last executing test programs: 2.681078308s ago: executing program 2 (id=2802): r0 = socket(0x2b, 0x1, 0x1) sendmmsg$sock(r0, &(0x7f0000001280)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20000001) getpeername$unix(r0, 0x0, 0x0) 2.579723759s ago: executing program 2 (id=2803): r0 = io_uring_setup(0x1946, &(0x7f0000000a80)={0x0, 0xa94d, 0x1, 0xfffffffd, 0x179}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000500)={0xa, 0x2, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6(0xa, 0x3, 0xff) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x4008890) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendto$inet6(r1, &(0x7f00000000c0)="04", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e24, 0x0, @loopback, 0x1}}, 0x0, 0x0, 0x6, 0x0, "10baa70a93289349d889de25b87376f64276337642b890d33cb5b592e66e6229bc5c7ac135fee1b3871b7ef6619db5b2a94edb6f73ea08b02aa3b47debd38b6d889a8c986b33eb49c3157f1f370dfd67"}, 0xd8) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.522568551s ago: executing program 0 (id=2805): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0xd9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r2, 0xc0105500, &(0x7f00000001c0)={0x0, 0x1, 0x9, 0x4, 0x0, 0x0, 0x0}) 2.214766145s ago: executing program 0 (id=2808): dup(0xffffffffffffffff) r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x1, 0x40002) writev(r0, &(0x7f0000000c40)=[{0x0}, {&(0x7f00000007c0)}, {&(0x7f0000000900)}], 0x3) 1.962348469s ago: executing program 0 (id=2812): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r2, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40) close_range(r1, 0xffffffffffffffff, 0x0) 1.863809031s ago: executing program 2 (id=2813): r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'batadv0\x00', &(0x7f0000000040)=@ethtool_sset_info={0x37, 0xe574f8, 0x7}}) 1.856358041s ago: executing program 0 (id=2814): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000002c0)='mm_page_alloc\x00', r0, 0x0, 0x2}, 0x18) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x105042, 0x189) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$AUTOFS_IOC_FAIL(r1, 0x4c80, 0xffffffffffffffb6) unshare(0x40000000) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 1.816878542s ago: executing program 2 (id=2816): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x41, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r1}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="020000000000000002000000e000000200e70000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000200fffc0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x190) setsockopt$inet_group_source_req(r2, 0x0, 0x2c, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x108) 1.694492654s ago: executing program 2 (id=2819): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0e00000004000000080000000f"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0xb}]}) socket$inet6_sctp(0xa, 0x1, 0x84) close_range(r2, 0xffffffffffffffff, 0x0) 1.440628548s ago: executing program 1 (id=2825): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000200), 0x4, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r2) sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000800)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0103000000000000000001"], 0x30}}, 0x40) 1.430776128s ago: executing program 3 (id=2826): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000006040)={0x3c, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MLSLVLLST={0x4}, @NLBL_CIPSOV4_A_MLSCATLST={0x10, 0xc, 0x0, 0x1, [{0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xfffffffe}]}]}]}, 0x3c}}, 0x0) 1.31570202s ago: executing program 3 (id=2827): r0 = eventfd2(0x0, 0x0) io_setup(0x81, &(0x7f0000000400)=0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) close(0xffffffffffffffff) read$eventfd(r0, &(0x7f0000000000), 0x8) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x1fd, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r0}]) 1.313239789s ago: executing program 1 (id=2828): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x60442, 0x0) dup(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = syz_io_uring_setup(0x7e2b, 0x0, &(0x7f0000000040)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0x1a, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x1000}) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10) r6 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000001c0)="89000000120081ae08060cdc030ec0007f03e3f70000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120c000200080001400400446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0) 1.233262931s ago: executing program 1 (id=2829): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x58, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x58}}, 0x0) 1.148126983s ago: executing program 1 (id=2830): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="18050000000004000000000000000000850000007a00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, @void, @value}, 0x94) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000080)=r2, 0x4) write$tun(r0, &(0x7f0000002400)=ANY=[], 0x10da) 1.099398263s ago: executing program 3 (id=2831): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000040000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) statfs(&(0x7f0000000580)='./file0\x00', 0x0) 1.015774114s ago: executing program 3 (id=2832): r0 = syz_open_dev$tty1(0xc, 0x4, 0x3) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000400)={0x0, 0x7f, 0x700}) 1.010049194s ago: executing program 3 (id=2833): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x80, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000013c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0) 937.735626ms ago: executing program 3 (id=2834): r0 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r0, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, 0x0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000280)={@remote, @private2={0xfc, 0x2, '\x00', 0x1}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x8, 0xf, 0x100, 0x8000000000000000, 0x200, r2}) 811.789148ms ago: executing program 1 (id=2835): syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f0000000400)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000010}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)}], 0x1, 0x0, 0x0, 0x7400}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r2, 0x6a98047402e98331}, 0x14}, 0x1, 0x0, 0x0, 0x841}, 0x0) 744.330139ms ago: executing program 2 (id=2837): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r0}, 0x18) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r1, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71c103e1fdcb1934fd1d28b4916abe", 0xd3}, {&(0x7f00000003c0)="5453b4b759f9d4f4f33bda880b70e0dadde06223919f4585429ef69078a4956f646ea03bfd4c090a003c01f32b1a175baf38c1eb4572c8b372a4cf9128062e58ff575546876a2804144c3aea98c4a3533396f87e860de8c66bceb0e6b387ec853b7e91c57587d38436637e702ae18eeccefdcd7a3cdd7bfc327b5d619b57d56afe1628b65e2948af5ee0e3f52746a5aff58bb7c6d253a58bf745584d1bc19fe5e42b5534eab9e9d2587b413e81f68b60f56130f82b327f5fe900e3e107bc6b783d1d23a056426d6502133386b51e657046c1c43a2a2c4a7611ee6592a5ee08700d24d832163b3def1f", 0xe9}, {&(0x7f0000000640)="d48c8225ddfdf2c06c27763617468581389d34126760ba3dd0fe077a7c2ce378dd62cafeeb4ba1493766d09fd561d69a5bf8109ffcd3e43d8c16b9c3fa92d4439c5af1fa4775d01dcf0748a24ab51b52fbe75287a4b9aaa18fd479bdd154b4efe531a242d90a1ca2799c242bfd4ddd8271448d3415bd3a907ad340dc2fa2471393212d02eb25242808cffdc4e7a646211c18ac8602f5fc1e4f82b728", 0x9c}, {&(0x7f0000000740)="f52ec22aafecc37a6d9995f1afb5c1727f223f9b84451a110b1dfbf19cc7ed183ba93f6d55645001887fc999262b9c938e22ef5ec46b4b1b535060dcca5cff1f0e5a1d9b32cef2b6e0a61af7968dc1759c4d901867d7d6e9f2521f6a1578e1cc2fbf58837a2633c0b8299192718c61227412dafd01e899723b33735bbec3e1429117362acc4139fc3565f183bd5568f47f4bc416adb360fdd9c497c2ad2ffe1ad738f4c073f1378d2b455e61844076a4a97ac1e13e2fb300ae69d55c501f96dcc39bf7ed835cc866f0fbd8e936e8374a484f111919dc610e0a36", 0xda}], 0x4}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000840)="b1f56ee29c433328d3b2a83bd97e37007087acae7568090043ed556d7677010cd542e796cc2669e2af440e0000005cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a12c257d6a19523b8b789ef34b46e461725b5e437323385b88c368f8bb5b933aa9169f5f7b51dd5319b8016623d1863d70581691a79a6678db1e5e7fa1c98c5b9e4a87272e9c4a1bd98dbb2ab76919ba5c1020e80bd0659e82d861dc6fe4c62639134c504aa43", 0xae}], 0x1}}], 0x2, 0xc0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r1, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 716.819489ms ago: executing program 1 (id=2838): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r1, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) ppoll(&(0x7f0000000fc0)=[{r0, 0x2108}, {r1, 0x24b0}], 0x2, 0x0, 0x0, 0x0) 343.756775ms ago: executing program 4 (id=2839): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f00000008c0), 0x5, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x14, 0x0) 306.822666ms ago: executing program 4 (id=2840): r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)=[{0x10, 0x10b}, {0x18, 0x110, 0xa, ')'}], 0x28}, 0x0) 216.861107ms ago: executing program 0 (id=2841): r0 = eventfd2(0x0, 0x0) io_setup(0x81, &(0x7f0000000400)=0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) close(0xffffffffffffffff) read$eventfd(r0, &(0x7f0000000000), 0x8) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x1fd, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r0}]) 167.931358ms ago: executing program 4 (id=2842): bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="04000000", @ANYRES32], 0x50) 147.145078ms ago: executing program 4 (id=2843): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=ANY=[@ANYBLOB="1c0000000000000001"], 0xa0}, 0x4004881) 97.857379ms ago: executing program 4 (id=2844): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x3, 0x4, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000007000000203000040000000095"], &(0x7f00000000c0)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 955.271µs ago: executing program 4 (id=2845): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00'}, 0x10) keyctl$link(0x8, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@typedef={0x2}]}, {0x0, [0x0, 0x61]}}, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) 0s ago: executing program 0 (id=2846): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="04010000020101010000000000000000000000092c000f800c0002400000000408000140000077580800014000000008ed0001400000000d08000240000001ff28000e800c00028005000100010000000c00028005000100880000000c0002800500010001000000080004800400018004001980080015"], 0x104}, 0x1, 0x0, 0x0, 0x41}, 0x4000000) kernel console output (not intermixed with test programs): 0:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7461 comm="syz.2.1172" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 164.383767][ T7470] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 164.550772][ T7476] loop4: detected capacity change from 0 to 2048 [ 165.474759][ T7495] capability: warning: `syz.4.1183' uses 32-bit capabilities (legacy support in use) [ 165.544767][ T7500] autofs4:pid:7500:autofs_fill_super: called with bogus options [ 165.723394][ T7510] loop3: detected capacity change from 0 to 1024 [ 165.732810][ T7510] EXT4-fs: Ignoring removed orlov option [ 165.749581][ T7513] netlink: 332 bytes leftover after parsing attributes in process `syz.4.1194'. [ 165.752279][ T7513] netlink: 'syz.4.1194': attribute type 9 has an invalid length. [ 165.764858][ T7513] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1194'. [ 165.767428][ T7513] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1194'. [ 165.775194][ T7510] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 165.911589][ T4307] EXT4-fs (loop3): unmounting filesystem. [ 165.985588][ T7524] device pim6reg1 entered promiscuous mode [ 165.992105][ T7527] loop0: detected capacity change from 0 to 1024 [ 165.994095][ T7526] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1199'. [ 166.001430][ T7527] EXT4-fs: Ignoring removed nobh option [ 166.003202][ T7527] EXT4-fs: Ignoring removed bh option [ 166.006382][ T7527] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 166.051869][ T7527] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 166.130143][ T4299] EXT4-fs (loop0): unmounting filesystem. [ 166.232569][ T7535] loop0: detected capacity change from 0 to 1024 [ 166.245173][ T7535] EXT4-fs: Ignoring removed nobh option [ 166.246869][ T7535] EXT4-fs: Ignoring removed oldalloc option [ 166.248489][ T7535] EXT4-fs: Ignoring removed orlov option [ 166.303226][ T7535] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 166.469724][ T7535] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz.0.1203: Allocating blocks 497-513 which overlap fs metadata [ 166.502062][ T7535] EXT4-fs (loop0): pa 00000000bb1186e5: logic 256, phys. 385, len 8 [ 166.504646][ T7535] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 166.629733][ T4299] EXT4-fs (loop0): unmounting filesystem. [ 166.773794][ T7573] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1220'. [ 166.927490][ T7588] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1225'. [ 166.931091][ T7588] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 166.933241][ T7588] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 166.944336][ T7588] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 166.946769][ T7588] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 166.949566][ T7584] loop1: detected capacity change from 0 to 2048 [ 166.993813][ T7584] Alternate GPT is invalid, using primary GPT. [ 166.995773][ T7584] loop1: p1 p2 p3 [ 167.149122][ T7595] loop3: detected capacity change from 0 to 1024 [ 167.155489][ T7595] EXT4-fs: Ignoring removed i_version option [ 167.380301][ T7595] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:477: comm syz.3.1227: Invalid block bitmap block 0 in block_group 0 [ 167.385813][ T7595] EXT4-fs error (device loop3): ext4_acquire_dquot:6814: comm syz.3.1227: Failed to acquire dquot type 0 [ 167.397532][ T7595] EXT4-fs error (device loop3): ext4_free_blocks:6210: comm syz.3.1227: Freeing blocks not in datazone - block = 0, count = 4096 [ 167.404821][ T7595] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.1227: Invalid inode bitmap blk 0 in block_group 0 [ 167.412925][ T11] EXT4-fs error (device loop3): ext4_release_dquot:6850: comm kworker/u4:1: Failed to release dquot type 0 [ 167.417302][ T7595] EXT4-fs error (device loop3) in ext4_free_inode:362: Corrupt filesystem [ 167.421258][ T7595] EXT4-fs (loop3): 1 orphan inode deleted [ 167.422849][ T7595] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 168.142751][ T6121] udevd[6121]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 168.185142][ T6123] udevd[6123]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 168.326573][ T6122] udevd[6122]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 168.435351][ T27] kauditd_printk_skb: 46 callbacks suppressed [ 168.435363][ T27] audit: type=1326 audit(168.390:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7608 comm="syz.1.1233" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 168.466880][ T27] audit: type=1326 audit(168.420:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7608 comm="syz.1.1233" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 168.517996][ T27] audit: type=1326 audit(168.420:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7608 comm="syz.1.1233" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=163 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 168.575426][ T27] audit: type=1326 audit(168.420:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7608 comm="syz.1.1233" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 168.608680][ T27] audit: type=1326 audit(168.420:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7608 comm="syz.1.1233" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 168.782779][ T7620] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1238'. [ 169.157900][ T7634] loop2: detected capacity change from 0 to 128 [ 169.216954][ T4307] EXT4-fs (loop3): unmounting filesystem. [ 169.262354][ T7634] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 169.273880][ T7634] EXT4-fs error (device loop2): htree_dirblock_to_tree:1112: inode #2: block 4: comm syz.2.1244: bad entry in directory: rec_len is smaller than minimal - offset=1012, inode=128, rec_len=9, size=1024 fake=0 [ 169.282846][ T7640] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1247'. [ 169.300786][ T7634] EXT4-fs (loop2): Remounting filesystem read-only [ 169.325086][ T4297] EXT4-fs (loop2): unmounting filesystem. [ 169.460666][ T7648] netlink: 'syz.4.1250': attribute type 4 has an invalid length. [ 170.257139][ T27] audit: type=1326 audit(170.210:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.4.1260" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 170.278589][ T27] audit: type=1326 audit(170.230:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.4.1260" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 170.301007][ T7683] 9pnet: Could not find request transport: t [ 170.303140][ T27] audit: type=1326 audit(170.260:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.4.1260" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 170.323042][ T27] audit: type=1326 audit(170.260:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.4.1260" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 170.343718][ T27] audit: type=1326 audit(170.260:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.4.1260" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 170.561489][ T7695] netlink: 'syz.3.1262': attribute type 4 has an invalid length. [ 170.594002][ T7698] loop4: detected capacity change from 0 to 164 [ 170.633681][ T7698] ext4: attempt to access beyond end of device [ 170.633681][ T7698] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 170.703122][ T7698] ext4: attempt to access beyond end of device [ 170.703122][ T7698] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 170.879383][ T7711] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1269'. [ 171.135266][ T7722] loop4: detected capacity change from 0 to 2048 [ 171.359616][ T7734] loop2: detected capacity change from 0 to 164 [ 171.861032][ T7734] bond0 speed is unknown, defaulting to 1000 [ 171.921987][ T7722] loop4: p1 < > p4 [ 171.948363][ T7722] loop4: p4 size 8388608 extends beyond EOD, truncated [ 172.130095][ T3912] loop4: p1 < > p4 [ 172.133820][ T3912] loop4: p4 size 8388608 extends beyond EOD, truncated [ 172.204550][ T7740] netlink: 'syz.2.1276': attribute type 4 has an invalid length. [ 172.617799][ T7754] 8021q: VLANs not supported on ip6tnl0 [ 172.740933][ T7759] netlink: 552 bytes leftover after parsing attributes in process `syz.1.1280'. [ 172.743649][ T7759] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1280'. [ 173.480145][ T7767] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1287'. [ 173.796798][ T6121] udevd[6121]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 173.806877][ T6075] udevd[6075]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 174.472179][ T7778] bond0 speed is unknown, defaulting to 1000 [ 174.493104][ T6075] udevd[6075]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 174.505412][ T6121] udevd[6121]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 174.753827][ T27] kauditd_printk_skb: 6 callbacks suppressed [ 174.753839][ T27] audit: type=1326 audit(174.710:1091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7789 comm="syz.4.1296" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 174.765010][ T27] audit: type=1326 audit(174.710:1092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7789 comm="syz.4.1296" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 174.785258][ T27] audit: type=1326 audit(174.710:1093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7789 comm="syz.4.1296" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 174.818797][ T27] audit: type=1326 audit(174.710:1094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7789 comm="syz.4.1296" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 174.824667][ T27] audit: type=1326 audit(174.710:1095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7789 comm="syz.4.1296" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 174.868612][ T27] audit: type=1326 audit(174.710:1096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7789 comm="syz.4.1296" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 174.874740][ T27] audit: type=1326 audit(174.710:1097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7789 comm="syz.4.1296" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 174.901641][ T27] audit: type=1326 audit(174.710:1098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7789 comm="syz.4.1296" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=209 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 174.936455][ T7798] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1299'. [ 174.939200][ T27] audit: type=1326 audit(174.710:1099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7789 comm="syz.4.1296" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 174.953473][ T27] audit: type=1326 audit(174.710:1100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7789 comm="syz.4.1296" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=150 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 175.025103][ T7804] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1302'. [ 175.198415][ T7817] device veth0 entered promiscuous mode [ 175.205747][ T7817] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1309'. [ 176.211386][ T7838] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1312'. [ 176.357822][ T7848] lo speed is unknown, defaulting to 1000 [ 176.364854][ T7848] lo speed is unknown, defaulting to 1000 [ 176.366732][ T7848] lo speed is unknown, defaulting to 1000 [ 176.391353][ T7848] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 176.421323][ T7848] lo speed is unknown, defaulting to 1000 [ 176.428311][ T7848] lo speed is unknown, defaulting to 1000 [ 176.452242][ T7848] lo speed is unknown, defaulting to 1000 [ 176.454426][ T7848] lo speed is unknown, defaulting to 1000 [ 176.456536][ T7848] lo speed is unknown, defaulting to 1000 [ 176.458477][ T7854] loop2: detected capacity change from 0 to 512 [ 176.462499][ T7856] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 176.472218][ T7855] loop3: detected capacity change from 0 to 512 [ 176.474598][ T7854] EXT4-fs: Ignoring removed nomblk_io_submit option [ 176.476491][ T7854] EXT4-fs: Ignoring removed nomblk_io_submit option [ 176.489904][ T7854] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 176.504107][ T7848] lo speed is unknown, defaulting to 1000 [ 176.536647][ T7854] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 176.558630][ T7854] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 176.568507][ T7859] loop4: detected capacity change from 0 to 1024 [ 176.576190][ T7859] EXT4-fs: Ignoring removed nobh option [ 176.577900][ T7859] EXT4-fs: Ignoring removed oldalloc option [ 176.582311][ T7854] EXT4-fs (loop2): 1 truncate cleaned up [ 176.583891][ T7854] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 176.586785][ T7859] EXT4-fs: Ignoring removed orlov option [ 176.647517][ T7859] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 176.652874][ T7870] loop0: detected capacity change from 0 to 512 [ 176.665615][ T7870] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 176.703398][ T4297] EXT4-fs (loop2): unmounting filesystem. [ 176.739164][ T7859] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3841: comm syz.4.1323: Allocating blocks 497-513 which overlap fs metadata [ 176.744569][ T7870] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 176.833366][ T7859] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1323'. [ 176.835981][ T7859] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1323'. [ 176.915881][ T4299] EXT4-fs (loop0): unmounting filesystem. [ 176.986456][ T4310] EXT4-fs (loop4): unmounting filesystem. [ 177.024917][ T7885] Driver unsupported XDP return value 0 on prog (id 17) dev N/A, expect packet loss! [ 177.062757][ T7887] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 177.064924][ T7887] vhci_hcd: default hub control req: 6001 v8001 i0001 l0 [ 177.214992][ T7892] loop1: detected capacity change from 0 to 1024 [ 177.225536][ T7895] loop2: detected capacity change from 0 to 512 [ 177.230431][ T7892] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 177.245506][ T7892] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 177.248364][ T7892] EXT4-fs (loop1): orphan cleanup on readonly fs [ 177.269001][ T7892] EXT4-fs error (device loop1): ext4_free_blocks:6210: comm +}[@: Freeing blocks not in datazone - block = 0, count = 4096 [ 177.273064][ T7892] EXT4-fs (loop1): Remounting filesystem read-only [ 177.274942][ T7892] EXT4-fs (loop1): 1 orphan inode deleted [ 177.276452][ T7892] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 177.299286][ T4296] EXT4-fs (loop1): unmounting filesystem. [ 177.441748][ T7906] loop2: detected capacity change from 0 to 1024 [ 177.461309][ T7904] loop1: detected capacity change from 0 to 4096 [ 177.479283][ T7913] netlink: 'syz.4.1345': attribute type 1 has an invalid length. [ 177.484055][ T7906] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 177.502338][ T7904] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 177.534594][ T7904] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 177.540450][ T7906] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3841: comm syz.2.1343: Allocating blocks 385-513 which overlap fs metadata [ 177.545262][ T7904] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 177.577850][ T7921] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1345'. [ 177.625468][ T4296] EXT4-fs (loop1): unmounting filesystem. [ 177.638859][ T7921] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 177.652947][ T6121] udevd[6121]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 177.663733][ T7905] EXT4-fs (loop2): pa 000000001581d266: logic 16, phys. 129, len 24 [ 177.666197][ T7905] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8 [ 177.679637][ T7921] bond1: (slave batadv1): Enslaving as a backup interface with an up link [ 177.696434][ T7913] bond1 (unregistering): (slave batadv1): Releasing backup interface [ 177.729222][ T6121] udevd[6121]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 177.815850][ T6122] udevd[6122]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 177.886764][ T4297] EXT4-fs (loop2): unmounting filesystem. [ 177.909369][ T7913] bond1 (unregistering): Released all slaves [ 177.930551][ T6122] udevd[6122]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 177.985060][ T7927] bond0 speed is unknown, defaulting to 1000 [ 177.987323][ T7927] lo speed is unknown, defaulting to 1000 [ 178.004041][ T6122] udevd[6122]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 178.166941][ T6122] udevd[6122]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 178.202069][ T7943] netlink: 'syz.4.1353': attribute type 13 has an invalid length. [ 178.211997][ T7943] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 178.235157][ T7943] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 178.276303][ T7943] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 178.343272][ T7943] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 178.431977][ T7948] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1355'. [ 178.618158][ T7961] loop1: detected capacity change from 0 to 1024 [ 178.657289][ T7961] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 178.694767][ T7961] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3841: comm syz.1.1361: Allocating blocks 385-513 which overlap fs metadata [ 178.775160][ T7960] EXT4-fs (loop1): pa 000000007f8e53a8: logic 16, phys. 129, len 24 [ 178.777490][ T7960] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8 [ 178.838244][ T4296] EXT4-fs (loop1): unmounting filesystem. [ 179.198139][ T7981] bond0 speed is unknown, defaulting to 1000 [ 179.202911][ T7981] lo speed is unknown, defaulting to 1000 [ 179.277138][ T7989] loop2: detected capacity change from 0 to 2048 [ 179.322992][ T7989] loop2: p1 < > p4 [ 179.325405][ T7989] loop2: p4 size 8388608 extends beyond EOD, truncated [ 179.599973][ T7983] tipc: New replicast peer: 10.1.1.2 [ 179.601678][ T7983] tipc: Enabled bearer , priority 10 [ 179.607717][ T7983] loop3: detected capacity change from 0 to 512 [ 179.624560][ T7983] EXT4-fs: user quota file already specified [ 179.662681][ T6121] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 179.703747][ T8002] loop4: detected capacity change from 0 to 1024 [ 179.764173][ T8002] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 179.800921][ T8002] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3841: comm syz.4.1378: Allocating blocks 385-513 which overlap fs metadata [ 179.827637][ T8001] EXT4-fs (loop4): pa 000000005c846e67: logic 16, phys. 129, len 24 [ 179.830293][ T8001] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8 [ 179.855206][ T8004] loop1: detected capacity change from 0 to 8192 [ 179.871861][ T4310] EXT4-fs (loop4): unmounting filesystem. [ 179.911008][ T8004] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 179.923990][ T8004] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 180.065865][ T8022] loop4: detected capacity change from 0 to 512 [ 180.258496][ T8022] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 180.274214][ T8022] EXT4-fs error (device loop4): ext4_do_update_inode:5253: inode #2: comm syz.4.1384: corrupted inode contents [ 180.299094][ T8022] EXT4-fs error (device loop4): ext4_dirty_inode:6118: inode #2: comm syz.4.1384: mark_inode_dirty error [ 180.314592][ T8035] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1390'. [ 180.317036][ T8035] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1390'. [ 180.325063][ T8022] EXT4-fs error (device loop4): ext4_do_update_inode:5253: inode #2: comm syz.4.1384: corrupted inode contents [ 180.393351][ T4310] EXT4-fs (loop4): unmounting filesystem. [ 180.588139][ T8048] loop4: detected capacity change from 0 to 512 [ 180.920796][ T8071] device bond1 entered promiscuous mode [ 180.922790][ T8071] 8021q: adding VLAN 0 to HW filter on device bond1 [ 181.227866][ T27] kauditd_printk_skb: 359 callbacks suppressed [ 181.227879][ T27] audit: type=1326 audit(181.180:1460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8084 comm="syz.3.1408" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7ef5a8a8 code=0x7ffc0000 [ 181.246956][ T27] audit: type=1326 audit(181.180:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8084 comm="syz.3.1408" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=260 compat=0 ip=0xffff7ef5a8a8 code=0x7ffc0000 [ 181.253696][ T27] audit: type=1326 audit(181.180:1462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8084 comm="syz.3.1408" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7ef5a8a8 code=0x7ffc0000 [ 181.499117][ T8100] loop3: detected capacity change from 0 to 128 [ 181.503957][ T8100] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 181.557176][ T4307] EXT4-fs (loop3): unmounting filesystem. [ 181.650175][ T8106] loop3: detected capacity change from 0 to 512 [ 181.684577][ T8106] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 181.754072][ T4307] EXT4-fs (loop3): unmounting filesystem. [ 181.775051][ T8102] Bluetooth: MGMT ver 1.22 [ 181.791600][ T8071] bond1 (unregistering): Released all slaves [ 181.844611][ T8080] netlink: 'syz.1.1406': attribute type 13 has an invalid length. [ 181.846926][ T8080] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1406'. [ 181.883146][ T8080] erspan0: refused to change device tx_queue_len [ 181.885271][ T8080] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 181.981306][ T8118] loop3: detected capacity change from 0 to 512 [ 181.983375][ T8121] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1424'. [ 182.004679][ T8118] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 182.018047][ T8118] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 182.050316][ T8118] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.1423: invalid indirect mapped block 4294967295 (level 1) [ 182.058889][ T8118] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.1423: invalid indirect mapped block 4294967295 (level 1) [ 182.098218][ T8118] EXT4-fs (loop3): 2 truncates cleaned up [ 182.107391][ T8118] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 182.138179][ T27] audit: type=1326 audit(182.090:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8127 comm="syz.1.1427" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 182.159166][ T8118] EXT4-fs (loop3): shut down requested (2) [ 182.196589][ T27] audit: type=1326 audit(182.150:1464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8127 comm="syz.1.1427" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=8 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 182.222660][ T27] audit: type=1326 audit(182.160:1465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8127 comm="syz.1.1427" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 182.261129][ T27] audit: type=1326 audit(182.160:1466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8127 comm="syz.1.1427" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 182.316789][ T8139] netdevsim netdevsim1: Direct firmware load for .. failed with error -2 [ 182.319654][ T4307] EXT4-fs (loop3): unmounting filesystem. [ 182.322263][ T8139] netdevsim netdevsim1: Falling back to sysfs fallback for: .. [ 182.535524][ T27] audit: type=1326 audit(182.490:1467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8146 comm="syz.3.1435" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7ef5a8a8 code=0x7ffc0000 [ 182.544375][ T27] audit: type=1326 audit(182.490:1468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8146 comm="syz.3.1435" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=167 compat=0 ip=0xffff7ef5a8a8 code=0x7ffc0000 [ 182.569952][ T27] audit: type=1326 audit(182.510:1469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8146 comm="syz.3.1435" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7ef5a8a8 code=0x7ffc0000 [ 182.835476][ T8160] loop2: detected capacity change from 0 to 512 [ 182.868770][ T8160] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 182.881720][ T8160] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e02c, mo2=0002] [ 182.884770][ T8160] EXT4-fs (loop2): orphan cleanup on readonly fs [ 182.896129][ T8160] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #11: comm syz.2.1441: attempt to clear invalid blocks 1024 len 1 [ 182.911657][ T8160] EXT4-fs (loop2): Remounting filesystem read-only [ 182.918390][ T8160] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.1441: bg 0: block 361: padding at end of block bitmap is not set [ 182.942337][ T8160] EXT4-fs (loop2): Remounting filesystem read-only [ 182.945455][ T8160] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 182.951354][ T8160] EXT4-fs (loop2): Remounting filesystem read-only [ 182.955874][ T8160] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1441: invalid indirect mapped block 1811939328 (level 0) [ 182.964589][ T8160] EXT4-fs (loop2): Remounting filesystem read-only [ 182.966623][ T8160] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1441: invalid indirect mapped block 2185560079 (level 1) [ 182.972827][ T8160] EXT4-fs (loop2): Remounting filesystem read-only [ 182.975204][ T8160] EXT4-fs (loop2): 1 truncate cleaned up [ 182.976963][ T8160] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 183.031978][ T8160] device bond1 entered promiscuous mode [ 183.033858][ T8160] 8021q: adding VLAN 0 to HW filter on device bond1 [ 183.740581][ T8160] bond1 (unregistering): Released all slaves [ 183.859906][ T4297] EXT4-fs (loop2): unmounting filesystem. [ 184.131799][ T6075] udevd[6075]: inotify_add_watch(7, /dev/loop1, 10) failed: No such file or directory [ 184.147413][ T6121] udevd[6121]: inotify_add_watch(7, /dev/loop1, 10) failed: No such file or directory [ 184.388999][ T8249] netlink: 'syz.3.1483': attribute type 10 has an invalid length. [ 184.391744][ T8249] device veth0_macvtap left promiscuous mode [ 184.394424][ T8249] team0: Device veth0_macvtap failed to register rx_handler [ 184.534898][ T8261] loop2: detected capacity change from 0 to 512 [ 184.545609][ T8258] loop3: detected capacity change from 0 to 1024 [ 184.579968][ T8261] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 184.595928][ T8258] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 184.618738][ T8261] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1487'. [ 184.651084][ T8272] device pim6reg1 entered promiscuous mode [ 184.679755][ T4307] EXT4-fs (loop3): unmounting filesystem. [ 184.757920][ T8280] loop4: detected capacity change from 0 to 1024 [ 184.764090][ T8280] EXT4-fs: Ignoring removed bh option [ 184.765634][ T8280] EXT4-fs: inline encryption not supported [ 184.787089][ T8280] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000] [ 184.801042][ T8280] EXT4-fs error (device loop4): ext4_map_blocks:635: inode #3: block 2: comm syz.4.1495: lblock 2 mapped to illegal pblock 2 (length 1) [ 184.812056][ T8280] EXT4-fs error (device loop4): ext4_map_blocks:635: inode #3: block 48: comm syz.4.1495: lblock 0 mapped to illegal pblock 48 (length 1) [ 184.825573][ T8280] EXT4-fs error (device loop4): ext4_acquire_dquot:6814: comm syz.4.1495: Failed to acquire dquot type 0 [ 184.829490][ T8280] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5914: Corrupt filesystem [ 184.841750][ T8280] EXT4-fs error (device loop4): ext4_evict_inode:279: inode #11: comm syz.4.1495: mark_inode_dirty error [ 184.877742][ T8280] EXT4-fs warning (device loop4): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 184.914803][ T8280] EXT4-fs (loop4): 1 orphan inode deleted [ 184.916478][ T8280] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 184.933042][ T4730] EXT4-fs error (device loop4): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:8: lblock 1 mapped to illegal pblock 1 (length 1) [ 184.938223][ T4730] EXT4-fs error (device loop4): ext4_release_dquot:6850: comm kworker/u4:8: Failed to release dquot type 0 [ 184.959528][ T4310] EXT4-fs (loop4): unmounting filesystem. [ 184.966183][ T4310] EXT4-fs error (device loop4): __ext4_get_inode_loc:4507: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 184.971298][ T4310] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5914: Corrupt filesystem [ 184.974610][ T4310] EXT4-fs error (device loop4): ext4_quota_off:7120: inode #3: comm syz-executor: mark_inode_dirty error [ 184.993924][ T4297] EXT4-fs (loop2): unmounting filesystem. [ 185.169977][ T8298] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1503'. [ 185.316148][ T8309] netlink: 'syz.2.1507': attribute type 3 has an invalid length. [ 185.333583][ T8309] netlink: 'syz.2.1507': attribute type 3 has an invalid length. [ 185.361280][ T8312] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1509'. [ 185.454810][ T8319] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 185.597335][ T8329] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1517'. [ 185.680714][ T8335] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1520'. [ 185.686723][ T8335] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1520'. [ 185.773620][ T8342] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1522'. [ 186.524959][ T8349] bond0 speed is unknown, defaulting to 1000 [ 186.530557][ T8349] lo speed is unknown, defaulting to 1000 [ 186.615699][ T8353] loop3: detected capacity change from 0 to 256 [ 186.658190][ T8354] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1521'. [ 186.671247][ T27] kauditd_printk_skb: 318 callbacks suppressed [ 186.671258][ T27] audit: type=1326 audit(186.630:1785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8337 comm="syz.0.1521" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 186.712707][ T27] audit: type=1326 audit(186.660:1786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8337 comm="syz.0.1521" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 186.762053][ T27] audit: type=1326 audit(186.710:1787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8337 comm="syz.0.1521" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 186.781816][ T27] audit: type=1326 audit(186.710:1788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8337 comm="syz.0.1521" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 186.805148][ T8340] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 186.807476][ T8340] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 186.823582][ T27] audit: type=1326 audit(186.710:1789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8337 comm="syz.0.1521" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=211 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 186.830567][ T27] audit: type=1326 audit(186.710:1790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8337 comm="syz.0.1521" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 186.833368][ T8340] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 186.836855][ T27] audit: type=1326 audit(186.710:1791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8337 comm="syz.0.1521" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=20 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 186.845048][ T27] audit: type=1326 audit(186.710:1792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8337 comm="syz.0.1521" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 186.861963][ T27] audit: type=1326 audit(186.710:1793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8337 comm="syz.0.1521" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=441 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 186.871645][ T27] audit: type=1326 audit(186.810:1794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8360 comm="syz.3.1527" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7ef5a8a8 code=0x7ffc0000 [ 186.948477][ T8369] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1531'. [ 187.057613][ T8376] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1534'. [ 187.265503][ T8392] random: crng reseeded on system resumption [ 187.379916][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.381746][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 188.303782][ T8464] loop4: detected capacity change from 0 to 1024 [ 188.306210][ T8464] EXT4-fs: inline encryption not supported [ 188.329287][ T8464] EXT4-fs: Ignoring removed i_version option [ 188.375509][ T8464] EXT4-fs error (device loop4): ext4_map_blocks:745: inode #3: block 1: comm syz.4.1577: lblock 1 mapped to illegal pblock 1 (length 1) [ 188.383687][ T8464] EXT4-fs error (device loop4): ext4_acquire_dquot:6814: comm syz.4.1577: Failed to acquire dquot type 0 [ 188.396864][ T8464] EXT4-fs error (device loop4): ext4_free_blocks:6210: comm syz.4.1577: Freeing blocks not in datazone - block = 0, count = 4096 [ 188.450009][ T8464] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.1577: Invalid inode bitmap blk 0 in block_group 0 [ 188.466172][ T8464] EXT4-fs error (device loop4) in ext4_free_inode:362: Corrupt filesystem [ 188.468896][ T4730] EXT4-fs error (device loop4): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:8: lblock 1 mapped to illegal pblock 1 (length 1) [ 188.472899][ T4730] EXT4-fs error (device loop4): ext4_release_dquot:6850: comm kworker/u4:8: Failed to release dquot type 0 [ 188.501863][ T8464] EXT4-fs (loop4): 1 orphan inode deleted [ 188.503520][ T8464] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 188.584443][ T4310] EXT4-fs (loop4): unmounting filesystem. [ 188.832456][ T8501] netlink: 'syz.1.1594': attribute type 21 has an invalid length. [ 188.835037][ T8501] netlink: 'syz.1.1594': attribute type 1 has an invalid length. [ 188.920960][ T8499] loop0: detected capacity change from 0 to 4096 [ 189.015024][ T8499] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 189.087148][ T4299] EXT4-fs (loop0): unmounting filesystem. [ 189.715094][ T8559] __nla_validate_parse: 13 callbacks suppressed [ 189.715108][ T8559] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1618'. [ 189.805000][ T8564] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 189.823343][ T8564] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 189.825753][ T8564] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 189.879488][ T8564] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 190.125328][ T8582] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1631'. [ 190.386141][ T8596] netlink: 'syz.2.1635': attribute type 1 has an invalid length. [ 190.807828][ T8613] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1642'. [ 191.013397][ T8628] serio: Serial port ptm0 [ 191.253177][ T8643] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1655'. [ 191.584113][ T8660] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1662'. [ 191.586729][ T8660] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1662'. [ 191.865531][ T8675] loop4: detected capacity change from 0 to 2048 [ 191.897844][ T8675] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 191.912419][ T8675] EXT4-fs error (device loop4): ext4_find_extent:936: inode #2: comm syz.4.1671: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 191.954677][ T4310] EXT4-fs (loop4): unmounting filesystem. [ 192.472136][ T27] kauditd_printk_skb: 14 callbacks suppressed [ 192.472149][ T27] audit: type=1326 audit(192.430:1806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8710 comm="syz.2.1686" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 192.483808][ T27] audit: type=1326 audit(192.430:1807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8710 comm="syz.2.1686" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 192.508471][ T27] audit: type=1326 audit(192.440:1808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8710 comm="syz.2.1686" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=38 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 192.537074][ T27] audit: type=1326 audit(192.440:1809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8710 comm="syz.2.1686" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 192.557309][ T27] audit: type=1326 audit(192.440:1810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8710 comm="syz.2.1686" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 192.704830][ T8718] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 192.707773][ T8718] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 192.845083][ T8722] loop0: detected capacity change from 0 to 512 [ 192.864886][ T8722] EXT4-fs: Ignoring removed oldalloc option [ 192.883112][ T8724] loop2: detected capacity change from 0 to 1024 [ 192.893884][ T8724] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 192.921347][ T8724] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 192.955408][ T4297] EXT4-fs (loop2): unmounting filesystem. [ 192.958406][ T8722] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz.0.1688: Parent and EA inode have the same ino 15 [ 193.153947][ T8722] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz.0.1688: Parent and EA inode have the same ino 15 [ 193.191639][ T8722] EXT4-fs (loop0): 1 orphan inode deleted [ 193.225800][ T8722] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 193.852974][ T8750] loop4: detected capacity change from 0 to 1024 [ 193.868686][ T8750] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 193.933596][ T8750] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 194.112776][ T4310] EXT4-fs (loop4): unmounting filesystem. [ 194.846067][ T8784] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1715'. [ 194.861982][ T8784] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1715'. [ 195.218009][ T4299] EXT4-fs (loop0): unmounting filesystem. [ 195.651792][ T8808] xt_hashlimit: max too large, truncated to 1048576 [ 197.251295][ T8810] bond0 speed is unknown, defaulting to 1000 [ 197.253481][ T8810] lo speed is unknown, defaulting to 1000 [ 197.462816][ T4425] hid-generic 0003:0000:0000.0001: unknown main item tag 0x0 [ 197.499530][ T4425] hid-generic 0003:0000:0000.0001: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 197.677326][ T8829] loop3: detected capacity change from 0 to 512 [ 197.719395][ T8829] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 198.309943][ T8847] xt_hashlimit: max too large, truncated to 1048576 [ 199.018569][ T4307] EXT4-fs (loop3): unmounting filesystem. [ 199.085729][ T8830] fido_id[8830]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 199.104860][ T8849] loop2: detected capacity change from 0 to 128 [ 199.132291][ T8849] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 199.334957][ T4297] EXT4-fs (loop2): unmounting filesystem. [ 199.345450][ T8870] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1745'. [ 200.121418][ T8892] bond0 speed is unknown, defaulting to 1000 [ 200.123747][ T8892] lo speed is unknown, defaulting to 1000 [ 201.136637][ T8904] xt_CT: No such helper "snmp_trap" [ 201.338346][ T8913] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1763'. [ 201.898258][ T8926] bond0 speed is unknown, defaulting to 1000 [ 201.906668][ T8926] lo speed is unknown, defaulting to 1000 [ 202.508733][ T27] audit: type=1326 audit(202.460:1811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8943 comm="syz.2.1776" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 202.516631][ T27] audit: type=1326 audit(202.460:1812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8943 comm="syz.2.1776" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 202.542140][ T27] audit: type=1326 audit(202.460:1813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8943 comm="syz.2.1776" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 202.562526][ T27] audit: type=1326 audit(202.460:1814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8943 comm="syz.2.1776" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 202.585499][ T27] audit: type=1326 audit(202.470:1815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8943 comm="syz.2.1776" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 202.591501][ T8959] loop3: detected capacity change from 0 to 164 [ 202.608761][ T27] audit: type=1326 audit(202.470:1816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8943 comm="syz.2.1776" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 202.615851][ T27] audit: type=1326 audit(202.470:1817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8943 comm="syz.2.1776" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 202.626749][ T27] audit: type=1326 audit(202.470:1818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8943 comm="syz.2.1776" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=81 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 202.641750][ T27] audit: type=1326 audit(202.520:1819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8943 comm="syz.2.1776" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 202.653218][ T6121] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 202.656125][ T27] audit: type=1326 audit(202.520:1820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8943 comm="syz.2.1776" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 202.775128][ T8970] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1781'. [ 202.777947][ T8970] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1781'. [ 202.791874][ T8972] netlink: 'syz.0.1782': attribute type 10 has an invalid length. [ 202.814830][ T8972] netlink: 'syz.0.1782': attribute type 10 has an invalid length. [ 202.820728][ T8972] device dummy0 left promiscuous mode [ 202.831177][ T8972] team0: Port device dummy0 removed [ 202.835927][ T8972] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 202.918127][ T8979] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1788'. [ 202.924253][ T8979] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1788'. [ 203.226115][ T8948] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 203.227930][ T8948] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 203.237401][ T8948] Bluetooth: hci0: Suspend notifier action (1) failed: -4 [ 203.246767][ T8948] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 203.251168][ T8948] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 203.255246][ T8948] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 203.266181][ T8948] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 203.277902][ T8948] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 203.288132][ T8948] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 203.292847][ T8948] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 203.297546][ T8948] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 203.306618][ T8948] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 203.309371][ T8991] Invalid ELF header magic: != ELF [ 203.314341][ T8948] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 203.318931][ T8948] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 203.320675][ T8948] Bluetooth: hci4: Suspend notifier action (1) failed: -4 [ 203.798697][ T9011] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1800'. [ 203.801366][ T9011] device bridge_slave_1 left promiscuous mode [ 203.815183][ T9011] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.863067][ T9011] device bridge_slave_0 left promiscuous mode [ 203.865090][ T9011] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.496223][ T9054] loop4: detected capacity change from 0 to 512 [ 204.516604][ T9054] EXT4-fs: Ignoring removed nobh option [ 204.649216][ T4298] Bluetooth: hci0: command 0x0c1a tx timeout [ 204.755581][ T9054] EXT4-fs error (device loop4): ext4_do_update_inode:5253: inode #3: comm syz.4.1818: corrupted inode contents [ 204.764579][ T9054] EXT4-fs error (device loop4): ext4_dirty_inode:6118: inode #3: comm syz.4.1818: mark_inode_dirty error [ 204.770503][ T9054] EXT4-fs error (device loop4): ext4_do_update_inode:5253: inode #3: comm syz.4.1818: corrupted inode contents [ 204.796847][ T9054] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #3: comm syz.4.1818: mark_inode_dirty error [ 204.823262][ T9068] loop2: detected capacity change from 0 to 2048 [ 204.847609][ T9054] EXT4-fs error (device loop4): ext4_acquire_dquot:6814: comm syz.4.1818: Failed to acquire dquot type 0 [ 204.871160][ T9068] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 204.884408][ T9054] EXT4-fs error (device loop4): ext4_do_update_inode:5253: inode #16: comm syz.4.1818: corrupted inode contents [ 204.901754][ T9054] EXT4-fs error (device loop4): ext4_dirty_inode:6118: inode #16: comm syz.4.1818: mark_inode_dirty error [ 204.924070][ T9054] EXT4-fs error (device loop4): ext4_do_update_inode:5253: inode #16: comm syz.4.1818: corrupted inode contents [ 204.943137][ T14] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 204.945450][ T9054] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #16: comm syz.4.1818: mark_inode_dirty error [ 204.945995][ T14] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 204.954187][ T4297] EXT4-fs (loop2): unmounting filesystem. [ 204.973564][ T9054] EXT4-fs error (device loop4): ext4_do_update_inode:5253: inode #16: comm syz.4.1818: corrupted inode contents [ 205.013027][ T9054] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 205.015899][ T9054] EXT4-fs error (device loop4): ext4_do_update_inode:5253: inode #16: comm syz.4.1818: corrupted inode contents [ 205.017394][ T9082] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1827'. [ 205.032686][ T9054] EXT4-fs error (device loop4): ext4_truncate:4312: inode #16: comm syz.4.1818: mark_inode_dirty error [ 205.048325][ T9054] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 205.054916][ T9082] device bridge_slave_1 left promiscuous mode [ 205.056710][ T9082] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.069521][ T9054] EXT4-fs (loop4): 1 truncate cleaned up [ 205.071102][ T9054] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 205.135394][ T9082] device bridge_slave_0 left promiscuous mode [ 205.137396][ T9082] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.170427][ T4310] EXT4-fs (loop4): unmounting filesystem. [ 205.273783][ T9085] fido_id[9085]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 205.308825][ T4312] Bluetooth: hci3: command 0x0c1a tx timeout [ 205.314340][ T4298] Bluetooth: hci2: command 0x0c1a tx timeout [ 205.316686][ T4308] Bluetooth: hci1: command 0x0c1a tx timeout [ 205.388546][ T4298] Bluetooth: hci4: command 0x0c1a tx timeout [ 206.035215][ T9133] netlink: 'syz.2.1850': attribute type 3 has an invalid length. [ 206.176597][ T9131] bond0 speed is unknown, defaulting to 1000 [ 206.197914][ T9131] lo speed is unknown, defaulting to 1000 [ 206.658749][ T4298] Bluetooth: hci0: command 0x0406 tx timeout [ 206.734927][ T9121] device veth1_to_bond entered promiscuous mode [ 206.834418][ T9145] device veth1_to_bond left promiscuous mode [ 207.408471][ T4298] Bluetooth: hci1: command 0x0406 tx timeout [ 207.410314][ T4298] Bluetooth: hci2: command 0x0406 tx timeout [ 207.411994][ T4298] Bluetooth: hci3: command 0x0406 tx timeout [ 207.458390][ T4298] Bluetooth: hci4: command 0x0406 tx timeout [ 207.520157][ T27] kauditd_printk_skb: 952 callbacks suppressed [ 207.520169][ T27] audit: type=1326 audit(207.480:2771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.4.1841" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7fc00000 [ 207.610471][ T27] audit: type=1326 audit(207.480:2772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.4.1841" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8fd5a8a8 code=0x7fc00000 [ 207.640399][ T27] audit: type=1326 audit(207.490:2773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.4.1841" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7fc00000 [ 207.646624][ T27] audit: type=1326 audit(207.490:2774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.4.1841" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7fc00000 [ 207.678552][ T27] audit: type=1326 audit(207.490:2775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.4.1841" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7fc00000 [ 207.712006][ T27] audit: type=1326 audit(207.490:2776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.4.1841" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7fc00000 [ 207.742357][ T27] audit: type=1326 audit(207.490:2777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.4.1841" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7fc00000 [ 207.765881][ T27] audit: type=1326 audit(207.490:2778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.4.1841" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7fc00000 [ 207.785655][ T27] audit: type=1326 audit(207.490:2779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.4.1841" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7fc00000 [ 207.803016][ T27] audit: type=1326 audit(207.490:2780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.4.1841" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7fc00000 [ 207.876243][ T9167] bond0 speed is unknown, defaulting to 1000 [ 207.895987][ T9167] lo speed is unknown, defaulting to 1000 [ 208.785126][ T9213] netlink: 'syz.3.1882': attribute type 4 has an invalid length. [ 208.787813][ T9213] netlink: 'syz.3.1882': attribute type 4 has an invalid length. [ 208.960431][ T9223] loop4: detected capacity change from 0 to 2048 [ 208.973651][ T9221] netlink: 'syz.2.1881': attribute type 10 has an invalid length. [ 209.000603][ T9223] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 209.008115][ T9221] device dummy0 entered promiscuous mode [ 209.011418][ T9221] team0: Port device dummy0 added [ 209.017680][ T9224] netlink: 'syz.2.1881': attribute type 10 has an invalid length. [ 209.032433][ T9223] EXT4-fs error (device loop4): ext4_find_extent:936: inode #2: comm syz.4.1886: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 209.095730][ T9224] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 209.116174][ T9223] EXT4-fs (loop4): Remounting filesystem read-only [ 209.175486][ T9224] team0: Failed to send options change via netlink (err -105) [ 209.177654][ T9224] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 209.187366][ T9224] team0: Port device dummy0 removed [ 209.193399][ T4310] EXT4-fs (loop4): unmounting filesystem. [ 209.200210][ T9224] device dummy0 left promiscuous mode [ 209.230477][ T9224] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 209.237666][ T9232] : renamed from vlan1 [ 209.280590][ T9240] loop8: detected capacity change from 0 to 16384 [ 209.625631][ T9257] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1900'. [ 209.806205][ T9262] netem: change failed [ 209.995916][ T9271] IPVS: stopping master sync thread 9273 ... [ 210.085931][ T9275] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1908'. [ 210.117682][ T9275] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1908'. [ 211.113785][ T9327] loop4: detected capacity change from 0 to 512 [ 211.126928][ T9327] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 211.155701][ T9316] bond0 speed is unknown, defaulting to 1000 [ 211.168040][ T9316] lo speed is unknown, defaulting to 1000 [ 211.170614][ T9327] EXT4-fs (loop4): 1 truncate cleaned up [ 211.172273][ T9327] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 211.339645][ T4310] EXT4-fs (loop4): unmounting filesystem. [ 211.421881][ T9343] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1934'. [ 211.424542][ T9343] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 211.580182][ T9343] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 211.793376][ T9364] sctp: [Deprecated]: syz.4.1946 (pid 9364) Use of int in max_burst socket option. [ 211.793376][ T9364] Use struct sctp_assoc_value instead [ 211.875222][ T9366] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1947'. [ 212.123951][ T9382] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.1955' sets config #1 [ 212.235879][ T9385] loop0: detected capacity change from 0 to 2048 [ 212.275003][ T9385] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 212.319316][ T9385] EXT4-fs error (device loop0): ext4_find_extent:936: inode #2: comm syz.0.1956: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 212.324222][ T9385] EXT4-fs (loop0): Remounting filesystem read-only [ 212.360700][ T9393] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 212.392115][ T4299] EXT4-fs (loop0): unmounting filesystem. [ 212.483550][ T9395] loop3: detected capacity change from 0 to 128 [ 212.505801][ T9395] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 212.575256][ T27] kauditd_printk_skb: 2423 callbacks suppressed [ 212.575269][ T27] audit: type=1326 audit(212.531:5204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9405 comm="syz.1.1965" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 212.593702][ T27] audit: type=1326 audit(212.531:5205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9405 comm="syz.1.1965" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 212.608098][ T27] audit: type=1326 audit(212.531:5206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9405 comm="syz.1.1965" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 212.645772][ T27] audit: type=1326 audit(212.541:5207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9405 comm="syz.1.1965" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 212.682058][ T27] audit: type=1326 audit(212.541:5208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9405 comm="syz.1.1965" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 212.710370][ T27] audit: type=1326 audit(212.541:5209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9405 comm="syz.1.1965" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=448 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 212.724957][ T4307] EXT4-fs (loop3): unmounting filesystem. [ 212.772257][ T27] audit: type=1326 audit(212.541:5210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9405 comm="syz.1.1965" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 212.802508][ T27] audit: type=1326 audit(212.571:5211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9408 comm="syz.1.1966" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 212.828137][ T27] audit: type=1326 audit(212.571:5212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9408 comm="syz.1.1966" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=104 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 212.858179][ T27] audit: type=1326 audit(212.571:5213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9408 comm="syz.1.1966" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 213.092188][ T9437] netdevsim netdevsim1: Direct firmware load for  failed with error -2 [ 213.094660][ T9437] netdevsim netdevsim1: Falling back to sysfs fallback for:  [ 213.100572][ T9434] loop3: detected capacity change from 0 to 2048 [ 213.157491][ T9434] loop3: p2 < > p4 [ 213.160572][ T9434] loop3: p4 size 8192 extends beyond EOD, truncated [ 214.085706][ T6123] udevd[6123]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 214.161703][ T6121] udevd[6121]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 214.248577][ T9459] loop0: detected capacity change from 0 to 2048 [ 214.290766][ T9459] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 214.357121][ T4299] EXT4-fs (loop0): unmounting filesystem. [ 214.401305][ T9475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 214.416417][ T9475] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 214.710582][ T9496] loop0: detected capacity change from 0 to 1024 [ 214.742761][ T9498] loop2: detected capacity change from 0 to 2048 [ 214.766643][ T9496] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 214.804433][ T9498] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 214.812022][ T4299] EXT4-fs (loop0): unmounting filesystem. [ 214.887680][ T4297] EXT4-fs (loop2): unmounting filesystem. [ 215.204269][ T9525] loop4: detected capacity change from 0 to 512 [ 215.222520][ T9525] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 215.237727][ T9525] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.2016: iget: bad extended attribute block 1 [ 215.258321][ T9525] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.2016: couldn't read orphan inode 15 (err -117) [ 215.262013][ T9525] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 215.395644][ T4310] EXT4-fs (loop4): unmounting filesystem. [ 215.437012][ T9533] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2018'. [ 215.495791][ T9529] bond0 speed is unknown, defaulting to 1000 [ 215.504692][ T9529] lo speed is unknown, defaulting to 1000 [ 215.814838][ T9555] loop2: detected capacity change from 0 to 1024 [ 215.840002][ T9555] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 215.908952][ T4297] EXT4-fs (loop2): unmounting filesystem. [ 216.050683][ T9566] loop2: detected capacity change from 0 to 1024 [ 216.074353][ T9566] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 216.148471][ T4297] EXT4-fs (loop2): unmounting filesystem. [ 216.775096][ T9602] loop2: detected capacity change from 0 to 512 [ 216.794604][ T9602] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 216.817981][ T9602] EXT4-fs (loop2): 1 truncate cleaned up [ 216.819661][ T9602] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 216.847440][ T4297] EXT4-fs (loop2): unmounting filesystem. [ 217.205933][ T9611] bond0 speed is unknown, defaulting to 1000 [ 217.222863][ T9611] lo speed is unknown, defaulting to 1000 [ 217.424356][ T9625] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2056'. [ 217.455045][ T9627] loop0: detected capacity change from 0 to 2048 [ 217.499953][ T9627] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 217.517628][ T9627] EXT4-fs error (device loop0): ext4_find_extent:936: inode #2: comm syz.0.2059: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 217.533605][ T9627] EXT4-fs (loop0): Remounting filesystem read-only [ 217.566024][ T4299] EXT4-fs (loop0): unmounting filesystem. [ 217.582680][ T27] kauditd_printk_skb: 303 callbacks suppressed [ 217.582693][ T27] audit: type=1326 audit(217.541:5517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9630 comm="syz.1.2060" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffff9c958f70 code=0x7ffc0000 [ 217.602329][ T27] audit: type=1326 audit(217.561:5518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9630 comm="syz.1.2060" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=215 compat=0 ip=0xffff9c95a94c code=0x7ffc0000 [ 217.632391][ T27] audit: type=1326 audit(217.561:5519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9630 comm="syz.1.2060" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff9c958dd4 code=0x7ffc0000 [ 217.671254][ T27] audit: type=1326 audit(217.561:5520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9630 comm="syz.1.2060" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=57 compat=0 ip=0xffff9c9591ac code=0x7ffc0000 [ 217.698933][ T27] audit: type=1326 audit(217.571:5521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9630 comm="syz.1.2060" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 217.727321][ T27] audit: type=1326 audit(217.661:5522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9634 comm="syz.0.2062" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 217.757224][ T27] audit: type=1326 audit(217.661:5523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9634 comm="syz.0.2062" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 217.764720][ T27] audit: type=1326 audit(217.671:5524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9634 comm="syz.0.2062" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=178 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 217.771145][ T27] audit: type=1326 audit(217.671:5525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9634 comm="syz.0.2062" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 217.777252][ T27] audit: type=1326 audit(217.671:5526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9634 comm="syz.0.2062" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 217.954560][ T9644] netlink: 'syz.4.2065': attribute type 13 has an invalid length. [ 217.956926][ T9644] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 217.985166][ T9644] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 218.027972][ T9644] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 219.122969][ T9699] loop3: detected capacity change from 0 to 2048 [ 219.360614][ T9699] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 219.457584][ T4307] EXT4-fs (loop3): unmounting filesystem. [ 219.855032][ T9716] bond0 speed is unknown, defaulting to 1000 [ 219.857209][ T9716] lo speed is unknown, defaulting to 1000 [ 220.146638][ T9735] loop0: detected capacity change from 0 to 2048 [ 220.203092][ T9735] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 220.346747][ T4299] EXT4-fs (loop0): unmounting filesystem. [ 220.854645][ T9769] netlink: 'syz.3.2112': attribute type 4 has an invalid length. [ 221.128103][ T4354] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 221.165437][ T9786] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2118'. [ 221.317678][ T4354] usb 1-1: Using ep0 maxpacket: 32 [ 221.324887][ T4354] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 221.328746][ T4354] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 221.331244][ T4354] usb 1-1: config 0 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 221.335155][ T4354] usb 1-1: config 0 interface 0 has no altsetting 1 [ 221.344141][ T4354] usb 1-1: New USB device found, idVendor=0582, idProduct=0033, bcdDevice=8e.57 [ 221.346660][ T4354] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.349692][ T4354] usb 1-1: Product: syz [ 221.350895][ T4354] usb 1-1: Manufacturer: syz [ 221.352152][ T4354] usb 1-1: SerialNumber: syz [ 221.372900][ T4354] usb 1-1: config 0 descriptor?? [ 221.423504][ T4354] snd-usb-audio: probe of 1-1:0.0 failed with error -2 [ 221.536168][ T6121] udevd[6121]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 221.614368][ T4354] usb 1-1: USB disconnect, device number 2 [ 221.665007][ T9810] loop4: detected capacity change from 0 to 512 [ 221.725443][ T9810] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 221.804108][ T9813] loop2: detected capacity change from 0 to 4096 [ 221.834975][ T4310] EXT4-fs (loop4): unmounting filesystem. [ 221.899042][ T9813] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 222.265213][ T4297] EXT4-fs (loop2): unmounting filesystem. [ 222.354828][ T9829] loop0: detected capacity change from 0 to 512 [ 222.382248][ T9829] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 222.384782][ T9829] EXT4-fs (loop0): invalid journal inode [ 222.387219][ T9829] EXT4-fs (loop0): can't get journal size [ 222.454630][ T9829] EXT4-fs (loop0): 1 truncate cleaned up [ 222.456415][ T9829] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 222.675223][ T4299] EXT4-fs (loop0): unmounting filesystem. [ 222.740914][ T9841] loop9: detected capacity change from 0 to 7 [ 222.744988][ T6121] Dev loop9: unable to read RDB block 7 [ 222.746546][ T6121] loop9: unable to read partition table [ 222.757639][ T6121] loop9: partition table beyond EOD, truncated [ 222.945041][ T9841] Dev loop9: unable to read RDB block 7 [ 222.946757][ T9841] loop9: unable to read partition table [ 222.992591][ T9841] loop9: partition table beyond EOD, truncated [ 222.994358][ T9841] loop_reread_partitions: partition scan of loop9 (被ڬdƤݡ [ 222.994358][ T9841] U) failed (rc=-5) [ 223.022172][ T9851] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.144729][ T9851] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.315336][ T9851] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.430072][ T9851] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.472869][ T9886] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2155'. [ 223.682569][ T9851] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.731883][ T9851] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.770224][ T9851] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.827014][ T9851] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.025360][ T9901] netlink: 'syz.4.2160': attribute type 2 has an invalid length. [ 224.035422][ T9901] netlink: 'syz.4.2160': attribute type 1 has an invalid length. [ 224.215596][ T27] kauditd_printk_skb: 361 callbacks suppressed [ 224.215608][ T27] audit: type=1326 audit(224.171:5888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9904 comm="syz.4.2162" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 224.224877][ T27] audit: type=1326 audit(224.181:5889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9904 comm="syz.4.2162" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=85 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 224.230885][ T27] audit: type=1326 audit(224.181:5890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9904 comm="syz.4.2162" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 224.236755][ T27] audit: type=1326 audit(224.181:5891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9904 comm="syz.4.2162" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=87 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 224.254731][ T9907] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2163'. [ 224.257899][ T27] audit: type=1326 audit(224.181:5892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9904 comm="syz.4.2162" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 224.512153][ T27] audit: type=1326 audit(224.471:5893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9919 comm="syz.1.2168" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 224.524427][ T27] audit: type=1326 audit(224.471:5894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9919 comm="syz.1.2168" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 224.530635][ T27] audit: type=1326 audit(224.471:5895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9919 comm="syz.1.2168" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 224.536362][ T27] audit: type=1326 audit(224.471:5896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9919 comm="syz.1.2168" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 224.542669][ T27] audit: type=1326 audit(224.471:5897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9919 comm="syz.1.2168" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 224.863222][ T9942] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2179'. [ 225.498938][ T9966] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2188'. [ 225.988951][ T9994] loop3: detected capacity change from 0 to 764 [ 226.043835][ T9994] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 226.058540][ T9998] loop4: detected capacity change from 0 to 128 [ 226.412785][T10018] loop3: detected capacity change from 0 to 1024 [ 226.417178][T10018] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 226.482026][T10018] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 226.575851][ T4307] EXT4-fs (loop3): unmounting filesystem. [ 226.628321][T10015] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.630559][T10015] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.873387][T10035] loop4: detected capacity change from 0 to 1024 [ 227.891717][T10035] EXT4-fs: Ignoring removed nobh option [ 227.893404][T10035] EXT4-fs: Ignoring removed bh option [ 227.894848][T10035] EXT4-fs: Ignoring removed mblk_io_submit option [ 227.911458][T10015] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.913982][T10015] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.916390][T10015] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.928320][T10035] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 227.961052][T10015] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.982933][ T4310] EXT4-fs (loop4): unmounting filesystem. [ 228.412407][T10049] netlink: 'syz.0.2219': attribute type 9 has an invalid length. [ 228.418023][T10049] netlink: 'syz.0.2219': attribute type 6 has an invalid length. [ 228.502940][T10051] loop2: detected capacity change from 0 to 512 [ 228.573765][T10057] tipc: Started in network mode [ 228.575250][T10057] tipc: Node identity ac14140f, cluster identity 4711 [ 228.587713][T10057] tipc: New replicast peer: 255.255.255.255 [ 228.612291][T10051] EXT4-fs (loop2): 1 orphan inode deleted [ 228.621295][T10051] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 228.630073][T10057] tipc: Enabled bearer , priority 10 [ 228.636339][ T4468] EXT4-fs error (device loop2): ext4_release_dquot:6850: comm kworker/u4:6: Failed to release dquot type 1 [ 228.731223][ T4297] EXT4-fs (loop2): unmounting filesystem. [ 228.872842][T10068] loop2: detected capacity change from 0 to 512 [ 228.902555][T10068] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 228.909917][T10068] EXT4-fs warning (device loop2): dx_probe:869: inode #2: comm syz.2.2226: Unimplemented hash flags: 0x0001 [ 228.913741][T10068] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.2226: Corrupt directory, running e2fsck is recommended [ 228.951284][T10068] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 3: comm syz.2.2226: path /446/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=4294967295, rec_len=7, size=1024 fake=0 [ 229.055497][T10033] Set syz1 is full, maxelem 65536 reached [ 229.095434][ T4297] EXT4-fs (loop2): unmounting filesystem. [ 229.239510][ T27] kauditd_printk_skb: 97 callbacks suppressed [ 229.239523][ T27] audit: type=1326 audit(229.202:5994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10074 comm="syz.2.2229" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=215 compat=0 ip=0xffffa3b5a94c code=0x7ffc0000 [ 229.253879][ T27] audit: type=1326 audit(229.212:5995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10074 comm="syz.2.2229" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffa3b58dd4 code=0x7ffc0000 [ 229.267695][ T27] audit: type=1326 audit(229.232:5996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10074 comm="syz.2.2229" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffffa3b5a3d0 code=0x7ffc0000 [ 229.274114][T10076] loop2: detected capacity change from 0 to 1024 [ 229.276878][ T27] audit: type=1326 audit(229.232:5997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10074 comm="syz.2.2229" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=57 compat=0 ip=0xffffa3b591ac code=0x7ffc0000 [ 229.285281][ T27] audit: type=1326 audit(229.232:5998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10074 comm="syz.2.2229" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=57 compat=0 ip=0xffffa3b591ac code=0x7ffc0000 [ 229.292082][T10076] ext4: Unknown parameter 'appraise' [ 229.295129][ T27] audit: type=1326 audit(229.232:5999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10074 comm="syz.2.2229" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=34 compat=0 ip=0xffffa3b58cb4 code=0x7ffc0000 [ 229.305143][ T27] audit: type=1326 audit(229.232:6000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10074 comm="syz.2.2229" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=40 compat=0 ip=0xffffa3b5c34c code=0x7ffc0000 [ 229.311823][ T27] audit: type=1326 audit(229.262:6001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10074 comm="syz.2.2229" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffa3b58dd4 code=0x7ffc0000 [ 229.319846][ T27] audit: type=1326 audit(229.262:6002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10074 comm="syz.2.2229" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffffa3b5a3d0 code=0x7ffc0000 [ 229.325843][ T27] audit: type=1326 audit(229.262:6003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10074 comm="syz.2.2229" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=57 compat=0 ip=0xffffa3b591ac code=0x7ffc0000 [ 229.551888][T10091] loop0: detected capacity change from 0 to 1024 [ 229.565544][T10091] EXT4-fs: Ignoring removed nobh option [ 229.577447][T10091] EXT4-fs: Ignoring removed bh option [ 229.585124][T10091] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 229.621002][T10091] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 229.709356][ T4354] tipc: Node number set to 2886997007 [ 229.721610][ T4299] EXT4-fs (loop0): unmounting filesystem. [ 230.247024][T10103] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2239'. [ 230.551402][T10126] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2247'. [ 230.590786][T10119] bond0 speed is unknown, defaulting to 1000 [ 230.593232][T10119] lo speed is unknown, defaulting to 1000 [ 231.053871][T10145] vhci_hcd: invalid port number 96 [ 231.055321][T10145] vhci_hcd: default hub control req: 0400 v1b14 i0060 l0 [ 231.434873][T10170] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2266'. [ 231.437560][T10170] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2266'. [ 231.481486][T10170] device bond1 entered promiscuous mode [ 231.493714][T10170] 8021q: adding VLAN 0 to HW filter on device bond1 [ 231.874687][T10186] loop3: detected capacity change from 0 to 1024 [ 231.884876][T10186] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 231.910582][T10186] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 231.916070][T10186] JBD2: no valid journal superblock found [ 231.920536][T10186] EXT4-fs (loop3): error loading journal [ 231.924527][T10188] device syzkaller1 entered promiscuous mode [ 232.850648][T10215] loop0: detected capacity change from 0 to 1024 [ 232.937462][T10215] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 234.030989][ T4299] EXT4-fs (loop0): unmounting filesystem. [ 234.157938][T10237] loop0: detected capacity change from 0 to 512 [ 234.187714][T10237] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 234.211713][T10237] EXT4-fs (loop0): orphan cleanup on readonly fs [ 234.213835][T10237] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:511: comm syz.0.2291: Block bitmap for bg 0 marked uninitialized [ 234.262097][T10237] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 234.315490][T10237] EXT4-fs (loop0): 1 orphan inode deleted [ 234.325164][T10237] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 234.382416][T10237] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 234.445266][T10249] bond0 speed is unknown, defaulting to 1000 [ 234.461297][T10237] EXT4-fs (loop0): re-mounted. Quota mode: none. [ 234.487838][T10254] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2297'. [ 234.491609][T10249] lo speed is unknown, defaulting to 1000 [ 234.551486][T10237] EXT4-fs (loop0): unmounting filesystem. [ 234.585394][T10254] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 234.615465][T10254] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 234.932246][ T27] kauditd_printk_skb: 59 callbacks suppressed [ 234.932260][ T27] audit: type=1326 audit(234.892:6063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10272 comm="syz.1.2300" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 234.952425][ T27] audit: type=1326 audit(234.892:6064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10272 comm="syz.1.2300" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 234.959512][ T27] audit: type=1326 audit(234.892:6065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10272 comm="syz.1.2300" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 234.966113][ T27] audit: type=1326 audit(234.892:6066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10272 comm="syz.1.2300" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=85 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 235.004464][ T27] audit: type=1326 audit(234.892:6067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10272 comm="syz.1.2300" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 235.258903][ T27] audit: type=1326 audit(234.892:6068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10272 comm="syz.1.2300" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=86 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 235.412391][ T27] audit: type=1326 audit(234.892:6069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10272 comm="syz.1.2300" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 236.971183][T10324] loop0: detected capacity change from 0 to 2048 [ 237.014607][T10324] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 237.151485][ T4299] EXT4-fs (loop0): unmounting filesystem. [ 237.256108][T10335] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 237.647321][T10356] netlink: 'syz.1.2328': attribute type 10 has an invalid length. [ 237.761622][T10361] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2329'. [ 237.768600][T10361] 0X: renamed from caif0 [ 237.788934][ T27] audit: type=1326 audit(237.752:6070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10362 comm="syz.1.2330" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 237.795376][ T27] audit: type=1326 audit(237.752:6071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10362 comm="syz.1.2330" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=20 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 237.806316][ T27] audit: type=1326 audit(237.752:6072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10362 comm="syz.1.2330" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 237.847459][T10361] A link change request failed with some changes committed already. Interface 60X may have been left with an inconsistent configuration, please check. [ 237.865259][T10366] sch_tbf: burst 0 is lower than device lo mtu (18) ! [ 237.932512][T10371] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2333'. [ 238.007464][T10371] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2333'. [ 238.121545][T10371] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2333'. [ 238.244478][T10386] netlink: 'syz.1.2340': attribute type 11 has an invalid length. [ 238.262040][T10386] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2340'. [ 238.349009][T10386] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 239.577945][T10415] netlink: 'syz.3.2345': attribute type 10 has an invalid length. [ 239.580204][T10415] device syz_tun entered promiscuous mode [ 239.604807][T10415] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 240.305146][ T27] kauditd_printk_skb: 28 callbacks suppressed [ 240.305159][ T27] audit: type=1326 audit(240.262:6101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10457 comm="syz.0.2359" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 240.316568][ T27] audit: type=1326 audit(240.272:6102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10457 comm="syz.0.2359" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 240.331100][ T27] audit: type=1326 audit(240.272:6103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10457 comm="syz.0.2359" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 240.343574][ T27] audit: type=1326 audit(240.272:6104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10457 comm="syz.0.2359" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 240.353978][ T27] audit: type=1326 audit(240.272:6105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10457 comm="syz.0.2359" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 240.364707][ T27] audit: type=1326 audit(240.272:6106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10457 comm="syz.0.2359" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=81 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 240.375869][ T27] audit: type=1326 audit(240.302:6107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10459 comm="syz.4.2360" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 240.386601][ T27] audit: type=1326 audit(240.302:6108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10459 comm="syz.4.2360" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 240.393057][ T27] audit: type=1326 audit(240.302:6109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10457 comm="syz.0.2359" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 240.408355][ T27] audit: type=1326 audit(240.302:6110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10457 comm="syz.0.2359" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 240.424401][T10461] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2359'. [ 241.278385][T10461] bridge0: port 3(team0) entered disabled state [ 241.318003][T10461] device team_slave_0 left promiscuous mode [ 241.321784][T10461] team0 (unregistering): Port device team_slave_0 removed [ 241.330729][T10461] device team_slave_1 left promiscuous mode [ 241.335676][T10461] team0 (unregistering): Port device team_slave_1 removed [ 242.042063][T10483] sch_tbf: burst 0 is lower than device lo mtu (11337746) ! [ 242.087650][T10493] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2373'. [ 242.123585][T10496] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2374'. [ 242.152921][T10496] device batadv0 entered promiscuous mode [ 242.301905][T10491] lo speed is unknown, defaulting to 1000 [ 242.400386][T10509] loop4: detected capacity change from 0 to 8192 [ 242.531414][T10515] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2382'. [ 242.534683][T10515] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2382'. [ 244.389316][T10599] loop1: detected capacity change from 0 to 2048 [ 244.485344][T10599] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 245.077003][T10599] __nla_validate_parse: 1 callbacks suppressed [ 245.077019][T10599] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2414'. [ 245.113599][T10610] netlink: 'syz.4.2417': attribute type 10 has an invalid length. [ 245.120543][T10610] device syz_tun entered promiscuous mode [ 245.142416][ T4296] EXT4-fs (loop1): unmounting filesystem. [ 245.168765][T10610] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 245.212926][T10620] loop3: detected capacity change from 0 to 512 [ 245.257332][T10620] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 245.400591][T10630] loop0: detected capacity change from 0 to 512 [ 245.456735][T10630] EXT4-fs (loop0): orphan cleanup on readonly fs [ 245.477257][T10630] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.2422: bg 0: block 248: padding at end of block bitmap is not set [ 245.504313][T10630] __quota_error: 81 callbacks suppressed [ 245.504327][T10630] Quota error (device loop0): write_blk: dquota write failed [ 245.516629][T10640] loop4: detected capacity change from 0 to 512 [ 245.519510][T10640] EXT4-fs: Ignoring removed i_version option [ 245.537147][T10640] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 245.547152][T10630] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 245.562652][T10640] EXT4-fs (loop4): orphan cleanup on readonly fs [ 245.582375][T10640] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.2428: bg 0: block 248: padding at end of block bitmap is not set [ 245.587490][T10630] EXT4-fs error (device loop0): ext4_acquire_dquot:6814: comm syz.0.2422: Failed to acquire dquot type 1 [ 245.606086][T10640] Quota error (device loop4): write_blk: dquota write failed [ 245.609252][T10630] EXT4-fs (loop0): 1 truncate cleaned up [ 245.611148][T10640] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 245.623951][T10630] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 245.629661][T10640] EXT4-fs error (device loop4): ext4_acquire_dquot:6814: comm syz.4.2428: Failed to acquire dquot type 1 [ 245.674552][T10640] EXT4-fs (loop4): 1 truncate cleaned up [ 245.681504][T10640] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 245.712164][ T4299] EXT4-fs (loop0): unmounting filesystem. [ 245.717615][ T4310] EXT4-fs (loop4): unmounting filesystem. [ 246.025739][ T4307] EXT4-fs (loop3): unmounting filesystem. [ 246.088502][T10663] loop0: detected capacity change from 0 to 512 [ 246.108145][T10663] ext4: Unknown parameter 'hash' [ 246.221178][T10669] loop4: detected capacity change from 0 to 1024 [ 246.255328][T10669] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 246.278177][T10668] netlink: 'syz.1.2436': attribute type 10 has an invalid length. [ 246.294338][T10668] device syz_tun entered promiscuous mode [ 246.319607][T10668] infiniband syz1: set down [ 246.435975][ T4310] EXT4-fs (loop4): unmounting filesystem. [ 246.561528][T10677] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 246.711556][T10681] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2441'. [ 246.717632][T10681] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2441'. [ 246.945924][ T27] audit: type=1326 audit(246.903:6192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10696 comm="syz.1.2450" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 246.954756][ T27] audit: type=1326 audit(246.913:6193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10696 comm="syz.1.2450" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 246.967475][ T27] audit: type=1326 audit(246.923:6194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10696 comm="syz.1.2450" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 246.976710][ T27] audit: type=1326 audit(246.923:6195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10696 comm="syz.1.2450" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 246.988264][ T27] audit: type=1326 audit(246.923:6196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10696 comm="syz.1.2450" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 246.994192][ T27] audit: type=1326 audit(246.923:6197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10696 comm="syz.1.2450" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c95a8a8 code=0x7ffc0000 [ 247.205650][T10714] netlink: 65039 bytes leftover after parsing attributes in process `syz.3.2458'. [ 247.318878][T10721] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2460'. [ 247.356405][T10722] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2462'. [ 247.838674][T10758] netlink: 'syz.0.2479': attribute type 13 has an invalid length. [ 247.841785][T10758] gretap0: refused to change device tx_queue_len [ 247.850708][T10758] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 247.971980][T10764] loop2: detected capacity change from 0 to 1024 [ 248.012866][T10764] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 248.033443][T10764] xt_recent: hitcount (16385) is larger than allowed maximum (255) [ 248.064583][T10775] loop3: detected capacity change from 0 to 512 [ 248.100667][T10775] EXT4-fs warning (device loop3): ext4_enable_quotas:7066: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 248.105926][T10775] EXT4-fs (loop3): mount failed [ 248.144373][ T4297] EXT4-fs (loop2): unmounting filesystem. [ 248.817649][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 248.819573][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 249.083071][T10804] loop3: detected capacity change from 0 to 256 [ 249.443146][T10812] netlink: 'syz.3.2501': attribute type 10 has an invalid length. [ 250.331680][T10812] team0 (unregistering): Port device dummy0 removed [ 250.392807][T10833] netlink: 27 bytes leftover after parsing attributes in process `syz.2.2510'. [ 250.520369][T10838] lo speed is unknown, defaulting to 1000 [ 250.913322][T10869] rdma_op 000000000a2a3d7e conn xmit_rdma 0000000000000000 [ 250.951670][T10871] loop2: detected capacity change from 0 to 1024 [ 251.992752][T10883] netlink: 'syz.3.2529': attribute type 1 has an invalid length. [ 252.172370][T10893] loop4: detected capacity change from 0 to 1024 [ 252.178811][T10893] EXT4-fs: Ignoring removed i_version option [ 252.368545][T10893] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:477: comm syz.4.2531: Invalid block bitmap block 0 in block_group 0 [ 252.374110][T10893] __quota_error: 36 callbacks suppressed [ 252.374121][T10893] Quota error (device loop4): write_blk: dquota write failed [ 252.377804][T10893] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 252.380930][T10893] EXT4-fs error (device loop4): ext4_acquire_dquot:6814: comm syz.4.2531: Failed to acquire dquot type 0 [ 252.388255][T10893] EXT4-fs error (device loop4): ext4_free_blocks:6210: comm syz.4.2531: Freeing blocks not in datazone - block = 0, count = 4096 [ 252.394267][T10893] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.2531: Invalid inode bitmap blk 0 in block_group 0 [ 252.399676][T10893] EXT4-fs error (device loop4) in ext4_free_inode:362: Corrupt filesystem [ 252.404012][T10893] EXT4-fs (loop4): 1 orphan inode deleted [ 252.405715][T10893] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 252.579106][ T5365] Quota error (device loop4): do_check_range: Getting block 0 out of range 1-8 [ 252.581859][ T5365] EXT4-fs error (device loop4): ext4_release_dquot:6850: comm kworker/u4:11: Failed to release dquot type 0 [ 252.655907][T10897] lo speed is unknown, defaulting to 1000 [ 253.346480][T10900] sch_tbf: burst 32855 is lower than device lo mtu (11337746) ! [ 253.506626][T10909] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 253.743703][T10914] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2539'. [ 254.464689][ T4310] EXT4-fs (loop4): unmounting filesystem. [ 255.878776][T10948] netlink: 'syz.0.2554': attribute type 10 has an invalid length. [ 255.926760][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 255.928798][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 255.930782][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 255.932801][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 255.942810][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 255.944840][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 255.952350][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 255.954418][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 255.960915][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 255.963027][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 255.965053][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 255.973230][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 255.975248][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 255.985970][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 255.987973][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 255.990002][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 255.992062][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.004426][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.006872][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.008896][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.014766][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.021161][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.023309][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.025388][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.032404][T10953] loop3: detected capacity change from 0 to 1024 [ 256.033991][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.040317][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.042335][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.044330][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.051274][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.053394][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.055375][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.062246][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.064401][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.068966][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.071096][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.073063][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.075031][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.081860][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.084254][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.090826][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.092845][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.094822][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.103139][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.105271][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.110848][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.113004][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.114933][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.124756][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.127088][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.133053][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.135103][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.143493][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.145565][ T4354] hid-generic 0008:0006:0007.0003: unknown main item tag 0x0 [ 256.166330][ T4354] hid-generic 0008:0006:0007.0003: hidraw0: HID v0.0b Device [syz1] on syz1 [ 256.201605][T10953] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 256.282188][T10962] fido_id[10962]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 256.311866][ T4307] EXT4-fs (loop3): unmounting filesystem. [ 256.408143][T10971] loop4: detected capacity change from 0 to 128 [ 256.624582][T10982] loop0: detected capacity change from 0 to 128 [ 256.727893][T10985] netlink: 'syz.1.2569': attribute type 1 has an invalid length. [ 256.889888][T10972] xt_CT: You must specify a L4 protocol and not use inversions on it [ 257.185386][ T27] audit: type=1326 audit(257.143:6233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10999 comm="syz.0.2575" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 257.191668][ T27] audit: type=1326 audit(257.143:6234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10999 comm="syz.0.2575" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 257.208397][ T27] audit: type=1326 audit(257.143:6235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10999 comm="syz.0.2575" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=227 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 257.228425][ T27] audit: type=1326 audit(257.143:6236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10999 comm="syz.0.2575" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 257.234231][ T27] audit: type=1326 audit(257.143:6237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10999 comm="syz.0.2575" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 257.240488][ T27] audit: type=1326 audit(257.143:6238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10999 comm="syz.0.2575" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 257.246607][ T27] audit: type=1326 audit(257.143:6239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10999 comm="syz.0.2575" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 257.593807][T11016] infiniband syz!: set down [ 257.595324][T11016] infiniband syz!: added team_slave_0 [ 257.621578][T11016] RDS/IB: syz!: added [ 257.622814][T11016] smc: adding ib device syz! with port count 1 [ 257.624601][T11016] smc: ib device syz! port 1 has pnetid [ 257.870947][T11028] netlink: 52 bytes leftover after parsing attributes in process `+}[@'. [ 258.257581][T11038] loop1: detected capacity change from 0 to 512 [ 259.025407][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 259.027501][ T27] audit: type=1107 audit(258.983:6241): pid=11049 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 259.293112][T11054] lo speed is unknown, defaulting to 1000 [ 259.300812][ T27] audit: type=1326 audit(259.263:6242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11059 comm="syz.0.2600" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 259.314432][ T27] audit: type=1326 audit(259.273:6243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11059 comm="syz.0.2600" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=426 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 259.325234][ T27] audit: type=1326 audit(259.283:6244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11059 comm="syz.0.2600" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 259.338854][ T27] audit: type=1326 audit(259.283:6245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11059 comm="syz.0.2600" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=267 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 259.344733][ T27] audit: type=1326 audit(259.283:6246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11059 comm="syz.0.2600" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98d5a8a8 code=0x7ffc0000 [ 259.403971][T11063] hub 9-0:1.0: USB hub found [ 259.412281][T11063] hub 9-0:1.0: 8 ports detected [ 259.481251][T11064] rdma_rxe: rxe_register_device failed with error -23 [ 259.483594][T11064] rdma_rxe: failed to add team_slave_0 [ 259.492661][T11066] loop0: detected capacity change from 0 to 512 [ 259.559040][T11066] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 259.705346][ T4299] EXT4-fs (loop0): unmounting filesystem. [ 259.866686][ T27] audit: type=1326 audit(259.833:6247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.4.2608" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 259.872770][ T27] audit: type=1326 audit(259.833:6248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.4.2608" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 259.892927][ T27] audit: type=1326 audit(259.843:6249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.4.2608" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 259.899505][ T27] audit: type=1326 audit(259.843:6250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.4.2608" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd5a8a8 code=0x7ffc0000 [ 259.997860][T11087] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2610'. [ 260.011221][T11086] loop4: detected capacity change from 0 to 128 [ 260.248651][ T39] kworker/u4:2: attempt to access beyond end of device [ 260.248651][ T39] loop4: rw=1, sector=145, nr_sectors = 896 limit=128 [ 260.448494][T11096] rdma_rxe: rxe_register_device failed with error -23 [ 260.450884][T11096] rdma_rxe: failed to add team_slave_0 [ 261.101956][T11099] netlink: 'syz.4.2614': attribute type 10 has an invalid length. [ 261.104562][T11099] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2614'. [ 261.110231][T11099] device team0 entered promiscuous mode [ 261.114160][T11099] device team_slave_0 entered promiscuous mode [ 261.119926][T11099] device team_slave_1 entered promiscuous mode [ 261.123135][T11099] device dummy0 entered promiscuous mode [ 261.130752][T11099] bridge0: port 3(team0) entered blocking state [ 261.134911][T11099] bridge0: port 3(team0) entered disabled state [ 261.149666][T11099] bridge0: port 3(team0) entered blocking state [ 261.151544][T11099] bridge0: port 3(team0) entered forwarding state [ 261.761717][T11138] loop2: detected capacity change from 0 to 1024 [ 261.769562][T11138] EXT4-fs: Ignoring removed i_version option [ 261.933616][T11138] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:477: comm syz.2.2632: Invalid block bitmap block 0 in block_group 0 [ 261.941298][T11138] EXT4-fs error (device loop2): ext4_acquire_dquot:6814: comm syz.2.2632: Failed to acquire dquot type 0 [ 261.951736][T11138] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz.2.2632: Freeing blocks not in datazone - block = 0, count = 4096 [ 261.960387][T11138] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.2632: Invalid inode bitmap blk 0 in block_group 0 [ 261.966270][T11138] EXT4-fs error (device loop2) in ext4_free_inode:362: Corrupt filesystem [ 261.969331][T11138] EXT4-fs (loop2): 1 orphan inode deleted [ 261.971014][T11138] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 262.148731][ T5679] EXT4-fs error (device loop2): ext4_release_dquot:6850: comm kworker/u4:16: Failed to release dquot type 0 [ 262.700823][T11138] lo speed is unknown, defaulting to 1000 [ 263.456475][T11144] netlink: 'syz.4.2636': attribute type 10 has an invalid length. [ 263.475601][T11144] netlink: 'syz.4.2636': attribute type 10 has an invalid length. [ 263.477942][T11144] device dummy0 left promiscuous mode [ 263.481907][T11144] team0: Port device dummy0 removed [ 263.490648][T11144] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 264.074658][T11150] loop1: detected capacity change from 0 to 128 [ 264.183211][T11150] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 264.411081][ T4297] EXT4-fs (loop2): unmounting filesystem. [ 264.420543][T11035] TCP: TCP_TX_DELAY enabled [ 265.980169][ T4296] EXT4-fs (loop1): unmounting filesystem. [ 266.148750][T11188] loop0: detected capacity change from 0 to 1764 [ 266.564213][T11199] loop0: detected capacity change from 0 to 1024 [ 266.566610][T11199] EXT4-fs: Ignoring removed nobh option [ 266.568209][T11199] EXT4-fs: Ignoring removed oldalloc option [ 266.617995][T11199] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 266.629310][T11199] EXT4-fs (loop0): re-mounted. Quota mode: writeback. [ 266.718425][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 266.718438][ T27] audit: type=1107 audit(266.684:6255): pid=11206 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 266.837187][ T4299] EXT4-fs (loop0): unmounting filesystem. [ 266.921973][ T27] audit: type=1326 audit(266.884:6256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11216 comm="syz.2.2668" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 266.931627][ T27] audit: type=1326 audit(266.894:6257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11216 comm="syz.2.2668" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 266.948845][ T27] audit: type=1326 audit(266.904:6258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11216 comm="syz.2.2668" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 266.954966][ T27] audit: type=1326 audit(266.904:6259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11216 comm="syz.2.2668" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 266.979734][ T27] audit: type=1326 audit(266.944:6260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11216 comm="syz.2.2668" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 266.989399][ T27] audit: type=1326 audit(266.954:6261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11216 comm="syz.2.2668" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 267.005352][ T27] audit: type=1326 audit(266.964:6262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11216 comm="syz.2.2668" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffa3b58dd4 code=0x7ffc0000 [ 267.011416][ T27] audit: type=1326 audit(266.964:6263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11216 comm="syz.2.2668" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffa3b58dd4 code=0x7ffc0000 [ 267.025169][ T27] audit: type=1326 audit(266.964:6264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11216 comm="syz.2.2668" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3b5a8a8 code=0x7ffc0000 [ 267.189076][T11236] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2676'. [ 267.381779][T11252] netlink: 'syz.4.2684': attribute type 3 has an invalid length. [ 268.067608][T11257] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 268.069591][T11257] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 268.074310][T11257] vhci_hcd vhci_hcd.0: Device attached [ 268.077956][T11258] vhci_hcd: cannot find the pending unlink 3994 [ 268.079815][T11258] usbip_core: unknown command [ 268.081160][T11258] vhci_hcd: unknown pdu 0 [ 268.082417][T11258] usbip_core: unknown command [ 268.084062][ T5364] vhci_hcd: stop threads [ 268.085800][ T5364] vhci_hcd: release socket [ 268.087663][ T5364] vhci_hcd: disconnect device [ 268.168615][T11257] : renamed from bond0 [ 268.263607][T11268] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2690'. [ 268.289218][T11269] loop1: detected capacity change from 0 to 2048 [ 268.337423][T11271] loop4: detected capacity change from 0 to 1024 [ 268.361810][T11271] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 268.367769][T11271] ext4 filesystem being mounted at /517/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 268.374562][T11269] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 268.377419][T11271] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.2691: bg 0: block 393: padding at end of block bitmap is not set [ 268.392029][T11271] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28 [ 268.395950][T11271] EXT4-fs (loop4): This should not happen!! Data will be lost [ 268.395950][T11271] [ 268.398829][T11271] EXT4-fs (loop4): Total free blocks count 0 [ 268.400616][T11271] EXT4-fs (loop4): Free/Dirty block details [ 268.414402][T11271] EXT4-fs (loop4): free_blocks=0 [ 268.416589][T11271] EXT4-fs (loop4): dirty_blocks=16 [ 268.418145][T11271] EXT4-fs (loop4): Block reservation details [ 268.419915][T11271] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 268.457409][ T4310] EXT4-fs (loop4): unmounting filesystem. [ 268.494527][ T4296] EXT4-fs (loop1): unmounting filesystem. [ 268.820535][T11300] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2703'. [ 268.977868][T11310] loop3: detected capacity change from 0 to 2048 [ 269.009413][T11310] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 269.023335][T11315] tipc: Started in network mode [ 269.025799][T11315] tipc: Node identity ac14140f, cluster identity 4711 [ 269.027992][T11315] tipc: New replicast peer: 255.255.255.255 [ 269.029982][T11315] tipc: Enabled bearer , priority 10 [ 269.032814][T11315] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2709'. [ 269.037383][T11315] tipc: Disabling bearer [ 269.843801][T11342] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2721'. [ 269.845196][ T4307] EXT4-fs (loop3): unmounting filesystem. [ 270.107910][T11360] netlink: 87 bytes leftover after parsing attributes in process `syz.3.2725'. [ 270.274508][T11371] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2732'. [ 270.464324][T11385] loop2: detected capacity change from 0 to 512 [ 270.532554][T11385] EXT4-fs (loop2): too many log groups per flexible block group [ 270.535166][T11385] EXT4-fs (loop2): failed to initialize mballoc (-12) [ 270.537304][T11385] EXT4-fs (loop2): mount failed [ 270.583336][ T6121] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 270.706929][T11401] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2739'. [ 271.449211][T11451] tipc: Started in network mode [ 271.452290][T11451] tipc: Node identity faba1394c9d9, cluster identity 4711 [ 271.457702][T11451] tipc: Enabled bearer , priority 0 [ 271.463327][T11451] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2756'. [ 271.491877][T11454] loop4: detected capacity change from 0 to 736 [ 271.513042][T11449] tipc: Disabling bearer [ 271.559918][T11454] rock: directory entry would overflow storage [ 271.561723][T11454] rock: sig=0x3b10, size=4, remaining=3 [ 271.854374][T11466] loop2: detected capacity change from 0 to 512 [ 271.918947][T11466] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 271.921690][T11466] ext4 filesystem being mounted at /557/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 272.022169][ T4297] EXT4-fs (loop2): unmounting filesystem. [ 272.658142][T11498] netlink: 1052 bytes leftover after parsing attributes in process `syz.4.2774'. [ 272.740791][T11500] @: renamed from vlan0 [ 272.951158][ T27] kauditd_printk_skb: 62 callbacks suppressed [ 272.951171][ T27] audit: type=1326 audit(2000000004.760:6327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11505 comm="syz.3.2779" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7ef5a8a8 code=0x7ffc0000 [ 272.968401][ T27] audit: type=1326 audit(2000000004.780:6328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11505 comm="syz.3.2779" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=220 compat=0 ip=0xffff7ef5a8a8 code=0x7ffc0000 [ 273.011260][ T27] audit: type=1326 audit(2000000004.820:6329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11505 comm="syz.3.2779" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7ef5a8a8 code=0x7ffc0000 [ 273.031781][ T27] audit: type=1326 audit(2000000004.840:6330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11512 comm="syz.3.2779" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=115 compat=0 ip=0xffff7ef84fc8 code=0x7ffc0000 [ 273.147483][T11518] netlink: 'syz.3.2783': attribute type 10 has an invalid length. [ 273.151104][T11518] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 273.157352][T11518] : (slave batadv0): Enslaving as an active interface with an up link [ 273.202909][ T27] audit: type=1326 audit(2000000005.010:6331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11512 comm="syz.3.2779" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=93 compat=0 ip=0xffff7ef5a8a8 code=0x7ffc0000 [ 273.348890][T11527] loop1: detected capacity change from 0 to 512 [ 273.383931][T11527] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 273.409426][T11527] EXT4-fs (loop1): failed to initialize system zone (-117) [ 273.412236][T11527] EXT4-fs (loop1): mount failed [ 273.434653][T11533] netlink: 4 bytes leftover after parsing attributes in process `+}[@'. [ 273.575063][T11538] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 273.576224][T11541] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2793'. [ 273.576963][T11538] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 273.586303][T11538] vhci_hcd vhci_hcd.0: Device attached [ 273.610313][T11540] vhci_hcd: cannot find the pending unlink 3994 [ 273.612185][T11540] usbip_core: unknown command [ 273.613413][T11540] vhci_hcd: unknown pdu 0 [ 273.614582][T11540] usbip_core: unknown command [ 273.629991][ T5364] vhci_hcd: stop threads [ 273.631216][ T5364] vhci_hcd: release socket [ 273.632385][ T5364] vhci_hcd: disconnect device [ 273.701134][T11546] loop4: detected capacity change from 0 to 512 [ 273.711859][T11546] EXT4-fs: Ignoring removed bh option [ 273.713412][T11546] EXT4-fs: Ignoring removed mblk_io_submit option [ 273.745694][T11546] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 273.751576][T11546] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 273.754265][T11546] EXT4-fs (loop4): orphan cleanup on readonly fs [ 273.757585][T11546] Quota error (device loop4): do_insert_tree: Free block already used in tree: block 4 [ 273.760546][T11546] Quota error (device loop4): qtree_write_dquot: Error -5 occurred while creating quota [ 273.763231][T11546] EXT4-fs error (device loop4): ext4_acquire_dquot:6814: comm syz.4.2795: Failed to acquire dquot type 1 [ 273.767885][T11546] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:477: comm syz.4.2795: Invalid block bitmap block 0 in block_group 0 [ 273.772790][T11546] Quota error (device loop4): write_blk: dquota write failed [ 273.776193][T11546] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota [ 273.779012][T11546] EXT4-fs error (device loop4): ext4_acquire_dquot:6814: comm syz.4.2795: Failed to acquire dquot type 1 [ 273.786796][T11546] Quota error (device loop4): write_blk: dquota write failed [ 273.794997][T11546] EXT4-fs error (device loop4): ext4_acquire_dquot:6814: comm syz.4.2795: Failed to acquire dquot type 1 [ 273.799426][T11546] EXT4-fs (loop4): 1 orphan inode deleted [ 273.808223][T11546] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 273.847706][ T4310] EXT4-fs (loop4): unmounting filesystem. [ 273.917220][T11554] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2797'. [ 273.920364][T11554] bridge0: port 3(team0) entered disabled state [ 273.961034][T11554] device bridge_slave_1 left promiscuous mode [ 273.962898][T11554] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.020808][T11554] device bridge_slave_0 left promiscuous mode [ 274.022913][T11554] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.415124][T11620] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2825'. [ 275.553502][T11621] lo speed is unknown, defaulting to 1000 [ 276.213692][ T4298] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 276.219547][ T4298] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 276.222346][ T4298] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 276.226825][ T4298] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 276.229343][ T4298] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 276.232887][ T4298] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 276.297811][T11648] lo speed is unknown, defaulting to 1000 [ 276.420207][ T7174] : (slave syz_tun): Releasing backup interface [ 276.422359][ T7174] : (slave syz_tun): the permanent HWaddr of slave - aa:aa:aa:aa:aa:aa - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 276.590658][T11648] chnl_net:caif_netlink_parms(): no params data found [ 276.642997][T11648] bridge0: port 1(bridge_slave_0) entered blocking state [ 276.656808][T11648] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.659634][T11648] device bridge_slave_0 entered promiscuous mode [ 276.702256][T11648] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.712454][T11648] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.736508][T11648] device bridge_slave_1 entered promiscuous mode [ 276.840841][T11672] netlink: 136 bytes leftover after parsing attributes in process `syz.0.2846'. [ 276.894674][ C1] ------------[ cut here ]------------ [ 276.896545][ C1] refcount_t: addition on 0; use-after-free. [ 276.898429][ C1] WARNING: CPU: 1 PID: 11670 at lib/refcount.c:25 refcount_warn_saturate+0x134/0x1f8 [ 276.901048][ C1] Modules linked in: SYZFAIL: failed to recv rpc [ 276.902071][ C1] CPU: 1 PID: 11670 Comm: syz.4.2845 Not tainted 6.1.141-syzkaller #0 fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 276.904268][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 276.907038][ C1] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 276.909155][ C1] pc : refcount_warn_saturate+0x134/0x1f8 [ 276.910750][ C1] lr : refcount_warn_saturate+0x134/0x1f8 [ 276.912412][ C1] sp : ffff8000080178c0 [ 276.913541][ C1] x29: ffff8000080178c0 x28: ffff0000f4d1fc00 x27: ffff0000d24daa08 [ 276.915741][ C1] x26: ffff0000caccb270 x25: dfff800000000000 x24: 1fffe0001a49b541 [ 276.917888][ C1] x23: ffff0000f38d3c00 x22: ffff0000d2c51d94 x21: ffff0000ddb06080 [ 276.920105][ C1] x20: ffff0000d2c51d94 x19: ffff800017a32000 x18: 0000000000000000 [ 276.922310][ C1] x17: 0000000000000000 x16: ffff8000082d1c00 x15: 0000000000000000 [ 276.924518][ C1] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 [ 276.926832][ C1] x11: ff0080000819149c x10: 0000000000000000 x9 : 95cf2a18fe9da400 [ 276.929111][ C1] x8 : 95cf2a18fe9da400 x7 : 0000000000000001 x6 : 0000000000000001 [ 276.931293][ C1] x5 : ffff800008017358 x4 : ffff800015154700 x3 : ffff8000083115f4 [ 276.933512][ C1] x2 : 0000000000000001 x1 : 0000000100000100 x0 : 0000000000000000 [ 276.935730][ C1] Call trace: [ 276.936618][ C1] refcount_warn_saturate+0x134/0x1f8 [ 276.938103][ C1] tipc_crypto_xmit+0x1518/0x2014 [ 276.939472][ C1] tipc_bearer_xmit_skb+0x1f0/0x384 [ 276.940909][ C1] tipc_disc_timeout+0x4c8/0x608 [ 276.942334][ C1] call_timer_fn+0x1b8/0x964 [ 276.943578][ C1] __run_timers+0x460/0x6bc [ 276.944856][ C1] run_timer_softirq+0x7c/0x114 [ 276.946196][ C1] handle_softirqs+0x318/0xc6c [ 276.947456][ C1] __do_softirq+0x14/0x20 [ 276.948661][ C1] ____do_softirq+0x14/0x20 [ 276.949886][ C1] call_on_irq_stack+0x24/0x4c [ 276.951170][ C1] do_softirq_own_stack+0x20/0x2c [ 276.952511][ C1] __irq_exit_rcu+0x23c/0x43c [ 276.953816][ C1] irq_exit_rcu+0x14/0x84 [ 276.955051][ C1] el1_interrupt+0x38/0x54 [ 276.956247][ C1] el1h_64_irq_handler+0x18/0x24 [ 276.957606][ C1] el1h_64_irq+0x64/0x68 [ 276.958764][ C1] try_charge_memcg+0x2f8/0x1448 [ 276.960127][ C1] charge_memcg+0xa4/0x1f4 [ 276.961354][ C1] __mem_cgroup_charge+0x38/0xb0 [ 276.962700][ C1] shmem_add_to_page_cache+0x658/0xf2c [ 276.964280][ C1] shmem_get_folio_gfp+0xe68/0x2040 [ 276.965737][ C1] shmem_fault+0x178/0x550 [ 276.966947][ C1] __do_fault+0x11c/0x3d8 [ 276.968111][ C1] handle_mm_fault+0x1ac0/0x2fd4 [ 276.969523][ C1] __get_user_pages+0x338/0x798 [ 276.970893][ C1] populate_vma_page_range+0x1f4/0x298 [ 276.972413][ C1] __mm_populate+0x208/0x330 [ 276.973724][ C1] vm_mmap_pgoff+0x1cc/0x284 [ 276.975034][ C1] ksys_mmap_pgoff+0xd0/0x5a0 [ 276.976437][ C1] __arm64_sys_mmap+0xf8/0x110 [ 276.977729][ C1] invoke_syscall+0x98/0x2bc [ 276.979034][ C1] el0_svc_common+0x138/0x258 [ 276.980365][ C1] do_el0_svc+0x58/0x13c [ 276.981540][ C1] el0_svc+0x58/0x138 [ 276.982590][ C1] el0t_64_sync_handler+0x84/0xf0 [ 276.984022][ C1] el0t_64_sync+0x18c/0x190 [ 276.985330][ C1] irq event stamp: 22239 [ 276.986507][ C1] hardirqs last enabled at (22238): [] __up_console_sem+0xb4/0x100 [ 276.989118][ C1] hardirqs last disabled at (22239): [] el1_dbg+0x24/0x80 [ 276.991462][ C1] softirqs last enabled at (19078): [] handle_softirqs+0xaf8/0xc6c [ 276.994144][ C1] softirqs last disabled at (22153): [] __do_softirq+0x14/0x20 [ 276.996619][ C1] ---[ end trace 0000000000000000 ]--- [ 276.998234][ C1] ------------[ cut here ]------------ [ 276.999713][ C1] refcount_t: underflow; use-after-free. [ 277.001540][ C1] WARNING: CPU: 1 PID: 11670 at lib/refcount.c:28 refcount_warn_saturate+0x154/0x1f8 [ 277.004090][ C1] Modules linked in: [ 277.005178][ C1] CPU: 1 PID: 11670 Comm: syz.4.2845 Tainted: G W 6.1.141-syzkaller #0 [ 277.007864][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 277.010690][ C1] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 277.012860][ C1] pc : refcount_warn_saturate+0x154/0x1f8 [ 277.014441][ C1] lr : refcount_warn_saturate+0x154/0x1f8 [ 277.016046][ C1] sp : ffff8000080178c0 [ 277.017184][ C1] x29: ffff8000080178c0 x28: ffff0000f4d1fc00 x27: 0000000000000000 [ 277.019416][ C1] x26: ffff0000caccb270 x25: dfff800000000000 x24: 1fffe00019599658 [ 277.021672][ C1] x23: 1fffe0001b393001 x22: ffff0000d24daa00 x21: 00000000c0000000 [ 277.023923][ C1] x20: ffff0000d2c51d94 x19: ffff800017a32000 x18: 0000000000000000 [ 277.026083][ C1] x17: 0000000000000000 x16: ffff8000082d1c00 x15: 0000000000000000 [ 277.028305][ C1] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 [ 277.030529][ C1] x11: ff0080000819149c x10: 0000000000000000 x9 : 95cf2a18fe9da400 [ 277.032782][ C1] x8 : 95cf2a18fe9da400 x7 : 0000000000000001 x6 : 0000000000000001 [ 277.035004][ C1] x5 : ffff800008017358 x4 : ffff800015154700 x3 : ffff8000083115f4 [ 277.037226][ C1] x2 : 0000000000000001 x1 : 0000000000000100 x0 : 0000000000000000 [ 277.039433][ C1] Call trace: [ 277.040387][ C1] refcount_warn_saturate+0x154/0x1f8 [ 277.041891][ C1] tipc_crypto_xmit+0x1664/0x2014 [ 277.043291][ C1] tipc_bearer_xmit_skb+0x1f0/0x384 [ 277.044751][ C1] tipc_disc_timeout+0x4c8/0x608 [ 277.046064][ C1] call_timer_fn+0x1b8/0x964 [ 277.047321][ C1] __run_timers+0x460/0x6bc [ 277.048535][ C1] run_timer_softirq+0x7c/0x114 [ 277.049900][ C1] handle_softirqs+0x318/0xc6c [ 277.051200][ C1] __do_softirq+0x14/0x20 [ 277.052392][ C1] ____do_softirq+0x14/0x20 [ 277.053673][ C1] call_on_irq_stack+0x24/0x4c [ 277.055018][ C1] do_softirq_own_stack+0x20/0x2c [ 277.056423][ C1] __irq_exit_rcu+0x23c/0x43c [ 277.057701][ C1] irq_exit_rcu+0x14/0x84 [ 277.058843][ C1] el1_interrupt+0x38/0x54 [ 277.060038][ C1] el1h_64_irq_handler+0x18/0x24 [ 277.061389][ C1] el1h_64_irq+0x64/0x68 [ 277.062515][ C1] try_charge_memcg+0x2f8/0x1448 [ 277.063871][ C1] charge_memcg+0xa4/0x1f4 [ 277.065094][ C1] __mem_cgroup_charge+0x38/0xb0 [ 277.066485][ C1] shmem_add_to_page_cache+0x658/0xf2c [ 277.067981][ C1] shmem_get_folio_gfp+0xe68/0x2040 [ 277.069416][ C1] shmem_fault+0x178/0x550 [ 277.070678][ C1] __do_fault+0x11c/0x3d8 [ 277.071912][ C1] handle_mm_fault+0x1ac0/0x2fd4 [ 277.073306][ C1] __get_user_pages+0x338/0x798 [ 277.074651][ C1] populate_vma_page_range+0x1f4/0x298 [ 277.076171][ C1] __mm_populate+0x208/0x330 [ 277.077485][ C1] vm_mmap_pgoff+0x1cc/0x284 [ 277.078802][ C1] ksys_mmap_pgoff+0xd0/0x5a0 [ 277.080077][ C1] __arm64_sys_mmap+0xf8/0x110 [ 277.081393][ C1] invoke_syscall+0x98/0x2bc [ 277.082626][ C1] el0_svc_common+0x138/0x258 [ 277.083886][ C1] do_el0_svc+0x58/0x13c [ 277.085064][ C1] el0_svc+0x58/0x138 [ 277.086147][ C1] el0t_64_sync_handler+0x84/0xf0 [ 277.087554][ C1] el0t_64_sync+0x18c/0x190 [ 277.088855][ C1] irq event stamp: 22271 [ 277.090076][ C1] hardirqs last enabled at (22270): [] __up_console_sem+0xb4/0x100 [ 277.092724][ C1] hardirqs last disabled at (22271): [] el1_dbg+0x24/0x80 [ 277.095066][ C1] softirqs last enabled at (19078): [] handle_softirqs+0xaf8/0xc6c [ 277.097729][ C1] softirqs last disabled at (22153): [] __do_softirq+0x14/0x20 [ 277.100308][ C1] ---[ end trace 0000000000000000 ]--- [ 277.518546][T11670] bond0: (slave syz_tun): Releasing backup interface [ 277.948188][ C1] ------------[ cut here ]------------ [ 277.949791][ C1] refcount_t: saturated; leaking memory. [ 277.951577][ C1] WARNING: CPU: 1 PID: 22 at lib/refcount.c:22 refcount_warn_saturate+0x1b4/0x1f8 [ 277.953986][ C1] Modules linked in: [ 277.955045][ C1] CPU: 1 PID: 22 Comm: kworker/1:0 Tainted: G W 6.1.141-syzkaller #0 [ 277.957680][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 277.960399][ C1] Workqueue: events pwq_unbound_release_workfn [ 277.962081][ C1] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 277.964235][ C1] pc : refcount_warn_saturate+0x1b4/0x1f8 [ 277.965835][ C1] lr : refcount_warn_saturate+0x1b4/0x1f8 [ 277.967472][ C1] sp : ffff8000080178c0 [ 277.968591][ C1] x29: ffff8000080178c0 x28: ffff0000f5259800 x27: ffff0000d24daa08 [ 277.970781][ C1] x26: ffff0000caccb270 x25: dfff800000000000 x24: 1fffe0001a49b541 [ 277.972935][ C1] x23: ffff0000f38d3c00 x22: ffff0000d2c51d94 x21: 000000007ffffffe [ 277.975204][ C1] x20: ffff0000d2c51d94 x19: ffff800017a32000 x18: ffff800011a7bce0 [ 277.977398][ C1] x17: 0000000000000000 x16: ffff8000082d1c00 x15: 0000000000000000 [ 277.979563][ C1] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 [ 277.981792][ C1] x11: ff0080000819149c x10: 0000000000000000 x9 : 3c275401121d8600 [ 277.984015][ C1] x8 : 3c275401121d8600 x7 : 0000000000000001 x6 : 0000000000000001 [ 277.986234][ C1] x5 : ffff800008017358 x4 : ffff800015154700 x3 : ffff80000852da40 [ 277.988468][ C1] x2 : 0000000000000001 x1 : 0000000100000100 x0 : 0000000000000000 [ 277.990639][ C1] Call trace: [ 277.991543][ C1] refcount_warn_saturate+0x1b4/0x1f8 [ 277.993038][ C1] tipc_crypto_xmit+0x1518/0x2014 [ 277.994391][ C1] tipc_bearer_xmit_skb+0x1f0/0x384 [ 277.995828][ C1] tipc_disc_timeout+0x4c8/0x608 [ 277.997183][ C1] call_timer_fn+0x1b8/0x964 [ 277.998468][ C1] __run_timers+0x460/0x6bc [ 277.999741][ C1] run_timer_softirq+0x7c/0x114 [ 278.001091][ C1] handle_softirqs+0x318/0xc6c [ 278.002438][ C1] __do_softirq+0x14/0x20 [ 278.003600][ C1] ____do_softirq+0x14/0x20 [ 278.004832][ C1] call_on_irq_stack+0x24/0x4c [ 278.006141][ C1] do_softirq_own_stack+0x20/0x2c [ 278.007528][ C1] __irq_exit_rcu+0x23c/0x43c [ 278.008818][ C1] irq_exit_rcu+0x14/0x84 [ 278.009993][ C1] el1_interrupt+0x38/0x54 [ 278.011299][ C1] el1h_64_irq_handler+0x18/0x24 [ 278.012687][ C1] el1h_64_irq+0x64/0x68 [ 278.013835][ C1] lockdep_unregister_key+0x390/0x438 [ 278.015336][ C1] pwq_unbound_release_workfn+0x200/0x254 [ 278.016908][ C1] process_one_work+0x7f4/0x13a8 [ 278.018259][ C1] worker_thread+0x8c8/0xfbc [ 278.019536][ C1] kthread+0x250/0x2d8 [ 278.020690][ C1] ret_from_fork+0x10/0x20 [ 278.021926][ C1] irq event stamp: 616315 [ 278.023151][ C1] hardirqs last enabled at (616314): [] __up_console_sem+0xb4/0x100 [ 278.025813][ C1] hardirqs last disabled at (616315): [] el1_dbg+0x24/0x80 [ 278.028181][ C1] softirqs last enabled at (613954): [] local_bh_enable+0x10/0x34 [ 278.030763][ C1] softirqs last disabled at (616287): [] __do_softirq+0x14/0x20 [ 278.033266][ C1] ---[ end trace 0000000000000000 ]--- [ 278.159138][ T5365] smc: removing ib device syz1 [ 278.339916][ T4544] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.477995][ T4544] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.587389][ T4544] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.677271][ T4544] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.368375][ T4544] tipc: Disabling bearer [ 279.370462][ T4544] tipc: Left network mode [ 279.494599][ T4544] tipc: Disabling bearer [ 279.497858][ T4544] tipc: Left network mode [ 283.024044][ T4544] device hsr_slave_0 left promiscuous mode [ 283.054413][ T4544] device hsr_slave_1 left promiscuous mode [ 283.124682][ T4544] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 283.126829][ T4544] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 283.133691][ T4544] device hsr_slave_0 left promiscuous mode [ 283.175150][ T4544] device hsr_slave_1 left promiscuous mode [ 283.376369][ T4544] device veth1_macvtap left promiscuous mode [ 283.378493][ T4544] device veth1_vlan left promiscuous mode [ 283.380229][ T4544] device veth0_vlan left promiscuous mode [ 283.461331][ T4544] ------------[ cut here ]------------ [ 283.462865][ T4544] refcount_t: saturated; leaking memory. [ 283.465812][ T4544] WARNING: CPU: 0 PID: 4544 at lib/refcount.c:19 refcount_warn_saturate+0x174/0x1f8 [ 283.468383][ T4544] Modules linked in: [ 283.469442][ T4544] CPU: 0 PID: 4544 Comm: kworker/u4:7 Tainted: G W 6.1.141-syzkaller #0 [ 283.472073][ T4544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 283.474828][ T4544] Workqueue: netns cleanup_net [ 283.476135][ T4544] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 283.478250][ T4544] pc : refcount_warn_saturate+0x174/0x1f8 [ 283.479795][ T4544] lr : refcount_warn_saturate+0x174/0x1f8 [ 283.481337][ T4544] sp : ffff800020c57520 [ 283.482508][ T4544] x29: ffff800020c57520 x28: 1ffff0000418aeac x27: dfff800000000000 [ 283.484694][ T4544] x26: 00000000c0000000 x25: 00000000c0000000 x24: ffff0000d2c51d94 [ 283.486862][ T4544] x23: 000000000000006b x22: 0000000000000cc0 x21: 000000007ffffffe [ 283.489009][ T4544] x20: ffff0000d2c51d94 x19: ffff800017a32000 x18: ffff800011a7bce0 [ 283.491168][ T4544] x17: 1fffe00033ee2f76 x16: ffff8000082d1c00 x15: ffff80001506d000 [ 283.493341][ T4544] x14: 0000000000000100 x13: 1ffff00002a0e0b1 x12: 0000000000ff0100 [ 283.495497][ T4544] x11: ff0080000a88a3b4 x10: 0000000000000003 x9 : d44f170e9956b800 [ 283.497612][ T4544] x8 : d44f170e9956b800 x7 : ffff8000082516dc x6 : 0000000000000000 [ 283.499808][ T4544] x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000 [ 283.501982][ T4544] x2 : 0000000000000006 x1 : ffff800011a7d7e0 x0 : ffff80018a752000 [ 283.504195][ T4544] Call trace: [ 283.505100][ T4544] refcount_warn_saturate+0x174/0x1f8 [ 283.506584][ T4544] nf_nat_masq_schedule+0x478/0x54c [ 283.508028][ T4544] masq_device_event+0x9c/0xe0 [ 283.509352][ T4544] raw_notifier_call_chain+0xd4/0x164 [ 283.510878][ T4544] dev_close_many+0x2cc/0x440 [ 283.512166][ T4544] unregister_netdevice_many+0x3c4/0x1740 [ 283.513735][ T4544] default_device_exit_batch+0x9a8/0xa40 [ 283.515292][ T4544] cleanup_net+0x644/0xa74 [ 283.516488][ T4544] process_one_work+0x7f4/0x13a8 [ 283.517813][ T4544] worker_thread+0x8c8/0xfbc [ 283.519083][ T4544] kthread+0x250/0x2d8 [ 283.520187][ T4544] ret_from_fork+0x10/0x20 [ 283.521434][ T4544] irq event stamp: 5771126 [ 283.522701][ T4544] hardirqs last enabled at (5771125): [] finish_lock_switch+0xb0/0x1c4 [ 283.525445][ T4544] hardirqs last disabled at (5771126): [] el1_dbg+0x24/0x80 [ 283.527875][ T4544] softirqs last enabled at (5771118): [] handle_softirqs+0xaf8/0xc6c [ 283.530561][ T4544] softirqs last disabled at (5770957): [] __do_softirq+0x14/0x20 [ 283.533151][ T4544] ---[ end trace 0000000000000000 ]--- [ 283.542311][ T4544] ------------[ cut here ]------------ [ 283.543846][ T4544] WARNING: CPU: 0 PID: 4544 at lib/ref_tracker.c:77 ref_tracker_alloc+0x230/0x3cc [ 283.546433][ T4544] Modules linked in: [ 283.547513][ T4544] CPU: 0 PID: 4544 Comm: kworker/u4:7 Tainted: G W 6.1.141-syzkaller #0 [ 283.550114][ T4544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 283.552807][ T4544] Workqueue: netns cleanup_net [ 283.554129][ T4544] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 283.556293][ T4544] pc : ref_tracker_alloc+0x230/0x3cc [ 283.557808][ T4544] lr : ref_tracker_alloc+0x230/0x3cc [ 283.559230][ T4544] sp : ffff800020c57400 [ 283.560372][ T4544] x29: ffff800020c574e0 x28: 1ffff0000418aeac x27: dfff800000000000 [ 283.562546][ T4544] x26: dfff800000000000 x25: ffff70000418ae80 x24: ffff0000f7bf5c08 [ 283.564718][ T4544] x23: ffff800020c57400 x22: ffff0000d2c51de4 x21: ffff0000f7bf5c50 [ 283.566865][ T4544] x20: 0000000000000cc0 x19: ffff0000d2c51d98 x18: ffff800011a7bce0 [ 283.569028][ T4544] x17: ffff80000fcf5310 x16: ffff8000082d1c00 x15: ffff800010102754 [ 283.571164][ T4544] x14: ffff8000101029ac x13: 1ffff00002a0e0b1 x12: 0000000000ff0100 [ 283.573357][ T4544] x11: ff0080000aa23d44 x10: 0000000000000000 x9 : ffff80000aa23d44 [ 283.575515][ T4544] x8 : ffff0000cc818000 x7 : 0000000000000000 x6 : 000000000000003f [ 283.577699][ T4544] x5 : 0000000000000040 x4 : ffffffffffffffe0 x3 : 0000000000000020 [ 283.579901][ T4544] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff800020c57420 [ 283.582060][ T4544] Call trace: [ 283.582948][ T4544] ref_tracker_alloc+0x230/0x3cc [ 283.584298][ T4544] nf_nat_masq_schedule+0x328/0x54c [ 283.585701][ T4544] masq_device_event+0x9c/0xe0 [ 283.586982][ T4544] raw_notifier_call_chain+0xd4/0x164 [ 283.588390][ T4544] dev_close_many+0x2cc/0x440 [ 283.589684][ T4544] unregister_netdevice_many+0x3c4/0x1740 [ 283.591250][ T4544] default_device_exit_batch+0x9a8/0xa40 [ 283.592769][ T4544] cleanup_net+0x644/0xa74 [ 283.593988][ T4544] process_one_work+0x7f4/0x13a8 [ 283.595331][ T4544] worker_thread+0x8c8/0xfbc [ 283.596590][ T4544] kthread+0x250/0x2d8 [ 283.597687][ T4544] ret_from_fork+0x10/0x20 [ 283.598888][ T4544] irq event stamp: 5771834 [ 283.600090][ T4544] hardirqs last enabled at (5771833): [] _raw_spin_unlock_irqrestore+0x48/0xac [ 283.602975][ T4544] hardirqs last disabled at (5771834): [] el1_dbg+0x24/0x80 [ 283.605393][ T4544] softirqs last enabled at (5771302): [] handle_softirqs+0xaf8/0xc6c [ 283.608088][ T4544] softirqs last disabled at (5771129): [] __do_softirq+0x14/0x20 [ 283.610643][ T4544] ---[ end trace 0000000000000000 ]--- [ 283.616517][ T4344] ------------[ cut here ]------------ [ 283.618386][ T4344] WARNING: CPU: 0 PID: 4344 at lib/ref_tracker.c:110 ref_tracker_free+0x484/0x694 [ 283.620840][ T4344] Modules linked in: [ 283.621902][ T4344] CPU: 0 PID: 4344 Comm: kworker/0:6 Tainted: G W 6.1.141-syzkaller #0 [ 283.624509][ T4344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 283.627294][ T4344] Workqueue: events iterate_cleanup_work [ 283.628838][ T4344] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 283.631141][ T4344] pc : ref_tracker_free+0x484/0x694 [ 283.632647][ T4344] lr : ref_tracker_free+0x484/0x694 [ 283.634031][ T4344] sp : ffff800020b87940 [ 283.635163][ T4344] x29: ffff800020b87a40 x28: ffff00019f72f800 x27: ffff0000f7bf5c00 [ 283.637377][ T4344] x26: dfff800000000000 x25: ffff700004170f2c x24: ffff800020b87aa0 [ 283.639629][ T4344] x23: ffff700004170f54 x22: ffff800020b87960 x21: ffff0000d2c51de4 [ 283.641847][ T4344] x20: ffff0000f7bf5c50 x19: ffff0000d2c51d98 x18: ffff800011a7bce0 [ 283.644132][ T4344] x17: ffff8000181a1000 x16: ffff8000082d0750 x15: ffff80000fd21c78 [ 283.646354][ T4344] x14: 0000000000000100 x13: 1ffff00002a0e0b1 x12: 0000000000ff0100 [ 283.648568][ T4344] x11: ff0080000aa2441c x10: 0000000000000000 x9 : ffff80000aa2441c [ 283.650790][ T4344] x8 : ffff0000c6e33780 x7 : 0000000000000000 x6 : 000000000000003f [ 283.652940][ T4344] x5 : 0000000000000040 x4 : 0000000000000000 x3 : 0000000000000004 [ 283.655140][ T4344] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff800020b87980 [ 283.657362][ T4344] Call trace: [ 283.658264][ T4344] ref_tracker_free+0x484/0x694 [ 283.659621][ T4344] iterate_cleanup_work+0xe8/0x230 [ 283.661024][ T4344] process_one_work+0x7f4/0x13a8 [ 283.662368][ T4344] worker_thread+0x8c8/0xfbc [ 283.663592][ T4344] kthread+0x250/0x2d8 [ 283.664724][ T4344] ret_from_fork+0x10/0x20 [ 283.665886][ T4344] irq event stamp: 515632 [ 283.667027][ T4344] hardirqs last enabled at (515631): [] __local_bh_enable_ip+0x1f8/0x380 [ 283.669893][ T4344] hardirqs last disabled at (515632): [] el1_dbg+0x24/0x80 [ 283.672371][ T4344] softirqs last enabled at (515630): [] local_bh_enable+0x10/0x34 [ 283.674951][ T4344] softirqs last disabled at (515628): [] local_bh_disable+0x10/0x34 [ 283.677597][ T4344] ---[ end trace 0000000000000000 ]--- [ 285.294457][ T4544] device team_slave_1 left promiscuous mode [ 285.299198][ T4544] team0 (unregistering): Port device team_slave_1 removed [ 285.474459][ T4544] device team_slave_0 left promiscuous mode [ 285.478222][ T4544] team0 (unregistering): Port device team_slave_0 removed [ 285.685481][ T4544] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 285.935040][ T4544] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface