360.298152][T11240] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 360.338336][T11239] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 360.572875][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 360.813686][T11254] warning: `syz.3.2048' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 360.823845][T11256] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2049'. [ 360.843509][T11254] veth0: entered promiscuous mode [ 360.858527][T11253] veth0: left promiscuous mode [ 361.163459][T11261] tipc: Started in network mode [ 361.171273][T11261] tipc: Node identity f212a3839c7f, cluster identity 4711 [ 361.187007][T11261] tipc: Enabled bearer , priority 0 [ 361.221788][T11261] syzkaller0: entered promiscuous mode [ 361.236617][T11261] syzkaller0: entered allmulticast mode [ 361.535003][T11269] tipc: Resetting bearer [ 361.595808][T11259] tipc: Resetting bearer [ 361.630969][T11259] tipc: Disabling bearer [ 361.757753][T11277] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2052'. [ 361.767118][T11277] netlink: 196 bytes leftover after parsing attributes in process `syz.3.2052'. [ 361.776544][T11277] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2052'. [ 361.785674][T11277] netlink: 196 bytes leftover after parsing attributes in process `syz.3.2052'. [ 362.092420][T11279] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.161487][T11282] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2055'. [ 362.401415][T11279] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.580959][T11279] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.718577][T11279] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.913224][T11279] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.941725][T11279] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.974746][T11279] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 363.001096][T11279] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 363.217489][T11288] tipc: Started in network mode [ 363.224380][T11288] tipc: Node identity a2eeef623719, cluster identity 4711 [ 363.245084][T11288] tipc: Enabled bearer , priority 0 [ 363.261839][T11288] syzkaller0: entered promiscuous mode [ 363.270211][T11288] syzkaller0: entered allmulticast mode [ 363.311069][T11288] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 363.478091][T11288] tipc: Resetting bearer [ 363.527163][T11296] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2059'. [ 363.553917][T11286] tipc: Resetting bearer [ 363.780725][T11286] tipc: Disabling bearer [ 363.978546][T11306] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2064'. [ 364.115695][T11311] lo speed is unknown, defaulting to 1000 [ 364.806690][T11325] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2071'. [ 364.971626][T11333] macvlan0: entered allmulticast mode [ 364.985242][T11333] bond0: (slave macvlan0): Opening slave failed [ 365.015571][T11335] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2076'. [ 365.303021][T11346] lo speed is unknown, defaulting to 1000 [ 365.899141][T11359] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2084'. [ 366.127201][T11365] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2088'. [ 366.646284][T11384] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2096'. [ 366.889852][T11394] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2099'. [ 366.900005][T11392] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2101'. [ 367.100764][T11390] lo speed is unknown, defaulting to 1000 [ 367.213979][T11400] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2100'. [ 368.719053][T11439] nbd0: detected capacity change from 0 to 63 [ 368.732056][T11442] block nbd0: NBD_DISCONNECT [ 368.754001][T11442] block nbd0: Disconnected due to user request. [ 368.772076][T11442] block nbd0: shutting down sockets [ 369.060868][T11455] __nla_validate_parse: 5 callbacks suppressed [ 369.060895][T11455] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2127'. [ 369.269845][T11460] tipc: Started in network mode [ 369.274873][T11460] tipc: Node identity e6eef88593c4, cluster identity 4711 [ 369.295724][T11460] tipc: Enabled bearer , priority 0 [ 369.324341][T11460] syzkaller0: entered promiscuous mode [ 369.331882][T11460] syzkaller0: entered allmulticast mode [ 369.363259][T11460] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 369.450583][T11460] tipc: Resetting bearer [ 369.468505][T11464] lo speed is unknown, defaulting to 1000 [ 369.518591][T11459] tipc: Resetting bearer [ 369.595327][T11459] tipc: Disabling bearer [ 369.641766][T11469] nbd1: detected capacity change from 0 to 63 [ 369.692851][T11469] block nbd1: NBD_DISCONNECT [ 369.699737][T11469] block nbd1: Disconnected due to user request. [ 369.707777][T11469] block nbd1: shutting down sockets [ 369.993883][T11484] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2140'. [ 370.682962][T11501] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2143'. [ 370.692125][T11501] netlink: 196 bytes leftover after parsing attributes in process `syz.1.2143'. [ 370.701703][T11501] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2143'. [ 370.711031][T11501] netlink: 196 bytes leftover after parsing attributes in process `syz.1.2143'. [ 370.817869][T11499] lo speed is unknown, defaulting to 1000 [ 371.025497][T11507] nbd2: detected capacity change from 0 to 63 [ 371.065473][T11510] block nbd2: NBD_DISCONNECT [ 371.086640][T11510] block nbd2: Disconnected due to user request. [ 371.092967][T11510] block nbd2: shutting down sockets [ 371.304336][T11515] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2150'. [ 371.969205][T11533] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2157'. [ 371.978598][T11533] netlink: 196 bytes leftover after parsing attributes in process `syz.2.2157'. [ 371.988428][T11533] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2157'. [ 374.795724][T11543] tipc: Enabled bearer , priority 0 [ 374.804307][T11543] syzkaller0: entered promiscuous mode [ 374.811539][T11543] syzkaller0: entered allmulticast mode [ 374.870202][T11543] tipc: Resetting bearer [ 374.879532][T11542] tipc: Resetting bearer [ 374.967595][T11542] tipc: Disabling bearer [ 375.211983][ T28] kauditd_printk_skb: 38 callbacks suppressed [ 375.212001][ T28] audit: type=1326 audit(1757693615.173:2539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11554 comm="syz.2.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963858eba9 code=0x7ffc0000 [ 375.270344][ T28] audit: type=1326 audit(1757693615.173:2540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11554 comm="syz.2.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963858eba9 code=0x7ffc0000 [ 375.340667][ T28] audit: type=1326 audit(1757693615.213:2541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11554 comm="syz.2.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f963858eba9 code=0x7ffc0000 [ 375.371134][T11561] tipc: Enabled bearer , priority 13 [ 375.401120][ T28] audit: type=1326 audit(1757693615.213:2542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11554 comm="syz.2.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963858eba9 code=0x7ffc0000 [ 375.471346][ T28] audit: type=1326 audit(1757693615.213:2543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11554 comm="syz.2.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963858eba9 code=0x7ffc0000 [ 375.521021][ T28] audit: type=1326 audit(1757693615.213:2544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11554 comm="syz.2.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=209 compat=0 ip=0x7f963858eba9 code=0x7ffc0000 [ 375.596691][ T28] audit: type=1326 audit(1757693615.213:2545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11554 comm="syz.2.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963858eba9 code=0x7ffc0000 [ 375.658146][ T28] audit: type=1326 audit(1757693615.213:2546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11554 comm="syz.2.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963858eba9 code=0x7ffc0000 [ 375.731709][T11573] tipc: Enabled bearer , priority 0 [ 375.739961][T11573] syzkaller0: entered promiscuous mode [ 375.756301][T11573] syzkaller0: entered allmulticast mode [ 375.769792][ T28] audit: type=1326 audit(1757693615.733:2547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11575 comm="syz.3.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 375.802123][ T28] audit: type=1326 audit(1757693615.733:2548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11575 comm="syz.3.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a5b8eba9 code=0x7ffc0000 [ 375.845573][T11573] tipc: Resetting bearer [ 375.865008][T11572] tipc: Resetting bearer [ 375.918816][T11572] tipc: Disabling bearer [ 375.939941][T11583] __nla_validate_parse: 1 callbacks suppressed [ 375.939960][T11583] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2179'. [ 375.966305][T11584] tipc: Enabled bearer , priority 0 [ 376.005921][T11584] syzkaller0: entered promiscuous mode [ 376.011769][T11584] syzkaller0: entered allmulticast mode [ 376.047473][T11584] tipc: Resetting bearer [ 376.062729][T11582] tipc: Resetting bearer [ 376.116947][T11582] tipc: Disabling bearer [ 376.130427][T11586] tipc: Enabled bearer , priority 13 [ 376.708793][T11617] netlink: zone id is out of range [ 376.714078][T11617] netlink: zone id is out of range [ 376.997669][T11630] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2201'. [ 377.009625][T11630] netlink: 196 bytes leftover after parsing attributes in process `syz.2.2201'. [ 377.019733][T11630] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2201'. [ 377.028972][T11630] netlink: 196 bytes leftover after parsing attributes in process `syz.2.2201'. [ 377.854392][ T5859] tipc: Node number set to 1965750405 [ 378.869316][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.879664][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.380536][T11667] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2217'. [ 379.623168][T11675] tipc: Enabled bearer , priority 0 [ 379.642863][T11675] syzkaller0: entered promiscuous mode [ 379.653334][T11675] syzkaller0: entered allmulticast mode [ 379.701887][T11675] tipc: Resetting bearer [ 379.710764][T11682] tipc: Enabled bearer , priority 0 [ 379.732203][T11674] tipc: Resetting bearer [ 379.786602][T11674] tipc: Disabling bearer [ 379.798852][T11682] syzkaller0: entered promiscuous mode [ 379.804395][T11682] syzkaller0: entered allmulticast mode [ 379.830574][T11682] tipc: Resetting bearer [ 379.887601][T11680] tipc: Resetting bearer [ 379.913896][ T5791] Bluetooth: hci1: command tx timeout [ 379.975065][T11680] tipc: Disabling bearer [ 380.195523][T11700] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2230'. [ 380.301054][T11703] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2231'. [ 380.821864][T11702] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2228'. [ 381.330774][T11702] netlink: 196 bytes leftover after parsing attributes in process `syz.2.2228'. [ 381.702795][T11702] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2228'. [ 381.712069][T11702] netlink: 196 bytes leftover after parsing attributes in process `syz.2.2228'. [ 381.730887][T11724] lo speed is unknown, defaulting to 1000 [ 381.942105][T11734] tipc: Enabled bearer , priority 0 [ 381.973232][T11734] syzkaller0: entered promiscuous mode [ 381.990717][T11734] syzkaller0: entered allmulticast mode [ 382.034988][T11734] tipc: Resetting bearer [ 382.057862][T11733] tipc: Resetting bearer [ 382.095813][T11733] tipc: Disabling bearer [ 382.209805][T11738] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2242'. [ 382.657974][T11747] tipc: Enabled bearer , priority 0 [ 382.676087][T11747] syzkaller0: entered promiscuous mode [ 382.704246][T11747] syzkaller0: entered allmulticast mode [ 382.752958][T11747] tipc: Resetting bearer [ 382.838255][T11746] tipc: Resetting bearer [ 382.900428][T11746] tipc: Disabling bearer [ 383.160187][T11758] tipc: Enabled bearer , priority 0 [ 383.177508][T11758] syzkaller0: entered promiscuous mode [ 383.187688][T11758] syzkaller0: entered allmulticast mode [ 383.228025][T11758] tipc: Resetting bearer [ 383.267252][T11757] tipc: Resetting bearer [ 383.337589][T11757] tipc: Disabling bearer [ 384.185161][T11779] lo speed is unknown, defaulting to 1000 [ 384.878698][T11780] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 384.942002][T11784] tipc: Enabling of bearer rejected, already enabled [ 385.788611][ T5797] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 385.802986][ T5797] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 385.812348][ T5797] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 385.826158][ T5797] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 385.834287][ T5797] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 385.842674][ T5797] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 386.120998][ T7151] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.147030][T11786] lo speed is unknown, defaulting to 1000 [ 386.173105][T11796] tipc: Enabled bearer , priority 0 [ 386.197564][T11796] syzkaller0: entered promiscuous mode [ 386.203140][T11796] syzkaller0: entered allmulticast mode [ 386.315677][ T7151] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.355391][T11796] tipc: Resetting bearer [ 386.406828][T11795] tipc: Resetting bearer [ 386.482463][T11795] tipc: Disabling bearer [ 386.534926][ T7151] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.664104][ T7151] netdevsim netdevsim3 5 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.232744][T11786] chnl_net:caif_netlink_parms(): no params data found [ 387.268870][ T7151] tipc: Disabling bearer [ 387.277452][ T7151] tipc: Left network mode [ 387.498010][T11827] tipc: Enabled bearer , priority 0 [ 387.609856][T11822] syzkaller0: entered promiscuous mode [ 387.615403][T11822] syzkaller0: entered allmulticast mode [ 387.670863][T11786] bridge0: port 1(bridge_slave_0) entered blocking state [ 387.684530][T11786] bridge0: port 1(bridge_slave_0) entered disabled state [ 387.696245][T11786] bridge_slave_0: entered allmulticast mode [ 387.710146][T11786] bridge_slave_0: entered promiscuous mode [ 387.813541][T11786] bridge0: port 2(bridge_slave_1) entered blocking state [ 387.824573][T11786] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.843506][T11786] bridge_slave_1: entered allmulticast mode [ 387.861555][T11786] bridge_slave_1: entered promiscuous mode [ 387.880438][T11840] tipc: Resetting bearer [ 387.914987][ T5797] Bluetooth: hci0: command tx timeout [ 387.963996][T11821] tipc: Resetting bearer [ 388.023095][T11821] tipc: Disabling bearer [ 388.050495][T11786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 388.108598][T11786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 388.267478][T11786] team0: Port device team_slave_0 added [ 388.316061][T11786] team0: Port device team_slave_1 added [ 388.569512][T11786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 388.587557][T11786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 388.633583][T11786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 388.707768][T11786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 388.724114][T11786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 388.751089][T11786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 388.863915][T11868] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2293'. [ 388.901786][T11858] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2283'. [ 388.912597][T11858] netlink: 196 bytes leftover after parsing attributes in process `syz.1.2283'. [ 388.966607][T11858] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2283'. [ 388.979851][T11858] netlink: 196 bytes leftover after parsing attributes in process `syz.1.2283'. [ 389.174120][T11786] hsr_slave_0: entered promiscuous mode [ 389.213374][T11786] hsr_slave_1: entered promiscuous mode [ 389.232313][T11786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 389.242518][T11786] Cannot create hsr debugfs directory [ 389.335570][T11872] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2295'. [ 389.749031][T11874] tipc: Enabled bearer , priority 0 [ 389.807923][T11874] syzkaller0: entered promiscuous mode [ 389.824754][T11874] syzkaller0: entered allmulticast mode [ 389.986479][ T5797] Bluetooth: hci0: command tx timeout [ 390.027639][ T7151] hsr_slave_0: left promiscuous mode [ 390.034563][ T7151] hsr_slave_1: left promiscuous mode [ 390.118607][ T7151] veth1_macvtap: left promiscuous mode [ 390.130842][ T7151] veth0_macvtap: left promiscuous mode [ 390.141063][ T7151] veth1_vlan: left promiscuous mode [ 390.148390][ T7151] veth0_vlan: left promiscuous mode [ 392.074455][ T5797] Bluetooth: hci0: command tx timeout [ 392.123599][ T7151] bond0 (unregistering): Released all slaves [ 392.242300][T11877] tipc: Resetting bearer [ 392.276845][T11873] tipc: Resetting bearer [ 392.331966][T11873] tipc: Disabling bearer [ 392.350141][T11887] tipc: Enabled bearer , priority 0 [ 392.360230][T11888] syzkaller0: entered promiscuous mode [ 392.365767][T11888] syzkaller0: entered allmulticast mode [ 392.389967][T11885] tipc: Resetting bearer [ 392.440990][T11885] tipc: Disabling bearer [ 392.807519][T11912] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2309'. [ 392.975039][T11786] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 393.013986][T11786] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 393.035598][T11786] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 393.073809][T11786] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 393.292254][T11928] tipc: Enabled bearer , priority 0 [ 393.327777][T11928] syzkaller0: entered promiscuous mode [ 393.340431][T11928] syzkaller0: entered allmulticast mode [ 393.400729][T11928] tipc: Resetting bearer [ 393.429934][T11927] tipc: Resetting bearer [ 393.476232][T11927] tipc: Disabling bearer [ 393.498650][T11933] tipc: Enabled bearer , priority 0 [ 393.513263][T11933] syzkaller0: entered promiscuous mode [ 393.520994][T11933] syzkaller0: entered allmulticast mode [ 393.584286][T11786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 393.601948][T11932] tipc: Resetting bearer [ 393.659645][T11932] tipc: Disabling bearer [ 393.685129][T11786] 8021q: adding VLAN 0 to HW filter on device team0 [ 393.699064][ T9390] bridge0: port 1(bridge_slave_0) entered blocking state [ 393.706296][ T9390] bridge0: port 1(bridge_slave_0) entered forwarding state [ 393.741738][ T9383] bridge0: port 2(bridge_slave_1) entered blocking state [ 393.748976][ T9383] bridge0: port 2(bridge_slave_1) entered forwarding state [ 393.800951][T11938] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2317'. [ 393.882186][T11931] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2311'. [ 393.906928][T11931] netlink: 196 bytes leftover after parsing attributes in process `syz.0.2311'. [ 393.927574][T11931] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2311'. [ 393.950710][T11931] netlink: 196 bytes leftover after parsing attributes in process `syz.0.2311'. [ 394.147029][ T5797] Bluetooth: hci0: command tx timeout [ 394.428932][T11954] tipc: Enabled bearer , priority 0 [ 394.448272][T11954] syzkaller0: entered promiscuous mode [ 394.454626][T11954] syzkaller0: entered allmulticast mode [ 394.465519][T11786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 394.476159][T11956] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2323'. [ 394.500731][T11954] tipc: Resetting bearer [ 394.518384][T11953] tipc: Resetting bearer [ 394.575543][T11953] tipc: Disabling bearer [ 394.617792][T11958] tipc: Enabled bearer , priority 0 [ 394.626102][T11958] syzkaller0: entered promiscuous mode [ 394.637935][T11958] syzkaller0: entered allmulticast mode [ 394.720647][T11786] veth0_vlan: entered promiscuous mode [ 394.730984][T11960] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2326'. [ 394.743742][T11957] tipc: Resetting bearer [ 394.827039][T11957] tipc: Disabling bearer [ 394.873455][T11786] veth1_vlan: entered promiscuous mode [ 394.957438][T11786] veth0_macvtap: entered promiscuous mode [ 394.990834][T11786] veth1_macvtap: entered promiscuous mode [ 395.055383][T11786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 395.083773][T11786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.099619][T11786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 395.135259][T11786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 395.161901][T11786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.173888][T11786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 395.203684][T11786] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.214685][T11786] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.214768][T11786] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.214797][T11786] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.391306][ T9383] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 395.415652][ T9383] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 395.471681][ T9390] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 395.487960][ T9390] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 395.938993][T11986] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2334'. [ 396.020252][T11989] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2333'. [ 396.065045][T11992] tipc: Enabled bearer , priority 0 [ 396.083558][T11992] syzkaller0: entered promiscuous mode [ 396.099407][T11992] syzkaller0: entered allmulticast mode [ 396.127949][T11992] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 396.211452][T11994] tipc: Started in network mode [ 396.216976][T11994] tipc: Node identity 5ebf0821af72, cluster identity 4711 [ 396.224482][T11994] tipc: Enabled bearer , priority 0 [ 396.234207][T11991] tipc: Resetting bearer [ 396.288800][T11991] tipc: Disabling bearer [ 396.316768][T11994] syzkaller0: entered promiscuous mode [ 396.322406][T11994] syzkaller0: entered allmulticast mode [ 396.446843][T11993] tipc: Resetting bearer [ 396.569651][T11993] tipc: Disabling bearer [ 396.767696][T12014] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2346'. [ 396.944845][T12021] nbd: must specify at least one socket [ 397.094231][T12025] tipc: Enabled bearer , priority 0 [ 397.111172][T12025] syzkaller0: entered promiscuous mode [ 397.117027][T12025] syzkaller0: entered allmulticast mode [ 397.133387][T12025] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 397.164264][T12024] tipc: Resetting bearer [ 397.214434][T12024] tipc: Disabling bearer [ 397.747948][T12028] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2352'. [ 397.847631][T12031] tipc: Enabled bearer , priority 0 [ 397.869804][T12031] syzkaller0: entered promiscuous mode [ 397.875398][T12031] syzkaller0: entered allmulticast mode [ 397.998410][T12029] tipc: Resetting bearer [ 398.158142][T12029] tipc: Disabling bearer [ 398.167923][T12042] nbd: must specify at least one socket [ 398.611299][ T5791] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 398.628181][ T5791] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 398.656916][ T5791] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 398.686636][ T5791] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 398.695968][ T5791] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 398.705143][ T5791] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 398.861653][T12055] tipc: Enabled bearer , priority 0 [ 398.909632][T12052] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 398.937825][T12058] syzkaller0: entered promiscuous mode [ 398.951521][T12058] syzkaller0: entered allmulticast mode [ 398.999848][ T7151] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.037835][T12051] tipc: Resetting bearer [ 399.109808][T12051] tipc: Disabling bearer [ 399.126765][T12050] lo speed is unknown, defaulting to 1000 [ 399.144210][ T7151] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.150966][T12065] __nla_validate_parse: 1 callbacks suppressed [ 399.150987][T12065] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2365'. [ 399.215185][ T7151] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.341932][ T7151] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.402106][T12059] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2361'. [ 399.421864][T12070] nbd: must specify at least one socket [ 399.438519][T12059] netlink: 196 bytes leftover after parsing attributes in process `syz.3.2361'. [ 399.504576][T12059] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2361'. [ 399.567687][T12059] netlink: 196 bytes leftover after parsing attributes in process `syz.3.2361'. [ 399.664490][T12072] tipc: Enabled bearer , priority 0 [ 399.723983][T12076] syzkaller0: entered promiscuous mode [ 399.736499][T12076] syzkaller0: entered allmulticast mode [ 399.851455][T12071] tipc: Resetting bearer [ 399.989723][T12071] tipc: Disabling bearer [ 400.344156][ T7151] tipc: Left network mode [ 400.594276][T12050] chnl_net:caif_netlink_parms(): no params data found [ 400.630507][T12089] tipc: Enabled bearer , priority 0 [ 400.645290][T12093] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2374'. [ 400.649183][T12089] syzkaller0: entered promiscuous mode [ 400.676477][T12089] syzkaller0: entered allmulticast mode [ 400.786913][ T5791] Bluetooth: hci4: command tx timeout [ 400.798357][T12089] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 400.928995][T12087] tipc: Resetting bearer [ 401.016076][T12087] tipc: Disabling bearer [ 401.362734][T12050] bridge0: port 1(bridge_slave_0) entered blocking state [ 401.376695][T12050] bridge0: port 1(bridge_slave_0) entered disabled state [ 401.384005][T12050] bridge_slave_0: entered allmulticast mode [ 401.404367][T12050] bridge_slave_0: entered promiscuous mode [ 401.439539][T12107] tipc: Enabled bearer , priority 0 [ 401.471948][T12050] bridge0: port 2(bridge_slave_1) entered blocking state [ 401.484074][T12050] bridge0: port 2(bridge_slave_1) entered disabled state [ 401.492645][T12050] bridge_slave_1: entered allmulticast mode [ 401.505463][T12050] bridge_slave_1: entered promiscuous mode [ 401.608002][T12107] tipc: Resetting bearer [ 401.669777][T12050] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 401.727597][T12106] tipc: Disabling bearer [ 401.758229][T12050] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 401.924591][T12050] team0: Port device team_slave_0 added [ 401.969526][T12119] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2382'. [ 401.994670][T12050] team0: Port device team_slave_1 added [ 402.179104][T12050] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 402.198500][T12050] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 402.224535][ C1] vkms_vblank_simulate: vblank timer overrun [ 402.276615][T12050] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 402.340424][T12050] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 402.356650][T12050] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 402.415222][T12050] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 402.505146][T12130] tipc: Enabled bearer , priority 0 [ 402.527739][T12132] syzkaller0: entered promiscuous mode [ 402.533283][T12132] syzkaller0: entered allmulticast mode [ 402.556747][T12126] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 402.694975][T12124] tipc: Resetting bearer [ 402.798624][T12124] tipc: Disabling bearer [ 402.866579][ T5791] Bluetooth: hci4: command tx timeout [ 402.932998][ T7151] hsr_slave_0: left promiscuous mode [ 402.949402][ T7151] hsr_slave_1: left promiscuous mode [ 403.010493][ T7151] veth1_macvtap: left promiscuous mode [ 403.016146][ T7151] veth0_macvtap: left promiscuous mode [ 404.423185][ T7151] bond0 (unregistering): Released all slaves [ 404.524530][T12147] tipc: Enabling of bearer rejected, failed to enable media [ 404.533582][T12150] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2392'. [ 404.587972][T12050] hsr_slave_0: entered promiscuous mode [ 404.607032][T12050] hsr_slave_1: entered promiscuous mode [ 404.644716][T12163] netlink: 84 bytes leftover after parsing attributes in process `syz.3.2394'. [ 404.946606][ T5791] Bluetooth: hci4: command tx timeout [ 405.006810][T12171] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2398'. [ 405.256802][T12177] tipc: Enabled bearer , priority 13 [ 405.400197][T12176] lo speed is unknown, defaulting to 1000 [ 405.661571][T12188] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2403'. [ 405.684596][T12188] veth1_to_batadv: entered promiscuous mode [ 405.700235][T12188] veth1_to_batadv: entered allmulticast mode [ 405.950466][T12193] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2405'. [ 406.251430][T12050] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 406.271708][T12050] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 406.294967][T12197] tipc: Enabled bearer , priority 0 [ 406.321949][T12050] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 406.354354][T12050] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 406.376705][ T1857] tipc: Node number set to 2516053858 [ 406.396072][T12197] tipc: Resetting bearer [ 406.488759][T12196] tipc: Disabling bearer [ 406.685536][T12195] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2404'. [ 406.724876][T12195] netlink: 196 bytes leftover after parsing attributes in process `syz.0.2404'. [ 406.760320][T12195] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2404'. [ 406.806698][T12195] netlink: 196 bytes leftover after parsing attributes in process `syz.0.2404'. [ 406.875759][T12209] tipc: Enabled bearer , priority 0 [ 406.919538][T12208] syzkaller0: entered promiscuous mode [ 406.925126][T12208] syzkaller0: entered allmulticast mode [ 406.970174][T12208] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 407.028342][ T5791] Bluetooth: hci4: command tx timeout [ 407.053321][T12050] 8021q: adding VLAN 0 to HW filter on device bond0 [ 407.062972][T12207] tipc: Resetting bearer [ 407.149616][T12207] tipc: Disabling bearer [ 407.193033][T12050] 8021q: adding VLAN 0 to HW filter on device team0 [ 407.224133][ T9383] bridge0: port 1(bridge_slave_0) entered blocking state [ 407.231416][ T9383] bridge0: port 1(bridge_slave_0) entered forwarding state [ 407.319803][ T7151] bridge0: port 2(bridge_slave_1) entered blocking state [ 407.327050][ T7151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 407.327271][T12214] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2409'. [ 408.004538][T12050] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 408.101962][T12050] veth0_vlan: entered promiscuous mode [ 408.132648][T12050] veth1_vlan: entered promiscuous mode [ 408.171877][T12232] syzkaller0: entered promiscuous mode [ 408.178715][T12232] syzkaller0: entered allmulticast mode [ 408.223235][T12050] veth0_macvtap: entered promiscuous mode [ 408.238424][T12050] veth1_macvtap: entered promiscuous mode [ 408.384726][T12050] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 408.411338][T12050] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.421334][T12050] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 408.431860][T12050] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.444627][T12050] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 408.485523][T12050] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 408.516571][T12050] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.556465][T12050] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 408.576399][T12050] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.594006][T12050] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 408.641900][T12050] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.655442][T12050] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.676421][T12050] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.693221][T12050] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.770545][T12238] tipc: Enabled bearer , priority 0 [ 408.790582][T12236] lo speed is unknown, defaulting to 1000 [ 408.812550][T12238] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 408.902372][T12238] tipc: Resetting bearer [ 408.977563][T12237] tipc: Disabling bearer [ 409.093415][ T9359] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 409.121749][ T9359] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 409.218268][ T9383] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 409.226155][ T9383] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 409.733863][T12254] __nla_validate_parse: 3 callbacks suppressed [ 409.733881][T12254] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2421'. [ 409.964095][T12260] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2423'. [ 410.108449][T12262] syzkaller0: entered promiscuous mode [ 410.113996][T12262] syzkaller0: entered allmulticast mode [ 410.305600][T12266] tipc: Started in network mode [ 410.310893][T12266] tipc: Node identity 926ab4921f18, cluster identity 4711 [ 410.322591][T12266] tipc: Enabled bearer , priority 0 [ 410.333572][T12266] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 410.381985][T12266] tipc: Resetting bearer [ 410.462195][T12268] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2427'. [ 410.508257][T12265] tipc: Disabling bearer [ 410.897095][T12275] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2431'. [ 411.282644][T12281] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2433'. [ 411.452408][T12283] nbd: must specify a size in bytes for the device [ 411.509256][ T5797] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 411.519614][ T5797] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 411.527920][ T5797] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 411.541866][ T5797] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 411.550029][ T5797] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 411.557781][ T5797] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 411.617644][T12287] lo speed is unknown, defaulting to 1000 [ 411.638501][T12289] syzkaller0: entered promiscuous mode [ 411.671531][T12289] syzkaller0: entered allmulticast mode [ 411.843401][T12294] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2438'. [ 412.489870][T12287] chnl_net:caif_netlink_parms(): no params data found [ 412.530756][ T7151] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.557099][T12303] tipc: Enabled bearer , priority 0 [ 412.637417][ T7151] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.662617][T12303] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 412.703837][T12303] tipc: Resetting bearer [ 412.766186][T12302] tipc: Disabling bearer [ 412.796885][ T7151] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.879366][T12287] bridge0: port 1(bridge_slave_0) entered blocking state [ 412.906517][T12287] bridge0: port 1(bridge_slave_0) entered disabled state [ 412.913916][T12287] bridge_slave_0: entered allmulticast mode [ 412.962716][T12287] bridge_slave_0: entered promiscuous mode [ 412.973696][T12287] bridge0: port 2(bridge_slave_1) entered blocking state [ 412.996591][T12287] bridge0: port 2(bridge_slave_1) entered disabled state [ 413.003720][T12318] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2444'. [ 413.003915][T12287] bridge_slave_1: entered allmulticast mode [ 413.038299][T12287] bridge_slave_1: entered promiscuous mode [ 413.065468][ T7151] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.110421][T12309] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2437'. [ 413.131228][T12309] netlink: 196 bytes leftover after parsing attributes in process `syz.2.2437'. [ 413.180140][T12309] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2437'. [ 413.243143][T12320] nbd: must specify a size in bytes for the device [ 413.292849][T12287] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 413.367692][T12287] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 413.584107][T12287] team0: Port device team_slave_0 added [ 413.605833][T12324] lo speed is unknown, defaulting to 1000 [ 413.828110][ T5791] Bluetooth: hci3: command tx timeout [ 413.839029][T12325] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 413.875664][T12287] team0: Port device team_slave_1 added [ 413.982375][ T7151] tipc: Disabling bearer [ 414.016881][ T7151] tipc: Left network mode [ 414.034926][T12287] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 414.063580][T12287] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 414.089584][ C1] vkms_vblank_simulate: vblank timer overrun [ 414.114725][T12287] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 414.133638][T12287] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 414.140976][T12287] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 414.174273][T12287] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 414.433504][T12287] hsr_slave_0: entered promiscuous mode [ 414.440756][T12287] hsr_slave_1: entered promiscuous mode [ 414.447261][T12287] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 414.455554][T12287] Cannot create hsr debugfs directory [ 414.498329][T12335] syzkaller0: entered promiscuous mode [ 414.504744][T12335] syzkaller0: entered allmulticast mode [ 415.723946][T12344] __nla_validate_parse: 2 callbacks suppressed [ 415.723967][T12344] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2452'. [ 415.880983][T12348] nbd: must specify a size in bytes for the device [ 415.893471][T12346] syzkaller0: entered promiscuous mode [ 415.908889][ T5791] Bluetooth: hci3: command tx timeout [ 415.918118][T12346] syzkaller0: entered allmulticast mode [ 415.944426][T12346] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 416.122737][T12352] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2455'. [ 416.219909][ T7151] hsr_slave_0: left promiscuous mode [ 416.256565][ T7151] hsr_slave_1: left promiscuous mode [ 416.295404][ T7151] veth1_vlan: left promiscuous mode [ 416.318020][ T7151] veth0_vlan: left promiscuous mode [ 416.513046][ T1857] infiniband syz2: ib_query_port failed (-19) [ 417.623434][ T7151] bond0 (unregistering): Released all slaves [ 417.711421][T12356] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 417.720475][T12356] batadv_slave_0: entered promiscuous mode [ 417.726876][T12356] batadv_slave_0: entered allmulticast mode [ 417.931673][T12366] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2461'. [ 417.987174][ T5791] Bluetooth: hci3: command tx timeout [ 417.990811][T12287] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 418.033562][T12287] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 418.051946][T12363] syzkaller0: entered promiscuous mode [ 418.067233][T12363] syzkaller0: entered allmulticast mode [ 418.076229][T12287] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 418.104427][T12287] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 418.418763][T12379] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2463'. [ 418.827269][T12382] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 418.991629][T12287] 8021q: adding VLAN 0 to HW filter on device bond0 [ 419.052203][T12287] 8021q: adding VLAN 0 to HW filter on device team0 [ 419.102189][ T7151] bridge0: port 1(bridge_slave_0) entered blocking state [ 419.109616][ T7151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 419.148577][ T7151] bridge0: port 2(bridge_slave_1) entered blocking state [ 419.155821][ T7151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 419.710035][T12401] syzkaller0: entered promiscuous mode [ 419.726136][T12401] syzkaller0: entered allmulticast mode [ 419.743020][T12401] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 419.973608][T12287] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 420.038149][T12399] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2465'. [ 420.066707][ T5791] Bluetooth: hci3: command tx timeout [ 420.089432][T12399] netlink: 196 bytes leftover after parsing attributes in process `syz.3.2465'. [ 420.114930][T12406] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2469'. [ 420.119774][T12399] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2465'. [ 420.185509][T12399] netlink: 196 bytes leftover after parsing attributes in process `syz.3.2465'. [ 420.216233][T12409] syzkaller0: entered promiscuous mode [ 420.226641][T12409] syzkaller0: entered allmulticast mode [ 420.437076][T12287] veth0_vlan: entered promiscuous mode [ 420.491560][T12287] veth1_vlan: entered promiscuous mode [ 420.546405][T12414] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2472'. [ 420.615722][T12287] veth0_macvtap: entered promiscuous mode [ 420.665884][T12287] veth1_macvtap: entered promiscuous mode [ 420.686611][T12416] nbd: must specify at least one socket [ 420.711781][T12287] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 420.751397][T12287] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.766554][T12287] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 420.788799][T12287] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.818235][T12287] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 420.862573][T12287] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 420.886578][T12287] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.907280][T12287] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 420.936454][T12287] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.956436][T12287] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 420.976474][T12287] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.998552][T12287] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 421.069034][T12287] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.096552][T12287] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.115748][T12287] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.134875][T12287] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.338170][ T9390] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 421.346062][ T9390] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 421.387559][ T9386] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 421.415878][ T9386] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 421.419656][T12429] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2478'. [ 422.225659][T12444] syzkaller0: entered promiscuous mode [ 422.248249][T12444] syzkaller0: entered allmulticast mode [ 422.273856][T12444] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 422.516786][T12450] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2482'. [ 422.717693][T12454] geneve1: entered promiscuous mode [ 422.723148][T12454] geneve1: entered allmulticast mode [ 422.757611][T12453] nbd: must specify at least one socket [ 422.917418][T12459] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2487'. [ 423.580483][T12474] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2492'. [ 423.828505][T12479] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2495'. [ 423.838642][T12476] syzkaller0: entered promiscuous mode [ 423.844252][T12476] syzkaller0: entered allmulticast mode [ 423.879516][T12476] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 424.098746][T12484] nbd: must specify at least one socket [ 424.571669][T12505] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2502'. [ 424.652951][T12507] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2504'. [ 425.220972][T12520] syzkaller0: entered promiscuous mode [ 425.226828][T12520] syzkaller0: entered allmulticast mode [ 425.256283][T12520] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 425.641450][T12531] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2514'. [ 425.763428][T12526] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2506'. [ 425.780689][T12526] netlink: 196 bytes leftover after parsing attributes in process `syz.0.2506'. [ 426.178776][T12543] tipc: Enabled bearer , priority 0 [ 426.191275][T12543] tipc: Resetting bearer [ 426.214933][T12542] tipc: Disabling bearer [ 426.702414][T12558] __nla_validate_parse: 3 callbacks suppressed [ 426.702432][T12558] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2525'. [ 426.824340][T12560] syzkaller0: entered promiscuous mode [ 426.837795][T12560] syzkaller0: entered allmulticast mode [ 426.875855][T12560] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 427.086234][T12568] tipc: Enabled bearer , priority 0 [ 427.127398][T12568] tipc: Resetting bearer [ 427.198803][T12567] tipc: Disabling bearer [ 427.516705][T12578] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2535'. [ 428.113383][T12596] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 428.380813][T12600] ================================================================== [ 428.388968][T12600] BUG: KASAN: slab-use-after-free in __xfrm_state_lookup+0x6b2/0x8d0 [ 428.397086][T12600] Read of size 2 at addr ffff88805f25a522 by task syz.2.2543/12600 [ 428.405050][T12600] [ 428.407399][T12600] CPU: 1 PID: 12600 Comm: syz.2.2543 Not tainted syzkaller #0 [ 428.414884][T12600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 428.424987][T12600] Call Trace: [ 428.428292][T12600] [ 428.431303][T12600] dump_stack_lvl+0x16c/0x230 [ 428.436119][T12600] ? __lock_acquire+0x7c80/0x7c80 [ 428.441182][T12600] ? show_regs_print_info+0x20/0x20 [ 428.446450][T12600] ? load_image+0x3b0/0x3b0 [ 428.450979][T12600] ? __virt_addr_valid+0x469/0x540 [ 428.456123][T12600] print_report+0xac/0x220 [ 428.460552][T12600] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 428.465855][T12600] kasan_report+0x117/0x150 [ 428.470388][T12600] ? trace_contention_end+0x39/0xe0 [ 428.475614][T12600] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 428.480926][T12600] __xfrm_state_lookup+0x6b2/0x8d0 [ 428.486070][T12600] ? xfrm_state_lookup+0x1a0/0x1a0 [ 428.491207][T12600] ? xfrm_calg_get_byname+0x193/0x280 [ 428.496605][T12600] xfrm_state_lookup+0xef/0x1a0 [ 428.501471][T12600] ? xfrm_state_lookup+0x36/0x1a0 [ 428.506512][T12600] ipcomp4_init_state+0x1fc/0x9f0 [ 428.511562][T12600] __xfrm_init_state+0xd8b/0x11c0 [ 428.516603][T12600] ? __xfrm_init_state+0x7fc/0x11c0 [ 428.521909][T12600] xfrm_add_sa+0x236d/0x30a0 [ 428.526513][T12600] ? xfrm_user_rcv_msg+0x870/0x870 [ 428.531637][T12600] ? __nla_parse+0x40/0x50 [ 428.536078][T12600] xfrm_user_rcv_msg+0x596/0x870 [ 428.541035][T12600] ? lockdep_hardirqs_on+0x98/0x150 [ 428.546256][T12600] ? xfrm_netlink_rcv+0x90/0x90 [ 428.551114][T12600] ? __local_bh_enable_ip+0x12e/0x1c0 [ 428.556513][T12600] ? __dev_queue_xmit+0x245/0x35a0 [ 428.561640][T12600] ? __mutex_trylock_common+0x153/0x250 [ 428.567304][T12600] netlink_rcv_skb+0x216/0x480 [ 428.572114][T12600] ? xfrm_netlink_rcv+0x90/0x90 [ 428.576991][T12600] ? netlink_ack+0x1110/0x1110 [ 428.581798][T12600] ? netlink_deliver_tap+0x2e/0x1b0 [ 428.587029][T12600] ? __lock_acquire+0x7c80/0x7c80 [ 428.592101][T12600] xfrm_netlink_rcv+0x79/0x90 [ 428.596802][T12600] netlink_unicast+0x751/0x8d0 [ 428.601588][T12600] netlink_sendmsg+0x8c1/0xbe0 [ 428.606382][T12600] ? netlink_getsockopt+0x580/0x580 [ 428.611604][T12600] ? aa_sock_msg_perm+0x94/0x150 [ 428.616559][T12600] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 428.621856][T12600] ? security_socket_sendmsg+0x80/0xa0 [ 428.627325][T12600] ? netlink_getsockopt+0x580/0x580 [ 428.632545][T12600] ____sys_sendmsg+0x5bf/0x950 [ 428.637332][T12600] ? __asan_memset+0x22/0x40 [ 428.641945][T12600] ? __sys_sendmsg_sock+0x30/0x30 [ 428.646989][T12600] ? __import_iovec+0x5f2/0x860 [ 428.651866][T12600] ? import_iovec+0x73/0xa0 [ 428.656408][T12600] ___sys_sendmsg+0x220/0x290 [ 428.661106][T12600] ? __sys_sendmsg+0x270/0x270 [ 428.666003][T12600] __se_sys_sendmsg+0x1a5/0x270 [ 428.670873][T12600] ? __x64_sys_sendmsg+0x80/0x80 [ 428.675837][T12600] ? lockdep_hardirqs_on+0x98/0x150 [ 428.681057][T12600] do_syscall_64+0x55/0xb0 [ 428.685505][T12600] ? clear_bhb_loop+0x40/0x90 [ 428.690207][T12600] ? clear_bhb_loop+0x40/0x90 [ 428.694901][T12600] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 428.700827][T12600] RIP: 0033:0x7f963858eba9 [ 428.705255][T12600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 428.724880][T12600] RSP: 002b:00007f96393e2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 428.733392][T12600] RAX: ffffffffffffffda RBX: 00007f96387d5fa0 RCX: 00007f963858eba9 [ 428.741464][T12600] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 428.749445][T12600] RBP: 00007f9638611e19 R08: 0000000000000000 R09: 0000000000000000 [ 428.757427][T12600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 428.765446][T12600] R13: 00007f96387d6038 R14: 00007f96387d5fa0 R15: 00007fff8dc3df88 [ 428.773474][T12600] [ 428.776506][T12600] [ 428.778847][T12600] Allocated by task 11455: [ 428.783281][T12600] kasan_set_track+0x4e/0x70 [ 428.788024][T12600] __kasan_slab_alloc+0x6c/0x80 [ 428.792987][T12600] slab_post_alloc_hook+0x6e/0x4d0 [ 428.798211][T12600] kmem_cache_alloc+0x11e/0x2e0 [ 428.803077][T12600] xfrm_state_alloc+0x22/0x2a0 [ 428.807857][T12600] __find_acq_core+0x7d8/0x19d0 [ 428.812716][T12600] xfrm_find_acq+0x6a/0x90 [ 428.817161][T12600] xfrm_alloc_userspi+0x57a/0xa90 [ 428.822283][T12600] xfrm_user_rcv_msg+0x596/0x870 [ 428.827265][T12600] netlink_rcv_skb+0x216/0x480 [ 428.832133][T12600] xfrm_netlink_rcv+0x79/0x90 [ 428.836906][T12600] netlink_unicast+0x751/0x8d0 [ 428.841718][T12600] netlink_sendmsg+0x8c1/0xbe0 [ 428.846493][T12600] ____sys_sendmsg+0x5bf/0x950 [ 428.851275][T12600] ___sys_sendmsg+0x220/0x290 [ 428.855966][T12600] __se_sys_sendmsg+0x1a5/0x270 [ 428.860842][T12600] do_syscall_64+0x55/0xb0 [ 428.865278][T12600] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 428.871215][T12600] [ 428.873564][T12600] The buggy address belongs to the object at ffff88805f25a400 [ 428.873564][T12600] which belongs to the cache xfrm_state of size 848 [ 428.887574][T12600] The buggy address is located 290 bytes inside of [ 428.887574][T12600] freed 848-byte region [ffff88805f25a400, ffff88805f25a750) [ 428.901402][T12600] [ 428.903757][T12600] The buggy address belongs to the physical page: [ 428.910212][T12600] page:ffffea00017c9600 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88805f25ac00 pfn:0x5f258 [ 428.921675][T12600] head:ffffea00017c9600 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 428.930616][T12600] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 428.939040][T12600] page_type: 0xffffffff() [ 428.943381][T12600] raw: 00fff00000000840 ffff8881412d0140 0000000000000000 0000000000000001 [ 428.952006][T12600] raw: ffff88805f25ac00 0000000080100002 00000001ffffffff 0000000000000000 [ 428.960687][T12600] page dumped because: kasan: bad access detected [ 428.967141][T12600] page_owner tracks the page as allocated [ 428.972876][T12600] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 6931, tgid 6930 (syz.1.405), ts 138133519140, free_ts 138094545581 [ 428.993494][T12600] post_alloc_hook+0x1cd/0x210 [ 428.998284][T12600] get_page_from_freelist+0x195c/0x19f0 [ 429.003850][T12600] __alloc_pages+0x1e3/0x460 [ 429.008462][T12600] alloc_slab_page+0x5d/0x170 [ 429.013154][T12600] new_slab+0x87/0x2e0 [ 429.017236][T12600] ___slab_alloc+0xc6d/0x1300 [ 429.021926][T12600] kmem_cache_alloc+0x1b7/0x2e0 [ 429.026795][T12600] xfrm_state_alloc+0x22/0x2a0 [ 429.031578][T12600] xfrm_state_find+0x2944/0x4510 [ 429.036643][T12600] xfrm_resolve_and_create_bundle+0x727/0x2c20 [ 429.042808][T12600] xfrm_lookup_with_ifid+0x261/0x19c0 [ 429.048193][T12600] xfrm_lookup_route+0x3c/0x1b0 [ 429.053052][T12600] __ip4_datagram_connect+0x978/0x1230 [ 429.058524][T12600] __ip6_datagram_connect+0x9f1/0x1120 [ 429.063990][T12600] ip6_datagram_connect_v6_only+0x63/0xa0 [ 429.069719][T12600] __sys_connect+0x397/0x420 [ 429.074676][T12600] page last free stack trace: [ 429.079364][T12600] free_unref_page_prepare+0x7ce/0x8e0 [ 429.084841][T12600] free_unref_page+0x32/0x2e0 [ 429.089532][T12600] free_large_kmalloc+0x101/0x1a0 [ 429.094591][T12600] bpf_check+0x62c6/0xe970 [ 429.099020][T12600] bpf_prog_load+0x11cb/0x16d0 [ 429.103823][T12600] __sys_bpf+0x55a/0x800 [ 429.108079][T12600] __x64_sys_bpf+0x7c/0x90 [ 429.112509][T12600] do_syscall_64+0x55/0xb0 [ 429.116938][T12600] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 429.122859][T12600] [ 429.125214][T12600] Memory state around the buggy address: [ 429.130852][T12600] ffff88805f25a400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 429.138924][T12600] ffff88805f25a480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 429.146994][T12600] >ffff88805f25a500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 429.155063][T12600] ^ [ 429.160182][T12600] ffff88805f25a580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 429.168250][T12600] ffff88805f25a600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 429.176323][T12600] ================================================================== [ 429.184599][ C1] vkms_vblank_simulate: vblank timer overrun SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 429.286167][T12600] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 429.293428][T12600] CPU: 0 PID: 12600 Comm: syz.2.2543 Not tainted syzkaller #0 [ 429.300927][T12600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 429.311189][T12600] Call Trace: [ 429.314493][T12600] [ 429.317456][T12600] dump_stack_lvl+0x16c/0x230 [ 429.322177][T12600] ? show_regs_print_info+0x20/0x20 [ 429.327411][T12600] ? load_image+0x3b0/0x3b0 [ 429.331948][T12600] panic+0x2c0/0x710 [ 429.335880][T12600] ? bpf_jit_dump+0xd0/0xd0 [ 429.340427][T12600] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 429.346358][T12600] ? _raw_spin_unlock+0x40/0x40 [ 429.351248][T12600] ? print_memory_metadata+0x314/0x400 [ 429.356746][T12600] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 429.362075][T12600] check_panic_on_warn+0x84/0xa0 [ 429.367065][T12600] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 429.372409][T12600] end_report+0x6f/0x140 [ 429.376687][T12600] kasan_report+0x128/0x150 [ 429.381219][T12600] ? trace_contention_end+0x39/0xe0 [ 429.386457][T12600] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 429.391779][T12600] __xfrm_state_lookup+0x6b2/0x8d0 [ 429.396944][T12600] ? xfrm_state_lookup+0x1a0/0x1a0 [ 429.402101][T12600] ? xfrm_calg_get_byname+0x193/0x280 [ 429.407536][T12600] xfrm_state_lookup+0xef/0x1a0 [ 429.412615][T12600] ? xfrm_state_lookup+0x36/0x1a0 [ 429.417685][T12600] ipcomp4_init_state+0x1fc/0x9f0 [ 429.422759][T12600] __xfrm_init_state+0xd8b/0x11c0 [ 429.427828][T12600] ? __xfrm_init_state+0x7fc/0x11c0 [ 429.433072][T12600] xfrm_add_sa+0x236d/0x30a0 [ 429.437706][T12600] ? xfrm_user_rcv_msg+0x870/0x870 [ 429.442853][T12600] ? __nla_parse+0x40/0x50 [ 429.447317][T12600] xfrm_user_rcv_msg+0x596/0x870 [ 429.452326][T12600] ? lockdep_hardirqs_on+0x98/0x150 [ 429.457581][T12600] ? xfrm_netlink_rcv+0x90/0x90 [ 429.462472][T12600] ? __local_bh_enable_ip+0x12e/0x1c0 [ 429.467903][T12600] ? __dev_queue_xmit+0x245/0x35a0 [ 429.473065][T12600] ? __mutex_trylock_common+0x153/0x250 [ 429.478667][T12600] netlink_rcv_skb+0x216/0x480 [ 429.483472][T12600] ? xfrm_netlink_rcv+0x90/0x90 [ 429.488355][T12600] ? netlink_ack+0x1110/0x1110 [ 429.493169][T12600] ? netlink_deliver_tap+0x2e/0x1b0 [ 429.498414][T12600] ? __lock_acquire+0x7c80/0x7c80 [ 429.503485][T12600] xfrm_netlink_rcv+0x79/0x90 [ 429.508202][T12600] netlink_unicast+0x751/0x8d0 [ 429.513033][T12600] netlink_sendmsg+0x8c1/0xbe0 [ 429.517848][T12600] ? netlink_getsockopt+0x580/0x580 [ 429.523094][T12600] ? aa_sock_msg_perm+0x94/0x150 [ 429.528099][T12600] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 429.533424][T12600] ? security_socket_sendmsg+0x80/0xa0 [ 429.538919][T12600] ? netlink_getsockopt+0x580/0x580 [ 429.544155][T12600] ____sys_sendmsg+0x5bf/0x950 [ 429.548969][T12600] ? __asan_memset+0x22/0x40 [ 429.553598][T12600] ? __sys_sendmsg_sock+0x30/0x30 [ 429.558666][T12600] ? __import_iovec+0x5f2/0x860 [ 429.563564][T12600] ? import_iovec+0x73/0xa0 [ 429.568114][T12600] ___sys_sendmsg+0x220/0x290 [ 429.572836][T12600] ? __sys_sendmsg+0x270/0x270 [ 429.577678][T12600] __se_sys_sendmsg+0x1a5/0x270 [ 429.582571][T12600] ? __x64_sys_sendmsg+0x80/0x80 [ 429.587557][T12600] ? lockdep_hardirqs_on+0x98/0x150 [ 429.592801][T12600] do_syscall_64+0x55/0xb0 [ 429.597258][T12600] ? clear_bhb_loop+0x40/0x90 [ 429.601975][T12600] ? clear_bhb_loop+0x40/0x90 [ 429.606700][T12600] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 429.612643][T12600] RIP: 0033:0x7f963858eba9 [ 429.617090][T12600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 429.636737][T12600] RSP: 002b:00007f96393e2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 429.645365][T12600] RAX: ffffffffffffffda RBX: 00007f96387d5fa0 RCX: 00007f963858eba9 [ 429.653371][T12600] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 429.661381][T12600] RBP: 00007f9638611e19 R08: 0000000000000000 R09: 0000000000000000 [ 429.669388][T12600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 429.677427][T12600] R13: 00007f96387d6038 R14: 00007f96387d5fa0 R15: 00007fff8dc3df88 [ 429.685440][T12600] [ 429.688742][T12600] Kernel Offset: disabled [ 429.693075][T12600] Rebooting in 86400 seconds..