last executing test programs: 5.545927566s ago: executing program 2 (id=1521): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0}) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000140)={&(0x7f0000000180)=[{0x6, 0x6000, 0x1, &(0x7f0000000740)="b9"}], 0x1}) 3.750026371s ago: executing program 0 (id=1532): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x2) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f00000000c0)={0xfffffff8, 0x40000000, 0xfffbfffd, 0xa, 0x4f, "0c4192efcc000700000000fcffffff00", 0x1, 0xfffffff7}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0xa) 3.701747064s ago: executing program 1 (id=1533): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a3100000000090003007379"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_TPROXY_REG_PORT={0x8, 0x3, 0x1, 0x0, 0x16}, @NFTA_TPROXY_FAMILY={0x8}, @NFTA_TPROXY_REG_ADDR={0xffffffffffffff2d, 0x2, 0x1, 0x0, 0x10}, @NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0xa}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x8c}, 0x1, 0x0, 0x0, 0x4008091}, 0x0) 3.633563498s ago: executing program 0 (id=1534): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) r1 = socket(0x2, 0x805, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000000)={r2, 0x61}, &(0x7f0000000040)=0x8) 3.631998818s ago: executing program 1 (id=1535): gettid() syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000300)='.\x02\x00', 0x1008008, &(0x7f0000000040)=ANY=[], 0x1, 0x2ee, &(0x7f0000000a80)="$eJzs3c1qE18UAPCTj6Zp+fNv1+Ii4EY3RV27CVJBDBQqWagbA60grQjTTRSEPIX4AK58JBc+RFcFF5HJjEmaDwplOmnt7wfTnrmn3LkzXHJncU/z9u6Ho4OPJ++GP79Fs9mKejQjziK2oxq1yFTSH82/cSOmDWrnTmM9AIDrbn+/116WG5Q7FApRn2tJknZvbeG7WfdHSYMCAAAAAAAAAACgYPP7/2OwcP9/RFTP7/8fBYOZegAA4Ppbtv9/fhc5N1WStHub2fvbTLWm/f8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA6tRjuDUcDh/8l52m8eRoxNaqxwcAFO9ser0fH7+HOes/APyDFq//k2PV4wMAije1/kdcsP7XVjdMAKBAL1+9ftHudHb3W61mxOmg3+13s99Z/tnzzu7D1sh2RFSz1tN+v1sb5x9l+dak1zS/Fpt5/vHCfCPu38vyae7pXmcmvx4H5TwCAAAAAAAAAAAAAAAAAAAAWLmdURl/JSKr789N6vt3dva+/no/rv+fymdR/v8BqjFT3//lez3u1LOz6tKrrxd8NwAAAAAAAAAAAAAAAAAAAHAznXz6fNQ7Pj5MygkqEVFsz7WIGAX1vKVW+CWmgqvrOQ2aMQoqMZdqRMSle04f+uJUmrnMUBv57DlMTiIuc6dP3kRc+MeVo42YS22UP2mvNtjIn2XZV18yJY7/j+Zosi37xGiU88EEAAAAAAAAAAAAAAAAAAC30FQ9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcWuPv/6/mDcm4pbBgxbcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3BJ/AgAA///w+mzI") mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x40, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x381, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x5032}) io_setup(0xbf, &(0x7f0000000100)=0x0) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000080)={0x0, 0x304000, 0x800, 0x0, 0x3}, 0x20) io_submit(r1, 0x1, &(0x7f00000001c0)=[&(0x7f00000000c0)={0x20000000, 0x0, 0x7, 0x8, 0x0, r0, &(0x7f0000000080)='\x00', 0x1}]) r2 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=@newtfilter={0x50, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xb, 0xd}, {}, {0x7, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_ENC_IP_TTL_MASK={0x5, 0x53, 0xcd}, @TCA_FLOWER_KEY_CT_LABELS={0x14, 0x61, "758bcd936fea094f473f4c4a65c12e40"}]}}]}, 0x50}}, 0x0) 3.497721346s ago: executing program 1 (id=1536): openat$sw_sync(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040)={0xffffffffffffffff}, 0x2, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f00000003c0)={0x13, 0x10, 0xfa00, {0x0, r5, 0x3}}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000003f01f00810000007f000000010000", @ANYRES32, @ANYBLOB], 0x48) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/address_bits', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/mdstat\x00', 0x0, 0x0) poll(0x0, 0x0, 0x283) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0}) close_range(r8, 0xffffffffffffffff, 0x0) read$proc_mixer(r7, &(0x7f00000003c0)=""/45, 0x2d) ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, 0x0) write$binfmt_elf32(r3, 0x0, 0x0) 3.136600457s ago: executing program 3 (id=1538): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [], {0x14}}, 0x28}}, 0x0) 3.012499444s ago: executing program 3 (id=1539): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)) r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) connect$unix(r1, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = socket$unix(0x1, 0x1, 0x0) connect$unix(r2, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) 2.669581434s ago: executing program 0 (id=1540): syz_emit_ethernet(0x104a, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x7}}, './file0\x00'}) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="00000000fcffffff00e80001000000000000000000"], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4c814) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$tipc(0x1e, 0x2, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x121880, 0x10) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000080)={'veth1_to_bond\x00', {0x2, 0x4e20, @local}}) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) sendto$inet6(r1, &(0x7f0000000100)="15", 0x1, 0x1, &(0x7f0000000140)={0xa, 0x4e23, 0x7ff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3}, 0x1c) sendmsg$inet6(r1, &(0x7f0000000000)={&(0x7f0000000180)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3}, 0x1c, &(0x7f0000000340)=[{&(0x7f0000000480)='y', 0x1}], 0x1}, 0x0) shutdown(r1, 0x1) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}, 0x0, 0x0, 0x4}, &(0x7f0000000080)=0x9c) 2.359752832s ago: executing program 2 (id=1541): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="f5af24bd7000000000000e00000008"], 0x1c}, 0x1, 0x0, 0x0, 0x200000d0}, 0x0) 2.099693797s ago: executing program 2 (id=1542): r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) 1.998496493s ago: executing program 3 (id=1543): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a3100000000090003007379"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_TPROXY_REG_PORT={0x8, 0x3, 0x1, 0x0, 0x16}, @NFTA_TPROXY_FAMILY={0x8}, @NFTA_TPROXY_REG_ADDR={0xffffffffffffff2d, 0x2, 0x1, 0x0, 0x10}, @NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0xa}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x8c}, 0x1, 0x0, 0x0, 0x4008091}, 0x0) 1.839540812s ago: executing program 3 (id=1544): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSBRK(r0, 0x5427) 1.665898293s ago: executing program 0 (id=1545): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xe}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000002c0)=0x4) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) ptrace(0x10, r1) 1.565615749s ago: executing program 3 (id=1546): rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffff9]}, 0x0, 0x8) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, 0x0, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSETMODE(r1, 0x4b3a, 0x1) ioctl$TCXONC(r1, 0x4b3a, 0x2) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4451}, 0x81) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/profiling', 0x1, 0x1cc) syz_usb_connect(0x2, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12011f00abbe6740e9174e8b089c000000010902"], 0x0) write$tcp_mem(r2, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) readv(0xffffffffffffffff, &(0x7f0000000300)=[{0x0}, {&(0x7f00000007c0)=""/99, 0x63}], 0x2) 1.565527889s ago: executing program 2 (id=1547): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [], {0x14}}, 0x28}}, 0x0) 1.502495122s ago: executing program 1 (id=1548): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) r1 = socket(0x2, 0x805, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000000)={r2, 0x61}, &(0x7f0000000040)=0x8) 1.415216597s ago: executing program 2 (id=1549): r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) bind$llc(r0, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r1, 0x0, 0xffffffff000) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000400)=ANY=[], 0x1c}], 0x1}, 0x0) symlinkat(&(0x7f0000000040)='./file0\x00', r1, &(0x7f0000000080)='./file0\x00') r3 = socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f0000000000)=0x0) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r6, &(0x7f00000000c0)={0x27, r5, 0x1, 0x4, 0x0, 0xff, "bac5115c7dad488702b535116fad55baf63cdd52fc30106310abb622a1c3c01c13c04df6b906288e64e96754059e65c39c5759b069d6e6d9589e5f2348878c", 0x24}, 0x60) close(r4) close_range(r3, 0xffffffffffffffff, 0x0) 692.459749ms ago: executing program 0 (id=1550): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101003) ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000040)={@private0, @private=0xa010100, 0x19, 0x18}}) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r0, 0xc0a85322, 0x0) 529.524369ms ago: executing program 0 (id=1551): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)) r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) connect$unix(r1, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = socket$unix(0x1, 0x1, 0x0) connect$unix(r2, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 529.333409ms ago: executing program 1 (id=1552): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="f5af24bd7000000000000e00000008"], 0x1c}, 0x1, 0x0, 0x0, 0x200000d0}, 0x0) 463.727423ms ago: executing program 1 (id=1553): syz_emit_ethernet(0x104a, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x7}}, './file0\x00'}) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="00000000fcffffff00e80001000000000000000000"], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4c814) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$tipc(0x1e, 0x2, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x121880, 0x10) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000080)={'veth1_to_bond\x00', {0x2, 0x4e20, @local}}) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) sendto$inet6(r1, &(0x7f0000000100)="15", 0x1, 0x1, &(0x7f0000000140)={0xa, 0x4e23, 0x7ff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3}, 0x1c) sendmsg$inet6(r1, &(0x7f0000000000)={&(0x7f0000000180)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3}, 0x1c, &(0x7f0000000340)=[{&(0x7f0000000480)='y', 0x1}], 0x1}, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}, 0x0, 0x0, 0x4}, &(0x7f0000000080)=0x9c) 374.454468ms ago: executing program 2 (id=1554): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002a80)=ANY=[], 0xd4}}, 0x0) 0s ago: executing program 3 (id=1555): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f00000002c0)={0x0, 0x1410, 0x10100, 0x3, 0x1, 0x0, r1}, &(0x7f0000000080)=0x0, &(0x7f0000000340)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x54, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1}) socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x80) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) futex_waitv(&(0x7f00000001c0)=[{0x6, &(0x7f0000000180)=0x6, 0x2}], 0x1, 0x0, &(0x7f0000000240)={0x77359400}, 0x1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.216' (ED25519) to the list of known hosts. [ 72.066855][ T5758] cgroup: Unknown subsys name 'net' [ 72.228972][ T5758] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 73.904614][ T5758] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 75.644642][ T5776] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 75.653711][ T5776] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 75.655347][ T5781] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 75.661843][ T5776] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 75.670518][ T5781] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 75.682182][ T5776] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 75.691953][ T5782] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 75.721619][ T5782] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 75.735301][ T5784] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.743845][ T5784] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 75.753629][ T5786] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 75.758045][ T5784] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.761190][ T5782] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 75.776184][ T5784] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 75.776716][ T5786] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 75.791988][ T5782] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 75.799796][ T5782] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.808160][ T5782] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 75.810937][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.816315][ T5782] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 75.830341][ T5782] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 75.830960][ T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 75.841686][ T5782] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 75.846062][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.296885][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 76.378396][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 76.405353][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 76.484644][ T5769] chnl_net:caif_netlink_parms(): no params data found [ 76.568508][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.576590][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.584132][ T5772] bridge_slave_0: entered allmulticast mode [ 76.591063][ T5772] bridge_slave_0: entered promiscuous mode [ 76.636606][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.644086][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.651575][ T5772] bridge_slave_1: entered allmulticast mode [ 76.659043][ T5772] bridge_slave_1: entered promiscuous mode [ 76.708989][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.716599][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.724136][ T5771] bridge_slave_0: entered allmulticast mode [ 76.731354][ T5771] bridge_slave_0: entered promiscuous mode [ 76.739038][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.748866][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.756442][ T5770] bridge_slave_0: entered allmulticast mode [ 76.764249][ T5770] bridge_slave_0: entered promiscuous mode [ 76.772959][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.780292][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.787916][ T5770] bridge_slave_1: entered allmulticast mode [ 76.794846][ T5770] bridge_slave_1: entered promiscuous mode [ 76.829146][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.836544][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.846437][ T5771] bridge_slave_1: entered allmulticast mode [ 76.854510][ T5771] bridge_slave_1: entered promiscuous mode [ 76.892366][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.904580][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.926184][ T5769] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.933820][ T5769] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.941154][ T5769] bridge_slave_0: entered allmulticast mode [ 76.948568][ T5769] bridge_slave_0: entered promiscuous mode [ 76.958239][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.972707][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.984242][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.996106][ T5769] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.003707][ T5769] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.010904][ T5769] bridge_slave_1: entered allmulticast mode [ 77.018099][ T5769] bridge_slave_1: entered promiscuous mode [ 77.058345][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.107877][ T5769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.123504][ T5771] team0: Port device team_slave_0 added [ 77.133574][ T5772] team0: Port device team_slave_0 added [ 77.149910][ T5769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.170293][ T5771] team0: Port device team_slave_1 added [ 77.179607][ T5772] team0: Port device team_slave_1 added [ 77.188166][ T5770] team0: Port device team_slave_0 added [ 77.224745][ T5769] team0: Port device team_slave_0 added [ 77.240483][ T5770] team0: Port device team_slave_1 added [ 77.259148][ T5769] team0: Port device team_slave_1 added [ 77.296490][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.303740][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.330100][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.344398][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.351630][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.377758][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.400790][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.408061][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.434758][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.464693][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.472117][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.498727][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.511069][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.521526][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.548249][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.560348][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.567432][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.593849][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.607671][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.614738][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.640923][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.652837][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.659809][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.686553][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.756499][ T5771] hsr_slave_0: entered promiscuous mode [ 77.763443][ T5771] hsr_slave_1: entered promiscuous mode [ 77.850645][ T5772] hsr_slave_0: entered promiscuous mode [ 77.857397][ T5772] hsr_slave_1: entered promiscuous mode [ 77.864315][ T5772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 77.872517][ T5772] Cannot create hsr debugfs directory [ 77.885997][ T5770] hsr_slave_0: entered promiscuous mode [ 77.892694][ T5770] hsr_slave_1: entered promiscuous mode [ 77.898846][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 77.906939][ T5770] Cannot create hsr debugfs directory [ 77.912838][ T5086] Bluetooth: hci1: command tx timeout [ 77.912854][ T51] Bluetooth: hci2: command tx timeout [ 77.921999][ T5782] Bluetooth: hci3: command tx timeout [ 77.929771][ T5086] Bluetooth: hci0: command tx timeout [ 77.949628][ T5769] hsr_slave_0: entered promiscuous mode [ 77.957119][ T5769] hsr_slave_1: entered promiscuous mode [ 77.963800][ T5769] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 77.971389][ T5769] Cannot create hsr debugfs directory [ 78.363971][ T5771] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 78.377730][ T5771] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 78.389250][ T5771] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 78.413415][ T5771] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 78.467544][ T5772] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 78.490012][ T5772] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 78.501055][ T5772] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 78.519502][ T5772] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 78.580144][ T5769] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 78.593119][ T5769] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 78.610564][ T5769] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 78.620596][ T5769] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 78.710412][ T5770] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 78.735872][ T5770] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 78.750512][ T5770] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 78.775934][ T5770] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 78.946174][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.963532][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.005172][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.015357][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.038362][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.050585][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.058081][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.089507][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.127959][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.135129][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.147025][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.154206][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.166655][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.173870][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.188843][ T5769] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.215606][ T2950] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.223500][ T2950] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.264226][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.271483][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.290605][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.321013][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.328317][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.395939][ T2964] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.403169][ T2964] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.558345][ T5770] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 79.866055][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.991816][ T5086] Bluetooth: hci0: command tx timeout [ 79.997438][ T5086] Bluetooth: hci3: command tx timeout [ 79.999482][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.004321][ T5086] Bluetooth: hci2: command tx timeout [ 80.010924][ T5782] Bluetooth: hci1: command tx timeout [ 80.037561][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.063135][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.076814][ T5771] veth0_vlan: entered promiscuous mode [ 80.110477][ T5771] veth1_vlan: entered promiscuous mode [ 80.211317][ T5769] veth0_vlan: entered promiscuous mode [ 80.220984][ T5771] veth0_macvtap: entered promiscuous mode [ 80.238458][ T5770] veth0_vlan: entered promiscuous mode [ 80.249850][ T5771] veth1_macvtap: entered promiscuous mode [ 80.285209][ T5772] veth0_vlan: entered promiscuous mode [ 80.297152][ T5770] veth1_vlan: entered promiscuous mode [ 80.311261][ T5769] veth1_vlan: entered promiscuous mode [ 80.337660][ T5772] veth1_vlan: entered promiscuous mode [ 80.350100][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.377823][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.393203][ T5771] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.403006][ T5771] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.412574][ T5771] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.423113][ T5771] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.477559][ T5772] veth0_macvtap: entered promiscuous mode [ 80.509846][ T5769] veth0_macvtap: entered promiscuous mode [ 80.537615][ T5772] veth1_macvtap: entered promiscuous mode [ 80.548934][ T5770] veth0_macvtap: entered promiscuous mode [ 80.567839][ T5769] veth1_macvtap: entered promiscuous mode [ 80.588897][ T5770] veth1_macvtap: entered promiscuous mode [ 80.621252][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.640667][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.653580][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.676638][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.688481][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.698838][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.709708][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.723200][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.739316][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.750131][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.762900][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.785026][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.796971][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.807118][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.817897][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.829519][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.846390][ T1332] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.856129][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.866969][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.877249][ T1332] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.884609][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.897339][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.907508][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.918283][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.929965][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.940605][ T5769] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.952915][ T5769] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.963712][ T5769] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.973239][ T5769] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.986418][ T5772] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.996126][ T5772] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.005060][ T5772] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.013905][ T5772] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.030251][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.041701][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.052278][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.063334][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.074390][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.085253][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.096774][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.155574][ T2950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.167011][ T2950] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.169726][ T5770] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.184476][ T5770] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.196568][ T5770] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.205680][ T5770] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.393086][ T2950] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.402287][ T2950] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.466320][ T2964] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.483274][ T2964] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.568721][ T2964] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.585324][ T2964] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.599314][ T5862] netlink: 'syz.2.3': attribute type 13 has an invalid length. [ 81.859669][ T5862] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.867910][ T5862] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.071839][ T5782] Bluetooth: hci1: command tx timeout [ 82.077326][ T5782] Bluetooth: hci2: command tx timeout [ 82.083162][ T51] Bluetooth: hci3: command tx timeout [ 82.084671][ T5086] Bluetooth: hci0: command tx timeout [ 82.488358][ T5862] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 82.572843][ T5862] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 82.947966][ T5862] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.957014][ T5862] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.966688][ T5862] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.975816][ T5862] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.072246][ T1332] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.082008][ T1332] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.170788][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.202855][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.326507][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.337190][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.399846][ T5877] ======================================================= [ 83.399846][ T5877] WARNING: The mand mount option has been deprecated and [ 83.399846][ T5877] and is ignored by this kernel. Remove the mand [ 83.399846][ T5877] option from the mount to silence this warning. [ 83.399846][ T5877] ======================================================= [ 83.588985][ T5881] sch_fq: defrate 7 ignored. [ 83.660205][ T5881] syz.3.4[5881]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 83.700297][ T5884] loop0: detected capacity change from 0 to 1024 [ 83.704168][ T5881] loop3: detected capacity change from 0 to 1764 [ 83.717983][ T5884] EXT4-fs: Ignoring removed nobh option [ 83.746085][ T5884] EXT4-fs: Ignoring removed nomblk_io_submit option [ 83.805145][ T5884] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.938750][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.152541][ T5086] Bluetooth: hci2: command tx timeout [ 84.152633][ T5782] Bluetooth: hci3: command tx timeout [ 84.164782][ T5086] Bluetooth: hci0: command tx timeout [ 84.170457][ T5086] Bluetooth: hci1: command tx timeout [ 84.639765][ T5908] netlink: 'syz.1.16': attribute type 13 has an invalid length. [ 84.699354][ T788] IPVS: starting estimator thread 0... [ 84.831883][ T5913] IPVS: using max 16 ests per chain, 38400 per kthread [ 85.320114][ T5908] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.328008][ T5908] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.880363][ T5908] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 85.972074][ T5864] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 85.976247][ T5908] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 86.175199][ T5864] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 86.189739][ T5864] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.198317][ T5864] usb 1-1: Product: syz [ 86.203507][ T5864] usb 1-1: Manufacturer: syz [ 86.208214][ T5864] usb 1-1: SerialNumber: syz [ 86.411819][ T5908] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.421001][ T5908] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.437989][ T5908] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.448041][ T5908] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.451986][ T5864] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 86.636224][ T5912] tipc: Started in network mode [ 86.671716][ T5912] tipc: Node identity ac1414aa, cluster identity 4711 [ 86.696750][ T5912] tipc: Enabled bearer , priority 10 [ 86.884726][ T5940] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 87.035113][ T23] cfg80211: failed to load regulatory.db [ 87.338978][ T5949] loop2: detected capacity change from 0 to 128 [ 87.382295][ T5949] FAT-fs (loop2): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 87.681999][ T5953] loop1: detected capacity change from 0 to 512 [ 87.782448][ T5864] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 87.823726][ T5953] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.832868][ T23] tipc: Node number set to 2886997162 [ 87.852223][ T5953] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 87.867321][ T5864] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 87.911923][ T5864] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 87.932877][ T5864] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 88.014210][ T5959] loop3: detected capacity change from 0 to 1024 [ 88.018744][ T5864] lan78xx: probe of 1-1:1.0 failed with error -71 [ 88.023804][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.098560][ T5864] usb 1-1: USB disconnect, device number 2 [ 88.170617][ T5959] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 88.222787][ T5965] netlink: 4 bytes leftover after parsing attributes in process `syz.1.37'. [ 88.237615][ T5959] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 88.340287][ T5959] EXT4-fs error (device loop3): ext4_map_blocks:718: inode #15: comm syz.3.36: lblock 0 mapped to illegal pblock 0 (length 1) [ 88.379131][ T5959] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 88.392795][ T5959] EXT4-fs (loop3): This should not happen!! Data will be lost [ 88.392795][ T5959] [ 88.406352][ T5959] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: comm syz.3.36: lblock 0 mapped to illegal pblock 0 (length 1) [ 88.549860][ T5969] xt_CT: No such helper "syz1" [ 88.597773][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 88.740324][ T5978] tipc: Can't bind to reserved service type 3 [ 89.367936][ T6002] ip6erspan0: entered allmulticast mode [ 89.587388][ T6012] tipc: Enabling of bearer rejected, failed to enable media [ 89.605862][ T6010] loop2: detected capacity change from 0 to 512 [ 89.696634][ T6014] loop0: detected capacity change from 0 to 512 [ 89.712615][ T6014] EXT4-fs: Ignoring removed mblk_io_submit option [ 89.713042][ T6010] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.719905][ T6014] journal_path: Lookup failure for './file0' [ 89.737809][ T6014] EXT4-fs: error: could not find journal device path [ 89.757792][ T6010] ext4 filesystem being mounted at /15/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.810424][ T5785] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 89.921238][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.053789][ T6025] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 90.094218][ T6025] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 90.139259][ T6024] netlink: 12 bytes leftover after parsing attributes in process `syz.3.63'. [ 90.163926][ T6024] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.171841][ T6024] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.368310][ T6034] netlink: 12 bytes leftover after parsing attributes in process `syz.3.68'. [ 90.452750][ T6031] loop0: detected capacity change from 0 to 8192 [ 90.477071][ T6031] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 90.530758][ T28] audit: type=1800 audit(1771204142.069:2): pid=6031 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.66" name="file2" dev="loop0" ino=1048592 res=0 errno=0 [ 90.567198][ T6031] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 90.582744][ T6031] FAT-fs (loop0): Filesystem has been set read-only [ 90.607518][ T6031] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 90.621122][ T6031] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 90.633165][ T6031] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 90.644227][ T6031] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 90.655853][ T6031] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 90.668826][ T6031] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 90.673648][ T6041] tipc: Enabled bearer , priority 0 [ 90.679926][ T6031] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 90.697496][ T6041] syzkaller0: entered promiscuous mode [ 90.703410][ T6031] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 90.717405][ T6031] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 90.727402][ T6041] syzkaller0: entered allmulticast mode [ 90.764355][ T6041] netlink: 44 bytes leftover after parsing attributes in process `syz.3.71'. [ 90.790615][ T6041] tipc: Resetting bearer [ 90.809893][ T6040] tipc: Resetting bearer [ 90.843097][ T6040] tipc: Disabling bearer [ 91.212758][ T6048] loop1: detected capacity change from 0 to 1024 [ 91.260083][ T6048] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 91.323173][ T6048] EXT4-fs error (device loop1): ext4_map_blocks:718: inode #3: block 1: comm syz.1.75: lblock 1 mapped to illegal pblock 1 (length 1) [ 91.356430][ T6054] netlink: 8 bytes leftover after parsing attributes in process `syz.3.77'. [ 91.370289][ T6054] netlink: 8 bytes leftover after parsing attributes in process `syz.3.77'. [ 91.415081][ T6048] Quota error (device loop1): write_blk: dquota write failed [ 91.429425][ T6048] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 91.440941][ T6048] EXT4-fs error (device loop1): ext4_acquire_dquot:6949: comm syz.1.75: Failed to acquire dquot type 0 [ 91.466064][ T6056] loop0: detected capacity change from 0 to 512 [ 91.475849][ T6048] EXT4-fs error (device loop1): ext4_free_blocks:6692: comm syz.1.75: Freeing blocks not in datazone - block = 0, count = 4096 [ 91.504725][ T6048] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz.1.75: Invalid inode bitmap blk 0 in block_group 0 [ 91.528420][ T1332] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:8: lblock 1 mapped to illegal pblock 1 (length 1) [ 91.536755][ T6060] loop2: detected capacity change from 0 to 512 [ 91.550852][ T6056] EXT4-fs: Ignoring removed orlov option [ 91.561881][ T6048] EXT4-fs error (device loop1) in ext4_free_inode:363: Corrupt filesystem [ 91.586441][ T6048] EXT4-fs (loop1): 1 orphan inode deleted [ 91.598729][ T1332] Quota error (device loop1): remove_tree: Can't read quota data block 1 [ 91.615749][ T6060] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.629909][ T6056] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 91.646029][ T6048] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.664886][ T1332] EXT4-fs error (device loop1): ext4_release_dquot:6985: comm kworker/u4:8: Failed to release dquot type 0 [ 91.713852][ T6056] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 91.724250][ T6060] ext4 filesystem being mounted at /19/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 91.792340][ T6056] EXT4-fs (loop0): 1 orphan inode deleted [ 91.798177][ T6056] EXT4-fs (loop0): 1 truncate cleaned up [ 91.813648][ T6060] EXT4-fs (loop2): shut down requested (1) [ 91.834063][ T6056] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.937616][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.938665][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.957355][ T1332] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:8: lblock 1 mapped to illegal pblock 1 (length 1) [ 91.989039][ T1332] Quota error (device loop1): remove_tree: Can't read quota data block 1 [ 92.011551][ T1332] EXT4-fs error (device loop1): ext4_release_dquot:6985: comm kworker/u4:8: Failed to release dquot type 0 [ 92.024308][ T6068] loop3: detected capacity change from 0 to 512 [ 92.053534][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.216477][ T6068] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.229800][ T6072] loop0: detected capacity change from 0 to 1024 [ 92.237627][ T6072] EXT4-fs: Ignoring removed orlov option [ 92.245171][ T6068] ext4 filesystem being mounted at /22/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.278374][ T6076] loop2: detected capacity change from 0 to 1024 [ 92.307456][ T6072] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 92.357878][ T28] audit: type=1800 audit(1771204143.899:3): pid=6072 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.84" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 92.390660][ T6072] Trying to write to read-only block-device loop0 [ 92.433160][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.434630][ T6076] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 92.528331][ T6076] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 92.544556][ T6081] EXT4-fs error (device loop0): mb_free_blocks:1954: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt. [ 92.670451][ T6076] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2853: Unable to expand inode 12. Delete some EAs or run e2fsck. [ 92.730110][ T6076] EXT4-fs error (device loop2): ext4_xattr_inode_iget:441: inode #11: comm syz.2.82: missing EA_INODE flag [ 92.759214][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.761612][ T6076] EXT4-fs (loop2): Remounting filesystem read-only [ 92.987251][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.225151][ T6100] syzkaller0: entered promiscuous mode [ 93.260710][ T6100] syzkaller0: entered allmulticast mode [ 94.094138][ T6124] netlink: 8 bytes leftover after parsing attributes in process `syz.3.103'. [ 94.403081][ T6106] loop1: detected capacity change from 0 to 1764 [ 94.769575][ T6124] bond1: entered allmulticast mode [ 94.810116][ T6128] loop2: detected capacity change from 0 to 128 [ 94.909438][ T6128] FAT-fs (loop2): Directory bread(block 32) failed [ 94.941760][ T6128] FAT-fs (loop2): Directory bread(block 33) failed [ 94.982794][ T6128] FAT-fs (loop2): Directory bread(block 34) failed [ 95.027877][ T6128] FAT-fs (loop2): Directory bread(block 35) failed [ 95.071993][ T6128] FAT-fs (loop2): Directory bread(block 36) failed [ 95.078682][ T6128] FAT-fs (loop2): Directory bread(block 37) failed [ 95.162766][ T6128] FAT-fs (loop2): Directory bread(block 38) failed [ 95.189522][ T6128] FAT-fs (loop2): Directory bread(block 39) failed [ 95.217325][ T6128] FAT-fs (loop2): Directory bread(block 40) failed [ 95.246159][ T6128] FAT-fs (loop2): Directory bread(block 41) failed [ 95.677019][ T28] audit: type=1800 audit(1771204147.209:4): pid=6128 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.104" name="file1" dev="loop2" ino=1048593 res=0 errno=0 [ 95.710799][ T6128] syz.2.104: attempt to access beyond end of device [ 95.710799][ T6128] loop2: rw=0, sector=4108, nr_sectors = 4 limit=128 [ 95.801401][ C1] sched: RT throttling activated [ 96.869707][ T6145] loop1: detected capacity change from 0 to 8192 [ 96.950783][ T28] audit: type=1326 audit(1771204148.489:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6144 comm="syz.1.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0bc79bf79 code=0x7ffc0000 [ 97.036132][ T28] audit: type=1326 audit(1771204148.489:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6144 comm="syz.1.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0bc79bf79 code=0x7ffc0000 [ 97.101323][ T28] audit: type=1326 audit(1771204148.499:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6144 comm="syz.1.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0bc79bf79 code=0x7ffc0000 [ 97.154166][ T28] audit: type=1326 audit(1771204148.499:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6144 comm="syz.1.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0bc79bf79 code=0x7ffc0000 [ 97.176849][ T28] audit: type=1326 audit(1771204148.499:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6144 comm="syz.1.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc0bc79bf79 code=0x7ffc0000 [ 97.200954][ T28] audit: type=1326 audit(1771204148.499:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6144 comm="syz.1.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0bc79bf79 code=0x7ffc0000 [ 97.225798][ T28] audit: type=1326 audit(1771204148.499:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6144 comm="syz.1.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0bc79bf79 code=0x7ffc0000 [ 97.265214][ T6158] loop0: detected capacity change from 0 to 512 [ 97.304002][ T28] audit: type=1326 audit(1771204148.499:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6144 comm="syz.1.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0bc79bf79 code=0x7ffc0000 [ 97.328892][ T28] audit: type=1326 audit(1771204148.499:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6144 comm="syz.1.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0bc79bf79 code=0x7ffc0000 [ 97.371579][ T5773] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 97.763939][ T6162] syz.1.110: attempt to access beyond end of device [ 97.763939][ T6162] loop1: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 97.783705][ T6162] Buffer I/O error on dev loop1, logical block 57847, async page read [ 97.799786][ T6162] syz.1.110: attempt to access beyond end of device [ 97.799786][ T6162] loop1: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 97.819066][ T6162] Buffer I/O error on dev loop1, logical block 57847, async page read [ 97.842342][ T6130] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 97.910896][ T6130] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 98.289832][ T6169] loop1: detected capacity change from 0 to 512 [ 98.321105][ T6169] EXT4-fs error (device loop1): ext4_orphan_get:1424: comm syz.1.120: bad orphan inode 15 [ 98.335554][ T6169] ext4_test_bit(bit=14, block=5) = 0 [ 98.347205][ T6169] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.448969][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.550724][ T6173] loop1: detected capacity change from 0 to 512 [ 98.591369][ T6173] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.606901][ T6173] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 98.672683][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.672683][ T6130] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.672722][ T6130] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.706080][ T6130] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.718246][ T6130] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.861703][ T6164] netlink: 12 bytes leftover after parsing attributes in process `syz.0.119'. [ 98.902067][ T6167] netlink: 12 bytes leftover after parsing attributes in process `syz.0.119'. [ 98.930043][ T6167] netlink: 12 bytes leftover after parsing attributes in process `syz.0.119'. [ 98.961926][ T6167] Zero length message leads to an empty skb [ 100.379691][ T6206] loop3: detected capacity change from 0 to 1764 [ 100.434704][ T5773] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 100.881549][ T6217] capability: warning: `syz.3.137' uses deprecated v2 capabilities in a way that may be insecure [ 100.906737][ T6217] ucma_write: process 80 (syz.3.137) changed security contexts after opening file descriptor, this is not allowed. [ 100.949050][ T6219] netlink: 116 bytes leftover after parsing attributes in process `syz.2.139'. [ 101.192771][ T6227] loop1: detected capacity change from 0 to 512 [ 101.295393][ T6231] netlink: 'syz.2.144': attribute type 5 has an invalid length. [ 101.316101][ T6231] netlink: 8 bytes leftover after parsing attributes in process `syz.2.144'. [ 101.881151][ T6241] loop1: detected capacity change from 0 to 4096 [ 101.948423][ T6241] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.065481][ T6241] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.235599][ T6255] netlink: 76 bytes leftover after parsing attributes in process `syz.3.154'. [ 102.333087][ T6251] loop2: detected capacity change from 0 to 8192 [ 102.399814][ T6261] loop3: detected capacity change from 0 to 512 [ 102.607817][ T6264] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 102.662717][ T6266] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0 [ 102.694977][ T6266] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0 [ 102.711876][ T6266] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0 [ 102.728671][ T6266] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0 [ 102.764216][ T6266] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 20000 - 0 [ 102.790662][ T6266] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 20000 - 0 [ 102.827738][ T6266] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 20000 - 0 [ 102.849861][ T6266] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 20000 - 0 [ 102.864035][ T6266] geneve2: entered promiscuous mode [ 103.107682][ T6278] loop3: detected capacity change from 0 to 512 [ 103.142760][ T6278] EXT4-fs: inline encryption not supported [ 103.152105][ T6278] EXT4-fs (loop3): DAX unsupported by block device. [ 103.375942][ T6286] 9pnet_fd: Insufficient options for proto=fd [ 104.786874][ T6337] loop2: detected capacity change from 0 to 7 [ 104.796167][ T6337] Dev loop2: unable to read RDB block 7 [ 104.802271][ T6337] loop2: unable to read partition table [ 104.808275][ T6337] loop2: partition table beyond EOD, truncated [ 104.814705][ T6337] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5) [ 104.999768][ T6343] team0: No ports can be present during mode change [ 105.932610][ T6354] loop2: detected capacity change from 0 to 512 [ 106.077034][ T6354] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 106.135878][ T6354] EXT4-fs (loop2): 1 truncate cleaned up [ 106.149383][ T6354] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.044129][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.274354][ T6380] xt_hashlimit: size too large, truncated to 1048576 [ 109.055427][ T6401] Driver unsupported XDP return value 0 on prog (id 20) dev N/A, expect packet loss! [ 109.533884][ T6413] macvlan2: entered promiscuous mode [ 109.539399][ T6413] bridge0: entered promiscuous mode [ 110.089371][ T6422] loop3: detected capacity change from 0 to 1024 [ 110.104730][ T6422] EXT4-fs: Ignoring removed oldalloc option [ 110.136765][ T6422] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 110.153710][ T6422] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 110.232121][ T6422] EXT4-fs error (device loop3): ext4_orphan_get:1424: comm syz.3.229: bad orphan inode 11 [ 110.287895][ T6422] ext4_test_bit(bit=10, block=4) = 1 [ 110.321495][ T6422] is_bad_inode(inode)=0 [ 110.325907][ T6422] NEXT_ORPHAN(inode)=3254779904 [ 110.330793][ T6422] max_ino=32 [ 110.366271][ T6422] i_nlink=0 [ 110.387334][ T6422] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #3: block 2: comm syz.3.229: lblock 2 mapped to illegal pblock 2 (length 1) [ 110.412920][ T6422] __quota_error: 202 callbacks suppressed [ 110.412939][ T6422] Quota error (device loop3): qtree_write_dquot: dquota write failed [ 110.441926][ T6422] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #3: block 48: comm syz.3.229: lblock 0 mapped to illegal pblock 48 (length 1) [ 110.473128][ T6422] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 110.491477][ T6422] EXT4-fs error (device loop3): ext4_acquire_dquot:6949: comm syz.3.229: Failed to acquire dquot type 0 [ 110.522505][ T6422] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5920: Corrupt filesystem [ 110.542040][ T6422] EXT4-fs error (device loop3): ext4_evict_inode:252: inode #11: comm syz.3.229: mark_inode_dirty error [ 110.584488][ T6422] EXT4-fs warning (device loop3): ext4_evict_inode:255: couldn't mark inode dirty (err -117) [ 110.606855][ T6422] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 110.657737][ T6422] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.681682][ T6422] EXT4-fs error (device loop3): __ext4_get_inode_loc:4489: comm syz.3.229: Invalid inode table block 1 in block_group 0 [ 110.716859][ T6422] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5920: Corrupt filesystem [ 110.727925][ T6426] syzkaller0: entered promiscuous mode [ 110.734416][ T6422] EXT4-fs error (device loop3): ext4_quota_off:7233: inode #3: comm syz.3.229: mark_inode_dirty error [ 110.741717][ T6426] syzkaller0: entered allmulticast mode [ 111.714290][ T6443] loop3: detected capacity change from 0 to 764 [ 112.027007][ T6449] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 112.820880][ T6464] loop3: detected capacity change from 0 to 8192 [ 112.869067][ T6464] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 112.924036][ T28] audit: type=1800 audit(1771204164.459:216): pid=6464 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.248" name="file2" dev="loop3" ino=1048597 res=0 errno=0 [ 112.947315][ T6464] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 112.962177][ T6464] FAT-fs (loop3): Filesystem has been set read-only [ 112.969148][ T6464] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 112.983317][ T6464] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 112.994862][ T6464] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 113.006453][ T6464] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 113.018095][ T6464] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 113.029687][ T6464] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 113.044662][ T6464] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 113.055628][ T6464] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 113.068910][ T6464] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 114.038692][ T6495] loop2: detected capacity change from 0 to 1024 [ 114.059655][ T6495] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 114.072946][ T6495] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 114.086640][ T6495] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #2: comm syz.2.259: pblk 82 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 114.109029][ T6495] EXT4-fs (loop2): no journal found [ 114.778105][ T6520] tipc: Failed to remove unknown binding: 66,0,0/0:4135006019/4135006021 [ 114.801037][ T6520] tipc: Failed to remove unknown binding: 66,0,0/0:4135006019/4135006020 [ 114.837054][ T6520] tipc: Failed to remove unknown binding: 66,0,0/0:4135006019/4135006021 [ 114.863544][ T6520] tipc: Failed to remove unknown binding: 66,0,0/0:4135006019/4135006020 [ 116.940291][ T6564] loop2: detected capacity change from 0 to 128 [ 117.007090][ T6564] FAT-fs (loop2): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 117.027906][ T6564] FAT-fs (loop2): Filesystem has been set read-only [ 117.052015][ T6564] FAT-fs (loop2): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 117.960270][ T6574] atomic_op ffff888055bfb998 conn xmit_atomic 0000000000000000 [ 118.305219][ T6579] usb usb7: usbfs: process 6579 (syz.0.294) did not claim interface 0 before use [ 118.522478][ T6580] netlink: 64 bytes leftover after parsing attributes in process `syz.1.291'. [ 119.760775][ T6499] Set syz1 is full, maxelem 65536 reached [ 119.920060][ T28] audit: type=1326 audit(1771204171.459:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6593 comm="syz.3.300" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f76c799bf79 code=0x0 [ 121.024726][ T6596] tipc: Enabling of bearer rejected, failed to enable media [ 123.087785][ T28] audit: type=1326 audit(1771204174.619:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6646 comm="syz.2.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21c8d9bf79 code=0x7fc00000 [ 123.493961][ T6685] netlink: 16 bytes leftover after parsing attributes in process `syz.1.336'. [ 123.967921][ T6705] loop3: detected capacity change from 0 to 256 [ 124.598232][ T6720] netlink: 80 bytes leftover after parsing attributes in process `syz.2.349'. [ 124.654585][ T6722] netlink: 12 bytes leftover after parsing attributes in process `syz.0.350'. [ 124.739848][ T6724] mmap: syz.2.351 (6724) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 125.118313][ T28] audit: type=1326 audit(1771204176.659:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6712 comm="syz.1.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0bc79bf79 code=0x7fc00000 [ 125.998499][ T6765] loop2: detected capacity change from 0 to 128 [ 126.037350][ T6765] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 126.104560][ T6765] ext4 filesystem being mounted at /102/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 126.242565][ T5771] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 127.960353][ T6804] netlink: 'syz.0.383': attribute type 34 has an invalid length. [ 128.506120][ T6822] syz.0.391 uses obsolete (PF_INET,SOCK_PACKET) [ 128.542617][ T6822] netlink: 12 bytes leftover after parsing attributes in process `syz.0.391'. [ 128.588636][ T6822] 8021q: VLANs not supported on vcan0 [ 131.486371][ T6925] ªªªªªª: renamed from vlan0 [ 132.703046][ T6832] syz.2.395: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 132.746642][ T6832] CPU: 0 PID: 6832 Comm: syz.2.395 Not tainted syzkaller #0 [ 132.754375][ T6832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 132.764488][ T6832] Call Trace: [ 132.767811][ T6832] [ 132.770780][ T6832] dump_stack_lvl+0x18c/0x250 [ 132.775516][ T6832] ? show_regs_print_info+0x20/0x20 [ 132.780794][ T6832] ? load_image+0x400/0x400 [ 132.785362][ T6832] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 132.791880][ T6832] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 132.798432][ T6832] warn_alloc+0x246/0x340 [ 132.802801][ T6832] ? zone_watermark_ok_safe+0x230/0x230 [ 132.802872][ T6832] ? _raw_spin_unlock+0x28/0x40 [ 132.802896][ T6832] ? __kmem_cache_free+0xba/0x1e0 [ 132.802931][ T6832] __vmalloc_node_range+0x662/0x1330 [ 132.802991][ T6832] ? free_vm_area+0x50/0x50 [ 132.803015][ T6832] ? kvmalloc_node+0x70/0x180 [ 132.803039][ T6832] ? rcu_is_watching+0x15/0xb0 [ 132.803066][ T6832] ? kvmalloc_node+0x70/0x180 [ 132.803089][ T6832] ? trace_kmalloc+0x1f/0x90 [ 132.803118][ T6832] kvmalloc_node+0x13f/0x180 [ 132.803142][ T6832] ? translate_table+0x192/0x2090 [ 132.803164][ T6832] translate_table+0x192/0x2090 [ 132.803208][ T6832] ? ip6t_register_table+0x7e0/0x7e0 [ 132.868067][ T6832] ? __might_fault+0xaa/0x120 [ 132.872774][ T6832] ? __lock_acquire+0x7d40/0x7d40 [ 132.877816][ T6832] ? __virt_addr_valid+0x18c/0x540 [ 132.883028][ T6832] ? __might_fault+0xaa/0x120 [ 132.887752][ T6832] ? __might_fault+0xc6/0x120 [ 132.892490][ T6832] ? __might_fault+0xaa/0x120 [ 132.897302][ T6832] do_ip6t_set_ctl+0x9fc/0xe10 [ 132.902276][ T6832] ? ip6t_unregister_table_exit+0x230/0x230 [ 132.908276][ T6832] ? __lock_acquire+0x7d40/0x7d40 [ 132.913360][ T6832] ? rcu_is_watching+0x15/0xb0 [ 132.918298][ T6832] ? trace_contention_end+0x39/0xe0 [ 132.923678][ T6832] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 132.929351][ T6832] ? mutex_unlock+0x10/0x10 [ 132.933983][ T6832] ? mutex_lock_nested+0x20/0x20 [ 132.938952][ T6832] nf_setsockopt+0x263/0x280 [ 132.943564][ T6832] ? sock_common_recvmsg+0x190/0x190 [ 132.948955][ T6832] smc_setsockopt+0x243/0xac0 [ 132.953771][ T6832] ? smc_shutdown+0x9b0/0x9b0 [ 132.958492][ T6832] ? __fget_files+0x28/0x4b0 [ 132.963306][ T6832] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 132.969116][ T6832] ? security_socket_setsockopt+0x7e/0xa0 [ 132.974955][ T6832] ? smc_shutdown+0x9b0/0x9b0 [ 132.979860][ T6832] do_sock_setsockopt+0x175/0x1a0 [ 132.984918][ T6832] ? __fdget+0x180/0x210 [ 132.989177][ T6832] __x64_sys_setsockopt+0x182/0x200 [ 132.994400][ T6832] do_syscall_64+0x55/0xa0 [ 132.998834][ T6832] ? clear_bhb_loop+0x40/0x90 [ 133.003533][ T6832] ? clear_bhb_loop+0x40/0x90 [ 133.008223][ T6832] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 133.014239][ T6832] RIP: 0033:0x7f21c8d9bf79 [ 133.018761][ T6832] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 133.038732][ T6832] RSP: 002b:00007f21c9b6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 133.047173][ T6832] RAX: ffffffffffffffda RBX: 00007f21c9015fa0 RCX: 00007f21c8d9bf79 [ 133.055610][ T6832] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 133.063940][ T6832] RBP: 00007f21c8e327e0 R08: 0000000000000330 R09: 0000000000000000 [ 133.071927][ T6832] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 133.079908][ T6832] R13: 00007f21c9016038 R14: 00007f21c9015fa0 R15: 00007ffeb3ebb9c8 [ 133.088285][ T6832] [ 133.127559][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.146956][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.176453][ T6968] netlink: 16 bytes leftover after parsing attributes in process `syz.3.434'. [ 133.209361][ T6832] Mem-Info: [ 133.215266][ T6832] active_anon:5704 inactive_anon:0 isolated_anon:0 [ 133.215266][ T6832] active_file:372 inactive_file:49978 isolated_file:0 [ 133.215266][ T6832] unevictable:768 dirty:26 writeback:0 [ 133.215266][ T6832] slab_reclaimable:10153 slab_unreclaimable:137669 [ 133.215266][ T6832] mapped:24283 shmem:1363 pagetables:590 [ 133.215266][ T6832] sec_pagetables:0 bounce:0 [ 133.215266][ T6832] kernel_misc_reclaimable:0 [ 133.215266][ T6832] free:1291472 free_pcp:8168 free_cma:0 [ 133.335240][ T6832] Node 0 active_anon:23916kB inactive_anon:0kB active_file:1488kB inactive_file:199708kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:97032kB dirty:104kB writeback:0kB shmem:5216kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11988kB pagetables:2160kB sec_pagetables:0kB all_unreclaimable? no [ 133.401561][ T6832] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 133.433738][ T6832] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 133.466567][ T6832] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 133.472840][ T6832] Node 0 DMA32 free:1249660kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:26376kB inactive_anon:0kB active_file:1488kB inactive_file:198884kB unevictable:1536kB writepending:104kB present:3129332kB managed:2586972kB mlocked:0kB bounce:0kB free_pcp:5736kB local_pcp:760kB free_cma:0kB [ 133.505058][ T6832] lowmem_reserve[]: 0 0 0 0 0 [ 133.509862][ T6832] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 133.537239][ T6832] lowmem_reserve[]: 0 0 0 0 0 [ 133.578073][ T6832] Node 1 Normal free:3897368kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:26352kB local_pcp:11024kB free_cma:0kB [ 133.611963][ T6974] netlink: 'syz.3.437': attribute type 9 has an invalid length. [ 133.625368][ T6974] netlink: 84 bytes leftover after parsing attributes in process `syz.3.437'. [ 133.637068][ T6832] lowmem_reserve[]: 0 0 0 0 0 [ 133.647200][ T6832] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 133.686663][ T6832] Node 0 DMA32: 10*4kB (ME) 11*8kB (UE) 146*16kB (ME) 209*32kB (UME) 359*64kB (UME) 230*128kB (UME) 106*256kB (UM) 81*512kB (UME) 55*1024kB (UM) 15*2048kB (UME) 252*4096kB (UM) = 1249408kB [ 133.726564][ T6832] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 133.757482][ T6832] Node 1 Normal: 124*4kB (UME) 31*8kB (UME) 27*16kB (UME) 32*32kB (UME) 12*64kB (UME) 5*128kB (UME) 2*256kB (UM) 0*512kB 2*1024kB (UE) 2*2048kB (UE) 949*4096kB (M) = 3897368kB [ 133.785915][ T6832] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 133.823720][ T6832] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 133.851103][ T6832] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 133.879469][ T6832] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 133.900055][ T6832] 51735 total pagecache pages [ 133.915053][ T6832] 0 pages in swap cache [ 133.929709][ T6832] Free swap = 124680kB [ 133.939810][ T6832] Total swap = 124996kB [ 133.960464][ T6832] 2097051 pages RAM [ 133.968736][ T6832] 0 pages HighMem/MovableOnly [ 133.981421][ T6832] 416922 pages reserved [ 133.989249][ T6832] 0 pages cma reserved [ 134.444967][ T7008] tc_dump_action: action bad kind [ 135.081896][ T7022] netlink: 8 bytes leftover after parsing attributes in process `syz.2.458'. [ 135.398457][ T7036] loop2: detected capacity change from 0 to 512 [ 136.472902][ T7072] netlink: 32 bytes leftover after parsing attributes in process `syz.2.482'. [ 136.865821][ T7086] syzkaller0: entered promiscuous mode [ 136.881719][ T7086] syzkaller0: entered allmulticast mode [ 138.116061][ T7105] 9pnet: p9_errstr2errno: server reported unknown error 0000000 [ 140.860580][ T7139] loop3: detected capacity change from 0 to 128 [ 140.886672][ T7139] EXT4-fs: Ignoring removed nobh option [ 140.930441][ T7139] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 140.959530][ T7139] ext4 filesystem being mounted at /128/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 141.132816][ T5770] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 141.307244][ T28] audit: type=1326 audit(1771204192.849:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.2.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21c8d9bf79 code=0x7ffc0000 [ 141.382032][ T28] audit: type=1326 audit(1771204192.879:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.2.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21c8d9bf79 code=0x7ffc0000 [ 141.501565][ T28] audit: type=1326 audit(1771204192.879:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.2.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21c8d9bf79 code=0x7ffc0000 [ 141.583414][ T28] audit: type=1326 audit(1771204192.889:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.2.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f21c8d9bf79 code=0x7ffc0000 [ 141.636808][ T28] audit: type=1326 audit(1771204192.889:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.2.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21c8d9bf79 code=0x7ffc0000 [ 141.751792][ T28] audit: type=1326 audit(1771204192.889:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.2.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21c8d9bf79 code=0x7ffc0000 [ 141.815027][ T28] audit: type=1326 audit(1771204192.889:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.2.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21c8d9bf79 code=0x7ffc0000 [ 141.868805][ T28] audit: type=1326 audit(1771204192.889:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.2.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21c8d9bf79 code=0x7ffc0000 [ 141.951993][ T28] audit: type=1326 audit(1771204192.889:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.2.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21c8d9bf79 code=0x7ffc0000 [ 142.009915][ T28] audit: type=1326 audit(1771204192.899:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.2.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7f21c8d9bf79 code=0x7ffc0000 [ 144.760159][ T7240] wg1: entered promiscuous mode [ 144.771597][ T7240] wg1: entered allmulticast mode [ 144.797723][ T7240] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 144.932900][ T7247] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 145.069471][ T7250] loop3: detected capacity change from 0 to 512 [ 145.105490][ T7250] EXT4-fs: Ignoring removed bh option [ 145.110968][ T7250] EXT4-fs: inline encryption not supported [ 145.179965][ T7250] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 145.311527][ T7250] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1154: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 145.419352][ T7250] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.558: bg 0: block 248: padding at end of block bitmap is not set [ 145.444344][ T7250] EXT4-fs error (device loop3): ext4_acquire_dquot:6949: comm syz.3.558: Failed to acquire dquot type 1 [ 145.478046][ T7250] EXT4-fs (loop3): 1 truncate cleaned up [ 145.508135][ T7250] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 145.698561][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 145.856661][ T7282] netlink: 8 bytes leftover after parsing attributes in process `syz.3.571'. [ 146.440571][ T7297] loop2: detected capacity change from 0 to 1024 [ 146.482525][ T7297] EXT4-fs: Ignoring removed oldalloc option [ 146.515510][ T7297] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 146.545087][ T7297] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 146.609107][ T7297] EXT4-fs error (device loop2): ext4_orphan_get:1424: comm syz.2.579: bad orphan inode 11 [ 146.641149][ T7297] ext4_test_bit(bit=10, block=4) = 1 [ 146.673671][ T7297] is_bad_inode(inode)=0 [ 146.689388][ T7297] NEXT_ORPHAN(inode)=3254779904 [ 146.721481][ T7297] max_ino=32 [ 146.740617][ T7297] i_nlink=0 [ 146.765078][ T7297] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 2: comm syz.2.579: lblock 2 mapped to illegal pblock 2 (length 1) [ 146.818311][ T7297] __quota_error: 23 callbacks suppressed [ 146.818330][ T7297] Quota error (device loop2): qtree_write_dquot: dquota write failed [ 146.840942][ T7297] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 48: comm syz.2.579: lblock 0 mapped to illegal pblock 48 (length 1) [ 146.891865][ T7297] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 146.900826][ T7297] EXT4-fs error (device loop2): ext4_acquire_dquot:6949: comm syz.2.579: Failed to acquire dquot type 0 [ 146.931950][ T7297] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5920: Corrupt filesystem [ 146.958391][ T7297] EXT4-fs error (device loop2): ext4_evict_inode:252: inode #11: comm syz.2.579: mark_inode_dirty error [ 146.990701][ T7297] EXT4-fs warning (device loop2): ext4_evict_inode:255: couldn't mark inode dirty (err -117) [ 147.019311][ T7297] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 147.190423][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.194828][ T7298] loop3: detected capacity change from 0 to 128 [ 147.216406][ T5771] EXT4-fs error (device loop2): __ext4_get_inode_loc:4489: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 147.252287][ T5771] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5920: Corrupt filesystem [ 147.269715][ T5771] EXT4-fs error (device loop2): ext4_quota_off:7233: inode #3: comm syz-executor: mark_inode_dirty error [ 147.419401][ T7298] syz.3.580: attempt to access beyond end of device [ 147.419401][ T7298] loop3: rw=2049, sector=138, nr_sectors = 48 limit=128 [ 147.811944][ T6902] kworker/u4:16: attempt to access beyond end of device [ 147.811944][ T6902] loop3: rw=1, sector=138, nr_sectors = 2 limit=128 [ 150.140738][ T7411] loop3: detected capacity change from 0 to 128 [ 150.604104][ T7426] loop2: detected capacity change from 0 to 4096 [ 150.658302][ T7426] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 150.724916][ T7431] netlink: 32 bytes leftover after parsing attributes in process `syz.1.628'. [ 150.739669][ T7431] (unnamed net_device) (uninitialized): option updelay: invalid value (18446744073709551608) [ 150.750933][ T7431] (unnamed net_device) (uninitialized): option updelay: allowed values 0 - 2147483647 [ 150.770491][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.805284][ T7435] netlink: 52 bytes leftover after parsing attributes in process `syz.0.631'. [ 151.318452][ T7453] loop2: detected capacity change from 0 to 1024 [ 151.625478][ T6896] hfsplus: b-tree write err: -5, ino 4 [ 151.897537][ T7477] Bluetooth: MGMT ver 1.22 [ 152.062097][ T7481] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 152.071789][ T7481] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 152.080580][ T7481] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 152.089495][ T7481] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 152.118040][ T7483] loop2: detected capacity change from 0 to 1024 [ 152.263911][ T6896] hfsplus: b-tree write err: -5, ino 4 [ 153.047683][ T7519] program syz.3.673 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 153.971507][ T5782] Bluetooth: hci0: command tx timeout [ 153.991718][ T5086] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 154.419133][ T7546] TCP: tcp_parse_options: Illegal window scaling value 47 > 14 received [ 154.648895][ T7550] loop3: detected capacity change from 0 to 512 [ 154.832827][ T7550] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 154.846789][ T7550] ext4 filesystem being mounted at /172/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 155.063921][ T28] audit: type=1800 audit(1771204462.518:251): pid=7550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.684" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 155.704607][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.001586][ T5086] Bluetooth: hci0: command tx timeout [ 156.288677][ T7587] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 156.416720][ T7590] netlink: 20 bytes leftover after parsing attributes in process `syz.0.700'. [ 156.456832][ T7590] geneve2: entered promiscuous mode [ 156.758786][ T7603] loop2: detected capacity change from 0 to 512 [ 156.925748][ T7603] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 156.939143][ T7603] ext4 filesystem being mounted at /173/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 157.152393][ T28] audit: type=1800 audit(1771204464.608:252): pid=7603 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.704" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 157.835546][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.815588][ T7630] overlayfs: failed to resolve './file0': -2 [ 159.040678][ T7649] netlink: 8 bytes leftover after parsing attributes in process `syz.3.726'. [ 159.325332][ T7661] loop3: detected capacity change from 0 to 512 [ 159.373197][ T7661] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 159.386340][ T7661] ext4 filesystem being mounted at /186/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 159.536490][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.846406][ T7681] loop3: detected capacity change from 0 to 1024 [ 159.947219][ T6896] hfsplus: b-tree write err: -5, ino 4 [ 160.227383][ T7691] dvmrp0: entered allmulticast mode [ 160.245633][ T7691] dvmrp0: left allmulticast mode [ 161.452276][ T28] audit: type=1326 audit(1771204468.988:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7750 comm="syz.0.764" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc45119bf79 code=0x0 [ 164.430939][ T7804] tipc: Started in network mode [ 164.436118][ T7804] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 164.445890][ T7804] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 164.455908][ T7804] tipc: Enabled bearer , priority 10 [ 164.770332][ T7817] loop2: detected capacity change from 0 to 512 [ 164.812735][ T7817] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 164.874776][ T7817] EXT4-fs error (device loop2): ext4_orphan_get:1424: comm syz.2.792: bad orphan inode 131083 [ 164.938737][ T7817] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 164.964016][ T7827] netlink: 12 bytes leftover after parsing attributes in process `syz.1.796'. [ 164.973686][ T7827] 8021q: VLANs not supported on vcan0 [ 165.127190][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.461714][ T5933] tipc: Node number set to 1 [ 166.526998][ T7880] loop2: detected capacity change from 0 to 8192 [ 166.553573][ T7880] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 166.584151][ T28] audit: type=1800 audit(1771204474.128:254): pid=7880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.817" name="file2" dev="loop2" ino=1048601 res=0 errno=0 [ 166.644220][ T7880] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 166.691649][ T7880] FAT-fs (loop2): Filesystem has been set read-only [ 166.721918][ T7880] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 166.730963][ T7880] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 166.788462][ T7880] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 166.814688][ T7889] netlink: 'syz.1.822': attribute type 14 has an invalid length. [ 166.820194][ T7880] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 166.859649][ T7880] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 166.871511][ T7880] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 166.979258][ T7893] loop3: detected capacity change from 0 to 512 [ 167.109336][ T7880] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 167.189590][ T7893] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.202770][ T7893] ext4 filesystem being mounted at /208/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 167.265430][ T28] audit: type=1800 audit(1771204474.798:255): pid=7893 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.821" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 167.850462][ T7880] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 167.882038][ T7880] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 167.898996][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.330236][ T7912] loop3: detected capacity change from 0 to 512 [ 168.401062][ T7912] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.420391][ T7912] ext4 filesystem being mounted at /210/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 168.483132][ T7912] Quota error (device loop3): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0 [ 168.483266][ T7912] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 168.483287][ T7912] EXT4-fs error (device loop3): ext4_acquire_dquot:6949: comm syz.3.830: Failed to acquire dquot type 0 [ 168.565685][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.447637][ T7956] loop2: detected capacity change from 0 to 512 [ 169.456676][ T7957] loop3: detected capacity change from 0 to 1024 [ 169.503691][ T7956] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 169.518821][ T7956] ext4 filesystem being mounted at /197/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 169.604526][ T12] hfsplus: b-tree write err: -5, ino 4 [ 169.614485][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.121537][ T5839] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 170.226325][ T7983] loop3: detected capacity change from 0 to 512 [ 170.266432][ T7983] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.857: couldn't read orphan inode 26 (err -116) [ 170.287170][ T7983] EXT4-fs (loop3): Remounting filesystem read-only [ 170.301516][ T7983] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 170.316739][ T7983] ext4 filesystem being mounted at /220/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 170.328022][ T5839] usb 3-1: config 0 has no interfaces? [ 170.334510][ T5839] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 170.343796][ T5839] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.354813][ T5839] usb 3-1: config 0 descriptor?? [ 170.519301][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.646660][ T5933] usb 3-1: USB disconnect, device number 2 [ 171.121766][ T8007] loop3: detected capacity change from 0 to 512 [ 171.209469][ T8007] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 171.276462][ T8007] ext4 filesystem being mounted at /224/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 171.567355][ T8024] loop2: detected capacity change from 0 to 1024 [ 171.617956][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.758056][ T6902] hfsplus: b-tree write err: -5, ino 4 [ 173.418114][ T8071] loop3: detected capacity change from 0 to 256 [ 173.463302][ T8071] syz.3.897: attempt to access beyond end of device [ 173.463302][ T8071] loop3: rw=2049, sector=256, nr_sectors = 4 limit=256 [ 173.891718][ T8081] netlink: 'syz.1.902': attribute type 1 has an invalid length. [ 173.926033][ T8081] 8021q: adding VLAN 0 to HW filter on device bond1 [ 173.968236][ T8084] loop3: detected capacity change from 0 to 1024 [ 174.068192][ T6902] hfsplus: b-tree write err: -5, ino 4 [ 174.687930][ T8109] loop2: detected capacity change from 0 to 1024 [ 174.806531][ T11] hfsplus: b-tree write err: -5, ino 4 [ 175.266400][ T8124] sit0: entered promiscuous mode [ 175.291057][ T8124] netlink: 'syz.0.922': attribute type 1 has an invalid length. [ 175.310264][ T8124] netlink: 1 bytes leftover after parsing attributes in process `syz.0.922'. [ 176.043898][ T5819] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 176.265312][ T5819] usb 4-1: config 0 has no interfaces? [ 176.271019][ T5819] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 176.305550][ T5819] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.340303][ T5819] usb 4-1: config 0 descriptor?? [ 176.460051][ T8164] netlink: 'syz.1.940': attribute type 1 has an invalid length. [ 176.505276][ T8164] 8021q: adding VLAN 0 to HW filter on device bond2 [ 176.564965][ T8164] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.567852][ T8168] loop2: detected capacity change from 0 to 512 [ 176.586817][ T5819] usb 4-1: USB disconnect, device number 2 [ 176.601592][ T8164] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.618847][ T8164] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.628625][ T8164] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.644153][ T8164] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 176.668461][ T8168] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 176.707429][ T8168] ext4 filesystem being mounted at /219/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 176.741240][ T8168] EXT4-fs error (device loop2): ext4_find_dest_de:2115: inode #2: block 3: comm syz.2.942: bad entry in directory: rec_len is too small for name_len - offset=24, inode=11, rec_len=20, size=2048 fake=0 [ 176.813356][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 176.972437][ T5866] IPVS: starting estimator thread 0... [ 177.071848][ T8179] IPVS: using max 15 ests per chain, 36000 per kthread [ 177.094007][ T8183] loop2: detected capacity change from 0 to 1024 [ 177.296826][ T8187] netlink: 168 bytes leftover after parsing attributes in process `syz.0.949'. [ 177.334079][ T8191] netlink: 68 bytes leftover after parsing attributes in process `syz.1.951'. [ 177.345882][ T8191] netlink: 12 bytes leftover after parsing attributes in process `syz.1.951'. [ 177.355996][ T8191] netlink: 20 bytes leftover after parsing attributes in process `syz.1.951'. [ 177.370632][ T6902] hfsplus: b-tree write err: -5, ino 4 [ 177.529792][ T8197] loop2: detected capacity change from 0 to 128 [ 177.679699][ T5819] IPVS: starting estimator thread 0... [ 177.781767][ T8203] IPVS: using max 18 ests per chain, 43200 per kthread [ 178.099122][ T8222] netlink: 128 bytes leftover after parsing attributes in process `syz.3.964'. [ 178.290250][ T8230] loop6: detected capacity change from 0 to 7 [ 178.337272][ T8230] Dev loop6: unable to read RDB block 7 [ 178.350950][ T8230] loop6: unable to read partition table [ 178.364569][ T8230] loop6: partition table beyond EOD, truncated [ 178.378236][ T8230] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 178.777656][ T8248] loop2: detected capacity change from 0 to 1024 [ 178.900751][ T6902] hfsplus: b-tree write err: -5, ino 4 [ 179.290535][ T8262] loop2: detected capacity change from 0 to 512 [ 179.315933][ T8262] FAT-fs (loop2): Unrecognized mount option "01777777777777777777777" or missing value [ 179.932001][ T8280] netlink: 'syz.0.989': attribute type 3 has an invalid length. [ 180.500939][ T8295] IPv6: sit1: Disabled Multicast RS [ 181.960712][ T8339] bond0: (slave vlan2): Opening slave failed [ 182.231285][ T8344] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1018'. [ 182.264543][ T8343] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 182.275661][ T8343] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 182.286705][ T8343] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 182.428543][ T8355] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1022'. [ 182.771624][ T8] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 182.972081][ T8] usb 3-1: config 0 has no interfaces? [ 182.977827][ T8] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 182.992088][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.009247][ T8] usb 3-1: config 0 descriptor?? [ 183.061037][ T8376] loop3: detected capacity change from 0 to 1024 [ 183.074890][ T8376] EXT4-fs: Ignoring removed oldalloc option [ 183.107825][ T8376] EXT4-fs: Ignoring removed bh option [ 183.120066][ T8376] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 183.160684][ T8376] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 183.252835][ T8] usb 3-1: USB disconnect, device number 3 [ 183.291881][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.321855][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 184.811542][ T5839] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 185.003734][ T5839] usb 4-1: config 0 has no interfaces? [ 185.023429][ T5839] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 185.049104][ T5839] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.072817][ T5839] usb 4-1: config 0 descriptor?? [ 185.133348][ T8430] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1056'. [ 185.150455][ T8430] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1056'. [ 185.317179][ T5839] usb 4-1: USB disconnect, device number 3 [ 186.037049][ T8463] loop3: detected capacity change from 0 to 256 [ 186.936957][ T8480] 9pnet_fd: Insufficient options for proto=fd [ 187.039358][ T8484] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 187.061572][ T8484] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 187.081986][ T8484] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 187.117008][ T8487] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1076'. [ 187.167578][ T8490] loop3: detected capacity change from 0 to 512 [ 187.205049][ T8490] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 187.218818][ T8490] ext4 filesystem being mounted at /265/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 187.239192][ T28] audit: type=1800 audit(1771204494.778:256): pid=8490 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1078" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 187.280045][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.064477][ T8505] loop2: detected capacity change from 0 to 512 [ 188.093468][ T8505] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 188.146314][ T8505] EXT4-fs error (device loop2): ext4_orphan_get:1424: comm syz.2.1083: bad orphan inode 131083 [ 188.166225][ T8505] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 188.258349][ T8510] 9pnet_fd: Insufficient options for proto=fd [ 188.378439][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.854279][ T23] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 189.067497][ T23] usb 3-1: config 0 has no interfaces? [ 189.073177][ T23] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 189.082662][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.094475][ T23] usb 3-1: config 0 descriptor?? [ 189.195786][ T8534] 9pnet_fd: Insufficient options for proto=fd [ 189.326240][ T8] usb 3-1: USB disconnect, device number 4 [ 191.987455][ T8628] loop2: detected capacity change from 0 to 512 [ 192.007855][ T8628] EXT4-fs: Ignoring removed nobh option [ 192.049232][ T8628] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 192.105390][ T8628] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802e02c, mo2=0002] [ 192.116016][ T8628] EXT4-fs (loop2): orphan cleanup on readonly fs [ 192.130931][ T8628] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #11: comm syz.2.1137: attempt to clear invalid blocks 1024 len 1 [ 192.150942][ T8628] EXT4-fs (loop2): Remounting filesystem read-only [ 192.165254][ T8628] EXT4-fs (loop2): 1 truncate cleaned up [ 192.174420][ T8628] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 192.221730][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 192.906687][ T8643] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 193.084932][ T8650] program syz.3.1147 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 194.558916][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.565571][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.863845][ T8722] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1180'. [ 197.892583][ T5839] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 198.051560][ T5839] usb 3-1: device descriptor read/64, error -71 [ 198.321546][ T5839] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 198.471533][ T5839] usb 3-1: device descriptor read/64, error -71 [ 198.591957][ T5839] usb usb3-port1: attempt power cycle [ 198.886650][ T8814] loop3: detected capacity change from 0 to 2048 [ 198.894556][ T8814] EXT4-fs: Ignoring removed nobh option [ 198.940925][ T8814] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 198.984514][ T8814] ext4 filesystem being mounted at /300/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 199.003722][ T5839] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 199.048362][ T28] audit: type=1800 audit(1771204506.588:257): pid=8814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1219" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 199.101449][ T28] audit: type=1800 audit(1771204506.588:258): pid=8814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1219" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 199.102729][ T5839] usb 3-1: device descriptor read/8, error -71 [ 199.206786][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.412873][ T5839] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 199.465885][ T5839] usb 3-1: device descriptor read/8, error -71 [ 199.601737][ T5839] usb usb3-port1: unable to enumerate USB device [ 201.073489][ T8856] sctp: [Deprecated]: syz.1.1235 (pid 8856) Use of int in maxseg socket option. [ 201.073489][ T8856] Use struct sctp_assoc_value instead [ 201.113989][ T8856] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1235'. [ 201.282194][ T8858] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1234'. [ 201.291899][ T8858] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 201.441781][ T8858] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 201.756163][ T5786] Bluetooth: hci3: command 0x0406 tx timeout [ 201.756200][ T5784] Bluetooth: hci0: command tx timeout [ 201.762280][ T5775] Bluetooth: hci2: command 0x0406 tx timeout [ 201.762325][ T5775] Bluetooth: hci1: command 0x0406 tx timeout [ 202.406527][ T8877] loop2: detected capacity change from 0 to 256 [ 202.422958][ T8877] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 202.463039][ T8877] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 203.292581][ T5839] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 203.505045][ T5839] usb 3-1: device descriptor read/64, error -71 [ 207.052690][ T8937] loop2: detected capacity change from 0 to 512 [ 207.100662][ T8937] EXT4-fs error (device loop2): ext4_iget_extra_inode:4732: inode #12: comm syz.2.1269: corrupted in-inode xattr: bad e_name length [ 207.219082][ T8937] EXT4-fs error (device loop2): ext4_orphan_get:1403: comm syz.2.1269: couldn't read orphan inode 12 (err -117) [ 207.268694][ T8937] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 207.446297][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.861647][ T23] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 208.051834][ T23] usb 3-1: device descriptor read/64, error -71 [ 208.341613][ T23] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 208.491714][ T23] usb 3-1: device descriptor read/64, error -71 [ 208.621856][ T23] usb usb3-port1: attempt power cycle [ 209.041734][ T23] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 209.084824][ T23] usb 3-1: device descriptor read/8, error -71 [ 209.225793][ T28] audit: type=1326 audit(1771204516.768:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8959 comm="syz.0.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc45119bf79 code=0x7ffc0000 [ 209.287204][ T28] audit: type=1326 audit(1771204516.768:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8959 comm="syz.0.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc45119bf79 code=0x7ffc0000 [ 209.319517][ T28] audit: type=1326 audit(1771204516.798:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8959 comm="syz.0.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc45119bf79 code=0x7ffc0000 [ 209.348964][ T28] audit: type=1326 audit(1771204516.798:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8959 comm="syz.0.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc45119bf79 code=0x7ffc0000 [ 209.383180][ T23] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 209.396411][ T28] audit: type=1326 audit(1771204516.798:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8959 comm="syz.0.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc45119bf79 code=0x7ffc0000 [ 209.428010][ T28] audit: type=1326 audit(1771204516.798:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8959 comm="syz.0.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc45119bf79 code=0x7ffc0000 [ 209.457611][ T23] usb 3-1: device descriptor read/8, error -71 [ 209.467276][ T28] audit: type=1326 audit(1771204516.798:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8959 comm="syz.0.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc45119bf79 code=0x7ffc0000 [ 209.495993][ T28] audit: type=1326 audit(1771204516.798:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8959 comm="syz.0.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc45119bf79 code=0x7ffc0000 [ 209.525578][ T28] audit: type=1326 audit(1771204516.798:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8959 comm="syz.0.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc45119bf79 code=0x7ffc0000 [ 209.555318][ T28] audit: type=1326 audit(1771204516.798:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8959 comm="syz.0.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc45119bf79 code=0x7ffc0000 [ 209.581709][ T23] usb usb3-port1: unable to enumerate USB device [ 210.846276][ T8979] loop2: detected capacity change from 0 to 8192 [ 210.873520][ T8979] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 210.899321][ T8979] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 210.910192][ T8979] FAT-fs (loop2): Filesystem has been set read-only [ 210.919988][ T8979] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 210.929310][ T8979] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 210.938990][ T8979] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 210.948656][ T8979] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 210.959947][ T8979] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 210.997048][ T8979] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 211.012106][ T8979] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 211.021076][ T8979] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 211.062070][ T8979] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 211.502458][ T8995] netlink: 'syz.0.1291': attribute type 27 has an invalid length. [ 211.869442][ T8995] sit0: left promiscuous mode [ 211.993431][ T8995] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.001281][ T8995] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.302796][ T8995] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 213.919337][ T9024] loop2: detected capacity change from 0 to 2048 [ 213.962212][ T9028] random: crng reseeded on system resumption [ 213.984328][ T9024] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 214.125247][ T9024] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1231: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 214.161938][ T9024] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 33 with error 28 [ 214.180413][ T9024] EXT4-fs (loop2): This should not happen!! Data will be lost [ 214.180413][ T9024] [ 214.192464][ T9024] EXT4-fs (loop2): Total free blocks count 0 [ 214.200061][ T9024] EXT4-fs (loop2): Free/Dirty block details [ 214.207215][ T9024] EXT4-fs (loop2): free_blocks=2415919104 [ 214.215286][ T9024] EXT4-fs (loop2): dirty_blocks=64 [ 214.220763][ T9024] EXT4-fs (loop2): Block reservation details [ 214.227784][ T9024] EXT4-fs (loop2): i_reserved_data_blocks=4 [ 214.270196][ T9024] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 10 with max blocks 1 with error 28 [ 214.390325][ T8995] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 214.660616][ T8995] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.694178][ T8995] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.714305][ T8995] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.731718][ T8995] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.753007][ T8995] geneve2: left promiscuous mode [ 214.804094][ T8998] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.812040][ T8998] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.841563][ T8998] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 215.818392][ T9074] loop3: detected capacity change from 0 to 512 [ 216.310203][ T28] kauditd_printk_skb: 189 callbacks suppressed [ 216.310220][ T28] audit: type=1326 audit(1771204523.848:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9091 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc45119bf79 code=0x7ffc0000 [ 216.364131][ T28] audit: type=1326 audit(1771204523.848:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9091 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc45119bf79 code=0x7ffc0000 [ 216.412462][ T28] audit: type=1326 audit(1771204523.868:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9091 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc45119bf79 code=0x7ffc0000 [ 216.437872][ T28] audit: type=1326 audit(1771204523.868:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9091 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc45119bf79 code=0x7ffc0000 [ 216.462607][ T970] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 216.476256][ T28] audit: type=1326 audit(1771204523.868:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9091 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=43 compat=0 ip=0x7fc45119bf79 code=0x7ffc0000 [ 216.504180][ T28] audit: type=1326 audit(1771204523.868:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9091 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc45119bf79 code=0x7ffc0000 [ 216.533039][ T28] audit: type=1326 audit(1771204523.868:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9091 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc45119bf79 code=0x7ffc0000 [ 216.591561][ T28] audit: type=1326 audit(1771204523.868:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9091 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fc45119bf79 code=0x7ffc0000 [ 216.620177][ T28] audit: type=1326 audit(1771204523.868:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9091 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fc45119bf79 code=0x7ffc0000 [ 216.673827][ T970] usb 3-1: config 0 has no interfaces? [ 216.679390][ T970] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 216.689607][ T970] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.705256][ T970] usb 3-1: config 0 descriptor?? [ 216.921858][ T5935] usb 3-1: USB disconnect, device number 15 [ 217.262888][ T9122] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1340'. [ 217.496184][ T28] audit: type=1326 audit(1771204525.038:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9129 comm="syz.3.1343" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f76c799bf79 code=0x0 [ 217.823351][ T970] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 218.013154][ T970] usb 3-1: no configurations [ 218.017838][ T970] usb 3-1: can't read configurations, error -22 [ 218.191618][ T970] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 218.378097][ T9159] syzkaller0: entered promiscuous mode [ 218.384806][ T9159] syzkaller0: entered allmulticast mode [ 218.393101][ T970] usb 3-1: no configurations [ 218.399004][ T970] usb 3-1: can't read configurations, error -22 [ 218.415254][ T970] usb usb3-port1: attempt power cycle [ 218.821699][ T970] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 218.866775][ T970] usb 3-1: no configurations [ 218.881971][ T970] usb 3-1: can't read configurations, error -22 [ 219.045805][ T970] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 219.095458][ T970] usb 3-1: no configurations [ 219.100228][ T970] usb 3-1: can't read configurations, error -22 [ 219.109929][ T970] usb usb3-port1: unable to enumerate USB device [ 219.896967][ T9207] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1373'. [ 219.986046][ T9211] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1375'. [ 221.028766][ T9258] program syz.2.1393 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 221.442546][ T5935] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 221.635742][ T5935] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 221.666126][ T5935] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 221.679779][ T5935] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 221.687413][ T9282] syzkaller0: entered promiscuous mode [ 221.702173][ T5935] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.707953][ T9282] syzkaller0: entered allmulticast mode [ 221.710233][ T5935] usb 4-1: Product: syz [ 221.710282][ T5935] usb 4-1: Manufacturer: syz [ 221.762281][ T5935] usb 4-1: SerialNumber: syz [ 221.785824][ T5935] usb 4-1: config 0 descriptor?? [ 224.004209][ T9343] program syz.2.1424 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 224.228323][ T970] usb 4-1: USB disconnect, device number 4 [ 225.328982][ T9381] syzkaller0: entered promiscuous mode [ 225.341769][ T9381] syzkaller0: entered allmulticast mode [ 225.899359][ T9399] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1447'. [ 226.438671][ T9426] netlink: 'syz.2.1458': attribute type 27 has an invalid length. [ 226.467651][ T9426] bridge0: left promiscuous mode [ 226.473164][ T9426] macvlan2: left promiscuous mode [ 226.834561][ T9426] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.843414][ T9426] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.858475][ T9426] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 227.160899][ T9447] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1465'. [ 227.742300][ T9464] syzkaller0: entered promiscuous mode [ 227.761693][ T9464] syzkaller0: entered allmulticast mode [ 227.767889][ T9466] program syz.3.1475 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 228.961470][ T5867] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 229.153810][ T5867] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 229.191561][ T5867] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 229.233719][ T5867] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 229.251984][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.287365][ T5867] usb 4-1: Product: syz [ 229.301531][ T5867] usb 4-1: Manufacturer: syz [ 229.306206][ T5867] usb 4-1: SerialNumber: syz [ 229.333625][ T5867] usb 4-1: config 0 descriptor?? [ 230.642636][ T9539] loop2: detected capacity change from 0 to 512 [ 230.672262][ T9541] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1504'. [ 230.688357][ T9539] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 230.717606][ T9539] EXT4-fs (loop2): orphan cleanup on readonly fs [ 230.753699][ T9539] EXT4-fs error (device loop2): ext4_do_update_inode:5248: inode #16: comm syz.2.1503: corrupted inode contents [ 230.773797][ T9539] EXT4-fs (loop2): Remounting filesystem read-only [ 230.786453][ T9539] EXT4-fs (loop2): 1 truncate cleaned up [ 230.792806][ T2964] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 230.810980][ T2964] Quota error (device loop2): write_blk: dquota write failed [ 230.828273][ T2964] Quota error (device loop2): remove_free_dqentry: Can't write block (5) with free entries [ 230.838768][ T2964] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 230.855432][ T2964] Quota error (device loop2): write_blk: dquota write failed [ 230.866444][ T2964] Quota error (device loop2): free_dqentry: Can't move quota data block (5) to free list [ 230.878166][ T2964] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 230.891639][ T2964] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 230.903251][ T2964] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 230.917190][ T9539] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 230.968543][ T9539] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1503'. [ 231.056905][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.363837][ T9558] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1509'. [ 231.498825][ T9563] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1511'. [ 231.775399][ T5867] usb 4-1: USB disconnect, device number 5 [ 231.924746][ T9568] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1513'. [ 233.041523][ T5867] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 233.233936][ T5867] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 233.244839][ T5867] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 233.257917][ T5867] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 233.267638][ T5867] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.276222][ T5867] usb 3-1: Product: syz [ 233.280530][ T5867] usb 3-1: Manufacturer: syz [ 233.285735][ T5867] usb 3-1: SerialNumber: syz [ 233.294409][ T5867] usb 3-1: config 0 descriptor?? [ 233.941627][ T5933] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 234.134228][ T5933] usb 4-1: config 0 has no interfaces? [ 234.141018][ T5933] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 234.157465][ T5933] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.188751][ T5933] usb 4-1: config 0 descriptor?? [ 234.434212][ T5933] usb 4-1: USB disconnect, device number 6 [ 235.862785][ T5867] usb 3-1: USB disconnect, device number 20 [ 236.838062][ T28] audit: type=1326 audit(1771204544.378:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9646 comm="syz.0.1545" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc45119bf79 code=0x0 [ 237.201423][ T5933] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 237.393503][ T5933] usb 4-1: config 0 has no interfaces? [ 237.399052][ T5933] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 237.421377][ T5933] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.442086][ T5933] usb 4-1: config 0 descriptor?? [ 237.662363][ T5867] usb 4-1: USB disconnect, device number 7 [ 348.161439][ C0] ------------[ cut here ]------------ [ 348.168287][ C0] WARNING: CPU: 0 PID: 0 at kernel/rcu/tree_stall.h:1001 rcu_check_gp_start_stall+0x2dc/0x460 [ 348.178680][ C0] Modules linked in: [ 348.182579][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 [ 348.189690][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 348.199922][ C0] RIP: 0010:rcu_check_gp_start_stall+0x2dc/0x460 [ 348.206259][ C0] Code: ff ff ff 48 c7 c7 a0 84 30 97 be 04 00 00 00 e8 2a cc 6d 00 48 89 df b8 01 00 00 00 87 05 2c 12 bf 15 85 c0 0f 85 19 ff ff ff <0f> 0b 48 81 ff 00 72 13 8d 74 47 48 c7 c0 6c 12 8b 8e 48 c1 e8 03 [ 348.226226][ C0] RSP: 0018:ffffc90000007bb8 EFLAGS: 00010046 [ 348.232316][ C0] RAX: 0000000000000000 RBX: ffffffff8d137200 RCX: ffffffff81717266 [ 348.240489][ C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffff8d137200 [ 348.248732][ C0] RBP: ffffc90000007e30 R08: 0000000000000003 R09: 0000000000000004 [ 348.256794][ C0] R10: dffffc0000000000 R11: fffffbfff2e61094 R12: 0000000000002904 [ 348.264880][ C0] R13: ffffffff8d137200 R14: 0000000000000a02 R15: dffffc0000000000 [ 348.272850][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 348.281798][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 348.288375][ C0] CR2: 000055557ce08a28 CR3: 000000002d35e000 CR4: 00000000003506f0 [ 348.296372][ C0] Call Trace: [ 348.299649][ C0] [ 348.302497][ C0] rcu_core+0x635/0x1770 [ 348.306762][ C0] ? ktime_get+0x7f/0x280 [ 348.311105][ C0] ? rcu_cpu_kthread_park+0x90/0x90 [ 348.316304][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 348.321502][ C0] ? sched_clock+0x3f/0x60 [ 348.325938][ C0] ? sched_clock_cpu+0x75/0x430 [ 348.330815][ C0] ? ktime_get+0x7f/0x280 [ 348.335160][ C0] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 348.341148][ C0] ? lock_chain_count+0x20/0x20 [ 348.346019][ C0] handle_softirqs+0x280/0x820 [ 348.350803][ C0] ? __irq_exit_rcu+0xd3/0x190 [ 348.355565][ C0] ? do_softirq+0x1a0/0x1a0 [ 348.360065][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 348.365352][ C0] __irq_exit_rcu+0xd3/0x190 [ 348.369936][ C0] ? irq_exit_rcu+0x20/0x20 [ 348.374700][ C0] irq_exit_rcu+0x9/0x20 [ 348.379026][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 348.384689][ C0] [ 348.387705][ C0] [ 348.390637][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 348.396618][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x10 [ 348.402280][ C0] Code: d7 22 02 c3 cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d 83 e1 43 00 fb f4 66 0f 1f 00 55 41 57 41 56 41 54 53 50 8b 2f eb 2e 41 89 de 80 [ 348.422168][ C0] RSP: 0018:ffffffff8ce07d80 EFLAGS: 000002c2 [ 348.428526][ C0] RAX: d78282953e796800 RBX: ffffffff8162a490 RCX: d78282953e796800 [ 348.436510][ C0] RDX: 0000000000000001 RSI: ffffffff8acac900 RDI: ffffffff8b1c81e0 [ 348.444692][ C0] RBP: ffffffff8ce07eb8 R08: ffff8880b8e36b2b R09: 1ffff110171c6d65 [ 348.452687][ C0] R10: dffffc0000000000 R11: ffffed10171c6d66 R12: 1ffffffff19d2688 [ 348.460754][ C0] R13: 1ffffffff19c0fbc R14: 0000000000000000 R15: dffffc0000000000 [ 348.469047][ C0] ? do_idle+0x1f0/0x4e0 [ 348.473422][ C0] default_idle+0x13/0x20 [ 348.478034][ C0] default_idle_call+0x6c/0xa0 [ 348.482899][ C0] do_idle+0x1f0/0x4e0 [ 348.487025][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 348.492251][ C0] ? asm_sysvec_call_function_single+0x1a/0x20 [ 348.499602][ C0] cpu_startup_entry+0x43/0x60 [ 348.504497][ C0] rest_init+0x2e2/0x300 [ 348.509039][ C0] ? time_init+0x40/0x40 [ 348.513311][ C0] arch_call_rest_init+0xe/0x10 [ 348.518271][ C0] start_kernel+0x459/0x4e0 [ 348.522877][ C0] x86_64_start_reservations+0x2a/0x30 [ 348.528524][ C0] x86_64_start_kernel+0x60/0x60 [ 348.533636][ C0] secondary_startup_64_no_verify+0x179/0x17b [ 348.539739][ C0] [ 348.542769][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 348.550193][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 [ 348.557654][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 348.567804][ C0] Call Trace: [ 348.571087][ C0] [ 348.573930][ C0] dump_stack_lvl+0x18c/0x250 [ 348.578699][ C0] ? show_regs_print_info+0x20/0x20 [ 348.583892][ C0] ? load_image+0x400/0x400 [ 348.588486][ C0] panic+0x2dc/0x730 [ 348.592490][ C0] ? bpf_jit_dump+0xd0/0xd0 [ 348.597093][ C0] ? secondary_startup_64_no_verify+0x179/0x17b [ 348.603519][ C0] __warn+0x2e0/0x470 [ 348.607510][ C0] ? rcu_check_gp_start_stall+0x2dc/0x460 [ 348.613256][ C0] ? rcu_check_gp_start_stall+0x2dc/0x460 [ 348.618996][ C0] report_bug+0x2be/0x4f0 [ 348.623414][ C0] ? rcu_check_gp_start_stall+0x2dc/0x460 [ 348.629167][ C0] ? rcu_check_gp_start_stall+0x2dc/0x460 [ 348.634932][ C0] ? rcu_check_gp_start_stall+0x2de/0x460 [ 348.640663][ C0] handle_bug+0xcf/0x120 [ 348.645005][ C0] exc_invalid_op+0x1a/0x50 [ 348.649513][ C0] asm_exc_invalid_op+0x1a/0x20 [ 348.654381][ C0] RIP: 0010:rcu_check_gp_start_stall+0x2dc/0x460 [ 348.660734][ C0] Code: ff ff ff 48 c7 c7 a0 84 30 97 be 04 00 00 00 e8 2a cc 6d 00 48 89 df b8 01 00 00 00 87 05 2c 12 bf 15 85 c0 0f 85 19 ff ff ff <0f> 0b 48 81 ff 00 72 13 8d 74 47 48 c7 c0 6c 12 8b 8e 48 c1 e8 03 [ 348.680545][ C0] RSP: 0018:ffffc90000007bb8 EFLAGS: 00010046 [ 348.686718][ C0] RAX: 0000000000000000 RBX: ffffffff8d137200 RCX: ffffffff81717266 [ 348.695174][ C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffff8d137200 [ 348.703499][ C0] RBP: ffffc90000007e30 R08: 0000000000000003 R09: 0000000000000004 [ 348.711751][ C0] R10: dffffc0000000000 R11: fffffbfff2e61094 R12: 0000000000002904 [ 348.719845][ C0] R13: ffffffff8d137200 R14: 0000000000000a02 R15: dffffc0000000000 [ 348.728206][ C0] ? rcu_check_gp_start_stall+0x2c6/0x460 [ 348.734042][ C0] ? rcu_check_gp_start_stall+0x2c6/0x460 [ 348.739879][ C0] rcu_core+0x635/0x1770 [ 348.744248][ C0] ? ktime_get+0x7f/0x280 [ 348.748702][ C0] ? rcu_cpu_kthread_park+0x90/0x90 [ 348.754023][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 348.759259][ C0] ? sched_clock+0x3f/0x60 [ 348.764073][ C0] ? sched_clock_cpu+0x75/0x430 [ 348.769125][ C0] ? ktime_get+0x7f/0x280 [ 348.773614][ C0] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 348.779811][ C0] ? lock_chain_count+0x20/0x20 [ 348.785039][ C0] handle_softirqs+0x280/0x820 [ 348.789917][ C0] ? __irq_exit_rcu+0xd3/0x190 [ 348.794801][ C0] ? do_softirq+0x1a0/0x1a0 [ 348.799608][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 348.805259][ C0] __irq_exit_rcu+0xd3/0x190 [ 348.810157][ C0] ? irq_exit_rcu+0x20/0x20 [ 348.814957][ C0] irq_exit_rcu+0x9/0x20 [ 348.819387][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 348.825493][ C0] [ 348.828534][ C0] [ 348.831652][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 348.837916][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x10 [ 348.843784][ C0] Code: d7 22 02 c3 cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d 83 e1 43 00 fb f4 66 0f 1f 00 55 41 57 41 56 41 54 53 50 8b 2f eb 2e 41 89 de 80 [ 348.863664][ C0] RSP: 0018:ffffffff8ce07d80 EFLAGS: 000002c2 [ 348.869822][ C0] RAX: d78282953e796800 RBX: ffffffff8162a490 RCX: d78282953e796800 [ 348.877912][ C0] RDX: 0000000000000001 RSI: ffffffff8acac900 RDI: ffffffff8b1c81e0 [ 348.885975][ C0] RBP: ffffffff8ce07eb8 R08: ffff8880b8e36b2b R09: 1ffff110171c6d65 [ 348.894046][ C0] R10: dffffc0000000000 R11: ffffed10171c6d66 R12: 1ffffffff19d2688 [ 348.902234][ C0] R13: 1ffffffff19c0fbc R14: 0000000000000000 R15: dffffc0000000000 [ 348.910630][ C0] ? do_idle+0x1f0/0x4e0 [ 348.915198][ C0] default_idle+0x13/0x20 [ 348.919654][ C0] default_idle_call+0x6c/0xa0 [ 348.924526][ C0] do_idle+0x1f0/0x4e0 [ 348.928661][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 348.933862][ C0] ? asm_sysvec_call_function_single+0x1a/0x20 [ 348.940295][ C0] cpu_startup_entry+0x43/0x60 [ 348.945076][ C0] rest_init+0x2e2/0x300 [ 348.949527][ C0] ? time_init+0x40/0x40 [ 348.953789][ C0] arch_call_rest_init+0xe/0x10 [ 348.958863][ C0] start_kernel+0x459/0x4e0 [ 348.963552][ C0] x86_64_start_reservations+0x2a/0x30 [ 348.969192][ C0] x86_64_start_kernel+0x60/0x60 [ 348.974160][ C0] secondary_startup_64_no_verify+0x179/0x17b [ 348.980517][ C0] [ 350.111741][ C0] Shutting down cpus with NMI [ 350.117157][ C0] Kernel Offset: disabled [ 350.122431][ C0] Rebooting in 86400 seconds..