last executing test programs: 1.774215287s ago: executing program 0 (id=1088): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=@delchain={0x43c, 0x65, 0x400, 0x70bd2a, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x93536fa62b4dd0fa, 0x2}, {0x3, 0x3}, {0x2, 0xfff2}}, [@f_rsvp={{0x9}, {0x40c, 0x2, [@TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x3e, 0x4097, 0x2, 0x23, 0x76, 0x2, 0x101, 0xfffffe01, 0x12, 0x80000000, 0x7, 0x390, 0x8, 0x5, 0x400, 0x5, 0x3f84, 0xaac, 0x1, 0x2, 0xffffffff, 0x7, 0x8, 0x3, 0x5, 0xfff, 0xc, 0xb, 0x3, 0x6, 0x6, 0xbd7e, 0x4, 0x8, 0x0, 0xc, 0x6, 0x0, 0x0, 0x22f2, 0x8, 0x8, 0x7, 0xa, 0x2b, 0xd, 0xe, 0x10001, 0x1, 0x4, 0x400, 0x8000, 0xffffff00, 0x0, 0x0, 0x1, 0xa, 0x0, 0x0, 0xfffff105, 0xed, 0x14, 0x4fc2, 0x200, 0x5, 0x0, 0x9, 0x5, 0x9, 0x2, 0xbed, 0x5, 0x7, 0x0, 0x3, 0xa, 0xc, 0x8, 0x1, 0x100, 0xe, 0x3, 0x3ff, 0x6, 0x5, 0x20000, 0x8f10, 0xe, 0x0, 0x7, 0x4, 0x2, 0xfffeffff, 0x9, 0x400, 0x0, 0xf809c4b, 0x6, 0x2, 0x5, 0xfffffffc, 0x4, 0x36, 0x80000001, 0xfffffeff, 0xfffffffa, 0x3, 0xb, 0x9, 0x3, 0x80000000, 0x0, 0x400, 0x800, 0x1, 0x3, 0x1, 0x80000000, 0x101, 0x81, 0x7, 0x7fffffff, 0x7ff, 0xb127, 0x24e5, 0x40, 0x2, 0x40, 0xc, 0x10, 0x7, 0xb, 0x4d, 0x3, 0x0, 0x3, 0x1, 0x7fffffff, 0x1, 0x4, 0x9c4c, 0x81, 0x0, 0xffff6d2b, 0x5, 0x1, 0x8, 0x9, 0x9, 0x9, 0xf, 0x3, 0x0, 0x8a99, 0xa68e, 0x4, 0xf, 0x0, 0x80, 0x3, 0x1, 0xfffffffc, 0x0, 0x7fffffff, 0x1ff, 0x154, 0x6, 0xf313, 0x200, 0x2, 0x7, 0x6, 0xffffffff, 0x400000, 0x10, 0x6, 0x4, 0x9, 0x7fff, 0x4, 0xad, 0x2, 0x1, 0x22, 0x5bd, 0xa, 0xffffffff, 0x2, 0x0, 0x4, 0xfffffff9, 0x6, 0x0, 0x1000, 0x9, 0x4, 0x5, 0x7ff, 0x5, 0x2, 0x8, 0x100, 0x86, 0x8, 0x80000001, 0x3, 0x7, 0xca62, 0xc, 0x3a, 0x4, 0xc000, 0x8545, 0x679, 0xec, 0x8, 0x0, 0x0, 0xd4b0, 0x8000, 0x2, 0x8000, 0xf679, 0x7, 0x4033, 0x81, 0x7, 0x0, 0xffffffff, 0x9, 0xb5cd, 0x6, 0x5, 0x1, 0x163, 0x401, 0x3, 0x7ff, 0xc, 0x4, 0x32f, 0xdafb, 0x1, 0xdf6, 0x5, 0x8, 0x7d, 0x4, 0x401, 0x4b9, 0x9, 0x4, 0xfff, 0x9, 0x80000000, 0x5337]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x8004}, 0x4008040) recvmsg$can_raw(r1, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000600)=""/88, 0x58}, {&(0x7f0000000680)=""/10, 0xa}, {&(0x7f0000000700)=""/249, 0xf9}, {&(0x7f0000000800)=""/149, 0x95}], 0x4}, 0x40012040) 1.723650553s ago: executing program 3 (id=1092): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) getsockname$packet(r2, &(0x7f00000015c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000700)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x8848, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38000000540001000000000000c4000007008209", @ANYRES32=r4, @ANYBLOB="20000100", @ANYRES32=r6, @ANYBLOB="00000000e000030000000000000000000000000008"], 0x38}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.551397158s ago: executing program 3 (id=1096): r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x88, 0x2b, 0x0, 0x0) 1.493339032s ago: executing program 3 (id=1098): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140012", @ANYRES8=0x0, @ANYRES8], 0x48}}, 0x400400c0) 1.410713063s ago: executing program 0 (id=1102): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x28, 0x2d, 0xb, 0x0, 0x0, {0x2}, [@typed={0x8, 0x3, 0x0, 0x0, @u32=0x10004}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x0, 0x0, 0x0, @str='\x88H'}]}]}, 0x28}}, 0x8000) 1.342092427s ago: executing program 3 (id=1104): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={r0}) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, 0x0, 0x0) sendmsg$inet(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)}, 0x8d1) setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f0000000340)=[{0x3, 0x4, {0x2, 0x0, 0x4}, {0x1, 0x1, 0x2}, 0x1, 0xfe}, {0x2, 0x1, {0x2, 0xf0}, {0x2, 0xff, 0x4}, 0xfe, 0xfe}], 0x40) r3 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000003c0)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000040)={0x1d, r4, 0x3}, 0x18) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000012c0)=@newtfilter={0x74, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r2, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}, [@TCA_CHAIN={0x8, 0xb, 0x7f}, @filter_kind_options=@f_bpf={{0x8}, {0x28, 0x2, [@TCA_BPF_ACT={0x4}, @TCA_BPF_OPS={{0x6, 0x4, 0x2}, {0x14, 0x5, [{0xfffd, 0x74, 0x2, 0x2}, {0x321, 0x3, 0x3, 0x4}]}}, @TCA_BPF_POLICE={0x4}]}}, @TCA_CHAIN={0x8, 0xb, 0x7}, @TCA_CHAIN={0x8, 0xb, 0x8}, @TCA_RATE={0x6, 0x5, {0x7, 0x7}}]}, 0x74}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) 1.330542073s ago: executing program 0 (id=1105): socket$packet(0x11, 0x3, 0x300) socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001800)={&(0x7f0000001680)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@typedef={0x0, 0x0, 0x0, 0x10, 0x10}]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) socket(0x10, 0x3, 0x0) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x80001, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000064c0)={@mcast2, 0x3, 0x2, 0x1, 0x0, 0x37, 0x9}, 0x20) socket$netlink(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) 1.266451868s ago: executing program 1 (id=1106): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10290}, [@IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x2, 0x0, 0x1, {0x4}}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) 1.215830362s ago: executing program 2 (id=1107): socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) listen(r0, 0x1e7) r1 = socket$vsock_stream(0x28, 0x1, 0x0) socket$alg(0x26, 0x5, 0x0) connect$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) shutdown(r1, 0x1) shutdown(r1, 0x0) close(r1) 1.21504126s ago: executing program 3 (id=1109): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) listen(r0, 0x101) r1 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r0, 0x90d, 0x800000000d, 0x0, 0x0) connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) bind$llc(0xffffffffffffffff, 0x0, 0x0) connect$llc(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$llc(0x1a, 0x801, 0x0) close(0x3) 1.196723324s ago: executing program 2 (id=1110): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet6(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000b40)="83", 0x1}], 0x1}, 0x0) sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x40041) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) socket(0x1d, 0x2, 0x6) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x13, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x400, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000800)=ANY=[@ANYRESDEC=r0, @ANYRES32=r1, @ANYRES64, @ANYRES32, @ANYRES8=r0], 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000008000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb7000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bf"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r5 = accept4(r4, 0x0, 0x0, 0x800) sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1.191306882s ago: executing program 0 (id=1111): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha384\x00'}, 0x58) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'essiv(cbc(aes),sha256)\x00'}, 0x58) 1.113790156s ago: executing program 1 (id=1112): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x20, 0x4, 0x0, &(0x7f0000000100)='syzkaller\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00'}) ioctl(r0, 0x8b24, &(0x7f0000000040)) 1.112799984s ago: executing program 0 (id=1113): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xc4, 0x19, 0xfd3649826d894c67, 0x0, 0x4, {{@in6=@private0={0xfc, 0x0, '\x00', 0x2}, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0xfffffffffffffffc}, {}, 0x400}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x4c050) syz_emit_ethernet(0x76, &(0x7f0000000680)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd60e400ff00403a00fc020000000000000000000000000000ff02000000000000000000000000000102"], 0x0) 1.063790428s ago: executing program 4 (id=1114): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_BSS(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x24, r2, 0x1, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0x10}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x40420d0) 1.030847089s ago: executing program 0 (id=1115): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={r0}) bind$can_raw(r3, 0x0, 0x0) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x0) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f0000000580)=[{0x2, 0x3, {0x1, 0x1, 0x3}, {0x2, 0x0, 0x4}, 0xfd}, {0x2, 0x2, {0x2, 0x1}, {0x0, 0x0, 0x3}, 0xfd}, {0x1, 0x3, {0x1, 0xff, 0x4}, {0x2, 0xf0, 0x3}, 0xff}, {0x0, 0x1, {0x2, 0x1, 0x3}, {0x2, 0x1, 0x1}, 0xff, 0xfe}, {0x0, 0x10000000000000, {0x0, 0xff, 0x4}, {0x2}, 0x0, 0xff}, {0x3, 0x1, {0x3, 0x1}, {0x89f4f520d8b7b8d0, 0x0, 0x4}}], 0xc0) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r2, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) 1.030547616s ago: executing program 4 (id=1116): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000005c0)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47b07c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1f00, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x6, 0x0, 0x2000000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe04], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x758, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x238, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, 0x0, 0x9]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = dup(r0) writev(r1, &(0x7f0000000540)=[{&(0x7f0000000a80)="e3bd460bbc6fed5057", 0x9}], 0x1) 1.030350332s ago: executing program 1 (id=1117): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1bf5b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5}]}}}]}, 0x3c}}, 0x0) 1.011771053s ago: executing program 2 (id=1118): syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x256c, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x7d, &(0x7f0000000080)={0x0, 0xa5}, 0x8) 935.717856ms ago: executing program 4 (id=1119): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xb) write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="89205f37b275ab05ce96a6eafa06cbb269665d6d59ec22e03a000000"], 0x8) r4 = openat$cgroup_devices(r3, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r4, &(0x7f00000001c0)={'c', ' *:* ', 'rwm\x00'}, 0xa) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz1\x00', 0x200002, 0x0) write$cgroup_devices(r4, 0x0, 0x9) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$nl_xfrm(0x10, 0x3, 0x6) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000ec0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000060000000060a010400000000000000000100000008000b4000000000300004802c00018008000100636d7000200002800c000380050001000000000008000140c39d000008000240000000020900010073797a30"], 0xd4}}, 0x0) 932.330524ms ago: executing program 1 (id=1120): syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x8b, 0x2c4, &(0x7f00000003c0)="$eJzs3b9u01wYx/HfsdMkfdu3GFqEhBhQoYIJtWVBLJVQxTWwgIAmSBVRK0qRgIWIgQlxAewsXAAXwYSQmGFi4gK6GR37pDlu7KRpVbsR34+UxrHPn+c4jn2eSKkF4J91Z/3np5u/7cNIoUJJt6XAbrqsmqTzutB8sbW7udtpt4Y1FEpNJQ8jJTXNQJmNrXZeVVsvqeFE9lVNs/46nIw4juNfVQeBKjXdc5i3MZAa7tMZ+oUnydSB191Q6lYUy2lh9rSnl5qrOg4AQLVMen0P3HV+1s3fg0Bacpd9//r/4/+K4z2ea9qrOoSKedf/JMuKjX1/zySb+vleksLZ7UEvSxy3Hzt5rCs9sjITTJPNKgeTxSSWYPrJZqd9Y2O70wr0VmuOV2xB0ppaLmd1MtEONr2Ysy6rrqLWst4Nb2YmGcOUHcNqQfzzeZ0edW8fhvlqvpkHJtJHtfbnf7XY+GN279TdqX78y0XNbT+7b5+jtFTBKM8mnVzM7tihowyLMhK5PRWHyn5BEGXjrOfWqutArXR0K0U9uXbmc2utjqi1YGt99mr1j+bimifNfDD3zKL+6IvWvfl/YPf2kgY/mfmNJCXdkdEbT25uWEtKRv6q7qXcNoOjjQdj6O/j93qsW5p7/ur100edTnun7AUbQ+mdspAu9A6CdI09KE5JYGMt2HOsv0ZRe6dWTu91HbedpkaVafiFsyM9uND7WB+i995JemSEJZ+ZUIn+m15c5k2ZAaFs9uRh0vzPy1eWkxTJ/omGzNPjUdM2r8WVnNygsV/wv/2W+tPI4gxoJszL4LoaI+e6cl266q0ckXNFOidNDx3rJDHr+q6HfP8PAAAAAAAAAAAAAAAAAAAwacr4tYbXHf/RBwAAAAAAAAAAAAAAAAAAAACAIyi+/29TJ3j/38zvAA59/9/GMQYKYMDfAAAA//9VYnGz") r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a0000000905810300020000000904010000020df9000904010102020d0000090582020002000000090503"], 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000200)='coredump_filter\x00') write$cgroup_int(r1, &(0x7f0000000500)=0xf1b, 0x12) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000180)={0x14, 0x0, 0x0}, &(0x7f0000000600)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000380)={0x20, 0x80, 0x1c, {0x2, 0x6, 0x401, 0x1, 0x84, 0x0, 0x0, 0x8000, 0x4, 0x2, 0x9, 0xff}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003500)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4e0664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa7666b5ded16ee7025f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b3a2327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6cd28cf28fe2ee593e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c191355391771f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde34ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c39132a0f2708e09ae8268dcc15411483b8506386aa0ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae4c697bfc674e03231c42f7eaaf5166bbc4653c71805f9448416e379cc1c40f8f866c9b319a849dd00ff9b84857436ed362c4632bfc3fa7357c24f15bbb07bd91893e61df7eb6dc5e071a9cc2faa7a32a91c4d982f5cfb725dca80b23874877a4980dbd70cda040b1ce527e7188159df77b493efbbd7bfe2680bf44e49eb68e5e33a0a5726072b2699d6244cd5c4a82bf18c668a3d43cec78c5fe1f12283d5dde6d0ea0b1b81ee7c065c938577e4ec93f22f1e6106f337625b7f7798011a6"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd4d, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='netlink_extack\x00', r2}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000003b40)={0x0, 0x0, &(0x7f0000003b00)={&(0x7f0000000080)=@newtaction={0x48, 0x31, 0x1, 0x0, 0x0, {}, [{0x34, 0x1, [@m_gact={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x3}, {0xc}}}]}]}, 0x48}}, 0x0) 223.581608ms ago: executing program 2 (id=1121): socket$packet(0x11, 0x3, 0x300) socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001800)={&(0x7f0000001680)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@typedef={0x0, 0x0, 0x0, 0x10, 0x10}]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) socket(0x10, 0x3, 0x0) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x80001, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000064c0)={@mcast2, 0x3, 0x2, 0x1, 0x0, 0x37, 0x9}, 0x20) socket$netlink(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) 175.68926ms ago: executing program 3 (id=1122): syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet(0x2, 0x1, 0x100) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r4, 0x1, 0x8, 0x0, 0x0) 175.359211ms ago: executing program 1 (id=1123): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha384\x00'}, 0x58) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'essiv(cbc(aes),sha256)\x00'}, 0x58) 147.495704ms ago: executing program 1 (id=1124): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x4, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200000140000000000000000000008500000087000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f00000003c0)="e02742e868fba54e3335729a5ce8", 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000440)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_usb_connect(0x5, 0x36, &(0x7f0000000640)=ANY=[@ANYBLOB="1201000014da2108ab1204000000000000010902240001b30000040904410c17ff5d810009050f1f050440000009058303", @ANYRESOCT], 0x0) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x101343) r3 = syz_open_dev$rtc(&(0x7f0000000400), 0x5, 0x80800) ioctl$RTC_IRQP_SET(r3, 0x4008700c, 0x1664) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x3f, &(0x7f0000000100)={0x5, 0xf, 0x3f, 0x4, [@ptm_cap={0x3}, @ssp_cap={0xc, 0x10, 0xa, 0x7, 0x0, 0x10000, 0xf, 0x7}, @wireless={0xb, 0x10, 0x1, 0x2, 0x20, 0x80, 0x8, 0x100, 0x4}, @ssp_cap={0x20, 0x10, 0xa, 0x0, 0x5, 0x6, 0x0, 0x7ff, [0xc030, 0xf, 0x0, 0xcf, 0x30]}]}, 0x4, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x380d}}, {0x2d, &(0x7f00000001c0)=@string={0x2d, 0x3, "636c209485f6faba37b73811c8f196c4978ac469cbd157c972b157743e248554da4ae2bc10c92e3589de16"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x418}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x2801}}]}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r2, 0x400454a4, &(0x7f0000000040)) truncate(&(0x7f00000004c0)='./file0\x00', 0x0) syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x26000) 84.759659ms ago: executing program 4 (id=1125): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000840)=ANY=[@ANYBLOB="ff7f00000000000002004e21000000000000000000000000000000000000000000000000005b1c8c11923b5b50420000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c82d02fd000000000000000000000000000000000000000d"], 0x210) 3.886748ms ago: executing program 2 (id=1126): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000180), 0xfefc) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000004, 0x10012, r0, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r1, 0x84, 0x7f, &(0x7f0000000080)="010000000980ffff", 0x8) 3.719389ms ago: executing program 4 (id=1127): r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x4e, 0x0, 0x0) 3.395954ms ago: executing program 2 (id=1128): sched_setscheduler(0x0, 0x2, 0x0) syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000500)='./bus\x00', 0x18418, &(0x7f0000000200)=ANY=[@ANYRES8=0x0, @ANYRES8], 0xfe, 0x4b1, &(0x7f0000001d00)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==") setrlimit(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) truncate(&(0x7f0000000080)='./file1\x00', 0x400000f000) truncate(&(0x7f0000000200)='./file1\x00', 0x20fffffffc) getdents64(0xffffffffffffffff, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143441, 0x98) pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0) 0s ago: executing program 4 (id=1129): socket$packet(0x11, 0x3, 0x300) socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001800)={&(0x7f0000001680)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@typedef={0x0, 0x0, 0x0, 0x10, 0x10}]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) socket(0x10, 0x3, 0x0) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x80001, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) kernel console output (not intermixed with test programs): 4553][ T490] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.781267][ T6475] Bluetooth: hci1: command tx timeout [ 37.781511][ T6475] Bluetooth: hci3: command tx timeout [ 37.781640][ T6475] Bluetooth: hci4: command tx timeout [ 37.781741][ T6475] Bluetooth: hci2: command tx timeout [ 37.781851][ T6475] Bluetooth: hci0: command tx timeout [ 37.812071][ T6484] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.821100][ T6473] veth1_vlan: entered promiscuous mode [ 37.825814][ T6476] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 37.832031][ T6470] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.872635][ T6473] veth0_macvtap: entered promiscuous mode [ 37.894358][ T6473] veth1_macvtap: entered promiscuous mode [ 37.912437][ T6470] veth0_vlan: entered promiscuous mode [ 37.915870][ T6470] veth1_vlan: entered promiscuous mode [ 37.925785][ T6484] veth0_vlan: entered promiscuous mode [ 37.932926][ T6473] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.949263][ T6484] veth1_vlan: entered promiscuous mode [ 37.961556][ T6484] veth0_macvtap: entered promiscuous mode [ 37.984009][ T6484] veth1_macvtap: entered promiscuous mode [ 37.989516][ T6473] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.992660][ T6470] veth0_macvtap: entered promiscuous mode [ 37.998575][ T6473] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.001108][ T6473] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.003834][ T6473] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.005555][ T6473] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.012068][ T6477] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.028095][ T6470] veth1_macvtap: entered promiscuous mode [ 38.035285][ T6476] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.044081][ T6484] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.044192][ T6484] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.044881][ T6484] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.070412][ T6484] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.070477][ T6484] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.071356][ T6484] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.074586][ T6470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.074620][ T6470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.074637][ T6470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.074655][ T6470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.075824][ T6470] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.082788][ T6470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.082835][ T6470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.082853][ T6470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.082871][ T6470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.083588][ T6470] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.084809][ T6470] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.084849][ T6470] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.084877][ T6470] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.084904][ T6470] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.121628][ T6484] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.121711][ T6484] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.121740][ T6484] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.121767][ T6484] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.205989][ T6476] veth0_vlan: entered promiscuous mode [ 38.223860][ T6476] veth1_vlan: entered promiscuous mode [ 38.229078][ T532] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.229178][ T532] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.261544][ T6476] veth0_macvtap: entered promiscuous mode [ 38.264722][ T6476] veth1_macvtap: entered promiscuous mode [ 38.278653][ T532] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.280866][ T532] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.284233][ T6476] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.284288][ T6476] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.284326][ T6476] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.284345][ T6476] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.284369][ T6476] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.284389][ T6476] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.285007][ T6476] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.313134][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.313195][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.313264][ T6477] veth0_vlan: entered promiscuous mode [ 38.315519][ T6476] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.315552][ T6476] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.315569][ T6476] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.315587][ T6476] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.315604][ T6476] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.315621][ T6476] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.316358][ T6476] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.342232][ T6476] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.344625][ T6476] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.347212][ T6476] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.348574][ T6476] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.364579][ T532] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.364650][ T532] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.388060][ T6477] veth1_vlan: entered promiscuous mode [ 38.420938][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.421003][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.434580][ T6470] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 38.455443][ T532] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.455527][ T532] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.473296][ T6477] veth0_macvtap: entered promiscuous mode [ 38.475246][ T6477] veth1_macvtap: entered promiscuous mode [ 38.490101][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.490164][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.501428][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.501499][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.512504][ T6477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.515913][ T6477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.519054][ T6477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.522060][ T6477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.524727][ T6477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.527580][ T6477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.530346][ T6477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.533057][ T6477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.544090][ T6477] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.552099][ T6477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.552175][ T6477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.552210][ T6477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.552229][ T6477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.552246][ T6477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.552264][ T6477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.552280][ T6477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.552298][ T6477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.552821][ T6477] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.554711][ T6477] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.554754][ T6477] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.554782][ T6477] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.554825][ T6477] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.740200][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.740258][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.778704][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.778776][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.846192][ T6563] 9pnet_fd: Insufficient options for proto=fd [ 38.912658][ T6563] tipc: Started in network mode [ 38.912838][ T6563] tipc: Node identity 2, cluster identity 4711 [ 38.912928][ T6563] tipc: Node number set to 2 [ 39.559351][ T6570] loop1: detected capacity change from 0 to 128 [ 40.315506][ T6472] Bluetooth: hci0: command tx timeout [ 40.315577][ T6472] Bluetooth: hci2: command tx timeout [ 40.315629][ T6472] Bluetooth: hci4: command tx timeout [ 40.324316][ T6472] Bluetooth: hci3: command tx timeout [ 40.327320][ T6472] Bluetooth: hci1: command tx timeout [ 40.555325][ T6570] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 40.826560][ T6584] Zero length message leads to an empty skb [ 41.618732][ T6562] loop2: detected capacity change from 0 to 40427 [ 41.662493][ T6562] F2FS-fs (loop2): invalid crc value [ 41.727841][ T6476] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 41.734635][ T6604] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8'. [ 41.883258][ T6604] loop3: detected capacity change from 0 to 32768 [ 42.008715][ T6604] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.8 (6604) [ 42.028618][ T6604] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 42.028829][ T6604] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 42.028897][ T6604] BTRFS info (device loop3): using free-space-tree [ 42.043280][ T6599] loop0: detected capacity change from 0 to 32768 [ 42.080537][ T6571] loop4: detected capacity change from 0 to 32768 [ 42.372976][ T6472] Bluetooth: hci3: command tx timeout [ 42.373057][ T6472] Bluetooth: hci4: command tx timeout [ 42.373109][ T6472] Bluetooth: hci2: command tx timeout [ 42.373146][ T6472] Bluetooth: hci0: command tx timeout [ 42.373294][ T6475] Bluetooth: hci1: command tx timeout [ 42.807715][ T6628] process 'syz.1.10' launched '/dev/fd/7' with NULL argv: empty string added [ 43.420839][ T6604] BTRFS info (device loop3): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 44.448563][ T6480] Bluetooth: hci1: command tx timeout [ 44.468122][ T6480] Bluetooth: hci0: command tx timeout [ 44.470211][ T6480] Bluetooth: hci2: command tx timeout [ 44.470248][ T6480] Bluetooth: hci4: command tx timeout [ 44.470278][ T6480] Bluetooth: hci3: command tx timeout [ 45.563807][ T6482] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 45.571411][ T6482] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 45.851510][ T6668] netlink: 16 bytes leftover after parsing attributes in process `syz.4.21'. [ 45.852840][ T6666] netlink: 16 bytes leftover after parsing attributes in process `syz.3.20'. [ 46.099167][ T6669] loop4: detected capacity change from 0 to 32768 [ 46.147785][ T6666] loop3: detected capacity change from 0 to 32768 [ 46.172364][ T6669] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.21 (6669) [ 46.179701][ T6666] BTRFS: device /dev/loop3 (7:3) using temp-fsid 0ae3b1ac-8d8c-484c-bde8-b8e0c97462e9 [ 46.179813][ T6666] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.20 (6666) [ 46.182973][ T6666] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 46.183046][ T6666] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 46.183088][ T6666] BTRFS info (device loop3): using free-space-tree [ 46.187264][ T6669] BTRFS info (device loop4): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 46.187335][ T6669] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 46.187377][ T6669] BTRFS info (device loop4): using free-space-tree [ 46.372011][ T6666] BTRFS info (device loop3): last unmount of filesystem 0ae3b1ac-8d8c-484c-bde8-b8e0c97462e9 [ 46.382378][ T6669] BTRFS info (device loop4): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 46.428641][ T6654] loop0: detected capacity change from 0 to 32768 [ 46.604601][ T6659] loop1: detected capacity change from 0 to 32768 [ 46.689155][ T6706] netlink: 32 bytes leftover after parsing attributes in process `syz.3.23'. [ 46.689294][ T6706] netem: invalid attributes len -8 [ 46.689332][ T6706] netem: change failed [ 47.558166][ T6713] loop0: detected capacity change from 0 to 2048 [ 47.567807][ T6713] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 48.780346][ T6724] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 48.972912][ T6727] loop4: detected capacity change from 0 to 1024 [ 49.006154][ T6727] hfsplus: Unknown parameter '0x000000002e21fec0' [ 49.041392][ T6727] loop4: detected capacity change from 0 to 512 [ 49.041836][ T6727] EXT4-fs: Ignoring removed i_version option [ 49.062508][ T6727] EXT4-fs error (device loop4): __ext4_fill_super:5502: inode #2: comm syz.4.28: casefold flag without casefold feature [ 49.066515][ T6727] EXT4-fs (loop4): get root inode failed [ 49.066572][ T6727] EXT4-fs (loop4): mount failed [ 49.197942][ T6727] wireguard0: entered promiscuous mode [ 49.198008][ T6727] wireguard0: entered allmulticast mode [ 49.340036][ T6725] loop1: detected capacity change from 0 to 32768 [ 49.342305][ T6725] ======================================================= [ 49.342305][ T6725] WARNING: The mand mount option has been deprecated and [ 49.342305][ T6725] and is ignored by this kernel. Remove the mand [ 49.342305][ T6725] option from the mount to silence this warning. [ 49.342305][ T6725] ======================================================= [ 49.407968][ T6725] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 49.411921][ T6731] loop4: detected capacity change from 0 to 1764 [ 49.622961][ T1794] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 49.626617][ T1794] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 49.668474][ T6725] XFS (loop1): Ending clean mount [ 49.681578][ T6725] XFS (loop1): Quotacheck needed: Please wait. [ 49.694623][ T6725] XFS (loop1): Quotacheck: Done. [ 51.100961][ T6756] netlink: 32 bytes leftover after parsing attributes in process `syz.2.33'. [ 51.342319][ T6482] IPVS: starting estimator thread 0... [ 51.400197][ T6476] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 51.426925][ T6761] IPVS: using max 39 ests per chain, 93600 per kthread [ 51.820023][ T6769] loop3: detected capacity change from 0 to 32768 [ 52.500121][ T6771] loop0: detected capacity change from 0 to 32768 [ 52.557391][ T6771] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.39 (6771) [ 52.594761][ T6766] loop2: detected capacity change from 0 to 32768 [ 52.597178][ T6771] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 52.597273][ T6771] BTRFS info (device loop0): using crc32c (crc32c-arm64) checksum algorithm [ 52.597305][ T6771] BTRFS info (device loop0): disk space caching is enabled [ 52.597436][ T6771] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 52.625176][ T6769] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 52.648764][ T6769] bcachefs (loop3): initializing new filesystem [ 52.650043][ T6769] bcachefs (loop3): going read-write [ 52.659911][ T6771] BTRFS info (device loop0): rebuilding free space tree [ 52.692572][ T6771] BTRFS info (device loop0): disabling free space tree [ 52.695157][ T6771] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 52.698410][ T6771] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 52.719654][ T6769] bcachefs (loop3): marking superblocks [ 52.741259][ T6769] bcachefs (loop3): initializing freespace [ 52.769454][ T6769] bcachefs (loop3): done initializing freespace [ 52.784352][ T6769] bcachefs (loop3): reading snapshots table [ 52.784458][ T6769] bcachefs (loop3): reading snapshots done [ 52.901726][ T6810] loop2: detected capacity change from 0 to 4096 [ 52.931020][ T6769] bcachefs (loop3): done starting filesystem [ 52.985995][ T6810] ntfs3(loop2): failed to convert "0000" to iso8859-1 [ 52.988624][ T6810] ntfs3(loop2): failed to convert name for inode 1e. [ 52.989658][ T6810] ntfs3(loop2): ino=1f, mi_enum_attr [ 52.989784][ T6810] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 53.002342][ T6810] ntfs3(loop2): ino=1f, mi_enum_attr [ 53.048318][ T6470] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 53.102444][ T31] audit: type=1326 audit(52.770:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6818 comm="syz.4.46" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9135b728 code=0x0 [ 53.768323][ T6826] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 53.773406][ T6826] syz.2.48 uses obsolete (PF_INET,SOCK_PACKET) [ 53.934898][ T6831] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 54.524102][ T6484] bcachefs (loop3): shutting down [ 54.524230][ T6484] bcachefs (loop3): going read-only [ 54.524410][ T6484] bcachefs (loop3): finished waiting for writes to stop [ 54.639471][ T6484] bcachefs (loop3): flushing journal and stopping allocators, journal seq 5 [ 55.322533][ T6484] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 5 [ 55.328323][ T6484] bcachefs (loop3): clean shutdown complete, journal seq 6 [ 55.382648][ T6484] bcachefs (loop3): marking filesystem clean [ 55.464630][ T6843] loop2: detected capacity change from 0 to 4096 [ 55.528342][ T6844] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 55.538389][ T6484] bcachefs (loop3): shutdown complete [ 55.826589][ T6855] netlink: 40 bytes leftover after parsing attributes in process `syz.0.58'. [ 56.983421][ T6872] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 57.124539][ T6878] loop1: detected capacity change from 0 to 256 [ 57.128261][ T6878] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 57.129309][ T6878] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 57.129341][ T6878] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 57.129360][ T6878] UDF-fs: Scanning with blocksize 512 failed [ 57.131877][ T6878] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 57.133123][ T6878] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 57.177397][ T6874] loop2: detected capacity change from 0 to 32768 [ 57.213793][ T6883] Driver unsupported XDP return value 0 on prog (id 15) dev N/A, expect packet loss! [ 57.403514][ T6874] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 57.407181][ T6874] bcachefs (loop2): invalid journal entry, version=1.7: mi_btree_bitmap type=data_usage in superblock: invalid journal entry usage: no devices in entry free: 0/0 [], shutting down [ 57.407208][ T6874] inconsistency detected - emergency read only at journal seq 0 [ 57.409594][ T6874] bcachefs (loop2): bch2_fs_recovery(): error fsck_errors_not_fixed [ 57.409626][ T6874] bcachefs (loop2): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 57.409646][ T6874] bcachefs (loop2): shutting down [ 57.547910][ T6874] bcachefs (loop2): shutdown complete [ 57.953556][ T6905] loop1: detected capacity change from 0 to 32768 [ 58.003728][ T6905] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 58.023404][ T6480] Bluetooth: Wrong link type (-22) [ 58.025928][ T6915] FAULT_INJECTION: forcing a failure. [ 58.025928][ T6915] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 58.025996][ T6915] CPU: 0 UID: 0 PID: 6915 Comm: syz.0.78 Not tainted 6.15.0-rc2-syzkaller-gc72692105976 #0 PREEMPT [ 58.026012][ T6915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 58.026020][ T6915] Call trace: [ 58.026024][ T6915] show_stack+0x2c/0x3c (C) [ 58.026043][ T6915] dump_stack_lvl+0xe4/0x150 [ 58.026058][ T6915] dump_stack+0x1c/0x1028 [ 58.026069][ T6915] should_fail_ex+0x418/0x590 [ 58.026083][ T6915] should_fail+0x14/0x24 [ 58.026095][ T6915] should_fail_usercopy+0x20/0x30 [ 58.026107][ T6915] copy_msghdr_from_user+0xb8/0x5e8 [ 58.026123][ T6915] do_recvmmsg+0x368/0xb00 [ 58.026136][ T6915] __arm64_sys_recvmmsg+0x180/0x23c [ 58.026149][ T6915] invoke_syscall+0x98/0x2b8 [ 58.026160][ T6915] el0_svc_common+0x130/0x23c [ 58.026172][ T6915] do_el0_svc+0x48/0x58 [ 58.026183][ T6915] el0_svc+0x54/0x168 [ 58.026196][ T6915] el0t_64_sync_handler+0x84/0x108 [ 58.026209][ T6915] el0t_64_sync+0x198/0x19c [ 58.040104][ T6939] loop3: detected capacity change from 0 to 256 [ 58.042238][ T6939] vfat: Bad value for 'dmask' [ 58.053381][ T6939] loop3: detected capacity change from 0 to 8 [ 58.079684][ T6939] SQUASHFS error: lzo decompression failed, data probably corrupt [ 58.080947][ T6939] SQUASHFS error: Failed to read block 0x91: -5 [ 58.080969][ T6939] SQUASHFS error: Unable to read metadata cache entry [8f] [ 58.080988][ T6939] SQUASHFS error: Unable to read inode 0x11f [ 58.178068][ T6905] XFS (loop1): Ending clean mount [ 58.180724][ T6905] XFS (loop1): Quotacheck needed: Please wait. [ 58.192771][ T6943] tipc: Failed to remove unknown binding: 66,1,1/0:2849199351/2849199352 [ 58.192899][ T6943] tipc: Failed to remove unknown binding: 66,1,1/0:2849199351/2849199352 [ 58.214692][ T6905] XFS (loop1): Quotacheck: Done. [ 58.302293][ T6476] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 58.493597][ T6956] tipc: Failed to remove unknown binding: 66,1,1/0:3912852242/3912852243 [ 58.493677][ T6956] tipc: Failed to remove unknown binding: 66,1,1/0:3912852242/3912852243 [ 58.529271][ T6949] loop3: detected capacity change from 0 to 32768 [ 58.531780][ T6949] btrfs: Unknown parameter 'noinode_cache' [ 58.555147][ T6959] loop1: detected capacity change from 0 to 512 [ 58.557730][ T6959] EXT4-fs: Ignoring removed nobh option [ 58.615469][ T6959] EXT4-fs (loop1): orphan cleanup on readonly fs [ 58.619046][ T6959] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.94: invalid indirect mapped block 256 (level 2) [ 58.625996][ T6959] EXT4-fs (loop1): 2 truncates cleaned up [ 58.644992][ T6959] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 58.778197][ T6476] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.854887][ T6973] netlink: 16 bytes leftover after parsing attributes in process `syz.4.98'. [ 59.889526][ T6949] loop3: detected capacity change from 0 to 32768 [ 60.025080][ T6949] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.89 (6949) [ 60.065120][ T6949] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 60.065240][ T6949] BTRFS info (device loop3): using crc32c (crc32c-arm64) checksum algorithm [ 60.065293][ T6949] BTRFS info (device loop3): using free-space-tree [ 60.130648][ T6969] loop1: detected capacity change from 0 to 32768 [ 60.183731][ T6874] bcachefs: bch2_fs_get_tree() error: fsck_errors_not_fixed [ 60.447618][ T6484] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 60.524656][ T7006] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 60.531417][ T7006] batadv_slave_1: entered promiscuous mode [ 60.555423][ T6979] loop0: detected capacity change from 0 to 40427 [ 60.565426][ T6979] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x3fffff [ 60.573587][ T6979] F2FS-fs (loop0): invalid crc value [ 60.600268][ T7014] tmpfs: Bad value for 'mpol' [ 60.603514][ T7014] PKCS7: Unknown OID: [4] 0.38.35.0.951690.11253 [ 60.605949][ T7014] PKCS7: Only support pkcs7_signedData type [ 60.665998][ T6979] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 60.731644][ T6979] netlink: 8 bytes leftover after parsing attributes in process `syz.0.100'. [ 60.761109][ T7010] loop2: detected capacity change from 0 to 32768 [ 60.765006][ T7010] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.108 (7010) [ 60.790667][ T7010] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 60.790772][ T7010] BTRFS info (device loop2): using crc32c (crc32c-arm64) checksum algorithm [ 60.790813][ T7010] BTRFS info (device loop2): disk space caching is enabled [ 60.790836][ T7010] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 60.863009][ T6470] syz-executor: attempt to access beyond end of device [ 60.863009][ T6470] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 60.866883][ T6470] CPU: 1 UID: 0 PID: 6470 Comm: syz-executor Not tainted 6.15.0-rc2-syzkaller-gc72692105976 #0 PREEMPT [ 60.866911][ T6470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 60.866919][ T6470] Call trace: [ 60.866922][ T6470] show_stack+0x2c/0x3c (C) [ 60.866942][ T6470] dump_stack_lvl+0xe4/0x150 [ 60.866955][ T6470] dump_stack+0x1c/0x1028 [ 60.866967][ T6470] f2fs_handle_critical_error+0x380/0x534 [ 60.866980][ T6470] f2fs_stop_checkpoint+0x58/0x6c [ 60.866994][ T6470] f2fs_write_end_io+0x99c/0xdb0 [ 60.867006][ T6470] bio_endio+0x840/0x87c [ 60.867017][ T6470] submit_bio_noacct+0x158/0x17cc [ 60.867030][ T6470] submit_bio+0x374/0x564 [ 60.867042][ T6470] f2fs_submit_write_bio+0x13c/0x36c [ 60.867053][ T6470] __submit_merged_bio+0x258/0x79c [ 60.867064][ T6470] __submit_merged_write_cond+0x248/0x4e8 [ 60.867076][ T6470] f2fs_write_data_pages+0x20fc/0x2acc [ 60.867088][ T6470] do_writepages+0x2f8/0x7c4 [ 60.867103][ T6470] filemap_fdatawrite+0x180/0x23c [ 60.867114][ T6470] f2fs_sync_dirty_inodes+0x2c0/0x7d4 [ 60.867128][ T6470] f2fs_write_checkpoint+0x6c0/0x174c [ 60.867141][ T6470] kill_f2fs_super+0x220/0x590 [ 60.867153][ T6470] deactivate_locked_super+0xc4/0x12c [ 60.867165][ T6470] deactivate_super+0xe0/0x100 [ 60.867176][ T6470] cleanup_mnt+0x34c/0x3dc [ 60.867188][ T6470] __cleanup_mnt+0x20/0x30 [ 60.867200][ T6470] task_work_run+0x230/0x2e0 [ 60.867213][ T6470] do_notify_resume+0x178/0x1f4 [ 60.867223][ T6470] el0_svc+0xac/0x168 [ 60.867237][ T6470] el0t_64_sync_handler+0x84/0x108 [ 60.867249][ T6470] el0t_64_sync+0x198/0x19c [ 60.867263][ T6470] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 60.920495][ T7010] BTRFS info (device loop2): rebuilding free space tree [ 60.943942][ T7010] BTRFS info (device loop2): disabling free space tree [ 60.944029][ T7010] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 60.944054][ T7010] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 61.028324][ T7018] loop3: detected capacity change from 0 to 32768 [ 61.036530][ T7018] BTRFS: device /dev/loop3 (7:3) using temp-fsid 5afaa45c-b57c-4e24-9a20-6f1071bc8293 [ 61.036618][ T7018] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.109 (7018) [ 61.045431][ T7018] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 61.045524][ T7018] BTRFS info (device loop3): using crc32c (crc32c-arm64) checksum algorithm [ 61.045583][ T7018] BTRFS info (device loop3): disk space caching is enabled [ 61.045612][ T7018] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 61.112223][ T7018] BTRFS info (device loop3): rebuilding free space tree [ 61.155093][ T7034] loop1: detected capacity change from 0 to 32768 [ 61.155986][ T7018] BTRFS info (device loop3): disabling free space tree [ 61.156042][ T7018] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 61.156067][ T7018] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 61.178172][ T7034] BTRFS: device /dev/loop1 (7:1) using temp-fsid fe15a5ed-2c47-4e8a-add8-6c346c30bc9c [ 61.178245][ T7034] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.111 (7034) [ 61.193620][ T7034] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 61.193715][ T7034] BTRFS info (device loop1): using crc32c (crc32c-arm64) checksum algorithm [ 61.193768][ T7034] BTRFS info (device loop1): disk space caching is enabled [ 61.193795][ T7034] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 61.230537][ T6473] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 61.265831][ T7034] BTRFS info (device loop1): rebuilding free space tree [ 61.280120][ T7034] BTRFS info (device loop1): disabling free space tree [ 61.282303][ T7034] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 61.285098][ T7034] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 61.461105][ T7034] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 61.632540][ T6484] BTRFS info (device loop3): last unmount of filesystem 5afaa45c-b57c-4e24-9a20-6f1071bc8293 [ 61.690122][ T6476] BTRFS info (device loop1): last unmount of filesystem fe15a5ed-2c47-4e8a-add8-6c346c30bc9c [ 61.744545][ T7084] netlink: 16 bytes leftover after parsing attributes in process `syz.2.113'. [ 61.890503][ T7084] loop2: detected capacity change from 0 to 32768 [ 61.893458][ T7084] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.113 (7084) [ 61.900027][ T7084] BTRFS info (device loop2): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 61.900122][ T7084] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 61.900183][ T7084] BTRFS info (device loop2): using free-space-tree [ 61.917507][ T7079] loop0: detected capacity change from 0 to 32768 [ 61.935046][ T7079] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.112 (7079) [ 61.950695][ T7079] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 61.950814][ T7079] BTRFS info (device loop0): using sha256 (sha256-ce) checksum algorithm [ 62.090755][ T7110] loop3: detected capacity change from 0 to 2048 [ 62.090887][ T7084] BTRFS info (device loop2): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 62.119277][ T7110] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 62.119341][ T7110] UDF-fs: Scanning with blocksize 512 failed [ 62.121722][ T7079] BTRFS info (device loop0): rebuilding free space tree [ 62.139710][ T7110] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 62.163514][ T7079] BTRFS info (device loop0): disabling free space tree [ 62.163607][ T7079] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 62.163633][ T7079] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 62.238536][ T6470] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 63.417638][ T7145] netlink: 16 bytes leftover after parsing attributes in process `syz.1.123'. [ 63.751399][ T7152] fuse: Bad value for 'fd' [ 64.082503][ T7159] netlink: 4 bytes leftover after parsing attributes in process `syz.0.130'. [ 64.093620][ T7159] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 64.096150][ T7159] macsec1: entered allmulticast mode [ 64.109332][ T7159] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 64.127924][ T7159] mac80211_hwsim hwsim2 wlan0: left allmulticast mode [ 64.141992][ T7159] mac80211_hwsim hwsim2 wlan0: left promiscuous mode [ 64.242862][ T7163] loop3: detected capacity change from 0 to 512 [ 64.261207][ T7163] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 64.272421][ T7163] EXT4-fs (loop3): orphan cleanup on readonly fs [ 64.297309][ T7163] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.131: bg 0: block 248: padding at end of block bitmap is not set [ 64.302840][ T7163] Quota error (device loop3): write_blk: dquota write failed [ 64.317113][ T7163] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 64.317188][ T7163] EXT4-fs error (device loop3): ext4_acquire_dquot:6935: comm syz.3.131: Failed to acquire dquot type 1 [ 64.335954][ T7163] EXT4-fs (loop3): 1 truncate cleaned up [ 64.423015][ T7143] loop2: detected capacity change from 0 to 32768 [ 64.430686][ T7143] XFS: attr2 mount option is deprecated. [ 64.432569][ T7143] XFS: noikeep mount option is deprecated. [ 64.574035][ T7143] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 64.664529][ T7143] XFS (loop2): Ending clean mount [ 64.683233][ T7143] XFS (loop2): Quotacheck needed: Please wait. [ 64.694085][ T45] XFS (loop2): Metadata CRC error detected at xfs_rmapbt_read_verify+0x50/0xf0, xfs_rmapbt block 0x14 [ 64.694218][ T45] XFS (loop2): Unmount and run xfs_repair [ 64.694260][ T45] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 64.694288][ T45] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff RMB3............ [ 64.694314][ T45] 00000010: 00 00 02 00 00 00 00 14 00 00 00 01 00 00 00 80 ................ [ 64.694339][ T45] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 64.694364][ T45] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01 ....[.;......... [ 64.694389][ T45] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00 ................ [ 64.694414][ T45] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb ................ [ 64.694439][ T45] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02 ................ [ 64.694464][ T45] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00 ................ [ 64.694668][ T45] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x274/0x434" at daddr 0x14 len 4 error 74 [ 64.736315][ T45] XFS (loop2): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x590/0xae8 (fs/xfs/xfs_trans_buf.c:311). Shutting down filesystem. [ 64.751247][ T45] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 64.753742][ T2382] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.753873][ T2382] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.760234][ T7163] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 64.779103][ T7143] XFS (loop2): Quotacheck: Unsuccessful (Error -117): Disabling quotas. [ 64.786220][ T7163] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 64.802309][ T7143] Invalid source name [ 64.803638][ T7143] UBIFS error (pid: 7143): cannot open "./file0", error -22 [ 64.826770][ T7163] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 64.844037][ T7163] EXT4-fs error (device loop3): __ext4_remount:6738: comm syz.3.131: Abort forced by user [ 64.853688][ T7163] EXT4-fs (loop3): Remounting filesystem read-only [ 64.853754][ T7163] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 64.927757][ T6473] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 64.957338][ T7181] netlink: 20 bytes leftover after parsing attributes in process `syz.3.131'. [ 65.236996][ T6484] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 65.284940][ T7156] netlink: 'syz.4.129': attribute type 1 has an invalid length. [ 65.349246][ T7191] loop3: detected capacity change from 0 to 17 [ 65.356022][ T7191] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop3 [ 65.376308][ T7192] fuse: Bad value for 'fd' [ 65.385559][ T7193] netlink: 16 bytes leftover after parsing attributes in process `syz.2.134'. [ 65.552085][ T7193] loop2: detected capacity change from 0 to 32768 [ 65.553290][ T7193] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.134 (7193) [ 65.573480][ T7193] BTRFS info (device loop2): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 65.573591][ T7193] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 65.573635][ T7193] BTRFS info (device loop2): using free-space-tree [ 66.746272][ T7193] BTRFS info (device loop2): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 67.043868][ T7228] netlink: 16 bytes leftover after parsing attributes in process `syz.0.142'. [ 67.067931][ T31] audit: type=1326 audit(66.790:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7224 comm="syz.1.143" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 67.074291][ T31] audit: type=1326 audit(66.790:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7224 comm="syz.1.143" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 67.080792][ T31] audit: type=1326 audit(66.790:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7224 comm="syz.1.143" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 67.087502][ T31] audit: type=1326 audit(66.790:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7224 comm="syz.1.143" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 67.093712][ T31] audit: type=1326 audit(66.790:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7224 comm="syz.1.143" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 67.174535][ T31] audit: type=1326 audit(66.790:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7224 comm="syz.1.143" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 67.188697][ T31] audit: type=1326 audit(66.790:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7224 comm="syz.1.143" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 67.202990][ T31] audit: type=1326 audit(66.790:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7224 comm="syz.1.143" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 67.902683][ T7191] loop3: detected capacity change from 0 to 32768 [ 67.906642][ T7235] netlink: 168 bytes leftover after parsing attributes in process `syz.0.145'. [ 67.909450][ T7191] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.136 (7191) [ 68.507933][ T7235] loop0: detected capacity change from 0 to 512 [ 68.511457][ T7235] EXT4-fs: Ignoring removed nobh option [ 68.548404][ T7235] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.145: invalid indirect mapped block 256 (level 2) [ 68.588617][ T7235] EXT4-fs (loop0): 2 truncates cleaned up [ 68.589636][ T7235] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 68.715918][ T6470] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.783741][ T7248] fuse: Bad value for 'fd' [ 68.912049][ T6480] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 68.914158][ T6480] Bluetooth: Wrong link type (-22) [ 68.915990][ T6480] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 68.919623][ T6480] Bluetooth: Wrong link type (-22) [ 69.001332][ T7246] loop3: detected capacity change from 0 to 32768 [ 69.309824][ T31] kauditd_printk_skb: 26 callbacks suppressed [ 69.309922][ T31] audit: type=1326 audit(69.010:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.1.154" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 69.310134][ T31] audit: type=1326 audit(69.010:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.1.154" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 69.310276][ T31] audit: type=1326 audit(69.010:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.1.154" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 69.310440][ T31] audit: type=1326 audit(69.010:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.1.154" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 69.310579][ T31] audit: type=1326 audit(69.010:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.1.154" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 69.310718][ T31] audit: type=1326 audit(69.010:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.1.154" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 69.310898][ T31] audit: type=1326 audit(69.010:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.1.154" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 69.311058][ T31] audit: type=1326 audit(69.010:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.1.154" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 69.311215][ T31] audit: type=1326 audit(69.010:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.1.154" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=200 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 69.311372][ T31] audit: type=1326 audit(69.010:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.1.154" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 69.744522][ T7256] loop0: detected capacity change from 0 to 32768 [ 69.767414][ T7256] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.153 (7256) [ 69.794962][ T7256] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 69.795064][ T7256] BTRFS info (device loop0): using crc32c (crc32c-arm64) checksum algorithm [ 69.795940][ T7256] BTRFS info (device loop0): using free-space-tree [ 69.873242][ T9] cfg80211: failed to load regulatory.db [ 70.076542][ T7288] netlink: 16 bytes leftover after parsing attributes in process `syz.3.155'. [ 70.338473][ T6470] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 70.808738][ T7306] netlink: 3136 bytes leftover after parsing attributes in process `syz.2.165'. [ 71.131663][ T7314] netlink: 16 bytes leftover after parsing attributes in process `syz.1.159'. [ 72.116694][ T7322] bridge1: entered allmulticast mode [ 72.303425][ T7337] netlink: 8 bytes leftover after parsing attributes in process `syz.1.176'. [ 72.306325][ T7337] netlink: 16 bytes leftover after parsing attributes in process `syz.1.176'. [ 72.337174][ T7332] loop0: detected capacity change from 0 to 4096 [ 72.443596][ T7332] ntfs3(loop0): ino=6, mi_enum_attr [ 72.443745][ T7332] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 72.444923][ T7332] ntfs3(loop0): Failed to load $Bitmap (-22). [ 72.538568][ T7343] netlink: 16 bytes leftover after parsing attributes in process `syz.3.177'. [ 72.768637][ T7347] fuse: Bad value for 'fd' [ 74.588814][ T7369] netlink: 8 bytes leftover after parsing attributes in process `syz.2.187'. [ 74.892677][ T7378] netlink: 16 bytes leftover after parsing attributes in process `syz.3.183'. [ 75.584237][ T7378] loop3: detected capacity change from 0 to 32768 [ 75.611562][ T7378] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.183 (7378) [ 75.656585][ T7378] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 75.656689][ T7378] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 75.656733][ T7378] BTRFS info (device loop3): using free-space-tree [ 75.869156][ T7378] BTRFS info (device loop3): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 76.206507][ T7405] netlink: 16 bytes leftover after parsing attributes in process `syz.0.193'. [ 77.448683][ T31] kauditd_printk_skb: 45 callbacks suppressed [ 77.455718][ T31] audit: type=1326 audit(77.070:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7408 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 77.455794][ T31] audit: type=1326 audit(77.080:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7408 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 77.455856][ T31] audit: type=1326 audit(77.080:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7408 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 77.455895][ T31] audit: type=1326 audit(77.080:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7408 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 77.455931][ T31] audit: type=1326 audit(77.080:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7408 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 77.455967][ T31] audit: type=1326 audit(77.080:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7408 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 77.456004][ T31] audit: type=1326 audit(77.080:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7408 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 77.456041][ T31] audit: type=1326 audit(77.080:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7408 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 77.456077][ T31] audit: type=1326 audit(77.080:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7408 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=200 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 77.456113][ T31] audit: type=1326 audit(77.080:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7408 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 79.116615][ T7453] netlink: 16 bytes leftover after parsing attributes in process `syz.2.207'. [ 79.552720][ T7447] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.555460][ T7447] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.603742][ T7447] veth0_vlan: entered allmulticast mode [ 79.848312][ T7465] netlink: 16 bytes leftover after parsing attributes in process `syz.0.204'. [ 79.940719][ T7464] tipc: Failed to remove unknown binding: 66,1,1/0:3089784410/3089784411 [ 79.944547][ T7464] tipc: Failed to remove unknown binding: 66,1,1/0:3089784410/3089784411 [ 80.494193][ T7467] tipc: Failed to remove unknown binding: 66,1,1/0:177208329/177208330 [ 80.496501][ T6475] Bluetooth: hci4: command 0x0406 tx timeout [ 80.513340][ T7467] tipc: Failed to remove unknown binding: 66,1,1/0:177208329/177208330 [ 81.222261][ T7482] loop0: detected capacity change from 0 to 512 [ 81.224852][ T7482] EXT4-fs: Ignoring removed nobh option [ 81.250707][ T7482] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.217: invalid indirect mapped block 256 (level 2) [ 81.252473][ T7482] EXT4-fs (loop0): 2 truncates cleaned up [ 81.254767][ T7482] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.310063][ T6470] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.261574][ T7492] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.263075][ T7492] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.477437][ T7492] veth0_vlan: entered allmulticast mode [ 82.830691][ T6480] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 82.830827][ T6480] Bluetooth: Wrong link type (-22) [ 82.830883][ T6480] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 82.830907][ T6480] Bluetooth: Wrong link type (-22) [ 82.830964][ T6480] Bluetooth: hci3: link tx timeout [ 82.831019][ T6480] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 82.903571][ T7506] netlink: 16 bytes leftover after parsing attributes in process `syz.0.221'. [ 83.212722][ T31] kauditd_printk_skb: 24 callbacks suppressed [ 83.217103][ T31] audit: type=1326 audit(82.940:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7507 comm="syz.4.225" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9135b728 code=0x7ffc0000 [ 83.223497][ T31] audit: type=1326 audit(82.940:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7507 comm="syz.4.225" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9135b728 code=0x7ffc0000 [ 83.233578][ T31] audit: type=1326 audit(82.940:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7507 comm="syz.4.225" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffff9135b728 code=0x7ffc0000 [ 83.242786][ T31] audit: type=1326 audit(82.940:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7507 comm="syz.4.225" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9135b728 code=0x7ffc0000 [ 83.250901][ T31] audit: type=1326 audit(82.940:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7507 comm="syz.4.225" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9135b728 code=0x7ffc0000 [ 83.260024][ T31] audit: type=1326 audit(82.940:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7507 comm="syz.4.225" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff9135b728 code=0x7ffc0000 [ 83.272135][ T31] audit: type=1326 audit(82.940:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7507 comm="syz.4.225" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9135b728 code=0x7ffc0000 [ 83.280930][ T31] audit: type=1326 audit(82.940:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7507 comm="syz.4.225" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9135b728 code=0x7ffc0000 [ 83.288826][ T31] audit: type=1326 audit(82.950:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7507 comm="syz.4.225" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=200 compat=0 ip=0xffff9135b728 code=0x7ffc0000 [ 83.297189][ T31] audit: type=1326 audit(82.950:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7507 comm="syz.4.225" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9135b728 code=0x7ffc0000 [ 83.377729][ T6480] Bluetooth: hci2: command tx timeout [ 84.076672][ T6480] Bluetooth: Wrong link type (-22) [ 84.077620][ T6480] Bluetooth: hci3: link tx timeout [ 84.077648][ T6480] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 84.719831][ T7517] loop0: detected capacity change from 0 to 32768 [ 84.881491][ T7537] netlink: 16 bytes leftover after parsing attributes in process `syz.1.227'. [ 84.893475][ T7538] FAULT_INJECTION: forcing a failure. [ 84.893475][ T7538] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 84.893553][ T7538] CPU: 1 UID: 0 PID: 7538 Comm: syz.3.235 Not tainted 6.15.0-rc2-syzkaller-gc72692105976 #0 PREEMPT [ 84.893570][ T7538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 84.893578][ T7538] Call trace: [ 84.893582][ T7538] show_stack+0x2c/0x3c (C) [ 84.893601][ T7538] dump_stack_lvl+0xe4/0x150 [ 84.893615][ T7538] dump_stack+0x1c/0x1028 [ 84.893626][ T7538] should_fail_ex+0x418/0x590 [ 84.893640][ T7538] should_fail+0x14/0x24 [ 84.893651][ T7538] should_fail_usercopy+0x20/0x30 [ 84.893664][ T7538] semctl_info+0x2f0/0x630 [ 84.893678][ T7538] __arm64_sys_semctl+0x298/0x580 [ 84.893692][ T7538] invoke_syscall+0x98/0x2b8 [ 84.893704][ T7538] el0_svc_common+0x130/0x23c [ 84.893715][ T7538] do_el0_svc+0x48/0x58 [ 84.893726][ T7538] el0_svc+0x54/0x168 [ 84.893740][ T7538] el0t_64_sync_handler+0x84/0x108 [ 84.893760][ T7538] el0t_64_sync+0x198/0x19c [ 84.898488][ T6480] Bluetooth: hci3: command 0x0406 tx timeout [ 85.158599][ T7540] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.167247][ T7540] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.480233][ T7536] veth0_vlan: entered allmulticast mode [ 85.520274][ T7517] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 85.875679][ T7517] XFS (loop0): Ending clean mount [ 85.895327][ T7517] XFS (loop0): Quotacheck needed: Please wait. [ 85.957882][ T7558] netlink: 16 bytes leftover after parsing attributes in process `syz.3.238'. [ 86.125986][ T7517] XFS (loop0): Quotacheck: Done. [ 86.750605][ T6470] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 86.991164][ T7570] loop0: detected capacity change from 0 to 128 [ 87.037486][ T7572] fuse: Bad value for 'fd' [ 87.084346][ T7564] loop3: detected capacity change from 0 to 32768 [ 87.143331][ T7564] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 87.195724][ T7564] XFS (loop3): Ending clean mount [ 87.201877][ T7564] XFS (loop3): Quotacheck needed: Please wait. [ 87.218302][ T7564] XFS (loop3): Quotacheck: Done. [ 87.338314][ T6484] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 87.480017][ T7589] 9pnet: p9_errstr2errno: server reported unknown error sŖm'tT #>r[ [ 87.661831][ T7584] loop0: detected capacity change from 0 to 32768 [ 87.673401][ T7584] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.246 (7584) [ 87.688600][ T7584] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 87.692172][ T7584] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 87.696685][ T7584] BTRFS info (device loop0): using free-space-tree [ 87.873912][ T7596] loop3: detected capacity change from 0 to 4096 [ 89.589767][ T7634] fuse: Bad value for 'fd' [ 89.659960][ T6470] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 89.796537][ T7642] netlink: 'syz.2.260': attribute type 1 has an invalid length. [ 89.932871][ T7642] 8021q: adding VLAN 0 to HW filter on device bond1 [ 89.944394][ T7645] bond1: (slave gretap1): making interface the new active one [ 89.968292][ T7645] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 89.983790][ T7649] bridge1: entered allmulticast mode [ 90.103422][ T7654] netlink: 16 bytes leftover after parsing attributes in process `syz.1.258'. [ 90.142014][ T7656] loop3: detected capacity change from 0 to 8 [ 90.172122][ T7655] loop0: detected capacity change from 0 to 4096 [ 90.667357][ T7669] fuse: Bad value for 'fd' [ 90.952090][ T7676] fuse: Bad value for 'fd' [ 91.299606][ T7674] loop3: detected capacity change from 0 to 256 [ 91.580742][ T7674] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 91.588394][ T7674] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 91.588459][ T7674] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 91.588492][ T7674] UDF-fs: Scanning with blocksize 512 failed [ 91.596539][ T7674] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 91.604044][ T7674] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 91.698124][ T7684] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 91.985063][ T6480] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 92.169060][ T7708] fuse: Bad value for 'fd' [ 92.898369][ T7710] fuse: Bad value for 'fd' [ 93.073180][ T31] kauditd_printk_skb: 41 callbacks suppressed [ 93.073233][ T31] audit: type=1326 audit(92.810:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7713 comm="syz.0.285" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa895b728 code=0x0 [ 93.670777][ T7717] loop3: detected capacity change from 0 to 32768 [ 94.232476][ T6480] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 94.925416][ T7742] loop3: detected capacity change from 0 to 32768 [ 94.929698][ T7742] xfs: Unknown parameter '-Yq.' [ 95.095979][ T7763] ALSA: mixer_oss: invalid OSS volume '' [ 95.111876][ T6480] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 95.267143][ T7763] loop3: detected capacity change from 0 to 32768 [ 95.271772][ T7763] btrfs: Unknown parameter 'inode_cache' [ 95.691886][ T6550] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 95.702649][ T7776] loop0: detected capacity change from 0 to 1024 [ 95.703140][ T7776] EXT4-fs: Ignoring removed nomblk_io_submit option [ 95.703830][ T7776] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 95.719865][ T31] audit: type=1326 audit(95.390:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7770 comm="syz.1.308" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 95.720651][ T31] audit: type=1326 audit(95.390:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7770 comm="syz.1.308" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 95.720688][ T31] audit: type=1326 audit(95.390:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7770 comm="syz.1.308" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffa7f59c54 code=0x7ffc0000 [ 95.720719][ T31] audit: type=1326 audit(95.390:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7770 comm="syz.1.308" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffa7f59c54 code=0x7ffc0000 [ 95.720751][ T31] audit: type=1326 audit(95.400:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7770 comm="syz.1.308" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 95.720782][ T31] audit: type=1326 audit(95.400:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7770 comm="syz.1.308" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 95.720822][ T31] audit: type=1326 audit(95.400:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7770 comm="syz.1.308" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=25 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 95.720854][ T31] audit: type=1326 audit(95.400:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7770 comm="syz.1.308" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 95.720887][ T31] audit: type=1326 audit(95.400:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7770 comm="syz.1.308" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 95.771210][ T6550] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 95.797045][ T7776] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.849866][ T6470] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.073479][ T7785] loop3: detected capacity change from 0 to 1024 [ 96.149086][ T7787] loop0: detected capacity change from 0 to 1764 [ 96.629200][ T6480] Bluetooth: Wrong link type (-22) [ 96.668709][ T7797] loop0: detected capacity change from 0 to 256 [ 96.682220][ T7797] vfat: Bad value for 'dmask' [ 96.695928][ T7797] loop0: detected capacity change from 0 to 8 [ 96.714211][ T7797] SQUASHFS error: lzo decompression failed, data probably corrupt [ 96.721273][ T7797] SQUASHFS error: Failed to read block 0x91: -5 [ 96.723698][ T7797] SQUASHFS error: Unable to read metadata cache entry [8f] [ 96.726107][ T7797] SQUASHFS error: Unable to read inode 0x11f [ 96.748586][ T7803] fuse: Bad value for 'fd' [ 98.029439][ T7844] fuse: Bad value for 'fd' [ 98.086824][ T6480] Bluetooth: Wrong link type (-22) [ 98.319553][ T7852] warning: `syz.4.338' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 98.808020][ T7832] loop0: detected capacity change from 0 to 40427 [ 98.811076][ T7832] F2FS-fs (loop0): invalid crc value [ 98.881133][ T7832] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 98.911351][ T7832] syz.0.329: attempt to access beyond end of device [ 98.911351][ T7832] loop0: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 99.051977][ T7873] fuse: Bad value for 'fd' [ 99.185323][ T6480] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 99.268248][ T7864] loop3: detected capacity change from 0 to 40427 [ 99.718177][ T7896] loop3: detected capacity change from 0 to 128 [ 99.720892][ T7896] EXT4-fs: Ignoring removed oldalloc option [ 99.720959][ T7896] EXT4-fs: Ignoring removed nobh option [ 99.944817][ T7896] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 100.566292][ T6480] Bluetooth: Wrong link type (-22) [ 101.321776][ T7929] netlink: 'syz.0.367': attribute type 10 has an invalid length. [ 101.321874][ T7929] team0: Device dummy0 is up. Set it down before adding it as a team port [ 101.422499][ T6480] Bluetooth: Wrong link type (-22) [ 101.424094][ T6480] Bluetooth: hci1: link tx timeout [ 101.425819][ T6480] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa [ 101.649995][ T7929] loop0: detected capacity change from 0 to 40427 [ 101.666816][ T7929] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x3fffff [ 101.686715][ T7929] F2FS-fs (loop0): invalid crc value [ 101.723279][ T7929] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 101.750211][ T7954] fuse: Bad value for 'fd' [ 101.842701][ T6470] syz-executor: attempt to access beyond end of device [ 101.842701][ T6470] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 101.842810][ T6470] CPU: 0 UID: 0 PID: 6470 Comm: syz-executor Not tainted 6.15.0-rc2-syzkaller-gc72692105976 #0 PREEMPT [ 101.842826][ T6470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 101.842834][ T6470] Call trace: [ 101.842837][ T6470] show_stack+0x2c/0x3c (C) [ 101.842857][ T6470] dump_stack_lvl+0xe4/0x150 [ 101.842871][ T6470] dump_stack+0x1c/0x1028 [ 101.842882][ T6470] f2fs_handle_critical_error+0x380/0x534 [ 101.842895][ T6470] f2fs_stop_checkpoint+0x58/0x6c [ 101.842915][ T6470] f2fs_write_end_io+0x99c/0xdb0 [ 101.842928][ T6470] bio_endio+0x840/0x87c [ 101.842940][ T6470] submit_bio_noacct+0x158/0x17cc [ 101.842953][ T6470] submit_bio+0x374/0x564 [ 101.842964][ T6470] f2fs_submit_write_bio+0x13c/0x36c [ 101.842976][ T6470] __submit_merged_bio+0x258/0x79c [ 101.842987][ T6470] __submit_merged_write_cond+0x248/0x4e8 [ 101.842999][ T6470] f2fs_write_data_pages+0x20fc/0x2acc [ 101.843011][ T6470] do_writepages+0x2f8/0x7c4 [ 101.843026][ T6470] filemap_fdatawrite+0x180/0x23c [ 101.843037][ T6470] f2fs_sync_dirty_inodes+0x2c0/0x7d4 [ 101.843051][ T6470] f2fs_write_checkpoint+0x6c0/0x174c [ 101.843065][ T6470] kill_f2fs_super+0x220/0x590 [ 101.843076][ T6470] deactivate_locked_super+0xc4/0x12c [ 101.843089][ T6470] deactivate_super+0xe0/0x100 [ 101.843099][ T6470] cleanup_mnt+0x34c/0x3dc [ 101.843112][ T6470] __cleanup_mnt+0x20/0x30 [ 101.843123][ T6470] task_work_run+0x230/0x2e0 [ 101.843136][ T6470] do_notify_resume+0x178/0x1f4 [ 101.843147][ T6470] el0_svc+0xac/0x168 [ 101.843163][ T6470] el0t_64_sync_handler+0x84/0x108 [ 101.843176][ T6470] el0t_64_sync+0x198/0x19c [ 101.843263][ T6470] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 102.200765][ T7938] overlayfs: failed to resolve './file0/../file0': -2 [ 102.851571][ T7973] netlink: 16 bytes leftover after parsing attributes in process `syz.4.382'. [ 103.789596][ T7987] fuse: Bad value for 'fd' [ 103.888180][ T6475] Bluetooth: hci1: command tx timeout [ 104.157837][ T7966] loop0: detected capacity change from 0 to 40427 [ 104.163220][ T7966] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x7 [ 104.165505][ T7966] F2FS-fs (loop0): invalid crc value [ 104.204021][ T7966] F2FS-fs (loop0): Start checkpoint disabled! [ 104.244352][ T7966] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 104.254084][ T7966] F2FS-fs (loop0): Skipping Checkpoint. Checkpoints currently disabled. [ 104.404438][ T8009] Bluetooth: MGMT ver 1.23 [ 104.414782][ T8002] netlink: 24 bytes leftover after parsing attributes in process `syz.3.394'. [ 105.108771][ T8022] fuse: Bad value for 'fd' [ 105.197969][ T8036] netlink: 48 bytes leftover after parsing attributes in process `syz.1.402'. [ 105.230453][ T8034] loop0: detected capacity change from 0 to 1024 [ 105.236912][ T8034] EXT4-fs: Ignoring removed orlov option [ 105.269581][ T8034] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.277832][ T8034] overlayfs: missing 'lowerdir' [ 105.303078][ T6470] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.987021][ T6475] Bluetooth: hci1: command tx timeout [ 107.625238][ T8099] sch_fq: defrate 0 ignored. [ 107.680027][ T8099] netlink: 8 bytes leftover after parsing attributes in process `syz.1.426'. [ 107.682598][ T8099] netlink: 52 bytes leftover after parsing attributes in process `syz.1.426'. [ 107.764281][ T8090] loop0: detected capacity change from 0 to 32768 [ 107.880914][ T8090] loop0: detected capacity change from 0 to 1764 [ 107.899144][ T8090] loop0: detected capacity change from 0 to 8 [ 109.180248][ T8133] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 109.180322][ T8133] overlayfs: missing 'lowerdir' [ 109.239059][ T8115] loop0: detected capacity change from 0 to 32768 [ 109.274045][ T8115] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 109.558635][ T8115] XFS (loop0): Ending clean mount [ 109.594735][ T8115] XFS (loop0): Quotacheck needed: Please wait. [ 109.632957][ T8153] 9pnet_fd: Insufficient options for proto=fd [ 110.143746][ T8115] XFS (loop0): Quotacheck: Done. [ 110.397403][ T6470] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 110.534998][ T1794] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 110.542042][ T1794] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 110.560054][ T8166] loop0: detected capacity change from 0 to 1024 [ 110.560543][ T8166] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.563856][ T8166] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 110.582547][ T8166] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.668584][ T6470] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.679204][ T8124] netlink: 20 bytes leftover after parsing attributes in process `syz.2.437'. [ 110.682648][ T8124] netlink: 32 bytes leftover after parsing attributes in process `syz.2.437'. [ 110.726918][ T8124] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.727098][ T8124] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.727151][ T8124] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.727186][ T8124] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.737599][ T8124] vxlan0: entered promiscuous mode [ 110.739175][ T8124] vxlan0: entered allmulticast mode [ 111.420007][ T8165] tipc: Failed to remove unknown binding: 66,1,1/0:2957267942/2957267943 [ 111.423782][ T8165] tipc: Failed to remove unknown binding: 66,1,1/0:2957267942/2957267943 [ 111.617859][ T8181] netlink: 4 bytes leftover after parsing attributes in process `syz.4.452'. [ 112.030772][ T31] kauditd_printk_skb: 24 callbacks suppressed [ 112.030974][ T31] audit: type=1326 audit(111.750:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8191 comm="syz.3.455" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb695b728 code=0x7ffc0000 [ 112.031169][ T31] audit: type=1326 audit(111.750:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8191 comm="syz.3.455" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb695b728 code=0x7ffc0000 [ 112.031329][ T31] audit: type=1326 audit(111.750:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8191 comm="syz.3.455" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffffb695b728 code=0x7ffc0000 [ 112.031488][ T31] audit: type=1326 audit(111.750:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8191 comm="syz.3.455" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb695b728 code=0x7ffc0000 [ 112.031679][ T31] audit: type=1326 audit(111.750:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8191 comm="syz.3.455" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb695b728 code=0x7ffc0000 [ 112.031842][ T31] audit: type=1326 audit(111.750:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8191 comm="syz.3.455" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffb695b728 code=0x7ffc0000 [ 112.032075][ T31] audit: type=1326 audit(111.750:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8191 comm="syz.3.455" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb695b728 code=0x7ffc0000 [ 112.032235][ T31] audit: type=1326 audit(111.750:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8191 comm="syz.3.455" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb695b728 code=0x7ffc0000 [ 112.032368][ T31] audit: type=1326 audit(111.750:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8191 comm="syz.3.455" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=277 compat=0 ip=0xffffb695b728 code=0x7ffc0000 [ 112.032527][ T31] audit: type=1326 audit(111.750:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8191 comm="syz.3.455" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb695b728 code=0x7ffc0000 [ 112.568113][ T8212] tipc: Started in network mode [ 112.569765][ T8212] tipc: Node identity :, cluster identity 4711 [ 112.571470][ T8212] tipc: Enabling of bearer rejected, failed to enable media [ 113.203357][ T8232] syzkaller0: entered allmulticast mode [ 113.213607][ T8232] syzkaller0 (unregistering): left allmulticast mode [ 113.357857][ T8237] fuse: Bad value for 'user_id' [ 113.359481][ T8237] fuse: Bad value for 'user_id' [ 113.502863][ T8243] ptrace attach of "./syz-executor exec"[6477] was attempted by ""[8243] [ 113.512510][ T8241] netlink: 36 bytes leftover after parsing attributes in process `syz.1.473'. [ 113.573993][ T8248] loop0: detected capacity change from 0 to 1764 [ 113.646604][ T6475] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 113.668123][ T8255] 9pnet_fd: Insufficient options for proto=fd [ 113.849376][ T8260] loop0: detected capacity change from 0 to 64 [ 114.733338][ T8270] loop0: detected capacity change from 0 to 17 [ 114.738957][ T8270] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop0 [ 114.751271][ T8270] netlink: 'syz.0.484': attribute type 3 has an invalid length. [ 114.982246][ T8275] loop0: detected capacity change from 0 to 128 [ 114.997340][ T8275] omfs: sysblock number (f784317bf884317b) is out of range [ 115.197612][ T8286] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 115.297386][ T6524] IPVS: starting estimator thread 0... [ 115.708914][ T8291] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.711153][ T8291] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.759647][ T8291] veth0_vlan: entered allmulticast mode [ 115.775596][ T8293] fuse: Bad value for 'fd' [ 116.296546][ T8287] IPVS: using max 39 ests per chain, 93600 per kthread [ 116.626625][ T8297] loop0: detected capacity change from 0 to 4096 [ 116.631313][ T8297] ntfs3: Unknown parameter 'V5ҡռw2uK!TQ3'h.$m' [ 117.528491][ T6475] Bluetooth: hci0: command tx timeout [ 117.651468][ T31] kauditd_printk_skb: 28 callbacks suppressed [ 117.651535][ T31] audit: type=1326 audit(116.650:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8298 comm="syz.2.495" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 117.651672][ T31] audit: type=1326 audit(116.650:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8298 comm="syz.2.495" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 117.651708][ T31] audit: type=1326 audit(116.660:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8298 comm="syz.2.495" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 117.651740][ T31] audit: type=1326 audit(116.660:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8298 comm="syz.2.495" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 117.651772][ T31] audit: type=1326 audit(116.660:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8298 comm="syz.2.495" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 117.651809][ T31] audit: type=1326 audit(116.660:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8298 comm="syz.2.495" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 117.651842][ T31] audit: type=1326 audit(116.660:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8298 comm="syz.2.495" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 117.651874][ T31] audit: type=1326 audit(116.660:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8298 comm="syz.2.495" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 117.651904][ T31] audit: type=1326 audit(116.660:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8298 comm="syz.2.495" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 117.651935][ T31] audit: type=1326 audit(116.660:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8298 comm="syz.2.495" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 118.021997][ T8305] netlink: 4 bytes leftover after parsing attributes in process `syz.4.497'. [ 118.024480][ T8305] openvswitch: netlink: ufid size 20 bytes exceeds the range (1, 16) [ 118.048127][ T8314] FAULT_INJECTION: forcing a failure. [ 118.048127][ T8314] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 118.048336][ T8314] CPU: 1 UID: 0 PID: 8314 Comm: syz.3.500 Not tainted 6.15.0-rc2-syzkaller-gc72692105976 #0 PREEMPT [ 118.048361][ T8314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 118.048369][ T8314] Call trace: [ 118.048373][ T8314] show_stack+0x2c/0x3c (C) [ 118.048393][ T8314] dump_stack_lvl+0xe4/0x150 [ 118.048407][ T8314] dump_stack+0x1c/0x1028 [ 118.048418][ T8314] should_fail_ex+0x418/0x590 [ 118.048432][ T8314] should_fail+0x14/0x24 [ 118.048444][ T8314] should_fail_usercopy+0x20/0x30 [ 118.048456][ T8314] sctp_getsockopt_context+0xd8/0x784 [ 118.048470][ T8314] sctp_getsockopt+0x564/0x99c [ 118.048481][ T8314] sock_common_getsockopt+0xa8/0xc4 [ 118.048494][ T8314] do_sock_getsockopt+0x370/0x568 [ 118.048507][ T8314] __arm64_sys_getsockopt+0x168/0x1d8 [ 118.048520][ T8314] invoke_syscall+0x98/0x2b8 [ 118.048532][ T8314] el0_svc_common+0x130/0x23c [ 118.048544][ T8314] do_el0_svc+0x48/0x58 [ 118.048555][ T8314] el0_svc+0x54/0x168 [ 118.048568][ T8314] el0t_64_sync_handler+0x84/0x108 [ 118.048580][ T8314] el0t_64_sync+0x198/0x19c [ 118.095065][ T8302] loop0: detected capacity change from 0 to 32768 [ 118.146598][ T8302] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 118.475369][ T8302] XFS (loop0): Ending clean mount [ 118.527174][ T6470] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 120.017990][ T6475] Bluetooth: hci2: command tx timeout [ 126.177991][ T2382] ieee802154 phy0 wpan0: encryption failed: -22 [ 126.178072][ T2382] ieee802154 phy1 wpan1: encryption failed: -22 [ 140.016558][ T6480] Bluetooth: hci3: command 0x0406 tx timeout [ 141.726762][ T8351] loop0: detected capacity change from 0 to 128 [ 141.727430][ T8351] vfat: Unknown parameter '' [ 141.948697][ T8344] netlink: 8 bytes leftover after parsing attributes in process `syz.2.505'. [ 141.958407][ T8344] netlink: 4 bytes leftover after parsing attributes in process `syz.2.505'. [ 142.378981][ T8373] Cannot find add_set index 0 as target [ 145.491849][ T8379] loop0: detected capacity change from 0 to 32768 [ 145.610219][ T31] kauditd_printk_skb: 12 callbacks suppressed [ 145.645592][ T31] audit: type=1326 audit(145.350:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8402 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 145.651996][ T31] audit: type=1326 audit(145.350:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8402 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 145.665943][ T31] audit: type=1326 audit(145.350:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8402 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 145.674891][ T31] audit: type=1326 audit(145.350:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8402 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 145.685003][ T31] audit: type=1326 audit(145.350:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8402 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 145.691017][ T31] audit: type=1326 audit(145.350:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8402 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 145.698182][ T31] audit: type=1326 audit(145.350:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8402 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 145.704194][ T31] audit: type=1326 audit(145.350:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8402 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 145.710996][ T31] audit: type=1326 audit(145.350:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8402 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=277 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 145.716938][ T31] audit: type=1326 audit(145.350:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8402 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 146.045822][ T8379] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 146.046138][ T8379] workqueue: Failed to create a rescuer kthread for wq "xfs-log/loop0": -EINTR [ 146.046616][ T8379] XFS (loop0): log mount failed [ 146.886763][ T8424] netlink: 'syz.1.531': attribute type 33 has an invalid length. [ 146.886830][ T8424] netlink: 152 bytes leftover after parsing attributes in process `syz.1.531'. [ 146.995588][ T8427] loop0: detected capacity change from 0 to 4096 [ 147.183917][ T8427] ntfs3(loop0): Failed to initialize $Extend/$ObjId. [ 148.141941][ T8441] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.150057][ T8441] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.583742][ T8438] veth0_vlan: entered allmulticast mode [ 148.701532][ T6475] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 149.082040][ T8455] fuse: Bad value for 'fd' [ 149.956005][ T8470] loop0: detected capacity change from 0 to 1024 [ 149.968086][ T8470] EXT4-fs: Ignoring removed mblk_io_submit option [ 149.996326][ T8470] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=2040c018, mo2=0002] [ 149.996552][ T8470] System zones: 0-1, 3-12 [ 150.058738][ T8478] 9pnet_fd: Insufficient options for proto=fd [ 150.123853][ T8478] tipc: Started in network mode [ 150.124007][ T8478] tipc: Node identity 2, cluster identity 4711 [ 150.124090][ T8478] tipc: Node number set to 2 [ 150.375402][ T8470] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 150.626676][ T6475] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 150.628691][ T6475] Bluetooth: Wrong link type (-22) [ 150.630197][ T6475] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 150.632015][ T6475] Bluetooth: Wrong link type (-22) [ 151.838304][ T6470] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.894438][ T8506] loop0: detected capacity change from 0 to 32768 [ 153.066097][ T8495] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 153.084717][ T8495] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 153.095046][ T8506] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 153.095136][ T8506] bcachefs (loop0): initializing new filesystem [ 153.113171][ T8506] bcachefs (loop0): going read-write [ 153.149964][ T8506] bcachefs (loop0): marking superblocks [ 153.196018][ T8508] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 153.196853][ T8508] IPv6: NLM_F_CREATE should be set when creating new route [ 153.204635][ T8508] capability: warning: `syz.4.558' uses deprecated v2 capabilities in a way that may be insecure [ 153.209512][ T8506] bcachefs (loop0): initializing freespace [ 153.214930][ T8506] bcachefs (loop0): done initializing freespace [ 153.229001][ T8524] netlink: 24 bytes leftover after parsing attributes in process `syz.1.562'. [ 153.229241][ T8506] bcachefs (loop0): reading snapshots table [ 153.229310][ T8506] bcachefs (loop0): reading snapshots done [ 153.264284][ T8506] bcachefs (loop0): done starting filesystem [ 155.146103][ T6470] bcachefs (loop0): shutting down [ 155.148859][ T6470] bcachefs (loop0): going read-only [ 155.150898][ T6470] bcachefs (loop0): finished waiting for writes to stop [ 155.406887][ T6470] bcachefs (loop0): flushing journal and stopping allocators, journal seq 5 [ 155.494155][ T6470] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 5 [ 155.499329][ T6470] bcachefs (loop0): clean shutdown complete, journal seq 6 [ 155.538974][ T6470] bcachefs (loop0): marking filesystem clean [ 155.700701][ T6470] bcachefs (loop0): shutdown complete [ 155.728338][ T8571] netlink: 'syz.1.578': attribute type 3 has an invalid length. [ 156.745218][ T8569] capability: warning: `syz.3.577' uses 32-bit capabilities (legacy support in use) [ 156.933950][ T8593] fuse: Bad value for 'fd' [ 158.627439][ T8619] netlink: 'syz.4.594': attribute type 3 has an invalid length. [ 159.476682][ T8626] 9pnet_fd: Insufficient options for proto=fd [ 159.786525][ T6480] Bluetooth: hci2: command 0x0406 tx timeout [ 159.786608][ T6480] Bluetooth: hci0: command 0x0406 tx timeout [ 159.787176][ T6480] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 159.787293][ T6480] Bluetooth: hci2: Injecting HCI hardware error event [ 160.061752][ T8625] tipc: Started in network mode [ 160.061833][ T8625] tipc: Node identity 2, cluster identity 4711 [ 160.061871][ T8625] tipc: Node number set to 2 [ 160.081277][ T6472] Bluetooth: hci2: hardware error 0x00 [ 160.741780][ T8646] fuse: Bad value for 'fd' [ 162.436662][ T6472] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 162.936969][ T8663] fuse: Bad value for 'fd' [ 163.451894][ T6475] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 163.452086][ T6475] Bluetooth: hci3: Injecting HCI hardware error event [ 163.452863][ T6475] Bluetooth: hci3: hardware error 0x00 [ 164.245263][ T8692] fuse: Bad value for 'fd' [ 164.766844][ T8695] 9pnet_fd: Insufficient options for proto=fd [ 164.948442][ T8686] netlink: 'syz.4.617': attribute type 3 has an invalid length. [ 164.953190][ T6472] Bluetooth: hci3: unexpected event for opcode 0x2042 [ 165.456589][ T6475] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 165.574273][ T31] kauditd_printk_skb: 24 callbacks suppressed [ 165.576182][ T31] audit: type=1326 audit(165.230:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8688 comm="syz.1.618" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 165.582256][ T31] audit: type=1326 audit(165.230:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8688 comm="syz.1.618" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 165.588504][ T31] audit: type=1326 audit(165.230:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8688 comm="syz.1.618" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 165.594534][ T31] audit: type=1326 audit(165.230:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8688 comm="syz.1.618" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 165.600995][ T31] audit: type=1326 audit(165.230:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8688 comm="syz.1.618" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 165.607207][ T31] audit: type=1326 audit(165.230:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8688 comm="syz.1.618" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 165.613591][ T31] audit: type=1326 audit(165.230:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8688 comm="syz.1.618" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 165.902249][ T8707] fuse: Bad value for 'fd' [ 166.504565][ T31] audit: type=1326 audit(165.230:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8688 comm="syz.1.618" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 166.504659][ T31] audit: type=1326 audit(165.230:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8688 comm="syz.1.618" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=277 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 166.504711][ T31] audit: type=1326 audit(165.230:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8688 comm="syz.1.618" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 166.773086][ T8713] loop0: detected capacity change from 0 to 512 [ 166.776132][ T8713] EXT4-fs: Ignoring removed nomblk_io_submit option [ 166.776272][ T8713] EXT4-fs: Ignoring removed nobh option [ 166.776458][ T8713] EXT4-fs: Ignoring removed nobh option [ 166.777446][ T8713] EXT4-fs: Conflicting test_dummy_encryption options [ 167.343823][ T9] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 167.363251][ T9] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 167.424547][ T8723] netlink: 12 bytes leftover after parsing attributes in process `syz.2.629'. [ 168.551545][ T8739] fuse: Bad value for 'fd' [ 170.735212][ T8742] loop0: detected capacity change from 0 to 40427 [ 170.824992][ T8742] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 170.845021][ T8742] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 170.891251][ T8764] netlink: 12 bytes leftover after parsing attributes in process `syz.2.642'. [ 171.499778][ T8742] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 171.501923][ T8742] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 171.611880][ T6481] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 171.657077][ T6481] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 172.661751][ T8790] netlink: 32 bytes leftover after parsing attributes in process `syz.3.651'. [ 172.664474][ T8790] netem: invalid attributes len -8 [ 172.667091][ T8790] netem: change failed [ 172.867396][ T8794] netlink: 12 bytes leftover after parsing attributes in process `syz.2.653'. [ 174.216196][ T8811] netlink: 32 bytes leftover after parsing attributes in process `syz.2.658'. [ 174.216298][ T8811] netem: invalid attributes len -8 [ 174.216316][ T8811] netem: change failed [ 174.226800][ T8809] netlink: 'syz.3.657': attribute type 3 has an invalid length. [ 175.670913][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz.4.664'. [ 175.763219][ T8837] netlink: 32 bytes leftover after parsing attributes in process `syz.4.666'. [ 175.766053][ T8837] netem: invalid attributes len -8 [ 175.784006][ T8837] netem: change failed [ 175.847537][ T8839] loop0: detected capacity change from 0 to 64 [ 177.596669][ T8854] netlink: 'syz.2.673': attribute type 3 has an invalid length. [ 177.703980][ T8863] netlink: 4 bytes leftover after parsing attributes in process `syz.2.676'. [ 178.578760][ T6475] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 178.578963][ T6475] Bluetooth: hci4: Injecting HCI hardware error event [ 178.672575][ T6475] Bluetooth: hci4: hardware error 0x00 [ 178.924801][ T8848] loop0: detected capacity change from 0 to 32768 [ 178.983439][ T8848] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 179.988652][ T8848] XFS (loop0): Ending clean mount [ 180.001369][ T8848] XFS (loop0): Quotacheck needed: Please wait. [ 180.027044][ T8848] XFS (loop0): Quotacheck: Done. [ 180.123783][ T6470] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 180.231955][ T8905] netlink: 4 bytes leftover after parsing attributes in process `syz.2.687'. [ 180.515590][ T8914] fuse: Bad value for 'fd' [ 180.896593][ T6475] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 181.147272][ T8918] netlink: 32 bytes leftover after parsing attributes in process `syz.1.690'. [ 181.147375][ T8918] netem: invalid attributes len -8 [ 181.147393][ T8918] netem: change failed [ 182.499477][ T6475] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 182.500184][ T6475] Bluetooth: hci1: Injecting HCI hardware error event [ 182.501370][ T6475] Bluetooth: hci1: hardware error 0x00 [ 183.249572][ T31] kauditd_printk_skb: 27 callbacks suppressed [ 183.249653][ T31] audit: type=1326 audit(182.990:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.1.696" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 183.249851][ T31] audit: type=1326 audit(182.990:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.1.696" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 183.250027][ T31] audit: type=1326 audit(182.990:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.1.696" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 183.250162][ T31] audit: type=1326 audit(182.990:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.1.696" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 183.250298][ T31] audit: type=1326 audit(182.990:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.1.696" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 183.250459][ T31] audit: type=1326 audit(182.990:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.1.696" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 183.250555][ T31] audit: type=1326 audit(182.990:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.1.696" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 183.250712][ T31] audit: type=1326 audit(182.990:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.1.696" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 183.250873][ T31] audit: type=1326 audit(182.990:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.1.696" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=277 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 183.251060][ T31] audit: type=1326 audit(182.990:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.1.696" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7f5b728 code=0x7ffc0000 [ 183.706596][ T8949] netlink: 4 bytes leftover after parsing attributes in process `syz.3.699'. [ 184.222556][ T8967] 9pnet_fd: Insufficient options for proto=fd [ 184.542264][ T6461] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 184.576792][ T6475] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 184.647731][ T6461] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz1] on syz0 [ 185.040553][ T8975] loop0: detected capacity change from 0 to 64 [ 186.545043][ T8984] loop0: detected capacity change from 0 to 32768 [ 187.628021][ T2382] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.628102][ T2382] ieee802154 phy1 wpan1: encryption failed: -22 [ 187.824613][ T9013] 9pnet_fd: Insufficient options for proto=fd [ 188.984724][ T9019] netlink: 32 bytes leftover after parsing attributes in process `syz.0.722'. [ 188.989142][ T9019] netem: invalid attributes len -8 [ 188.990892][ T9019] netem: change failed [ 189.192945][ T9023] netlink: 16 bytes leftover after parsing attributes in process `syz.1.720'. [ 189.718012][ T9019] loop0: detected capacity change from 0 to 131072 [ 189.750052][ T9037] netlink: 32 bytes leftover after parsing attributes in process `syz.4.728'. [ 189.752727][ T9037] netem: invalid attributes len -8 [ 189.769885][ T9037] netem: change failed [ 189.788672][ T9019] F2FS-fs (loop0): Mounted with checkpoint version = 1b41e955 [ 191.066644][ T9055] 9pnet_fd: Insufficient options for proto=fd [ 193.437271][ T31] kauditd_printk_skb: 10 callbacks suppressed [ 193.437362][ T31] audit: type=1326 audit(193.120:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9081 comm="syz.3.741" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb695b728 code=0x7ffc0000 [ 193.437594][ T31] audit: type=1326 audit(193.120:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9081 comm="syz.3.741" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb695b728 code=0x7ffc0000 [ 193.437753][ T31] audit: type=1326 audit(193.120:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9081 comm="syz.3.741" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffffb695b728 code=0x7ffc0000 [ 193.437933][ T31] audit: type=1326 audit(193.120:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9081 comm="syz.3.741" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb695b728 code=0x7ffc0000 [ 193.438151][ T31] audit: type=1326 audit(193.120:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9081 comm="syz.3.741" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb695b728 code=0x7ffc0000 [ 193.438316][ T31] audit: type=1326 audit(193.120:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9081 comm="syz.3.741" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffb695b728 code=0x7ffc0000 [ 193.438472][ T31] audit: type=1326 audit(193.120:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9081 comm="syz.3.741" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb695b728 code=0x7ffc0000 [ 193.438648][ T31] audit: type=1326 audit(193.120:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9081 comm="syz.3.741" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb695b728 code=0x7ffc0000 [ 193.438783][ T31] audit: type=1326 audit(193.120:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9081 comm="syz.3.741" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=277 compat=0 ip=0xffffb695b728 code=0x7ffc0000 [ 193.438951][ T31] audit: type=1326 audit(193.120:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9081 comm="syz.3.741" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb695b728 code=0x7ffc0000 [ 193.976297][ T9076] loop0: detected capacity change from 0 to 32768 [ 194.058896][ T9076] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 194.154021][ T9076] XFS (loop0): Ending clean mount [ 194.158623][ T9076] XFS (loop0): Quotacheck needed: Please wait. [ 194.219569][ T9076] XFS (loop0): Quotacheck: Done. [ 194.364470][ T6470] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 222.249092][ T6475] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 222.256312][ T9113] netlink: 'syz.1.745': attribute type 3 has an invalid length. [ 222.480896][ T9126] netlink: 16 bytes leftover after parsing attributes in process `syz.0.750'. [ 222.650448][ T9129] fuse: Bad value for 'fd' [ 223.108285][ T9132] 9pnet_fd: Insufficient options for proto=fd [ 223.667280][ T9133] netlink: 32 bytes leftover after parsing attributes in process `syz.2.753'. [ 223.669342][ T9133] netem: invalid attributes len -8 [ 223.669412][ T9133] netem: change failed [ 224.270852][ T9142] loop0: detected capacity change from 0 to 256 [ 224.271303][ T9142] exfat: Deprecated parameter 'utf8' [ 224.580409][ T9142] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 225.869723][ T9169] 9pnet_fd: Insufficient options for proto=fd [ 226.482130][ T9171] fuse: Bad value for 'fd' [ 227.395513][ T9173] netlink: 32 bytes leftover after parsing attributes in process `syz.3.767'. [ 227.395652][ T9173] netem: invalid attributes len -8 [ 227.395677][ T9173] netem: change failed [ 228.851888][ T9197] loop0: detected capacity change from 0 to 256 [ 228.854304][ T9197] exfat: Deprecated parameter 'utf8' [ 228.997376][ T9197] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 229.833072][ T9206] 9pnet_fd: Insufficient options for proto=fd [ 231.099892][ T9217] netlink: 32 bytes leftover after parsing attributes in process `syz.3.782'. [ 231.102834][ T9217] netem: invalid attributes len -8 [ 231.104826][ T9217] netem: change failed [ 232.405354][ T9237] netlink: 16 bytes leftover after parsing attributes in process `syz.1.788'. [ 232.977916][ T6475] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 233.074569][ T9245] loop0: detected capacity change from 0 to 256 [ 233.075022][ T9245] vfat: Bad value for 'dmask' [ 233.082215][ T9245] loop0: detected capacity change from 0 to 8 [ 233.091662][ T6475] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 233.148178][ T9243] netlink: 'syz.1.790': attribute type 3 has an invalid length. [ 233.161374][ T9245] SQUASHFS error: lzo decompression failed, data probably corrupt [ 233.161448][ T9245] SQUASHFS error: Failed to read block 0x91: -5 [ 233.161473][ T9245] SQUASHFS error: Unable to read metadata cache entry [8f] [ 233.161492][ T9245] SQUASHFS error: Unable to read inode 0x11f [ 233.544162][ T9256] 9pnet_fd: Insufficient options for proto=fd [ 234.460192][ T9255] loop0: detected capacity change from 0 to 32768 [ 234.970842][ T9280] netlink: 16 bytes leftover after parsing attributes in process `syz.2.800'. [ 237.226670][ T9306] 9pnet_fd: Insufficient options for proto=fd [ 238.095346][ T9311] netlink: 'syz.3.810': attribute type 3 has an invalid length. [ 239.876689][ T9347] 9pnet_fd: Insufficient options for proto=fd [ 240.356994][ T9352] netlink: 'syz.3.824': attribute type 3 has an invalid length. [ 241.507764][ T9358] loop0: detected capacity change from 0 to 32768 [ 241.579020][ T9358] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 242.318220][ T9358] XFS (loop0): Ending clean mount [ 242.487444][ T9358] XFS (loop0): Quotacheck needed: Please wait. [ 242.523929][ T9358] XFS (loop0): Quotacheck: Done. [ 243.182392][ T6470] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 243.406164][ T9404] loop0: detected capacity change from 0 to 512 [ 243.410092][ T9404] EXT4-fs (loop0): Test dummy encryption mode enabled [ 243.410151][ T9404] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 243.412424][ T9404] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 243.426288][ T9404] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00cc018, mo2=0002] [ 243.426375][ T9404] System zones: 1-12 [ 243.507078][ T9404] EXT4-fs (loop0): 1 truncate cleaned up [ 243.507975][ T9404] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 243.518691][ T9404] fscrypt: AES-256-XTS using implementation "xts-aes-ce" [ 243.547169][ T9404] netlink: 'syz.0.838': attribute type 3 has an invalid length. [ 243.615370][ T6470] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 243.847060][ T9418] loop0: detected capacity change from 0 to 64 [ 246.228445][ T9434] loop0: detected capacity change from 0 to 32768 [ 247.244049][ T9434] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 247.270396][ T9455] netlink: 'syz.3.853': attribute type 3 has an invalid length. [ 247.389664][ T9434] XFS (loop0): Ending clean mount [ 247.394429][ T9434] XFS (loop0): Quotacheck needed: Please wait. [ 247.451539][ T9434] XFS (loop0): Quotacheck: Done. [ 247.627708][ T6475] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 247.628449][ T6475] Bluetooth: hci0: Injecting HCI hardware error event [ 247.631135][ T6475] Bluetooth: hci0: hardware error 0x00 [ 248.129308][ T6470] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 249.061027][ T2382] ieee802154 phy0 wpan0: encryption failed: -22 [ 249.061128][ T2382] ieee802154 phy1 wpan1: encryption failed: -22 [ 249.212380][ T31] kauditd_printk_skb: 10 callbacks suppressed [ 249.219297][ T31] audit: type=1326 audit(248.880:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9484 comm="syz.2.862" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 249.225549][ T31] audit: type=1326 audit(248.880:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9484 comm="syz.2.862" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 249.239559][ T31] audit: type=1326 audit(248.880:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9484 comm="syz.2.862" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 249.249641][ T31] audit: type=1326 audit(248.880:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9484 comm="syz.2.862" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 249.256354][ T31] audit: type=1326 audit(248.880:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9484 comm="syz.2.862" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 249.262809][ T31] audit: type=1326 audit(248.880:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9484 comm="syz.2.862" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=277 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 249.269905][ T31] audit: type=1326 audit(248.880:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9484 comm="syz.2.862" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 249.276247][ T31] audit: type=1326 audit(248.880:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9484 comm="syz.2.862" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 249.282849][ T31] audit: type=1326 audit(248.880:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9484 comm="syz.2.862" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 249.290287][ T31] audit: type=1326 audit(248.890:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9484 comm="syz.2.862" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8695b728 code=0x7ffc0000 [ 249.696708][ T6475] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 250.525472][ T9502] netlink: 'syz.3.867': attribute type 3 has an invalid length. [ 250.635325][ T9496] loop0: detected capacity change from 0 to 32768 [ 252.622450][ T9534] netlink: 'syz.3.879': attribute type 3 has an invalid length. [ 253.317849][ T9544] loop0: detected capacity change from 0 to 256 [ 253.334827][ T9544] exfat: Deprecated parameter 'utf8' [ 253.432383][ T9544] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 255.565056][ T9552] loop0: detected capacity change from 0 to 40427 [ 255.568703][ T9552] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 255.571512][ T9552] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 255.582280][ T9552] F2FS-fs (loop0): invalid crc value [ 256.193623][ T9552] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 256.195926][ T9552] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 256.348297][ T9575] netlink: 'syz.4.890': attribute type 3 has an invalid length. [ 256.771133][ T31] kauditd_printk_skb: 30 callbacks suppressed [ 256.777435][ T31] audit: type=1326 audit(256.490:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9577 comm="syz.4.891" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9135b728 code=0x7ffc0000 [ 256.783958][ T31] audit: type=1326 audit(256.490:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9577 comm="syz.4.891" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9135b728 code=0x7ffc0000 [ 256.796731][ T31] audit: type=1326 audit(256.500:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9577 comm="syz.4.891" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffff9135b728 code=0x7ffc0000 [ 256.796945][ T31] audit: type=1326 audit(256.500:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9577 comm="syz.4.891" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9135b728 code=0x7ffc0000 [ 256.797109][ T31] audit: type=1326 audit(256.500:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9577 comm="syz.4.891" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9135b728 code=0x7ffc0000 [ 256.803258][ T31] audit: type=1326 audit(256.500:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9577 comm="syz.4.891" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=277 compat=0 ip=0xffff9135b728 code=0x7ffc0000 [ 256.803459][ T31] audit: type=1326 audit(256.500:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9577 comm="syz.4.891" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9135b728 code=0x7ffc0000 [ 256.803598][ T31] audit: type=1326 audit(256.500:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9577 comm="syz.4.891" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9135b728 code=0x7ffc0000 [ 256.803711][ T31] audit: type=1326 audit(256.500:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9577 comm="syz.4.891" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff9135b728 code=0x7ffc0000 [ 256.810411][ T31] audit: type=1326 audit(256.500:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9577 comm="syz.4.891" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9135b728 code=0x7ffc0000 [ 258.814706][ T9614] netlink: 16 bytes leftover after parsing attributes in process `syz.1.899'. [ 258.879041][ T9611] loop0: detected capacity change from 0 to 64 [ 259.197164][ T24] libceph: connect (1)[c::]:6789 error -101 [ 259.197562][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 259.291331][ T9621] netlink: 'syz.1.903': attribute type 3 has an invalid length. [ 259.348915][ T9623] netlink: 32 bytes leftover after parsing attributes in process `syz.1.905'. [ 259.349016][ T9623] netem: invalid attributes len -8 [ 259.349063][ T9623] netem: change failed [ 259.384466][ T9616] ceph: No mds server is up or the cluster is laggy [ 259.467964][ T6481] libceph: connect (1)[c::]:6789 error -101 [ 259.468103][ T6481] libceph: mon0 (1)[c::]:6789 connect error [ 260.259394][ T24] libceph: connect (1)[c::]:6789 error -101 [ 260.259535][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 260.653563][ T9625] loop0: detected capacity change from 0 to 32768 [ 260.687765][ T9625] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 260.749672][ T9625] XFS (loop0): Ending clean mount [ 260.751386][ T9625] XFS (loop0): Quotacheck needed: Please wait. [ 260.795197][ T9625] XFS (loop0): Quotacheck: Done. [ 260.836617][ T6470] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 261.082388][ T9657] netlink: 16 bytes leftover after parsing attributes in process `syz.3.913'. [ 261.192765][ T9660] loop0: detected capacity change from 0 to 1024 [ 261.193251][ T9660] EXT4-fs: Ignoring removed mblk_io_submit option [ 261.216119][ T9660] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=2040c018, mo2=0002] [ 261.283471][ T9660] System zones: 0-1, 3-12 [ 261.289956][ T9660] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 261.578442][ T9668] netlink: 'syz.1.915': attribute type 3 has an invalid length. [ 262.223902][ T6470] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 262.346702][ T9681] netlink: 32 bytes leftover after parsing attributes in process `syz.3.919'. [ 262.349373][ T9681] netem: invalid attributes len -8 [ 262.350972][ T9681] netem: change failed [ 263.193175][ T9688] 9pnet_fd: Insufficient options for proto=fd [ 264.736358][ T9704] loop0: detected capacity change from 0 to 512 [ 264.745862][ T9704] EXT4-fs (loop0): Test dummy encryption mode enabled [ 264.745940][ T9704] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 264.762359][ T9704] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00cc018, mo2=0002] [ 264.762455][ T9704] System zones: 1-12 [ 264.762871][ T9704] EXT4-fs (loop0): 1 truncate cleaned up [ 264.763695][ T9704] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 264.800796][ T9704] netlink: 'syz.0.926': attribute type 3 has an invalid length. [ 264.816322][ T6470] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 265.019870][ T6481] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 265.029836][ T6481] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz1] on syz0 [ 265.040990][ T9712] netlink: 16 bytes leftover after parsing attributes in process `syz.4.928'. [ 265.220137][ T9716] loop0: detected capacity change from 0 to 1024 [ 265.231598][ T9716] hfsplus: Unknown parameter ' [ 265.231598][ T9716] ' [ 266.206464][ T31] kauditd_printk_skb: 10 callbacks suppressed [ 266.206534][ T31] audit: type=1326 audit(265.370:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9715 comm="syz.0.930" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa895b728 code=0x7ffc0000 [ 266.206578][ T31] audit: type=1326 audit(265.370:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9715 comm="syz.0.930" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa895b728 code=0x7ffc0000 [ 266.206617][ T31] audit: type=1326 audit(265.400:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9715 comm="syz.0.930" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffffa895b728 code=0x7ffc0000 [ 266.206655][ T31] audit: type=1326 audit(265.410:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9715 comm="syz.0.930" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa895b728 code=0x7ffc0000 [ 266.206692][ T31] audit: type=1326 audit(265.410:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9715 comm="syz.0.930" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa895b728 code=0x7ffc0000 [ 266.206728][ T31] audit: type=1326 audit(265.420:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9715 comm="syz.0.930" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffa895b728 code=0x7ffc0000 [ 266.206766][ T31] audit: type=1326 audit(265.430:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9715 comm="syz.0.930" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa895b728 code=0x7ffc0000 [ 266.206803][ T31] audit: type=1326 audit(265.430:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9715 comm="syz.0.930" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa895b728 code=0x7ffc0000 [ 266.206847][ T31] audit: type=1326 audit(265.460:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9715 comm="syz.0.930" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=277 compat=0 ip=0xffffa895b728 code=0x7ffc0000 [ 266.206884][ T31] audit: type=1326 audit(265.470:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9715 comm="syz.0.930" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa895b728 code=0x7ffc0000 [ 266.379110][ T9728] netlink: 32 bytes leftover after parsing attributes in process `syz.3.932'. [ 266.379199][ T9728] netem: invalid attributes len -8 [ 266.379235][ T9728] netem: change failed [ 268.866864][ T9749] fuse: Bad value for 'fd' [ 269.536997][ T9732] loop0: detected capacity change from 0 to 40427 [ 269.537760][ T9732] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 269.538156][ T9732] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 269.539625][ T9732] F2FS-fs (loop0): invalid crc value [ 269.677100][ T9732] F2FS-fs (loop0): Failed to start F2FS issue_checkpoint_thread (-4) [ 270.740232][ T9773] loop0: detected capacity change from 0 to 4096 [ 270.751838][ T9772] netlink: 16 bytes leftover after parsing attributes in process `syz.4.944'. [ 270.858070][ T9780] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 270.928944][ T9782] netlink: 24 bytes leftover after parsing attributes in process `syz.0.946'. [ 273.025406][ T9803] netlink: 'syz.4.955': attribute type 3 has an invalid length. [ 274.323075][ T9822] netlink: 16 bytes leftover after parsing attributes in process `syz.0.962'. [ 274.700943][ T9828] 9pnet_fd: Insufficient options for proto=fd [ 275.179995][ T9822] loop0: detected capacity change from 0 to 32768 [ 275.194633][ T9822] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.962 (9822) [ 275.202666][ T9822] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 275.202766][ T9822] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 275.202808][ T9822] BTRFS info (device loop0): using free-space-tree [ 275.508895][ T9822] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 276.261254][ T9857] fuse: Bad value for 'fd' [ 277.144872][ T9866] netlink: 32 bytes leftover after parsing attributes in process `syz.2.971'. [ 277.144968][ T9866] netem: invalid attributes len -8 [ 277.145016][ T9866] netem: change failed [ 278.196722][ T9886] IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id = 0 [ 278.771783][ T9890] loop0: detected capacity change from 0 to 32768 [ 278.782917][ T9902] netlink: 16 bytes leftover after parsing attributes in process `syz.4.983'. [ 278.978889][ T9890] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 279.048595][ T9890] XFS (loop0): Ending clean mount [ 279.053441][ T9890] XFS (loop0): Quotacheck needed: Please wait. [ 279.080917][ T9890] XFS (loop0): Quotacheck: Done. [ 279.239346][ T6470] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 280.533868][ T9934] loop0: detected capacity change from 0 to 512 [ 280.537262][ T9934] EXT4-fs: Ignoring removed nomblk_io_submit option [ 280.537386][ T9934] EXT4-fs: Ignoring removed nobh option [ 280.537471][ T9934] EXT4-fs: Ignoring removed nobh option [ 280.538276][ T9934] EXT4-fs: Conflicting test_dummy_encryption options [ 281.107980][ T9938] loop0: detected capacity change from 0 to 1024 [ 281.108492][ T9938] hfsplus: Unknown parameter ' [ 281.108492][ T9938] ' [ 282.134560][ T31] kauditd_printk_skb: 10 callbacks suppressed [ 282.134642][ T31] audit: type=1326 audit(281.240:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9937 comm="syz.0.994" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa895b728 code=0x7ffc0000 [ 282.134687][ T31] audit: type=1326 audit(281.240:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9937 comm="syz.0.994" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa895b728 code=0x7ffc0000 [ 282.134725][ T31] audit: type=1326 audit(281.250:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9937 comm="syz.0.994" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffa895b728 code=0x7ffc0000 [ 282.134763][ T31] audit: type=1326 audit(281.250:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9937 comm="syz.0.994" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa895b728 code=0x7ffc0000 [ 282.134802][ T31] audit: type=1326 audit(281.250:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9937 comm="syz.0.994" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa895b728 code=0x7ffc0000 [ 282.134850][ T31] audit: type=1326 audit(281.260:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9937 comm="syz.0.994" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=277 compat=0 ip=0xffffa895b728 code=0x7ffc0000 [ 282.134888][ T31] audit: type=1326 audit(281.260:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9937 comm="syz.0.994" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa895b728 code=0x7ffc0000 [ 282.134933][ T31] audit: type=1326 audit(281.260:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9937 comm="syz.0.994" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa895b728 code=0x7ffc0000 [ 282.134971][ T31] audit: type=1326 audit(281.270:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9937 comm="syz.0.994" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffa895b728 code=0x7ffc0000 [ 282.414570][ T31] audit: type=1326 audit(282.150:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9937 comm="syz.0.994" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa895b728 code=0x7ffc0000 [ 282.884102][ T9976] netlink: 260 bytes leftover after parsing attributes in process `syz.0.1009'. [ 282.947451][ T9977] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 283.434043][T10038] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1038'. [ 283.502350][T10047] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1040'. [ 283.525471][T10051] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1044'. [ 284.178383][T10103] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1061'. [ 284.548506][T10133] syz_tun: entered allmulticast mode [ 284.553562][T10132] syz_tun: left allmulticast mode [ 284.694948][T10146] bond0: entered promiscuous mode [ 284.695024][T10146] bond_slave_0: entered promiscuous mode [ 284.695195][T10146] bond_slave_1: entered promiscuous mode [ 284.696884][T10146] batadv0: entered promiscuous mode [ 284.698541][T10146] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 284.698575][T10146] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network [ 284.698868][T10146] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 284.707091][T10146] bond0: left promiscuous mode [ 284.707127][T10146] bond_slave_0: left promiscuous mode [ 284.707296][T10146] bond_slave_1: left promiscuous mode [ 284.712943][T10146] batadv0: left promiscuous mode [ 284.957131][T10144] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1081'. [ 285.084952][T10175] netlink: 'syz.1.1089': attribute type 10 has an invalid length. [ 285.148133][T10175] 8021q: adding VLAN 0 to HW filter on device team0 [ 285.151923][T10175] bond0: (slave team0): Enslaving as an active interface with an up link [ 285.391059][T10206] netlink: 'syz.3.1098': attribute type 18 has an invalid length. [ 285.394194][T10206] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 285.394287][T10206] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 285.394323][T10206] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 285.394356][T10206] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 285.505383][T10216] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1104'. [ 285.603477][T10221] veth0_vlan: left allmulticast mode [ 285.864538][T10255] bridge1: entered promiscuous mode [ 285.864606][T10255] bridge1: entered allmulticast mode [ 285.912529][T10259] netlink: 'syz.1.1120': attribute type 3 has an invalid length. [ 285.916232][T10253] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1115'. [ 286.123704][T10261] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1119'. [ 286.875868][T10277] [ 286.876606][T10277] ====================================================== [ 286.878393][T10277] WARNING: possible circular locking dependency detected [ 286.880072][T10277] 6.15.0-rc2-syzkaller-gc72692105976 #0 Not tainted [ 286.881695][T10277] ------------------------------------------------------ [ 286.883481][T10277] syz.3.1122/10277 is trying to acquire lock: [ 286.885107][T10277] ffff0000d3328aa8 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_switch_to_fallback+0x48/0xa7c [ 286.887948][T10277] [ 286.887948][T10277] but task is already holding lock: [ 286.889870][T10277] ffff0000d3328258 (sk_lock-AF_INET){+.+.}-{0:0}, at: smc_sendmsg+0x60/0x9f8 [ 286.892165][T10277] [ 286.892165][T10277] which lock already depends on the new lock. [ 286.892165][T10277] [ 286.894818][T10277] [ 286.894818][T10277] the existing dependency chain (in reverse order) is: [ 286.897063][T10277] [ 286.897063][T10277] -> #2 (sk_lock-AF_INET){+.+.}-{0:0}: [ 286.899045][T10277] sockopt_lock_sock+0x88/0x148 [ 286.900388][T10277] do_ip_setsockopt+0x138c/0x32c0 [ 286.901813][T10277] ip_setsockopt+0x80/0x128 [ 286.903098][T10277] tcp_setsockopt+0xcc/0xe8 [ 286.904403][T10277] sock_common_setsockopt+0xb0/0xcc [ 286.905944][T10277] do_sock_setsockopt+0x2a0/0x4e0 [ 286.907386][T10277] __arm64_sys_setsockopt+0x170/0x1e0 [ 286.908967][T10277] invoke_syscall+0x98/0x2b8 [ 286.910317][T10277] el0_svc_common+0x130/0x23c [ 286.911712][T10277] do_el0_svc+0x48/0x58 [ 286.912934][T10277] el0_svc+0x54/0x168 [ 286.914256][T10277] el0t_64_sync_handler+0x84/0x108 [ 286.915769][T10277] el0t_64_sync+0x198/0x19c [ 286.917056][T10277] [ 286.917056][T10277] -> #1 (rtnl_mutex){+.+.}-{4:4}: [ 286.919021][T10277] __mutex_lock_common+0x1f0/0x2604 [ 286.920530][T10277] mutex_lock_nested+0x2c/0x38 [ 286.922046][T10277] rtnl_lock+0x20/0x2c [ 286.923251][T10277] do_ip_setsockopt+0xd5c/0x32c0 [ 286.924579][T10277] ip_setsockopt+0x80/0x128 [ 286.925921][T10277] tcp_setsockopt+0xcc/0xe8 [ 286.927344][T10277] sock_common_setsockopt+0xb0/0xcc [ 286.928907][T10277] smc_setsockopt+0x1f8/0xd0c [ 286.930354][T10277] do_sock_setsockopt+0x2a0/0x4e0 [ 286.931845][T10277] __arm64_sys_setsockopt+0x170/0x1e0 [ 286.933341][T10277] invoke_syscall+0x98/0x2b8 [ 286.934606][T10277] el0_svc_common+0x130/0x23c [ 286.935997][T10277] do_el0_svc+0x48/0x58 [ 286.937273][T10277] el0_svc+0x54/0x168 [ 286.938438][T10277] el0t_64_sync_handler+0x84/0x108 [ 286.939843][T10277] el0t_64_sync+0x198/0x19c [ 286.941153][T10277] [ 286.941153][T10277] -> #0 (&smc->clcsock_release_lock){+.+.}-{4:4}: [ 286.943379][T10277] __lock_acquire+0x17b8/0x32c4 [ 286.944795][T10277] lock_acquire+0x150/0x2e8 [ 286.946189][T10277] __mutex_lock_common+0x1f0/0x2604 [ 286.947651][T10277] mutex_lock_nested+0x2c/0x38 [ 286.949038][T10277] smc_switch_to_fallback+0x48/0xa7c [ 286.950395][T10277] smc_sendmsg+0xfc/0x9f8 [ 286.951340][T10277] __sys_sendto+0x360/0x4d8 [ 286.952681][T10277] __arm64_sys_sendto+0xd8/0xf8 [ 286.954143][T10277] invoke_syscall+0x98/0x2b8 [ 286.955464][T10277] el0_svc_common+0x130/0x23c [ 286.956831][T10277] do_el0_svc+0x48/0x58 [ 286.958010][T10277] el0_svc+0x54/0x168 [ 286.959233][T10277] el0t_64_sync_handler+0x84/0x108 [ 286.960714][T10277] el0t_64_sync+0x198/0x19c [ 286.962038][T10277] [ 286.962038][T10277] other info that might help us debug this: [ 286.962038][T10277] [ 286.964637][T10277] Chain exists of: [ 286.964637][T10277] &smc->clcsock_release_lock --> rtnl_mutex --> sk_lock-AF_INET [ 286.964637][T10277] [ 286.968113][T10277] Possible unsafe locking scenario: [ 286.968113][T10277] [ 286.969972][T10277] CPU0 CPU1 [ 286.971345][T10277] ---- ---- [ 286.972751][T10277] lock(sk_lock-AF_INET); [ 286.973980][T10277] lock(rtnl_mutex); [ 286.975753][T10277] lock(sk_lock-AF_INET); [ 286.977593][T10277] lock(&smc->clcsock_release_lock); [ 286.979034][T10277] [ 286.979034][T10277] *** DEADLOCK *** [ 286.979034][T10277] [ 286.981181][T10277] 1 lock held by syz.3.1122/10277: [ 286.982534][T10277] #0: ffff0000d3328258 (sk_lock-AF_INET){+.+.}-{0:0}, at: smc_sendmsg+0x60/0x9f8 [ 286.984956][T10277] [ 286.984956][T10277] stack backtrace: [ 286.986435][T10277] CPU: 0 UID: 0 PID: 10277 Comm: syz.3.1122 Not tainted 6.15.0-rc2-syzkaller-gc72692105976 #0 PREEMPT [ 286.989371][T10277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 286.991841][T10277] Call trace: [ 286.992686][T10277] show_stack+0x2c/0x3c (C) [ 286.993954][T10277] dump_stack_lvl+0xe4/0x150 [ 286.995163][T10277] dump_stack+0x1c/0x1028 [ 286.996335][T10277] print_circular_bug+0x32c/0x334 [ 286.997595][T10277] check_noncircular+0x15c/0x178 [ 286.998854][T10277] __lock_acquire+0x17b8/0x32c4 [ 287.000174][T10277] lock_acquire+0x150/0x2e8 [ 287.001291][T10277] __mutex_lock_common+0x1f0/0x2604 [ 287.002651][T10277] mutex_lock_nested+0x2c/0x38 [ 287.003882][T10277] smc_switch_to_fallback+0x48/0xa7c [ 287.005366][T10277] smc_sendmsg+0xfc/0x9f8 [ 287.006546][T10277] __sys_sendto+0x360/0x4d8 [ 287.007771][T10277] __arm64_sys_sendto+0xd8/0xf8 [ 287.008993][T10277] invoke_syscall+0x98/0x2b8 [ 287.010186][T10277] el0_svc_common+0x130/0x23c [ 287.011364][T10277] do_el0_svc+0x48/0x58 [ 287.012430][T10277] el0_svc+0x54/0x168 [ 287.013557][T10277] el0t_64_sync_handler+0x84/0x108 [ 287.014930][T10277] el0t_64_sync+0x198/0x19c