last executing test programs: 10m9.031806791s ago: executing program 2 (id=28): r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f00000002c0)=@generic={0x0, 0x2, 0x0, "eaebad85"}) 10m5.5973673s ago: executing program 2 (id=35): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000000)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000740)="f9", 0x1}], 0x1, &(0x7f0000000340)=[@sndrcv={0x30, 0x84, 0x1, {0x7, 0x444, 0x41, 0x401, 0x2, 0xc355, 0x17c, 0x7fffffff}}], 0x30, 0x4040850}, 0x40000) 10m5.228446591s ago: executing program 2 (id=37): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40000) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r4, 0x0, 0x43, &(0x7f00000018c0)={'IDLETIMER\x00'}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="340000000104050000000000000000000700000006000640000200000500010002"], 0x34}}, 0x2000004) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000080), &(0x7f00000000c0)={'L-', 0x1}, 0x16, 0x2) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000000)={0x40a, 0x85, 0x4}) 10m2.869646838s ago: executing program 2 (id=41): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x2800000, &(0x7f0000000140)={[{@debug}, {@delalloc}, {@journal_ioprio}, {@test_dummy_encryption}, {@nodiscard}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@nodiscard}, {@abort}]}, 0x1, 0xbb4, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnHy2zb2TXi6X27tpLpdLC+I0raTYIthKxY0LQbdCQzopIdMPkkhNmsVE/wFR14IbQS1KF3bdjYJbN1q3FhdCkdgoiGjkzEeSJjNJ2k5yYvL7wZvzvvOcOe/z5DBzzgszE8CeNZD9SSMORcT5JKJQfzyNiO5qrzeiUttvYX525Jf52ZEkFhdf/jGJJCLuz8+ONI6V1LcH6oPeiPjquST+8ebaeSenZ8aHy+XSRH18bOrS1WOT0zNPjl0avli6WLp8/OTTQyeGTg6eGmpbrb9+d+bWz/994fvKbx/9fuOndz5I4kz01WMr66hX/dgGYmDpf7JSZ0QMt+H4O0FHvZ6VdSadGzwp3eKkAABoKV1xD/evKERHLN+8FeLzr3NNDgAAAGiLxY6IRQAAAGCXS6z/AQAAYJdrfA7g/vzsSKPl+4mE7XXvbET01+pfqLdapDMq1W1vdEXE/vtJrPxaa1J72mMbiIi73576NGvR5HvIW60yFxH/bnb+k2r9/fVvQq+uP42IwTbMP7Bq/Feq/0wb5s+7fgD2pttnaxeytde/dOn+J5pc/zqbXLseRd7Xv8b938Ka+7/l+jta3P+9tMk5rn/43rVWsaz+Z249/0mjZfNn28cq6iHcm4v4T2ez+pOl+pMW9Z/f5ByFP66VWsXyrn/x/Ygj0bz+hmT93yc6NjpWLg3W/jadY+7LoY9bzZ93/dn539+i/o3O/9UHjtT6R31ePXfuZqvYxvWnP3Qnr1R73fVHXh+empo4HtGdvLj28RPr19vYp3GMrP6j/1v/9d+s/uw9oVL/P2SVz9W32fiNVXM+e+P6Z+vVn6398jz/Fx7x/L+1yTn+/8XbR1vFVq5/s5bNfzeprYUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoCGNiL5I0mJEJNV+mhaLEQci4p+xPy1fmZx6YvTKa5cvZLGI/uhKR8fKpcGIKNTGSTY+Xu0vj0+sGj8VEQcj4t3Cvuq4OHKlfCHv4gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhyICL6IkmLEZFGxEIhTYvFvLMCAAAA2q4/7wQAAACALWf9DwAAALuf9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABb7ODh23eSiKic3ldtme56rCvXzICtluadAJCbjrwTAHLTmXcCQG4eco3vdgF2oWSDeG/LSE/bcwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg5zpy6PadJCIqp/dVW6a7Hutq+ozD25gdsJXSvBMActOxXrBz+/IAtp+XOOxdzdf4wF6SbBDvXd6n8mCkZ8tyAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDn6au2JC1GRFrtp2mxGPG3iOiPrmR0rFwajIi/R8Q3ha6ebNyTd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC03eT0zPhwuVya0NHRybeT7Iw0ap2835kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMjD5PTM+HC5XJqYzDsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIG+T0zPjw+VyaWITnZsPs/OKTt41AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQnz8DAAD//9b4DfQ=") syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f00000000c0)='./bus\x00', 0x2c600, 0x0, 0xbe, 0x0, &(0x7f00000007c0)) chdir(&(0x7f0000000140)='./bus\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) openat$incfs(0xffffffffffffff9c, &(0x7f0000000540)='.pending_reads\x00', 0x1a30c1, 0x9c37611dc13d0db7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) openat$cgroup_ro(r0, &(0x7f0000000080)='blkio.bfq.io_service_time\x00', 0x275a, 0x0) mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) getdents64(r1, &(0x7f0000000f80)=""/4096, 0x1000) 9m57.637936912s ago: executing program 2 (id=46): r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0) sendmsg$key(r0, 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x200, 0x0, 0x25dfdbfb, {{@in=@loopback, @in6=@local, 0x0, 0x4, 0x0, 0x0, 0xa, 0x60, 0x80, 0x3b, 0x0, 0xee01}, {0x0, 0x4, 0x0, 0x0, 0x40, 0xfffffffffffffffd, 0x2}, {0xfffffffffffffffe}, 0x9, 0x40000000, 0x0, 0x1, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100"], 0xb8}}, 0x20004000) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x1, 0x70bd08, 0x25dfdbfe, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24}]}, 0x38}}, 0x20000840) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000020000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80c0}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xb8}}, 0x4000) 9m51.823014409s ago: executing program 2 (id=54): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x2800000, &(0x7f0000000140)={[{@debug}, {@delalloc}, {@journal_ioprio}, {@test_dummy_encryption}, {@nodiscard}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@nodiscard}, {@abort}]}, 0x1, 0xbb4, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnHy2zb2TXi6X27tpLpdLC+I0raTYIthKxY0LQbdCQzopIdMPkkhNmsVE/wFR14IbQS1KF3bdjYJbN1q3FhdCkdgoiGjkzEeSJjNJ2k5yYvL7wZvzvvOcOe/z5DBzzgszE8CeNZD9SSMORcT5JKJQfzyNiO5qrzeiUttvYX525Jf52ZEkFhdf/jGJJCLuz8+ONI6V1LcH6oPeiPjquST+8ebaeSenZ8aHy+XSRH18bOrS1WOT0zNPjl0avli6WLp8/OTTQyeGTg6eGmpbrb9+d+bWz/994fvKbx/9fuOndz5I4kz01WMr66hX/dgGYmDpf7JSZ0QMt+H4O0FHvZ6VdSadGzwp3eKkAABoKV1xD/evKERHLN+8FeLzr3NNDgAAAGiLxY6IRQAAAGCXS6z/AQAAYJdrfA7g/vzsSKPl+4mE7XXvbET01+pfqLdapDMq1W1vdEXE/vtJrPxaa1J72mMbiIi73576NGvR5HvIW60yFxH/bnb+k2r9/fVvQq+uP42IwTbMP7Bq/Feq/0wb5s+7fgD2pttnaxeytde/dOn+J5pc/zqbXLseRd7Xv8b938Ka+7/l+jta3P+9tMk5rn/43rVWsaz+Z249/0mjZfNn28cq6iHcm4v4T2ez+pOl+pMW9Z/f5ByFP66VWsXyrn/x/Ygj0bz+hmT93yc6NjpWLg3W/jadY+7LoY9bzZ93/dn539+i/o3O/9UHjtT6R31ePXfuZqvYxvWnP3Qnr1R73fVHXh+empo4HtGdvLj28RPr19vYp3GMrP6j/1v/9d+s/uw9oVL/P2SVz9W32fiNVXM+e+P6Z+vVn6398jz/Fx7x/L+1yTn+/8XbR1vFVq5/s5bNfzeprYUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoCGNiL5I0mJEJNV+mhaLEQci4p+xPy1fmZx6YvTKa5cvZLGI/uhKR8fKpcGIKNTGSTY+Xu0vj0+sGj8VEQcj4t3Cvuq4OHKlfCHv4gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhyICL6IkmLEZFGxEIhTYvFvLMCAAAA2q4/7wQAAACALWf9DwAAALuf9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABb7ODh23eSiKic3ldtme56rCvXzICtluadAJCbjrwTAHLTmXcCQG4eco3vdgF2oWSDeG/LSE/bcwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg5zpy6PadJCIqp/dVW6a7Hutq+ozD25gdsJXSvBMActOxXrBz+/IAtp+XOOxdzdf4wF6SbBDvXd6n8mCkZ8tyAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDn6au2JC1GRFrtp2mxGPG3iOiPrmR0rFwajIi/R8Q3ha6ebNyTd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC03eT0zPhwuVya0NHRybeT7Iw0ap2835kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMjD5PTM+HC5XJqYzDsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIG+T0zPjw+VyaWITnZsPs/OKTt41AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQnz8DAAD//9b4DfQ=") syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f00000000c0)='./bus\x00', 0x2c600, 0x0, 0xbe, 0x0, &(0x7f00000007c0)) chdir(&(0x7f0000000140)='./bus\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) openat$incfs(0xffffffffffffff9c, &(0x7f0000000540)='.pending_reads\x00', 0x1a30c1, 0x9c37611dc13d0db7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) openat$cgroup_ro(r0, &(0x7f0000000080)='blkio.bfq.io_service_time\x00', 0x275a, 0x0) mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) getdents64(r1, &(0x7f0000000f80)=""/4096, 0x1000) 9m50.891030453s ago: executing program 32 (id=54): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x2800000, &(0x7f0000000140)={[{@debug}, {@delalloc}, {@journal_ioprio}, {@test_dummy_encryption}, {@nodiscard}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@nodiscard}, {@abort}]}, 0x1, 0xbb4, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnHy2zb2TXi6X27tpLpdLC+I0raTYIthKxY0LQbdCQzopIdMPkkhNmsVE/wFR14IbQS1KF3bdjYJbN1q3FhdCkdgoiGjkzEeSJjNJ2k5yYvL7wZvzvvOcOe/z5DBzzgszE8CeNZD9SSMORcT5JKJQfzyNiO5qrzeiUttvYX525Jf52ZEkFhdf/jGJJCLuz8+ONI6V1LcH6oPeiPjquST+8ebaeSenZ8aHy+XSRH18bOrS1WOT0zNPjl0avli6WLp8/OTTQyeGTg6eGmpbrb9+d+bWz/994fvKbx/9fuOndz5I4kz01WMr66hX/dgGYmDpf7JSZ0QMt+H4O0FHvZ6VdSadGzwp3eKkAABoKV1xD/evKERHLN+8FeLzr3NNDgAAAGiLxY6IRQAAAGCXS6z/AQAAYJdrfA7g/vzsSKPl+4mE7XXvbET01+pfqLdapDMq1W1vdEXE/vtJrPxaa1J72mMbiIi73576NGvR5HvIW60yFxH/bnb+k2r9/fVvQq+uP42IwTbMP7Bq/Feq/0wb5s+7fgD2pttnaxeytde/dOn+J5pc/zqbXLseRd7Xv8b938Ka+7/l+jta3P+9tMk5rn/43rVWsaz+Z249/0mjZfNn28cq6iHcm4v4T2ez+pOl+pMW9Z/f5ByFP66VWsXyrn/x/Ygj0bz+hmT93yc6NjpWLg3W/jadY+7LoY9bzZ93/dn539+i/o3O/9UHjtT6R31ePXfuZqvYxvWnP3Qnr1R73fVHXh+empo4HtGdvLj28RPr19vYp3GMrP6j/1v/9d+s/uw9oVL/P2SVz9W32fiNVXM+e+P6Z+vVn6398jz/Fx7x/L+1yTn+/8XbR1vFVq5/s5bNfzeprYUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoCGNiL5I0mJEJNV+mhaLEQci4p+xPy1fmZx6YvTKa5cvZLGI/uhKR8fKpcGIKNTGSTY+Xu0vj0+sGj8VEQcj4t3Cvuq4OHKlfCHv4gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhyICL6IkmLEZFGxEIhTYvFvLMCAAAA2q4/7wQAAACALWf9DwAAALuf9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABb7ODh23eSiKic3ldtme56rCvXzICtluadAJCbjrwTAHLTmXcCQG4eco3vdgF2oWSDeG/LSE/bcwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg5zpy6PadJCIqp/dVW6a7Hutq+ozD25gdsJXSvBMActOxXrBz+/IAtp+XOOxdzdf4wF6SbBDvXd6n8mCkZ8tyAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDn6au2JC1GRFrtp2mxGPG3iOiPrmR0rFwajIi/R8Q3ha6ebNyTd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC03eT0zPhwuVya0NHRybeT7Iw0ap2835kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMjD5PTM+HC5XJqYzDsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIG+T0zPjw+VyaWITnZsPs/OKTt41AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQnz8DAAD//9b4DfQ=") syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f00000000c0)='./bus\x00', 0x2c600, 0x0, 0xbe, 0x0, &(0x7f00000007c0)) chdir(&(0x7f0000000140)='./bus\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) openat$incfs(0xffffffffffffff9c, &(0x7f0000000540)='.pending_reads\x00', 0x1a30c1, 0x9c37611dc13d0db7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) openat$cgroup_ro(r0, &(0x7f0000000080)='blkio.bfq.io_service_time\x00', 0x275a, 0x0) mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) getdents64(r1, &(0x7f0000000f80)=""/4096, 0x1000) 2.545190972s ago: executing program 0 (id=2998): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000dc0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_RANGE_OP={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_RANGE_FROM_DATA={0xc, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, 'O?'}]}, @NFTA_RANGE_SREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_RANGE_TO_DATA={0x4}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x8c}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000) 2.41061822s ago: executing program 0 (id=3001): syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @random, @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0xd}, {[@lsrr={0x83, 0x3, 0xd7}, @timestamp={0x44, 0x4, 0x5, 0x3}, @cipso={0x86, 0x6}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) r0 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e1f, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @mcast2, 0x5}, 0x1c) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) setsockopt$inet6_tcp_int(r0, 0x6, 0x8, &(0x7f0000000040)=0x40000d, 0x4) 1.932590787s ago: executing program 0 (id=3007): syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400244}, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000340)=0x3) pselect6(0x0, 0x0, &(0x7f0000000000)={0x18, 0x8, 0x6, 0x0, 0x7, 0x400000}, 0x0, 0x0, 0x0) 1.613289436s ago: executing program 1 (id=3012): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x49, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r3, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r6) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000002300)="81", 0x1}], 0x1}, 0x4) 1.479787174s ago: executing program 4 (id=3013): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000600), r0) sendmsg$NFC_CMD_ENABLE_SE(r0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x71eff8d2059dfe60}, 0xc004) 1.288489225s ago: executing program 4 (id=3014): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_DEL(r0, 0x0, 0x484, &(0x7f0000001280)={0x20000000000084, @remote, 0xffff, 0x0, 'rr\x00'}, 0x2c) 1.235102918s ago: executing program 1 (id=3015): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x3, 0x13, &(0x7f0000000440)=@framed={{0x18, 0x2, 0x0, 0x0, 0x28000001, 0x0, 0x0, 0x0, 0x5}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x80800001}}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x70}}]}, 0x0, 0x2799f109, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f00000004c0)={0x0, @in6={{0xa, 0x4e24, 0x7fffffff, @dev={0xfe, 0x80, '\x00', 0x16}, 0x6}}, 0x8001, 0x2}, 0x90) 1.217080219s ago: executing program 4 (id=3016): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x34, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffc}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_ID={0x8}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x5c}, 0x1, 0x0, 0x0, 0x840}, 0x0) 1.084649367s ago: executing program 1 (id=3017): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000002880), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)={0x1c, r1, 0x711, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x28008000}, 0x40000) 1.084418417s ago: executing program 4 (id=3018): socket(0x1000000010, 0x80802, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x10, 0x803, 0x0) socket(0x10, 0x803, 0x8) socket(0x10, 0x803, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[], 0x0, 0x5b}, 0x28) epoll_create1(0x0) socket$unix(0x1, 0x1, 0x0) socket(0xa, 0x80805, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) r0 = socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f00000002c0)) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r1], 0x90}}, 0x0) 1.012814671s ago: executing program 1 (id=3019): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0x6}, {0x2, 0xb}, {0xffe0, 0xb}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2404c0f1}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 958.065974ms ago: executing program 0 (id=3020): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f00000009c0)=0x56c, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'hsr0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000100), 0x0, 0x0, &(0x7f0000000300)={0x11, 0x2, r2, 0x1, 0x8}, 0x14) 805.046043ms ago: executing program 3 (id=3021): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x80002, 0x0) ioctl$PTP_CLOCK_GETCAPS(r0, 0x80503d01, &(0x7f0000000580)) 783.868214ms ago: executing program 4 (id=3022): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000600), r0) sendmsg$NFC_CMD_ENABLE_SE(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x71eff8d2059dfe60}, 0xc004) 753.924206ms ago: executing program 0 (id=3023): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x49, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r8, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000002300)="81", 0x1}], 0x1}, 0x4) 641.680742ms ago: executing program 3 (id=3024): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0xc000802) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 640.854132ms ago: executing program 4 (id=3025): r0 = socket$inet_sctp(0x2, 0x1, 0x84) ioctl$int_in(r0, 0x5452, &(0x7f00000004c0)=0x5) sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) unshare(0x2040400) listen(r0, 0x8) ppoll(&(0x7f0000000300)=[{0xffffffffffffffff, 0x410}], 0x1, &(0x7f0000000380), 0x0, 0x0) 553.029927ms ago: executing program 1 (id=3026): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0xe}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7ffffe}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x2107, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 384.495328ms ago: executing program 3 (id=3027): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000002880), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)={0x1c, r1, 0x711, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x28008000}, 0x40000) 337.5229ms ago: executing program 1 (id=3028): syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400244}, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000340)=0x3) pselect6(0x40, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x10000000, 0x1}, 0x0, 0x0, 0x0, 0x0) 272.721844ms ago: executing program 3 (id=3029): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0x6}, {0x2, 0xb}, {0xffe0, 0xb}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x1, 0xe}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2404c0f1}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 168.66171ms ago: executing program 0 (id=3030): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x579, &(0x7f0000000a40)="$eJzs3c9rHFUcAPDvbLL9rU2hFBWRgAcrtZsm8UcFD/WsxYLe65JsQ8mmW7Kb0sSC7cGepXgRC+JdPPdY/Ac8+DcUbKFICXrwEpnN7ObX5FezSbbdzwc2vDczu2++++a9vDdvlw2gZw2mfwoRr0fE90nE8YhIsn39ke0cXDxu/tmtsfSRxMLCl38nzePSfOu1Ws87mmVei4jfv4s4U1hbbn12brJcrVams/xQY+r6UH127uzVqfJEZaJybWR09PwHoyMff/Rhx2J999K/P37xsC/LnbiXxIU4luWWx7EDt5dnBmMwe0+KcWHVgcMdKKybJLlbf9vz82B7+rJ2Xoy0DzgefVmrB15+30bEAtCjkm23/z+Lu3MmwN5qjQNac/sOzYNfGE8/XZwArY2/f/HeSBxqzo2OzCcrZkbpfHegA+WnZTx4fP9e+ojO3YcA2NTtOxFxrr9/bf+XZP3f8zu3hWOWyli8g6j/g73zMB3/vJc3/im0xz+RM/45uqLtPr/Vr7G2/ReedKCYdaXjv09yx7/tRauBviz3SnPMV0yuXK1W0r7t1Yg4HcWDaX6j9Zzz848W1tu3fPz3oHD/Xlp+ayyYnceT/oMrnzNebpR3EvNyT+9EvJE7/k3a9Z/k1H/6flzaYhmnKvffytncHD6viP9xXvy7a+GXiHdy639pRSvZeH1yqHk9DLWuirX+uXvqj/XK3+/40/o/snH8A8ny9dr69sv4+dB/lWivJ6+0Iv7Y+vV/IPmqmT6QbbtZbjSmhyMOJJ+3txda20eWntvKt45P4z/99sb9X971fzgivt5i/HdP/vrmevu6of7Hc+u/PbtdVf/bTzz67Juf1it/8/jT+n+/mTqdbdlK/7fVE9zJewcAAAAAAADdphARxyIplNrpQqFUWvx8x8k4UqjW6o0zV2oz18aj+V3ZgSgWWivdx5d9HmI4WzFs5UdW5Ucj4kRE/NB3uJkvjdWq4/sdPAAAAAAAAAAAAAAAAAAAAHSJo+t8/z/1V99+nx2w6/zkN/SuTdt/J37pCehK/v9D79L+oXdp/9C7tH/oXdo/9C7tH3pXbvs/tPfnAew9//8BAAAAAAAAAAAAAAAAAAAAAAAAAACgoy5dvJg+Fuaf3RpL8+M3ZmcmazfOjlfqk6WpmbHSWG36emmiVpuoVkpjtanNXq9aq10fHomZm0ONSr0xVJ+duzxVm7nWuHx1qjxRuVwp7klUAAAAAAAAAAAAAAAAAAAA8GKpz85NlqvVyrTEy5xIImKXiujvigAlOp3Y754JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJb8HwAA//9jbDB1") setxattr$incfs_metadata(&(0x7f0000000240)='./file1\x00', &(0x7f0000000280), &(0x7f00000002c0)="30573472b621739991c336124406e8a5c812ca847e3bf9b837c91d46ab", 0x1d, 0x1) lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f0000000000)=ANY=[], 0x361, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000000)=ANY=[], 0xfe37, 0x0) 135.352082ms ago: executing program 3 (id=3031): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f00000009c0)=0x56c, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'hsr0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000100), 0x0, 0x0, &(0x7f0000000300)={0x11, 0x2, r2, 0x1, 0x8}, 0x14) 0s ago: executing program 3 (id=3032): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) write$vga_arbiter(r0, &(0x7f0000000280)=ANY=[@ANYBLOB='unlock i'], 0xe) kernel console output (not intermixed with test programs): : USB disconnect, device number 30 [ 419.016393][ T8516] loop4: detected capacity change from 0 to 16 [ 419.054363][ T8516] erofs: (device loop4): mounted with root inode @ nid 36. [ 419.914509][ T8525] erofs: (device loop4): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 419.973017][ T8525] erofs: (device loop4): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 420.188126][ T8525] erofs: (device loop4): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 420.233047][ T8525] erofs: (device loop4): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 420.271421][ T8525] erofs: (device loop4): z_erofs_read_folio: read error -117 @ 72 of nid 36 [ 420.416456][ T8524] netlink: 'syz.0.819': attribute type 4 has an invalid length. [ 420.424690][ T8524] netlink: 1601 bytes leftover after parsing attributes in process `syz.0.819'. [ 420.946877][ T8528] loop4: detected capacity change from 0 to 128 [ 420.976848][ T8528] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 421.060021][ T8528] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 421.793075][ T5859] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 421.964922][ T8555] netlink: 'syz.3.831': attribute type 4 has an invalid length. [ 421.972651][ T8555] netlink: 1601 bytes leftover after parsing attributes in process `syz.3.831'. [ 422.016568][ T5859] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 422.049958][ T5859] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 422.092388][ T5859] usb 1-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 422.126095][ T5859] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 422.156756][ T5859] usb 1-1: Product: syz [ 422.172438][ T5859] usb 1-1: Manufacturer: syz [ 422.191406][ T5859] usb 1-1: SerialNumber: syz [ 422.225372][ T5859] usb 1-1: config 0 descriptor?? [ 422.252351][ T8546] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 422.286195][ T5859] dm9601: probe of 1-1:0.0 failed with error -22 [ 423.282324][ T8570] netlink: 32 bytes leftover after parsing attributes in process `syz.1.834'. [ 423.459625][ T8580] fuse: Bad value for 'user_id' [ 423.521169][ T8582] netlink: 1688 bytes leftover after parsing attributes in process `syz.1.841'. [ 424.587744][ T5859] usb 1-1: USB disconnect, device number 31 [ 424.851047][ T8600] netlink: 32 bytes leftover after parsing attributes in process `syz.3.846'. [ 425.236632][ T8610] fuse: Bad value for 'user_id' [ 425.723188][ T8624] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 428.082271][ T8652] netlink: 12 bytes leftover after parsing attributes in process `syz.0.868'. [ 428.156636][ T8653] vlan2: entered allmulticast mode [ 428.161938][ T8653] bond1: entered allmulticast mode [ 431.239007][ T8682] mmap: syz.4.879 (8682) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 431.620147][ T8692] netlink: 12 bytes leftover after parsing attributes in process `syz.1.882'. [ 431.842176][ T8697] vlan2: entered allmulticast mode [ 431.884742][ T8697] bond1: entered allmulticast mode [ 433.053310][ T967] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 433.265389][ T967] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 433.282095][ T8723] netlink: 16 bytes leftover after parsing attributes in process `syz.3.895'. [ 433.283073][ T967] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 433.324524][ T967] usb 1-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 433.342767][ T967] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 433.361230][ T967] usb 1-1: Product: syz [ 433.365750][ T967] usb 1-1: Manufacturer: syz [ 433.370395][ T967] usb 1-1: SerialNumber: syz [ 433.393857][ T967] usb 1-1: config 0 descriptor?? [ 433.400864][ T8709] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 433.408918][ T8709] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 433.631390][ T8709] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 433.640341][ T8709] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 434.065539][ T967] Error reading MAC address [ 435.662810][ T5836] usb 1-1: USB disconnect, device number 32 [ 436.054489][ T8748] netlink: 16 bytes leftover after parsing attributes in process `syz.1.904'. [ 436.220027][ T8754] loop0: detected capacity change from 0 to 16 [ 436.244320][ T8754] erofs: (device loop0): mounted with root inode @ nid 36. [ 436.640492][ T8771] erofs: (device loop0): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 436.650403][ T8771] erofs: (device loop0): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 436.660441][ T8771] erofs: (device loop0): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 436.670295][ T8771] erofs: (device loop0): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 436.680263][ T8771] erofs: (device loop0): z_erofs_read_folio: read error -117 @ 72 of nid 36 [ 437.661069][ T8776] netlink: 16 bytes leftover after parsing attributes in process `syz.0.915'. [ 439.023663][ T5835] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 439.354367][ T5835] usb 1-1: Using ep0 maxpacket: 8 [ 439.376387][ T5835] usb 1-1: too many configurations: 23, using maximum allowed: 8 [ 439.405967][ T5835] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 439.423015][ T5835] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.441294][ T5835] usb 1-1: Product: syz [ 439.446078][ T5835] usb 1-1: Manufacturer: syz [ 439.450748][ T5835] usb 1-1: SerialNumber: syz [ 439.476751][ T5835] usb 1-1: config 0 descriptor?? [ 439.701836][ T5835] usb read operation failed. (-32) [ 439.790485][ T8831] netlink: 'syz.1.939': attribute type 10 has an invalid length. [ 439.805314][ T8831] bridge0: port 2(bridge_slave_1) entered disabled state [ 439.813765][ T8831] bridge0: port 1(bridge_slave_0) entered disabled state [ 439.846517][ T8831] bridge0: port 2(bridge_slave_1) entered blocking state [ 439.853880][ T8831] bridge0: port 2(bridge_slave_1) entered forwarding state [ 439.861473][ T8831] bridge0: port 1(bridge_slave_0) entered blocking state [ 439.868755][ T8831] bridge0: port 1(bridge_slave_0) entered forwarding state [ 439.900794][ T8831] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 440.113480][ T5835] usb 1-1: dvb_usb_v2: found a 'Terratec H7' in cold state [ 440.125592][ T5835] usb 1-1: Direct firmware load for dvb-usb-terratec-h7-az6007.fw failed with error -2 [ 440.140403][ T5835] usb 1-1: Falling back to sysfs fallback for: dvb-usb-terratec-h7-az6007.fw [ 440.175278][ T8838] netlink: 12 bytes leftover after parsing attributes in process `syz.1.942'. [ 440.473734][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.482449][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.067064][ T8852] netlink: 16 bytes leftover after parsing attributes in process `syz.3.946'. [ 441.381302][ T8869] loop0: detected capacity change from 0 to 128 [ 441.410996][ T8869] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 441.469628][ T8869] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 441.699854][ T8877] netlink: 12 bytes leftover after parsing attributes in process `syz.3.957'. [ 441.728617][ T8875] netlink: 8 bytes leftover after parsing attributes in process `syz.0.956'. [ 442.548071][ T8899] netlink: 8 bytes leftover after parsing attributes in process `syz.4.967'. [ 443.129313][ T8914] netlink: 16 bytes leftover after parsing attributes in process `syz.3.964'. [ 447.884980][ T8970] netlink: 16 bytes leftover after parsing attributes in process `syz.1.991'. [ 452.059247][ T9015] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1011'. [ 455.541495][ T9061] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1029'. [ 457.622167][ T9072] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1030'. [ 457.640342][ T9074] netlink: 'syz.4.1024': attribute type 10 has an invalid length. [ 457.660495][ T9074] bridge0: port 2(bridge_slave_1) entered disabled state [ 457.668005][ T9074] bridge0: port 1(bridge_slave_0) entered disabled state [ 457.793938][ T9074] bridge0: port 2(bridge_slave_1) entered blocking state [ 457.801203][ T9074] bridge0: port 2(bridge_slave_1) entered forwarding state [ 457.808917][ T9074] bridge0: port 1(bridge_slave_0) entered blocking state [ 457.816184][ T9074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 457.869535][ T9074] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 459.752167][ T9106] netlink: 'syz.1.1046': attribute type 10 has an invalid length. [ 459.795213][ T9106] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.802613][ T9106] bridge0: port 1(bridge_slave_0) entered disabled state [ 461.713414][ T5774] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 463.852004][ T5774] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 464.228583][ T9159] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1067'. [ 465.660670][ T5774] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 468.398866][ T5774] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 468.663502][ T9209] 9pnet_fd: Insufficient options for proto=fd [ 470.196444][ T9214] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1075'. [ 471.780112][ T8] IPVS: starting estimator thread 0... [ 472.944188][ T9241] IPVS: using max 18 ests per chain, 43200 per kthread [ 478.660548][ T9305] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1117'. [ 480.346557][ T28] audit: type=1326 audit(1769934733.424:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9316 comm="syz.4.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12d7f9aeb9 code=0x7fc00000 [ 481.006183][ T9343] fuse: Unknown parameter '0x0000000000000003' [ 482.491517][ T9350] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 482.726205][ T9363] fuse: Unknown parameter '0x0000000000000003' [ 484.126735][ T9392] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1152'. [ 484.214430][ T9395] fuse: Unknown parameter '0x0000000000000003' [ 486.169605][ T9410] bridge0: port 2(bridge_slave_1) entered disabled state [ 486.177003][ T9410] bridge0: port 1(bridge_slave_0) entered disabled state [ 486.377233][ T9429] fuse: Unknown parameter '0x0000000000000003' [ 487.730907][ T9410] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 487.769120][ T9410] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 489.578817][ T9410] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.590279][ T9410] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.599824][ T9410] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.612583][ T9410] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.822421][ T9454] fuse: Unknown parameter '0x0000000000000003' [ 490.011673][ T9458] netlink: 'syz.3.1176': attribute type 10 has an invalid length. [ 490.073720][ T9458] bridge0: port 2(bridge_slave_1) entered disabled state [ 490.081286][ T9458] bridge0: port 1(bridge_slave_0) entered disabled state [ 490.320707][ T9474] vlan2: entered promiscuous mode [ 490.331377][ T9474] vlan2: entered allmulticast mode [ 490.340274][ T9474] hsr_slave_1: entered allmulticast mode [ 490.387984][ T9474] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1184'. [ 491.116617][ T9498] vlan2: entered promiscuous mode [ 491.122037][ T9498] vlan2: entered allmulticast mode [ 491.127936][ T9498] hsr_slave_1: entered allmulticast mode [ 491.420185][ T9504] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1197'. [ 492.051469][ T9524] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1207'. [ 494.245297][ T9571] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1220'. [ 498.803561][ T9682] ref_ctr_offset mismatch. inode: 0x855 offset: 0x0 ref_ctr_offset(old): 0x100 ref_ctr_offset(new): 0x0 [ 501.188701][ T5138] udevd[5138]: worker [7879] /devices/platform/dummy_hcd.0/usb1/1-1 is taking a long time [ 502.361154][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.370086][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.386188][ T5835] usb 1-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-terratec-h7-az6007.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 502.420374][ T5835] dvb_usb_az6007: probe of 1-1:0.0 failed with error -110 [ 502.445879][ T5835] usb 1-1: USB disconnect, device number 33 [ 503.369032][ T9749] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1307'. [ 503.639674][ T9760] netlink: 384 bytes leftover after parsing attributes in process `syz.3.1312'. [ 508.570006][ T9884] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1361'. [ 510.057333][ T9898] vlan2: entered promiscuous mode [ 510.073752][ T9898] vlan2: entered allmulticast mode [ 510.078960][ T9898] hsr_slave_1: entered allmulticast mode [ 512.082272][ T9954] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1390'. [ 513.496767][ T9985] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1404'. [ 514.657046][T10000] IPv6: NLM_F_CREATE should be specified when creating new route [ 516.700706][T10046] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 516.970056][T10051] netlink: 384 bytes leftover after parsing attributes in process `syz.3.1430'. [ 522.028246][T10112] tipc: Enabling of bearer rejected, failed to enable media [ 525.412279][T10171] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1476'. [ 529.085655][ T28] audit: type=1326 audit(1769935038.338:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10215 comm="syz.1.1488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7af6f9aeb9 code=0x7ffc0000 [ 529.168058][ T28] audit: type=1326 audit(1769935038.338:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10215 comm="syz.1.1488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7af6f9aeb9 code=0x7ffc0000 [ 529.281662][ T28] audit: type=1326 audit(1769935038.529:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10215 comm="syz.1.1488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7af6f9aeb9 code=0x7ffc0000 [ 529.354971][ T28] audit: type=1326 audit(1769935038.529:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10215 comm="syz.1.1488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7af6f9aeb9 code=0x7ffc0000 [ 529.377976][ T28] audit: type=1326 audit(1769935038.529:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10215 comm="syz.1.1488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7af6f9aeb9 code=0x7ffc0000 [ 529.432655][ T28] audit: type=1326 audit(1769935038.529:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10215 comm="syz.1.1488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f7af6f9aeb9 code=0x7ffc0000 [ 529.836623][ T28] audit: type=1326 audit(1769935038.529:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10215 comm="syz.1.1488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7af6f9aeb9 code=0x7ffc0000 [ 530.077202][ T28] audit: type=1326 audit(1769935038.529:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10215 comm="syz.1.1488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f7af6f9aeb9 code=0x7ffc0000 [ 530.412606][ T28] audit: type=1326 audit(1769935039.665:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10215 comm="syz.1.1488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7af6f9aeb9 code=0x7ffc0000 [ 530.458657][ T28] audit: type=1326 audit(1769935039.665:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10215 comm="syz.1.1488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7af6f9aeb9 code=0x7ffc0000 [ 530.864008][T10241] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1503'. [ 531.063857][T10250] syz.1.1506 uses obsolete (PF_INET,SOCK_PACKET) [ 532.339994][T10286] xt_CONNSECMARK: invalid mode: 0 [ 534.351482][T10347] netlink: 'syz.4.1548': attribute type 10 has an invalid length. [ 537.827742][T10389] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1567'. [ 537.852458][T10389] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1567'. [ 538.730314][T10403] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1571'. [ 538.902534][T10407] netlink: 'syz.0.1574': attribute type 10 has an invalid length. [ 538.922104][T10407] bridge0: port 2(bridge_slave_1) entered disabled state [ 538.929582][T10407] bridge0: port 1(bridge_slave_0) entered disabled state [ 538.965349][T10407] bridge0: port 2(bridge_slave_1) entered blocking state [ 538.972660][T10407] bridge0: port 2(bridge_slave_1) entered forwarding state [ 538.980349][T10407] bridge0: port 1(bridge_slave_0) entered blocking state [ 538.987588][T10407] bridge0: port 1(bridge_slave_0) entered forwarding state [ 539.023221][T10407] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 539.837337][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 539.837355][ T28] audit: type=1326 audit(1769935049.146:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10436 comm="syz.3.1585" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9b5c79aeb9 code=0x0 [ 543.389419][T10515] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1619'. [ 544.104299][T10543] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1630'. [ 544.732702][T10567] netlink: 'syz.0.1641': attribute type 10 has an invalid length. [ 544.742183][T10567] bridge0: port 2(bridge_slave_1) entered disabled state [ 544.749465][T10567] bridge0: port 1(bridge_slave_0) entered disabled state [ 544.954282][T10578] netlink: 'syz.4.1646': attribute type 1 has an invalid length. [ 546.329562][T10618] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1664'. [ 546.358663][T10618] netlink: 'syz.3.1664': attribute type 12 has an invalid length. [ 546.380390][T10618] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 546.389918][T10618] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 546.399215][T10618] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 546.408579][T10618] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 546.426713][T10618] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1664'. [ 546.436039][T10618] netlink: 'syz.3.1664': attribute type 12 has an invalid length. [ 547.434919][T10659] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1674'. [ 547.487484][T10663] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 549.779957][T10745] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 550.535223][ T28] audit: type=1326 audit(1769935059.886:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10771 comm="syz.0.1724" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8e0ab9aeb9 code=0x0 [ 550.617376][T10780] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1725'. [ 552.490985][ C0] hrtimer: interrupt took 38669 ns [ 554.348083][T10875] capability: warning: `syz.3.1758' uses 32-bit capabilities (legacy support in use) [ 554.658837][T10893] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1766'. [ 555.092912][T10911] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1773'. [ 555.768301][T10936] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1783'. [ 556.399035][ T28] audit: type=1326 audit(1769935065.760:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10971 comm="syz.3.1797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b5c79aeb9 code=0x7ffc0000 [ 556.460191][ T28] audit: type=1326 audit(1769935065.760:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10971 comm="syz.3.1797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b5c79aeb9 code=0x7ffc0000 [ 556.501329][ T28] audit: type=1326 audit(1769935065.770:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10971 comm="syz.3.1797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7f9b5c79aeb9 code=0x7ffc0000 [ 556.525998][ T28] audit: type=1326 audit(1769935065.770:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10971 comm="syz.3.1797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b5c79aeb9 code=0x7ffc0000 [ 556.549731][ T28] audit: type=1326 audit(1769935065.770:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10971 comm="syz.3.1797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b5c79aeb9 code=0x7ffc0000 [ 556.619541][ T28] audit: type=1326 audit(1769935065.770:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10971 comm="syz.3.1797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9b5c79aeb9 code=0x7ffc0000 [ 556.666303][ T28] audit: type=1326 audit(1769935065.770:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10971 comm="syz.3.1797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b5c79aeb9 code=0x7ffc0000 [ 556.689242][ T28] audit: type=1326 audit(1769935065.770:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10971 comm="syz.3.1797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f9b5c79aeb9 code=0x7ffc0000 [ 556.718491][ T28] audit: type=1326 audit(1769935065.770:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10971 comm="syz.3.1797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b5c79aeb9 code=0x7ffc0000 [ 556.779589][ T28] audit: type=1326 audit(1769935065.770:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10971 comm="syz.3.1797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b5c79aeb9 code=0x7ffc0000 [ 557.889328][T11026] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1818'. [ 557.903808][T11029] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1811'. [ 558.846399][T11056] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1829'. [ 558.923339][T11058] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1828'. [ 559.592181][T11078] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1838'. [ 559.618454][T11080] netlink: 384 bytes leftover after parsing attributes in process `syz.3.1839'. [ 559.715225][T11084] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1840'. [ 560.235688][T11106] netlink: 384 bytes leftover after parsing attributes in process `syz.1.1850'. [ 560.923880][T11130] netlink: 384 bytes leftover after parsing attributes in process `syz.0.1861'. [ 561.493422][T11151] netlink: 384 bytes leftover after parsing attributes in process `syz.0.1871'. [ 562.466786][T11173] netlink: 384 bytes leftover after parsing attributes in process `syz.1.1882'. [ 563.014323][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.020901][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.385694][T11193] netlink: 384 bytes leftover after parsing attributes in process `syz.3.1892'. [ 564.006932][T11220] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1901'. [ 564.259167][T11226] netlink: 384 bytes leftover after parsing attributes in process `syz.3.1904'. [ 564.654544][T11239] tipc: Enabling of bearer rejected, failed to enable media [ 564.936696][T11249] netlink: 384 bytes leftover after parsing attributes in process `syz.1.1914'. [ 565.087095][T11254] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1911'. [ 565.711488][T11287] netlink: 384 bytes leftover after parsing attributes in process `syz.0.1924'. [ 565.978947][T11299] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1928'. [ 566.491017][T11321] netlink: 384 bytes leftover after parsing attributes in process `syz.3.1935'. [ 566.799356][T11337] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1940'. [ 566.934100][T11340] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1941'. [ 566.963355][T11340] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1941'. [ 567.000864][T11342] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1942'. [ 567.209222][T11353] netlink: 384 bytes leftover after parsing attributes in process `syz.1.1946'. [ 567.594889][T11369] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1952'. [ 567.604460][T11369] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1952'. [ 567.657793][T11372] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1953'. [ 572.863341][T11483] __nla_validate_parse: 7 callbacks suppressed [ 572.863359][T11483] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2002'. [ 572.906934][T11483] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2002'. [ 572.935832][T11483] netlink: 'syz.1.2002': attribute type 12 has an invalid length. [ 572.966578][T11483] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 572.975572][T11483] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 572.984411][T11483] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 572.993185][T11483] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 573.078890][T11483] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2002'. [ 573.101058][T11483] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2002'. [ 573.121099][T11483] netlink: 'syz.1.2002': attribute type 12 has an invalid length. [ 576.286539][T11527] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1991'. [ 576.655218][T11532] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2019'. [ 576.694692][T11532] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2019'. [ 576.752704][T11532] batadv0: entered promiscuous mode [ 576.784462][T11532] dummy0: entered promiscuous mode [ 577.259220][T11549] netlink: 384 bytes leftover after parsing attributes in process `syz.0.2027'. [ 577.964157][T11577] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2026'. [ 579.069875][T11590] netlink: 384 bytes leftover after parsing attributes in process `syz.0.2038'. [ 579.839972][T11624] netlink: 384 bytes leftover after parsing attributes in process `syz.4.2049'. [ 580.293799][T11632] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2054'. [ 580.325453][T11632] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2054'. [ 580.357796][T11632] netlink: 'syz.4.2054': attribute type 12 has an invalid length. [ 580.408492][T11632] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 580.417351][T11632] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 580.426396][T11632] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 580.435131][T11632] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 580.502558][T11632] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2054'. [ 580.538247][T11632] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2054'. [ 580.575964][T11632] netlink: 'syz.4.2054': attribute type 12 has an invalid length. [ 580.903986][T11648] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 580.914974][T11648] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 580.923510][T11648] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 580.953852][T11648] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 580.964120][T11648] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 580.972246][T11648] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 581.398934][T11642] chnl_net:caif_netlink_parms(): no params data found [ 582.773043][T11642] bridge0: port 1(bridge_slave_0) entered blocking state [ 582.780942][T11642] bridge0: port 1(bridge_slave_0) entered disabled state [ 582.788440][T11642] bridge_slave_0: entered allmulticast mode [ 582.796374][T11642] bridge_slave_0: entered promiscuous mode [ 582.805258][T11642] bridge0: port 2(bridge_slave_1) entered blocking state [ 582.812571][T11642] bridge0: port 2(bridge_slave_1) entered disabled state [ 582.819928][T11642] bridge_slave_1: entered allmulticast mode [ 582.827494][T11642] bridge_slave_1: entered promiscuous mode [ 582.912018][T11642] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 582.959685][T11642] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 583.035946][ T5774] Bluetooth: hci4: command tx timeout [ 583.110776][T11642] team0: Port device team_slave_0 added [ 583.153689][T11642] team0: Port device team_slave_1 added [ 583.263314][T11642] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 583.283694][T11642] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 583.335736][T11642] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 583.372491][T11642] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 583.385519][T11642] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 583.466059][T11642] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 583.589498][T11642] hsr_slave_0: entered promiscuous mode [ 583.622015][T11642] hsr_slave_1: entered promiscuous mode [ 583.644164][T11642] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 583.663468][T11642] Cannot create hsr debugfs directory [ 584.009832][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 584.032748][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 585.155831][T11648] Bluetooth: hci4: command tx timeout [ 585.290087][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 585.335547][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 585.536376][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 585.558302][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 585.663596][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 585.688860][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 587.207569][T11648] Bluetooth: hci4: command tx timeout [ 588.593896][T11642] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 588.755538][T11642] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 588.786510][T11642] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 588.814460][T11642] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 589.275750][T11648] Bluetooth: hci4: command tx timeout [ 589.440119][T11791] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2090'. [ 589.719101][ T12] batadv0: left promiscuous mode [ 589.743279][ T12] dummy0: left promiscuous mode [ 589.796202][ T12] hsr_slave_0: left promiscuous mode [ 589.822288][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 589.851802][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 589.920597][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 589.949832][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 589.977284][ T12] bridge_slave_1: left allmulticast mode [ 589.983010][ T12] bridge_slave_1: left promiscuous mode [ 590.026390][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 590.087467][ T12] bridge_slave_0: left allmulticast mode [ 590.093188][ T12] bridge_slave_0: left promiscuous mode [ 590.146308][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 590.279749][ T12] veth1_macvtap: left promiscuous mode [ 590.291154][ T12] veth0_macvtap: left promiscuous mode [ 590.305613][ T12] veth1_vlan: left promiscuous mode [ 590.317636][ T12] veth0_vlan: left promiscuous mode [ 590.712681][ T12] bond2 (unregistering): Released all slaves [ 590.754600][ T12] bond1 (unregistering): Released all slaves [ 591.549648][ T12] team0 (unregistering): Port device team_slave_1 removed [ 591.600490][ T12] team0 (unregistering): Port device team_slave_0 removed [ 591.649810][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 591.700611][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 592.063171][ T12] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 592.072350][ T12] bond0 (unregistering): Released all slaves [ 592.197617][T11642] 8021q: adding VLAN 0 to HW filter on device bond0 [ 592.264199][T11642] 8021q: adding VLAN 0 to HW filter on device team0 [ 592.308662][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 592.315912][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 592.327718][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 592.336309][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 592.384406][T11863] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2109'. [ 592.403395][T11863] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2109'. [ 592.414414][T11863] netlink: 'syz.0.2109': attribute type 12 has an invalid length. [ 592.438159][T11863] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 592.447188][T11863] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 592.456074][T11863] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 592.464818][T11863] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 592.492801][T11863] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2109'. [ 592.525394][T11863] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2109'. [ 592.534575][T11863] netlink: 'syz.0.2109': attribute type 12 has an invalid length. [ 593.172629][T11642] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 593.229688][ T12] IPVS: stop unused estimator thread 0... [ 593.348932][T11642] veth0_vlan: entered promiscuous mode [ 593.392236][T11642] veth1_vlan: entered promiscuous mode [ 593.480296][T11642] veth0_macvtap: entered promiscuous mode [ 593.509632][T11642] veth1_macvtap: entered promiscuous mode [ 593.564677][T11642] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 593.586829][T11642] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 593.623759][T11642] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 593.667298][T11642] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 593.694724][T11642] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 593.707838][T11642] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 593.740058][T11642] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.753769][T11642] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.763383][T11642] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.772436][T11642] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.860389][T11909] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2125'. [ 593.874288][T11909] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2125'. [ 593.938391][ T1135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 593.950192][ T1135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 593.992885][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 594.013063][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 594.160575][T11915] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2128'. [ 594.649648][T11936] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2137'. [ 595.773652][T11948] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2142'. [ 595.785183][T11948] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2142'. [ 595.844996][T11952] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 595.853720][T11948] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2142'. [ 595.865917][T11948] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2142'. [ 596.214740][T11968] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2150'. [ 597.060648][T12008] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2168'. [ 598.946386][T12053] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2184'. [ 599.291155][T12063] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2190'. [ 599.542002][T12072] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2194'. [ 600.195105][T12101] __nla_validate_parse: 2 callbacks suppressed [ 600.195126][T12101] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2207'. [ 600.215775][T12101] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2207'. [ 600.233806][T12102] loop3: detected capacity change from 0 to 512 [ 600.235229][T12101] netlink: 'syz.0.2207': attribute type 12 has an invalid length. [ 600.263392][T12101] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2207'. [ 600.276072][T12102] EXT4-fs: Ignoring removed nobh option [ 600.287301][T12101] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2207'. [ 600.311942][T12101] netlink: 'syz.0.2207': attribute type 12 has an invalid length. [ 600.341209][T12102] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 600.342286][T12106] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2208'. [ 600.373265][T12102] ext4 filesystem being mounted at /12/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 600.582992][T11642] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 600.997571][T12125] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2217'. [ 601.025227][T12125] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2217'. [ 601.045028][T12125] netlink: 'syz.3.2217': attribute type 12 has an invalid length. [ 601.059581][T12123] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000 [ 601.082347][T12125] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 601.091640][T12125] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 601.100835][T12125] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 601.110243][T12125] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 601.139078][T12125] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2217'. [ 601.155738][T12125] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2217'. [ 601.164750][T12125] netlink: 'syz.3.2217': attribute type 12 has an invalid length. [ 601.296482][T12135] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2220'. [ 602.314239][T12181] syzkaller0: entered promiscuous mode [ 602.321174][T12181] syzkaller0: entered allmulticast mode [ 603.721999][ T5855] IPVS: starting estimator thread 0... [ 603.836730][T12238] IPVS: using max 19 ests per chain, 45600 per kthread [ 605.281156][T12301] __nla_validate_parse: 9 callbacks suppressed [ 605.281174][T12301] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2291'. [ 605.547977][T12316] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2294'. [ 605.819549][T12323] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2300'. [ 605.847468][T12323] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2300'. [ 606.359388][T12353] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2311'. [ 606.722662][T12363] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2316'. [ 606.745359][T12363] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2316'. [ 607.356170][T12386] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2322'. [ 607.549755][T12392] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2327'. [ 607.856284][T12404] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2334'. [ 607.886820][T12405] netlink: 'syz.4.2333': attribute type 12 has an invalid length. [ 607.895214][T12405] netlink: 'syz.4.2333': attribute type 12 has an invalid length. [ 608.176530][T12411] xt_hashlimit: size too large, truncated to 1048576 [ 608.539704][ T5774] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 608.564721][ T5774] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 608.573679][ T5774] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 608.597186][ T5774] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 608.606219][ T5774] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 608.621480][ T5774] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 608.870031][ T136] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 608.903826][ T136] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 609.058677][ T136] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 609.085332][ T136] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 609.223204][ T136] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 609.255534][ T136] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 609.399061][ T136] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 609.419933][ T136] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 609.650579][ T1128] Bluetooth: hci3: Frame reassembly failed (-84) [ 609.893650][T12420] chnl_net:caif_netlink_parms(): no params data found [ 610.506325][T12460] __nla_validate_parse: 8 callbacks suppressed [ 610.506345][T12460] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2348'. [ 610.522142][T12420] bridge0: port 1(bridge_slave_0) entered blocking state [ 610.535592][T12420] bridge0: port 1(bridge_slave_0) entered disabled state [ 610.553383][T12420] bridge_slave_0: entered allmulticast mode [ 610.585197][T12420] bridge_slave_0: entered promiscuous mode [ 610.712176][T12420] bridge0: port 2(bridge_slave_1) entered blocking state [ 610.719486][ T5774] Bluetooth: hci2: command tx timeout [ 610.729936][T12420] bridge0: port 2(bridge_slave_1) entered disabled state [ 610.746012][T12420] bridge_slave_1: entered allmulticast mode [ 610.767052][T12420] bridge_slave_1: entered promiscuous mode [ 610.858792][T12420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 610.937845][T12420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 611.097058][T12420] team0: Port device team_slave_0 added [ 611.314845][T12420] team0: Port device team_slave_1 added [ 611.542565][T12420] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 611.553478][T12420] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 611.586493][T12420] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 611.639944][T12420] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 611.651788][T12420] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 611.683081][T11648] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 611.686116][ T5774] Bluetooth: hci3: command 0x1003 tx timeout [ 611.703823][T12420] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 612.029868][T12420] hsr_slave_0: entered promiscuous mode [ 612.049153][T12420] hsr_slave_1: entered promiscuous mode [ 612.062746][T12420] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 612.072375][T12420] Cannot create hsr debugfs directory [ 612.100866][T12492] syzkaller0: entered promiscuous mode [ 612.110756][T12492] syzkaller0: entered allmulticast mode [ 612.169587][ T136] hsr_slave_0: left promiscuous mode [ 612.183126][ T136] bridge_slave_1: left allmulticast mode [ 612.195769][ T136] bridge_slave_1: left promiscuous mode [ 612.204916][ T136] bridge0: port 2(bridge_slave_1) entered disabled state [ 612.233294][ T136] bridge_slave_0: left allmulticast mode [ 612.243066][ T136] bridge_slave_0: left promiscuous mode [ 612.255914][ T136] bridge0: port 1(bridge_slave_0) entered disabled state [ 612.328585][ T136] veth1_macvtap: left promiscuous mode [ 612.334322][ T136] veth0_macvtap: left promiscuous mode [ 612.351856][ T136] veth1_vlan: left promiscuous mode [ 612.361927][ T136] veth0_vlan: left promiscuous mode [ 612.804897][ T51] Bluetooth: hci2: command tx timeout [ 612.847076][ T136] bond2 (unregistering): Released all slaves [ 612.895957][ T136] bond1 (unregistering): Released all slaves [ 613.537716][ T136] team0 (unregistering): Port device team_slave_1 removed [ 613.591437][ T136] team0 (unregistering): Port device team_slave_0 removed [ 613.647149][ T136] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 613.698890][ T136] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 614.053071][ T136] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 614.062481][ T136] bond0 (unregistering): Released all slaves [ 614.526304][T12534] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2362'. [ 614.763492][T12542] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2366'. [ 614.875462][ T51] Bluetooth: hci2: command tx timeout [ 614.923589][T12548] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2368'. [ 615.034125][ T136] IPVS: stop unused estimator thread 0... [ 615.185023][T12556] macvtap1: entered promiscuous mode [ 615.203268][T12556] macvtap1: entered allmulticast mode [ 615.216017][T12556] veth0_to_bridge: entered promiscuous mode [ 615.235531][T12556] veth0_to_bridge: entered allmulticast mode [ 615.272818][T12556] team0: Device macvtap1 failed to register rx_handler [ 615.296513][T12556] veth0_to_bridge: left allmulticast mode [ 615.309814][T12556] veth0_to_bridge: left promiscuous mode [ 615.658162][T12572] loop3: detected capacity change from 0 to 512 [ 615.733972][T12572] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 615.751489][T12572] ext4 filesystem being mounted at /63/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 615.762810][T12576] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2373'. [ 615.808099][T12572] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #15: comm syz.3.2372: corrupted xattr block 33: invalid ea_ino [ 615.812825][T12576] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2373'. [ 615.853357][T12576] netlink: 'syz.0.2373': attribute type 12 has an invalid length. [ 615.863473][T12576] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2373'. [ 615.873655][T12576] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2373'. [ 615.882713][T12576] netlink: 'syz.0.2373': attribute type 12 has an invalid length. [ 615.988072][T11642] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 616.152592][T12584] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2376'. [ 616.239753][T12587] loop3: detected capacity change from 0 to 1024 [ 616.266581][T12587] EXT4-fs: Ignoring removed nomblk_io_submit option [ 616.399765][T12587] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 616.418788][T12420] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 616.447650][T12420] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 616.462551][T12420] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 616.473970][T12420] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 616.602258][T11642] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 616.773168][T12420] 8021q: adding VLAN 0 to HW filter on device bond0 [ 616.818472][T12420] 8021q: adding VLAN 0 to HW filter on device team0 [ 616.858746][ T32] bridge0: port 1(bridge_slave_0) entered blocking state [ 616.866009][ T32] bridge0: port 1(bridge_slave_0) entered forwarding state [ 616.887137][ T32] bridge0: port 2(bridge_slave_1) entered blocking state [ 616.894409][ T32] bridge0: port 2(bridge_slave_1) entered forwarding state [ 616.955766][ T51] Bluetooth: hci2: command tx timeout [ 617.671317][T12420] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 617.791684][T12420] veth0_vlan: entered promiscuous mode [ 617.843435][T12420] veth1_vlan: entered promiscuous mode [ 617.974159][T12420] veth0_macvtap: entered promiscuous mode [ 617.995011][T12420] veth1_macvtap: entered promiscuous mode [ 618.074592][T12420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 618.110766][T12420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.135643][T12420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 618.165344][T12420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.184991][T12420] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 618.252451][T12420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 618.326851][T12420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.345360][T12420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 618.382423][T12420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.413810][T12420] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 618.440772][T12420] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.465512][T12420] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.477157][T12420] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.494527][T12420] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.957482][ T5995] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 618.987884][ T5995] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 619.151961][ T1128] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 619.181326][ T1128] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 619.503829][T12680] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2329'. [ 619.702310][T12686] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 619.746691][T12680] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2329'. [ 619.936994][T12681] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 620.010624][T12680] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2329'. [ 620.942444][T12730] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2410'. [ 621.351938][T12748] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2418'. [ 621.678219][T12760] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2421'. [ 621.693349][T12760] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2421'. [ 621.794114][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 621.794128][ T28] audit: type=1326 audit(2000000028.340:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12764 comm="syz.1.2424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe56bf9aeb9 code=0x7ffc0000 [ 621.888419][ T28] audit: type=1326 audit(2000000028.340:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12764 comm="syz.1.2424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe56bf9aeb9 code=0x7ffc0000 [ 621.943226][T12768] loop1: detected capacity change from 0 to 2048 [ 621.975915][ T28] audit: type=1326 audit(2000000028.380:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12764 comm="syz.1.2424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe56bf9aeb9 code=0x7ffc0000 [ 622.021162][ T28] audit: type=1326 audit(2000000028.380:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12764 comm="syz.1.2424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe56bf9aeb9 code=0x7ffc0000 [ 622.044156][ T28] audit: type=1326 audit(2000000028.380:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12764 comm="syz.1.2424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe56bf9aeb9 code=0x7ffc0000 [ 622.076991][T12773] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2426'. [ 622.087486][T12773] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2426'. [ 622.096053][T12768] loop1: p2 < > p3 < p5 > p4 [ 622.101719][T12768] loop1: partition table partially beyond EOD, truncated [ 622.124266][ T28] audit: type=1326 audit(2000000028.410:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12764 comm="syz.1.2424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fe56bf9aeb9 code=0x7ffc0000 [ 622.147127][T12768] loop1: p2 start 4278190080 is beyond EOD, truncated [ 622.171875][T12768] loop1: p4 size 8192 extends beyond EOD, truncated [ 622.183596][T12768] loop1: p5 size 8192 extends beyond EOD, truncated [ 622.205994][ T28] audit: type=1326 audit(2000000028.410:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12764 comm="syz.1.2424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fe56bf9ac22 code=0x7ffc0000 [ 622.279930][ T28] audit: type=1326 audit(2000000028.410:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12764 comm="syz.1.2424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fe56bf5b78e code=0x7ffc0000 [ 622.342045][ T28] audit: type=1326 audit(2000000028.490:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12764 comm="syz.1.2424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fe56bf9ace7 code=0x7ffc0000 [ 622.468054][ T28] audit: type=1326 audit(2000000028.490:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12764 comm="syz.1.2424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe56bf5b78e code=0x7ffc0000 [ 622.742869][T12027] udevd[12027]: inotify_add_watch(7, /dev/loop1p5, 10) failed: No such file or directory [ 622.767684][T12416] udevd[12416]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 622.789325][T12532] udevd[12532]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 622.893756][T12796] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2432'. [ 623.672749][T12829] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2444'. [ 623.913299][T12839] loop1: detected capacity change from 0 to 512 [ 623.965763][T12839] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 623.986014][T12839] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 624.015605][T12839] System zones: 0-2, 18-18, 34-35 [ 624.033937][T12839] EXT4-fs (loop1): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 624.153401][T12420] EXT4-fs (loop1): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 624.401808][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.409297][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 627.195385][ T8] IPVS: starting estimator thread 0... [ 627.315312][T12906] IPVS: using max 18 ests per chain, 43200 per kthread [ 627.396919][T12912] loop3: detected capacity change from 0 to 1024 [ 627.462743][T12912] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 627.668569][T11642] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 628.873826][T12925] loop3: detected capacity change from 0 to 1024 [ 628.896425][T12925] EXT4-fs: Ignoring removed nomblk_io_submit option [ 628.919604][T12925] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 628.981860][T12925] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 628.995424][T12925] System zones: 0-1, 3-36 [ 629.048779][T12925] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 629.230971][T11642] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 629.512928][ T967] IPVS: starting estimator thread 0... [ 629.623359][T12940] IPVS: using max 18 ests per chain, 43200 per kthread [ 629.649422][T12936] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2485'. [ 631.440855][T12957] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2493'. [ 631.616263][T12963] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2495'. [ 631.625487][T12963] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2495'. [ 633.115520][T12985] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2504'. [ 633.803863][T13009] loop1: detected capacity change from 0 to 512 [ 633.857959][T13009] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 633.870829][T13009] ext4 filesystem being mounted at /30/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 635.166986][T12420] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 636.095611][T13035] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2517'. [ 640.087562][T13081] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 640.167358][T13085] 9pnet_fd: Insufficient options for proto=fd [ 642.519613][T13112] 9pnet_fd: Insufficient options for proto=fd [ 644.592089][T13126] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2557'. [ 646.647545][T11648] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 646.658303][T11648] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 646.705558][T11648] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 646.727901][T11648] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 646.742247][T11648] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 646.750175][T11648] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 646.872208][ T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 646.951878][T13151] loop3: detected capacity change from 0 to 1024 [ 646.972018][ T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 647.035228][T13151] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 647.102190][T13151] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.2556: bg 0: block 288: padding at end of block bitmap is not set [ 647.185169][T13151] EXT4-fs (loop3): Remounting filesystem read-only [ 647.248199][ T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 647.299279][T11642] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 647.389806][T13158] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2568'. [ 647.479439][ T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 647.537643][T13160] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2569'. [ 647.672026][T13166] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2565'. [ 649.019403][ T51] Bluetooth: hci0: command tx timeout [ 649.137560][T13181] 9pnet_fd: Insufficient options for proto=fd [ 649.359500][T13186] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2577'. [ 649.401985][T13145] chnl_net:caif_netlink_parms(): no params data found [ 649.914074][T13203] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2581'. [ 649.934515][T13145] bridge0: port 1(bridge_slave_0) entered blocking state [ 649.953374][T13145] bridge0: port 1(bridge_slave_0) entered disabled state [ 649.972463][T13145] bridge_slave_0: entered allmulticast mode [ 649.983955][T13145] bridge_slave_0: entered promiscuous mode [ 650.019878][T13145] bridge0: port 2(bridge_slave_1) entered blocking state [ 650.037538][T13145] bridge0: port 2(bridge_slave_1) entered disabled state [ 650.058985][T13145] bridge_slave_1: entered allmulticast mode [ 650.084872][T13145] bridge_slave_1: entered promiscuous mode [ 650.288257][T13145] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 650.329470][T13145] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 650.613324][T13218] loop1: detected capacity change from 0 to 128 [ 650.654030][T13220] 9pnet_fd: Insufficient options for proto=fd [ 650.743595][T13222] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2585'. [ 650.774123][T13145] team0: Port device team_slave_0 added [ 650.811491][T13145] team0: Port device team_slave_1 added [ 650.998965][T13230] loop3: detected capacity change from 0 to 512 [ 651.024881][T13230] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 651.045513][ T51] Bluetooth: hci0: command tx timeout [ 651.093031][T13230] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 651.136553][T13232] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2589'. [ 651.152130][T13230] EXT4-fs (loop3): 1 truncate cleaned up [ 651.176170][T13230] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 651.341531][T13238] program syz.1.2591 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 651.354450][T13145] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 651.368645][T13145] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 651.434892][T13145] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 651.495073][ T11] hsr_slave_0: left promiscuous mode [ 651.534715][ T11] hsr_slave_1: left promiscuous mode [ 651.553583][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 651.578046][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 651.578809][ T11] bridge_slave_1: left allmulticast mode [ 651.578830][ T11] bridge_slave_1: left promiscuous mode [ 651.579008][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 651.583261][ T11] bridge_slave_0: left allmulticast mode [ 651.583284][ T11] bridge_slave_0: left promiscuous mode [ 651.583468][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 651.650098][ T11] bond2 (unregistering): Released all slaves [ 651.679723][T13245] 9pnet_fd: Insufficient options for proto=fd [ 651.731055][ T11] bond1 (unregistering): Released all slaves [ 651.846768][T13248] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2595'. [ 652.809073][ T11] team0 (unregistering): Port device team_slave_1 removed [ 652.914329][ T11] team0 (unregistering): Port device team_slave_0 removed [ 652.996974][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 653.064768][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 653.115614][ T51] Bluetooth: hci0: command tx timeout [ 653.686715][ T11] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 653.702645][ T11] bond0 (unregistering): Released all slaves [ 653.781906][T13145] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 653.805711][T13145] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 653.882869][T13145] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 653.923891][T13243] netlink: 'syz.1.2593': attribute type 1 has an invalid length. [ 653.932653][T13243] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 653.983490][T13258] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2599'. [ 654.006387][ T28] kauditd_printk_skb: 17 callbacks suppressed [ 654.006405][ T28] audit: type=1800 audit(2000000060.560:62): pid=13230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2588" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 654.208161][T13145] hsr_slave_0: entered promiscuous mode [ 654.247785][T13145] hsr_slave_1: entered promiscuous mode [ 654.282822][T13145] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 654.299910][T13145] Cannot create hsr debugfs directory [ 654.536671][T13276] 9pnet_fd: Insufficient options for proto=fd [ 655.050007][T13286] syzkaller1: entered promiscuous mode [ 655.057887][T13286] syzkaller1: entered allmulticast mode [ 655.077255][T13288] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2608'. [ 655.199652][ T51] Bluetooth: hci0: command tx timeout [ 655.559292][T11642] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 655.569586][T13298] program syz.1.2611 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 655.909237][T13310] loop3: detected capacity change from 0 to 128 [ 655.940749][T13308] tipc: Started in network mode [ 655.947192][T13308] tipc: Node identity aebf516fbb33, cluster identity 4711 [ 655.954614][T13308] tipc: Enabled bearer , priority 0 [ 655.965978][T13145] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 655.973269][T13310] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 655.990108][T13145] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 656.003300][T13145] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 656.026070][T13310] ext4 filesystem being mounted at /119/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 656.026204][T13308] syzkaller0: entered promiscuous mode [ 656.083115][T13308] syzkaller0: entered allmulticast mode [ 656.100741][T13145] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 656.113291][T13310] EXT4-fs (loop3): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 656.167307][T11642] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 656.199672][T13321] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2616'. [ 656.257875][T13308] tipc: Resetting bearer [ 656.332986][T13307] tipc: Resetting bearer [ 656.453948][T13307] tipc: Disabling bearer [ 656.674528][T13145] 8021q: adding VLAN 0 to HW filter on device bond0 [ 656.742669][T13145] 8021q: adding VLAN 0 to HW filter on device team0 [ 656.768763][ T32] bridge0: port 1(bridge_slave_0) entered blocking state [ 656.775987][ T32] bridge0: port 1(bridge_slave_0) entered forwarding state [ 656.822705][ T32] bridge0: port 2(bridge_slave_1) entered blocking state [ 656.830058][ T32] bridge0: port 2(bridge_slave_1) entered forwarding state [ 656.963193][T13349] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2625'. [ 656.984124][T13343] syzkaller0: entered promiscuous mode [ 656.994435][T13343] syzkaller0: entered allmulticast mode [ 657.592660][T13370] loop3: detected capacity change from 0 to 512 [ 657.677745][T13370] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.2631: iget: bad i_size value: 38620345925642 [ 657.704064][T13370] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.2631: couldn't read orphan inode 15 (err -117) [ 657.780152][T13370] EXT4-fs (loop3): mounted filesystem 00000000-0000-00a1-0000-000000000000 r/w without journal. Quota mode: writeback. [ 657.847494][T13145] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 658.112560][ T5996] EXT4-fs error (device loop3): ext4_validate_block_bitmap:430: comm kworker/u4:11: bg 0: block 5: invalid block bitmap [ 658.176182][ T5996] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 131587 with max blocks 1 with error 28 [ 658.217055][ T5996] EXT4-fs (loop3): This should not happen!! Data will be lost [ 658.217055][ T5996] [ 658.265347][ T5996] EXT4-fs (loop3): Total free blocks count 0 [ 658.271432][ T5996] EXT4-fs (loop3): Free/Dirty block details [ 658.305951][ T5996] EXT4-fs (loop3): free_blocks=0 [ 658.311042][ T5996] EXT4-fs (loop3): dirty_blocks=1 [ 658.343960][ T5996] EXT4-fs (loop3): Block reservation details [ 658.362030][ T5996] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 658.392201][T11642] EXT4-fs (loop3): unmounting filesystem 00000000-0000-00a1-0000-000000000000. [ 658.842840][T13145] veth0_vlan: entered promiscuous mode [ 658.888027][T13145] veth1_vlan: entered promiscuous mode [ 658.973186][T13145] veth0_macvtap: entered promiscuous mode [ 659.000430][T13145] veth1_macvtap: entered promiscuous mode [ 659.060096][T13145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 659.095431][T13145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 659.124643][T13145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 659.138868][T13145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 659.152816][T13145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 659.163600][T13145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 659.188245][T13145] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 659.230586][T13145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 659.259042][T13145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 659.269206][T13145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 659.279896][T13145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 659.300482][T13145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 659.321282][T13145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 659.342588][T13145] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 659.397053][T13145] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.416809][T13145] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.452687][T13145] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.481980][T13145] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.513595][T13429] syzkaller0: entered promiscuous mode [ 659.546644][T13429] syzkaller0: entered allmulticast mode [ 659.860380][ T5996] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 659.916403][ T5996] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 660.038146][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 660.074272][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 660.087223][T13455] loop1: detected capacity change from 0 to 512 [ 660.254595][T13455] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 660.336293][T13455] ext4 filesystem being mounted at /78/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 660.431520][T13455] EXT4-fs error (device loop1): ext4_search_dir:1549: inode #2: block 3: comm syz.1.2653: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 660.526500][T13455] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 3: comm syz.1.2653: path /78/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0 [ 660.578996][T13455] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 12: comm syz.1.2653: path /78/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 660.747082][T13473] program syz.4.2656 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 660.768631][T13455] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 13: comm syz.1.2653: path /78/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 660.846201][T13455] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 14: comm syz.1.2653: path /78/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=1, rec_len=0, size=2048 fake=0 [ 661.165903][T12420] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 661.536527][T13489] syzkaller0: entered promiscuous mode [ 661.542091][T13489] syzkaller0: entered allmulticast mode [ 661.818402][T11648] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 661.831906][T11648] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 661.841166][T11648] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 661.854373][T11648] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 661.864839][T11648] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 661.875612][T11648] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 661.998104][T13508] 9pnet_fd: Insufficient options for proto=fd [ 662.254544][T13516] loop3: detected capacity change from 0 to 512 [ 662.338361][T13175] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 662.554234][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 662.625959][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 662.682410][T13525] loop3: detected capacity change from 0 to 1024 [ 662.704800][T13525] EXT4-fs: Ignoring removed nobh option [ 662.784884][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 662.797718][T13525] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 662.810447][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 662.861938][T13525] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4047: comm syz.3.2673: Allocating blocks 385-513 which overlap fs metadata [ 662.949722][T13538] loop1: detected capacity change from 0 to 512 [ 662.986219][T13538] EXT4-fs error (device loop1): ext4_orphan_get:1398: inode #15: comm syz.1.2676: iget: bad i_size value: 38620345925642 [ 663.003090][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 663.014293][T13538] EXT4-fs error (device loop1): ext4_orphan_get:1403: comm syz.1.2676: couldn't read orphan inode 15 (err -117) [ 663.027207][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 663.047287][T13538] EXT4-fs (loop1): mounted filesystem 00000000-0000-00a1-0000-000000000000 r/w without journal. Quota mode: writeback. [ 663.080223][T13525] EXT4-fs (loop3): pa ffff88805b598570: logic 16, phys. 129, len 24 [ 663.089054][T13525] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5388: group 0, free 0, pa_free 8 [ 663.145159][T11642] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 663.240631][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 663.256651][ T136] EXT4-fs error (device loop1): ext4_validate_block_bitmap:430: comm kworker/u4:5: bg 0: block 5: invalid block bitmap [ 663.287648][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 663.306463][T13544] loop3: detected capacity change from 0 to 128 [ 663.321245][ T136] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 131587 with max blocks 1 with error 28 [ 663.334409][ T136] EXT4-fs (loop1): This should not happen!! Data will be lost [ 663.334409][ T136] [ 663.344371][ T136] EXT4-fs (loop1): Total free blocks count 0 [ 663.351985][ T136] EXT4-fs (loop1): Free/Dirty block details [ 663.358210][ T136] EXT4-fs (loop1): free_blocks=0 [ 663.363250][ T136] EXT4-fs (loop1): dirty_blocks=1 [ 663.369001][ T136] EXT4-fs (loop1): Block reservation details [ 663.375046][ T136] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 663.393208][T12420] EXT4-fs (loop1): unmounting filesystem 00000000-0000-00a1-0000-000000000000. [ 663.881417][T13558] netlink: 124 bytes leftover after parsing attributes in process `syz.1.2681'. [ 663.895028][T13552] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2680'. [ 663.906624][T13552] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2680'. [ 663.916377][T11648] Bluetooth: hci1: command tx timeout [ 663.945749][T13498] chnl_net:caif_netlink_parms(): no params data found [ 664.005066][T13558] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2681'. [ 664.116381][T13558] team1: entered promiscuous mode [ 664.122808][T13558] team1: entered allmulticast mode [ 664.202203][T13563] loop3: detected capacity change from 0 to 1024 [ 664.219328][T13563] EXT4-fs: Ignoring removed nobh option [ 664.260705][T13563] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 664.349004][T13569] loop4: detected capacity change from 0 to 128 [ 664.380681][T13563] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4047: comm syz.3.2684: Allocating blocks 385-513 which overlap fs metadata [ 664.426945][T13571] loop1: detected capacity change from 0 to 1024 [ 664.490347][T13562] EXT4-fs (loop3): pa ffff888077d9bbc8: logic 16, phys. 129, len 24 [ 664.498513][T13562] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5388: group 0, free 0, pa_free 8 [ 664.557940][T13571] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 664.609875][T13571] ext4 filesystem being mounted at /88/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 664.612733][T11642] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 664.869239][T13585] 9pnet_fd: Insufficient options for proto=fd [ 664.969556][T12420] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 665.182576][T13498] bridge0: port 1(bridge_slave_0) entered blocking state [ 665.214336][T13498] bridge0: port 1(bridge_slave_0) entered disabled state [ 665.238823][T13498] bridge_slave_0: entered allmulticast mode [ 665.256540][T13498] bridge_slave_0: entered promiscuous mode [ 665.342118][T13498] bridge0: port 2(bridge_slave_1) entered blocking state [ 665.374449][T13498] bridge0: port 2(bridge_slave_1) entered disabled state [ 665.399440][T13498] bridge_slave_1: entered allmulticast mode [ 665.415733][T13498] bridge_slave_1: entered promiscuous mode [ 665.502008][T13606] loop1: detected capacity change from 0 to 512 [ 665.526288][T13606] EXT4-fs error (device loop1): ext4_orphan_get:1398: inode #15: comm syz.1.2694: iget: bad i_size value: 38620345925642 [ 665.586373][T13606] EXT4-fs error (device loop1): ext4_orphan_get:1403: comm syz.1.2694: couldn't read orphan inode 15 (err -117) [ 665.694289][T13606] EXT4-fs (loop1): mounted filesystem 00000000-0000-00a1-0000-000000000000 r/w without journal. Quota mode: writeback. [ 665.752853][T13612] loop3: detected capacity change from 0 to 1024 [ 665.827314][T13612] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 665.878760][T13612] ext4 filesystem being mounted at /143/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 665.905844][ T5995] EXT4-fs error (device loop1): ext4_validate_block_bitmap:430: comm kworker/u4:10: bg 0: block 5: invalid block bitmap [ 665.959676][T13617] 9pnet_fd: Insufficient options for proto=fd [ 665.970673][ T5995] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 131587 with max blocks 1 with error 28 [ 665.993277][T13498] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 666.002639][T11648] Bluetooth: hci1: command tx timeout [ 666.045795][ T5995] EXT4-fs (loop1): This should not happen!! Data will be lost [ 666.045795][ T5995] [ 666.067758][ T5995] EXT4-fs (loop1): Total free blocks count 0 [ 666.073836][ T5995] EXT4-fs (loop1): Free/Dirty block details [ 666.080488][ T5995] EXT4-fs (loop1): free_blocks=0 [ 666.085555][ T5995] EXT4-fs (loop1): dirty_blocks=1 [ 666.090640][ T5995] EXT4-fs (loop1): Block reservation details [ 666.096739][ T5995] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 666.106333][T12420] EXT4-fs (loop1): unmounting filesystem 00000000-0000-00a1-0000-000000000000. [ 666.142564][T11642] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 666.169797][T13498] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 666.523376][T13498] team0: Port device team_slave_0 added [ 666.526854][T13630] loop4: detected capacity change from 0 to 512 [ 666.682267][T13630] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm syz.4.2702: bg 0: block 248: padding at end of block bitmap is not set [ 666.734508][T13630] Quota error (device loop4): write_blk: dquota write failed [ 666.744797][T13630] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 666.755968][T13630] EXT4-fs error (device loop4): ext4_acquire_dquot:6949: comm syz.4.2702: Failed to acquire dquot type 1 [ 666.781738][T13498] team0: Port device team_slave_1 added [ 666.795798][T13630] EXT4-fs (loop4): 1 truncate cleaned up [ 666.822077][T13630] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 666.845787][T13630] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 666.891528][T13498] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 666.907863][T13498] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 666.962161][T13498] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 666.990781][T13145] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 666.997176][T13498] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 667.038322][T13498] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 667.102506][T13498] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 667.115166][T13635] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2704'. [ 667.143186][T13635] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2704'. [ 667.218444][ T11] hsr_slave_0: left promiscuous mode [ 667.219009][T13641] EXT4-fs error (device loop4): ext4_orphan_get:1398: inode #15: comm syz.4.2705: iget: bad i_size value: 38620345925642 [ 667.239005][T13639] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 667.240125][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 667.269911][T13641] EXT4-fs error (device loop4): ext4_orphan_get:1403: comm syz.4.2705: couldn't read orphan inode 15 (err -117) [ 667.277966][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 667.294673][T13639] ext4 filesystem being mounted at /93/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 667.313652][T13641] EXT4-fs (loop4): mounted filesystem 00000000-0000-00a1-0000-000000000000 r/w without journal. Quota mode: writeback. [ 667.327567][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 667.357446][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 667.372526][ T11] bridge_slave_1: left allmulticast mode [ 667.398280][ T11] bridge_slave_1: left promiscuous mode [ 667.418662][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 667.472746][T13646] 9pnet_fd: Insufficient options for proto=fd [ 667.492927][ T11] bridge_slave_0: left allmulticast mode [ 667.512652][T13145] EXT4-fs (loop4): unmounting filesystem 00000000-0000-00a1-0000-000000000000. [ 667.525716][ T11] bridge_slave_0: left promiscuous mode [ 667.532656][T12420] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 667.542869][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 667.786954][ T11] veth1_macvtap: left promiscuous mode [ 667.794232][ T11] veth0_macvtap: left promiscuous mode [ 667.815505][ T11] veth1_vlan: left promiscuous mode [ 667.820926][ T11] veth0_vlan: left promiscuous mode [ 667.969065][T13663] set_capacity_and_notify: 2 callbacks suppressed [ 667.969081][T13663] loop1: detected capacity change from 0 to 512 [ 668.075724][T11648] Bluetooth: hci1: command tx timeout [ 668.083467][T13663] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.2713: bg 0: block 248: padding at end of block bitmap is not set [ 668.112644][T13663] Quota error (device loop1): write_blk: dquota write failed [ 668.146633][T13663] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 668.162555][ T11] bond6 (unregistering): Released all slaves [ 668.184215][ T11] bond5 (unregistering): Released all slaves [ 668.201510][T13663] EXT4-fs error (device loop1): ext4_acquire_dquot:6949: comm syz.1.2713: Failed to acquire dquot type 1 [ 668.214670][ T11] bond4 (unregistering): Released all slaves [ 668.237953][T13663] EXT4-fs (loop1): 1 truncate cleaned up [ 668.264518][T13663] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 668.301084][T13663] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 668.348578][ T11] bond3 (unregistering): Released all slaves [ 668.401177][ T11] bond2 (unregistering): Released all slaves [ 668.450095][ T11] bond1 (unregistering): Released all slaves [ 668.491431][T12420] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 669.120662][ T11] team0 (unregistering): Port device team_slave_1 removed [ 669.175530][ T11] team0 (unregistering): Port device team_slave_0 removed [ 669.243184][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 669.310112][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 669.696827][ T11] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 669.706423][ T11] bond0 (unregistering): Released all slaves [ 669.833123][T13659] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2712'. [ 669.998484][T13654] syzkaller0: entered promiscuous mode [ 670.011838][T13654] syzkaller0: entered allmulticast mode [ 670.019959][T13674] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2714'. [ 670.023167][T13676] loop4: detected capacity change from 0 to 1024 [ 670.088997][T13676] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 670.102105][T13676] ext4 filesystem being mounted at /21/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 670.155429][T11648] Bluetooth: hci1: command tx timeout [ 670.164666][T13145] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 670.290128][T13680] loop4: detected capacity change from 0 to 512 [ 670.354463][T13680] EXT4-fs error (device loop4): ext4_orphan_get:1398: inode #15: comm syz.4.2716: iget: bad i_size value: 38620345925642 [ 670.372963][T13680] EXT4-fs error (device loop4): ext4_orphan_get:1403: comm syz.4.2716: couldn't read orphan inode 15 (err -117) [ 670.399293][T13680] EXT4-fs (loop4): mounted filesystem 00000000-0000-00a1-0000-000000000000 r/w without journal. Quota mode: writeback. [ 670.497315][T13145] EXT4-fs (loop4): unmounting filesystem 00000000-0000-00a1-0000-000000000000. [ 670.616773][T13683] loop4: detected capacity change from 0 to 1024 [ 670.634232][T13683] EXT4-fs: inline encryption not supported [ 670.645710][T13683] EXT4-fs: Ignoring removed bh option [ 670.660859][T13683] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 670.709397][T13683] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 670.788105][ T28] audit: type=1800 audit(2000000077.330:63): pid=13683 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2717" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 671.230046][T13145] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 672.996485][T13498] hsr_slave_0: entered promiscuous mode [ 673.003410][T13498] hsr_slave_1: entered promiscuous mode [ 673.045343][T13674] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2714'. [ 673.388600][T13710] loop3: detected capacity change from 0 to 1024 [ 673.500664][T13710] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 673.507567][T13714] loop4: detected capacity change from 0 to 512 [ 673.545641][T13710] ext4 filesystem being mounted at /149/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 673.649858][T11642] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 673.662870][T13714] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm syz.4.2724: bg 0: block 248: padding at end of block bitmap is not set [ 673.710767][T13714] Quota error (device loop4): write_blk: dquota write failed [ 673.762222][ T11] IPVS: stop unused estimator thread 0... [ 673.795569][T13714] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 673.860924][T13714] EXT4-fs error (device loop4): ext4_acquire_dquot:6949: comm syz.4.2724: Failed to acquire dquot type 1 [ 673.957832][T13714] EXT4-fs (loop4): 1 truncate cleaned up [ 673.986232][T13714] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 674.033562][T13714] ext4 filesystem being mounted at /28/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 674.302624][T13145] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 674.335537][T13737] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2729'. [ 674.365941][T13737] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2729'. [ 674.603079][T13745] random: crng reseeded on system resumption [ 674.863488][T13748] loop1: detected capacity change from 0 to 1024 [ 674.911065][T13498] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 674.942199][T13498] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 674.944491][T13748] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 674.998945][T13498] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 675.071187][T13498] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 675.085667][T13748] ext4 filesystem being mounted at /103/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 675.209648][T12420] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 675.513530][T13498] 8021q: adding VLAN 0 to HW filter on device bond0 [ 675.540058][T13762] tipc: Enabled bearer , priority 0 [ 675.575086][T13762] syzkaller0: entered promiscuous mode [ 675.590825][T13762] syzkaller0: entered allmulticast mode [ 675.600203][T13767] program syz.4.2736 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 675.646813][T13498] 8021q: adding VLAN 0 to HW filter on device team0 [ 675.726342][ T1128] bridge0: port 1(bridge_slave_0) entered blocking state [ 675.733539][ T1128] bridge0: port 1(bridge_slave_0) entered forwarding state [ 675.763333][T13771] loop3: detected capacity change from 0 to 512 [ 675.786304][ T1128] bridge0: port 2(bridge_slave_1) entered blocking state [ 675.793545][ T1128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 675.854772][T13770] tipc: Resetting bearer [ 675.870338][T13771] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.2737: bg 0: block 248: padding at end of block bitmap is not set [ 675.911752][T13761] tipc: Resetting bearer [ 675.940769][T13771] Quota error (device loop3): write_blk: dquota write failed [ 675.948542][T13771] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 675.959709][T13761] tipc: Disabling bearer [ 675.965605][T13771] EXT4-fs error (device loop3): ext4_acquire_dquot:6949: comm syz.3.2737: Failed to acquire dquot type 1 [ 675.996899][T13771] EXT4-fs (loop3): 1 truncate cleaned up [ 676.018024][T13771] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 676.073793][T13771] ext4 filesystem being mounted at /154/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 676.122681][T13498] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 676.164579][T13498] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 676.291456][T11642] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 676.532904][T13790] bridge0: port 2(bridge_slave_1) entered disabled state [ 676.614284][T13798] loop1: detected capacity change from 0 to 1024 [ 676.623576][T13790] bridge_slave_1: left allmulticast mode [ 676.636671][T13798] EXT4-fs: inline encryption not supported [ 676.644834][T13790] bridge_slave_1: left promiscuous mode [ 676.652019][T13798] EXT4-fs: Ignoring removed i_version option [ 676.658775][T13790] bridge0: port 2(bridge_slave_1) entered disabled state [ 676.705630][T13798] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 676.827745][T13798] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 677.026675][T13498] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 677.143904][T12420] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 677.311379][T13498] veth0_vlan: entered promiscuous mode [ 677.391664][T13498] veth1_vlan: entered promiscuous mode [ 677.499393][T13498] veth0_macvtap: entered promiscuous mode [ 677.529870][T13498] veth1_macvtap: entered promiscuous mode [ 677.623103][T13498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 677.646572][T13498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.666538][T13498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 677.693070][T13498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.709740][T13498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 677.724044][T13498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.744528][T13498] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 677.781655][T13498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 677.810333][T13498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.858696][T13498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 677.899943][T13498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.944106][T13498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 677.970659][T13498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.984299][T13498] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 678.000861][T13838] loop3: detected capacity change from 0 to 512 [ 678.017103][T13498] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 678.058865][T13498] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 678.104637][T13498] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 678.118340][T13838] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 678.139639][T13838] EXT4-fs (loop3): orphan cleanup on readonly fs [ 678.170333][T13498] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 678.237180][T13838] EXT4-fs error (device loop3): ext4_do_update_inode:5248: inode #16: comm syz.3.2751: corrupted inode contents [ 678.294804][T13845] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2752'. [ 678.317157][T13838] EXT4-fs (loop3): Remounting filesystem read-only [ 678.324339][T13838] EXT4-fs (loop3): 1 truncate cleaned up [ 678.346145][ T136] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 678.369711][T13845] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2752'. [ 678.397003][ T136] Quota error (device loop3): write_blk: dquota write failed [ 678.404461][ T136] Quota error (device loop3): remove_free_dqentry: Can't write block (5) with free entries [ 678.458357][ T136] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 678.517080][ T136] Quota error (device loop3): write_blk: dquota write failed [ 678.524562][ T136] Quota error (device loop3): free_dqentry: Can't move quota data block (5) to free list [ 678.545580][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 678.573464][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 678.582452][ T136] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 678.603047][ T136] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 678.643213][ T136] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 678.679543][T13838] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 678.700577][ T5996] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 678.729995][ T5996] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 679.177911][T11642] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 679.233358][T13866] tipc: Started in network mode [ 679.239767][T13866] tipc: Node identity 163377e2f324, cluster identity 4711 [ 679.292550][T13866] tipc: Enabled bearer , priority 0 [ 679.320089][T13869] syzkaller0: entered promiscuous mode [ 679.354356][T13869] syzkaller0: entered allmulticast mode [ 679.474254][T13880] loop4: detected capacity change from 0 to 512 [ 679.508208][T13880] EXT4-fs: Ignoring removed mblk_io_submit option [ 679.534658][T13869] tipc: Resetting bearer [ 679.552039][T13880] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 679.572845][T13882] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2762'. [ 679.586928][T13882] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2762'. [ 679.604888][T13880] EXT4-fs (loop4): 1 truncate cleaned up [ 679.612428][T13880] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 679.646140][T13880] EXT4-fs (loop4): shut down requested (2) [ 679.700714][T13865] tipc: Resetting bearer [ 679.867092][T13145] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 679.877813][T13865] tipc: Disabling bearer [ 680.058711][T13899] loop4: detected capacity change from 0 to 1024 [ 680.087835][T13899] EXT4-fs: inline encryption not supported [ 680.093815][T13899] EXT4-fs: Ignoring removed bh option [ 680.139992][T13899] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 680.221094][T13899] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 680.348391][T13910] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2771'. [ 680.425896][ T28] audit: type=1800 audit(2000000086.970:64): pid=13899 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2765" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 680.474757][T13910] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2771'. [ 680.512069][T13913] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2770'. [ 680.757256][T13922] loop1: detected capacity change from 0 to 1764 [ 681.032040][T13145] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 681.499508][T13939] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2780'. [ 681.583874][T13941] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2782'. [ 681.719983][T13941] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2782'. [ 681.761748][T13946] loop4: detected capacity change from 0 to 1024 [ 681.789320][T13946] EXT4-fs: inline encryption not supported [ 681.804575][T13946] EXT4-fs: Ignoring removed bh option [ 681.845510][T13946] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 681.923414][T13946] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 681.972092][T13954] tipc: Enabled bearer , priority 0 [ 681.979935][T13954] syzkaller0: entered promiscuous mode [ 681.985736][T13954] syzkaller0: entered allmulticast mode [ 682.003848][ T28] audit: type=1800 audit(2000000088.550:65): pid=13946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2784" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 682.098266][T13954] tipc: Resetting bearer [ 682.113106][T13953] tipc: Resetting bearer [ 682.229243][T13953] tipc: Disabling bearer [ 682.506933][T13970] tipc: Enabled bearer , priority 0 [ 682.514610][T13970] syzkaller0: entered promiscuous mode [ 682.520684][T13970] syzkaller0: entered allmulticast mode [ 682.583235][T13970] tipc: Resetting bearer [ 682.623273][T13968] tipc: Resetting bearer [ 682.657590][T13968] tipc: Disabling bearer [ 682.767414][T13145] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 683.363190][T13995] loop0: detected capacity change from 0 to 128 [ 683.384846][T13995] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 683.429524][T13995] ext4 filesystem being mounted at /14/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 683.462078][T14001] __nla_validate_parse: 4 callbacks suppressed [ 683.462095][T14001] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2805'. [ 683.585736][T13498] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 683.671202][T14005] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2807'. [ 683.680542][T14005] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2807'. [ 683.732769][ T28] audit: type=1326 audit(2000000090.280:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14006 comm="syz.4.2808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7f799aeb9 code=0x7ffc0000 [ 683.790509][ T28] audit: type=1326 audit(2000000090.310:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14006 comm="syz.4.2808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7f799aeb9 code=0x7ffc0000 [ 683.830872][ T28] audit: type=1326 audit(2000000090.310:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14006 comm="syz.4.2808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7f799aeb9 code=0x7ffc0000 [ 683.904716][ T28] audit: type=1326 audit(2000000090.310:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14006 comm="syz.4.2808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc7f799aeb9 code=0x7ffc0000 [ 683.937742][ T28] audit: type=1326 audit(2000000090.310:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14006 comm="syz.4.2808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7f799aeb9 code=0x7ffc0000 [ 683.960780][ T28] audit: type=1326 audit(2000000090.310:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14006 comm="syz.4.2808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7f799aeb9 code=0x7ffc0000 [ 684.025688][T14009] loop4: detected capacity change from 0 to 1024 [ 684.032272][ T28] audit: type=1326 audit(2000000090.310:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14006 comm="syz.4.2808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7f799aeb9 code=0x7ffc0000 [ 684.035162][ T5855] IPVS: starting estimator thread 0... [ 684.083116][ T28] audit: type=1326 audit(2000000090.310:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14006 comm="syz.4.2808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7f799aeb9 code=0x7ffc0000 [ 684.138300][T14009] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 684.165588][T14016] loop1: detected capacity change from 0 to 1024 [ 684.182291][T14016] EXT4-fs: Ignoring removed orlov option [ 684.215381][T14012] IPVS: using max 26 ests per chain, 62400 per kthread [ 684.259544][T14016] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 684.443865][T14024] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2814'. [ 684.453806][T12420] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 684.465124][T13145] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 684.670032][T14026] loop0: detected capacity change from 0 to 512 [ 684.686787][T14031] qrtr: Invalid version 0 [ 684.745946][T14026] EXT4-fs error (device loop0): ext4_orphan_get:1398: inode #15: comm syz.0.2817: iget: bad i_size value: 38620345925642 [ 684.836982][T14026] EXT4-fs error (device loop0): ext4_orphan_get:1403: comm syz.0.2817: couldn't read orphan inode 15 (err -117) [ 684.901399][T14026] EXT4-fs (loop0): mounted filesystem 00000000-0000-00a1-0000-000000000000 r/w without journal. Quota mode: writeback. [ 684.954892][T14041] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2820'. [ 685.033300][T13498] EXT4-fs (loop0): unmounting filesystem 00000000-0000-00a1-0000-000000000000. [ 685.269280][T14049] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2826'. [ 685.469044][T14057] qrtr: Invalid version 0 [ 685.612609][T14062] loop1: detected capacity change from 0 to 512 [ 685.628917][T14062] EXT4-fs error (device loop1): ext4_orphan_get:1398: inode #15: comm syz.1.2832: iget: bad i_size value: 38620345925642 [ 685.661245][T14062] EXT4-fs error (device loop1): ext4_orphan_get:1403: comm syz.1.2832: couldn't read orphan inode 15 (err -117) [ 685.679407][T14062] EXT4-fs (loop1): mounted filesystem 00000000-0000-00a1-0000-000000000000 r/w without journal. Quota mode: writeback. [ 685.840604][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.847524][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.943008][T12420] EXT4-fs (loop1): unmounting filesystem 00000000-0000-00a1-0000-000000000000. [ 685.992826][T14070] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2835'. [ 686.774784][T14092] tipc: Enabled bearer , priority 0 [ 686.782842][T14092] syzkaller0: entered promiscuous mode [ 686.801171][T14092] syzkaller0: entered allmulticast mode [ 686.808184][T14094] loop3: detected capacity change from 0 to 512 [ 686.915138][T14092] tipc: Resetting bearer [ 686.952905][T14094] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.2846: bg 0: block 248: padding at end of block bitmap is not set [ 687.044808][T14094] __quota_error: 5 callbacks suppressed [ 687.044827][T14094] Quota error (device loop3): write_blk: dquota write failed [ 687.085521][T14094] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 687.113288][T14091] tipc: Resetting bearer [ 687.125466][T14094] EXT4-fs error (device loop3): ext4_acquire_dquot:6949: comm syz.3.2846: Failed to acquire dquot type 1 [ 687.196361][T14091] tipc: Disabling bearer [ 687.210469][T14094] EXT4-fs (loop3): 1 truncate cleaned up [ 687.220670][T14094] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 687.251240][T14094] ext4 filesystem being mounted at /176/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 687.450404][T11642] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 687.469076][ T136] Quota error (device loop3): do_check_range: Getting block 0 out of range 1-5 [ 687.487971][ T136] EXT4-fs error (device loop3): ext4_release_dquot:6985: comm kworker/u4:5: Failed to release dquot type 1 [ 687.512957][ T28] audit: type=1326 audit(2000000094.060:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14106 comm="syz.1.2852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe56bf9aeb9 code=0x7ffc0000 [ 687.551086][ T28] audit: type=1326 audit(2000000094.060:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14106 comm="syz.1.2852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe56bf9aeb9 code=0x7ffc0000 [ 687.574748][ T28] audit: type=1326 audit(2000000094.090:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14106 comm="syz.1.2852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7fe56bf9aeb9 code=0x7ffc0000 [ 687.640858][ T28] audit: type=1326 audit(2000000094.160:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14106 comm="syz.1.2852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe56bf9aeb9 code=0x7ffc0000 [ 687.702168][ T28] audit: type=1326 audit(2000000094.160:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14106 comm="syz.1.2852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe56bf9aeb9 code=0x7ffc0000 [ 687.850814][T14116] tipc: Enabled bearer , priority 0 [ 687.861831][T14116] syzkaller0: entered promiscuous mode [ 687.868074][T14116] syzkaller0: entered allmulticast mode [ 687.890503][T14116] tipc: Resetting bearer [ 687.899993][T14115] tipc: Resetting bearer [ 687.974703][T14115] tipc: Disabling bearer [ 688.853493][T14121] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 688.865804][T14121] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 688.904619][T14121] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 688.918108][T14121] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 688.935344][T14121] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 688.943632][T14121] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 688.968776][T14121] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 688.974940][T14121] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 689.034423][T14146] loop0: detected capacity change from 0 to 2048 [ 689.051860][T14121] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 689.068089][T14121] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 689.074405][T14121] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 689.089096][T14146] Alternate GPT is invalid, using primary GPT. [ 689.101839][T14121] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 689.104371][T14146] loop0: p2 p3 p7 [ 689.320063][T12416] udevd[12416]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 689.331126][T13554] udevd[13554]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 689.380323][T12532] udevd[12532]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory [ 689.427823][T14151] tipc: Started in network mode [ 689.461250][T14151] tipc: Node identity b667db0df6d2, cluster identity 4711 [ 689.505494][T14151] tipc: Enabled bearer , priority 0 [ 689.512445][T14155] syzkaller0: entered promiscuous mode [ 689.530624][T14155] syzkaller0: entered allmulticast mode [ 689.555083][T14154] loop3: detected capacity change from 0 to 512 [ 689.578378][T14154] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 689.606138][T14151] tipc: Resetting bearer [ 689.633637][T14154] EXT4-fs (loop3): 1 truncate cleaned up [ 689.641205][T14148] tipc: Resetting bearer [ 689.648606][T14154] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 689.795025][T14148] tipc: Disabling bearer [ 689.863474][T14154] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 690.155491][T11648] Bluetooth: hci4: command 0x0c1a tx timeout [ 690.214481][T14171] syzkaller0: entered promiscuous mode [ 690.236022][T14171] syzkaller0: entered allmulticast mode [ 690.336855][T14177] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2880'. [ 690.810571][T14190] tipc: Enabled bearer , priority 0 [ 690.851588][T14190] syzkaller0: entered promiscuous mode [ 690.865510][T14190] syzkaller0: entered allmulticast mode [ 690.900032][T14190] tipc: Resetting bearer [ 690.946149][T14189] tipc: Resetting bearer [ 690.956543][T11648] Bluetooth: hci2: command 0x0c1a tx timeout [ 691.041391][T14189] tipc: Disabling bearer [ 691.047846][T11648] Bluetooth: hci0: command 0x0c1a tx timeout [ 691.115329][T11648] Bluetooth: hci1: command 0x0c1a tx timeout [ 691.605961][T14219] loop4: detected capacity change from 0 to 512 [ 691.608665][T14220] loop1: detected capacity change from 0 to 128 [ 691.635782][T14219] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 691.671444][T14220] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 691.709879][T14219] EXT4-fs (loop4): 1 truncate cleaned up [ 691.828133][T14226] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2900'. [ 691.865872][T14226] unsupported nlmsg_type 40 [ 691.882940][T14219] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 691.985576][ T28] audit: type=1800 audit(2000000098.480:84): pid=14220 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2900" name="bus" dev="loop1" ino=1048610 res=0 errno=0 [ 692.096412][ T28] audit: type=1800 audit(2000000098.600:85): pid=14219 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2901" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 692.179511][T13145] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 692.236536][T11648] Bluetooth: hci4: command 0x0c1a tx timeout [ 692.594446][T14242] bridge0: port 1(bridge_slave_0) entered disabled state [ 692.632244][T14242] bridge0: port 2(bridge_slave_1) entered disabled state [ 692.706429][T14244] netlink: 'syz.0.2908': attribute type 16 has an invalid length. [ 692.719226][T14244] netlink: 'syz.0.2908': attribute type 17 has an invalid length. [ 692.795447][T14244] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 693.003914][T14252] syzkaller0: entered promiscuous mode [ 693.022023][T14252] syzkaller0: entered allmulticast mode [ 693.035565][T11648] Bluetooth: hci2: command 0x0c1a tx timeout [ 693.115391][T11648] Bluetooth: hci0: command 0x0c1a tx timeout [ 693.195326][T11648] Bluetooth: hci1: command 0x0c1a tx timeout [ 693.357877][T14262] syzkaller0: entered promiscuous mode [ 693.363838][T14262] syzkaller0: entered allmulticast mode [ 694.315461][T11648] Bluetooth: hci4: command 0x0c1a tx timeout [ 695.120938][T11648] Bluetooth: hci2: command 0x0c1a tx timeout [ 695.205729][T11648] Bluetooth: hci0: command 0x0c1a tx timeout [ 695.279563][T11648] Bluetooth: hci1: command 0x0c1a tx timeout [ 696.223274][T14285] tipc: Enabling of bearer rejected, failed to enable media [ 696.580790][T14306] loop1: detected capacity change from 0 to 128 [ 696.690553][T14306] FAT-fs (loop1): error, clusters badly computed (4 != 3) [ 696.703751][T14306] FAT-fs (loop1): Filesystem has been set read-only [ 696.712508][T14306] FAT-fs (loop1): error, clusters badly computed (5 != 4) [ 696.728353][T14306] FAT-fs (loop1): error, clusters badly computed (6 != 5) [ 696.846990][T14313] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2932'. [ 696.948515][T14313] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2932'. [ 697.080769][T14321] tipc: Enabled bearer , priority 0 [ 697.095929][T14321] syzkaller0: entered promiscuous mode [ 697.104625][T14321] syzkaller0: entered allmulticast mode [ 697.153824][T14321] tipc: Resetting bearer [ 697.182810][T14319] tipc: Resetting bearer [ 697.213773][T14319] tipc: Disabling bearer [ 697.901074][ T28] audit: type=1326 audit(2000000104.450:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14346 comm="syz.3.2946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2082b9aeb9 code=0x7ffc0000 [ 697.967102][ T28] audit: type=1326 audit(2000000104.450:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14346 comm="syz.3.2946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2082b9aeb9 code=0x7ffc0000 [ 698.060134][ T28] audit: type=1326 audit(2000000104.450:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14346 comm="syz.3.2946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7f2082b9aeb9 code=0x7ffc0000 [ 698.121856][ T28] audit: type=1326 audit(2000000104.450:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14346 comm="syz.3.2946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2082b9aeb9 code=0x7ffc0000 [ 698.442574][T14362] program syz.4.2951 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 698.803157][ T28] audit: type=1326 audit(2000000105.350:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14373 comm="syz.0.2957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126a59aeb9 code=0x7ffc0000 [ 698.872698][ T28] audit: type=1326 audit(2000000105.350:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14373 comm="syz.0.2957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126a59aeb9 code=0x7ffc0000 [ 698.926196][ T28] audit: type=1326 audit(2000000105.350:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14373 comm="syz.0.2957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7f126a59aeb9 code=0x7ffc0000 [ 698.984910][ T28] audit: type=1326 audit(2000000105.350:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14373 comm="syz.0.2957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126a59aeb9 code=0x7ffc0000 [ 699.501245][ T28] audit: type=1326 audit(2000000106.050:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14393 comm="syz.3.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2082b9aeb9 code=0x7ffc0000 [ 699.592151][T14396] tipc: Enabled bearer , priority 0 [ 699.600068][T14396] syzkaller0: entered promiscuous mode [ 699.605478][ T28] audit: type=1326 audit(2000000106.050:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14393 comm="syz.3.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2082b9aeb9 code=0x7ffc0000 [ 699.620318][T14396] syzkaller0: entered allmulticast mode [ 699.688402][T14396] tipc: Resetting bearer [ 699.723811][T14395] tipc: Resetting bearer [ 699.778964][T14395] tipc: Disabling bearer [ 699.933456][T14405] program syz.4.2971 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 700.334790][T14418] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2977'. [ 700.623975][T14426] tipc: Enabled bearer , priority 0 [ 700.652047][T14426] syzkaller0: entered promiscuous mode [ 700.668284][T14426] syzkaller0: entered allmulticast mode [ 700.717217][T14426] tipc: Resetting bearer [ 700.763501][T14425] tipc: Resetting bearer [ 700.863768][T14425] tipc: Disabling bearer [ 701.793568][T14463] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2992'. [ 702.074953][T14467] tipc: Enabled bearer , priority 0 [ 702.157738][T14464] tipc: Disabling bearer [ 702.622776][T14481] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 702.644408][T14483] loop1: detected capacity change from 0 to 1024 [ 702.727369][T14483] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 702.770232][T14484] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 702.892830][T14496] tipc: Enabling of bearer rejected, failed to enable media [ 702.992166][T12420] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 703.931893][T14533] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3018'. [ 703.942609][T14533] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3018'. [ 703.989361][T14535] tipc: Enabled bearer , priority 0 [ 703.998510][T14535] syzkaller0: entered promiscuous mode [ 704.004150][T14535] syzkaller0: entered allmulticast mode [ 704.058799][T14535] tipc: Resetting bearer [ 704.076011][T14534] tipc: Resetting bearer [ 704.181807][T14534] tipc: Disabling bearer [ 704.700173][T14565] tipc: Enabling of bearer rejected, failed to enable media [ 704.764115][T14568] loop0: detected capacity change from 0 to 1024 [ 704.808599][T14568] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 704.891131][T14568] ================================================================== [ 704.899282][T14568] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x94b/0x1e90 [ 704.907069][T14568] Read of size 18446744073709551588 at addr ffff88807b521840 by task syz.0.3030/14568 [ 704.916773][T14568] [ 704.919154][T14568] CPU: 0 PID: 14568 Comm: syz.0.3030 Not tainted syzkaller #0 [ 704.926676][T14568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 704.936819][T14568] Call Trace: [ 704.940170][T14568] [ 704.943158][T14568] dump_stack_lvl+0x18c/0x250 [ 704.947901][T14568] ? read_lock_is_recursive+0x20/0x20 [ 704.953346][T14568] ? show_regs_print_info+0x20/0x20 [ 704.958625][T14568] ? load_image+0x400/0x400 [ 704.963192][T14568] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 704.968716][T14568] ? __virt_addr_valid+0x18c/0x540 [ 704.973900][T14568] ? __virt_addr_valid+0x469/0x540 [ 704.979080][T14568] print_report+0xa8/0x210 [ 704.983562][T14568] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 704.989089][T14568] kasan_report+0x117/0x150 [ 704.993668][T14568] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 704.999196][T14568] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 705.004724][T14568] kasan_check_range+0x241/0x290 [ 705.009787][T14568] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 705.015316][T14568] __asan_memmove+0x29/0x70 [ 705.019882][T14568] ext4_xattr_set_entry+0x94b/0x1e90 [ 705.025241][T14568] ext4_xattr_block_set+0xae8/0x32b0 [ 705.030642][T14568] ? ext4_destroy_inode+0x200/0x200 [ 705.035895][T14568] ? proc_nr_inodes+0x230/0x230 [ 705.040805][T14568] ? do_raw_spin_unlock+0x121/0x230 [ 705.046093][T14568] ? _raw_spin_unlock+0x28/0x40 [ 705.051006][T14568] ? ext4_xattr_block_find+0x350/0x350 [ 705.056575][T14568] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 705.062012][T14568] ext4_xattr_set_handle+0x1280/0x14c0 [ 705.067628][T14568] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 705.073668][T14568] ? __ext4_journal_start_sb+0x259/0x560 [ 705.079350][T14568] ext4_xattr_set+0x252/0x340 [ 705.084065][T14568] ? end_current_label_crit_section+0x170/0x170 [ 705.090351][T14568] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 705.095950][T14568] ? posix_xattr_acl+0x93/0xb0 [ 705.100755][T14568] ? ext4_xattr_trusted_get+0x40/0x40 [ 705.106169][T14568] __vfs_setxattr+0x431/0x470 [ 705.110882][T14568] __vfs_setxattr_noperm+0x12d/0x5e0 [ 705.116200][T14568] vfs_setxattr+0x16b/0x2f0 [ 705.120743][T14568] ? xattr_permission+0x470/0x470 [ 705.125810][T14568] ? __mnt_want_write+0x223/0x2a0 [ 705.130877][T14568] ? path_setxattr+0x3a1/0x5d0 [ 705.135696][T14568] path_setxattr+0x3f3/0x5d0 [ 705.140335][T14568] ? simple_xattrs_free+0x150/0x150 [ 705.145591][T14568] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 705.151614][T14568] ? lock_chain_count+0x20/0x20 [ 705.156514][T14568] __x64_sys_lsetxattr+0xb8/0xd0 [ 705.161536][T14568] do_syscall_64+0x55/0xa0 [ 705.165996][T14568] ? clear_bhb_loop+0x40/0x90 [ 705.170708][T14568] ? clear_bhb_loop+0x40/0x90 [ 705.175421][T14568] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 705.181344][T14568] RIP: 0033:0x7f126a59aeb9 [ 705.185804][T14568] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 705.205460][T14568] RSP: 002b:00007f126b48a028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 705.213902][T14568] RAX: ffffffffffffffda RBX: 00007f126a815fa0 RCX: 00007f126a59aeb9 [ 705.221903][T14568] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00002000000001c0 [ 705.229913][T14568] RBP: 00007f126a608c1f R08: 0000000000000000 R09: 0000000000000000 [ 705.237922][T14568] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 705.245917][T14568] R13: 00007f126a816038 R14: 00007f126a815fa0 R15: 00007ffddf819868 [ 705.253926][T14568] [ 705.256968][T14568] [ 705.259323][T14568] Allocated by task 14568: [ 705.263850][T14568] kasan_set_track+0x4e/0x70 [ 705.268485][T14568] __kasan_kmalloc+0x8f/0xa0 [ 705.273115][T14568] __kmalloc_node_track_caller+0xb2/0x230 [ 705.278873][T14568] kmemdup+0x2b/0x70 [ 705.282805][T14568] ext4_xattr_block_set+0x9ea/0x32b0 [ 705.288124][T14568] ext4_xattr_set_handle+0x1280/0x14c0 [ 705.293636][T14568] ext4_xattr_set+0x252/0x340 [ 705.298351][T14568] __vfs_setxattr+0x431/0x470 [ 705.303055][T14568] __vfs_setxattr_noperm+0x12d/0x5e0 [ 705.308368][T14568] vfs_setxattr+0x16b/0x2f0 [ 705.312898][T14568] path_setxattr+0x3f3/0x5d0 [ 705.317529][T14568] __x64_sys_lsetxattr+0xb8/0xd0 [ 705.322509][T14568] do_syscall_64+0x55/0xa0 [ 705.326964][T14568] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 705.332906][T14568] [ 705.335257][T14568] Last potentially related work creation: [ 705.340993][T14568] kasan_save_stack+0x3e/0x60 [ 705.345699][T14568] __kasan_record_aux_stack+0xaf/0xc0 [ 705.351100][T14568] kvfree_call_rcu+0xee/0x790 [ 705.355813][T14568] neigh_periodic_work+0x3f7/0xd70 [ 705.360963][T14568] process_scheduled_works+0xa5d/0x15d0 [ 705.366546][T14568] worker_thread+0xa55/0xfc0 [ 705.371189][T14568] kthread+0x2fa/0x390 [ 705.375302][T14568] ret_from_fork+0x48/0x80 [ 705.379751][T14568] ret_from_fork_asm+0x11/0x20 [ 705.384720][T14568] [ 705.387096][T14568] The buggy address belongs to the object at ffff88807b521800 [ 705.387096][T14568] which belongs to the cache kmalloc-1k of size 1024 [ 705.401183][T14568] The buggy address is located 64 bytes inside of [ 705.401183][T14568] 1024-byte region [ffff88807b521800, ffff88807b521c00) [ 705.414580][T14568] [ 705.417076][T14568] The buggy address belongs to the physical page: [ 705.423519][T14568] page:ffffea0001ed4800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b520 [ 705.433784][T14568] head:ffffea0001ed4800 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 705.442811][T14568] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 705.451620][T14568] page_type: 0xffffffff() [ 705.456766][T14568] raw: 00fff00000000840 ffff888017c41dc0 ffffea0000920e00 dead000000000002 [ 705.465389][T14568] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 705.474051][T14568] page dumped because: kasan: bad access detected [ 705.480596][T14568] page_owner tracks the page as allocated [ 705.486352][T14568] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5433, tgid 5433 (dhcpcd), ts 57329092922, free_ts 57291632759 [ 705.507223][T14568] post_alloc_hook+0x1c1/0x200 [ 705.512115][T14568] get_page_from_freelist+0x1951/0x19e0 [ 705.517690][T14568] __alloc_pages+0x1f0/0x460 [ 705.522305][T14568] alloc_slab_page+0x5d/0x160 [ 705.527095][T14568] new_slab+0x87/0x2d0 [ 705.531208][T14568] ___slab_alloc+0xc5d/0x12f0 [ 705.535948][T14568] __kmem_cache_alloc_node+0x19e/0x250 [ 705.541458][T14568] __kmalloc_node+0xa4/0x230 [ 705.546137][T14568] qdisc_alloc+0x94/0xa50 [ 705.550680][T14568] qdisc_create_dflt+0x63/0x430 [ 705.555570][T14568] dev_activate+0x397/0x11a0 [ 705.560186][T14568] __dev_open+0x347/0x430 [ 705.564544][T14568] __dev_change_flags+0x211/0x6a0 [ 705.569599][T14568] dev_change_flags+0x88/0x1a0 [ 705.574411][T14568] devinet_ioctl+0x95c/0x1c40 [ 705.579122][T14568] inet_ioctl+0x42b/0x560 [ 705.583574][T14568] page last free stack trace: [ 705.588266][T14568] free_unref_page_prepare+0x7b2/0x8c0 [ 705.593754][T14568] free_unref_page+0x32/0x2e0 [ 705.598467][T14568] __unfreeze_partials+0x1cf/0x210 [ 705.603609][T14568] put_cpu_partial+0x17c/0x250 [ 705.608484][T14568] __slab_free+0x319/0x400 [ 705.612948][T14568] qlist_free_all+0x75/0xd0 [ 705.617520][T14568] kasan_quarantine_reduce+0x143/0x160 [ 705.623244][T14568] __kasan_slab_alloc+0x22/0x80 [ 705.628224][T14568] slab_post_alloc_hook+0x6e/0x4b0 [ 705.633382][T14568] __kmem_cache_alloc_node+0x13a/0x250 [ 705.638932][T14568] __kmalloc+0xa4/0x230 [ 705.643138][T14568] load_elf_binary+0x268/0x2860 [ 705.648044][T14568] bprm_execve+0xb08/0x1700 [ 705.652588][T14568] do_execveat_common+0x51b/0x6c0 [ 705.657657][T14568] __x64_sys_execve+0x92/0xa0 [ 705.662475][T14568] do_syscall_64+0x55/0xa0 [ 705.666955][T14568] [ 705.669304][T14568] Memory state around the buggy address: [ 705.675758][T14568] ffff88807b521700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 705.683955][T14568] ffff88807b521780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 705.692066][T14568] >ffff88807b521800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 705.700168][T14568] ^ [ 705.706360][T14568] ffff88807b521880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 705.714455][T14568] ffff88807b521900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 705.722644][T14568] ================================================================== [ 705.786719][T14568] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 705.793994][T14568] CPU: 1 PID: 14568 Comm: syz.0.3030 Not tainted syzkaller #0 [ 705.801507][T14568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 705.811742][T14568] Call Trace: [ 705.815159][T14568] [ 705.818125][T14568] dump_stack_lvl+0x18c/0x250 [ 705.822868][T14568] ? show_regs_print_info+0x20/0x20 [ 705.828123][T14568] ? load_image+0x400/0x400 [ 705.832695][T14568] panic+0x2dc/0x730 [ 705.836652][T14568] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 705.842865][T14568] ? bpf_jit_dump+0xd0/0xd0 [ 705.847428][T14568] ? _raw_spin_unlock_irqrestore+0x111/0x120 [ 705.853488][T14568] ? _raw_spin_unlock+0x40/0x40 [ 705.858401][T14568] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 705.863911][T14568] check_panic_on_warn+0x84/0xa0 [ 705.868899][T14568] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 705.874433][T14568] end_report+0x6f/0x130 [ 705.878829][T14568] kasan_report+0x128/0x150 [ 705.883391][T14568] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 705.888919][T14568] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 705.894448][T14568] kasan_check_range+0x241/0x290 [ 705.899448][T14568] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 705.904966][T14568] __asan_memmove+0x29/0x70 [ 705.909521][T14568] ext4_xattr_set_entry+0x94b/0x1e90 [ 705.914876][T14568] ext4_xattr_block_set+0xae8/0x32b0 [ 705.920219][T14568] ? ext4_destroy_inode+0x200/0x200 [ 705.925501][T14568] ? proc_nr_inodes+0x230/0x230 [ 705.930406][T14568] ? do_raw_spin_unlock+0x121/0x230 [ 705.935663][T14568] ? _raw_spin_unlock+0x28/0x40 [ 705.940569][T14568] ? ext4_xattr_block_find+0x350/0x350 [ 705.946092][T14568] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 705.951536][T14568] ext4_xattr_set_handle+0x1280/0x14c0 [ 705.957062][T14568] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 705.963121][T14568] ? __ext4_journal_start_sb+0x259/0x560 [ 705.968812][T14568] ext4_xattr_set+0x252/0x340 [ 705.973559][T14568] ? end_current_label_crit_section+0x170/0x170 [ 705.979971][T14568] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 705.985578][T14568] ? posix_xattr_acl+0x93/0xb0 [ 705.990390][T14568] ? ext4_xattr_trusted_get+0x40/0x40 [ 705.995826][T14568] __vfs_setxattr+0x431/0x470 [ 706.000564][T14568] __vfs_setxattr_noperm+0x12d/0x5e0 [ 706.005931][T14568] vfs_setxattr+0x16b/0x2f0 [ 706.010500][T14568] ? xattr_permission+0x470/0x470 [ 706.015582][T14568] ? __mnt_want_write+0x223/0x2a0 [ 706.020669][T14568] ? path_setxattr+0x3a1/0x5d0 [ 706.025503][T14568] path_setxattr+0x3f3/0x5d0 [ 706.030156][T14568] ? simple_xattrs_free+0x150/0x150 [ 706.035439][T14568] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 706.041644][T14568] ? lock_chain_count+0x20/0x20 [ 706.046564][T14568] __x64_sys_lsetxattr+0xb8/0xd0 [ 706.051575][T14568] do_syscall_64+0x55/0xa0 [ 706.056050][T14568] ? clear_bhb_loop+0x40/0x90 [ 706.060794][T14568] ? clear_bhb_loop+0x40/0x90 [ 706.065527][T14568] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 706.071496][T14568] RIP: 0033:0x7f126a59aeb9 [ 706.075960][T14568] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 706.095639][T14568] RSP: 002b:00007f126b48a028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 706.104103][T14568] RAX: ffffffffffffffda RBX: 00007f126a815fa0 RCX: 00007f126a59aeb9 [ 706.112126][T14568] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00002000000001c0 [ 706.120149][T14568] RBP: 00007f126a608c1f R08: 0000000000000000 R09: 0000000000000000 [ 706.128163][T14568] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 706.136181][T14568] R13: 00007f126a816038 R14: 00007f126a815fa0 R15: 00007ffddf819868 [ 706.144203][T14568] [ 706.147847][T14568] Kernel Offset: disabled [ 706.152195][T14568] Rebooting in 86400 seconds..