last executing test programs: 13.907053937s ago: executing program 2 (id=5042): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000440)={{r0, 0xffffffffffffffff}, &(0x7f0000000100)=0x7d8, &(0x7f0000000140)='%pi6 \x00'}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffdfe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r5 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r5, &(0x7f00000000c0), 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380), 0x0, 0x2, r1}, 0x38) 12.149302153s ago: executing program 3 (id=5043): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = creat(&(0x7f0000000100)='./bus\x00', 0x1a1) ftruncate(r3, 0x82081fc) r4 = open(&(0x7f0000000780)='./bus\x00', 0x14d0be, 0x48) mmap(&(0x7f0000000000/0x600000)=nil, 0x600402, 0x7ffffe, 0x4002011, r4, 0x800000) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x20000023896) close(r5) syz_open_dev$evdev(0x0, 0x0, 0x0) 12.139250944s ago: executing program 2 (id=5044): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0xcd5e1000) 10.835467501s ago: executing program 2 (id=5046): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000000800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000280), 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x1) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1c10, 0x0) r3 = open(&(0x7f0000000400)='./bus\x00', 0xc40, 0x0) ioctl$BLKROSET(r3, 0x125d, &(0x7f0000000080)=0x3f) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) fallocate(r4, 0x0, 0x0, 0x8000c62) truncate(&(0x7f00000000c0)='./file1\x00', 0x8008) 9.23464068s ago: executing program 2 (id=5049): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = creat(&(0x7f0000000100)='./bus\x00', 0x1a1) ftruncate(r3, 0x82081fc) r4 = open(&(0x7f0000000780)='./bus\x00', 0x14d0be, 0x48) mmap(&(0x7f0000000000/0x600000)=nil, 0x600402, 0x7ffffe, 0x4002011, r4, 0x800000) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x20000023896) close(r5) syz_open_dev$evdev(0x0, 0x0, 0x0) 9.23069157s ago: executing program 3 (id=5050): socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xb, 0xff, 0x5, 0x7f, 0x1, 0x1}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffdfe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f00000000c0), 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380), 0x0, 0x2}, 0x38) 8.168064946s ago: executing program 0 (id=5051): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0xcd5e1000) 8.152647407s ago: executing program 1 (id=5052): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a000000", @ANYRES32=r2, @ANYBLOB="14000200fe8000000000000000000000000000aa080009003f0c0000"], 0x48}}, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) 6.898868391s ago: executing program 3 (id=5053): sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500"/133], 0xfc}}, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r5, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0x8000}, 0x1c) sendmmsg(r5, &(0x7f00000092c0), 0x4ff, 0xfdff) 6.710887329s ago: executing program 1 (id=5054): socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xb, 0xff, 0x5, 0x7f, 0x1, 0x1}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffdfe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f00000000c0), 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380), 0x0, 0x2}, 0x38) 6.69495354s ago: executing program 0 (id=5055): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0xcd5e1000) 5.732450161s ago: executing program 3 (id=5056): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) read$FUSE(0xffffffffffffffff, &(0x7f0000004180)={0x2020}, 0x2020) ptrace$pokeuser(0x6, r3, 0x388, 0x41d9fda7) 5.520570871s ago: executing program 1 (id=5057): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000057"], 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000380)='hrtimer_start\x00', r1}, 0x18) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10) syz_usb_connect(0x3, 0xd6, &(0x7f0000000040)=ANY=[@ANYBLOB="120100000bb1d3106e0538b3567f010203010902c4"], 0x0) 3.92146702s ago: executing program 0 (id=5058): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xb, 0xff, 0x5, 0x7f, 0x1, 0x1}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000440)={{r0, 0xffffffffffffffff}, 0x0, &(0x7f0000000140)='%pi6 \x00'}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffdfe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r5 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r5, &(0x7f00000000c0), 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380), 0x0, 0x2, r1}, 0x38) 3.633125862s ago: executing program 2 (id=5059): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000057"], 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000380)='hrtimer_start\x00', r1}, 0x18) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10) syz_usb_connect(0x3, 0xd6, &(0x7f0000000040)=ANY=[@ANYBLOB="120100000bb1d3106e0538b3567f010203010902c4"], 0x0) 3.394268513s ago: executing program 3 (id=5060): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) unshare(0x60000600) 2.639208965s ago: executing program 0 (id=5061): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0xcd5e1000) 2.556670219s ago: executing program 3 (id=5062): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000057"], 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000380)='hrtimer_start\x00', r1}, 0x18) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10) syz_usb_connect(0x3, 0xd6, &(0x7f0000000040)=ANY=[@ANYBLOB="120100000bb1d3106e0538b3567f010203010902c4"], 0x0) 2.415713235s ago: executing program 1 (id=5063): sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r5, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0x8000}, 0x1c) sendmmsg(r5, &(0x7f00000092c0), 0x4ff, 0xfdff) 983.419917ms ago: executing program 1 (id=5064): socket(0x0, 0x9f5faa811eea84c5, 0x0) sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0) setpriority(0x0, 0x0, 0xacf0165) r1 = openat(0xffffffffffffff9c, 0x0, 0x2, 0x0) fsync(r1) ioctl$NS_GET_OWNER_UID(r1, 0xb704, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x5) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x3008003, &(0x7f0000002ac0)=ANY=[], 0x2, 0x200, &(0x7f00000002c0)="$eJzsmbFrFEEUxr+Z3ds7gwRtLGwsDBjR7O3uqaSJEMFSEKKo5WHWEN3k5LJC7kDwsLHRzkKwtbG0sLCy8C+w1UIFwcIrBQthZGZnd4e93fMOTwXzfpDJN/PezLz3YF6xB4Ig9iyfPn778PDc8qWTAPZjAXW9/sXKfbjh//7JnROPV84/ffHu2Zvt+buviucxAEJUXve9aHIAvF61EIPZyYoQmM/tC0YIWuMyOI5rfQUMbiJ/CEUyCcFwTfvcNHRnnxZR6F7vROs3NqPQk4Mvh0AOLTM+GdRwwLAOoKGiE4IZ9p1e/1Y7isJuUdREes+IaVrBK8up41vlWEFaPSGk/9UH9wdyrmsDDzyrnw8OX+sWGNa0XkYdruvmJTHyP2zn51uT5D9jcVbd9WjSXc+VOLj05wNLRPpGptkly/g3SvcfidpMzmHFFfmgs5VDw7QHmj6f/1nu+LVPY/xjhLaPmN7ORdGF34jQKSlUJvL+JDv7MaM/2bCz/tGMt243d3r9pc2t9ka4EW4HQeuMd8rzTgdN1YiScUz/a6j+NGecX6vwdZiD3XYcd/1dIO762TxIxjwBrL3sfJVbDkD1P47Fo+oI1VNV2vXyO5j+4+q/VItWuee9ypwIgiAIgiAIgiAIgiAIgiDKOQKG5JcwwfQH0TKCi+oL5c8AAAD//40vYXw=") creat(&(0x7f00000000c0)='./file0\x00', 0xf4) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0x301, &(0x7f0000000640)={'\x00', 0x40, 0x200000a, 0x2, 0x8, 0xfffffffffffffffd}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fadvise64(r2, 0xe0ffff, 0x19, 0x3) 979.099057ms ago: executing program 0 (id=5065): sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xfc}}, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r5, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0x8000}, 0x1c) sendmmsg(r5, &(0x7f00000092c0), 0x4ff, 0xfdff) 150.092733ms ago: executing program 0 (id=5066): bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000000540)=0x2000204, 0x300) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0100000c01000005000000040000000a000013030000000e00000001000000050000000700000040000000090000000b000000030006000000000009000000030000000300000008000000080000000900000009000000000001000400000008000000fdffffff080000000100000009000000030000000500000002000000010100000300000000"], &(0x7f0000000040)=""/78, 0x129, 0x4e, 0x0, 0x2, 0x10000}, 0x28) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000003c0)='kfree\x00', r1}, 0x18) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000007c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32, @ANYBLOB="080005000300000033e25ef7388b4db3fe35f9d49bb0c127e5d5eb5c2a7671754f2c069b8e9ea6171889ad91b744d147604c0d5612985f0b6eea8cd8bb9a186a0194ac2614c61f17b51185f05462c1cb2980601e1f13ea4a16dfd690cead12e9b2f764dbd9929e6233e522c46953c074162e7cef5a7b2f72e03ab3609ced65291b34107920ebb0d67f0b1ff048e41695a6400de209f5e1974eff103e432e"], 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x64, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x64}}, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) ioctl$EVIOCGUNIQ(0xffffffffffffffff, 0x80404508, &(0x7f0000000180)=""/138) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[@ANYBLOB="50000000100003040000000000000000f2000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100766c616e000000001800028006000100010000000c000200540a00001800000008000500", @ANYRES32=r6], 0x50}, 0x1, 0xba01}, 0x0) r7 = socket(0x10, 0x3, 0x0) write(r7, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24) 17.584529ms ago: executing program 1 (id=5067): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, 0x0, 0x0, 0x0) r3 = creat(&(0x7f0000000100)='./bus\x00', 0x1a1) ftruncate(r3, 0x82081fc) r4 = open(&(0x7f0000000780)='./bus\x00', 0x14d0be, 0x48) mmap(&(0x7f0000000000/0x600000)=nil, 0x600402, 0x7ffffe, 0x4002011, r4, 0x800000) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x20000023896) close(r5) syz_open_dev$evdev(0x0, 0x0, 0x0) 0s ago: executing program 2 (id=5068): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, 0x0, 0x0, 0x0) r3 = creat(&(0x7f0000000100)='./bus\x00', 0x1a1) ftruncate(r3, 0x82081fc) r4 = open(&(0x7f0000000780)='./bus\x00', 0x14d0be, 0x48) mmap(&(0x7f0000000000/0x600000)=nil, 0x600402, 0x7ffffe, 0x4002011, r4, 0x800000) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x20000023896) close(r5) syz_open_dev$evdev(0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): header type: 3 != 1 [ 944.258795][T18675] Invalid ELF header type: 3 != 1 [ 944.581204][T18693] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4366'. [ 945.399510][T18695] loop2: detected capacity change from 0 to 1764 [ 945.565379][T18702] Invalid ELF header type: 3 != 1 [ 945.963731][ T6205] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 947.403860][T18721] loop3: detected capacity change from 0 to 1764 [ 947.614666][T18724] Invalid ELF header type: 3 != 1 [ 948.075568][T18719] loop1: detected capacity change from 0 to 512 [ 948.086312][ T6205] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 948.294298][T18719] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #2: block 3: comm syz.1.4371: lblock 0 mapped to illegal pblock 3 (length 1) [ 948.313387][T18719] EXT4-fs (loop1): Remounting filesystem read-only [ 948.320041][T18719] EXT4-fs warning (device loop1): dx_probe:823: inode #2: lblock 0: comm syz.1.4371: error -117 reading directory block [ 948.332931][T18719] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 948.343959][T18719] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 949.006520][T18734] Invalid ELF header type: 3 != 1 [ 950.100684][T18749] loop3: detected capacity change from 0 to 1764 [ 950.313774][T18746] loop2: detected capacity change from 0 to 1764 [ 951.058492][T18752] loop0: detected capacity change from 0 to 2048 [ 951.180291][T18763] Invalid ELF header type: 3 != 1 [ 951.867799][T18752] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 952.404248][T18772] loop2: detected capacity change from 0 to 512 [ 952.488041][T18772] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #2: block 3: comm syz.2.4383: lblock 0 mapped to illegal pblock 3 (length 1) [ 952.502536][T18772] EXT4-fs (loop2): Remounting filesystem read-only [ 952.509316][T18772] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.4383: error -117 reading directory block [ 952.521892][T18772] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 952.530928][T18772] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 953.091026][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 953.264385][T18780] loop3: detected capacity change from 0 to 1764 [ 953.842580][ T6205] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 954.103262][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 954.431271][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 954.596348][T18786] loop0: detected capacity change from 0 to 512 [ 954.783479][T18786] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #2: block 3: comm syz.0.4385: lblock 0 mapped to illegal pblock 3 (length 1) [ 954.799851][T18786] EXT4-fs (loop0): Remounting filesystem read-only [ 954.806929][T18786] EXT4-fs warning (device loop0): dx_probe:823: inode #2: lblock 0: comm syz.0.4385: error -117 reading directory block [ 954.820968][T18786] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 954.830702][T18786] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 954.943695][T18799] Invalid ELF header type: 3 != 1 [ 955.713312][T18806] loop2: detected capacity change from 0 to 512 [ 955.723338][T18806] EXT4-fs (loop2): unable to read superblock [ 955.805585][T18804] loop3: detected capacity change from 0 to 512 [ 955.862224][T18804] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #2: block 3: comm syz.3.4391: lblock 0 mapped to illegal pblock 3 (length 1) [ 955.881260][T18804] EXT4-fs (loop3): Remounting filesystem read-only [ 955.889989][T18804] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.4391: error -117 reading directory block [ 955.902775][T18804] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 955.912214][T18804] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 956.261320][T18811] loop1: detected capacity change from 0 to 2048 [ 956.580495][T18817] loop2: detected capacity change from 0 to 512 [ 956.632585][T18817] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #2: block 3: comm syz.2.4395: lblock 0 mapped to illegal pblock 3 (length 1) [ 956.651319][T18817] EXT4-fs (loop2): Remounting filesystem read-only [ 956.657734][T18811] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 956.657908][T18817] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.4395: error -117 reading directory block [ 956.683386][T18817] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 956.693099][T18817] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 957.310619][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 957.668984][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 957.920361][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 959.031254][T18839] Invalid ELF header type: 3 != 1 [ 959.749085][T18836] loop1: detected capacity change from 0 to 512 [ 959.779362][T18836] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #2: block 3: comm syz.1.4397: lblock 0 mapped to illegal pblock 3 (length 1) [ 959.804226][T18836] EXT4-fs (loop1): Remounting filesystem read-only [ 959.810780][T18836] EXT4-fs warning (device loop1): dx_probe:823: inode #2: lblock 0: comm syz.1.4397: error -117 reading directory block [ 959.823480][T18836] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 959.832993][T18836] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 960.129878][T18845] loop2: detected capacity change from 0 to 2048 [ 960.154981][T18845] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 960.209701][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 960.222305][T18845] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 960.260737][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 960.388573][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 960.427938][T18852] loop3: detected capacity change from 0 to 2048 [ 960.514930][T18852] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 960.708558][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 961.831825][T18869] loop3: detected capacity change from 0 to 1764 [ 961.897881][ T6205] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 962.003642][T18872] Invalid ELF header type: 3 != 1 [ 962.810065][T18879] Invalid ELF header type: 3 != 1 [ 963.586005][T18884] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4412'. [ 963.989380][T18887] loop2: detected capacity change from 0 to 1764 [ 964.701965][T18902] loop2: detected capacity change from 0 to 512 [ 964.795936][T18893] loop3: detected capacity change from 0 to 1764 [ 964.889226][T18902] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #2: block 3: comm syz.2.4418: lblock 0 mapped to illegal pblock 3 (length 1) [ 964.912206][T18902] EXT4-fs (loop2): Remounting filesystem read-only [ 964.918902][T18902] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.4418: error -117 reading directory block [ 964.931803][T18902] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 964.941265][T18902] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 965.123318][ T6206] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 965.364604][T18909] loop1: detected capacity change from 0 to 512 [ 965.808595][T18909] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #2: block 3: comm syz.1.4417: lblock 0 mapped to illegal pblock 3 (length 1) [ 965.825757][T18909] EXT4-fs (loop1): Remounting filesystem read-only [ 965.832375][T18909] EXT4-fs warning (device loop1): dx_probe:823: inode #2: lblock 0: comm syz.1.4417: error -117 reading directory block [ 965.845611][T18909] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 965.858544][T18909] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 966.262369][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 966.280703][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 966.375542][T18916] Invalid ELF header type: 3 != 1 [ 967.144380][T18919] loop0: detected capacity change from 0 to 2048 [ 967.493588][T18925] Invalid ELF header type: 3 != 1 [ 968.264252][T18919] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 968.352564][T18929] loop1: detected capacity change from 0 to 512 [ 968.400283][T18929] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #2: block 3: comm syz.1.4420: lblock 0 mapped to illegal pblock 3 (length 1) [ 968.591759][T18929] EXT4-fs (loop1): Remounting filesystem read-only [ 968.654730][T18929] EXT4-fs warning (device loop1): dx_probe:823: inode #2: lblock 0: comm syz.1.4420: error -117 reading directory block [ 968.670255][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 968.713309][T18929] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 968.731057][T18929] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 969.260190][T18943] loop3: detected capacity change from 0 to 512 [ 969.350343][T18943] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #2: block 3: comm syz.3.4426: lblock 0 mapped to illegal pblock 3 (length 1) [ 969.368567][T18943] EXT4-fs (loop3): Remounting filesystem read-only [ 969.375271][T18943] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.4426: error -117 reading directory block [ 969.388208][T18943] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 969.401297][T18943] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 969.715254][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 970.152413][T18952] loop2: detected capacity change from 0 to 2048 [ 970.296800][T18956] loop3: detected capacity change from 0 to 1764 [ 970.686961][T18952] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 970.928236][T18952] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 971.089838][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 971.407796][T18963] loop3: detected capacity change from 0 to 1764 [ 971.955049][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 972.432782][T18969] loop2: detected capacity change from 0 to 1764 [ 972.827014][ T6206] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 972.896209][ T5800] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 973.771784][T18973] loop0: detected capacity change from 0 to 512 [ 973.833779][T18973] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #2: block 3: comm syz.0.4434: lblock 0 mapped to illegal pblock 3 (length 1) [ 973.860511][T18973] EXT4-fs (loop0): Remounting filesystem read-only [ 973.868119][T18973] EXT4-fs warning (device loop0): dx_probe:823: inode #2: lblock 0: comm syz.0.4434: error -117 reading directory block [ 973.883081][T18973] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 973.894821][T18973] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 974.166495][T18982] loop1: detected capacity change from 0 to 512 [ 974.884076][T18982] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #2: block 3: comm syz.1.4435: lblock 0 mapped to illegal pblock 3 (length 1) [ 974.901339][T18982] EXT4-fs (loop1): Remounting filesystem read-only [ 974.908194][T18982] EXT4-fs warning (device loop1): dx_probe:823: inode #2: lblock 0: comm syz.1.4435: error -117 reading directory block [ 974.920830][T18982] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 974.930374][T18982] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 975.018411][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 975.243982][T18976] loop3: detected capacity change from 0 to 2048 [ 975.384006][T18989] loop2: detected capacity change from 0 to 1764 [ 975.584259][T18976] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 975.938329][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 976.003929][ T6205] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 976.017397][T18976] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 976.156809][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 976.639532][T19003] loop3: detected capacity change from 0 to 512 [ 977.112713][T19003] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #2: block 3: comm syz.3.4440: lblock 0 mapped to illegal pblock 3 (length 1) [ 977.136905][T19003] EXT4-fs (loop3): Remounting filesystem read-only [ 977.144088][T19003] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.4440: error -117 reading directory block [ 977.157054][T19003] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 977.169756][T19003] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 977.407015][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 977.826297][T19013] loop2: detected capacity change from 0 to 1764 [ 978.489299][T19015] loop3: detected capacity change from 0 to 1024 [ 978.502676][T19015] EXT4-fs: Ignoring removed nomblk_io_submit option [ 978.520944][T19015] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c815c01c, mo2=0003] [ 978.536629][T19015] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 978.985087][T19020] loop2: detected capacity change from 0 to 512 [ 979.063796][T19020] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #2: block 3: comm syz.2.4445: lblock 0 mapped to illegal pblock 3 (length 1) [ 979.081247][T19020] EXT4-fs (loop2): Remounting filesystem read-only [ 979.088618][T19020] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.4445: error -117 reading directory block [ 979.101672][T19020] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 979.115021][T19020] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 979.479326][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 979.495956][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 980.021057][T19026] loop3: detected capacity change from 0 to 512 [ 980.141455][T19026] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #2: block 3: comm syz.3.4446: lblock 0 mapped to illegal pblock 3 (length 1) [ 980.569316][T19026] EXT4-fs (loop3): Remounting filesystem read-only [ 980.577805][T19026] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.4446: error -117 reading directory block [ 980.590584][T19026] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 980.600037][T19026] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 980.696386][T19031] loop2: detected capacity change from 0 to 2048 [ 980.731230][T19031] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 980.773780][T19031] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 980.834311][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 981.102577][T19036] loop0: detected capacity change from 0 to 512 [ 981.513839][T19036] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #2: block 3: comm syz.0.4448: lblock 0 mapped to illegal pblock 3 (length 1) [ 981.529464][T19036] EXT4-fs (loop0): Remounting filesystem read-only [ 981.536119][T19036] EXT4-fs warning (device loop0): dx_probe:823: inode #2: lblock 0: comm syz.0.4448: error -117 reading directory block [ 981.549699][T19036] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 981.769442][T19036] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 981.811570][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 982.058676][T19041] loop3: detected capacity change from 0 to 512 [ 982.088633][T19041] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #2: block 3: comm syz.3.4449: lblock 0 mapped to illegal pblock 3 (length 1) [ 982.117418][T19041] EXT4-fs (loop3): Remounting filesystem read-only [ 982.125026][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 982.152971][T19041] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.4449: error -117 reading directory block [ 982.189234][T19041] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 982.218350][T19041] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 982.991926][T19052] loop0: detected capacity change from 0 to 512 [ 983.463007][T19052] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #2: block 3: comm syz.0.4451: lblock 0 mapped to illegal pblock 3 (length 1) [ 983.480406][T19052] EXT4-fs (loop0): Remounting filesystem read-only [ 983.487455][T19052] EXT4-fs warning (device loop0): dx_probe:823: inode #2: lblock 0: comm syz.0.4451: error -117 reading directory block [ 983.501146][T19052] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 983.514686][T19052] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 983.832261][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 983.935795][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 984.404148][T19064] loop0: detected capacity change from 0 to 1764 [ 985.536652][T19072] loop2: detected capacity change from 0 to 1764 [ 986.247293][T19074] loop2: detected capacity change from 0 to 1024 [ 986.255049][T19074] EXT4-fs: Ignoring removed nomblk_io_submit option [ 986.269964][T19074] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c815c01c, mo2=0003] [ 986.480239][T19081] loop3: detected capacity change from 0 to 512 [ 986.804800][T19081] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #2: block 3: comm syz.3.4459: lblock 0 mapped to illegal pblock 3 (length 1) [ 986.822695][T19081] EXT4-fs (loop3): Remounting filesystem read-only [ 986.829703][T19081] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.4459: error -117 reading directory block [ 986.842628][T19081] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 986.856030][T19081] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 986.905784][T19074] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 987.274710][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 987.357117][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 987.852856][T19089] loop3: detected capacity change from 0 to 512 [ 987.910808][T19089] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #2: block 3: comm syz.3.4460: lblock 0 mapped to illegal pblock 3 (length 1) [ 987.926639][T19089] EXT4-fs (loop3): Remounting filesystem read-only [ 987.933360][T19089] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.4460: error -117 reading directory block [ 987.946262][T19089] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 987.959175][T19089] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 988.410212][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 989.625654][T19105] loop3: detected capacity change from 0 to 512 [ 989.641297][T19106] loop2: detected capacity change from 0 to 512 [ 990.155584][T19105] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #2: block 3: comm syz.3.4464: lblock 0 mapped to illegal pblock 3 (length 1) [ 990.170477][T19105] EXT4-fs (loop3): Remounting filesystem read-only [ 990.170892][T19106] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #2: block 3: comm syz.2.4465: lblock 0 mapped to illegal pblock 3 (length 1) [ 990.177093][T19105] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.4464: error -117 reading directory block [ 990.177165][T19105] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 990.178311][T19105] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 990.270605][T19106] EXT4-fs (loop2): Remounting filesystem read-only [ 990.277547][T19106] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.4465: error -117 reading directory block [ 990.291695][T19106] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 990.301457][T19106] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 990.415871][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 990.486030][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 990.809501][T19122] loop3: detected capacity change from 0 to 512 [ 991.582259][T19127] loop2: detected capacity change from 0 to 512 [ 991.640411][T19122] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #2: block 3: comm syz.3.4466: lblock 0 mapped to illegal pblock 3 (length 1) [ 991.656125][T19122] EXT4-fs (loop3): Remounting filesystem read-only [ 991.662713][T19122] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.4466: error -117 reading directory block [ 991.675570][T19122] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 991.689388][T19122] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 991.735773][T19127] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #2: block 3: comm syz.2.4467: lblock 0 mapped to illegal pblock 3 (length 1) [ 991.753891][T19127] EXT4-fs (loop2): Remounting filesystem read-only [ 991.760479][T19127] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.4467: error -117 reading directory block [ 991.773317][T19127] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 991.783377][T19127] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 991.926903][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 992.040304][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 992.465233][T19138] loop3: detected capacity change from 0 to 1764 [ 993.303893][T19145] loop3: detected capacity change from 0 to 512 [ 993.565191][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.576852][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.924185][T19145] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #2: block 3: comm syz.3.4472: lblock 0 mapped to illegal pblock 3 (length 1) [ 993.942471][T19145] EXT4-fs (loop3): Remounting filesystem read-only [ 993.949229][T19145] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.4472: error -117 reading directory block [ 993.961999][T19145] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 993.971600][T19145] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 994.193004][T19152] loop1: detected capacity change from 0 to 2048 [ 994.241418][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 994.663310][T19165] loop0: detected capacity change from 0 to 512 [ 995.613780][T19166] Invalid ELF header type: 3 != 1 [ 996.734664][T19152] EXT4-fs warning (device loop1): ext4_multi_mount_protect:398: Unable to create kmmpd thread for loop1. [ 996.788727][T19165] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #2: block 3: comm syz.0.4475: lblock 0 mapped to illegal pblock 3 (length 1) [ 996.810232][T19165] EXT4-fs (loop0): Remounting filesystem read-only [ 996.817474][T19165] EXT4-fs warning (device loop0): dx_probe:823: inode #2: lblock 0: comm syz.0.4475: error -117 reading directory block [ 996.830233][T19165] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 996.839798][T19165] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 997.094161][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 997.582773][T19193] loop2: detected capacity change from 0 to 512 [ 997.603015][T19193] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #2: block 3: comm syz.2.4484: lblock 0 mapped to illegal pblock 3 (length 1) [ 997.644750][T19193] EXT4-fs (loop2): Remounting filesystem read-only [ 997.659369][T19193] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.4484: error -117 reading directory block [ 997.710782][T19193] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 997.740789][T19193] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 998.421869][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 998.729851][T19192] loop0: detected capacity change from 0 to 512 [ 998.774875][T19205] loop2: detected capacity change from 0 to 512 [ 998.796577][T19205] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #2: block 3: comm syz.2.4488: lblock 0 mapped to illegal pblock 3 (length 1) [ 998.811088][T19205] EXT4-fs (loop2): Remounting filesystem read-only [ 998.817706][T19205] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.4488: error -117 reading directory block [ 998.830341][T19205] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 998.839228][T19205] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 998.895543][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 999.086947][T19210] loop1: detected capacity change from 0 to 1764 [ 999.224007][T19192] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #2: block 3: comm syz.0.4481: lblock 0 mapped to illegal pblock 3 (length 1) [ 999.280162][T19192] EXT4-fs (loop0): Remounting filesystem read-only [ 999.324142][T19192] EXT4-fs warning (device loop0): dx_probe:823: inode #2: lblock 0: comm syz.0.4481: error -117 reading directory block [ 999.364646][T19192] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 999.374384][T19192] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1000.401456][T19219] loop2: detected capacity change from 0 to 2048 [ 1000.443338][T19219] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1000.497846][T19219] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 1000.574771][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1001.089726][T19233] loop3: detected capacity change from 0 to 512 [ 1001.153974][T19233] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #2: block 3: comm syz.3.4495: lblock 0 mapped to illegal pblock 3 (length 1) [ 1001.173910][T19233] EXT4-fs (loop3): Remounting filesystem read-only [ 1001.180450][T19233] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.4495: error -117 reading directory block [ 1001.193212][T19233] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 1001.202838][T19233] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1002.611831][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1002.887558][T19246] loop3: detected capacity change from 0 to 512 [ 1003.088173][T19246] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #2: block 3: comm syz.3.4498: lblock 0 mapped to illegal pblock 3 (length 1) [ 1003.103101][T19246] EXT4-fs (loop3): Remounting filesystem read-only [ 1003.109641][T19246] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.4498: error -117 reading directory block [ 1003.122355][T19246] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 1003.131304][T19246] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1003.192661][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1003.613362][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1004.291184][T19257] loop0: detected capacity change from 0 to 2048 [ 1004.504517][T19261] Invalid ELF header type: 3 != 1 [ 1005.379403][T19268] loop3: detected capacity change from 0 to 512 [ 1005.416479][T19268] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #2: block 3: comm syz.3.4504: lblock 0 mapped to illegal pblock 3 (length 1) [ 1005.431064][T19268] EXT4-fs (loop3): Remounting filesystem read-only [ 1005.437785][T19268] EXT4-fs warning (device loop3): dx_probe:823: inode #2: lblock 0: comm syz.3.4504: error -117 reading directory block [ 1005.450514][T19268] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 1005.459321][T19268] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1005.915036][T19257] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1006.524297][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1006.540519][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1007.767535][T19282] loop2: detected capacity change from 0 to 1024 [ 1007.781951][T19282] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1008.139540][T19282] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c815c01c, mo2=0003] [ 1008.158634][T19282] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1008.290466][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1008.754121][T19289] loop3: detected capacity change from 0 to 2048 [ 1008.776762][T19292] loop2: detected capacity change from 0 to 2048 [ 1008.808750][T19289] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1008.859503][T19292] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1008.886294][T19289] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 1008.934688][T19292] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 1009.004990][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1009.080728][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1009.175837][T19299] loop1: detected capacity change from 0 to 512 [ 1009.239022][T19299] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #2: block 3: comm syz.1.4512: lblock 0 mapped to illegal pblock 3 (length 1) [ 1009.254723][T19299] EXT4-fs (loop1): Remounting filesystem read-only [ 1009.261262][T19299] EXT4-fs warning (device loop1): dx_probe:823: inode #2: lblock 0: comm syz.1.4512: error -117 reading directory block [ 1009.274328][T19299] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 1009.283926][T19299] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1009.409207][T19301] loop3: detected capacity change from 0 to 2048 [ 1009.443074][T19301] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1009.533481][T19309] Invalid ELF header type: 3 != 1 [ 1009.768996][T19301] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 1010.295373][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1010.334204][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1010.774372][T19317] loop1: detected capacity change from 0 to 2048 [ 1010.875579][T19319] loop3: detected capacity change from 0 to 1764 [ 1011.031427][T19317] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1013.127447][T19330] loop2: detected capacity change from 0 to 1764 [ 1013.918483][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1014.054413][T19336] loop3: detected capacity change from 0 to 1764 [ 1014.593174][ T6205] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1015.216302][T19347] loop2: detected capacity change from 0 to 1764 [ 1015.552121][T19351] loop3: detected capacity change from 0 to 1764 [ 1015.751501][T19354] loop1: detected capacity change from 0 to 1764 [ 1016.214025][ T6205] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1016.987335][T19361] Invalid ELF header type: 3 != 1 [ 1017.988089][T19371] Invalid ELF header type: 3 != 1 [ 1019.462927][T19384] loop1: detected capacity change from 0 to 1764 [ 1019.989647][ T6205] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1020.253159][T19386] loop2: detected capacity change from 0 to 2048 [ 1020.318091][T19386] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1020.473384][T19393] loop0: detected capacity change from 0 to 1764 [ 1021.090629][ T6206] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1021.153448][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1021.739024][T19403] loop2: detected capacity change from 0 to 1764 [ 1022.333759][ T6205] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1022.659918][T19407] loop3: detected capacity change from 0 to 1764 [ 1022.811507][ T6205] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1022.896569][T19411] Invalid ELF header type: 3 != 1 [ 1024.277397][T19420] loop3: detected capacity change from 0 to 1764 [ 1024.354996][ T6205] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1024.378113][T19418] loop1: detected capacity change from 0 to 2048 [ 1025.138543][T19418] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1025.311893][T19418] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 1026.343764][T19436] loop2: detected capacity change from 0 to 1764 [ 1026.901936][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1028.058177][T19443] Invalid ELF header type: 3 != 1 [ 1028.908192][T19444] loop3: detected capacity change from 0 to 1764 [ 1029.517313][ T6206] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1030.195961][T19458] Invalid ELF header type: 3 != 1 [ 1030.980864][T19464] loop3: detected capacity change from 0 to 1024 [ 1030.988103][T19464] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1031.051606][T19464] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c815c01c, mo2=0003] [ 1031.092363][T19464] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1031.261010][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1031.649825][T19475] loop3: detected capacity change from 0 to 1764 [ 1032.910910][T19485] Invalid ELF header type: 3 != 1 [ 1034.054364][T19490] loop3: detected capacity change from 0 to 1764 [ 1034.709808][ T6205] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1035.557387][T19506] loop3: detected capacity change from 0 to 1764 [ 1036.249230][ T6205] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1036.480816][T19511] loop0: detected capacity change from 0 to 1764 [ 1037.083766][ T6206] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1037.355524][T19517] loop2: detected capacity change from 0 to 512 [ 1037.899788][T19520] Invalid ELF header type: 3 != 1 [ 1038.411995][T19517] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #2: block 3: comm syz.2.4563: lblock 0 mapped to illegal pblock 3 (length 1) [ 1038.436363][T19517] EXT4-fs (loop2): Remounting filesystem read-only [ 1038.442926][T19517] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.4563: error -117 reading directory block [ 1038.455677][T19517] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 1038.465126][T19517] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1038.732915][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1038.807229][T19529] Invalid ELF header type: 3 != 1 [ 1039.916556][T19539] loop2: detected capacity change from 0 to 1764 [ 1042.032603][T19556] syz.2.4574 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1042.449237][T19565] loop3: detected capacity change from 0 to 1764 [ 1042.906482][ T6205] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1042.954570][T19564] loop2: detected capacity change from 0 to 1024 [ 1042.985167][T19564] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1043.863651][T19564] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c815c01c, mo2=0003] [ 1043.918448][T19564] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1044.102538][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1044.804392][T19588] Invalid ELF header type: 3 != 1 [ 1045.617802][T19587] loop2: detected capacity change from 0 to 1764 [ 1045.887711][ T6205] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1046.308687][T19596] netlink: 'syz.1.4587': attribute type 4 has an invalid length. [ 1046.330707][T19601] netlink: 'syz.3.4590': attribute type 4 has an invalid length. [ 1046.420102][T19603] loop3: detected capacity change from 0 to 1024 [ 1046.431861][T19603] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1046.451939][T19603] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c815c01c, mo2=0003] [ 1046.467820][T19603] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1046.882136][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1046.975008][T19605] loop0: detected capacity change from 0 to 1764 [ 1047.259590][ T6206] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1049.158305][T19625] Invalid ELF header type: 3 != 1 [ 1050.211907][T19634] loop0: detected capacity change from 0 to 1764 [ 1050.771270][ T6205] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1051.262832][T19639] loop1: detected capacity change from 0 to 1764 [ 1052.188636][T19650] Invalid ELF header type: 3 != 1 [ 1054.487425][T19666] netlink: 'syz.3.4608': attribute type 4 has an invalid length. [ 1054.651694][T19662] loop1: detected capacity change from 0 to 1024 [ 1054.723480][T19672] netlink: 92 bytes leftover after parsing attributes in process `syz.2.4611'. [ 1054.739190][T19662] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1054.796983][T19662] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c815c01c, mo2=0003] [ 1054.893144][T19662] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1055.010992][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1055.030921][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.116164][T19679] Invalid ELF header type: 3 != 1 [ 1056.261613][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1056.680334][T19693] can0: slcan on ttyS3. [ 1057.070827][T19703] loop2: detected capacity change from 0 to 1764 [ 1057.182833][T19693] can0 (unregistered): slcan off ttyS3. [ 1057.585380][ T6205] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1057.880797][T19693] Falling back ldisc for ttyS3. [ 1058.328421][T19723] can0: slcan on ttyS3. [ 1058.405342][T19723] can0 (unregistered): slcan off ttyS3. [ 1058.411276][T19723] Falling back ldisc for ttyS3. [ 1059.581823][T19747] can0: slcan on ttyS3. [ 1059.625513][T19751] netlink: 'syz.3.4629': attribute type 4 has an invalid length. [ 1059.715504][T19747] can0 (unregistered): slcan off ttyS3. [ 1059.721374][T19747] Falling back ldisc for ttyS3. [ 1060.643286][T19763] Invalid ELF header type: 3 != 1 [ 1061.255350][T19768] Invalid ELF header type: 3 != 1 [ 1065.783016][T19836] netlink: 92 bytes leftover after parsing attributes in process `syz.3.4653'. [ 1067.614166][T19856] netlink: 92 bytes leftover after parsing attributes in process `syz.3.4660'. [ 1068.488600][T19865] can0: slcan on ttyS3. [ 1068.567316][T19867] can0 (unregistered): slcan off ttyS3. [ 1068.573769][T19867] Falling back ldisc for ttyS3. [ 1072.382031][T19902] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1072.459188][T19902] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1074.331018][T19932] can0: slcan on ttyS3. [ 1074.627968][T19932] can0 (unregistered): slcan off ttyS3. [ 1074.647789][T19932] Falling back ldisc for ttyS3. [ 1075.171723][T19945] loop1: detected capacity change from 0 to 512 [ 1075.457123][T19945] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1075.470294][T19945] ext4 filesystem being mounted at /1116/file0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1075.500428][T19945] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #2: comm syz.1.4687: corrupted inode contents [ 1075.524017][T19945] EXT4-fs error (device loop1): ext4_dirty_inode:6120: inode #2: comm syz.1.4687: mark_inode_dirty error [ 1075.565144][T19945] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #2: comm syz.1.4687: corrupted inode contents [ 1075.570715][T19959] loop3: detected capacity change from 0 to 512 [ 1075.582288][T19961] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1075.593101][T19961] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1075.601584][T19945] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #2: comm syz.1.4687: mark_inode_dirty error [ 1075.675215][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1075.692789][T19959] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1075.728370][T19959] ext4 filesystem being mounted at /1224/file0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1075.813605][T19959] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #2: comm syz.3.4691: corrupted inode contents [ 1075.864435][T19959] EXT4-fs error (device loop3): ext4_dirty_inode:6120: inode #2: comm syz.3.4691: mark_inode_dirty error [ 1075.889065][T19959] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #2: comm syz.3.4691: corrupted inode contents [ 1075.907405][T19959] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.4691: mark_inode_dirty error [ 1075.937035][T19971] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1075.946460][T19971] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1075.971961][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1076.082771][T19972] can0: slcan on ttyS3. [ 1076.317583][T19975] can0 (unregistered): slcan off ttyS3. [ 1078.594167][T20010] loop2: detected capacity change from 0 to 512 [ 1078.650943][T20010] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1078.675997][T20010] ext4 filesystem being mounted at /1229/file0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1078.741591][T20010] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #2: comm syz.2.4709: corrupted inode contents [ 1078.771423][T20010] EXT4-fs error (device loop2): ext4_dirty_inode:6120: inode #2: comm syz.2.4709: mark_inode_dirty error [ 1078.789877][T20010] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #2: comm syz.2.4709: corrupted inode contents [ 1078.803575][T20010] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz.2.4709: mark_inode_dirty error [ 1078.821916][T20016] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1078.832688][T20016] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1078.841887][T20016] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1078.851596][T20016] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1078.859664][T20016] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1078.870603][T20016] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1078.877335][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1079.430347][T20029] loop3: detected capacity change from 0 to 512 [ 1079.548083][T20029] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1079.569486][T20029] ext4 filesystem being mounted at /1228/file0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1079.588478][T20014] chnl_net:caif_netlink_parms(): no params data found [ 1079.635517][T20029] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #2: comm syz.3.4713: corrupted inode contents [ 1079.668410][T20029] EXT4-fs error (device loop3): ext4_dirty_inode:6120: inode #2: comm syz.3.4713: mark_inode_dirty error [ 1079.704741][T20029] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #2: comm syz.3.4713: corrupted inode contents [ 1079.717524][T20029] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.4713: mark_inode_dirty error [ 1079.785283][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1080.598498][T20014] bridge0: port 1(bridge_slave_0) entered blocking state [ 1080.609781][T20014] bridge0: port 1(bridge_slave_0) entered disabled state [ 1080.617885][T20014] bridge_slave_0: entered allmulticast mode [ 1080.625820][T20014] bridge_slave_0: entered promiscuous mode [ 1080.636837][T20014] bridge0: port 2(bridge_slave_1) entered blocking state [ 1080.653999][T20014] bridge0: port 2(bridge_slave_1) entered disabled state [ 1080.663176][T20014] bridge_slave_1: entered allmulticast mode [ 1080.706795][T20014] bridge_slave_1: entered promiscuous mode [ 1080.771716][T20014] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1080.857262][T20014] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1080.929262][T20016] Bluetooth: hci4: command tx timeout [ 1080.960212][T20047] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4718'. [ 1081.032694][T20014] team0: Port device team_slave_0 added [ 1081.049693][T20014] team0: Port device team_slave_1 added [ 1081.943644][ T28] audit: type=1326 audit(1763614798.757:2612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20057 comm="syz.2.4722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd82558f749 code=0x7ffc0000 [ 1081.985945][ T28] audit: type=1326 audit(1763614798.757:2613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20057 comm="syz.2.4722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd82558f749 code=0x7ffc0000 [ 1082.086934][T20014] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1082.094531][T20014] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1082.131646][ T28] audit: type=1326 audit(1763614798.757:2614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20057 comm="syz.2.4722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd82558f749 code=0x7ffc0000 [ 1082.188090][T20014] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1082.251329][ T28] audit: type=1326 audit(1763614798.757:2615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20057 comm="syz.2.4722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd82558f749 code=0x7ffc0000 [ 1083.375022][T20016] Bluetooth: hci4: command tx timeout [ 1083.427178][T20014] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1083.458756][ T28] audit: type=1326 audit(1763614798.757:2616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20057 comm="syz.2.4722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd82558f749 code=0x7ffc0000 [ 1083.494810][T20014] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1083.560214][ T28] audit: type=1326 audit(1763614798.757:2617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20057 comm="syz.2.4722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd82558f749 code=0x7ffc0000 [ 1083.579146][T20014] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1083.583575][ T28] audit: type=1326 audit(1763614798.757:2618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20057 comm="syz.2.4722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd82558f749 code=0x7ffc0000 [ 1083.616197][ T28] audit: type=1326 audit(1763614798.757:2619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20057 comm="syz.2.4722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd82558f749 code=0x7ffc0000 [ 1083.650125][ T28] audit: type=1326 audit(1763614798.757:2620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20057 comm="syz.2.4722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd82558f749 code=0x7ffc0000 [ 1083.682101][T20071] tipc: Started in network mode [ 1083.687432][T20071] tipc: Node identity 4, cluster identity 4711 [ 1083.697368][T20071] tipc: Node number set to 4 [ 1083.704012][ T28] audit: type=1326 audit(1763614798.757:2621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20057 comm="syz.2.4722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fd82558f749 code=0x7ffc0000 [ 1083.835954][T20014] hsr_slave_0: entered promiscuous mode [ 1083.856395][T20014] hsr_slave_1: entered promiscuous mode [ 1083.872461][T20014] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1083.896533][T20014] Cannot create hsr debugfs directory [ 1083.904856][T20080] loop3: detected capacity change from 0 to 512 [ 1084.050180][T20080] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1084.073302][T20080] ext4 filesystem being mounted at /1233/file0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1084.110666][ T5919] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1084.126635][ T5919] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1084.771811][T20080] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #2: comm syz.3.4729: corrupted inode contents [ 1084.794195][T20080] EXT4-fs error (device loop3): ext4_dirty_inode:6120: inode #2: comm syz.3.4729: mark_inode_dirty error [ 1084.812181][T20080] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #2: comm syz.3.4729: corrupted inode contents [ 1084.852109][T20080] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.4729: mark_inode_dirty error [ 1084.876039][ T5919] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1084.891336][ T5919] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1084.935927][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1085.148208][ T5919] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1085.183332][ T5919] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1085.222270][T20099] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4733'. [ 1085.380201][T20102] loop3: detected capacity change from 0 to 512 [ 1085.406345][T20016] Bluetooth: hci4: command tx timeout [ 1085.417195][T20102] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1085.431054][T20102] ext4 filesystem being mounted at /1235/file0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1085.648105][T20102] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #2: comm syz.3.4735: corrupted inode contents [ 1085.846375][T20102] EXT4-fs error (device loop3): ext4_dirty_inode:6120: inode #2: comm syz.3.4735: mark_inode_dirty error [ 1086.049707][T20102] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #2: comm syz.3.4735: corrupted inode contents [ 1086.075701][T20102] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.4735: mark_inode_dirty error [ 1086.220495][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1086.261589][ T5919] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1086.303174][ T5919] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1087.493791][T20016] Bluetooth: hci4: command tx timeout [ 1087.857098][ T5919] tipc: Disabling bearer [ 1089.104175][ T5919] tipc: Left network mode [ 1089.296633][T20137] tipc: Cannot configure node identity twice [ 1094.767716][T20014] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1094.791333][T20014] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1094.818563][T20014] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1094.900480][T20014] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1095.352755][T20014] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1096.367923][T20202] Bluetooth: MGMT ver 1.22 [ 1096.477338][T20014] 8021q: adding VLAN 0 to HW filter on device team0 [ 1096.560747][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 1096.567955][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1097.707367][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 1097.707383][ T28] audit: type=1326 audit(1763614814.537:2624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20218 comm="syz.3.4761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb45cd8f749 code=0x7ffc0000 [ 1097.750409][ T28] audit: type=1326 audit(1763614814.537:2625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20218 comm="syz.3.4761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb45cd8f749 code=0x7ffc0000 [ 1097.751600][ T3478] bridge0: port 2(bridge_slave_1) entered blocking state [ 1097.780141][ T3478] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1097.783634][ T28] audit: type=1326 audit(1763614814.567:2626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20220 comm="syz.2.4760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd82558f749 code=0x7ffc0000 [ 1097.815904][ T28] audit: type=1326 audit(1763614814.567:2627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20220 comm="syz.2.4760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd82558f749 code=0x7ffc0000 [ 1097.839869][ T28] audit: type=1326 audit(1763614814.567:2628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20220 comm="syz.2.4760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd82558f749 code=0x7ffc0000 [ 1097.863073][ T28] audit: type=1326 audit(1763614814.567:2629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20220 comm="syz.2.4760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd82558f749 code=0x7ffc0000 [ 1097.894918][ T28] audit: type=1326 audit(1763614814.567:2630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20220 comm="syz.2.4760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd82558f749 code=0x7ffc0000 [ 1097.941283][ T28] audit: type=1326 audit(1763614814.567:2631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20220 comm="syz.2.4760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd82558f749 code=0x7ffc0000 [ 1097.960591][T20014] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1097.975034][T20014] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1097.977683][ T28] audit: type=1326 audit(1763614814.567:2632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20220 comm="syz.2.4760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd82558f749 code=0x7ffc0000 [ 1098.028730][ T28] audit: type=1326 audit(1763614814.567:2633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20220 comm="syz.2.4760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd82558f749 code=0x7ffc0000 [ 1098.333778][ T5919] hsr_slave_0: left promiscuous mode [ 1098.377379][ T5919] hsr_slave_1: left promiscuous mode [ 1098.386450][ T5919] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1098.405658][ T5919] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1098.445075][ T5919] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1098.452552][ T5919] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1098.571916][ T5919] veth1_macvtap: left promiscuous mode [ 1098.589401][ T5919] veth0_macvtap: left promiscuous mode [ 1098.595523][ T5919] veth1_vlan: left promiscuous mode [ 1098.621387][ T5919] veth0_vlan: left promiscuous mode [ 1098.850165][T20241] loop0: detected capacity change from 0 to 512 [ 1098.947000][T20241] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1098.962021][T20241] ext4 filesystem being mounted at /1148/file0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1099.030911][T20241] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #2: comm syz.0.4767: corrupted inode contents [ 1099.046328][T20241] EXT4-fs error (device loop0): ext4_dirty_inode:6120: inode #2: comm syz.0.4767: mark_inode_dirty error [ 1099.060027][T20241] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #2: comm syz.0.4767: corrupted inode contents [ 1099.075883][T20241] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz.0.4767: mark_inode_dirty error [ 1099.931757][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1100.214287][ T5919] bond1 (unregistering): Released all slaves [ 1100.930958][ T5919] team0 (unregistering): Port device team_slave_1 removed [ 1100.979327][ T5919] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1101.031032][ T5919] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1101.479601][ T5919] bond0 (unregistering): Released all slaves [ 1101.867235][T20014] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1102.020538][T20014] veth0_vlan: entered promiscuous mode [ 1102.040164][T20014] veth1_vlan: entered promiscuous mode [ 1102.121361][T20014] veth0_macvtap: entered promiscuous mode [ 1102.140059][T20014] veth1_macvtap: entered promiscuous mode [ 1102.169003][T20014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1102.180214][T20014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1102.190076][T20014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1102.200748][T20014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1102.210978][T20014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1102.221681][T20014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1102.235182][T20014] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1102.248250][T20014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1102.259006][T20014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1102.283187][T20014] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1102.295798][T20014] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1102.314180][T20014] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1102.333333][T20014] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1102.348404][T20014] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1102.565742][T20298] loop2: detected capacity change from 0 to 512 [ 1102.606555][ T5929] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1102.627140][T20298] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1102.629922][ T5929] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1102.659392][T20298] ext4 filesystem being mounted at /1257/file0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1102.695273][T20298] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #2: comm syz.2.4787: corrupted inode contents [ 1102.718494][T20298] EXT4-fs error (device loop2): ext4_dirty_inode:6120: inode #2: comm syz.2.4787: mark_inode_dirty error [ 1102.737113][T20298] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #2: comm syz.2.4787: corrupted inode contents [ 1102.750248][ T5929] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1102.783237][ T5929] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1102.792341][T20303] loop3: detected capacity change from 0 to 128 [ 1102.799487][T20298] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz.2.4787: mark_inode_dirty error [ 1102.828019][T20303] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1102.914279][T20303] ext4 filesystem being mounted at /1257/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1102.930735][T20306] overlayfs: missing 'lowerdir' [ 1102.981197][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1103.342655][ T5787] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1104.005618][ T5103] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1104.018352][ T5103] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1104.026930][ T5103] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1104.235543][ T5103] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1104.256981][ T5103] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1104.268558][ T5103] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1105.033121][T20331] loop1: detected capacity change from 0 to 512 [ 1105.402115][T20331] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1105.702761][T20331] ext4 filesystem being mounted at /3/file0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1105.789401][T20331] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #2: comm syz.1.4796: corrupted inode contents [ 1105.824437][T20331] EXT4-fs error (device loop1): ext4_dirty_inode:6120: inode #2: comm syz.1.4796: mark_inode_dirty error [ 1105.838019][T20331] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #2: comm syz.1.4796: corrupted inode contents [ 1105.850696][T20331] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #2: comm syz.1.4796: mark_inode_dirty error [ 1105.925592][T20014] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1106.039477][T20323] chnl_net:caif_netlink_parms(): no params data found [ 1106.231114][ T28] kauditd_printk_skb: 25 callbacks suppressed [ 1106.231128][ T28] audit: type=1326 audit(1763614823.067:2659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20354 comm="syz.3.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb45cd8f749 code=0x7ffc0000 [ 1106.238392][T20355] loop3: detected capacity change from 0 to 128 [ 1106.262589][T20323] bridge0: port 1(bridge_slave_0) entered blocking state [ 1106.274866][T20323] bridge0: port 1(bridge_slave_0) entered disabled state [ 1106.282070][T20323] bridge_slave_0: entered allmulticast mode [ 1106.290440][T20323] bridge_slave_0: entered promiscuous mode [ 1106.297263][ T28] audit: type=1326 audit(1763614823.067:2660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20354 comm="syz.3.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb45cd8f749 code=0x7ffc0000 [ 1106.322976][ T28] audit: type=1326 audit(1763614823.077:2661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20354 comm="syz.3.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb45cd8f749 code=0x7ffc0000 [ 1106.358966][ T28] audit: type=1326 audit(1763614823.077:2662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20354 comm="syz.3.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb45cd8f749 code=0x7ffc0000 [ 1106.395210][T20355] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1106.400639][ T28] audit: type=1326 audit(1763614823.077:2663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20354 comm="syz.3.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb45cd8f749 code=0x7ffc0000 [ 1106.427974][T20355] ext4 filesystem being mounted at /1262/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1106.430613][ T28] audit: type=1326 audit(1763614823.077:2664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20354 comm="syz.3.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fb45cd8f749 code=0x7ffc0000 [ 1106.463667][T20016] Bluetooth: hci2: command tx timeout [ 1106.470548][T20323] bridge0: port 2(bridge_slave_1) entered blocking state [ 1106.472172][ T28] audit: type=1326 audit(1763614823.077:2665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20354 comm="syz.3.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb45cd8f783 code=0x7ffc0000 [ 1106.500604][ T28] audit: type=1326 audit(1763614823.077:2666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20354 comm="syz.3.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fb45cd8e1ff code=0x7ffc0000 [ 1106.509890][T20323] bridge0: port 2(bridge_slave_1) entered disabled state [ 1106.523102][ T28] audit: type=1326 audit(1763614823.077:2667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20354 comm="syz.3.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fb45cd8f7d7 code=0x7ffc0000 [ 1106.523144][ T28] audit: type=1326 audit(1763614823.077:2668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20354 comm="syz.3.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb45cd8df90 code=0x7ffc0000 [ 1106.594732][T20323] bridge_slave_1: entered allmulticast mode [ 1106.602084][T20323] bridge_slave_1: entered promiscuous mode [ 1107.014215][ T5787] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1107.759410][T20323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1107.800804][T20323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1107.921340][T20323] team0: Port device team_slave_0 added [ 1107.956235][T20323] team0: Port device team_slave_1 added [ 1108.130451][ T42] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1108.152834][ T42] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1108.183045][T20323] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1108.191249][T20323] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1108.257522][T20323] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1108.317369][ T42] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1108.332391][ T42] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1108.354370][T20323] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1108.361615][T20323] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1108.389319][T20323] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1108.517472][ T42] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1108.523771][T20016] Bluetooth: hci2: command tx timeout [ 1108.544138][ T42] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1108.631469][T20323] hsr_slave_0: entered promiscuous mode [ 1108.641012][T20323] hsr_slave_1: entered promiscuous mode [ 1108.648666][T20323] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1108.951756][T20323] Cannot create hsr debugfs directory [ 1109.050106][ T42] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1109.080745][ T42] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1110.605669][T20016] Bluetooth: hci2: command tx timeout [ 1110.907762][ T5889] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 1111.124066][ T5889] usb 4-1: Using ep0 maxpacket: 16 [ 1111.208114][ T42] tipc: Disabling bearer [ 1111.241979][ T5889] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1111.310626][ T42] tipc: Left network mode [ 1111.417100][ T5889] usb 4-1: config 0 has no interfaces? [ 1111.651696][ T5889] usb 4-1: New USB device found, idVendor=056e, idProduct=b338, bcdDevice=7f.56 [ 1111.662797][ T5889] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1111.733908][ T5889] usb 4-1: Product: syz [ 1111.738132][ T5889] usb 4-1: Manufacturer: syz [ 1111.765429][ T5889] usb 4-1: SerialNumber: syz [ 1111.791420][ T5889] usb 4-1: config 0 descriptor?? [ 1112.226920][T20435] loop1: detected capacity change from 0 to 1024 [ 1112.244643][T20435] hfsplus: unable to parse mount options [ 1112.866295][T20016] Bluetooth: hci2: command tx timeout [ 1112.884023][ T5853] usb 4-1: USB disconnect, device number 14 [ 1113.234911][T20441] loop1: detected capacity change from 0 to 1024 [ 1113.249162][T20441] hfsplus: unable to parse mount options [ 1113.757831][ T5800] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1115.891933][T20449] loop0: detected capacity change from 0 to 1024 [ 1115.910828][T20449] hfsplus: unable to parse mount options [ 1116.370258][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.407566][ T6205] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1116.426882][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.561285][T20323] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1116.582692][T20323] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1116.625060][T20323] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1116.680492][T20323] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1119.314157][T20478] loop1: detected capacity change from 0 to 1024 [ 1119.328837][T20478] hfsplus: unable to parse mount options [ 1119.613136][ T6205] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1120.002455][T20491] loop3: detected capacity change from 0 to 1024 [ 1120.017545][T20491] hfsplus: unable to parse mount options [ 1120.559599][T20323] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1120.596407][ T6206] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1120.670396][T20323] 8021q: adding VLAN 0 to HW filter on device team0 [ 1121.797475][T20502] loop3: detected capacity change from 0 to 1024 [ 1121.809745][T20502] hfsplus: unable to parse mount options [ 1122.269015][ T5919] bridge0: port 1(bridge_slave_0) entered blocking state [ 1122.276255][ T5919] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1122.340902][ T5919] bridge0: port 2(bridge_slave_1) entered blocking state [ 1122.348126][ T5919] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1122.713143][T20511] loop1: detected capacity change from 0 to 1024 [ 1122.725326][T20511] hfsplus: unable to parse mount options [ 1123.278398][ T6206] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1123.663241][ T42] hsr_slave_0: left promiscuous mode [ 1123.678914][ T42] hsr_slave_1: left promiscuous mode [ 1123.687946][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1123.700589][ T42] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1123.825906][ T42] veth1_macvtap: left promiscuous mode [ 1123.831511][ T42] veth0_macvtap: left promiscuous mode [ 1123.844540][ T42] veth1_vlan: left promiscuous mode [ 1123.849909][ T42] veth0_vlan: left promiscuous mode [ 1127.004856][T20551] loop1: detected capacity change from 0 to 1024 [ 1127.016797][T20551] hfsplus: unable to parse mount options [ 1127.580315][ T6205] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1127.960360][ T42] bond5 (unregistering): Released all slaves [ 1127.983112][ T42] bond4 (unregistering): Released all slaves [ 1128.271785][ T42] bond3 (unregistering): Released all slaves [ 1128.349857][ T42] bond2 (unregistering): (slave bridge1): Releasing backup interface [ 1128.608497][ T42] bond2 (unregistering): Released all slaves [ 1128.995093][ T42] bond1 (unregistering): (slave bridge0): Releasing backup interface [ 1129.276448][ T42] bond1 (unregistering): Released all slaves [ 1130.068508][ T28] kauditd_printk_skb: 11 callbacks suppressed [ 1130.068522][ T28] audit: type=1326 audit(1763614846.897:2680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20573 comm="syz.0.4850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093438f749 code=0x7ffc0000 [ 1130.103264][ T28] audit: type=1326 audit(1763614846.897:2681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20573 comm="syz.0.4850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093438f749 code=0x7ffc0000 [ 1130.172448][ T28] audit: type=1326 audit(1763614846.897:2682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20573 comm="syz.0.4850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f093438f749 code=0x7ffc0000 [ 1130.195986][ T28] audit: type=1326 audit(1763614846.907:2683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20573 comm="syz.0.4850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093438f749 code=0x7ffc0000 [ 1130.218898][ T28] audit: type=1326 audit(1763614846.907:2684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20573 comm="syz.0.4850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f093438f749 code=0x7ffc0000 [ 1130.245361][ T28] audit: type=1326 audit(1763614846.907:2685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20573 comm="syz.0.4850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093438f749 code=0x7ffc0000 [ 1130.282535][ T28] audit: type=1326 audit(1763614846.907:2686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20573 comm="syz.0.4850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093438f749 code=0x7ffc0000 [ 1130.310282][ T28] audit: type=1326 audit(1763614846.907:2687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20573 comm="syz.0.4850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f093438f749 code=0x7ffc0000 [ 1130.333702][ T28] audit: type=1326 audit(1763614846.907:2688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20573 comm="syz.0.4850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093438f749 code=0x7ffc0000 [ 1130.356507][ T28] audit: type=1326 audit(1763614846.907:2689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20573 comm="syz.0.4850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093438f749 code=0x7ffc0000 [ 1131.516157][ T42] team0 (unregistering): Port device team_slave_1 removed [ 1131.638973][ T42] team0 (unregistering): Port device team_slave_0 removed [ 1131.719738][ T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1131.797485][ T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1132.396933][ T42] bond0 (unregistering): Released all slaves [ 1132.668147][T20323] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1132.779255][T20323] veth0_vlan: entered promiscuous mode [ 1133.074000][T20323] veth1_vlan: entered promiscuous mode [ 1133.969777][T20323] veth0_macvtap: entered promiscuous mode [ 1134.027774][T20323] veth1_macvtap: entered promiscuous mode [ 1134.062635][T20608] loop1: detected capacity change from 0 to 128 [ 1134.099202][T20323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1134.117236][T20323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1134.128951][T20608] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1134.141077][T20323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1134.152986][T20323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1134.161724][T20608] ext4 filesystem being mounted at /35/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1134.162925][T20323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1134.183834][T20323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1134.195366][T20323] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1134.210712][T20323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1134.222610][T20323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1134.233175][T20323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1134.244377][T20323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1134.256967][T20323] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1134.272714][T20014] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1134.281521][T20323] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1134.297282][T20323] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1134.316097][T20323] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1134.325639][T20323] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1134.500236][T18378] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1134.508751][T18378] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1134.555966][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1134.569016][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1136.280601][T20632] tipc: Started in network mode [ 1136.290957][T20632] tipc: Node identity 4, cluster identity 4711 [ 1136.303623][T20632] tipc: Node number set to 4 [ 1136.525054][ T28] kauditd_printk_skb: 22 callbacks suppressed [ 1136.525068][ T28] audit: type=1326 audit(1763614853.367:2712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20633 comm="syz.0.4867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093438f749 code=0x7ffc0000 [ 1137.698560][ T28] audit: type=1326 audit(1763614854.537:2713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20633 comm="syz.0.4867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f093438f749 code=0x7ffc0000 [ 1137.773695][ T28] audit: type=1326 audit(1763614854.537:2714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20633 comm="syz.0.4867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093438f749 code=0x7ffc0000 [ 1137.844594][ T28] audit: type=1326 audit(1763614854.537:2715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20633 comm="syz.0.4867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093438f749 code=0x7ffc0000 [ 1137.913977][ T28] audit: type=1326 audit(1763614854.537:2716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20633 comm="syz.0.4867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f093438f749 code=0x7ffc0000 [ 1137.960162][ T5103] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1137.970807][ T5103] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1137.982152][ T5103] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1137.991108][ T5103] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1138.006173][ T28] audit: type=1326 audit(1763614854.537:2717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20633 comm="syz.0.4867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093438f749 code=0x7ffc0000 [ 1138.018394][ T5103] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1138.036939][ T5103] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1138.084465][ T28] audit: type=1326 audit(1763614854.537:2718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20633 comm="syz.0.4867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f093438f749 code=0x7ffc0000 [ 1138.108549][ T28] audit: type=1326 audit(1763614854.537:2719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20633 comm="syz.0.4867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093438f749 code=0x7ffc0000 [ 1138.132216][ T28] audit: type=1326 audit(1763614854.537:2720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20633 comm="syz.0.4867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f093438f749 code=0x7ffc0000 [ 1138.154770][ T28] audit: type=1326 audit(1763614854.757:2721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20633 comm="syz.0.4867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093438f749 code=0x7ffc0000 [ 1140.597100][T20661] loop1: detected capacity change from 0 to 1024 [ 1140.607211][T20661] hfsplus: unable to parse mount options [ 1140.810192][T20663] loop2: detected capacity change from 0 to 1024 [ 1140.822496][T20663] hfsplus: unable to parse mount options [ 1140.960293][ T5103] Bluetooth: hci3: command tx timeout [ 1142.768867][ T5854] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 1143.003833][T20016] Bluetooth: hci3: command tx timeout [ 1143.728229][T20652] chnl_net:caif_netlink_parms(): no params data found [ 1144.164006][T20699] loop2: detected capacity change from 0 to 1024 [ 1144.176380][T20699] hfsplus: unable to parse mount options [ 1144.787445][ T28] kauditd_printk_skb: 1 callbacks suppressed [ 1144.787460][ T28] audit: type=1326 audit(1763614861.627:2723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20701 comm="syz.1.4884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1144.834521][ T28] audit: type=1326 audit(1763614861.627:2724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20701 comm="syz.1.4884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1144.858767][ T28] audit: type=1326 audit(1763614861.707:2725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20701 comm="syz.1.4884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1144.887426][ T28] audit: type=1326 audit(1763614861.707:2726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20701 comm="syz.1.4884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1144.910294][ T28] audit: type=1326 audit(1763614861.707:2727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20701 comm="syz.1.4884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1144.943121][ T28] audit: type=1326 audit(1763614861.707:2728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20701 comm="syz.1.4884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=82 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1145.010293][ T144] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1145.026911][ T144] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1145.073934][T20703] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4884'. [ 1145.084116][T20016] Bluetooth: hci3: command tx timeout [ 1145.131387][ T28] audit: type=1326 audit(1763614861.707:2729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20701 comm="syz.1.4884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1145.147819][T20702] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4884'. [ 1145.163055][ T28] audit: type=1326 audit(1763614861.707:2730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20701 comm="syz.1.4884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1145.213119][ T28] audit: type=1326 audit(1763614861.727:2731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20701 comm="syz.1.4884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1145.237172][ T28] audit: type=1326 audit(1763614862.037:2732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20701 comm="syz.1.4884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1146.368944][T20714] loop1: detected capacity change from 0 to 1024 [ 1146.462950][T20714] hfsplus: unable to parse mount options [ 1147.163762][T20016] Bluetooth: hci3: command tx timeout [ 1147.223158][ T144] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1147.235154][ T144] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1147.270157][T20652] bridge0: port 1(bridge_slave_0) entered blocking state [ 1147.280831][T20652] bridge0: port 1(bridge_slave_0) entered disabled state [ 1147.294940][T20652] bridge_slave_0: entered allmulticast mode [ 1147.305378][T20652] bridge_slave_0: entered promiscuous mode [ 1147.357281][ T144] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1147.369313][ T144] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1147.402392][T20652] bridge0: port 2(bridge_slave_1) entered blocking state [ 1147.429902][T20652] bridge0: port 2(bridge_slave_1) entered disabled state [ 1147.442648][T20652] bridge_slave_1: entered allmulticast mode [ 1147.450561][T20652] bridge_slave_1: entered promiscuous mode [ 1147.475774][T20718] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4887'. [ 1147.485420][T20718] bridge_slave_1: left allmulticast mode [ 1147.491184][T20718] bridge_slave_1: left promiscuous mode [ 1147.497753][T20718] bridge0: port 2(bridge_slave_1) entered disabled state [ 1147.515332][T20718] bridge_slave_0: left allmulticast mode [ 1147.521168][T20718] bridge_slave_0: left promiscuous mode [ 1147.531377][T20718] bridge0: port 1(bridge_slave_0) entered disabled state [ 1147.633279][ T144] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1147.645750][ T144] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1147.695429][T20652] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1147.737558][T20652] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1147.825004][T20652] team0: Port device team_slave_0 added [ 1147.841618][T20652] team0: Port device team_slave_1 added [ 1147.898944][T20652] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1147.906543][T20652] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1147.932838][T20652] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1147.967944][T20652] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1147.976686][T20652] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1148.005181][T20652] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1148.149829][T20652] hsr_slave_0: entered promiscuous mode [ 1148.160734][T20652] hsr_slave_1: entered promiscuous mode [ 1148.178546][T20652] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1148.188656][T20652] Cannot create hsr debugfs directory [ 1149.026091][ T144] tipc: Left network mode [ 1150.316944][ T28] kauditd_printk_skb: 1 callbacks suppressed [ 1150.316959][ T28] audit: type=1326 audit(1763614867.157:2734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20763 comm="syz.1.4899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1150.382798][ T28] audit: type=1326 audit(1763614867.157:2735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20763 comm="syz.1.4899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1150.412195][ T28] audit: type=1326 audit(1763614867.157:2736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20763 comm="syz.1.4899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1150.442948][ T28] audit: type=1326 audit(1763614867.157:2737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20763 comm="syz.1.4899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1150.477653][ T28] audit: type=1326 audit(1763614867.157:2738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20763 comm="syz.1.4899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1150.501945][ T28] audit: type=1326 audit(1763614867.157:2739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20763 comm="syz.1.4899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1150.776436][T20774] loop2: detected capacity change from 0 to 1024 [ 1150.796702][T20774] hfsplus: unable to parse mount options [ 1151.150486][ T28] audit: type=1326 audit(1763614867.157:2740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20763 comm="syz.1.4899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1151.302232][ T28] audit: type=1326 audit(1763614867.157:2741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20763 comm="syz.1.4899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1151.325685][ T28] audit: type=1326 audit(1763614867.157:2742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20763 comm="syz.1.4899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1151.438666][ T28] audit: type=1326 audit(1763614867.157:2743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20763 comm="syz.1.4899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1153.746055][T20652] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1153.774559][T20652] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1153.806108][T20652] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1153.979824][T20652] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1156.149009][ T28] kauditd_printk_skb: 18 callbacks suppressed [ 1156.149024][ T28] audit: type=1326 audit(1763614872.987:2762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20837 comm="syz.2.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1156.191855][T20839] loop2: detected capacity change from 0 to 128 [ 1156.235878][T20652] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1156.252668][T20839] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1156.259378][ T28] audit: type=1326 audit(1763614872.987:2763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20837 comm="syz.2.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1156.304351][T20839] ext4 filesystem being mounted at /25/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1156.333705][T20652] 8021q: adding VLAN 0 to HW filter on device team0 [ 1156.386989][ T5919] bridge0: port 1(bridge_slave_0) entered blocking state [ 1156.394249][ T5919] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1156.441292][ T3494] bridge0: port 2(bridge_slave_1) entered blocking state [ 1156.443907][ T28] audit: type=1326 audit(1763614872.987:2764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20837 comm="syz.2.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1156.448487][ T3494] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1156.502578][ T28] audit: type=1326 audit(1763614872.987:2765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20837 comm="syz.2.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1156.552591][T20323] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1156.579627][ T28] audit: type=1326 audit(1763614872.987:2766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20837 comm="syz.2.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1156.628555][ T28] audit: type=1326 audit(1763614873.027:2767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20837 comm="syz.2.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1156.673678][ T28] audit: type=1326 audit(1763614873.027:2768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20837 comm="syz.2.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7efec818f783 code=0x7ffc0000 [ 1156.699124][ T28] audit: type=1326 audit(1763614873.027:2769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20837 comm="syz.2.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7efec818e1ff code=0x7ffc0000 [ 1156.917674][T20855] loop1: detected capacity change from 0 to 1024 [ 1156.930788][T20855] hfsplus: unable to parse mount options [ 1156.968749][ T28] audit: type=1326 audit(1763614873.027:2770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20837 comm="syz.2.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7efec818f7d7 code=0x7ffc0000 [ 1157.395732][ T28] audit: type=1326 audit(1763614873.027:2771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20837 comm="syz.2.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efec818df90 code=0x7ffc0000 [ 1157.511680][ T144] hsr_slave_0: left promiscuous mode [ 1157.540762][ T144] hsr_slave_1: left promiscuous mode [ 1157.595873][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1157.603338][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1157.642425][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1157.681527][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1157.725058][ T144] veth1_macvtap: left promiscuous mode [ 1157.730679][ T144] veth0_macvtap: left promiscuous mode [ 1157.744110][ T144] veth1_vlan: left promiscuous mode [ 1157.754562][ T144] veth0_vlan: left promiscuous mode [ 1158.191517][ T144] bond4 (unregistering): Released all slaves [ 1158.251948][ T144] bond3 (unregistering): Released all slaves [ 1159.454041][ T144] bond2 (unregistering): (slave bridge1): Releasing active interface [ 1159.515687][ T144] bond2 (unregistering): Released all slaves [ 1159.653884][ T144] bond1 (unregistering): Released all slaves [ 1160.255689][ T5889] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 1160.453781][ T5889] usb 2-1: Using ep0 maxpacket: 16 [ 1160.460941][ T5889] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1160.487348][ T5889] usb 2-1: config 0 has no interfaces? [ 1160.495688][ T5889] usb 2-1: New USB device found, idVendor=056e, idProduct=b338, bcdDevice=7f.56 [ 1160.511339][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1160.519804][ T5889] usb 2-1: Product: syz [ 1160.524921][ T5889] usb 2-1: Manufacturer: syz [ 1160.530020][ T5889] usb 2-1: SerialNumber: syz [ 1160.549444][ T5889] usb 2-1: config 0 descriptor?? [ 1160.578455][ T144] team0 (unregistering): Port device team_slave_1 removed [ 1160.671376][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1160.788529][ T5889] usb 2-1: USB disconnect, device number 12 [ 1161.959829][ T144] bond0 (unregistering): Released all slaves [ 1161.977905][ T28] kauditd_printk_skb: 55 callbacks suppressed [ 1161.977918][ T28] audit: type=1326 audit(1763614878.817:2827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20928 comm="syz.2.4946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1162.010085][ T28] audit: type=1326 audit(1763614878.827:2828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20928 comm="syz.2.4946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1162.034481][ T28] audit: type=1326 audit(1763614878.827:2829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20928 comm="syz.2.4946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1162.061803][ T28] audit: type=1326 audit(1763614878.827:2830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20928 comm="syz.2.4946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1162.084998][ T28] audit: type=1326 audit(1763614878.827:2831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20928 comm="syz.2.4946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1162.113517][T20652] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1162.116305][ T28] audit: type=1326 audit(1763614878.827:2832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20928 comm="syz.2.4946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1162.210000][ T28] audit: type=1326 audit(1763614878.827:2833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20928 comm="syz.2.4946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1162.234493][ T28] audit: type=1326 audit(1763614878.827:2834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20928 comm="syz.2.4946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1162.301836][ T28] audit: type=1326 audit(1763614878.827:2835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20928 comm="syz.2.4946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1162.353799][ T28] audit: type=1326 audit(1763614878.827:2836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20928 comm="syz.2.4946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1162.811030][T20652] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1163.025147][T20652] veth0_vlan: entered promiscuous mode [ 1163.039019][T20652] veth1_vlan: entered promiscuous mode [ 1163.118558][T20652] veth0_macvtap: entered promiscuous mode [ 1163.165884][T20652] veth1_macvtap: entered promiscuous mode [ 1163.188486][T20652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1163.199918][T20652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1163.210309][T20652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1163.221180][T20652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1163.232403][T20652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1163.248637][T20652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1164.272500][T20652] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1164.516521][T20652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1164.537459][T20652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1164.549824][T20652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1164.561019][T20652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1164.572864][T20652] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1164.623060][T20652] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1164.640162][T20652] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1164.650532][T20652] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1164.663234][T20652] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1164.837098][ T3494] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1164.860879][ T3494] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1164.942778][ T3494] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1164.971291][ T3494] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1166.721498][T20991] loop3: detected capacity change from 0 to 16 [ 1168.668965][T20991] erofs: (device loop3): mounted with root inode @ nid 36. [ 1169.172864][T21010] loop1: detected capacity change from 0 to 1024 [ 1169.180594][T21010] hfsplus: unable to parse mount options [ 1169.431644][T20991] syz.3.4964: attempt to access beyond end of device [ 1169.431644][T20991] loop3: rw=0, sector=8, nr_sectors = 32 limit=16 [ 1170.626506][ T5103] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1170.638728][ T5103] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1170.651880][ T5103] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1170.667090][ T5103] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1170.686012][ T5103] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1170.695557][ T5103] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1171.409464][T21024] chnl_net:caif_netlink_parms(): no params data found [ 1171.688006][T21024] bridge0: port 1(bridge_slave_0) entered blocking state [ 1171.706745][T21024] bridge0: port 1(bridge_slave_0) entered disabled state [ 1171.728223][T21024] bridge_slave_0: entered allmulticast mode [ 1171.739760][T21024] bridge_slave_0: entered promiscuous mode [ 1171.776490][T21024] bridge0: port 2(bridge_slave_1) entered blocking state [ 1171.785063][T21024] bridge0: port 2(bridge_slave_1) entered disabled state [ 1171.793135][T21024] bridge_slave_1: entered allmulticast mode [ 1171.803150][T21024] bridge_slave_1: entered promiscuous mode [ 1171.992636][T21024] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1172.017795][T21024] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1172.205930][T21024] team0: Port device team_slave_0 added [ 1172.256995][T21024] team0: Port device team_slave_1 added [ 1172.410659][T21024] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1172.433579][T21024] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1172.509920][T21024] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1172.599996][T21024] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1172.617515][T21024] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1172.676383][T21024] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1172.883733][ T5103] Bluetooth: hci0: command tx timeout [ 1173.038629][T21024] hsr_slave_0: entered promiscuous mode [ 1173.056482][T21024] hsr_slave_1: entered promiscuous mode [ 1173.189053][ T28] kauditd_printk_skb: 46 callbacks suppressed [ 1173.189066][ T28] audit: type=1326 audit(1763614890.027:2883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21084 comm="syz.2.4996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1173.229890][T21085] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4996'. [ 1173.233908][ T28] audit: type=1326 audit(1763614890.027:2884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21084 comm="syz.2.4996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1173.263651][ T28] audit: type=1326 audit(1763614890.027:2885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21084 comm="syz.2.4996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1173.286476][ T28] audit: type=1326 audit(1763614890.027:2886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21084 comm="syz.2.4996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1173.309256][ T28] audit: type=1326 audit(1763614890.027:2887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21084 comm="syz.2.4996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1173.332382][ T28] audit: type=1326 audit(1763614890.027:2888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21084 comm="syz.2.4996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1173.355976][ T28] audit: type=1326 audit(1763614890.027:2889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21084 comm="syz.2.4996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1173.379129][ T28] audit: type=1326 audit(1763614890.027:2890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21084 comm="syz.2.4996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1173.401739][ T28] audit: type=1326 audit(1763614890.027:2891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21084 comm="syz.2.4996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1173.429280][ T28] audit: type=1326 audit(1763614890.027:2892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21084 comm="syz.2.4996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7efec818f749 code=0x7ffc0000 [ 1173.463816][T21085] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4996'. [ 1174.670191][T21024] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1174.763963][T21024] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1174.933836][ T5103] Bluetooth: hci0: command tx timeout [ 1175.122240][T21024] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1175.159932][T21024] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1176.221815][T21024] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1176.241212][T21024] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1176.290024][T21108] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5004'. [ 1176.341295][T21111] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5004'. [ 1177.604142][ T5103] Bluetooth: hci0: command tx timeout [ 1177.750605][T21024] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1177.769557][T21024] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1177.826474][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.832854][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 1178.009304][ T5919] tipc: Left network mode [ 1178.201109][T21024] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1178.218414][T21024] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1178.229829][T21024] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1178.389287][T21024] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1179.320196][T21150] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5014'. [ 1179.347329][T21150] bridge_slave_1: left allmulticast mode [ 1179.353094][T21150] bridge_slave_1: left promiscuous mode [ 1179.361240][T21150] bridge0: port 2(bridge_slave_1) entered disabled state [ 1179.390026][T21150] bridge_slave_0: left allmulticast mode [ 1179.396163][T21150] bridge_slave_0: left promiscuous mode [ 1179.402158][T21150] bridge0: port 1(bridge_slave_0) entered disabled state [ 1179.643833][ T5103] Bluetooth: hci0: command tx timeout [ 1180.333744][T21024] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1180.361842][T21024] 8021q: adding VLAN 0 to HW filter on device team0 [ 1180.470935][ T3494] bridge0: port 1(bridge_slave_0) entered blocking state [ 1180.478175][ T3494] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1180.522608][ T3494] bridge0: port 2(bridge_slave_1) entered blocking state [ 1180.529825][ T3494] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1180.818636][T21024] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1180.860151][T21024] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1182.757839][T17079] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 1182.902670][T21024] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1182.973801][T17079] usb 4-1: Using ep0 maxpacket: 16 [ 1182.994249][T17079] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1183.012789][T17079] usb 4-1: config 0 has no interfaces? [ 1183.023917][T17079] usb 4-1: New USB device found, idVendor=056e, idProduct=b338, bcdDevice=7f.56 [ 1183.048737][T17079] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1183.075823][T17079] usb 4-1: Product: syz [ 1183.083819][T17079] usb 4-1: Manufacturer: syz [ 1183.119021][T17079] usb 4-1: SerialNumber: syz [ 1183.141669][T17079] usb 4-1: config 0 descriptor?? [ 1183.231331][ T5919] hsr_slave_0: left promiscuous mode [ 1183.236272][T21189] 9pnet: Could not find request transport: fd0x0000000000000003 [ 1183.255442][ T5919] hsr_slave_1: left promiscuous mode [ 1183.262089][ T5919] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1183.273680][ T5919] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1183.284236][ T5919] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 1183.291480][ T5919] batman_adv: batadv0: Removing interface: virt_wifi0 [ 1183.314756][ T5919] veth1_macvtap: left promiscuous mode [ 1183.323876][ T5919] veth0_macvtap: left promiscuous mode [ 1183.331698][ T5919] veth1_vlan: left promiscuous mode [ 1183.338775][ T5919] veth0_vlan: left promiscuous mode [ 1183.444905][T17079] usb 4-1: USB disconnect, device number 15 [ 1187.540486][ T5919] bond3 (unregistering): Released all slaves [ 1187.567526][ T5919] bond2 (unregistering): Released all slaves [ 1188.519675][ T5919] bond1 (unregistering): (slave bridge0): Releasing backup interface [ 1188.673263][ T5919] bond1 (unregistering): Released all slaves [ 1189.670426][T21228] loop1: detected capacity change from 0 to 16 [ 1189.883783][T21230] loop3: detected capacity change from 0 to 1024 [ 1189.914848][T21230] hfsplus: unable to parse mount options [ 1190.240355][ T5919] team0 (unregistering): Port device team_slave_1 removed [ 1190.421874][ T5919] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1191.073801][T21228] erofs: (device loop1): mounted with root inode @ nid 36. [ 1192.108095][ T5919] bond0 (unregistering): Released all slaves [ 1192.534632][T21024] veth0_vlan: entered promiscuous mode [ 1192.603432][T21024] veth1_vlan: entered promiscuous mode [ 1193.156574][T21024] veth0_macvtap: entered promiscuous mode [ 1193.208181][T21024] veth1_macvtap: entered promiscuous mode [ 1193.290167][T21024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1193.363595][T21024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1193.373460][T21024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1193.443699][T21024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1193.473652][T21024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1193.503580][T21024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1193.545270][T21024] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1193.587418][T21024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1193.623651][T21024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1193.633509][T21024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1193.683586][T21024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1193.693451][T21024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1193.730917][T21024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1193.765326][T21024] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1193.807669][T21024] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1193.827611][T21024] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1193.854356][T21024] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1193.863094][T21024] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1195.080857][ T3478] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1195.113300][ T3478] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1195.381580][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1196.732382][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1197.144514][ T28] kauditd_printk_skb: 22 callbacks suppressed [ 1197.144528][ T28] audit: type=1326 audit(1763614913.987:2915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21260 comm="syz.0.4974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f078b98f749 code=0x7ffc0000 [ 1197.224617][ T28] audit: type=1326 audit(1763614914.017:2916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21260 comm="syz.0.4974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f078b98f749 code=0x7ffc0000 [ 1197.267467][ T28] audit: type=1326 audit(1763614914.067:2917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21260 comm="syz.0.4974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f078b98f749 code=0x7ffc0000 [ 1198.065554][ T28] audit: type=1326 audit(1763614914.067:2918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21260 comm="syz.0.4974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f078b98f749 code=0x7ffc0000 [ 1198.198947][ T28] audit: type=1326 audit(1763614914.067:2919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21260 comm="syz.0.4974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f078b98f749 code=0x7ffc0000 [ 1198.241941][ T28] audit: type=1326 audit(1763614914.067:2920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21260 comm="syz.0.4974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f078b98f749 code=0x7ffc0000 [ 1198.309379][ T28] audit: type=1326 audit(1763614914.067:2921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21260 comm="syz.0.4974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f078b98f749 code=0x7ffc0000 [ 1198.353393][ T28] audit: type=1326 audit(1763614914.067:2922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21260 comm="syz.0.4974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f078b98f749 code=0x7ffc0000 [ 1198.454384][ T28] audit: type=1326 audit(1763614914.067:2923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21260 comm="syz.0.4974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f078b98f749 code=0x7ffc0000 [ 1198.476998][ T28] audit: type=1326 audit(1763614914.067:2924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21260 comm="syz.0.4974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f078b98f749 code=0x7ffc0000 [ 1198.518556][T21267] loop2: detected capacity change from 0 to 1024 [ 1199.489918][T21267] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1199.632556][T21267] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4031: comm syz.2.5046: Allocating blocks 385-513 which overlap fs metadata [ 1199.680566][T21280] EXT4-fs (loop2): pa ffff888076e7ee80: logic 16, phys. 129, len 24 [ 1199.689154][T21280] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5372: group 0, free 0, pa_free 8 [ 1199.849178][ T144] Trying to write to read-only block-device loop2 [ 1199.866226][T20323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1202.141877][T21294] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5052'. [ 1202.178091][ T28] kauditd_printk_skb: 13 callbacks suppressed [ 1202.178105][ T28] audit: type=1326 audit(1763614919.017:2938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21290 comm="syz.1.5052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1202.355823][ T28] audit: type=1326 audit(1763614919.057:2939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21290 comm="syz.1.5052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1202.411326][ T28] audit: type=1326 audit(1763614919.057:2940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21290 comm="syz.1.5052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1202.453691][ T28] audit: type=1326 audit(1763614919.057:2941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21290 comm="syz.1.5052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7258f749 code=0x7ffc0000 [ 1205.567677][ T5103] Bluetooth: hci4: command 0x0406 tx timeout [ 1205.703630][ T5853] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 1205.993646][ T5853] usb 2-1: Using ep0 maxpacket: 16 [ 1206.153397][ T5853] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1206.290535][ T5853] usb 2-1: config 0 has no interfaces? [ 1206.398989][ T5853] usb 2-1: New USB device found, idVendor=056e, idProduct=b338, bcdDevice=7f.56 [ 1206.437938][ T5853] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1206.457906][ T9] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 1206.484654][ T5853] usb 2-1: Product: syz [ 1206.488874][ T5853] usb 2-1: Manufacturer: syz [ 1206.493483][ T5853] usb 2-1: SerialNumber: syz [ 1206.540501][ T5853] usb 2-1: config 0 descriptor?? [ 1206.634512][T17079] usb 2-1: USB disconnect, device number 13 [ 1206.708609][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 1206.728727][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1207.870433][ T9] usb 3-1: config 0 has no interfaces? [ 1207.887361][ T9] usb 3-1: New USB device found, idVendor=056e, idProduct=b338, bcdDevice=7f.56 [ 1207.912130][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1207.923977][ T9] usb 3-1: Product: syz [ 1207.928480][ T9] usb 3-1: Manufacturer: syz [ 1207.938642][ T9] usb 3-1: SerialNumber: syz [ 1208.041456][ T5854] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 1208.078091][ T9] usb 3-1: config 0 descriptor?? [ 1208.181445][T21347] loop1: detected capacity change from 0 to 16 [ 1208.306751][T21347] erofs: (device loop1): mounted with root inode @ nid 36. [ 1208.345891][ T5889] usb 3-1: USB disconnect, device number 10 [ 1208.352300][T21347] syz.1.5064: attempt to access beyond end of device [ 1208.352300][T21347] loop1: rw=0, sector=8, nr_sectors = 32 limit=16 [ 1208.750109][ T5854] usb 4-1: Using ep0 maxpacket: 16 [ 1208.760174][ T5854] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1208.771484][T21352] syz.1.5064: attempt to access beyond end of device [ 1208.771484][T21352] loop1: rw=524288, sector=16, nr_sectors = 32 limit=16 [ 1208.884590][ T5854] usb 4-1: config 0 has no interfaces? [ 1208.899305][ T5854] usb 4-1: New USB device found, idVendor=056e, idProduct=b338, bcdDevice=7f.56 [ 1208.908761][ T5854] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1208.928885][ T5854] usb 4-1: Product: syz [ 1208.933216][ T5854] usb 4-1: Manufacturer: syz [ 1208.969678][ T5854] usb 4-1: SerialNumber: syz [ 1208.985516][ T5854] usb 4-1: config 0 descriptor?? [ 1209.019061][T20014] BUG: Bad page state in process syz-executor pfn:6905b [ 1209.026965][T20014] page:ffffea0001a416c0 refcount:0 mapcount:0 mapping:ffff88805bbc1278 index:0x2 pfn:0x6905b [ 1209.037331][T20014] aops:z_erofs_cache_aops ino:0 [ 1209.042224][T20014] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 1209.050050][T20014] page_type: 0xffffffff() [ 1209.054452][T20014] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805bbc1278 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1209.063058][T20014] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 1209.071731][T20014] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 1209.079583][T20014] page_owner tracks the page as allocated [ 1209.086076][T20014] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 21347, tgid 21346 (syz.1.5064), ts 1208352049248, free_ts 1208297684049 [ 1209.108530][T20014] post_alloc_hook+0x1cd/0x210 [ 1209.113696][T20014] get_page_from_freelist+0x195c/0x19f0 [ 1209.119288][T20014] __alloc_pages+0x1e3/0x460 [ 1209.124003][T20014] z_erofs_do_read_page+0x20c0/0x3680 [ 1209.129402][T20014] z_erofs_pcluster_readmore+0x2cf/0x450 [ 1209.135125][T20014] z_erofs_read_folio+0x208/0x540 [ 1209.140350][T20014] filemap_read_folio+0x167/0x760 [ 1209.145487][T20014] do_read_cache_folio+0x470/0x7e0 [ 1209.150634][T20014] erofs_bread+0x16f/0x630 [ 1209.155119][T20014] erofs_namei+0x28c/0xf00 [ 1209.159568][T20014] erofs_lookup+0x135/0x310 [ 1209.164599][T20014] path_openat+0x10b8/0x3190 [ 1209.169222][T20014] do_filp_open+0x1c5/0x3d0 [ 1209.174060][T20014] do_sys_openat2+0x12c/0x1c0 [ 1209.179216][T20014] __x64_sys_creat+0x90/0xb0 [ 1209.183931][T20014] do_syscall_64+0x55/0xb0 [ 1209.188373][T20014] page last free stack trace: [ 1209.193056][T20014] free_unref_page_prepare+0x7ce/0x8e0 [ 1209.198636][T20014] free_unref_page+0x32/0x2e0 [ 1209.203360][T20014] __unfreeze_partials+0x1cf/0x210 [ 1209.208549][T20014] put_cpu_partial+0x17c/0x250 [ 1209.213338][T20014] __slab_free+0x31d/0x410 [ 1209.217831][T20014] qlist_free_all+0x75/0xe0 [ 1209.222367][T20014] kasan_quarantine_reduce+0x143/0x160 [ 1209.228014][T20014] __kasan_slab_alloc+0x22/0x80 [ 1209.232910][T20014] slab_post_alloc_hook+0x6e/0x4d0 [ 1209.238155][T20014] kmem_cache_alloc+0x11e/0x2e0 [ 1209.243043][T20014] vm_area_dup+0x27/0x270 [ 1209.247474][T20014] __split_vma+0x19f/0xc00 [ 1209.251924][T20014] mprotect_fixup+0xa0f/0xc90 [ 1209.256702][T20014] do_mprotect_pkey+0x76e/0xc30 [ 1209.261586][T20014] __x64_sys_mprotect+0x80/0x90 [ 1209.266547][T20014] do_syscall_64+0x55/0xb0 [ 1209.271017][T20014] Modules linked in: [ 1209.274990][T20014] CPU: 0 PID: 20014 Comm: syz-executor Not tainted syzkaller #0 [ 1209.282734][T20014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1209.292910][T20014] Call Trace: [ 1209.296191][T20014] [ 1209.299140][T20014] dump_stack_lvl+0x16c/0x230 [ 1209.303830][T20014] ? show_regs_print_info+0x20/0x20 [ 1209.309044][T20014] ? swiotlb_print_info+0x70/0x70 [ 1209.314383][T20014] bad_page+0x14b/0x170 [ 1209.318545][T20014] free_unref_page_prepare+0x887/0x8e0 [ 1209.324007][T20014] free_unref_page+0x32/0x2e0 [ 1209.328800][T20014] ? __folio_put+0xef/0x210 [ 1209.333313][T20014] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 1209.339732][T20014] erofs_shrink_workstation+0x118/0x290 [ 1209.345280][T20014] ? erofs_shrinker_unregister+0x170/0x170 [ 1209.351085][T20014] ? io_schedule+0xd0/0xd0 [ 1209.355500][T20014] ? kobject_put+0x43c/0x470 [ 1209.360094][T20014] erofs_shrinker_unregister+0x5d/0x170 [ 1209.365658][T20014] erofs_put_super+0x4e/0x150 [ 1209.370426][T20014] ? erofs_free_inode+0xb0/0xb0 [ 1209.375273][T20014] generic_shutdown_super+0x134/0x2b0 [ 1209.380645][T20014] kill_block_super+0x44/0x90 [ 1209.385320][T20014] erofs_kill_sb+0x4c/0x140 [ 1209.389825][T20014] deactivate_locked_super+0x97/0x100 [ 1209.395217][T20014] cleanup_mnt+0x429/0x4c0 [ 1209.399644][T20014] task_work_run+0x1ce/0x250 [ 1209.404241][T20014] ? task_work_cancel+0x240/0x240 [ 1209.409276][T20014] ? exit_to_user_mode_loop+0x3b/0x110 [ 1209.414741][T20014] exit_to_user_mode_loop+0xe6/0x110 [ 1209.420025][T20014] exit_to_user_mode_prepare+0xf6/0x180 [ 1209.425572][T20014] syscall_exit_to_user_mode+0x1a/0x50 [ 1209.431025][T20014] do_syscall_64+0x61/0xb0 [ 1209.435439][T20014] ? clear_bhb_loop+0x40/0x90 [ 1209.440112][T20014] ? clear_bhb_loop+0x40/0x90 [ 1209.444891][T20014] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1209.450797][T20014] RIP: 0033:0x7fea72590a77 [ 1209.455226][T20014] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 1209.474843][T20014] RSP: 002b:00007ffd2d7f2c38 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1209.483277][T20014] RAX: 0000000000000000 RBX: 00007fea72613d7d RCX: 00007fea72590a77 [ 1209.491621][T20014] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd2d7f2cf0 [ 1209.499686][T20014] RBP: 00007ffd2d7f2cf0 R08: 0000000000000000 R09: 0000000000000000 [ 1209.507664][T20014] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd2d7f3d80 [ 1209.516081][T20014] R13: 00007fea72613d7d R14: 0000000000127247 R15: 00007ffd2d7f3dc0 [ 1209.524071][T20014] [ 1209.527957][T20014] Disabling lock debugging due to kernel taint [ 1209.534203][T20014] BUG: Bad page state in process syz-executor pfn:2b921 [ 1209.541236][T20014] page:ffffea0000ae4840 refcount:0 mapcount:0 mapping:ffff88805bbc1278 index:0x3 pfn:0x2b921 [ 1209.551438][T20014] aops:z_erofs_cache_aops ino:0 [ 1209.556338][T20014] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 1209.564165][T20014] page_type: 0xffffffff() [ 1209.568506][T20014] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805bbc1278 [ 1209.577135][T20014] raw: 0000000000000003 0000000000000000 00000000ffffffff 0000000000000000 [ 1209.585765][T20014] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 1209.593465][T20014] page_owner tracks the page as allocated [ 1209.599247][T20014] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 21347, tgid 21346 (syz.1.5064), ts 1208352064917, free_ts 1208297556854 [ 1209.621644][T20014] post_alloc_hook+0x1cd/0x210 [ 1209.626465][T20014] get_page_from_freelist+0x195c/0x19f0 [ 1209.632028][T20014] __alloc_pages+0x1e3/0x460 [ 1209.636683][T20014] z_erofs_do_read_page+0x20c0/0x3680 [ 1209.642070][T20014] z_erofs_pcluster_readmore+0x2cf/0x450 [ 1209.647817][T20014] z_erofs_read_folio+0x208/0x540 [ 1209.652851][T20014] filemap_read_folio+0x167/0x760 [ 1209.657917][T20014] do_read_cache_folio+0x470/0x7e0 [ 1209.663036][T20014] erofs_bread+0x16f/0x630 [ 1209.667490][T20014] erofs_namei+0x28c/0xf00 [ 1209.671921][T20014] erofs_lookup+0x135/0x310 [ 1209.676483][T20014] path_openat+0x10b8/0x3190 [ 1209.681086][T20014] do_filp_open+0x1c5/0x3d0 [ 1209.685625][T20014] do_sys_openat2+0x12c/0x1c0 [ 1209.690705][T20014] __x64_sys_creat+0x90/0xb0 [ 1209.695369][T20014] do_syscall_64+0x55/0xb0 [ 1209.699799][T20014] page last free stack trace: [ 1209.704504][T20014] free_unref_page_prepare+0x7ce/0x8e0 [ 1209.709982][T20014] free_unref_page+0x32/0x2e0 [ 1209.714702][T20014] __unfreeze_partials+0x1cf/0x210 [ 1209.719821][T20014] put_cpu_partial+0x17c/0x250 [ 1209.724626][T20014] __slab_free+0x31d/0x410 [ 1209.729054][T20014] qlist_free_all+0x75/0xe0 [ 1209.733655][T20014] kasan_quarantine_reduce+0x143/0x160 [ 1209.739129][T20014] __kasan_slab_alloc+0x22/0x80 [ 1209.744025][T20014] slab_post_alloc_hook+0x6e/0x4d0 [ 1209.749146][T20014] kmem_cache_alloc+0x11e/0x2e0 [ 1209.754044][T20014] vm_area_dup+0x27/0x270 [ 1209.758415][T20014] __split_vma+0x19f/0xc00 [ 1209.762838][T20014] mprotect_fixup+0xa0f/0xc90 [ 1209.767585][T20014] do_mprotect_pkey+0x76e/0xc30 [ 1209.772441][T20014] __x64_sys_mprotect+0x80/0x90 [ 1209.777338][T20014] do_syscall_64+0x55/0xb0 [ 1209.781768][T20014] Modules linked in: [ 1209.785697][T20014] CPU: 0 PID: 20014 Comm: syz-executor Tainted: G B syzkaller #0 [ 1209.794807][T20014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1209.804903][T20014] Call Trace: [ 1209.808166][T20014] [ 1209.811082][T20014] dump_stack_lvl+0x16c/0x230 [ 1209.815925][T20014] ? show_regs_print_info+0x20/0x20 [ 1209.821149][T20014] ? swiotlb_print_info+0x70/0x70 [ 1209.826163][T20014] bad_page+0x14b/0x170 [ 1209.830332][T20014] free_unref_page_prepare+0x887/0x8e0 [ 1209.835914][T20014] free_unref_page+0x32/0x2e0 [ 1209.840576][T20014] ? __folio_put+0xef/0x210 [ 1209.845062][T20014] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 1209.851458][T20014] erofs_shrink_workstation+0x118/0x290 [ 1209.857086][T20014] ? erofs_shrinker_unregister+0x170/0x170 [ 1209.862889][T20014] ? io_schedule+0xd0/0xd0 [ 1209.867295][T20014] ? kobject_put+0x43c/0x470 [ 1209.871873][T20014] erofs_shrinker_unregister+0x5d/0x170 [ 1209.877414][T20014] erofs_put_super+0x4e/0x150 [ 1209.882083][T20014] ? erofs_free_inode+0xb0/0xb0 [ 1209.886924][T20014] generic_shutdown_super+0x134/0x2b0 [ 1209.892294][T20014] kill_block_super+0x44/0x90 [ 1209.896957][T20014] erofs_kill_sb+0x4c/0x140 [ 1209.901451][T20014] deactivate_locked_super+0x97/0x100 [ 1209.906824][T20014] cleanup_mnt+0x429/0x4c0 [ 1209.911233][T20014] task_work_run+0x1ce/0x250 [ 1209.915819][T20014] ? task_work_cancel+0x240/0x240 [ 1209.920835][T20014] ? exit_to_user_mode_loop+0x3b/0x110 [ 1209.926283][T20014] exit_to_user_mode_loop+0xe6/0x110 [ 1209.931558][T20014] exit_to_user_mode_prepare+0xf6/0x180 [ 1209.937096][T20014] syscall_exit_to_user_mode+0x1a/0x50 [ 1209.942541][T20014] do_syscall_64+0x61/0xb0 [ 1209.946947][T20014] ? clear_bhb_loop+0x40/0x90 [ 1209.951613][T20014] ? clear_bhb_loop+0x40/0x90 [ 1209.956280][T20014] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1209.962161][T20014] RIP: 0033:0x7fea72590a77 [ 1209.966565][T20014] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 1209.986161][T20014] RSP: 002b:00007ffd2d7f2c38 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1209.994564][T20014] RAX: 0000000000000000 RBX: 00007fea72613d7d RCX: 00007fea72590a77 [ 1210.002538][T20014] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd2d7f2cf0 [ 1210.010496][T20014] RBP: 00007ffd2d7f2cf0 R08: 0000000000000000 R09: 0000000000000000 [ 1210.018456][T20014] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd2d7f3d80 [ 1210.026414][T20014] R13: 00007fea72613d7d R14: 0000000000127247 R15: 00007ffd2d7f3dc0 [ 1210.034383][T20014] [ 1210.037455][T20014] BUG: Bad page state in process syz-executor pfn:62369 [ 1210.045246][T20014] page:ffffea000188da40 refcount:0 mapcount:0 mapping:ffff88805bbc1278 index:0x4 pfn:0x62369 [ 1210.055488][T20014] aops:z_erofs_cache_aops ino:0 [ 1210.060355][T20014] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 1210.068114][T20014] page_type: 0xffffffff() [ 1210.072438][T20014] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805bbc1278 [ 1210.081135][T20014] raw: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 1210.089739][T20014] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 1210.097035][T20014] page_owner tracks the page as allocated [ 1210.102982][T20014] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 21347, tgid 21346 (syz.1.5064), ts 1208352081000, free_ts 1208297526973 [ 1210.125379][T20014] post_alloc_hook+0x1cd/0x210 [ 1210.130153][T20014] get_page_from_freelist+0x195c/0x19f0 [ 1210.135724][T20014] __alloc_pages+0x1e3/0x460 [ 1210.140319][T20014] z_erofs_do_read_page+0x20c0/0x3680 [ 1210.145727][T20014] z_erofs_pcluster_readmore+0x2cf/0x450 [ 1210.151363][T20014] z_erofs_read_folio+0x208/0x540 [ 1210.156411][T20014] filemap_read_folio+0x167/0x760 [ 1210.161489][T20014] do_read_cache_folio+0x470/0x7e0 [ 1210.166637][T20014] erofs_bread+0x16f/0x630 [ 1210.171064][T20014] erofs_namei+0x28c/0xf00 [ 1210.175502][T20014] erofs_lookup+0x135/0x310 [ 1210.180010][T20014] path_openat+0x10b8/0x3190 [ 1210.184622][T20014] do_filp_open+0x1c5/0x3d0 [ 1210.189128][T20014] do_sys_openat2+0x12c/0x1c0 [ 1210.193832][T20014] __x64_sys_creat+0x90/0xb0 [ 1210.198421][T20014] do_syscall_64+0x55/0xb0 [ 1210.203048][T20014] page last free stack trace: [ 1210.207813][T20014] free_unref_page_prepare+0x7ce/0x8e0 [ 1210.213278][T20014] free_unref_page+0x32/0x2e0 [ 1210.217973][T20014] __unfreeze_partials+0x1cf/0x210 [ 1210.223087][T20014] put_cpu_partial+0x17c/0x250 [ 1210.227878][T20014] __slab_free+0x31d/0x410 [ 1210.232295][T20014] qlist_free_all+0x75/0xe0 [ 1210.236827][T20014] kasan_quarantine_reduce+0x143/0x160 [ 1210.242284][T20014] __kasan_slab_alloc+0x22/0x80 [ 1210.247151][T20014] slab_post_alloc_hook+0x6e/0x4d0 [ 1210.252261][T20014] kmem_cache_alloc+0x11e/0x2e0 [ 1210.257143][T20014] vm_area_dup+0x27/0x270 [ 1210.261476][T20014] __split_vma+0x19f/0xc00 [ 1210.265922][T20014] mprotect_fixup+0xa0f/0xc90 [ 1210.270598][T20014] do_mprotect_pkey+0x76e/0xc30 [ 1210.275462][T20014] __x64_sys_mprotect+0x80/0x90 [ 1210.280314][T20014] do_syscall_64+0x55/0xb0 [ 1210.284771][T20014] Modules linked in: [ 1210.288671][T20014] CPU: 0 PID: 20014 Comm: syz-executor Tainted: G B syzkaller #0 [ 1210.297778][T20014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1210.307829][T20014] Call Trace: [ 1210.311103][T20014] [ 1210.314026][T20014] dump_stack_lvl+0x16c/0x230 [ 1210.318701][T20014] ? show_regs_print_info+0x20/0x20 [ 1210.323885][T20014] ? swiotlb_print_info+0x70/0x70 [ 1210.328902][T20014] bad_page+0x14b/0x170 [ 1210.333045][T20014] free_unref_page_prepare+0x887/0x8e0 [ 1210.338509][T20014] free_unref_page+0x32/0x2e0 [ 1210.343174][T20014] ? __folio_put+0xef/0x210 [ 1210.347664][T20014] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 1210.354071][T20014] erofs_shrink_workstation+0x118/0x290 [ 1210.359616][T20014] ? erofs_shrinker_unregister+0x170/0x170 [ 1210.365412][T20014] ? io_schedule+0xd0/0xd0 [ 1210.369818][T20014] ? kobject_put+0x43c/0x470 [ 1210.374393][T20014] erofs_shrinker_unregister+0x5d/0x170 [ 1210.379929][T20014] erofs_put_super+0x4e/0x150 [ 1210.384596][T20014] ? erofs_free_inode+0xb0/0xb0 [ 1210.389433][T20014] generic_shutdown_super+0x134/0x2b0 [ 1210.394798][T20014] kill_block_super+0x44/0x90 [ 1210.399465][T20014] erofs_kill_sb+0x4c/0x140 [ 1210.403957][T20014] deactivate_locked_super+0x97/0x100 [ 1210.409321][T20014] cleanup_mnt+0x429/0x4c0 [ 1210.413734][T20014] task_work_run+0x1ce/0x250 [ 1210.418315][T20014] ? task_work_cancel+0x240/0x240 [ 1210.423348][T20014] ? exit_to_user_mode_loop+0x3b/0x110 [ 1210.428795][T20014] exit_to_user_mode_loop+0xe6/0x110 [ 1210.434069][T20014] exit_to_user_mode_prepare+0xf6/0x180 [ 1210.439604][T20014] syscall_exit_to_user_mode+0x1a/0x50 [ 1210.445050][T20014] do_syscall_64+0x61/0xb0 [ 1210.449456][T20014] ? clear_bhb_loop+0x40/0x90 [ 1210.454121][T20014] ? clear_bhb_loop+0x40/0x90 [ 1210.458783][T20014] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1210.464665][T20014] RIP: 0033:0x7fea72590a77 [ 1210.469065][T20014] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 1210.488668][T20014] RSP: 002b:00007ffd2d7f2c38 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1210.497074][T20014] RAX: 0000000000000000 RBX: 00007fea72613d7d RCX: 00007fea72590a77 [ 1210.505036][T20014] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd2d7f2cf0 [ 1210.513011][T20014] RBP: 00007ffd2d7f2cf0 R08: 0000000000000000 R09: 0000000000000000 [ 1210.520994][T20014] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd2d7f3d80 [ 1210.528964][T20014] R13: 00007fea72613d7d R14: 0000000000127247 R15: 00007ffd2d7f3dc0 [ 1210.536939][T20014]