last executing test programs: 1m58.117040967s ago: executing program 4 (id=957): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7d2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000300)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) 1m57.774218177s ago: executing program 4 (id=966): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10, &(0x7f0000000680), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c040, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$nl_generic(0x10, 0x3, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) 1m56.877252984s ago: executing program 4 (id=975): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x14, 0x0, 0x1, 0x0, 0x0, {0x1a}}, 0x14}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x24, r3, 0x1, 0x0, 0x25dfdbff, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000060}, 0x0) 1m56.74885265s ago: executing program 4 (id=978): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x301c042, &(0x7f00000001c0), 0x9, 0x5d8, &(0x7f0000000600)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000340)='./file0/../file0\x00', 0x0, 0x101091, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = dup(r0) ioctl$PTP_EXTTS_REQUEST2(r1, 0x43403d05, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00'}, 0x10) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r2}, 0x18) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='freezer.state\x00', 0x275a, 0x0) 1m56.663271427s ago: executing program 4 (id=979): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='oom_adj\x00') readv(r0, &(0x7f0000000e80)=[{&(0x7f0000002800)=""/37, 0x25}, {0x0}], 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet6(0xa, 0x80003, 0xff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000200000000001200000085000000230000003f0000000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r4 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) write$binfmt_register(r4, &(0x7f0000000100)={0x3a, 'syz2', 0x3a, 'E', 0x3a, 0x100, 0x3a, '', 0x3a, '/dev/ptmx\x00', 0x3a, './file0'}, 0x31) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00', r3}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x800083}, 0xfffffffffffffe15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) ioctl$TUNSETOFFLOAD(r2, 0x40047451, 0x2000000c) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x3ffff, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="fffe000000000000280012800a00010076786c616e00000018000280140011"], 0x50}}, 0x0) 1m56.033693495s ago: executing program 4 (id=995): syz_emit_ethernet(0x1046, &(0x7f000001a600)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6001810010101100fc000000000000000000000000000000fe800000000000"], 0x0) 1m55.936232021s ago: executing program 32 (id=995): syz_emit_ethernet(0x1046, &(0x7f000001a600)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6001810010101100fc000000000000000000000000000000fe800000000000"], 0x0) 3.913823242s ago: executing program 2 (id=2772): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000640)=ANY=[@ANYBLOB="61129700000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000150700000fff07003506000002000000170600000ee50000bf250000000000002d350000000000006507000002000000070700004c0001fa0f75000000000000bf54000000000000070400000400f9ff3d1401000000000095000000000000000500000000000000950007000000000001722fabb733a0c857c7c4e704000000000000a04d1ffc187fa1a2ba7ba0c0d507b92de00435fd233cc0f0d9b2c312b68856656ca9caa2ee4dc258d72e690098804de235cf020e35245c9f5526d35df627a64ac7efde50fd7f1d8bae66ea38541a7cd29032de94983dfab0e5043daf1b46bef5135c65377bdbe65d525743d88ef4b2ee62652b07f8a4b6e6155cecc13a5ddfab726eca91bd5fecb254ab358488c400330171128be291297947d474c570a385a459db8e7ada8ee987cc0000f6f902b261848d74096636ab6d8c63c8d62861cbc38d1e6bef45e672ac3d3d5243b85b3b15c7499ff39a3dadcbfbea9e050fb6940344dfbeebbf3e7e37d0a9a387518f926fba75479eacd4f51aeb28b6c56a75144ef6df55a275799897ca0000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 3.865040171s ago: executing program 2 (id=2776): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = socket(0x1, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000000000000bfa30000000000000703000020feffff720af0fff8ffffff71a4f0ff0000000035040000500000001d400200000000006504040000ffffffb4030000000000001d440000000000007a0a00fe000000000f03000000000000b5000000000000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be3619111469d1143cdca7ee724e649737adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af2542ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b1100886475923906f88b53987ad0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d64364f56e24e6d2128c7e0ec82770c8204a1ddeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b90300ee7dfcb59b854e9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d3490dd97adab638cca595e487efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599ddd71063be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8c83c3d8cbfedc038395342846e1b207974e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfcd7ad0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f9212455318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0000cf70a91c76e8b14de02b884114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea52acb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae315c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbad8508f7550cad7ec93af7fb1b50c75ba1ee7baa19faf67256b56a355b6a686ba99d0a8950f0937f778af083e055f5138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c2811e32f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96735600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15ecb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b508310d8bd72d38864daa3ae81d6b0968d1d2867b91b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c179901000000000000805e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a003ebfbdc1f9be78537756ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a419aa095e203c1bafbb9b9a7c2bca311a28ee4952f2d325a56390578f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1e1979e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a508460f2d0455cf79a43746979f99f60037e84fb478199dc1020f4beb98b8074bf7df8b5e783637da7418fd3aa81cff202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abffff71a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a274000000000000000000000000000000000000000000000009dd14b38f2f4426d7cf5075047c31f6ce6adde305ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0d0274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc37f1eb4c62dded994e2d7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1ecbf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cbf5d6b6898335792747588d49df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d943622000000000000000000000000000000000000000000000000000000000000000000000000000000000000f112fc8a4942d7453cf29cbbef3a567ea0a2a8a0561dfb6cfe7f1812405e1a092b382adc0698c377b0a1f49afb6ba26f8e28cf68b0065857b36276931c318cb84f748a26c4d81a0322ce21e7d9c002006cf8ac6402e036cf9344a1cb1b8603276000144268a0aa584a92188f55318dde1d1b09319c00d0de3471ab4243ac0f49516a690c514ba6449f0a804fcac3f30bf4a933d32c889283aa092cca9aa349b624c5ed2b66fa0439f54f83c9ff8be083221609c8696433da46c91ac52e5b1d159daed1af0cda0ee05ae770a7ea467d5602b441e748b7f22496f8453fb6b7cc2dd3a8ce15fd76387fc02d4e2b7b4502a80000000000000000000000000000000000000000e046c0756c0955a81165e4212a1a58334fe51269f228ad32fba2bdae0172278d3bb48c370f6b59c0c7ba9b0aaae317d3f8104fd696bc76"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 3.757564898s ago: executing program 2 (id=2778): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000380)='contention_end\x00', r0}, 0x10) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) close(r1) 3.706091111s ago: executing program 2 (id=2780): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000001340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x3, 0x0, 0x8, 0x0, 0x1, 0x0, 'syz1\x00', &(0x7f0000000180)=['r\x0e\x81|\x0f\xa3\x8a\xb9\x8c\x94\x04\x17\v\rh\x10'], 0x10}) r2 = openat$autofs(0xffffff9c, &(0x7f0000000000), 0x200142, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x11) ioctl$TCGETS(r3, 0x5401, &(0x7f00000000c0)) socket$netlink(0x10, 0x3, 0xc) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r4, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[], 0x4b0}}, 0x0) r5 = dup(r2) write$binfmt_misc(r5, 0x0, 0x0) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0x1) socket$inet(0x2, 0x1, 0x0) mount$nfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="040000"]) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x801) r6 = socket$inet6(0xa, 0x806, 0x0) bind$inet6(r6, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r6, 0x3) r7 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r7, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) r8 = accept4(r6, 0x0, 0x0, 0x0) recvmmsg(r7, &(0x7f0000007940), 0x55, 0x0, 0x0) sendmmsg(r8, &(0x7f0000001500), 0x588, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="600000000206050000000000000000000000000005000400000000000900020073797a3200000000140007800800064000006a000800084000005fdc0500050002000000050001000600000011000300686173683a6970"], 0x60}}, 0x0) 2.589781459s ago: executing program 5 (id=2799): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_int(r0, 0x1, 0x26, &(0x7f0000000080)=0x8, 0x4) 2.511868989s ago: executing program 2 (id=2801): sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="78000000070a01020000000000000b000a0000060900010073797a31000000005800048054000180090001006d6574610000000044000280080001400000000c080003400000000008000240000000140800014000000003080001400000000b080001400000001208"], 0x78}, 0x1, 0x0, 0x0, 0x40080}, 0x30048050) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0) 2.421594691s ago: executing program 5 (id=2803): r0 = syz_open_dev$vim2m(&(0x7f0000000340), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc04c565d, &(0x7f0000000100)=@mmap={0x8, 0x1, 0x4, 0x10000, 0x200, {}, {0x2, 0x2, 0xfe, 0x2, 0x5, 0x8, "4d09aca7"}, 0x2, 0x1, {}, 0x1004}) 2.371244129s ago: executing program 2 (id=2804): bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000be", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00'], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000280)='ext4_mb_release_group_pa\x00'}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x866, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000000)='GPL\x00', 0xb, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f00000002c0), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000001180)) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000008850000007600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000fc0)=@mangle={'mangle\x00', 0x64, 0x6, 0x65c, 0x424, 0x1cc, 0x2e4, 0x2e4, 0x424, 0x594, 0x594, 0x594, 0x594, 0x594, 0x6, 0x0, {[{{@uncond, 0x0, 0xa4, 0xec}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0xa4, 0xe0}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xf4, 0x118, 0x0, {}, [@common=@unspec=@connmark={{0x2c}}, @common=@inet=@socket1={{0x24}}]}, @HL={0x24, 'HL\x00', 0x0, {0x2, 0x8}}}, {{@uncond, 0x0, 0x11c, 0x140, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}}]}, @inet=@DSCP={0x24}}, {{@uncond, 0x0, 0x134, 0x170, 0x0, {}, [@common=@dst={{0x48}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x6b8) 2.35102328s ago: executing program 1 (id=2805): keyctl$set_reqkey_keyring(0xe, 0x5) request_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000040)='\x00\xb2\xd1)\xda\xff|\xd1\x85b\xad77\x00\fJ\xfc\xb4\x1e\xae\xe8:`\xe9\x9ew\xf5l\xee\x8dg\xc2\'\x88\xe9\xf3\x05\xe02\xe6\v_\xe9\x89\x86s\x8dh#$\xe4\xb1\xd0\x93\xceh\xfcsP)\xd9\xce\x19+?\xc6\xf7\xc0[G\x15\xde-x\xa9\xe5,\xec\xf6\xfb\xc9~2\xa1\xeb\xb3Pp\x93\x90\x17\xb2\x95\xe7\r\xae^\x92n\xbd\xf3\xb1\xac\xe3sf\xc9X\x05j:\xb6~\xa6#\xbf\x06t\xf2\xb5gd\xd7\xcc\"A_\xecu\xe8\x84\xe3\x92J\xaa!\xae\xa2\xd7\xf3\xc6J\xb9i\x9d\xb4{\xee\xf0|\xd9\x05\xaa\xbb\xfe\x12\xa0\xbb\xecY\x0f \xa3\xba?#\x90\x8c,nNQ\xa1\xed', 0x0) 2.277759446s ago: executing program 5 (id=2806): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f00000003c0)={0xa, 0x4e21, 0x0, @private0={0xfc, 0x0, '\x00', 0x80}, 0x5}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000000)="7f", 0x1}], 0x1}}], 0x1, 0x0) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="020000000980", 0x6) 2.211764037s ago: executing program 1 (id=2807): setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x42041) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="0203100802"], 0x10}}, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000340)='oom_score_adj\x00') preadv(r2, &(0x7f0000000040)=[{&(0x7f00000011c0)=""/4096, 0x1000}, {0x0}], 0x2, 0xc, 0xea) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a"], 0xfc}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0) close(0x3) close(0x4) openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000040)='devices.allow\x00', 0x2, 0x0) ioctl$SNDCTL_SEQ_GETOUTCOUNT(r0, 0x80045104, &(0x7f0000000080)) 1.64472884s ago: executing program 0 (id=2812): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(r0, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000001f80)=""/152, 0x98, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000a00)=""/87, 0x57, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000840)=""/211, 0xd3, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f00000003c0)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x48) 1.540211472s ago: executing program 3 (id=2814): sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="78000000070a01020000000000000b000a0000060900010073797a31000000005800048054000180090001006d6574610000000044000280080001400000000c080003400000000008000240000000140800014000000003080001400000000b080001400000001208"], 0x78}, 0x1, 0x0, 0x0, 0x40080}, 0x30048050) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0) 1.497578126s ago: executing program 3 (id=2815): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0) clock_nanosleep(0x9, 0x0, &(0x7f00000007c0)={0x0, 0x989680}, 0x0) bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x0, 0x2}, 0xe) bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)=@generic={&(0x7f0000000000)='./file0\x00'}, 0x18) accept4$inet(0xffffffffffffffff, 0x0, &(0x7f0000000080), 0x40000) 1.40981529s ago: executing program 0 (id=2816): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000013c0)) read$dsp(r0, &(0x7f0000000440)=""/171, 0xab) 1.405330153s ago: executing program 5 (id=2817): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000002000)={0x0, 0x0, &(0x7f0000001fc0)={&(0x7f0000001ec0)={0x24, 0x0, 0x9, 0x401, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFCTH_TUPLE={0x4}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000004}, 0x80) 1.365005841s ago: executing program 3 (id=2818): syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x0, 0x2043}}}, 0x7) openat$mice(0xffffffffffffff9c, 0x0, 0x204001) 1.289759583s ago: executing program 5 (id=2819): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0}, 0x10) fanotify_mark(0xffffffffffffffff, 0x1, 0x8000021, 0xffffffffffffffff, 0x0) 1.289513084s ago: executing program 3 (id=2820): r0 = openat$fb0(0xffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$FBIOPUTCMAP(r0, 0x4605, &(0x7f0000000140)={0x2, 0x3, &(0x7f0000000040)=[0xffff, 0x9, 0x6], &(0x7f0000000080), &(0x7f00000000c0), 0x0}) 1.259999837s ago: executing program 1 (id=2821): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_cmd={0x25, 0x55, 0x8, 0x6, 0x10, 0x7, 0x5a, 0x7, 0x2, 0x1, 0x7, 0x8, 0x19, 0x7, 0x7, 0x6, [0x2, 0x3ff]}}) 1.249820179s ago: executing program 0 (id=2822): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000640)=ANY=[@ANYBLOB="61129700000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000150700000fff07003506000002000000170600000ee50000bf250000000000002d350000000000006507000002000000070700004c0001fa0f75000000000000bf54000000000000070400000400f9ff3d1401000000000095000000000000000500000000000000950007000000000001722fabb733a0c857c7c4e704000000000000a04d1ffc187fa1a2ba7ba0c0d507b92de00435fd233cc0f0d9b2c312b68856656ca9caa2ee4dc258d72e690098804de235cf020e35245c9f5526d35df627a64ac7efde50fd7f1d8bae66ea38541a7cd29032de94983dfab0e5043daf1b46bef5135c65377bdbe65d525743d88ef4b2ee62652b07f8a4b6e6155cecc13a5ddfab726eca91bd5fecb254ab358488c400330171128be291297947d474c570a385a459db8e7ada8ee987cc0000f6f902b261848d74096636ab6d8c63c8d62861cbc38d1e6bef45e672ac3d3d5243b85b3b15c7499ff39a3dadcbfbea9e050fb6940344dfbeebbf3e7e37d0a9a387518f926fba75479eacd4f51aeb28b6c56a75144ef6df55a275799897ca000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1.169642996s ago: executing program 0 (id=2823): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f00000006c0)=ANY=[@ANYBLOB="b40800000000000073114100000000008510000002000000b7000000000000009500c2000000000095000012000000000e09b9445761db3ed82f7be4b9f1628b9a5c40384cb45e62e827e611f21a01a76f66f616553959b478ad3c46bb20e558783b21dd5307760617deec8b1b75c00853ee69e33ba2c01c28950365dd46fcc9f2ac6d20197fd68292e8445824f49b6fba41a316e13e462e31ca00d2622d56318d78e271d364329e7ae732bf8dade587bb30d67e23f78662621b74aabfd8eaf399893bab50fed33101f5a1085f991877907bd6117db675155932860499977f7384a8d94e810492c284fc7cc784ed942bf11d72897a7896f5f8c957984312e9d39eaa478a3065afd52404cb058b"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r2}, 0x10) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) close(r4) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0xffffff80, &(0x7f0000000000)='cgroup\x00'}, 0x18) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) close(r5) bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r1, 0x0, 0x0}, 0x10) bpf$LINK_DETACH(0x22, &(0x7f0000001ac0)=r5, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 1.169502892s ago: executing program 1 (id=2824): r0 = openat$fb0(0xffffff9c, &(0x7f0000000380), 0x60000, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f00000003c0)={0xc80, 0x300, 0x640, 0xf4a91d753ffeb945, 0xbe2, 0xf, 0x4, 0x0, {0x8000, 0x1, 0x1}, {0x0, 0x8}, {0x7fffffff, 0x7c, 0x1}, {0xfffffffd, 0x9, 0x1}, 0x3, 0x100, 0x9, 0xa, 0x1, 0x6, 0x2, 0x6, 0x0, 0x9, 0x7ff, 0x20, 0x20, 0x2, 0x2, 0x7}) 1.169402299s ago: executing program 3 (id=2825): sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="78000000070a01020000000000000b000a0000060900010073797a31000000005800048054000180090001006d6574610000000044000280080001400000000c080003400000000008000240000000140800014000000003080001400000000b080001400000001208"], 0x78}, 0x1, 0x0, 0x0, 0x40080}, 0x30048050) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0) 1.169139284s ago: executing program 5 (id=2826): bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r1, 0x0, 0x0) r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x18b801, 0x0) r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x22002, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r7 = syz_open_dev$I2C(&(0x7f0000003000), 0x0, 0x0) r8 = openat$uhid(0xffffffffffffff9c, &(0x7f0000001900), 0x802, 0x0) write$UHID_CREATE2(r8, &(0x7f00000005c0)=ANY=[@ANYBLOB="0b00000073797a310000000000000000e90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000080"], 0x119) ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x28) r9 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x13, 0x16, &(0x7f0000000480)=ANY=[@ANYRES64=r7, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000df1bfcff01000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008200000b70300000000000085000000060000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x8, 0xff6, &(0x7f0000001940)=""/4086, 0x41100, 0x2, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x4, 0x5}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, r4, 0xa, &(0x7f0000000540)=[0xffffffffffffffff], &(0x7f0000000700)=[{0x3, 0x1, 0x6, 0x56f0e95fa46824de}, {0x1, 0x1, 0x4, 0x3}, {0x4, 0x1, 0x4, 0x9}, {0x0, 0x4, 0x2, 0xa}, {0x5, 0x2, 0xa, 0xa}, {0x1, 0x5, 0xd, 0x7}, {0x3, 0x2, 0x6, 0x8}, {0x2, 0x3, 0x0, 0x3}, {0x5, 0x1, 0x8, 0xc}, {0x3, 0x4, 0xe}], 0x10, 0xfffff004, @void, @value}, 0x94) ioctl$UI_ABS_SETUP(r9, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) write$uinput_user_dev(r9, &(0x7f0000000800)={'syz1\x00', {0x0, 0x0, 0x4}, 0x26, [0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x0, 0x1000, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb19], [0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000]}, 0x45c) ioctl$UI_SET_EVBIT(r9, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r9, 0x5501) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f00000000c0)=0x3700000) close_range(r2, 0xffffffffffffffff, 0x0) 1.140186269s ago: executing program 0 (id=2827): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f00000003c0)={0xa, 0x4e21, 0x0, @private0={0xfc, 0x0, '\x00', 0x80}, 0x5}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000000)="7f", 0x1}], 0x1}}], 0x1, 0x0) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="020000000980", 0x6) 1.078053293s ago: executing program 3 (id=2828): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000180)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) prlimit64(0x0, 0xe, 0x0, 0x0) 869.64771ms ago: executing program 1 (id=2829): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000002004000b7080000000000007b8af8ff00000000b7080000000200007b8af0ff00000000bfa100000000000007010000f8"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f0000000480)=[{0x0, 0x1, 0xa, 0xb}, {0x2, 0x2, 0xf, 0x7}, {0x7, 0x2, 0x13}, {0x5, 0x5, 0x5, 0x9}, {0x2, 0x3, 0x9}, {0x1, 0x4, 0x9, 0x2}], 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000400)={0x0, 0x0}) syz_io_uring_setup(0x10d, &(0x7f0000000140), 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000200)=ANY=[], 0x125) r3 = memfd_create(&(0x7f0000000000)='\t^\x1ax1\xc7\xbe\xa1\xc6F\xfa\x9cq\xb1w&\xdfP\xba\xdf\xf9F\xc1\xd4x\xaa\x92~srQ\xeaS\x88\xad\xd1Js\\\xb2\xc5\xed\xe8\x7f\xdc(\x01\xcey\xc7\x15?\n\xad\xe7R\x9e\xe1K\xfd\xc95f@O}\\\xdd\xca!;\xf38\'D9\xcb\xda\xa1\xc1p\xd4)\x18x\x17\xab7\x06\x9f\xe3X\v\xf2\xcc\x05\xb4( m\xde\x0f\xf3\xf8\x1b\vW\x00\x90\x01\xfe\x1e<\xabL-3\xe6\x81V\x8d3\x1b$\x0e\x00\x00\x00\x00\x00\x00\x94&\xac\x88\x95\xff\xda\x14d\xcbx\bx\x95\xab\xcb@\x8d\xa0\xe4I\xff\x87\x90\xd9\x89O\x98\x90\x86\xff\xcc\xc1\xf5\r\xea\x19c\xba\xa9\"d$\x01h\x0f&/B\xa5\x18%\xc7\x00\x17\x00\x00sH\xc7ex#\xb0\xe4\x1b\xce\x0f\xear,-\n\xe6gB#\x8ch=:F$\xe6\x87\xf0AF\xd5\x84c\xd5\xd5(\xb3\xac\x9b\x80\x81y\xf1\a\x0f \xbb\xfa\xd3\x88\xad=5J\x13>u\x8c\x00\x00\x00\x00\xff\xff\xff\xff\xb8~\xaa-\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\xdf\xcf\b\x9f\xb6\xf2\x84\xbag\xe5.\xe4\x1f\xb3\xf4\xc6\xad\x06\x1btb\"\x87\x0f\xd7\xf9\x10~\xdc7\xe7\xdc\x11\xd8?\x040\xc5%%\x1c\x8d\xe0\xb99\x10\x11\x84\xbb\xa9\x9em\x1d\xfd\xd4\xcf\x8cH\xa6\x980\xadg\x9b\x8b$\x0e\x04\xd8\xaa\x17\xac\xf4\xda\xd0z\x87H\x03Du\x91\x839\xec\xd7\xde\xf2P\xf6dj-b\x84\x18\xe9\fy`\xca\x86Za7\xe4P\x95B\xeefTdk\x83\xcc\xa4\xa5\b\x1e\x998\x042\xb2\xdd\x8a\xea\xefQ\xf3-Z\a\xd3\xbb\xd5\x80\xb7\v\xa9\xae*\xca\xd90\xc8\xf4_\xe9N7*K:\xe1\xa4\xf7G\a\xd4Q\f7\xdeK,&\xf8\xe7\xffj\xd1\xae\xa1\x04\xf9\xd5\xc5\\\xcc:\xb1\xa70\x84\xf72 \xd1\xcb}Ky\xa5\x9bx&\xad\xf0U\x1aK\x8bN\xcd\xf50\xa3\xc7\xee\x7f\x1a#\xc9\xb3^\xdd/\x13\xb6\xe9%\xed\x04\xf4o}\x17U\x16C\xb2\xea7C\xb6fH$\xd6\xeb\x03\xd2\xa9\xa0\x9a\x93\xed-S\xe5p\xa28*\x98C\xa9\xf5\xf1*\xaa3\xb9\x88\xb3E\x03\x06\xf7\xa7', 0xa) fchmod(r3, 0x184) r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0x0, [{}, {0x6}, {0x1}, {0x2}, {}, {}, {0x0, 0x40000000}, {0x0, 0x7}], 0x0, 0x0, 0x0, 0x2}}) 97.15277ms ago: executing program 0 (id=2830): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000380)) 0s ago: executing program 1 (id=2831): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000300)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f00000003c0)=[@increfs], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x8, 0x0, &(0x7f0000000200)=[@decrefs={0x400c6313}], 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): i_hcd: connection closed [ 101.266797][ T7358] vhci_hcd: stop threads [ 101.270093][ T7358] vhci_hcd: release socket [ 101.270125][ T7358] vhci_hcd: disconnect device [ 101.345379][ T8711] 9pnet_fd: Insufficient options for proto=fd [ 102.325529][ T27] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x4 [ 102.327135][ T27] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x2 [ 102.328831][ T27] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x3 [ 102.331606][ T27] hid-generic 0000:3000000:0000.0003: hidraw0: HID v0.00 Device [sy] on syz0 [ 102.397985][ T8743] 9pnet_fd: Insufficient options for proto=fd [ 102.470448][ T8745] ieee802154 phy0 wpan0: encryption failed: -22 [ 102.571504][ T8757] xt_hashlimit: max too large, truncated to 1048576 [ 102.845381][ T8772] 9pnet_fd: Insufficient options for proto=fd [ 102.883531][ T8775] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 102.906312][ T8775] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 102.925806][ T8770] sch_tbf: peakrate 8 is lower than or equals to rate 12 ! [ 102.937703][ T8769] netlink: 44 bytes leftover after parsing attributes in process `syz.3.925'. [ 103.060311][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x1 [ 103.063409][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.065494][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.067791][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.071330][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.073132][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.075812][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.077721][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.078286][ T8788] netlink: 40 bytes leftover after parsing attributes in process `syz.4.933'. [ 103.081447][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.083535][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.085160][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.086818][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.088469][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.092815][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.094831][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.096833][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.098377][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.103729][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.107519][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.111390][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.115174][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.118151][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.122797][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.124533][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.126558][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.128453][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.130920][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.132698][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.134498][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.136846][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.138594][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.140206][ T25] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 103.144812][ T25] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz0 [ 103.639923][ T8820] loop2: detected capacity change from 0 to 2048 [ 103.655230][ T8826] 9pnet_fd: Insufficient options for proto=fd [ 104.062854][ T8851] netlink: 108 bytes leftover after parsing attributes in process `syz.1.964'. [ 104.076505][ T8851] netlink: 108 bytes leftover after parsing attributes in process `syz.1.964'. [ 104.078439][ T8851] netlink: 84 bytes leftover after parsing attributes in process `syz.1.964'. [ 104.090078][ T8851] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 104.442402][ T8857] 9pnet_fd: Insufficient options for proto=fd [ 104.568862][ T8851] netlink: 'syz.1.964': attribute type 29 has an invalid length. [ 104.769001][ T8859] loop4: detected capacity change from 0 to 128 [ 104.861079][ T8859] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 104.961910][ T6426] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 104.998383][ T8871] veth0_virt_wifi: entered promiscuous mode [ 105.075923][ T8871] veth0_virt_wifi: left promiscuous mode [ 105.112520][ T8889] loop4: detected capacity change from 0 to 1024 [ 105.136424][ T8889] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.155809][ T8889] EXT4-fs error (device loop4): ext4_xattr_ibody_get:653: inode #2: comm syz.4.978: corrupted in-inode xattr: bad e_name length [ 105.226269][ T6426] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2793: inode #2: comm syz-executor: corrupted in-inode xattr: bad e_name length [ 105.283325][ T8893] 9pnet_fd: Insufficient options for proto=fd [ 105.315235][ T6426] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 105.326883][ T6426] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 105.703790][ T8915] loop2: detected capacity change from 0 to 2048 [ 105.743181][ T8918] 9pnet_fd: Insufficient options for proto=fd [ 105.746503][ T8915] Alternate GPT is invalid, using primary GPT. [ 105.748124][ T8915] loop2: p1 p2 p3 [ 105.782546][ T6426] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.012987][ T8141] udevd[8141]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 106.026464][ T7959] udevd[7959]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 106.041732][ T7945] udevd[7945]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 106.083724][ T30] kauditd_printk_skb: 163 callbacks suppressed [ 106.083743][ T30] audit: type=1326 audit(106.060:1307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.2.999" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 106.093605][ T30] audit: type=1326 audit(106.070:1308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.2.999" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 106.098058][ T30] audit: type=1326 audit(106.070:1309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.2.999" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 106.108594][ T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 106.117556][ T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 106.130029][ T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 106.132609][ T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 106.135331][ T30] audit: type=1326 audit(106.070:1310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.2.999" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 106.142093][ T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 106.144037][ T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 106.170036][ T30] audit: type=1326 audit(106.070:1311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.2.999" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 106.174416][ T30] audit: type=1326 audit(106.080:1312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.2.999" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 106.198717][ T30] audit: type=1326 audit(106.080:1313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.2.999" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 106.210955][ T30] audit: type=1326 audit(106.080:1314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.2.999" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 106.218754][ T30] audit: type=1326 audit(106.080:1315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.2.999" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 106.223323][ T30] audit: type=1326 audit(106.080:1316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.2.999" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 106.253179][ T200] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.381347][ T200] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.433760][ T8953] loop3: detected capacity change from 0 to 1024 [ 106.435554][ T8953] EXT4-fs: Ignoring removed nomblk_io_submit option [ 106.446666][ T8953] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.470808][ T8957] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1004'. [ 106.479739][ T6423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.511745][ T200] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.604766][ T8969] 9pnet_fd: Insufficient options for proto=fd [ 106.679548][ T8975] netlink: 'syz.2.1013': attribute type 3 has an invalid length. [ 106.716155][ T200] team0: Port device netdevsim0 removed [ 106.727339][ T200] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.844789][ T8983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1016'. [ 106.855036][ T8990] 9pnet_fd: Insufficient options for proto=fd [ 106.964041][ T8939] chnl_net:caif_netlink_parms(): no params data found [ 107.072893][ T200] bridge_slave_1: left allmulticast mode [ 107.072967][ T200] bridge_slave_1: left promiscuous mode [ 107.074180][ T200] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.112858][ T200] bridge_slave_0: left allmulticast mode [ 107.114113][ T200] bridge_slave_0: left promiscuous mode [ 107.115355][ T200] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.637773][ T9048] netlink: 'syz.3.1035': attribute type 1 has an invalid length. [ 107.643215][ T9048] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1035'. [ 108.121190][ T9072] IPVS: set_ctl: invalid protocol: 51 172.20.20.57:20003 [ 108.180231][ T6437] Bluetooth: hci3: command tx timeout [ 108.752134][ T200] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 108.792126][ T200] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 108.846020][ T200] bond0 (unregistering): Released all slaves [ 108.855779][ T9028] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1031'. [ 108.858081][ T8939] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.860487][ T8939] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.862166][ T8939] bridge_slave_0: entered allmulticast mode [ 108.864065][ T8939] bridge_slave_0: entered promiscuous mode [ 108.943509][ T8939] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.945054][ T8939] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.947357][ T8939] bridge_slave_1: entered allmulticast mode [ 108.976387][ T8939] bridge_slave_1: entered promiscuous mode [ 109.111833][ T8939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.132793][ T8939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.284901][ T9110] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1058'. [ 109.304245][ T9112] wireguard0: entered promiscuous mode [ 109.305446][ T9112] wireguard0: entered allmulticast mode [ 109.441689][ T8939] team0: Port device team_slave_0 added [ 109.482977][ T8939] team0: Port device team_slave_1 added [ 109.507612][ T8939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.511841][ T8939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.517177][ T8939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.522356][ T8939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.527199][ T8939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.533396][ T8939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.743919][ T8939] hsr_slave_0: entered promiscuous mode [ 109.802149][ T8939] hsr_slave_1: entered promiscuous mode [ 109.839244][ T8939] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 109.845747][ T8939] Cannot create hsr debugfs directory [ 109.863010][ T9150] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1068'. [ 109.923802][ T9156] netlink: 240 bytes leftover after parsing attributes in process `syz.1.1071'. [ 110.084538][ T200] hsr_slave_0: left promiscuous mode [ 110.119605][ T200] hsr_slave_1: left promiscuous mode [ 110.196550][ T200] veth1_macvtap: left promiscuous mode [ 110.197965][ T200] veth0_macvtap: left promiscuous mode [ 110.199332][ T200] veth1_vlan: left promiscuous mode [ 110.200563][ T200] veth0_vlan: left promiscuous mode [ 110.258778][ T6437] Bluetooth: hci3: command tx timeout [ 111.962878][ T200] team0 (unregistering): Port device team_slave_1 removed [ 112.122424][ T200] team0 (unregistering): Port device team_slave_0 removed [ 112.338762][ T6437] Bluetooth: hci3: command tx timeout [ 114.282630][ T9157] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1070'. [ 114.360670][ T9169] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1076'. [ 114.365127][ T9171] pimreg: entered allmulticast mode [ 114.377726][ T9173] pimreg: left allmulticast mode [ 114.419664][ T6437] Bluetooth: hci3: command tx timeout [ 114.445975][ T30] kauditd_printk_skb: 96 callbacks suppressed [ 114.445991][ T30] audit: type=1326 audit(114.420:1413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9186 comm="syz.0.1082" exe="/root/syz-executor" sig=9 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c94d528 code=0x0 [ 114.530052][ T9194] binfmt_misc: register: failed to install interpreter file ./file0 [ 114.635073][ T9200] loop3: detected capacity change from 0 to 1024 [ 114.635582][ T8939] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 114.639184][ T9200] EXT4-fs: Ignoring removed bh option [ 114.642455][ T9200] EXT4-fs: inline encryption not supported [ 114.648385][ T9200] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 114.652608][ T8939] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 114.655675][ T9200] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 114.671339][ T8939] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 114.682900][ T9200] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.1085: Invalid block bitmap block 0 in block_group 0 [ 114.694124][ T9200] Quota error (device loop3): write_blk: dquota write failed [ 114.702174][ T8939] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 114.703667][ T9200] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 114.713169][ T9200] EXT4-fs error (device loop3): ext4_acquire_dquot:6879: comm syz.3.1085: Failed to acquire dquot type 0 [ 114.737442][ T9200] EXT4-fs error (device loop3): ext4_free_blocks:6589: comm syz.3.1085: Freeing blocks not in datazone - block = 0, count = 4096 [ 114.744430][ T9200] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.1085: Invalid inode bitmap blk 0 in block_group 0 [ 114.748589][ T9200] EXT4-fs error (device loop3) in ext4_free_inode:360: Corrupt filesystem [ 114.750975][ T4621] Quota error (device loop3): do_check_range: Getting block 0 out of range 1-8 [ 114.751216][ T9200] EXT4-fs (loop3): 1 orphan inode deleted [ 114.753585][ T4621] EXT4-fs error (device loop3): ext4_release_dquot:6902: comm kworker/u8:7: Failed to release dquot type 0 [ 114.754581][ T9200] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 114.827263][ T9218] loop2: detected capacity change from 0 to 512 [ 114.858014][ T9218] EXT4-fs error (device loop2): ext4_orphan_get:1414: comm syz.2.1089: bad orphan inode 13 [ 114.864077][ T8939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.866689][ T6423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.875814][ T9218] ext4_test_bit(bit=12, block=4) = 1 [ 114.901685][ T9218] is_bad_inode(inode)=0 [ 114.902838][ T9218] NEXT_ORPHAN(inode)=0 [ 114.903682][ T9218] max_ino=32 [ 114.906003][ T8939] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.917672][ T9218] i_nlink=1 [ 114.923066][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.924738][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.927032][ T9218] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 114.956978][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.958550][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.976105][ T8939] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 114.978326][ T8939] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 115.130274][ T6427] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.143490][ T8939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.246880][ T25] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 115.253055][ T25] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 115.365246][ T8939] veth0_vlan: entered promiscuous mode [ 115.384883][ T8939] veth1_vlan: entered promiscuous mode [ 115.403896][ T30] audit: type=1326 audit(115.380:1414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9254 comm="syz.0.1093" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 115.404291][ T8939] veth0_macvtap: entered promiscuous mode [ 115.420791][ T8939] veth1_macvtap: entered promiscuous mode [ 115.420991][ T30] audit: type=1326 audit(115.380:1415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9254 comm="syz.0.1093" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 115.435047][ T8939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 115.435112][ T30] audit: type=1326 audit(115.390:1416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9254 comm="syz.0.1093" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 115.439518][ T8939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.447983][ T8939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 115.451595][ T30] audit: type=1326 audit(115.390:1417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9254 comm="syz.0.1093" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 115.451805][ T8939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.464676][ T8939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 115.466063][ T30] audit: type=1326 audit(115.390:1418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9254 comm="syz.0.1093" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 115.469314][ T8939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.478145][ T30] audit: type=1326 audit(115.390:1419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9254 comm="syz.0.1093" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 115.480586][ T8939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 115.492985][ T8939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.497499][ T8939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.502305][ T8939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.506828][ T8939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.512738][ T8939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.517270][ T8939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.522490][ T8939] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 115.537040][ T8939] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.540950][ T8939] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.543040][ T8939] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.544838][ T8939] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.553343][ T9262] IPv6: NLM_F_CREATE should be specified when creating new route [ 115.646392][ T7358] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.653089][ T7358] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.702187][ T44] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.712779][ T44] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.738017][ T9275] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1098'. [ 115.932729][ T9292] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1100'. [ 116.468837][ T9326] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1111'. [ 116.761349][ T9346] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1119'. [ 116.937492][ T9359] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1122'. [ 117.024181][ T9365] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1125'. [ 117.265227][ T9393] loop5: detected capacity change from 0 to 512 [ 117.270106][ T9393] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 117.286070][ T9393] EXT4-fs (loop5): 1 truncate cleaned up [ 117.293299][ T9393] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 117.335500][ T9401] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1134'. [ 117.346075][ T8939] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.396651][ T9394] loop3: detected capacity change from 0 to 128 [ 117.530285][ T9410] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1137'. [ 119.493950][ T9521] __nla_validate_parse: 7 callbacks suppressed [ 119.493968][ T9521] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1175'. [ 119.627126][ T9529] loop5: detected capacity change from 0 to 1764 [ 119.672108][ T9537] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1181'. [ 119.674047][ T9537] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1181'. [ 119.806320][ T30] kauditd_printk_skb: 91 callbacks suppressed [ 119.806336][ T30] audit: type=1326 audit(119.780:1511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9547 comm="syz.3.1189" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9254d528 code=0x7ffc0000 [ 119.836376][ T30] audit: type=1326 audit(119.780:1512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9547 comm="syz.3.1189" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9254d528 code=0x7ffc0000 [ 119.858724][ T30] audit: type=1326 audit(119.780:1513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9547 comm="syz.3.1189" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=107 compat=0 ip=0xffff9254d528 code=0x7ffc0000 [ 119.863105][ T30] audit: type=1326 audit(119.780:1514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9547 comm="syz.3.1189" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9254d528 code=0x7ffc0000 [ 119.872969][ T30] audit: type=1326 audit(119.790:1515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9547 comm="syz.3.1189" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9254d528 code=0x7ffc0000 [ 119.888959][ T30] audit: type=1326 audit(119.790:1516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9547 comm="syz.3.1189" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9254d528 code=0x7ffc0000 [ 119.893388][ T30] audit: type=1326 audit(119.790:1517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9547 comm="syz.3.1189" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9254d528 code=0x7ffc0000 [ 119.897738][ T30] audit: type=1326 audit(119.790:1518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9547 comm="syz.3.1189" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9254d528 code=0x7ffc0000 [ 119.913547][ T30] audit: type=1326 audit(119.790:1519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9547 comm="syz.3.1189" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9254d528 code=0x7ffc0000 [ 119.917882][ T30] audit: type=1326 audit(119.790:1520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9547 comm="syz.3.1189" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9254d528 code=0x7ffc0000 [ 119.983225][ T9566] loop5: detected capacity change from 0 to 512 [ 119.985074][ T9566] EXT4-fs: Ignoring removed bh option [ 119.986215][ T9566] ext4: Unknown parameter 'mask' [ 120.122215][ T9575] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1197'. [ 120.124338][ T9575] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1197'. [ 120.375718][ T9589] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1202'. [ 120.648726][ T9568] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1194'. [ 120.652356][ T9568] ksmbd: Unknown IPC event: 3, ignore. [ 120.724669][ T9597] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1208'. [ 120.726531][ T9597] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1208'. [ 120.905356][ T9610] IPVS: set_ctl: invalid protocol: 108 172.20.20.187:20003 [ 121.089127][ T9630] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1220'. [ 121.117464][ T9627] loop3: detected capacity change from 0 to 512 [ 121.178364][ T9627] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002] [ 121.182678][ T9627] System zones: 0-2, 18-18, 34-34 [ 121.190099][ T9627] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1218: bg 0: block 248: padding at end of block bitmap is not set [ 121.195925][ T9627] EXT4-fs error (device loop3): ext4_acquire_dquot:6879: comm syz.3.1218: Failed to acquire dquot type 1 [ 121.200623][ T9627] EXT4-fs (loop3): 1 truncate cleaned up [ 121.202470][ T9627] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.384222][ T6423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.461445][ T6504] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 122.483622][ T6504] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 122.745189][ T9716] loop1: detected capacity change from 0 to 2048 [ 122.812202][ T9177] Alternate GPT is invalid, using primary GPT. [ 122.819630][ T9177] loop1: p2 p3 p7 [ 122.855530][ T9716] Alternate GPT is invalid, using primary GPT. [ 122.857044][ T9716] loop1: p2 p3 p7 [ 122.951671][ T9177] udevd[9177]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 122.953943][ T9174] udevd[9174]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory [ 122.956976][ T9706] udevd[9706]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 123.032907][ T9706] udevd[9706]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 123.036697][ T9177] udevd[9177]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 123.045676][ T9174] udevd[9174]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory [ 123.755195][ T9786] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.1279' sets config #0 [ 123.961086][ T9816] wireguard0: entered promiscuous mode [ 123.962337][ T9816] wireguard0: entered allmulticast mode [ 124.017504][ T9809] hub 9-0:1.0: USB hub found [ 124.019387][ T9809] hub 9-0:1.0: 8 ports detected [ 124.161620][ T9831] loop1: detected capacity change from 0 to 256 [ 124.193917][ T9831] FAT-fs (loop1): Directory bread(block 64) failed [ 124.195585][ T9831] FAT-fs (loop1): Directory bread(block 65) failed [ 124.197178][ T9831] FAT-fs (loop1): Directory bread(block 66) failed [ 124.200103][ T9831] FAT-fs (loop1): Directory bread(block 67) failed [ 124.210631][ T9831] FAT-fs (loop1): Directory bread(block 68) failed [ 124.218973][ T9831] FAT-fs (loop1): Directory bread(block 69) failed [ 124.221918][ T9831] FAT-fs (loop1): Directory bread(block 70) failed [ 124.223496][ T9831] FAT-fs (loop1): Directory bread(block 71) failed [ 124.225007][ T9831] FAT-fs (loop1): Directory bread(block 72) failed [ 124.226535][ T9831] FAT-fs (loop1): Directory bread(block 73) failed [ 124.608520][ T9870] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 124.609909][ T9870] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 124.615219][ T9870] vhci_hcd vhci_hcd.0: Device attached [ 124.622115][ T9871] vhci_hcd: connection closed [ 124.630789][ T45] vhci_hcd: stop threads [ 124.632709][ T45] vhci_hcd: release socket [ 124.633625][ T45] vhci_hcd: disconnect device [ 124.804267][ T9888] __nla_validate_parse: 8 callbacks suppressed [ 124.804285][ T9888] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1313'. [ 124.840995][ T30] kauditd_printk_skb: 153 callbacks suppressed [ 124.841011][ T30] audit: type=1326 audit(124.820:1672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9891 comm="syz.5.1314" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb4d4d528 code=0x7ffc0000 [ 124.846750][ T30] audit: type=1326 audit(124.820:1673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9891 comm="syz.5.1314" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb4d4d528 code=0x7ffc0000 [ 124.851679][ T30] audit: type=1326 audit(124.820:1674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9891 comm="syz.5.1314" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb4d4d528 code=0x7ffc0000 [ 124.858268][ T30] audit: type=1326 audit(124.820:1675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9891 comm="syz.5.1314" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb4d4d528 code=0x7ffc0000 [ 124.862892][ T30] audit: type=1326 audit(124.820:1676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9891 comm="syz.5.1314" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb4d4d528 code=0x7ffc0000 [ 124.875512][ T30] audit: type=1326 audit(124.820:1677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9891 comm="syz.5.1314" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb4d4d528 code=0x7ffc0000 [ 124.885409][ T30] audit: type=1326 audit(124.820:1678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9891 comm="syz.5.1314" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=447 compat=0 ip=0xffffb4d4d528 code=0x7ffc0000 [ 124.894585][ T30] audit: type=1326 audit(124.820:1679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9891 comm="syz.5.1314" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb4d4d528 code=0x7ffc0000 [ 124.956088][ T9900] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1317'. [ 124.957878][ T9900] ksmbd: Unknown IPC event: 3, ignore. [ 125.028572][ T9906] Invalid ELF header magic: != ELF [ 125.104479][ T9908] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 125.206417][ T9915] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1324'. [ 125.505675][ T9920] bridge0: port 3(hsr_slave_1) entered blocking state [ 125.507219][ T9920] bridge0: port 3(hsr_slave_1) entered disabled state [ 125.509050][ T9920] hsr_slave_1: entered allmulticast mode [ 125.510977][ T9920] hsr_slave_1: left allmulticast mode [ 125.526026][ T9933] loop3: detected capacity change from 0 to 1024 [ 125.643402][ T9933] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 125.673450][ T9948] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 125.677792][ T9948] netlink: 'syz.0.1332': attribute type 10 has an invalid length. [ 125.690005][ T9933] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 125.700163][ T9948] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 125.731931][ T9955] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1335'. [ 125.761837][ T6423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.792386][ T9953] loop1: detected capacity change from 0 to 128 [ 125.951538][ T2344] ieee802154 phy0 wpan0: encryption failed: -22 [ 126.226364][ T9992] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1347'. [ 126.277359][ T9996] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1349'. [ 126.625479][T10023] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1359'. [ 126.687988][ T30] audit: type=1326 audit(126.660:1680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10026 comm="syz.0.1361" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 126.700851][ T30] audit: type=1326 audit(126.670:1681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10026 comm="syz.0.1361" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 126.719469][T10028] pim6reg1: entered promiscuous mode [ 126.721080][T10028] pim6reg1: entered allmulticast mode [ 126.747103][T10031] xt_CT: You must specify a L4 protocol and not use inversions on it [ 126.971771][T10048] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1370'. [ 127.914798][T10125] loop2: detected capacity change from 0 to 164 [ 127.923233][T10125] ISOFS: Unable to identify CD-ROM format. [ 128.118975][T10143] loop5: detected capacity change from 0 to 256 [ 128.171515][T10143] FAT-fs (loop5): Directory bread(block 64) failed [ 128.175403][T10143] FAT-fs (loop5): Directory bread(block 65) failed [ 128.176820][T10143] FAT-fs (loop5): Directory bread(block 66) failed [ 128.178081][T10143] FAT-fs (loop5): Directory bread(block 67) failed [ 128.199245][T10143] FAT-fs (loop5): Directory bread(block 68) failed [ 128.200644][T10143] FAT-fs (loop5): Directory bread(block 69) failed [ 128.201957][T10143] FAT-fs (loop5): Directory bread(block 70) failed [ 128.203293][T10143] FAT-fs (loop5): Directory bread(block 71) failed [ 128.204640][T10143] FAT-fs (loop5): Directory bread(block 72) failed [ 128.205950][T10143] FAT-fs (loop5): Directory bread(block 73) failed [ 128.636172][T10178] loop3: detected capacity change from 0 to 512 [ 128.638046][T10178] EXT4-fs: Ignoring removed mblk_io_submit option [ 128.681553][T10178] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.770862][ T6423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.255905][T10225] tipc: Started in network mode [ 129.257058][T10225] tipc: Node identity a6ad99f0f4d5, cluster identity 4711 [ 129.280452][T10225] tipc: Enabled bearer , priority 7 [ 129.360322][T10224] tipc: Disabling bearer [ 129.558276][T10245] loop1: detected capacity change from 0 to 2048 [ 129.573920][T10245] EXT4-fs: Ignoring removed mblk_io_submit option [ 129.613721][T10245] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.890428][ T6421] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.479102][T10322] ÿÿÿÿÿÿ: renamed from vlan1 (while UP) [ 130.612639][T10333] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1456'. [ 130.626050][T10336] loop2: detected capacity change from 0 to 128 [ 130.643276][T10336] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 130.687128][T10343] loop3: detected capacity change from 0 to 1024 [ 130.733732][T10345] loop1: detected capacity change from 0 to 164 [ 130.753445][T10345] rock: corrupted directory entry. extent=28, offset=0, size=16777216 [ 130.756394][ T6427] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 130.862572][T10343] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 130.881810][ T6423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.252399][T10387] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1473'. [ 131.373962][ T30] kauditd_printk_skb: 78 callbacks suppressed [ 131.373980][ T30] audit: type=1326 audit(131.350:1760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10400 comm="syz.2.1478" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 131.379700][ T30] audit: type=1326 audit(131.350:1761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10400 comm="syz.2.1478" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 131.400008][ T30] audit: type=1326 audit(131.350:1762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10400 comm="syz.2.1478" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffb774facc code=0x7ffc0000 [ 131.417848][ T30] audit: type=1326 audit(131.350:1763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10400 comm="syz.2.1478" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=206 compat=0 ip=0xffffb774f9e8 code=0x7ffc0000 [ 131.682110][ T30] audit: type=1326 audit(131.660:1764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10400 comm="syz.2.1478" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=207 compat=0 ip=0xffffb774f8ec code=0x7ffc0000 [ 131.695723][ T30] audit: type=1326 audit(131.660:1765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10400 comm="syz.2.1478" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=207 compat=0 ip=0xffffb774f8ec code=0x7ffc0000 [ 131.708744][ T30] audit: type=1326 audit(131.660:1766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10400 comm="syz.2.1478" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=57 compat=0 ip=0xffffb774be5c code=0x7ffc0000 [ 131.735669][ T30] audit: type=1326 audit(131.660:1767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10400 comm="syz.2.1478" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 131.747782][ T30] audit: type=1326 audit(131.660:1768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10400 comm="syz.2.1478" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 132.002758][T10435] loop3: detected capacity change from 0 to 1764 [ 132.054711][T10441] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1488'. [ 132.143392][ T30] audit: type=1326 audit(132.090:1769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10443 comm="syz.5.1490" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb4d4d528 code=0x7ffc0000 [ 132.440758][T10472] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1499'. [ 132.940886][T10493] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1507'. [ 132.980050][T10495] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1509'. [ 133.122343][T10501] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1511'. [ 133.426366][T10535] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1527'. [ 133.738159][T10564] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1539'. [ 133.804626][T10568] pim6reg1: entered promiscuous mode [ 133.805941][T10568] pim6reg1: entered allmulticast mode [ 133.936665][T10570] netlink: 'syz.1.1542': attribute type 4 has an invalid length. [ 134.302970][T10585] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1548'. [ 134.695173][T10623] netlink: 'syz.2.1564': attribute type 21 has an invalid length. [ 134.702591][T10623] (unnamed net_device) (uninitialized): option lacp_active: invalid value (255) [ 134.946119][T10639] veth0_virt_wifi: entered promiscuous mode [ 134.989063][T10639] veth0_virt_wifi: left promiscuous mode [ 135.632045][T10697] __nla_validate_parse: 7 callbacks suppressed [ 135.632061][T10697] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1601'. [ 135.638067][T10697] 1ªX¹¦À: renamed from 60ªX¹¦À [ 135.669973][T10697] A link change request failed with some changes committed already. Interface 61ªX¹¦À may have been left with an inconsistent configuration, please check. [ 135.693144][T10703] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1604'. [ 135.750000][T10707] smc: net device bond0 applied user defined pnetid SYZ0 [ 135.753291][T10707] smc: net device bond0 erased user defined pnetid SYZ0 [ 135.783617][T10708] loop3: detected capacity change from 0 to 512 [ 135.820355][T10708] EXT4-fs (loop3): too many log groups per flexible block group [ 135.821988][T10708] EXT4-fs (loop3): failed to initialize mballoc (-12) [ 135.823482][T10708] EXT4-fs (loop3): mount failed [ 135.878914][T10721] loop0: detected capacity change from 0 to 1024 [ 135.883231][T10721] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 135.892680][T10721] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 135.892849][T10728] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1612'. [ 135.902832][T10721] EXT4-fs (loop0): orphan cleanup on readonly fs [ 135.915180][T10721] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5780: Corrupt filesystem [ 135.923634][T10721] EXT4-fs (loop0): Remounting filesystem read-only [ 135.934840][T10721] EXT4-fs (loop0): 1 orphan inode deleted [ 135.969980][T10721] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 135.970298][T10732] netlink: 165 bytes leftover after parsing attributes in process `syz.5.1614'. [ 136.075694][ T6422] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.381716][T10761] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1627'. [ 136.539825][ T30] kauditd_printk_skb: 154 callbacks suppressed [ 136.539842][ T30] audit: type=1326 audit(136.520:1920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10775 comm="syz.5.1635" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb4d4d528 code=0x7ffc0000 [ 136.555722][ T30] audit: type=1326 audit(136.520:1921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10775 comm="syz.5.1635" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb4d4d528 code=0x7ffc0000 [ 136.565059][ T30] audit: type=1326 audit(136.520:1922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10775 comm="syz.5.1635" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb4d4d528 code=0x7ffc0000 [ 136.586417][ T30] audit: type=1326 audit(136.520:1923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10775 comm="syz.5.1635" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb4d4d528 code=0x7ffc0000 [ 136.601123][ T30] audit: type=1326 audit(136.520:1924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10775 comm="syz.5.1635" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb4d4d528 code=0x7ffc0000 [ 136.615421][ T30] audit: type=1326 audit(136.520:1925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10775 comm="syz.5.1635" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb4d4d528 code=0x7ffc0000 [ 136.649302][ T30] audit: type=1326 audit(136.520:1926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10775 comm="syz.5.1635" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb4d4d528 code=0x7ffc0000 [ 136.659568][T10784] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1637'. [ 136.662321][ T30] audit: type=1326 audit(136.520:1927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10775 comm="syz.5.1635" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb4d4d528 code=0x7ffc0000 [ 136.696604][ T30] audit: type=1326 audit(136.520:1928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10775 comm="syz.5.1635" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb4d4d528 code=0x7ffc0000 [ 136.713096][ T30] audit: type=1326 audit(136.520:1929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10775 comm="syz.5.1635" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb4d4d528 code=0x7ffc0000 [ 136.784296][T10794] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1642'. [ 136.789327][T10794] x_tables: ip_tables: udp match: only valid for protocol 17 [ 136.944750][T10804] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1648'. [ 136.955045][T10804] macvlan4: entered promiscuous mode [ 136.958573][T10804] vlan1: entered promiscuous mode [ 137.151187][T10823] ipvlan0: entered promiscuous mode [ 137.152892][T10823] ipvlan0: left promiscuous mode [ 137.361872][T10835] netlink: 'syz.5.1659': attribute type 10 has an invalid length. [ 137.370393][T10828] netlink: 'syz.0.1656': attribute type 3 has an invalid length. [ 137.444529][T10839] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1660'. [ 137.446508][T10839] x_tables: ip_tables: udp match: only valid for protocol 17 [ 137.532958][T10845] loop2: detected capacity change from 0 to 512 [ 137.544074][T10845] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 137.548989][T10845] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 137.554249][T10845] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.1663: Corrupt directory, running e2fsck is recommended [ 137.563273][T10845] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 137.587080][T10845] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.1663: corrupted in-inode xattr: invalid ea_ino [ 137.633995][T10845] EXT4-fs (loop2): Remounting filesystem read-only [ 137.635852][T10845] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 137.670751][ T6427] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.688398][T10857] loop3: detected capacity change from 0 to 2048 [ 137.743447][T10857] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 137.774597][T10857] EXT4-fs error (device loop3): ext4_ext_precache:631: inode #2: comm syz.3.1667: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5) [ 137.822312][ T6423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.895672][T10873] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1674'. [ 137.897657][T10873] x_tables: ip_tables: udp match: only valid for protocol 17 [ 138.175490][T10901] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 1, id = 0 [ 138.176312][T10900] IPVS: stopping master sync thread 10901 ... [ 138.449705][ T27] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x4 [ 138.451426][ T27] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x2 [ 138.454215][ T27] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x3 [ 138.465924][ T27] hid-generic 0000:3000000:0000.0007: hidraw0: HID v0.00 Device [sy] on syz0 [ 138.503214][T10915] loop3: detected capacity change from 0 to 164 [ 138.527384][T10915] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 138.847646][T10928] IPv6: NLM_F_CREATE should be specified when creating new route [ 138.903335][T10932] loop2: detected capacity change from 0 to 1024 [ 138.926990][T10932] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 138.976401][ T6427] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.289138][ T6505] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 139.558916][ T6505] usb 1-1: Using ep0 maxpacket: 16 [ 139.565378][ T6505] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 139.567617][ T6505] usb 1-1: config 0 has no interfaces? [ 139.569031][ T6505] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 139.570854][ T6505] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.576472][ T6505] usb 1-1: config 0 descriptor?? [ 140.336956][ T6505] usb 1-1: USB disconnect, device number 3 [ 140.503633][T10991] pimreg: entered allmulticast mode [ 140.511320][T10991] pimreg: left allmulticast mode [ 140.526374][T10998] loop5: detected capacity change from 0 to 512 [ 140.560157][T10998] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 140.609219][T10998] EXT4-fs (loop5): Couldn't remount RDWR because of unprocessed orphan inode list. Please umount/remount instead [ 140.692139][ T8939] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.847789][T11005] netlink: 'syz.1.1729': attribute type 10 has an invalid length. [ 140.882369][T11005] geneve0: entered promiscuous mode [ 140.893388][T11005] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 141.305068][T11047] netlink: 'syz.3.1746': attribute type 13 has an invalid length. [ 141.342065][T11047] __nla_validate_parse: 5 callbacks suppressed [ 141.342082][T11047] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1746'. [ 141.345923][T11047] syz_tun: refused to change device tx_queue_len [ 141.347224][T11047] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 142.319961][T11066] loop1: detected capacity change from 0 to 128 [ 142.322221][T11066] EXT4-fs: Ignoring removed nobh option [ 142.331753][T11066] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 142.352027][T11068] loop5: detected capacity change from 0 to 164 [ 142.365693][T11068] ISOFS: unable to read i-node block [ 142.366867][T11068] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 142.370219][ T6421] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 142.477674][ T30] kauditd_printk_skb: 147 callbacks suppressed [ 142.477690][ T30] audit: type=1326 audit(142.450:2077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11078 comm="syz.2.1759" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 142.483776][ T30] audit: type=1326 audit(142.460:2078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11078 comm="syz.2.1759" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 142.493064][ T30] audit: type=1326 audit(142.470:2079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11078 comm="syz.2.1759" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 142.505702][ T30] audit: type=1326 audit(142.470:2080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11078 comm="syz.2.1759" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 142.514555][ T30] audit: type=1326 audit(142.470:2081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11078 comm="syz.2.1759" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 142.526514][T11082] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1758'. [ 142.545916][ T30] audit: type=1326 audit(142.470:2082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11078 comm="syz.2.1759" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 142.550509][ T30] audit: type=1326 audit(142.470:2083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11078 comm="syz.2.1759" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 142.554983][ T30] audit: type=1326 audit(142.470:2084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11078 comm="syz.2.1759" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 142.560610][ T30] audit: type=1326 audit(142.470:2085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11078 comm="syz.2.1759" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 142.565083][ T30] audit: type=1326 audit(142.470:2086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11078 comm="syz.2.1759" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 142.695893][T11091] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 142.877174][T11103] loop1: detected capacity change from 0 to 512 [ 143.236111][T11113] loop2: detected capacity change from 0 to 128 [ 143.242055][T11113] EXT4-fs: Ignoring removed nobh option [ 143.244057][T11114] x_tables: ip_tables: udp match: only valid for protocol 17 [ 143.254917][T11113] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 143.307802][ T6427] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 143.351030][T11103] EXT4-fs warning (device loop1): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 143.351636][T11117] x_tables: eb_tables: nflog.0 target: invalid size 80 (kernel) != (user) 0 [ 143.354343][T11103] EXT4-fs (loop1): mount failed [ 143.484454][T11132] loop2: detected capacity change from 0 to 164 [ 143.530297][T11132] Unable to read rock-ridge attributes [ 143.532852][T11132] Unable to read rock-ridge attributes [ 143.649297][T11142] loop3: detected capacity change from 0 to 256 [ 144.126234][T11176] loop0: detected capacity change from 0 to 2048 [ 144.167547][T11180] x_tables: ip_tables: udp match: only valid for protocol 17 [ 144.202716][ T9706] Alternate GPT is invalid, using primary GPT. [ 144.204123][ T9706] loop0: p1 p2 p3 [ 144.208145][T11183] netlink: 'syz.3.1803': attribute type 10 has an invalid length. [ 144.234141][T11183] team0: Device hsr_slave_0 failed to register rx_handler [ 144.337021][T11186] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1806'. [ 144.341996][T11176] Alternate GPT is invalid, using primary GPT. [ 144.343396][T11176] loop0: p1 p2 p3 [ 144.363440][T11186] ksmbd: Unknown IPC event: 3, ignore. [ 144.414439][ T9708] udevd[9708]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 144.444108][ T9174] udevd[9174]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 144.451491][ T9177] udevd[9177]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 144.486219][ T9177] udevd[9177]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 144.498114][ T9174] udevd[9174]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 144.504395][ T9706] udevd[9706]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 145.262654][T11218] x_tables: ip_tables: udp match: only valid for protocol 17 [ 155.854062][T11246] x_tables: ip_tables: udp match: only valid for protocol 17 [ 155.866946][T11247] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1826'. [ 156.381894][T11254] vlan3: entered promiscuous mode [ 156.383194][T11254] geneve1: entered promiscuous mode [ 156.456245][ T30] kauditd_printk_skb: 39 callbacks suppressed [ 156.456301][ T30] audit: type=1326 audit(156.430:2125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11262 comm="syz.1.1834" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 156.463087][ T30] audit: type=1326 audit(156.430:2126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11262 comm="syz.1.1834" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 156.468200][ T30] audit: type=1326 audit(156.430:2127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11262 comm="syz.1.1834" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=147 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 156.474120][ T30] audit: type=1326 audit(156.430:2128): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=_ pid=11262 comm="syz.1.1834" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 156.479274][ T30] audit: type=1326 audit(156.430:2129): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=_ pid=11262 comm="syz.1.1834" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 156.573014][T11269] netlink: 332 bytes leftover after parsing attributes in process `syz.5.1837'. [ 156.580611][T11269] netlink: 'syz.5.1837': attribute type 9 has an invalid length. [ 156.588097][T11269] netlink: 108 bytes leftover after parsing attributes in process `syz.5.1837'. [ 156.595865][T11269] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1837'. [ 156.641191][T11277] x_tables: ip_tables: udp match: only valid for protocol 17 [ 156.800949][ T30] audit: type=1326 audit(156.780:2130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11282 comm="GPL" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 156.811724][ T30] audit: type=1326 audit(156.780:2131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11282 comm="GPL" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 156.821112][T11283] loop2: detected capacity change from 0 to 512 [ 156.822741][ T30] audit: type=1326 audit(156.780:2132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11282 comm="GPL" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 156.827653][T11283] ext4: Unknown parameter 'dont_hash' [ 156.837250][ T30] audit: type=1326 audit(156.780:2133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11282 comm="GPL" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 156.847403][ T30] audit: type=1326 audit(156.780:2134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11282 comm="GPL" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb774d528 code=0x7ffc0000 [ 156.904676][T11287] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1842'. [ 156.906774][T11287] bridge_slave_1: left allmulticast mode [ 156.907918][T11287] bridge_slave_1: left promiscuous mode [ 156.928837][T11287] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.950028][T11287] bridge_slave_0: left allmulticast mode [ 156.951393][T11287] bridge_slave_0: left promiscuous mode [ 156.952667][T11287] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.205425][T11302] x_tables: ip_tables: udp match: only valid for protocol 17 [ 157.226083][T11304] loop5: detected capacity change from 0 to 128 [ 157.516947][T11321] usb usb1: usbfs: process 11321 (syz.2.1860) did not claim interface 0 before use [ 157.825286][T11342] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.836551][T11342] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.838087][T11342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.904439][T11349] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1874'. [ 157.934090][T11351] loop2: detected capacity change from 0 to 1024 [ 157.945093][T11328] loop5: detected capacity change from 0 to 32768 [ 157.984297][T11351] EXT4-fs warning (device loop2): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 157.991027][T11328] loop5: p1 p2 p3 < > [ 157.993910][T11328] loop5: p1 size 242222080 extends beyond EOD, truncated [ 158.001088][T11351] EXT4-fs (loop2): mount failed [ 158.016824][T11328] loop5: p2 start 4294967295 is beyond EOD, truncated [ 158.109418][T11365] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1879'. [ 158.221477][T11376] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1884'. [ 158.287198][T11378] loop5: detected capacity change from 0 to 2048 [ 158.355797][T11378] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 158.413219][T11399] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 158.432282][T11399] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 158.454884][T11358] udevd[11358]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 158.470010][T11364] udevd[11364]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 158.507017][T11406] vhci_hcd: invalid port number 36 [ 158.511417][T11406] vhci_hcd: default hub control req: d301 v0209 i0024 l1 [ 158.512049][ T8939] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.927906][T11442] xt_CT: You must specify a L4 protocol and not use inversions on it [ 159.095195][T11450] bridge0: port 3(vlan1) entered blocking state [ 159.102928][T11450] bridge0: port 3(vlan1) entered disabled state [ 159.106677][T11450] vlan1: entered allmulticast mode [ 159.125844][T11450] vlan1: left allmulticast mode [ 159.374432][T11465] loop3: detected capacity change from 0 to 164 [ 159.413948][T11465] Unable to read rock-ridge attributes [ 159.429513][T11465] Unable to read rock-ridge attributes [ 161.423033][T11519] loop5: detected capacity change from 0 to 512 [ 162.256156][T11561] loop5: detected capacity change from 0 to 512 [ 162.259688][T11561] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' [ 162.270835][T11561] EXT4-fs: error: could not find journal device path [ 162.669772][ T30] kauditd_printk_skb: 205 callbacks suppressed [ 162.669787][ T30] audit: type=1326 audit(162.650:2340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11582 comm="syz.3.1972" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9254d528 code=0x7ffc0000 [ 162.685653][ T30] audit: type=1326 audit(162.650:2341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11582 comm="syz.3.1972" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9254d528 code=0x7ffc0000 [ 162.696034][ T30] audit: type=1326 audit(162.650:2342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11582 comm="syz.3.1972" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=227 compat=0 ip=0xffff9254d528 code=0x7ffc0000 [ 162.713998][ T30] audit: type=1326 audit(162.650:2343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11582 comm="syz.3.1972" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9254d528 code=0x7ffc0000 [ 162.733688][ T30] audit: type=1326 audit(162.650:2344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11582 comm="syz.3.1972" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9254d528 code=0x7ffc0000 [ 162.738299][ T30] audit: type=1326 audit(162.690:2345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11586 comm="syz.1.1973" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 162.769192][ T30] audit: type=1326 audit(162.690:2346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11586 comm="syz.1.1973" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 162.773525][ T30] audit: type=1326 audit(162.700:2347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11586 comm="syz.1.1973" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=25 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 162.798776][ T30] audit: type=1326 audit(162.700:2348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11586 comm="syz.1.1973" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 162.803266][ T30] audit: type=1326 audit(162.700:2349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11586 comm="syz.1.1973" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 162.811574][T11567] bond0: (slave bridge0): Releasing backup interface [ 162.864823][T11567] bridge_slave_0: left allmulticast mode [ 162.871805][T11567] bridge_slave_0: left promiscuous mode [ 162.874853][T11567] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.878384][T11567] bridge_slave_1: left allmulticast mode [ 162.881468][T11567] bridge_slave_1: left promiscuous mode [ 162.882949][T11567] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.887148][T11567] bond0: (slave bond_slave_0): Releasing backup interface [ 162.935997][T11567] bond0: (slave bond_slave_1): Releasing backup interface [ 163.005846][T11567] team0: Port device team_slave_0 removed [ 163.015225][T11567] team0: Port device team_slave_1 removed [ 163.020405][T11567] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.024250][T11567] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 163.027946][T11567] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 163.031619][T11567] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.389917][T11616] loop2: detected capacity change from 0 to 512 [ 163.406892][T11616] EXT4-fs error (device loop2): ext4_expand_extra_isize_ea:2813: inode #11: comm syz.2.1985: corrupted xattr block 95: invalid header [ 163.412784][T11616] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.1985: bg 0: block 7: invalid block bitmap [ 163.420755][T11616] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 163.427375][T11616] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2977: inode #11: comm syz.2.1985: corrupted xattr block 95: invalid header [ 163.455961][T11616] EXT4-fs warning (device loop2): ext4_evict_inode:276: xattr delete (err -117) [ 163.481113][T11616] EXT4-fs (loop2): 1 orphan inode deleted [ 163.482832][T11616] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 163.548500][ T6427] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.863052][ T6430] Bluetooth: hci1: command 0x0406 tx timeout [ 163.864419][ T6430] Bluetooth: hci4: command 0x0406 tx timeout [ 163.865698][ T6430] Bluetooth: hci2: command 0x0406 tx timeout [ 163.867122][ T6438] Bluetooth: hci0: command 0x0406 tx timeout [ 163.913790][T11646] loop2: detected capacity change from 0 to 128 [ 164.020094][T11646] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 164.045453][T11646] EXT4-fs: Ignoring removed orlov option [ 164.089606][T11646] EXT4-fs (loop2): can't enable nombcache during remount [ 164.203861][ T6427] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 164.260047][T11675] loop2: detected capacity change from 0 to 512 [ 164.266334][T11675] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 164.335638][T11675] EXT4-fs (loop2): 1 truncate cleaned up [ 164.337251][T11675] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 164.358103][T11681] loop3: detected capacity change from 0 to 1024 [ 164.364098][T11681] EXT4-fs: Ignoring removed orlov option [ 164.366065][T11681] EXT4-fs: Ignoring removed nobh option [ 164.424364][ T6427] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 164.426143][T11691] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2018'. [ 164.427926][T11681] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 164.596667][T11702] bond1: entered promiscuous mode [ 164.597711][T11702] bond1: entered allmulticast mode [ 164.599086][T11702] 8021q: adding VLAN 0 to HW filter on device bond1 [ 165.268087][ T6423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.330723][T11702] bond1 (unregistering): Released all slaves [ 165.343874][T11712] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2025'. [ 165.473269][T11725] vlan0: entered promiscuous mode [ 165.474376][T11725] geneve1: entered promiscuous mode [ 165.688286][T11745] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2039'. [ 165.765031][T11751] netlink: 140 bytes leftover after parsing attributes in process `+}[@'. [ 165.851937][T11760] loop5: detected capacity change from 0 to 128 [ 165.862320][T11760] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 165.894131][ T8939] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 166.011551][T11776] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2056'. [ 166.061968][T11783] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2058'. [ 166.192883][T11794] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 166.195163][T11794] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 166.326012][T11805] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2067'. [ 166.399881][T11811] loop3: detected capacity change from 0 to 164 [ 166.410603][T11811] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 166.573053][T11824] xt_hashlimit: max too large, truncated to 1048576 [ 166.638243][T11824] loop3: detected capacity change from 0 to 512 [ 166.661890][T11830] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2079'. [ 166.667663][T11824] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 166.670858][T11824] EXT4-fs (loop3): orphan cleanup on readonly fs [ 166.678220][T11824] EXT4-fs warning (device loop3): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 166.696461][T11824] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 166.706318][T11824] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2076: bg 0: block 40: padding at end of block bitmap is not set [ 166.727617][T11824] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 166.736483][T11824] EXT4-fs (loop3): 1 truncate cleaned up [ 166.738209][T11824] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 166.756685][T11824] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #16: comm syz.3.2076: corrupted xattr block 31: invalid header [ 166.771057][T11824] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #16: comm syz.3.2076: corrupted xattr block 31: invalid header [ 166.774229][T11824] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #16: comm syz.3.2076: corrupted xattr block 31: invalid header [ 166.816582][ T6423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.866561][T11841] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2083'. [ 167.020919][T11846] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2085'. [ 177.949723][T11846] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 177.951745][T11846] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 178.116025][T11873] netlink: '+}[@': attribute type 153 has an invalid length. [ 178.324633][T11890] ieee802154 phy0 wpan0: encryption failed: -22 [ 178.328435][T11890] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2101'. [ 178.592078][ T30] kauditd_printk_skb: 52 callbacks suppressed [ 178.592095][ T30] audit: type=1326 audit(178.570:2401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11901 comm="syz.0.2107" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 178.599978][ T30] audit: type=1326 audit(178.570:2402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11901 comm="syz.0.2107" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 178.613891][ T30] audit: type=1326 audit(178.570:2403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11901 comm="syz.0.2107" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=158 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 178.622377][ T30] audit: type=1326 audit(178.570:2404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11901 comm="syz.0.2107" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 178.627196][ T30] audit: type=1326 audit(178.570:2405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11901 comm="syz.0.2107" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 178.970291][T11915] loop3: detected capacity change from 0 to 8192 [ 179.142904][T11919] netlink: 100 bytes leftover after parsing attributes in process `syz.3.2113'. [ 179.163548][T11921] loop2: detected capacity change from 0 to 512 [ 179.166172][T11921] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 179.184657][T11921] EXT4-fs error (device loop2): ext4_orphan_get:1388: inode #17: comm syz.2.2114: iget: bad i_size value: -6917529027641081756 [ 179.188006][T11921] EXT4-fs error (device loop2): ext4_orphan_get:1393: comm syz.2.2114: couldn't read orphan inode 17 (err -117) [ 179.195075][T11921] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 179.236154][ T6427] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.484468][T11950] serio: Serial port ptm0 [ 179.527851][T11953] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 179.547626][T11956] bond2: entered promiscuous mode [ 179.549915][T11956] bond2: entered allmulticast mode [ 179.551530][T11956] 8021q: adding VLAN 0 to HW filter on device bond2 [ 179.779445][ T30] audit: type=1326 audit(179.760:2406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11971 comm="syz.3.2134" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9254d528 code=0x7ffc0000 [ 179.783832][ T30] audit: type=1326 audit(179.760:2407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11971 comm="syz.3.2134" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9254d528 code=0x7ffc0000 [ 179.788323][ T30] audit: type=1326 audit(179.760:2408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11971 comm="syz.3.2134" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=210 compat=0 ip=0xffff9254d528 code=0x7ffc0000 [ 179.799670][ T30] audit: type=1326 audit(179.760:2409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11971 comm="syz.3.2134" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9254d528 code=0x7ffc0000 [ 179.917643][T11975] loop3: detected capacity change from 0 to 164 [ 180.270550][T11956] bond2 (unregistering): Released all slaves [ 180.292846][T11979] hsr0: entered promiscuous mode [ 180.294211][T11979] macsec2: entered allmulticast mode [ 180.295312][T11979] hsr0: entered allmulticast mode [ 180.297638][T11979] hsr_slave_0: entered allmulticast mode [ 180.301499][T11979] hsr_slave_1: entered allmulticast mode [ 180.305743][T11979] hsr0: left allmulticast mode [ 180.307030][T11979] hsr_slave_0: left allmulticast mode [ 180.308402][T11979] hsr_slave_1: left allmulticast mode [ 180.477369][ T30] audit: type=1107 audit(180.450:2410): pid=11985 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='Â' [ 180.537578][T11992] loop2: detected capacity change from 0 to 512 [ 180.565869][T11992] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 180.568180][T11994] loop5: detected capacity change from 0 to 512 [ 180.588255][T11994] EXT4-fs error (device loop5): ext4_orphan_get:1388: inode #15: comm syz.5.2143: casefold flag without casefold feature [ 180.595759][T11994] EXT4-fs error (device loop5): ext4_orphan_get:1393: comm syz.5.2143: couldn't read orphan inode 15 (err -117) [ 180.599072][T11994] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 180.733437][ T6427] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.736416][ T8939] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.824040][T12019] loop2: detected capacity change from 0 to 128 [ 180.825970][T12019] EXT4-fs: Ignoring removed bh option [ 180.835800][T12023] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2153'. [ 180.838116][T12023] netlink: 'syz.3.2153': attribute type 10 has an invalid length. [ 180.858199][T12019] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 180.889212][T12023] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 181.758542][T12040] loop5: detected capacity change from 0 to 512 [ 181.766219][T12040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 181.808029][T12047] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2159'. [ 181.810076][T12047] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2159'. [ 181.825840][T12040] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 181.849071][ T6427] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 181.929903][T12040] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a85ec028, mo2=0002] [ 181.931686][T12040] System zones: 0-2, 18-18, 34-34 [ 181.976206][T12040] EXT4-fs warning (device loop5): ext4_update_dynamic_rev:1138: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 181.993657][T12067] netlink: 240 bytes leftover after parsing attributes in process `syz.2.2161'. [ 182.007606][T12040] EXT4-fs (loop5): 1 truncate cleaned up [ 182.010631][T12040] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 182.106427][T12073] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2172'. [ 182.108240][T12073] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2172'. [ 182.135205][T12082] loop3: detected capacity change from 0 to 1024 [ 182.137058][T12082] EXT4-fs: Ignoring removed nobh option [ 182.153935][T12082] EXT4-fs: Ignoring removed orlov option [ 182.155332][ T8939] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.325525][T12082] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 182.395896][T12090] syzkaller1: entered promiscuous mode [ 182.405547][T12090] syzkaller1: entered allmulticast mode [ 182.444035][ T6423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.758011][T12099] loop2: detected capacity change from 0 to 512 [ 182.824733][T12099] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 183.086484][ T6427] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.153403][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 183.362667][T12134] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 183.532254][T12145] loop3: detected capacity change from 0 to 512 [ 183.565340][T12145] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 183.599832][T12145] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 183.610326][ T30] kauditd_printk_skb: 144 callbacks suppressed [ 183.610342][ T30] audit: type=1326 audit(183.590:2555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12154 comm="syz.0.2206" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 183.630990][ T6423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.634140][ T30] audit: type=1326 audit(183.590:2556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12154 comm="syz.0.2206" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 183.638301][ T30] audit: type=1326 audit(183.590:2557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12154 comm="syz.0.2206" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=435 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 183.688671][ T30] audit: type=1326 audit(183.660:2558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12156 comm="syz.0.2206" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=115 compat=0 ip=0xffff9c978618 code=0x7ffc0000 [ 183.701675][ T30] audit: type=1326 audit(183.660:2559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12154 comm="syz.0.2206" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 183.716389][ T30] audit: type=1326 audit(183.660:2560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12154 comm="syz.0.2206" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 183.818146][ T30] audit: type=1326 audit(183.790:2561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12167 comm="syz.0.2213" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 183.828720][ T30] audit: type=1326 audit(183.790:2562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12167 comm="syz.0.2213" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 183.839481][ T30] audit: type=1326 audit(183.790:2563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12167 comm="syz.0.2213" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 183.843792][ T30] audit: type=1326 audit(183.790:2564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12167 comm="syz.0.2213" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c94d528 code=0x7ffc0000 [ 183.861862][T12169] loop3: detected capacity change from 0 to 512 [ 183.890933][T12169] EXT4-fs: Ignoring removed bh option [ 183.895424][T12169] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 183.918255][T12169] EXT4-fs (loop3): 1 truncate cleaned up [ 183.926354][T12169] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 184.016101][T12188] netlink: 'syz.5.2222': attribute type 1 has an invalid length. [ 184.059725][ T6423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.062769][T12186] netlink: 'syz.2.2221': attribute type 10 has an invalid length. [ 184.117091][T12186] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.138169][T12186] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 184.140443][T12195] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 184.141885][T12195] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 184.144096][T12195] vhci_hcd vhci_hcd.0: Device attached [ 184.151779][T12196] vhci_hcd: connection closed [ 184.160404][ T200] vhci_hcd: stop threads [ 184.162416][ T200] vhci_hcd: release socket [ 184.163350][ T200] vhci_hcd: disconnect device [ 184.267330][T12209] sctp: [Deprecated]: syz.1.2230 (pid 12209) Use of struct sctp_assoc_value in delayed_ack socket option. [ 184.267330][T12209] Use struct sctp_sack_info instead [ 184.363203][T12218] netlink: 'syz.3.2234': attribute type 10 has an invalid length. [ 184.453286][T12227] loop3: detected capacity change from 0 to 128 [ 184.466573][T12230] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 184.468307][T12230] IPv6: NLM_F_CREATE should be set when creating new route [ 184.715757][T12249] tipc: New replicast peer: 255.255.255.255 [ 184.717432][T12249] tipc: Enabled bearer , priority 10 [ 184.784654][T12255] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2247'. [ 184.796628][T12253] loop5: detected capacity change from 0 to 512 [ 184.804449][T12253] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 184.807601][T12253] EXT4-fs (loop5): orphan cleanup on readonly fs [ 184.817168][T12253] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.2251: bg 0: block 248: padding at end of block bitmap is not set [ 184.823051][T12253] EXT4-fs error (device loop5): ext4_acquire_dquot:6879: comm syz.5.2251: Failed to acquire dquot type 1 [ 184.838132][T12253] EXT4-fs (loop5): 1 truncate cleaned up [ 184.845892][T12253] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 184.910595][ T8939] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.993692][T12265] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2255'. [ 185.051097][T12273] wireguard0: entered promiscuous mode [ 185.052408][T12273] wireguard0: entered allmulticast mode [ 185.262362][T12289] loop3: detected capacity change from 0 to 512 [ 185.273215][T12294] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2268'. [ 185.353549][T12289] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.2266: couldn't read orphan inode 26 (err -116) [ 185.356724][T12289] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 185.387536][T12304] bridge0: port 3(vlan2) entered blocking state [ 185.389113][T12304] bridge0: port 3(vlan2) entered disabled state [ 185.390501][T12304] vlan2: entered allmulticast mode [ 185.419700][T12304] vlan2: left allmulticast mode [ 185.431769][ T6423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 185.560054][T12312] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2277'. [ 185.585052][T12319] Invalid ELF header magic: != ELF [ 185.733525][T12330] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2283'. [ 185.828850][ T27] tipc: Node number set to 1383635440 [ 185.842903][T12339] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2285'. [ 186.225283][T12358] syzkaller0: refused to change device tx_queue_len [ 186.534050][T12372] netlink: 332 bytes leftover after parsing attributes in process `syz.0.2301'. [ 186.877822][T12401] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2314'. [ 186.998149][T12413] loop5: detected capacity change from 0 to 128 [ 187.212273][T12426] loop3: detected capacity change from 0 to 2048 [ 187.256072][T12426] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 187.373770][ T6423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.389120][ T2344] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.421120][ T27] IPVS: starting estimator thread 0... [ 187.472721][T12457] IPVS: stopping master sync thread 12458 ... [ 187.508818][T12455] IPVS: using max 26 ests per chain, 62400 per kthread [ 187.535268][T12462] loop5: detected capacity change from 0 to 2048 [ 187.562564][T12462] EXT4-fs (loop5): failed to initialize system zone (-117) [ 187.565395][T12462] EXT4-fs (loop5): mount failed [ 187.665643][T12475] IPv6: NLM_F_CREATE should be specified when creating new route [ 187.755475][T12482] loop3: detected capacity change from 0 to 512 [ 187.809206][T12482] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 187.822364][T12489] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2349'. [ 187.860364][T12482] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 187.907225][T12482] 9pnet_fd: Insufficient options for proto=fd [ 187.962427][T12498] rdma_op 00000000cc007f1f conn xmit_rdma 0000000000000000 [ 187.964584][ T6423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.252420][T12518] netlink: 1100 bytes leftover after parsing attributes in process `syz.5.2364'. [ 188.297950][T12525] loop3: detected capacity change from 0 to 512 [ 188.312565][T12528] loop5: detected capacity change from 0 to 128 [ 188.319850][T12525] ext4: Bad value for 'barrier' [ 188.801307][ T30] kauditd_printk_skb: 161 callbacks suppressed [ 188.801325][ T30] audit: type=1326 audit(188.780:2724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12558 comm="syz.1.2384" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 188.820307][ T30] audit: type=1326 audit(188.780:2725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12558 comm="syz.1.2384" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 188.827371][ T30] audit: type=1326 audit(188.780:2726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12558 comm="syz.1.2384" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 188.839419][ T30] audit: type=1326 audit(188.780:2727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12558 comm="syz.1.2384" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 188.843773][ T30] audit: type=1326 audit(188.780:2728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12558 comm="syz.1.2384" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 188.850115][ T30] audit: type=1326 audit(188.780:2729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12558 comm="syz.1.2384" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 188.854646][ T30] audit: type=1326 audit(188.780:2730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12558 comm="syz.1.2384" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 188.859076][ T30] audit: type=1326 audit(188.780:2731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12558 comm="syz.1.2384" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 188.863802][ T30] audit: type=1326 audit(188.780:2732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12558 comm="syz.1.2384" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 188.868172][ T30] audit: type=1326 audit(188.780:2733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12558 comm="syz.1.2384" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 189.855685][T12599] __nla_validate_parse: 1 callbacks suppressed [ 189.855703][T12599] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2396'. [ 200.443124][T12612] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 200.498758][ T25] IPVS: starting estimator thread 0... [ 200.550427][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 200.550444][ T30] audit: type=1326 audit(200.500:2739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12624 comm="syz.1.2405" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 200.561488][ T30] audit: type=1326 audit(200.500:2740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12624 comm="syz.1.2405" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 200.565831][ T30] audit: type=1326 audit(200.500:2741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12624 comm="syz.1.2405" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 200.581669][T12629] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2407'. [ 200.598466][ T30] audit: type=1326 audit(200.500:2742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12624 comm="syz.1.2405" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 200.608700][ T30] audit: type=1326 audit(200.500:2743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12624 comm="syz.1.2405" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 200.613036][ T30] audit: type=1326 audit(200.500:2744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12624 comm="syz.1.2405" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 200.616997][ T30] audit: type=1326 audit(200.500:2745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12624 comm="syz.1.2405" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 200.640439][T12620] IPVS: using max 26 ests per chain, 62400 per kthread [ 200.654083][ T30] audit: type=1326 audit(200.500:2746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12624 comm="syz.1.2405" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 200.658470][ T30] audit: type=1326 audit(200.500:2747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12624 comm="syz.1.2405" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 200.678084][ T30] audit: type=1326 audit(200.500:2748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12624 comm="syz.1.2405" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 200.763708][T12645] loop2: detected capacity change from 0 to 512 [ 200.803404][T12645] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.916964][ T6427] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.991853][T12654] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2417'. [ 201.227818][T12682] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2426'. [ 201.409584][T12701] netlink: 'syz.2.2433': attribute type 3 has an invalid length. [ 201.488457][T12710] loop5: detected capacity change from 0 to 164 [ 201.497665][T12710] rock: corrupted directory entry. extent=28, offset=0, size=16777216 [ 201.527136][T12715] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.2437'. [ 201.590395][T12715] bridge_slave_0: left allmulticast mode [ 201.591533][T12715] bridge_slave_0: left promiscuous mode [ 201.619972][T12715] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.679904][T12715] bridge_slave_1: left allmulticast mode [ 201.684374][T12715] bridge_slave_1: left promiscuous mode [ 201.685709][T12715] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.727481][T12715] bond0: (slave bond_slave_0): Releasing backup interface [ 201.766571][T12715] bond0: (slave bond_slave_1): Releasing backup interface [ 201.860849][T12715] team0: Port device team_slave_0 removed [ 201.874586][T12715] team0: Port device team_slave_1 removed [ 201.876566][T12715] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 201.886615][T12715] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 201.891617][T12715] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 201.893214][T12715] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 201.915242][T12715] bond0: (slave geneve0): Releasing backup interface [ 202.058208][T12758] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 202.065822][T12758] vhci_hcd: default hub control req: 8500 v0000 i0000 l0 [ 202.109433][T12747] netpci0: tun_chr_ioctl cmd 1074025692 [ 202.264908][T12779] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2459'. [ 202.350650][T12784] netlink: 268 bytes leftover after parsing attributes in process `syz.5.2462'. [ 202.444373][T12788] wg2: entered promiscuous mode [ 202.445491][T12788] wg2: entered allmulticast mode [ 202.447806][T12786] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 202.458984][T12786] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 202.554596][T12807] batadv_slave_1: entered promiscuous mode [ 202.556443][T12807] batadv_slave_1: left promiscuous mode [ 202.646078][T12811] loop2: detected capacity change from 0 to 2048 [ 202.697863][T12811] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a842c018, mo2=0102] [ 202.699946][T12811] System zones: 0-7 [ 202.702359][T12811] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 202.715944][T12811] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 202.721878][T12811] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 15 with max blocks 1 with error 28 [ 202.724692][T12811] EXT4-fs (loop2): This should not happen!! Data will be lost [ 202.724692][T12811] [ 202.726809][T12811] EXT4-fs (loop2): Total free blocks count 0 [ 202.728190][T12811] EXT4-fs (loop2): Free/Dirty block details [ 202.729605][T12811] EXT4-fs (loop2): free_blocks=2415919104 [ 202.730948][T12811] EXT4-fs (loop2): dirty_blocks=16 [ 202.732244][T12811] EXT4-fs (loop2): Block reservation details [ 202.733647][T12811] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 202.738002][T12811] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 202.808823][T12811] EXT4-fs error (device loop2): __ext4_remount:6522: comm syz.2.2473: Abort forced by user [ 202.967326][T12835] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2480'. [ 202.968549][T12833] netlink: 'syz.0.2481': attribute type 3 has an invalid length. [ 203.074760][T12843] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2485'. [ 203.441372][T12873] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2500'. [ 203.621134][T12888] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 203.624837][T12888] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 203.627779][T12888] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 203.654080][T12890] loop2: detected capacity change from 0 to 256 [ 203.680441][T12890] FAT-fs (loop2): bogus number of FAT sectors [ 203.683051][T12890] FAT-fs (loop2): Can't find a valid FAT filesystem [ 203.962475][T12910] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2517'. [ 204.302792][T12945] loop5: detected capacity change from 0 to 512 [ 204.374535][T12945] EXT4-fs error (device loop5): ext4_orphan_get:1388: inode #15: comm syz.5.2531: iget: bad extended attribute block 1 [ 204.377679][T12945] EXT4-fs error (device loop5): ext4_orphan_get:1393: comm syz.5.2531: couldn't read orphan inode 15 (err -117) [ 204.389937][T12945] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 204.397613][T12950] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 204.403178][T12950] xt_SECMARK: unable to map security context 'system_u:object_r:dbusd_etc_t:s0' [ 204.514183][ T8939] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.950054][T12991] loop2: detected capacity change from 0 to 128 [ 205.015065][T12993] vlan4: entered promiscuous mode [ 205.180166][T13007] loop5: detected capacity change from 0 to 512 [ 205.193700][T13007] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 205.216741][T13007] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 205.218446][T13007] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e118, mo2=0002] [ 205.220536][T13007] System zones: 0-1, 15-15, 18-18, 34-34 [ 205.221856][T13007] EXT4-fs (loop5): orphan cleanup on readonly fs [ 205.223402][T13007] EXT4-fs warning (device loop5): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 205.226239][T13007] EXT4-fs (loop5): Cannot turn on quotas: error -22 [ 205.230290][T13007] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.2557: bg 0: block 40: padding at end of block bitmap is not set [ 205.234849][T13007] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 205.237118][T13007] EXT4-fs (loop5): 1 truncate cleaned up [ 205.238879][T13007] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 205.244911][T13007] EXT4-fs (loop5): shut down requested (1) [ 205.266819][ T8939] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.306183][T13015] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 205.310809][T13015] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 205.349179][T13018] netlink: 'syz.3.2560': attribute type 3 has an invalid length. [ 205.353907][T13018] netlink: 'syz.3.2560': attribute type 3 has an invalid length. [ 205.457283][T13027] sch_tbf: burst 0 is lower than device lo mtu (14) ! [ 205.609774][ T30] kauditd_printk_skb: 79 callbacks suppressed [ 205.609792][ T30] audit: type=1326 audit(2765.587:2827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13035 comm=34B9DF737F exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 205.615058][ T30] audit: type=1326 audit(2765.587:2828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13035 comm=34B9DF737F exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 205.619386][ T30] audit: type=1326 audit(2765.587:2829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13035 comm=34B9DF737F exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 205.623753][ T30] audit: type=1326 audit(2765.587:2830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13035 comm=34B9DF737F exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 205.628139][ T30] audit: type=1326 audit(2765.587:2831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13035 comm=34B9DF737F exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 205.647112][ T30] audit: type=1326 audit(2765.587:2832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13035 comm=34B9DF737F exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=0 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 205.656926][ T30] audit: type=1326 audit(2765.587:2833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13035 comm=34B9DF737F exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 205.665585][ T30] audit: type=1326 audit(2765.587:2834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13035 comm=34B9DF737F exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 205.681913][ T30] audit: type=1326 audit(2765.587:2835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13035 comm=34B9DF737F exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=4 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 205.692113][ T30] audit: type=1326 audit(2765.637:2836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13035 comm=34B9DF737F exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8614d528 code=0x7ffc0000 [ 205.840884][T13059] __nla_validate_parse: 11 callbacks suppressed [ 205.840903][T13059] netlink: 8 bytes leftover after parsing attributes in process `+}[@'. [ 205.844563][T13059] IPVS: Error joining to the multicast group [ 205.943371][T13066] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2583'. [ 205.945518][T13066] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2583'. [ 205.991048][T13066] gretap0: entered promiscuous mode [ 206.022758][T13066] batadv_slave_1: entered promiscuous mode [ 206.070042][T13066] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 206.072117][T13066] Cannot create hsr debugfs directory [ 206.302285][T13090] bond0: (slave dummy0): Releasing backup interface [ 206.307256][T13097] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2595'. [ 206.360096][T13099] pim6reg1: entered promiscuous mode [ 206.361598][T13099] pim6reg1: entered allmulticast mode [ 206.547604][T13107] netlink: 116 bytes leftover after parsing attributes in process `syz.2.2600'. [ 206.639250][ T6431] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 206.643669][ T6431] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 206.647768][ T6431] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 206.663224][ T6431] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 206.666817][ T6431] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 206.668257][T13113] loop5: detected capacity change from 0 to 512 [ 206.675553][ T6431] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 206.680168][T13113] EXT4-fs: inline encryption not supported [ 206.712854][T13113] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 206.734843][T13113] EXT4-fs error (device loop5): ext4_do_update_inode:5121: inode #2: comm syz.5.2602: corrupted inode contents [ 206.756437][T13113] EXT4-fs error (device loop5): ext4_dirty_inode:5984: inode #2: comm syz.5.2602: mark_inode_dirty error [ 206.773039][T13113] EXT4-fs error (device loop5): ext4_do_update_inode:5121: inode #2: comm syz.5.2602: corrupted inode contents [ 206.782124][T13113] EXT4-fs error (device loop5): __ext4_ext_dirty:207: inode #2: comm syz.5.2602: mark_inode_dirty error [ 206.828508][ T8939] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.864746][T13126] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2606'. [ 206.877883][T13124] vlan2: entered promiscuous mode [ 206.884304][T13124] geneve1: entered promiscuous mode [ 206.971735][T13110] chnl_net:caif_netlink_parms(): no params data found [ 207.059894][T13110] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.061565][T13110] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.070215][T13110] bridge_slave_0: entered allmulticast mode [ 207.072772][T13110] bridge_slave_0: entered promiscuous mode [ 207.075217][T13110] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.076743][T13110] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.078273][T13110] bridge_slave_1: entered allmulticast mode [ 207.081115][T13110] bridge_slave_1: entered promiscuous mode [ 207.141678][T13110] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.145175][T13110] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.199289][T13152] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2616'. [ 207.234913][T13110] team0: Port device team_slave_0 added [ 207.239511][T13110] team0: Port device team_slave_1 added [ 207.253174][T13110] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 207.254748][T13110] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.260636][T13110] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 207.264152][T13110] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 207.265760][T13110] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.272016][T13110] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 207.430376][T13110] hsr_slave_0: entered promiscuous mode [ 207.485498][T13110] hsr_slave_1: entered promiscuous mode [ 207.760970][T13110] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 207.818087][T13110] Cannot create hsr debugfs directory [ 208.312073][T13181] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2626'. [ 208.740788][ T5989] Bluetooth: hci5: command tx timeout [ 209.006387][T13110] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.141304][T13110] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.261439][T13110] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.275308][T13205] loop2: detected capacity change from 0 to 256 [ 209.280077][T13206] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 209.291857][T13205] FAT-fs (loop2): Directory bread(block 64) failed [ 209.293289][T13205] FAT-fs (loop2): Directory bread(block 65) failed [ 209.294654][T13205] FAT-fs (loop2): Directory bread(block 66) failed [ 209.295977][T13205] FAT-fs (loop2): Directory bread(block 67) failed [ 209.297426][T13205] FAT-fs (loop2): Directory bread(block 68) failed [ 209.299189][T13205] FAT-fs (loop2): Directory bread(block 69) failed [ 209.301106][T13205] FAT-fs (loop2): Directory bread(block 70) failed [ 209.302607][T13205] FAT-fs (loop2): Directory bread(block 71) failed [ 209.305138][T13205] FAT-fs (loop2): Directory bread(block 72) failed [ 209.308776][T13205] FAT-fs (loop2): Directory bread(block 73) failed [ 209.923069][T13110] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.957707][T13205] syz.2.2636: attempt to access beyond end of device [ 209.957707][T13205] loop2: rw=524288, sector=1736, nr_sectors = 32 limit=256 [ 209.984208][T13205] syz.2.2636: attempt to access beyond end of device [ 209.984208][T13205] loop2: rw=0, sector=1736, nr_sectors = 8 limit=256 [ 209.997452][T13215] vlan1: entered promiscuous mode [ 209.998937][T13215] geneve1: entered promiscuous mode [ 210.217159][T13110] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 210.225181][T13110] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 210.228180][T13110] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 210.239806][T13110] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 210.386083][T13240] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2652'. [ 210.391906][T13110] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.403989][T13110] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.408960][ T4621] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.411258][ T4621] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.416673][ T4621] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.418164][ T4621] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.600181][T13110] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 210.632368][T13110] veth0_vlan: entered promiscuous mode [ 210.643177][T13110] veth1_vlan: entered promiscuous mode [ 210.677586][T13110] veth0_macvtap: entered promiscuous mode [ 210.682321][T13110] veth1_macvtap: entered promiscuous mode [ 210.691740][T13110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.694063][T13110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.696155][T13110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.698364][T13110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.701990][T13110] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 210.712375][T13110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 210.716290][T13110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.718494][T13110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 210.722791][T13110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.726032][T13110] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 210.732875][T13110] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.735100][T13110] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.737192][T13110] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.750191][T13110] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.818895][ T5989] Bluetooth: hci5: command tx timeout [ 210.823710][ T7358] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 210.825559][ T7358] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 210.849873][ T4621] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 210.851725][ T4621] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 210.960546][T13268] loop3: detected capacity change from 0 to 512 [ 210.968887][T13268] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 210.988151][T13268] EXT4-fs (loop3): 1 truncate cleaned up [ 210.992422][T13268] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 211.090141][T13110] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.134755][T13276] netlink: 'syz.3.2662': attribute type 21 has an invalid length. [ 211.136552][T13276] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2662'. [ 211.177838][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 211.177853][ T30] audit: type=1326 audit(2771.147:2856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13279 comm="syz.3.2664" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa14d528 code=0x7ffc0000 [ 211.184045][ T30] audit: type=1326 audit(2771.157:2857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13279 comm="syz.3.2664" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa14d528 code=0x7ffc0000 [ 211.189997][ T30] audit: type=1326 audit(2771.167:2858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13279 comm="syz.3.2664" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffaa14d528 code=0x7ffc0000 [ 211.195147][ T30] audit: type=1326 audit(2771.167:2859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13279 comm="syz.3.2664" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa14d528 code=0x7ffc0000 [ 211.200725][ T30] audit: type=1326 audit(2771.177:2860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13279 comm="syz.3.2664" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa14d528 code=0x7ffc0000 [ 211.206281][ T30] audit: type=1326 audit(2771.177:2861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13279 comm="syz.3.2664" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffaa14d528 code=0x7ffc0000 [ 211.212205][ T30] audit: type=1326 audit(2771.177:2862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13279 comm="syz.3.2664" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa14d528 code=0x7ffc0000 [ 211.217348][T13281] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 211.219412][ T30] audit: type=1326 audit(2771.177:2863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13279 comm="syz.3.2664" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa14d528 code=0x7ffc0000 [ 211.225247][T13281] vhci_hcd: default hub control req: d300 v0000 i0000 l0 [ 211.227973][ T30] audit: type=1326 audit(2771.177:2864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13279 comm="syz.3.2664" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffaa14d528 code=0x7ffc0000 [ 211.235640][ T30] audit: type=1326 audit(2771.177:2865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13279 comm="syz.3.2664" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa14d528 code=0x7ffc0000 [ 211.314139][T13287] loop3: detected capacity change from 0 to 128 [ 211.701624][T13312] xt_CT: You must specify a L4 protocol and not use inversions on it [ 212.199046][T13336] loop2: detected capacity change from 0 to 512 [ 212.204325][T13336] EXT4-fs: Ignoring removed orlov option [ 212.207274][T13336] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 212.213091][T13336] EXT4-fs (loop2): orphan cleanup on readonly fs [ 212.226229][T13336] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2688: bg 0: block 248: padding at end of block bitmap is not set [ 212.243208][T13336] EXT4-fs error (device loop2): ext4_acquire_dquot:6879: comm syz.2.2688: Failed to acquire dquot type 1 [ 212.255625][T13336] EXT4-fs (loop2): 1 truncate cleaned up [ 212.260951][T13336] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 212.268873][T13336] EXT4-fs: Ignoring removed orlov option [ 212.270206][T13336] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 212.328816][T13336] EXT4-fs error (device loop2): __ext4_remount:6522: comm syz.2.2688: Abort forced by user [ 212.336619][T13336] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 212.457525][T13336] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 212.460694][T13336] EXT4-fs error (device loop2): ext4_lookup:1817: inode #2: comm syz.2.2688: deleted inode referenced: 12 [ 212.900294][ T5989] Bluetooth: hci5: command tx timeout [ 213.152220][ T6427] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 213.181990][T13359] (unnamed net_device) (uninitialized): up delay (14) is not a multiple of miimon (14680064), value rounded to 0 ms [ 213.234342][T13359] bond1: entered promiscuous mode [ 213.243635][T13359] 8021q: adding VLAN 0 to HW filter on device bond1 [ 213.315447][T13370] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 213.317615][T13370] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 213.321235][T13370] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2701'. [ 213.464296][T13382] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2706'. [ 213.481089][T13380] loop5: detected capacity change from 0 to 1764 [ 213.493370][T13380] hub 1-0:1.0: USB hub found [ 213.496746][T13380] hub 1-0:1.0: 1 port detected [ 214.450059][T13436] Invalid ELF header magic: != ELF [ 214.488112][T13440] loop3: detected capacity change from 0 to 256 [ 214.494191][T13438] vlan2: entered promiscuous mode [ 214.648413][T13449] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 214.984957][ T5989] Bluetooth: hci5: command tx timeout [ 215.116249][T13474] netlink: 'syz.5.2744': attribute type 10 has an invalid length. [ 215.132552][T13474] batman_adv: batadv0: Adding interface: team0 [ 215.135220][T13474] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 215.156132][T13474] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 215.189050][T13474] netlink: 'syz.5.2744': attribute type 10 has an invalid length. [ 215.198744][T13474] netlink: 2 bytes leftover after parsing attributes in process `syz.5.2744'. [ 215.200804][T13474] team0: entered promiscuous mode [ 215.212153][T13474] team_slave_0: entered promiscuous mode [ 215.213553][T13474] team_slave_1: entered promiscuous mode [ 215.215774][T13474] 8021q: adding VLAN 0 to HW filter on device team0 [ 215.217313][T13474] batman_adv: batadv0: Interface activated: team0 [ 215.238962][T13474] batman_adv: batadv0: Interface deactivated: team0 [ 215.240492][T13474] batman_adv: batadv0: Removing interface: team0 [ 215.246884][T13474] bridge0: port 3(team0) entered blocking state [ 215.248473][T13474] bridge0: port 3(team0) entered disabled state [ 215.251361][T13474] team0: entered allmulticast mode [ 215.253698][T13474] team_slave_0: entered allmulticast mode [ 215.256191][T13474] team_slave_1: entered allmulticast mode [ 215.261191][T13474] bridge0: port 3(team0) entered blocking state [ 215.262557][T13474] bridge0: port 3(team0) entered forwarding state [ 215.330547][T13486] netlink: 'syz.1.2748': attribute type 21 has an invalid length. [ 215.337873][T13486] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2748'. [ 215.373348][T13491] loop5: detected capacity change from 0 to 1024 [ 215.375607][T13491] EXT4-fs: Ignoring removed orlov option [ 215.376899][T13491] EXT4-fs: Ignoring removed nomblk_io_submit option [ 215.459250][T13491] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 215.505605][ T8939] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 215.562979][T13499] binder: 13498:13499 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 215.565878][T13499] binder: 13499 RLIMIT_NICE not set [ 215.567173][T13499] binder: 13498:13499 ioctl c0306201 20000580 returned -14 [ 215.569507][T13499] binder: 13498:13499 BC_CLEAR_FREEZE_NOTIFICATION freeze notification cookie mismatch ffffff7f00000000 != 0000000000000000 [ 215.669096][T13499] binder: 13498:13499 ioctl c0306201 200002c0 returned -22 [ 215.783141][ T5989] Bluetooth: hci1: unexpected event for opcode 0x0c7c [ 216.399778][T13532] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2764'. [ 217.917244][T13545] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 217.952696][T13547] tmpfs: Bad value for 'mpol' [ 218.036873][T13552] UBIFS error (pid: 13552): cannot open "./file0", error -22 [ 218.314057][T13571] can0: slcan on ptm0. [ 218.497232][T13588] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 218.518982][T13588] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 218.681764][T13599] team0: Mode changed to "loadbalance" [ 218.732713][T13603] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2789'. [ 218.947206][T13617] netlink: 'syz.3.2794': attribute type 30 has an invalid length. [ 219.249535][T13568] can0 (unregistered): slcan off ptm0. [ 219.424661][T13637] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2801'. [ 219.723327][T13658] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 219.736763][T13658] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 219.784956][T13658] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2807'. [ 220.025558][T13673] binder: 13670:13673 BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 220.027757][T13673] binder: 13670:13673 ioctl c0306201 200002c0 returned -22 [ 220.309120][T13685] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2813'. [ 220.352614][T13688] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2814'. [ 220.730806][T13712] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2825'. [ 221.036918][ T6412] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz1] on syz1 [ 221.759163][T13724] input: syz1 as /devices/virtual/input/input2 [ 221.941306][ T10] ================================================================== [ 221.943149][ T10] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x34/0x158 [ 221.944998][ T10] Read of size 8 at addr ffff0000c532c708 by task kworker/0:1/10 [ 221.946561][ T10] [ 221.947062][ T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.12.0-syzkaller-g7b1d1d4cfac0 #0 [ 221.949102][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 221.951237][ T10] Workqueue: events binder_deferred_func [ 221.952548][ T10] Call trace: [ 221.953407][ T10] show_stack+0x2c/0x3c (C) [ 221.954406][ T10] dump_stack_lvl+0xe4/0x150 [ 221.955518][ T10] print_report+0x198/0x538 [ 221.956609][ T10] kasan_report+0xd8/0x138 [ 221.957648][ T10] __asan_report_load8_noabort+0x20/0x2c [ 221.958972][ T10] __list_del_entry_valid_or_report+0x34/0x158 [ 221.960368][ T10] binder_release_work+0xc0/0x4f4 [ 221.961570][ T10] binder_deferred_func+0x109c/0x1270 [ 221.962917][ T10] process_one_work+0x7bc/0x1600 [ 221.964158][ T10] worker_thread+0x97c/0xeec [ 221.965253][ T10] kthread+0x288/0x310 [ 221.966156][ T10] ret_from_fork+0x10/0x20 [ 221.967197][ T10] [ 221.967719][ T10] Allocated by task 13731: [ 221.968788][ T10] kasan_save_track+0x40/0x78 [ 221.969798][ T10] kasan_save_alloc_info+0x40/0x50 [ 221.970980][ T10] __kasan_kmalloc+0xac/0xc4 [ 221.972073][ T10] __kmalloc_cache_noprof+0x244/0x378 [ 221.973319][ T10] binder_ioctl_write_read+0x1e94/0xb0d8 [ 221.974592][ T10] binder_ioctl+0x408/0x2670 [ 221.975622][ T10] __arm64_sys_ioctl+0x14c/0x1c8 [ 221.976733][ T10] invoke_syscall+0x98/0x2b8 [ 221.977816][ T10] el0_svc_common+0x130/0x23c [ 221.978832][ T10] do_el0_svc+0x48/0x58 [ 221.979911][ T10] el0_svc+0x54/0x168 [ 221.980854][ T10] el0t_64_sync_handler+0x84/0x108 [ 221.982123][ T10] el0t_64_sync+0x198/0x19c [ 221.983095][ T10] [ 221.983617][ T10] Freed by task 10: [ 221.984512][ T10] kasan_save_track+0x40/0x78 [ 221.985600][ T10] kasan_save_free_info+0x54/0x6c [ 221.986749][ T10] __kasan_slab_free+0x64/0x8c [ 221.987889][ T10] kfree+0x184/0x47c [ 221.988807][ T10] binder_deferred_func+0xff0/0x1270 [ 221.990041][ T10] process_one_work+0x7bc/0x1600 [ 221.991215][ T10] worker_thread+0x97c/0xeec [ 221.992284][ T10] kthread+0x288/0x310 [ 221.993256][ T10] ret_from_fork+0x10/0x20 [ 221.994312][ T10] [ 221.994846][ T10] The buggy address belongs to the object at ffff0000c532c700 [ 221.994846][ T10] which belongs to the cache kmalloc-64 of size 64 [ 221.998092][ T10] The buggy address is located 8 bytes inside of [ 221.998092][ T10] freed 64-byte region [ffff0000c532c700, ffff0000c532c740) [ 222.001146][ T10] [ 222.001680][ T10] The buggy address belongs to the physical page: [ 222.003082][ T10] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10532c [ 222.005109][ T10] anon flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 222.006812][ T10] page_type: f5(slab) [ 222.007703][ T10] raw: 05ffc00000000000 ffff0000c00018c0 fffffdffc309c640 dead000000000005 [ 222.009651][ T10] raw: 0000000000000000 0000000000200020 00000001f5000000 0000000000000000 [ 222.011637][ T10] page dumped because: kasan: bad access detected [ 222.013125][ T10] [ 222.013688][ T10] Memory state around the buggy address: [ 222.014989][ T10] ffff0000c532c600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 222.016821][ T10] ffff0000c532c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 222.018709][ T10] >ffff0000c532c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 222.020512][ T10] ^ [ 222.021547][ T10] ffff0000c532c780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 222.023298][ T10] ffff0000c532c800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 222.025069][ T10] ================================================================== [ 222.027329][ T10] Disabling lock debugging due to kernel taint [ 222.028972][ T10] Unable to handle kernel paging request at virtual address 004540c200000001 [ 222.031104][ T10] Mem abort info: [ 222.031912][ T10] ESR = 0x0000000096000004 [ 222.033027][ T10] EC = 0x25: DABT (current EL), IL = 32 bits [ 222.034400][ T10] SET = 0, FnV = 0 [ 222.035204][ T10] EA = 0, S1PTW = 0 [ 222.036207][ T10] FSC = 0x04: level 0 translation fault [ 222.037461][ T10] Data abort info: [ 222.038269][ T10] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 222.039899][ T10] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 222.041171][ T10] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 222.042637][ T10] [004540c200000001] address between user and kernel address ranges [ 222.044318][ T10] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 222.045928][ T10] Modules linked in: [ 222.046726][ T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Tainted: G B 6.12.0-syzkaller-g7b1d1d4cfac0 #0 [ 222.049063][ T10] Tainted: [B]=BAD_PAGE [ 222.049990][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 222.052197][ T10] Workqueue: events binder_deferred_func [ 222.053630][ T10] pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 222.055509][ T10] pc : __list_del_entry_valid_or_report+0x78/0x158 [ 222.057007][ T10] lr : __list_del_entry_valid_or_report+0x4c/0x158 [ 222.058484][ T10] sp : ffff8000979979c0 [ 222.059393][ T10] x29: ffff8000979979c0 x28: ffff700012f32f80 x27: ffff0000c532c700 [ 222.061071][ T10] x26: dfff800000000000 x25: ffff8000922b00a0 x24: ffff80008f154f3b [ 222.062776][ T10] x23: ffff80008f154f16 x22: dfff800000000000 x21: 022e06100000000a [ 222.064509][ T10] x20: ffff0000eee72a00 x19: ffff0000c532c700 x18: 0000000000000008 [ 222.066251][ T10] x17: 0000000000000000 x16: ffff80008b47f65c x15: 0000000000000001 [ 222.068040][ T10] x14: 1ffff000125bc2e8 x13: 0000000000000000 x12: 0000000000000000 [ 222.069697][ T10] x11: ffff7000125bc2e9 x10: 0000000000ff0100 x9 : ffff80009746b3a0 [ 222.071394][ T10] x8 : 0045c0c200000001 x7 : 0000000000000001 x6 : 0000000000000001 [ 222.072986][ T10] x5 : ffff800097996ff8 x4 : ffff80008f9bd220 x3 : ffff800083161924 [ 222.074642][ T10] x2 : dead000000000122 x1 : 0000000000000008 x0 : 0000000000000000 [ 222.076219][ T10] Call trace: [ 222.076882][ T10] __list_del_entry_valid_or_report+0x78/0x158 (P) [ 222.078187][ T10] __list_del_entry_valid_or_report+0x4c/0x158 (L) [ 222.079539][ T10] binder_release_work+0xc0/0x4f4 [ 222.080662][ T10] binder_deferred_func+0x109c/0x1270 [ 222.081844][ T10] process_one_work+0x7bc/0x1600 [ 222.082941][ T10] worker_thread+0x97c/0xeec [ 222.084012][ T10] kthread+0x288/0x310 [ 222.084957][ T10] ret_from_fork+0x10/0x20 [ 222.085897][ T10] Code: 91008902 eb0202bf 54000520 d343fea8 (38766908) [ 222.087399][ T10] ---[ end trace 0000000000000000 ]--- [ 222.702039][ T10] Kernel panic - not syncing: Oops: Fatal exception [ 222.703485][ T10] SMP: stopping secondary CPUs [ 222.704464][ T10] Kernel Offset: disabled [ 222.705281][ T10] CPU features: 0x40,0000081c,00800250,82017203 [ 222.706547][ T10] Memory Limit: none [ 223.300597][ T10] Rebooting in 86400 seconds..