last executing test programs: 5.592982622s ago: executing program 1 (id=4193): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0xffffffffffffff34, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) r4 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local}, 0xc) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0x9}}}, 0x24}}, 0x0) 4.793180446s ago: executing program 1 (id=4200): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2010008, &(0x7f00000001c0), 0xff, 0x53b, &(0x7f0000000b80)="$eJzs3cFvHFcZAPBvNl7HSZzaBQ5QqaWiRUkF2Y1r2locSpEQnCohyj0Ye2NZWXste93GVgXrvwAJIUDiBBcuSPwBSCgSF44IKRKcQSoCIUhBggN00OzO2mY9a2/SjTde/37SZN6b2Znvexu/2Zmdp9kAzq3nI+KNiPggTdOXImImX17Kp2h1pux17z94dymbkkjTt/6WRJIv6+4ryedX8s2mIuJrX4n4ZnI07tbO7p3Fer22mderzbWN6tbO7o3VtcWV2kptfX5+7tWF1xZeWbg5lHZejYjXv/Sn73/np19+/ZeffeePt/5y/VtZWtP5+sPteEgTx63sNL18capng81HDPYkytpT7lYuDbbN3mPMBwCA/rJz/I9ExKci4qWYiQvHn84CAAAAZ1D6hen4TxKRFpvssxwAAAA4Q0rtMbBJqZKPBZiOUqlS6Yzh/VhcLtUbW83P3G5sry93xsrORrl0e7Veu5mPFZ6NcpLV59rlg/rLPfX5iHg6Ir43c6ldryw16suj/vIDAAAAzokrPdf//5zpXP8DAAAAY2Z21AkAAAAAj53rfwAAABh/rv8BAABgrH31zTezKe3+/vXy2zvbdxpv31iubd2prG0vVZYamxuVlUZjpf3MvrWT9ldvNDY+F+vbd6vN2lazenVn99ZaY3u9eWs1pk6lQQAAAMART3/y3u+TiGh9/lJ7ykyOOingVEzsl5J8XtD7//BUZ/7eKSUFnIoLA7zmvYvFy50nwNk20bugT18Hxk951AkAI5ecsL7v4J3fdGalIecDAAAM37VPFN//P/l8vuWUH844nRjOr577/+nMqBIBTl37/v+gA3mcLMBYKQ80AhAYZx/2/v/J0vShEgIAAIZuuj0lpUr+9d50lEqVSsTV9s8ClJPbq/XazYh4KiJ+N1O+mNXn2lsmJ14zAAAAAAAAAAAAAAAAAAAAAAAAAAAdaZpECgAAAIy1iNKfk191nuV/bebF6d7vByaTf7d/EngyIt750Vs/uLvYbG7OZcv/vr+8+cN8+cuj+AYDAAAA6NW9Tm/P/zXqbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYN+8/eHepOw3w8kvDivvXL0bEbFH8iZhqz6eiHBGX/5HExKHtkoi4MIT4rb2I+HhR/CRLaz9kUfxhvAmtvaSVthXGj9n8XSiKf2UI8eE8u5cdf94o6v+leL49L+5/ExH/V39U/Y9/sX/8u9Cn/18dMMYz939e7Rt/L+KZieLjXzd+0if+CwPG/8bXd3f7rUt/HHGt+/nTPuIdjnBQqjbXNqpbO7s3VtcWV2ortfX5+blXF15beGXhZvX2ar2W/1sY47vP/uKD49p/ufDzL8mz6d/+Fwv2V/SZ9N/7dx98tFtpHY1//YWC+L/+Sf6Ko/FLeZxP5+Vs/bVuudUpH/bcz3773HHtXz5of/lh/v+v99tpryMd5dlB/3QAgMdga2f3zmK9Xtsc20J2lf4EpPEohcl4ItIY38K3s8L9Ye0wTdM061MFq+5FxCD7SWLILS0V53NQ6HsEGPWRCQAAGLaDk/5RZwIAAAAAAAAAAAAAAAAAAADn12k8Za035sEjkJNhPEIbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAo/hcAAP//Yw3Xfw==") bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x18, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x17, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000840)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x275a, 0x0) 4.623685672s ago: executing program 5 (id=4202): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)={0x48, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x2c, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @val={0x6, 0x2, 0x7fff}, @void, @void, @void, @void, @void, @void, @void, @void}}]]}, 0x48}}, 0x0) 4.320499397s ago: executing program 3 (id=4205): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000500000085000000d0000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x303, 0x36}, "f1ff5ef2fe010017", "9e8ecc7bb5352776725e1047711330ff2bb17b55081f0000000000009bc400", "dc5d3f00", "46b0dc72b7b1d30e"}, 0x38) 4.26566115s ago: executing program 5 (id=4206): r0 = socket(0x18, 0x4, 0x0) connect$pppoe(r0, 0x0, 0x0) sendmmsg(r0, &(0x7f0000001440)=[{{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000640)="52d742aa2c99133b2231e7ff01000000000000835edd8e0ce70ab632b536cd2fe89db804cdb0e44eb13512d48a7a97fec89692aabdf1f240ab02db4d08c443aee325608ce98743b8c309979343b424533fa63be47414e9082741bf19692a6194107ec7e0e041812fedd957a8f38c8d482d2914e79fa7cb508e21a2ce3137a7c9ad44ab1447be9cfa989b04505942b8286c1da3da16c2570198a830dbc0fc821aead524a66e2cbb7ab8c5f7c10eb6c67e33ead29e310ef94ef44ee533616d205e738adabbbef8adeb2d0845394a2df02e07f7432de0191ab798", 0xd9}, {0x0, 0x1b}], 0x2}}], 0x1, 0x4000) 4.228953029s ago: executing program 0 (id=4208): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000340)='kfree\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18) r0 = socket$can_raw(0x1d, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, 0xf00) sendmsg$xdp(0xffffffffffffffff, &(0x7f00000022c0)={0x0, 0x0, &(0x7f0000002240)=[{&(0x7f00000000c0)="9454b83847a5c639dccc1cc3aa288229ee8a8a45ab78b6638fd2636c7547f7afcc1711878b54b4a8bc9eda3358a5cafd58dbb8a9f638354fbf2e6ab22b8558896f959a8579d9a05c6dde4a9dcc1779d407440e34d6e555f793ec7c2979d1f4b82e4122ce3f815e2e5322b7e74e3439af393c3adad4bab28934e91efd14ebc482d56ce8cedb094afc27d5c1e6cc050411de76f5731640796ba1e233fa6da1bb14cd30662898a0595bf34af8eebc3d12716e62ae66fbb6cf070bef47415d593769c361fc054ea962c9d09ed46aecba2af20e0a40204d4d795d019895bc0d52d8cc032ee13ae832fb1f989b70ab35596dfe28c239d45c99016cadd05b87af7bd13d37c5efae45046d0e5f9860e35c2f08ef9f67c80c47b870e353c089bab87b74c588183c64b20b7ccbdb068390e4c59a848d9695f46fc8bdbde97a4400f2e8b7379a62c57fd4ef8bd4f8e3a4bf141e87156efc1b86e15f34591489db7112fcae399f83f9e4ee56a923ea3123b3fbff37ccdf92284137a1500cad979bc0331524168b5f1a5da3e2d6643b6b0f28eb15869ba7f609c4fc9e4aecca1183de7b6427e7564714ffe154c2e4db0042ada0561c58a4003191033a4fdbf0d09c9c49e802e325da5bc2bcbe5b7a64c411a780ae8d0902118894f5f63fe989623f25a7e201e135e8f25b5365c3a615a4727144109cc4b88660728445ce841940d20e87069cb74f63fbfb5dd7992dc4ccde1484aeec05630a440ed9481d03267585eed156484d23b07280cc045ff023abd628d43f7d3b7bc5a9e8e6445f94271d508e5bb17b12216dba8a5f1a02aef9126389dcf725197440404b29b95e71d45b9dad8f3fdf1c6a2734632ca7991026304d869a94259cc32ac8a45da5ba38f54e9d98faf2af04e3f11ab495eb490daa88cbf465fe127cf144081196d8319692a51d3bae449ff531427c829d9cfab8cb15ae4ff6f4392e2c657beae5364b55d05729bc7f950e4b99c7ce71136168a3fda8b7ead182973c1f5fb52f7c6f488f6383c1259345306375ebe0639e40f367be4a480c2babf3e0572a5c089cccd06588489fdf12ff256af41faef912dea1c1cf122e8e4b99770b19fdc9f6b12cdfa51d0b0d3b6dbc18af665f0f92b83b12eda1fae071a9fb49575763d1bfce45616089b868e37bad0c806a5cff911ae163f82f98c885e7c9afa4d55a4117246086b07e55991205ad345dde63ef855097c7be09343ff9dd982e7e8332337c1b9c8aedd1afeb06010e59aeb5008f7bb0d971963f79df825d94773c9b79e6897c53a83388ef89bddd1d35addfb6c3dc0121ac2a7936643159365a0ef14dc95de2d1f60f41a687c04ba42ed9b225496a418e593587f40a25bbb761eeddc2080512646d163a9968ea00f599239b3abd581253d383fb72abad3b19e0d85a7eafdc02e92cbe784129c37152934a286c2a3d5c5eb1ac65caf63f352e58c96a26b0b13462b992926bae78774d7d9de575bf86b50da743692fb38ee9fbc51ac0eff40589f7259b50e1208753abdd7e404abe252592ec7605fb2aacf41771c506cbcf84d7e8657d3801a64f8b8480ff07", 0x461}], 0x1, 0x0, 0x0, 0x10}, 0x40000) 4.111765015s ago: executing program 1 (id=4209): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x3, 0xf, 0x0, 0x70bd2c, 0x25dfdbfb, [@sadb_key={0x3, 0x9, 0x80, 0x0, "1cdc0dca1d9f68846960e56de42944af"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @remote}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0xc, 0x1}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}}, @sadb_x_sa2={0x2, 0x13, 0x3, 0x0, 0x0, 0x70bd28, 0x3503}]}, 0x78}, 0x1, 0x7}, 0x0) 4.087093295s ago: executing program 3 (id=4210): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4008000) syz_mount_image$ext4(&(0x7f0000000840)='ext4\x00', &(0x7f0000000880)='./bus\x00', 0x21081e, &(0x7f0000000080)={[{@quota}, {@nogrpid}, {@bh}]}, 0xff, 0x523, &(0x7f0000000c00)="$eJzs3c9vHFcdAPDvTLK2k7h1WnoABG1oCwFFWceb1qp6gHJCCFVC9AgiNfbGsrzrtbzrUptIuGeuSFTiBEf+AM49ceeC4MalHJD4YYFqJA5TzezY2di79qaJvZb385FG89688X7fizPvzbxd7wtgbN2IiJ2ImIiIdyNipjyelFu81d3y8z7ZfbC4t/tgMYkse+dfSVGeH4uen8ldK19zKiJ+8J2InyRH47a3tlcXGo36Rpmf7TTXZ9tb27dXmgvL9eX6Wq02Pzd/5427r9ceozVTx5a+1JwoU1/++I873/hZXq3p8khvO56mbtMrB3FylyPie6cRbAQule2ZGHVF+EzSiHg+Il4urv+ZuFT8NgGAiyzLZiKb6c0DABddWsyBJWm1nAuYjjStVrtzeC/E1bTRandu3W9tri1158quRyW9v9Ko3ynnCq9HJcnzc0X6Yb52KH83Ip6LiF9OXiny1cVWY2mUNz4AMMauHRr//zvZHf8BgAvu+I/NAAAXkfEfAMaP8R8Axo/xHwDGT3f8v/K4P5Zl2c9PozoAwBnw/A8A48f4DwBj5ftvv51v2V75/ddL721trrbeu71Ub69Wm5uL1cXWxnp1udVaLr6zp3nS6zVarfW512Lz/evfXG93Zttb2/earc21zr3ie73v1SvFWTtn0DIAYJDnXvroL0k+Ir95pdiiZy2HykhrBpy2dNQVAEbm0qgrAIyM1b5gfD18xn/sDwGYHoALos8SvY+Y6vcHQlmWZadXJeCU3fyC+X8YVz3z/z4FDGPmpPn/Ym1gbxLChWT+H8ZXliXDrvkfw54IAJxvx8zxXz/L+xBgdAa8//98uf9d+ebAj5YOn/HhadYKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzrf99X+r5TK/05Gm1WrEM8UCQJXk/kqjficino2IP09WJvP83IjrDAA8qfTvSbn+182ZV6cfKXrx2kFyIiJ++ut3fvX+Qqez8aeIieTfk/vHOx+Wx2snBps6jRYAAMfbH6eLfc+D/Ce7Dxb3t7Oszz++3b0ryOPu7U7E3kH8y3G52E9FJSKu/icp811Jz9zFk9j5ICI+36/9SUwXcyDdW5bD8fPYz5xp/PSR+Gm5QHNa/lt87inUBcbNR3n/81a/6y+NG8W+//U/VfRQT67s//KXWtwr+sCH8ff7v0sD+r8bw8Z47Q/f7aauHC37IOKLlyP2Y+/19D/78ZMB8V8dMv5fv/Tiy4PKst9E3Iz+8XtjzXaa67Ptre3bK82F5fpyfa1Wm5+bv/PG3ddrs8Uc9ezg0eCfb956dlBZ3v6rA+JPndD+rw7Z/t/+/90ffuWY+F9/pV/8NF44Jn4+Jn5tyPgLV38/8Lk7j790tP3JML//W0PG//hv20eWDQcARqe9tb260GjUNyTGNPHjOBfVGC6R/5c9B9Xom/jWWcWaiP5Fv3ile00fKsqyzxRrUI/xNGbdgPPg4KKPiP+NujIAAAAAAAAAAAAAAEBfZ/EXS6NuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfXpwEAAP//+E3TQw==") r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181642, 0x148) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) pwrite64(r3, &(0x7f0000000140)='2', 0xfdef, 0xfecc) fallocate(r0, 0x0, 0xbf5, 0x2000402) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000200)={0xc, r0, 0x20, 0x0, 0xdac2, 0xfffefffffe000000}) 4.015089693s ago: executing program 4 (id=4211): r0 = socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, 0x0, 0x0) 3.996544324s ago: executing program 5 (id=4212): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140003006e657464657673696d300000000000000800000000000000140000001100"], 0xac}, 0x1, 0x0, 0x0, 0x4008805}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="14000000100001f500000000000000000100000a14000000020a497f75241d4e1deb00000500000614000000110001"], 0x3c}}, 0xc050) 3.53411608s ago: executing program 4 (id=4214): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) close(r0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) 3.023755637s ago: executing program 5 (id=4215): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x300, 0x1200, 0x0, 0x3) 2.950405738s ago: executing program 0 (id=4216): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) 2.811995468s ago: executing program 2 (id=4217): capset(&(0x7f0000000380)={0x20080522}, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000000)=0x56, 0x4) 2.795353563s ago: executing program 1 (id=4218): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0) write(r1, &(0x7f0000000240)="94", 0x1) vmsplice(r4, &(0x7f0000000380)=[{&(0x7f0000013580)="0dd2e7c8926dc6acd0ae6c178054e95986faff9544de5fc4c30adf404da41181a77466ac5075905ea5f50134fdd517a957fe2ee59b61f9fe8d7aabe595ea23de2723e437af0423a56686a4c2d957be1a0ab922fbbd3cb1d8c6ab0d58440a327c8eb05d445b4ac5f20abe449e4084f8b996268d0564f67980d3ed3479e0edfe5cec7b4f89bface391c9c4c58ad123b91c33173c72326d1df18804a9ea20f9ece48f784d8ca2318e3d2b316666b5dfb7295c4915989d5bcb120e8fedaa97b93a137c256ce4", 0x20013644}, {&(0x7f0000013680)="c578381bf5113dad8319d9ea5294285ae9a90384ce23866477bef9de4399237d8b3522c9c194e71edaf3332a2f169682f9d8fa271683d4d441b710409e506333e0c3b64e52e8720734b6787f4a84f5bebb046649c6c697d978affd349031b2cd874c7a8961a586a9f2d62f945e7a5bf2f5f7a31684c0503704881d2578a2a98ac3ef4e4a4b0dcdb70db735d5c1652eed3848b2dd4131bb0eb7cfadfaf5", 0x9d}], 0x2, 0x0) tee(r0, r4, 0x8f5, 0x0) write$binfmt_script(r4, 0x0, 0xd9) write(r2, 0x0, 0x0) 2.700313678s ago: executing program 4 (id=4219): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000001c0)={r1, 0x1, 0x6, @broadcast}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000040)={r1, 0x1, 0x1, @multicast}, 0x2b) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000180)={0x0, 0x1, 0x6, @random="5a9d3efef8af"}, 0x4d) 2.66586279s ago: executing program 2 (id=4220): r0 = socket(0x400000000010, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000042c0)=@newtfilter={0x78, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r5, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@TCA_RATE={0x6, 0x5, {0x0, 0x40}}, @filter_kind_options=@f_flow={{0x9}, {0x1c, 0x2, [@TCA_FLOW_DIVISOR={0x8, 0x8, 0xfffff4c4}, @TCA_FLOW_BASECLASS={0x8, 0x3, {0xfff9, 0x1}}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0xf000}]}}, @TCA_CHAIN={0x8, 0xb, 0x57}, @TCA_RATE={0x6, 0x5, {0x6, 0x6}}, @filter_kind_options=@f_u32={{0x8}, {0x4}}, @TCA_CHAIN={0x8, 0xb, 0xe0e1}]}, 0x78}, 0x1, 0x0, 0x0, 0x80}, 0x20008800) 2.631748606s ago: executing program 0 (id=4221): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000480)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x8, 0x3, 0x548, 0x1c0, 0xffffffff, 0xffffffff, 0x1c0, 0xffffffff, 0x478, 0xffffffff, 0xffffffff, 0x478, 0xffffffff, 0x7fffffe, 0x0, {[{{@ipv6={@loopback, @remote, [0xff000000, 0xff, 0xff000000], [0xffffff00, 0xffffffff, 0xff, 0xffffffff], 'netpci0\x00', 'vxcan1\x00', {0xff}, {}, 0x32, 0x1, 0x0, 0x40}, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x0, 0x24, 0x1, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x298, 0x2b8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x1f, 0x1, 0x1, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz1\x00'}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5a8) 2.61158045s ago: executing program 3 (id=4222): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000500000085000000d0000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x303, 0x36}, "f1ff5ef2fe010017", "9e8ecc7bb5352776725e1047711330ff2bb17b55081f0000000000009bc400", "dc5d3f00", "46b0dc72b7b1d30e"}, 0x38) 2.411939488s ago: executing program 4 (id=4223): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000800850000006d000000850000000800000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x3, 0x0, &(0x7f0000001640)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioprio_set$uid(0x3, 0x0, 0x0) 2.401206087s ago: executing program 0 (id=4224): r0 = socket(0x18, 0x4, 0x0) connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x2, @multicast, 'vcan0\x00'}}, 0x1e) sendmmsg(r0, 0x0, 0x0, 0x4000) 2.273435346s ago: executing program 3 (id=4225): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) setresuid(0xee01, 0xee00, 0x0) request_key(&(0x7f0000000000)='rxrpc_s\x00', &(0x7f0000001ffb)={'syz', 0x3}, 0x0, 0x0) 2.186666054s ago: executing program 2 (id=4226): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000001000010400000000000000000100000a74000000060a0b04000000000000000002000008400004803c000180080001006c6f670030000280060004400001000008000340fffffffa0a0002407d5def2e21000000080003400000000806000140000100000900010073"], 0x9c}, 0x1, 0x0, 0x0, 0x8010}, 0x0) 2.11175853s ago: executing program 0 (id=4227): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000780)='sys_enter\x00', r1}, 0x18) waitid(0x2, 0x0, 0x0, 0x4, 0x0) 1.742598987s ago: executing program 3 (id=4228): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000340)='kfree\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18) r0 = socket$can_raw(0x1d, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, 0xf00) sendmsg$xdp(0xffffffffffffffff, &(0x7f00000022c0)={0x0, 0x0, &(0x7f0000002240)=[{&(0x7f00000000c0)="9454b83847a5c639dccc1cc3aa288229ee8a8a45ab78b6638fd2636c7547f7afcc1711878b54b4a8bc9eda3358a5cafd58dbb8a9f638354fbf2e6ab22b8558896f959a8579d9a05c6dde4a9dcc1779d407440e34d6e555f793ec7c2979d1f4b82e4122ce3f815e2e5322b7e74e3439af393c3adad4bab28934e91efd14ebc482d56ce8cedb094afc27d5c1e6cc050411de76f5731640796ba1e233fa6da1bb14cd30662898a0595bf34af8eebc3d12716e62ae66fbb6cf070bef47415d593769c361fc054ea962c9d09ed46aecba2af20e0a40204d4d795d019895bc0d52d8cc032ee13ae832fb1f989b70ab35596dfe28c239d45c99016cadd05b87af7bd13d37c5efae45046d0e5f9860e35c2f08ef9f67c80c47b870e353c089bab87b74c588183c64b20b7ccbdb068390e4c59a848d9695f46fc8bdbde97a4400f2e8b7379a62c57fd4ef8bd4f8e3a4bf141e87156efc1b86e15f34591489db7112fcae399f83f9e4ee56a923ea3123b3fbff37ccdf92284137a1500cad979bc0331524168b5f1a5da3e2d6643b6b0f28eb15869ba7f609c4fc9e4aecca1183de7b6427e7564714ffe154c2e4db0042ada0561c58a4003191033a4fdbf0d09c9c49e802e325da5bc2bcbe5b7a64c411a780ae8d0902118894f5f63fe989623f25a7e201e135e8f25b5365c3a615a4727144109cc4b88660728445ce841940d20e87069cb74f63fbfb5dd7992dc4ccde1484aeec05630a440ed9481d03267585eed156484d23b07280cc045ff023abd628d43f7d3b7bc5a9e8e6445f94271d508e5bb17b12216dba8a5f1a02aef9126389dcf725197440404b29b95e71d45b9dad8f3fdf1c6a2734632ca7991026304d869a94259cc32ac8a45da5ba38f54e9d98faf2af04e3f11ab495eb490daa88cbf465fe127cf144081196d8319692a51d3bae449ff531427c829d9cfab8cb15ae4ff6f4392e2c657beae5364b55d05729bc7f950e4b99c7ce71136168a3fda8b7ead182973c1f5fb52f7c6f488f6383c1259345306375ebe0639e40f367be4a480c2babf3e0572a5c089cccd06588489fdf12ff256af41faef912dea1c1cf122e8e4b99770b19fdc9f6b12cdfa51d0b0d3b6dbc18af665f0f92b83b12eda1fae071a9fb49575763d1bfce45616089b868e37bad0c806a5cff911ae163f82f98c885e7c9afa4d55a4117246086b07e55991205ad345dde63ef855097c7be09343ff9dd982e7e8332337c1b9c8aedd1afeb06010e59aeb5008f7bb0d971963f79df825d94773c9b79e6897c53a83388ef89bddd1d35addfb6c3dc0121ac2a7936643159365a0ef14dc95de2d1f60f41a687c04ba42ed9b225496a418e593587f40a25bbb761eeddc2080512646d163a9968ea00f599239b3abd581253d383fb72abad3b19e0d85a7eafdc02e92cbe784129c37152934a286c2a3d5c5eb1ac65caf63f352e58c96a26b0b13462b992926bae78774d7d9de575bf86b50da743692fb38ee9fbc51ac0eff40589f7259b50e1208753abdd7e404abe252592ec7605fb2aacf41771c506cbcf84d7e8657d3801a64f8b8480ff07", 0x461}], 0x1, 0x0, 0x0, 0x10}, 0x40000) 1.343073401s ago: executing program 2 (id=4229): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x0) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000740)=ANY=[@ANYBLOB="44000000090605000000000000000000010000050900020073797a30000006000500010007000000080009400000000114000880100007800a001100b4"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x44000) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000030605000000000000000000000000000500010007"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x20000010) 1.273296266s ago: executing program 1 (id=4230): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r0) sendmsg$NFC_CMD_LLC_SET_PARAMS(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x40080}, 0x4000000) 1.272011916s ago: executing program 5 (id=4231): sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @multicast1}}}], 0x20}}], 0x1, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r1, 0x0, 0x0) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000080)={@multicast2, @loopback}, 0xc) setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a0101"], 0x57) setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000580)={0x1, {{0x2, 0x4e24, @multicast2}}}, 0x88) 1.133896425s ago: executing program 4 (id=4232): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x56, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r3}, 0x18) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10) 959.331408ms ago: executing program 2 (id=4233): bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0x3, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000001000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000200)="0000000000aa303e97380e90231bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9de3350c0a498396b28c7d1784d04aa38922721cb7816094cb82950fd012efd26d", 0x5a}, {&(0x7f0000000900)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df89507000000fb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b9070400000073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f6ff1f6cb79b93f20752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf458aac3314007c3e35d5e4bed6b897608b01e7e26a54433e5f5c74a2ee3c2fc50067be05a677f122b7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fed9879328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e2725427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9ef9f08c0ea3ccd4f8729e2f00a048162834a95", 0x3f1}, {&(0x7f00000003c0)="128b9306006d4810e5ac5040ad9201847839fc378469d5765b9cc241840896c1498194a7197b45d74a8532b82037b02c9e6045", 0x33}], 0x3}, 0x0) 321.007146ms ago: executing program 1 (id=4234): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000018c0), r0) sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000004c0)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000ffdbdf25090000006400038008000100010000000800030004000000140002007665744e315f6d616376746170000000060004000200000008000500e0000000140002006970766c616e"], 0x78}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 223.555408ms ago: executing program 0 (id=4235): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$UHID_DESTROY(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180300000005000000000000000000001801000011af000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000d5030000020000838500000071000000180100002020752500000000806020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='kmem_cache_free\x00', r0, 0x0, 0x2}, 0x18) kcmp(0x0, 0x0, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff8) 135.221765ms ago: executing program 3 (id=4236): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000007c0)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5a}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x3}}]}, 0x1, 0x46f, &(0x7f0000000bc0)="$eJzs281rHOUfAPDvTF7a/vqS/Gp9aa0aLUJQTJq0ag9eFAWRioIe6jEm2xK6baSJYmuxqYgnQQp6Fo+if4E3EUQ9CV49eZJC0V7aeorM7Ey62WYTazaZ2P18YLPPM/PszvebeXv2eXYD6FpD2Z8kYkdE/BoRA43q0gZDjafrV89P3rh6fjKJhYXX/kjydteunp8sm5av215UhtOI9MOk2MhSs2fPnZyo12tnivro3Km3RmfPnnvinVMTJ2onaqfHjxw5fGjs6afGn+xInlle1/a9P7N/74tvXHp58tilN3/8Oot3R7G+OY9OGcoS/3Mh17ru0U5vrGI7m8pJb4WBcFt6IiLbXX35+T8QPXFz5w3ECx9UGhywrrJ705b2q+cXgDtYElVHAFSjvNFnn3/LxwZ1PTaFK882PgBleV8vHo01vZEWbfpaPt920lBEHJv/6/PsEes0DgEA0Ozjyc+O9kfEeze+einrewwsrknjnvz5t/zvrmIOZTAi/h8RuyPirojYExF3R+Rt742I+9YYz639n/TyGt9yRVn/75libmtp/6/s/cVgT1HbmefflxyfrtcOFv+T4ejbktXHVtjGt8//8km7dc39v+yRbb/sCxZxXO5tGaCbmpibyDulHXDlYsS+3uXyTxZnApKI2BsR+27vrXeVhenHvtzfrtHq+a+gA/NMC19k6c1n+c9HS/6lpHl+cvqW+cnRrVGvHRwtj4pb/fTzR6+22/6a8u+AK7XGc9P+b20ymDTP1852dvv/8vhP+5PX83nm/mLZuxNzc2fGIvqTo3l9yfLxm68t62X77PgfPrD8+b+7eE2W//0RkR3ED0TEgxHxUBH7wxHxSEQcWCHHH55bPf9IK9r/FyOmlr3+LR7/Lfv/9gs9J7//pt32/9n+P5yXhosl+fVvFcuFk10uWgNcy/8OAAAA/ivS/DvwSTqyWE7TkZHGd/j3xP/S+szs3OPHZ94+PdX4rvxg9KXlSNdAMR5an67XxpL54h0b46PjxVhxOV56qBg3/rRnW14fmZypT1WcO3S77W3O/8zvPVVHB6yzbcsuHe/f8ECACrTOo6dLqxdeCRcDuFP5vTZ0r1XO/3Sj4gA2nvs/dK/lzv8LLXVzAXBncv+H7uX8hy6Vfld1BECF3P+hK63ld/3rWNi6OcKoprBZd0peiCgL6aaIR2GdClVfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrj7wAAAP//KFzmgQ==") syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x22000406, &(0x7f0000000680)={[{@dioread_lock}, {@noblock_validity}, {@abort}, {@user_xattr}, {@user_xattr}, {@grpjquota, 0x2e}, {@max_batch_time={'max_batch_time', 0x3d, 0x1}}, {@errors_remount}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x84, 0x4c1, &(0x7f0000001940)="$eJzs3M9vFFUcAPDvTGkpP1uQqPxQVtHYiLa0oHLwoEYTLhoTPeCxlkqQAobWRAiRagwejX+BejQx8eTFkybGqBc1XvVuTIjhAnowa2Z3pt2l2+3ulnbF/XyS3b4382be+76Ztzs7r7sB9KxS9pREbI2IXyNiqJqtL1Cq/rlx7dLUX9cuTSVRLr/0Z1Ipd/3apamiaLHdljwzkkak7yWxt0G9sxcunp6cmZk+n+fH5s68MTZ74eKjp85Mnpw+OX124ujRI4fHn3h84rGW4ri8wvosrut73j63b/exVz58fqocr37/Wdberfn62jiqhluqt5lSlKKcW1w6UHl+cNV7/2/ZVpNONnSxIbSlLyKyw9VfGf9D0ReLB28onnt3IfNNlxoIrJnsvWnHkqV9+d904f0L+D9KjHHoUcU7fvb5t3is5/VHt119OnuersR/I3/8+EK1b9Lss+xw9RN7eZnt72ywbHAxWR5aof6tEXF8/u+Pskc0vA/RRNJySQCABV9l1z+PNLr+S+uubbbncyjDEXEwInZGxB0RsSvShTJ3RcTdbdZfuim/9Prn501t7rIt2fXfk/ncVvGoriniShZy2yrx9yevnZqZPpT3yUj0b8zy403q+PrZXz5Ybl2p5vove2T1F9eCeTv+2LCxfpsTk3OTqwi5ztV3IvZsaBR/sjATkPXA7ojY08H+sz479fCn+7L09i1L168cfxO3YJ6p/EnEQ9XjPx83xV9IqjUtNz85Nhgz04fGirNiqR9+uvJibb6/Jl0X/2BrMQ12GmwD2fHf3PD8z+MvhkExXzvbfh1Xfnt/2c80S49/Esfna0vk5/+mxW7Lzv+B5OVKeiBf9tbk3Nz58YiBfEHd8onFvRX5onwW/8iBxuN/Z8Q/H+fb7Y2I7CS+JyLujYj9edvvi4j7I+JAk/i/e+aB15v3UIfn/y2QxX+i2fGPGE5q5+s7SPSd/vbL5epv7fXvSCU1ki9p5fWv1Qaupu8AAADgdpFW5qCTdLRI19yc2hWb05lzs3MHS/Hm2RPVuerh6E+LO11DNfdDx/N7w0V+4qb84YjYUflPo02V/OjUuZlt3QwcqHxXp278R5qOjlbX/d7X7dYBa66tebTafzr7/Itb3xhgXfm+JvQu4x96l/EPvcv4h97VaPxfjrjRhaYA68z7P/Qu4x96l/EPvcv4h5609Cvxxc+tdPJN/8XEzmOr2nzNE+WhNdnzfPtb9a1RpFH7ox3LJpKI6KyKSJuXGWih9q4l0hXLPLVSt/Sv6jcxssT+PLExIlrd6vK69WrxCpH4lUkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC29m8AAAD//2cg5YI=") openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) kexec_load(0x4, 0xa, 0x0, 0x0) 117.888436ms ago: executing program 2 (id=4237): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000780)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x7}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @private=0xa010100}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0x2, 0xfffffffe}}, 0xe8) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x1c) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000027b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) 82.229492ms ago: executing program 4 (id=4238): prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000500)='w\xde\xa3\x05\xa3\x91\x00\x00\x00\x00\x00\x00\x8f\xc0\x9b\x86\xef\\\xc0\x89\av\x9f\xaek\xbd\x87W\x1d\x1b(\x8e\xf8\\2\x98\xf7P\x1b8\xcf\xf5\xdc0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) r4 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local}, 0xc) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0x9}}}, 0x24}}, 0x0) kernel console output (not intermixed with test programs): EOD, truncated [ 710.450898][T16081] loop3: p203 start 42180 is beyond EOD, truncated [ 710.471816][T16081] loop3: p204 start 42180 is beyond EOD, truncated [ 710.478726][T16081] loop3: p205 start 42180 is beyond EOD, truncated [ 710.485732][T12817] Bluetooth: hci1: command tx timeout [ 710.493980][T16081] loop3: p206 start 42180 is beyond EOD, truncated [ 710.510487][T16081] loop3: p207 start 42180 is beyond EOD, truncated [ 710.531000][T16081] loop3: p208 start 42180 is beyond EOD, truncated [ 710.544855][T16081] loop3: p209 start 42180 is beyond EOD, truncated [ 710.551548][T16081] loop3: p210 start 42180 is beyond EOD, truncated [ 710.558210][T16081] loop3: p211 start 42180 is beyond EOD, truncated [ 710.569446][T16081] loop3: p212 start 42180 is beyond EOD, truncated [ 710.578617][T16081] loop3: p213 start 42180 is beyond EOD, truncated [ 710.585347][T16081] loop3: p214 start 42180 is beyond EOD, truncated [ 710.591935][T16081] loop3: p215 start 42180 is beyond EOD, truncated [ 710.598542][T16081] loop3: p216 start 42180 is beyond EOD, truncated [ 710.605110][T16081] loop3: p217 start 42180 is beyond EOD, truncated [ 710.621528][T16081] loop3: p218 start 42180 is beyond EOD, truncated [ 710.634862][T16081] loop3: p219 start 42180 is beyond EOD, truncated [ 710.661553][T16081] loop3: p220 start 42180 is beyond EOD, truncated [ 710.681517][T16081] loop3: p221 start 42180 is beyond EOD, truncated [ 710.711565][T16081] loop3: p222 start 42180 is beyond EOD, truncated [ 710.718119][T16081] loop3: p223 start 42180 is beyond EOD, truncated [ 710.752109][T16081] loop3: p224 start 42180 is beyond EOD, truncated [ 710.758655][T16081] loop3: p225 start 42180 is beyond EOD, truncated [ 710.781595][T16081] loop3: p226 start 42180 is beyond EOD, truncated [ 710.788132][T16081] loop3: p227 start 42180 is beyond EOD, truncated [ 710.815063][T16081] loop3: p228 start 42180 is beyond EOD, truncated [ 710.848063][T16081] loop3: p229 start 42180 is beyond EOD, truncated [ 710.891579][T16081] loop3: p230 start 42180 is beyond EOD, truncated [ 710.898139][T16081] loop3: p231 start 42180 is beyond EOD, truncated [ 710.939911][T16081] loop3: p232 start 42180 is beyond EOD, truncated [ 710.966813][T16081] loop3: p233 start 42180 is beyond EOD, truncated [ 710.991557][T16081] loop3: p234 start 42180 is beyond EOD, truncated [ 710.998156][T16081] loop3: p235 start 42180 is beyond EOD, truncated [ 711.011590][T16081] loop3: p236 start 42180 is beyond EOD, truncated [ 711.041547][T16081] loop3: p237 start 42180 is beyond EOD, truncated [ 711.048093][T16081] loop3: p238 start 42180 is beyond EOD, truncated [ 711.077834][T16081] loop3: p239 start 42180 is beyond EOD, truncated [ 711.101890][T16081] loop3: p240 start 42180 is beyond EOD, truncated [ 711.109308][T16081] loop3: p241 start 42180 is beyond EOD, truncated [ 711.129198][T16081] loop3: p242 start 42180 is beyond EOD, truncated [ 711.148488][T16081] loop3: p243 start 42180 is beyond EOD, truncated [ 711.162531][T16081] loop3: p244 start 42180 is beyond EOD, truncated [ 711.181583][T16081] loop3: p245 start 42180 is beyond EOD, truncated [ 711.205025][T16081] loop3: p246 start 42180 is beyond EOD, truncated [ 711.231556][T16081] loop3: p247 start 42180 is beyond EOD, truncated [ 711.238100][T16081] loop3: p248 start 42180 is beyond EOD, truncated [ 711.270485][T16081] loop3: p249 start 42180 is beyond EOD, truncated [ 711.278081][T14855] team_slave_1 (unregistering): left allmulticast mode [ 711.293704][T16081] loop3: p250 start 42180 is beyond EOD, truncated [ 711.300250][T16081] loop3: p251 start 42180 is beyond EOD, truncated [ 711.322628][T14855] team0 (unregistering): Port device team_slave_1 removed [ 711.342429][T16081] loop3: p252 start 42180 is beyond EOD, truncated [ 711.348969][T16081] loop3: p253 start 42180 is beyond EOD, truncated [ 711.381686][T16081] loop3: p254 start 42180 is beyond EOD, truncated [ 711.388238][T16081] loop3: p255 start 42180 is beyond EOD, truncated [ 711.544549][T14855] team_slave_0 (unregistering): left allmulticast mode [ 711.579196][T14855] team0 (unregistering): Port device team_slave_0 removed [ 711.969480][T16183] loop3: detected capacity change from 0 to 512 [ 712.066903][T16183] EXT4-fs warning (device loop3): dx_probe:859: inode #2: comm syz.3.3676: dx entry: limit 0 != root limit 125 [ 712.091668][T16183] EXT4-fs warning (device loop3): dx_probe:933: inode #2: comm syz.3.3676: Corrupt directory, running e2fsck is recommended [ 712.131624][T16183] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 712.150646][T16183] EXT4-fs error (device loop3): ext4_iget_extra_inode:5074: inode #15: comm syz.3.3676: corrupted in-inode xattr: invalid ea_ino [ 712.182090][T16183] EXT4-fs (loop3): Remounting filesystem read-only [ 712.240158][T16183] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 713.075255][T15585] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 713.244494][T16194] syz.5.3678 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 713.455334][ T30] kauditd_printk_skb: 63 callbacks suppressed [ 713.455360][ T30] audit: type=1326 audit(1760491275.167:1723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16200 comm="syz.5.3681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0ef8eec9 code=0x7ffc0000 [ 713.529530][ T30] audit: type=1326 audit(1760491275.197:1724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16200 comm="syz.5.3681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0ef8eec9 code=0x7ffc0000 [ 713.561030][ T30] audit: type=1326 audit(1760491275.197:1725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16200 comm="syz.5.3681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0ef8eec9 code=0x7ffc0000 [ 713.584019][ T30] audit: type=1326 audit(1760491275.197:1726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16200 comm="syz.5.3681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0ef8eec9 code=0x7ffc0000 [ 713.607817][ T30] audit: type=1326 audit(1760491275.197:1727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16200 comm="syz.5.3681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc0ef8eec9 code=0x7ffc0000 [ 713.632977][ T30] audit: type=1326 audit(1760491275.197:1728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16200 comm="syz.5.3681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0ef8eec9 code=0x7ffc0000 [ 713.697379][ T30] audit: type=1326 audit(1760491275.197:1729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16200 comm="syz.5.3681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0ef8eec9 code=0x7ffc0000 [ 713.761624][ T30] audit: type=1326 audit(1760491275.197:1730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16200 comm="syz.5.3681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0ef8eec9 code=0x7ffc0000 [ 713.808014][ T30] audit: type=1326 audit(1760491275.207:1731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16200 comm="syz.5.3681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0ef8eec9 code=0x7ffc0000 [ 713.871546][ T30] audit: type=1326 audit(1760491275.207:1732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16200 comm="syz.5.3681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc0ef8eec9 code=0x7ffc0000 [ 714.071222][T16001] hsr_slave_0: entered promiscuous mode [ 714.104110][T16001] hsr_slave_1: entered promiscuous mode [ 714.120894][T16001] debugfs: 'hsr0' already exists in 'hsr' [ 714.134595][T16001] Cannot create hsr debugfs directory [ 716.445822][T14855] IPVS: stop unused estimator thread 0... [ 716.914703][T16001] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 716.946331][T16001] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 717.005398][T16001] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 717.070304][T16001] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 717.262799][T16278] loop3: detected capacity change from 0 to 2048 [ 717.407776][T16278] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 718.497651][T16278] EXT4-fs error (device loop3): ext4_validate_block_bitmap:440: comm syz.3.3705: bg 0: block 234: padding at end of block bitmap is not set [ 718.528558][T16278] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1006 with error 117 [ 718.543084][T16278] EXT4-fs (loop3): This should not happen!! Data will be lost [ 718.543084][T16278] [ 718.750738][T16309] loop0: detected capacity change from 0 to 128 [ 718.789296][T15585] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 718.813146][T16309] bio_check_eod: 3 callbacks suppressed [ 718.813171][T16309] syz.0.3710: attempt to access beyond end of device [ 718.813171][T16309] loop0: rw=2049, sector=145, nr_sectors = 24 limit=128 [ 718.815833][T16001] 8021q: adding VLAN 0 to HW filter on device bond0 [ 718.818949][T16309] syz.0.3710: attempt to access beyond end of device [ 718.818949][T16309] loop0: rw=2049, sector=177, nr_sectors = 8 limit=128 [ 718.926020][T16309] syz.0.3710: attempt to access beyond end of device [ 718.926020][T16309] loop0: rw=2049, sector=193, nr_sectors = 8 limit=128 [ 718.974125][T16001] 8021q: adding VLAN 0 to HW filter on device team0 [ 718.993605][T14845] bridge0: port 1(bridge_slave_0) entered blocking state [ 719.000741][T14845] bridge0: port 1(bridge_slave_0) entered forwarding state [ 719.031046][T16317] syz.0.3710: attempt to access beyond end of device [ 719.031046][T16317] loop0: rw=2049, sector=305, nr_sectors = 80 limit=128 [ 719.069873][T14884] bridge0: port 2(bridge_slave_1) entered blocking state [ 719.077189][T14884] bridge0: port 2(bridge_slave_1) entered forwarding state [ 719.084921][T16309] syz.0.3710: attempt to access beyond end of device [ 719.084921][T16309] loop0: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 719.151822][T16309] syz.0.3710: attempt to access beyond end of device [ 719.151822][T16309] loop0: rw=2049, sector=225, nr_sectors = 8 limit=128 [ 719.194372][T16317] syz.0.3710: attempt to access beyond end of device [ 719.194372][T16317] loop0: rw=2049, sector=393, nr_sectors = 8 limit=128 [ 719.312701][T16309] syz.0.3710: attempt to access beyond end of device [ 719.312701][T16309] loop0: rw=2049, sector=241, nr_sectors = 8 limit=128 [ 719.366833][T16314] loop4: detected capacity change from 0 to 512 [ 719.375441][T16309] syz.0.3710: attempt to access beyond end of device [ 719.375441][T16309] loop0: rw=2049, sector=257, nr_sectors = 8 limit=128 [ 719.421896][T16309] syz.0.3710: attempt to access beyond end of device [ 719.421896][T16309] loop0: rw=2049, sector=273, nr_sectors = 8 limit=128 [ 719.429809][T16314] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 719.461677][T16314] ext4 filesystem being mounted at /591/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 720.547492][T16314] EXT4-fs error (device loop4): ext4_validate_block_bitmap:431: comm syz.4.3714: bg 0: block 18: invalid block bitmap [ 720.785012][T16314] __quota_error: 38 callbacks suppressed [ 720.785039][T16314] Quota error (device loop4): write_blk: dquota write failed [ 720.945935][T16314] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 720.984234][T16314] EXT4-fs error (device loop4): ext4_acquire_dquot:6943: comm syz.4.3714: Failed to acquire dquot type 1 [ 721.110328][T14886] buffer_io_error: 6 callbacks suppressed [ 721.110353][T14886] Buffer I/O error on dev loop0, logical block 305, lost async page write [ 721.179105][T16001] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 721.217527][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 721.374737][T16001] veth0_vlan: entered promiscuous mode [ 721.410710][T16001] veth1_vlan: entered promiscuous mode [ 721.514139][T16001] veth0_macvtap: entered promiscuous mode [ 721.819578][T16001] veth1_macvtap: entered promiscuous mode [ 721.944023][T16001] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 721.965312][ T30] audit: type=1326 audit(1760491283.677:1771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16365 comm="syz.0.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243058eec9 code=0x7ffc0000 [ 721.988894][T16001] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 722.034615][T14884] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.046339][ T30] audit: type=1326 audit(1760491283.717:1772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16365 comm="syz.0.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f243058eec9 code=0x7ffc0000 [ 722.068732][T14884] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.068799][T14884] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.068862][T14884] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.101904][T16368] loop0: detected capacity change from 0 to 1024 [ 722.112806][ T30] audit: type=1326 audit(1760491283.717:1773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16365 comm="syz.0.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243058eec9 code=0x7ffc0000 [ 722.138897][ T30] audit: type=1326 audit(1760491283.717:1774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16365 comm="syz.0.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243058eec9 code=0x7ffc0000 [ 722.201178][T16368] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 722.239337][ T30] audit: type=1326 audit(1760491283.717:1775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16365 comm="syz.0.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f243058eec9 code=0x7ffc0000 [ 722.354236][T14886] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 722.391630][T14886] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 722.392258][T16368] netlink: 14 bytes leftover after parsing attributes in process `syz.0.3729'. [ 722.415317][ T30] audit: type=1326 audit(1760491283.717:1776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16365 comm="syz.0.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243058eec9 code=0x7ffc0000 [ 722.659952][T16368] hsr_slave_0: left promiscuous mode [ 722.671178][T16368] hsr_slave_1: left promiscuous mode [ 722.736672][ T30] audit: type=1326 audit(1760491283.717:1777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16365 comm="syz.0.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243058eec9 code=0x7ffc0000 [ 722.761131][ T30] audit: type=1326 audit(1760491283.717:1778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16365 comm="syz.0.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f243058eec9 code=0x7ffc0000 [ 722.826076][T14864] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 722.834020][T14864] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 723.706898][ T5838] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 723.844271][T16397] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3741'. [ 724.147949][T16409] loop3: detected capacity change from 0 to 512 [ 724.174762][T16409] EXT4-fs warning (device loop3): dx_probe:859: inode #2: comm syz.3.3744: dx entry: limit 0 != root limit 125 [ 724.198649][T16409] EXT4-fs warning (device loop3): dx_probe:933: inode #2: comm syz.3.3744: Corrupt directory, running e2fsck is recommended [ 724.217881][T16409] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 724.230579][T16409] EXT4-fs error (device loop3): ext4_iget_extra_inode:5074: inode #15: comm syz.3.3744: corrupted in-inode xattr: invalid ea_ino [ 724.318015][T16409] EXT4-fs (loop3): Remounting filesystem read-only [ 724.353748][T16409] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 724.856117][T15585] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 726.075261][T16439] loop1: detected capacity change from 0 to 128 [ 726.129446][T16439] bio_check_eod: 2 callbacks suppressed [ 726.129471][T16439] syz.1.3757: attempt to access beyond end of device [ 726.129471][T16439] loop1: rw=2049, sector=145, nr_sectors = 24 limit=128 [ 726.185623][T16439] syz.1.3757: attempt to access beyond end of device [ 726.185623][T16439] loop1: rw=2049, sector=177, nr_sectors = 8 limit=128 [ 726.242162][T14884] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 726.242361][T16439] syz.1.3757: attempt to access beyond end of device [ 726.242361][T16439] loop1: rw=2049, sector=193, nr_sectors = 8 limit=128 [ 726.293931][ T30] kauditd_printk_skb: 32 callbacks suppressed [ 726.293957][ T30] audit: type=1326 audit(1760491287.997:1811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.5.3758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0ef8eec9 code=0x7fc00000 [ 726.347879][T16446] syz.1.3757: attempt to access beyond end of device [ 726.347879][T16446] loop1: rw=2049, sector=305, nr_sectors = 80 limit=128 [ 726.361690][ T30] audit: type=1326 audit(1760491287.997:1812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.5.3758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7fdc0ef8eec9 code=0x7fc00000 [ 726.361776][ T30] audit: type=1326 audit(1760491287.997:1813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.5.3758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0ef8eec9 code=0x7fc00000 [ 726.361847][ T30] audit: type=1326 audit(1760491287.997:1814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.5.3758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0ef8eec9 code=0x7fc00000 [ 726.361917][ T30] audit: type=1326 audit(1760491287.997:1815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.5.3758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0ef8eec9 code=0x7fc00000 [ 726.361993][ T30] audit: type=1326 audit(1760491287.997:1816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.5.3758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0ef8eec9 code=0x7fc00000 [ 726.430670][T16446] syz.1.3757: attempt to access beyond end of device [ 726.430670][T16446] loop1: rw=2049, sector=393, nr_sectors = 8 limit=128 [ 726.461386][T16439] syz.1.3757: attempt to access beyond end of device [ 726.461386][T16439] loop1: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 726.533709][T14884] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 726.563331][T16439] syz.1.3757: attempt to access beyond end of device [ 726.563331][T16439] loop1: rw=2049, sector=225, nr_sectors = 8 limit=128 [ 726.577349][ T30] audit: type=1326 audit(1760491287.997:1817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.5.3758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0ef8eec9 code=0x7fc00000 [ 726.622770][ T30] audit: type=1326 audit(1760491287.997:1818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.5.3758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0ef8eec9 code=0x7fc00000 [ 726.626792][T16446] syz.1.3757: attempt to access beyond end of device [ 726.626792][T16446] loop1: rw=2049, sector=409, nr_sectors = 8 limit=128 [ 726.646094][T16430] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 726.693755][T16430] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 726.706383][T14884] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 726.707974][T16439] syz.1.3757: attempt to access beyond end of device [ 726.707974][T16439] loop1: rw=2049, sector=241, nr_sectors = 8 limit=128 [ 726.716455][ T30] audit: type=1326 audit(1760491287.997:1819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.5.3758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0ef8eec9 code=0x7fc00000 [ 726.716530][ T30] audit: type=1326 audit(1760491287.997:1820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.5.3758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0ef8eec9 code=0x7fc00000 [ 726.782911][T16439] syz.1.3757: attempt to access beyond end of device [ 726.782911][T16439] loop1: rw=2049, sector=257, nr_sectors = 8 limit=128 [ 726.813727][T16430] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 726.828140][T16430] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 726.856315][T16430] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 726.874612][T14884] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 726.884983][T16430] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 726.936657][T16430] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 726.944154][T16430] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 726.975199][T16430] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 726.995472][T16430] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 727.003532][T16430] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 727.009969][T14854] Buffer I/O error on dev loop1, logical block 305, lost async page write [ 727.026486][T16456] loop4: detected capacity change from 0 to 512 [ 727.041645][T16430] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 727.066354][T16456] EXT4-fs warning (device loop4): dx_probe:859: inode #2: comm syz.4.3762: dx entry: limit 0 != root limit 125 [ 727.135694][T16456] EXT4-fs warning (device loop4): dx_probe:933: inode #2: comm syz.4.3762: Corrupt directory, running e2fsck is recommended [ 727.150323][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 727.160521][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 727.168272][T16456] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 727.168613][T16456] EXT4-fs error (device loop4): ext4_iget_extra_inode:5074: inode #15: comm syz.4.3762: corrupted in-inode xattr: invalid ea_ino [ 727.169073][T16456] EXT4-fs (loop4): Remounting filesystem read-only [ 727.178961][T14884] bridge_slave_1: left allmulticast mode [ 727.203263][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 727.210359][T14884] bridge_slave_1: left promiscuous mode [ 727.216765][T14884] bridge0: port 2(bridge_slave_1) entered disabled state [ 727.227236][ T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 727.236575][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 727.245806][T16456] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 727.271762][T14884] bridge_slave_0: left allmulticast mode [ 727.277436][T14884] bridge_slave_0: left promiscuous mode [ 727.297618][T14884] bridge0: port 1(bridge_slave_0) entered disabled state [ 727.394740][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 728.071588][ T52] Bluetooth: hci2: command 0x0406 tx timeout [ 728.488009][T16474] loop3: detected capacity change from 0 to 2048 [ 728.502716][T16474] EXT4-fs: Ignoring removed mblk_io_submit option [ 728.509158][T16474] EXT4-fs: Ignoring removed i_version option [ 728.614675][T16474] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 728.915996][ T52] Bluetooth: hci5: command 0x0405 tx timeout [ 728.922276][ T52] Bluetooth: hci3: command 0x0406 tx timeout [ 728.952749][T15585] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 728.971654][T12817] Bluetooth: hci6: command 0x0c1a tx timeout [ 729.041573][T12817] Bluetooth: hci1: command 0x0c1a tx timeout [ 729.304434][T12817] Bluetooth: hci0: command tx timeout [ 730.081753][T12817] Bluetooth: hci2: command 0x0406 tx timeout [ 730.110723][T16487] warn_alloc: 3 callbacks suppressed [ 730.110747][T16487] syz.1.3771: vmalloc error: size 268439552, failed to allocated page array size 524296, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 730.136379][T16487] CPU: 1 UID: 0 PID: 16487 Comm: syz.1.3771 Not tainted syzkaller #0 PREEMPT(full) [ 730.136425][T16487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 730.136447][T16487] Call Trace: [ 730.136459][T16487] [ 730.136474][T16487] dump_stack_lvl+0x16c/0x1f0 [ 730.136536][T16487] warn_alloc+0x248/0x3a0 [ 730.136600][T16487] ? __pfx_warn_alloc+0x10/0x10 [ 730.136681][T16487] ? xskq_create+0xfb/0x1d0 [ 730.136723][T16487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 730.136766][T16487] ? __vmalloc_node_noprof+0xad/0xf0 [ 730.136830][T16487] __vmalloc_node_range_noprof+0xfe2/0x1480 [ 730.136898][T16487] ? xskq_create+0xfb/0x1d0 [ 730.136954][T16487] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 730.137022][T16487] ? xskq_create+0xfb/0x1d0 [ 730.137069][T16487] vmalloc_user_noprof+0x9e/0xe0 [ 730.137118][T16487] ? xskq_create+0xfb/0x1d0 [ 730.137165][T16487] xskq_create+0xfb/0x1d0 [ 730.137214][T16487] xsk_setsockopt+0x792/0x9a0 [ 730.137259][T16487] ? __pfx_xsk_setsockopt+0x10/0x10 [ 730.137301][T16487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 730.137342][T16487] ? find_held_lock+0x2b/0x80 [ 730.137405][T16487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 730.137447][T16487] ? aa_sock_opt_perm+0xfd/0x1c0 [ 730.137511][T16487] ? __pfx_xsk_setsockopt+0x10/0x10 [ 730.137560][T16487] do_sock_setsockopt+0xf3/0x1d0 [ 730.137605][T16487] __sys_setsockopt+0x1a0/0x230 [ 730.137669][T16487] __x64_sys_setsockopt+0xbd/0x160 [ 730.137722][T16487] ? do_syscall_64+0x91/0xfa0 [ 730.137777][T16487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 730.137828][T16487] ? lockdep_hardirqs_on+0x7c/0x110 [ 730.137887][T16487] do_syscall_64+0xcd/0xfa0 [ 730.137948][T16487] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 730.137986][T16487] RIP: 0033:0x7fddf298eec9 [ 730.138015][T16487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 730.138052][T16487] RSP: 002b:00007fddf37ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 730.138086][T16487] RAX: ffffffffffffffda RBX: 00007fddf2be6180 RCX: 00007fddf298eec9 [ 730.138112][T16487] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000007 [ 730.138135][T16487] RBP: 00007fddf2a11f91 R08: 0000000000000004 R09: 0000000000000000 [ 730.138159][T16487] R10: 00002000000004c0 R11: 0000000000000246 R12: 0000000000000000 [ 730.138182][T16487] R13: 00007fddf2be6218 R14: 00007fddf2be6180 R15: 00007ffebb74f458 [ 730.138234][T16487] [ 730.138247][T16487] Mem-Info: [ 730.393086][T16487] active_anon:10094 inactive_anon:0 isolated_anon:0 [ 730.393086][T16487] active_file:4965 inactive_file:50425 isolated_file:0 [ 730.393086][T16487] unevictable:768 dirty:310 writeback:0 [ 730.393086][T16487] slab_reclaimable:11967 slab_unreclaimable:101205 [ 730.393086][T16487] mapped:38711 shmem:6290 pagetables:1325 [ 730.393086][T16487] sec_pagetables:0 bounce:0 [ 730.393086][T16487] kernel_misc_reclaimable:0 [ 730.393086][T16487] free:1268673 free_pcp:26751 free_cma:0 [ 730.460708][T16487] Node 0 active_anon:40376kB inactive_anon:0kB active_file:19860kB inactive_file:201500kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:154844kB dirty:1240kB writeback:0kB shmem:23624kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14288kB pagetables:5164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 730.529067][T16487] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 730.587559][T16487] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 730.659273][T16487] lowmem_reserve[]: 0 2483 2485 2485 2485 [ 730.665293][T16487] Node 0 DMA32 free:1165344kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:40376kB inactive_anon:0kB active_file:19860kB inactive_file:201500kB unevictable:1536kB writepending:1240kB zspages:0kB present:3129332kB managed:2543524kB mlocked:0kB bounce:0kB free_pcp:80860kB local_pcp:54540kB free_cma:0kB [ 730.700921][T16487] lowmem_reserve[]: 0 0 1 1 1 [ 730.705916][T16487] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 730.763181][T16487] lowmem_reserve[]: 0 0 0 0 0 [ 730.767979][T16487] Node 1 Normal free:3893788kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:26212kB local_pcp:20420kB free_cma:0kB [ 730.878899][T16487] lowmem_reserve[]: 0 0 0 0 0 [ 730.907496][T16487] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 730.936087][T14884] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 730.945144][T16487] Node 0 DMA32: 3*4kB (UME) 1*8kB (U) 0*16kB 21*32kB (UME) 477*64kB (UME) 710*128kB (UME) 473*256kB (UM) 294*512kB (UME) 145*1024kB (UM) 4*2048kB (UME) 150*4096kB (UM) = 1164788kB [ 730.975751][ T52] Bluetooth: hci5: command 0x0405 tx timeout [ 730.982150][T12817] Bluetooth: hci3: command 0x0406 tx timeout [ 730.988267][T16487] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 731.003121][T16487] Node 1 Normal: 71*4kB (UME) 4*8kB (UE) 14*16kB (UE) 60*32kB (UE) 48*64kB (UE) 5*128kB (UE) 4*256kB (U) 3*512kB (ME) 2*1024kB (UM) 2*2048kB (UE) 947*4096kB (M) = 3893788kB [ 731.004183][T14884] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 731.033025][T14884] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 731.041725][T12817] Bluetooth: hci6: command 0x0c1a tx timeout [ 731.048379][T16487] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 731.054736][T14884] bond0 (unregistering): Released all slaves [ 731.074606][T16487] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 731.093497][T16487] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 731.107509][T16487] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 731.117015][T16487] 61674 total pagecache pages [ 731.122540][T16487] 0 pages in swap cache [ 731.126794][T16487] Free swap = 124996kB [ 731.131012][T16487] Total swap = 124996kB [ 731.135491][T16487] 2097051 pages RAM [ 731.139370][T16487] 0 pages HighMem/MovableOnly [ 731.145289][T16487] 429080 pages reserved [ 731.149700][T16487] 0 pages cma reserved [ 731.151110][T12817] Bluetooth: hci1: command 0x0c1a tx timeout [ 731.276040][T16477] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.363335][T12817] Bluetooth: hci0: command tx timeout [ 731.443600][T14884] tipc: Disabling bearer [ 731.452010][T14884] tipc: Left network mode [ 731.615677][T14576] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 731.643712][T16477] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.656807][T14576] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 731.739265][T16433] lo speed is unknown, defaulting to 1000 [ 732.150014][T16477] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 733.125898][T12817] Bluetooth: hci6: command 0x0c1a tx timeout [ 733.212266][T12817] Bluetooth: hci1: command 0x0c1a tx timeout [ 733.725879][T12817] Bluetooth: hci0: command tx timeout [ 733.834739][T16477] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 734.257159][T14884] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 734.270408][T14884] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 734.278777][T14884] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 734.295848][T14884] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 734.366725][T14884] veth1_macvtap: left promiscuous mode [ 734.375274][T14884] veth0_macvtap: left promiscuous mode [ 734.381118][T14884] veth1_vlan: left promiscuous mode [ 734.386640][T14884] veth0_vlan: left promiscuous mode [ 734.421120][T16539] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3790'. [ 734.664143][ T30] kauditd_printk_skb: 47 callbacks suppressed [ 734.664170][ T30] audit: type=1326 audit(1760491296.367:1868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16530 comm="syz.5.3787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0ef8eec9 code=0x7fc00000 [ 735.579419][T14884] team0 (unregistering): Port device team_slave_1 removed [ 735.693473][T14884] team0 (unregistering): Port device team_slave_0 removed [ 735.771669][T12817] Bluetooth: hci0: command tx timeout [ 736.298252][T16539] 8021q: adding VLAN 0 to HW filter on device bond1 [ 736.331039][T16540] vlan2: entered allmulticast mode [ 736.344072][T16540] bond1: entered allmulticast mode [ 736.379305][T16548] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3793'. [ 736.401546][T16548] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3793'. [ 736.411655][T16548] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3793'. [ 736.420764][T16550] tipc: Started in network mode [ 736.432063][T16550] tipc: Node identity 7f000001, cluster identity 4711 [ 736.439997][T16550] tipc: Enabled bearer , priority 10 [ 736.772489][T14844] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 736.844072][T14882] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 736.880987][T16433] chnl_net:caif_netlink_parms(): no params data found [ 736.916039][T14882] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 736.978370][T14882] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 737.247371][T14561] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 737.298472][T14561] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 737.553560][T14573] tipc: Node number set to 2130706433 [ 738.171856][T16433] bridge0: port 1(bridge_slave_0) entered blocking state [ 738.199395][T16433] bridge0: port 1(bridge_slave_0) entered disabled state [ 738.219692][T16433] bridge_slave_0: entered allmulticast mode [ 738.247816][T16433] bridge_slave_0: entered promiscuous mode [ 738.281789][T16433] bridge0: port 2(bridge_slave_1) entered blocking state [ 738.288969][T16433] bridge0: port 2(bridge_slave_1) entered disabled state [ 738.312742][T16433] bridge_slave_1: entered allmulticast mode [ 738.331102][T16433] bridge_slave_1: entered promiscuous mode [ 738.345805][T16586] loop2: detected capacity change from 0 to 128 [ 738.365287][T14884] IPVS: stop unused estimator thread 0... [ 738.465360][T16433] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 738.512744][T16433] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 738.719616][T16433] team0: Port device team_slave_0 added [ 738.743153][T16433] team0: Port device team_slave_1 added [ 738.914709][T16433] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 738.931799][T16433] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 739.014530][T16433] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 739.077709][ T30] audit: type=1326 audit(1760491300.787:1869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16580 comm="syz.3.3803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcecd58eec9 code=0x7fc00000 [ 739.123721][T16433] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 739.130686][T16433] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 739.228971][T16433] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 740.030587][T16601] lo speed is unknown, defaulting to 1000 [ 740.460518][T16433] hsr_slave_0: entered promiscuous mode [ 741.413512][T16433] hsr_slave_1: entered promiscuous mode [ 742.429736][T16627] loop3: detected capacity change from 0 to 1024 [ 742.448126][T16628] loop2: detected capacity change from 0 to 128 [ 742.517727][T16628] bio_check_eod: 3 callbacks suppressed [ 742.517753][T16628] syz.2.3818: attempt to access beyond end of device [ 742.517753][T16628] loop2: rw=2049, sector=145, nr_sectors = 24 limit=128 [ 742.551021][T16627] EXT4-fs: Ignoring removed oldalloc option [ 742.570972][T14536] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 742.591758][T16627] EXT4-fs: Ignoring removed bh option [ 742.632920][T14536] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz1] on syz0 [ 742.685873][T16627] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 742.698750][T16628] syz.2.3818: attempt to access beyond end of device [ 742.698750][T16628] loop2: rw=2049, sector=177, nr_sectors = 8 limit=128 [ 742.714116][T16628] syz.2.3818: attempt to access beyond end of device [ 742.714116][T16628] loop2: rw=2049, sector=193, nr_sectors = 8 limit=128 [ 742.733648][T16628] syz.2.3818: attempt to access beyond end of device [ 742.733648][T16628] loop2: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 742.748356][T16628] syz.2.3818: attempt to access beyond end of device [ 742.748356][T16628] loop2: rw=2049, sector=225, nr_sectors = 8 limit=128 [ 742.762142][T16628] syz.2.3818: attempt to access beyond end of device [ 742.762142][T16628] loop2: rw=2049, sector=241, nr_sectors = 8 limit=128 [ 742.776019][T16628] syz.2.3818: attempt to access beyond end of device [ 742.776019][T16628] loop2: rw=2049, sector=257, nr_sectors = 8 limit=128 [ 742.789814][T16628] syz.2.3818: attempt to access beyond end of device [ 742.789814][T16628] loop2: rw=2049, sector=273, nr_sectors = 8 limit=128 [ 742.805003][T16628] syz.2.3818: attempt to access beyond end of device [ 742.805003][T16628] loop2: rw=2049, sector=289, nr_sectors = 9 limit=128 [ 742.832584][T16639] syz.2.3818: attempt to access beyond end of device [ 742.832584][T16639] loop2: rw=2049, sector=305, nr_sectors = 80 limit=128 [ 742.875173][T16626] Buffer I/O error on dev loop2, logical block 305, async page read [ 742.891833][T16626] Buffer I/O error on dev loop2, logical block 306, async page read [ 742.910232][T16626] Buffer I/O error on dev loop2, logical block 307, async page read [ 742.946657][T15585] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 742.951732][T16626] Buffer I/O error on dev loop2, logical block 308, async page read [ 742.985786][T16626] Buffer I/O error on dev loop2, logical block 309, async page read [ 743.012289][T16626] Buffer I/O error on dev loop2, logical block 310, async page read [ 743.045858][T16626] Buffer I/O error on dev loop2, logical block 311, async page read [ 743.079987][T16626] Buffer I/O error on dev loop2, logical block 312, async page read [ 743.102448][T16626] Buffer I/O error on dev loop2, logical block 305, async page read [ 743.120777][T16626] Buffer I/O error on dev loop2, logical block 306, async page read [ 743.448167][T16433] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 743.477864][T16433] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 743.530032][T16433] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 743.568757][T16433] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 743.869246][ T30] audit: type=1326 audit(1760491305.577:1870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16640 comm="syz.5.3822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0ef8eec9 code=0x7fc00000 [ 744.993078][ T30] audit: type=1326 audit(1760491306.707:1871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16671 comm="syz.3.3829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcecd58eec9 code=0x7ffc0000 [ 745.007360][T16433] 8021q: adding VLAN 0 to HW filter on device bond0 [ 745.083552][ T30] audit: type=1326 audit(1760491306.707:1872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16671 comm="syz.3.3829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcecd58eec9 code=0x7ffc0000 [ 745.127593][ T30] audit: type=1326 audit(1760491306.777:1873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16671 comm="syz.3.3829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcecd58eec9 code=0x7ffc0000 [ 745.157196][T16433] 8021q: adding VLAN 0 to HW filter on device team0 [ 745.221678][ T30] audit: type=1326 audit(1760491306.777:1874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16671 comm="syz.3.3829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcecd58eec9 code=0x7ffc0000 [ 745.247933][T14864] bridge0: port 1(bridge_slave_0) entered blocking state [ 745.255193][T14864] bridge0: port 1(bridge_slave_0) entered forwarding state [ 745.298992][T14864] bridge0: port 2(bridge_slave_1) entered blocking state [ 745.306188][T14864] bridge0: port 2(bridge_slave_1) entered forwarding state [ 745.324789][ T30] audit: type=1326 audit(1760491306.777:1875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16671 comm="syz.3.3829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcecd58eec9 code=0x7ffc0000 [ 745.384738][T16680] loop4: detected capacity change from 0 to 1024 [ 745.398710][ T30] audit: type=1326 audit(1760491306.777:1876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16671 comm="syz.3.3829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcecd58eec9 code=0x7ffc0000 [ 745.432938][T16680] EXT4-fs: Ignoring removed oldalloc option [ 745.438879][T16680] EXT4-fs: Ignoring removed bh option [ 745.579724][T16682] loop3: detected capacity change from 0 to 2048 [ 745.629365][T16682] EXT4-fs: Ignoring removed nobh option [ 745.690487][T16680] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 745.708004][ T30] audit: type=1326 audit(1760491306.777:1877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16671 comm="syz.3.3829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fcecd58eec9 code=0x7ffc0000 [ 745.878526][T16682] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 745.891523][ T30] audit: type=1326 audit(1760491306.777:1878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16671 comm="syz.3.3829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcecd58eec9 code=0x7ffc0000 [ 745.985209][T16678] EXT4-fs error (device loop3): ext4_validate_block_bitmap:440: comm syz.3.3833: bg 0: block 408: padding at end of block bitmap is not set [ 746.002389][ T30] audit: type=1326 audit(1760491306.777:1879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16671 comm="syz.3.3829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=429 compat=0 ip=0x7fcecd58eec9 code=0x7ffc0000 [ 746.036497][T16678] EXT4-fs (loop3): Remounting filesystem read-only [ 746.061432][T16678] EXT4-fs (loop3): error restoring inline_data for inode -- potential data loss! (inode 15, error -30) [ 746.116044][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 746.314123][T15585] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 746.794209][T16433] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 746.815687][T14575] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 746.866379][T14575] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz1] on syz0 [ 747.026593][T16433] veth0_vlan: entered promiscuous mode [ 747.076101][T16433] veth1_vlan: entered promiscuous mode [ 747.147572][T16433] veth0_macvtap: entered promiscuous mode [ 747.168427][T16433] veth1_macvtap: entered promiscuous mode [ 747.231390][T16433] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 747.274124][T16433] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 747.313517][ T3013] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 747.351041][ T3013] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 747.405714][ T3013] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 747.424939][ T3013] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 747.618845][ T3013] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 747.635521][ T3013] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 747.743088][T14880] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 747.771553][T14880] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 748.058461][T16723] unsupported nla_type 52263 [ 748.313079][T16728] loop2: detected capacity change from 0 to 1024 [ 748.343006][T16728] EXT4-fs: Ignoring removed oldalloc option [ 748.373878][T16728] EXT4-fs: Ignoring removed bh option [ 748.448552][T16728] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 749.044516][ T52] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 749.056487][ T52] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 749.064333][ T52] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 749.091796][ T52] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 749.110155][ T52] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 749.223183][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 749.449555][ T1139] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 749.475891][T16742] lo speed is unknown, defaulting to 1000 [ 749.539001][ T1139] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 749.623993][ T1139] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 749.708211][ T1139] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 749.837999][T16764] loop0: detected capacity change from 0 to 2048 [ 749.846194][T16764] EXT4-fs: Ignoring removed mblk_io_submit option [ 749.852997][T16764] EXT4-fs: Ignoring removed i_version option [ 749.884544][T16764] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 749.918763][T14552] IPVS: starting estimator thread 0... [ 749.983623][T16433] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 750.013126][T16770] IPVS: using max 22 ests per chain, 52800 per kthread [ 750.023030][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 750.023055][ T30] audit: type=1326 audit(1760491311.727:1884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16744 comm="syz.3.3854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcecd58eec9 code=0x7fc00000 [ 750.221160][ T1139] bridge_slave_1: left allmulticast mode [ 750.230058][T16775] loop0: detected capacity change from 0 to 512 [ 750.236623][ T1139] bridge_slave_1: left promiscuous mode [ 750.248498][ T1139] bridge0: port 2(bridge_slave_1) entered disabled state [ 750.295584][ T1139] bridge_slave_0: left allmulticast mode [ 750.301699][ T1139] bridge_slave_0: left promiscuous mode [ 750.314783][T16775] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 750.335117][ T1139] bridge0: port 1(bridge_slave_0) entered disabled state [ 750.381772][T16775] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 750.572821][T16787] loop2: detected capacity change from 0 to 512 [ 750.580087][T16787] EXT4-fs: Ignoring removed bh option [ 750.595012][T16433] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 750.617993][T16785] loop1: detected capacity change from 0 to 1024 [ 750.650364][T16787] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 750.663790][T16785] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 750.685177][T16787] ext4 filesystem being mounted at /639/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 750.737307][T16785] EXT4-fs error (device loop1): ext4_quota_enable:7136: comm syz.1.3868: inode #3584: comm syz.1.3868: iget: illegal inode # [ 750.781524][T16785] EXT4-fs error (device loop1): ext4_quota_enable:7138: comm syz.1.3868: Bad quota inode: 3584, type: 2 [ 750.824890][T16785] EXT4-fs warning (device loop1): ext4_enable_quotas:7176: Failed to enable quota tracking (type=2, err=-117, ino=3584). Please run e2fsck to fix. [ 750.898020][T16785] EXT4-fs (loop1): mount failed [ 751.223941][ T52] Bluetooth: hci4: command tx timeout [ 751.423236][T16785] loop1: detected capacity change from 0 to 1024 [ 751.455923][T16785] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (58532!=20869) [ 751.492183][T16785] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040e11d, mo2=0002] [ 751.521861][T16785] EXT4-fs (loop1): failed to initialize system zone (-117) [ 751.538006][T16806] loop0: detected capacity change from 0 to 2048 [ 751.549513][T16785] EXT4-fs (loop1): mount failed [ 751.561100][T16806] EXT4-fs: Ignoring removed mblk_io_submit option [ 751.599326][T16806] EXT4-fs: Ignoring removed i_version option [ 751.654721][T16806] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 751.701411][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 751.764784][T16433] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 751.835065][ T30] audit: type=1326 audit(1760491313.547:1885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16812 comm="syz.3.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcecd58eec9 code=0x7fc00000 [ 751.884740][ T30] audit: type=1326 audit(1760491313.547:1886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16812 comm="syz.3.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7fcecd58eec9 code=0x7fc00000 [ 751.910772][ T30] audit: type=1326 audit(1760491313.547:1887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16812 comm="syz.3.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcecd58eec9 code=0x7fc00000 [ 751.952439][T16817] loop0: detected capacity change from 0 to 1024 [ 751.959043][ T30] audit: type=1326 audit(1760491313.547:1888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16812 comm="syz.3.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcecd58eec9 code=0x7fc00000 [ 751.970611][T16818] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3877'. [ 751.992502][ T30] audit: type=1326 audit(1760491313.547:1889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16812 comm="syz.3.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcecd58eec9 code=0x7fc00000 [ 752.054910][ T30] audit: type=1326 audit(1760491313.547:1890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16812 comm="syz.3.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcecd58eec9 code=0x7fc00000 [ 752.086899][ T30] audit: type=1326 audit(1760491313.547:1891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16812 comm="syz.3.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcecd58eec9 code=0x7fc00000 [ 752.133592][T16817] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 752.184909][ T30] audit: type=1326 audit(1760491313.547:1892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16812 comm="syz.3.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcecd58eec9 code=0x7fc00000 [ 752.270214][ T30] audit: type=1326 audit(1760491313.547:1893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16812 comm="syz.3.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcecd58eec9 code=0x7fc00000 [ 752.433779][ T1139] .` (unregistering): (slave bond_slave_0): Releasing backup interface [ 752.470491][ T1139] .` (unregistering): (slave bond_slave_1): Releasing backup interface [ 752.489082][ T1139] .` (unregistering): Released all slaves [ 752.524420][T16742] chnl_net:caif_netlink_parms(): no params data found [ 753.119101][T16845] loop1: detected capacity change from 0 to 512 [ 753.120069][T16845] EXT4-fs: Ignoring removed bh option [ 753.176506][T16849] loop4: detected capacity change from 0 to 2048 [ 753.177637][T16849] EXT4-fs: Ignoring removed mblk_io_submit option [ 753.177673][T16849] EXT4-fs: Ignoring removed i_version option [ 753.209018][T16845] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 753.209421][T16845] ext4 filesystem being mounted at /29/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 753.253953][T16849] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 753.285890][ T52] Bluetooth: hci4: command tx timeout [ 753.389919][T16817] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4192: comm syz.0.3879: Allocating blocks 481-513 which overlap fs metadata [ 753.405895][T16817] EXT4-fs (loop0): pa ffff8880319edbc8: logic 256, phys. 369, len 9 [ 753.406033][T16817] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5443: group 0, free 0, pa_free 2 [ 753.408248][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 753.414508][T16742] bridge0: port 1(bridge_slave_0) entered blocking state [ 753.414717][T16742] bridge0: port 1(bridge_slave_0) entered disabled state [ 753.414941][T16742] bridge_slave_0: entered allmulticast mode [ 753.431808][T16742] bridge_slave_0: entered promiscuous mode [ 753.441194][T16742] bridge0: port 2(bridge_slave_1) entered blocking state [ 753.441409][T16742] bridge0: port 2(bridge_slave_1) entered disabled state [ 753.442778][T16742] bridge_slave_1: entered allmulticast mode [ 753.444887][T16742] bridge_slave_1: entered promiscuous mode [ 754.068910][T16742] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 754.084247][T16433] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 754.133458][T16742] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 754.192178][ T1139] hsr_slave_0: left promiscuous mode [ 754.230722][ T1139] hsr_slave_1: left promiscuous mode [ 754.242662][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 754.250442][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 754.266012][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 754.276763][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 754.328898][ T1139] veth1_macvtap: left promiscuous mode [ 754.341323][ T1139] veth0_macvtap: left promiscuous mode [ 754.347652][ T1139] veth1_vlan: left promiscuous mode [ 754.353082][ T1139] veth0_vlan: left promiscuous mode [ 754.378588][T16001] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 755.369630][ T52] Bluetooth: hci4: command tx timeout [ 755.383501][ T1139] team0 (unregistering): Port device team_slave_1 removed [ 755.480505][ T1139] team0 (unregistering): Port device team_slave_0 removed [ 756.118228][T16867] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3894'. [ 756.127487][T14570] lo speed is unknown, defaulting to 1000 [ 756.147014][T14570] infiniband syz2: ib_query_port failed (-19) [ 756.166040][T16900] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3905'. [ 756.194819][T16900] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3905'. [ 756.280420][T16742] team0: Port device team_slave_0 added [ 756.297485][T16742] team0: Port device team_slave_1 added [ 756.326024][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 756.326049][ T30] audit: type=1326 audit(1760491318.037:1905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16898 comm="syz.1.3905" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fddf298eec9 code=0x0 [ 756.530269][T16908] loop0: detected capacity change from 0 to 512 [ 756.539532][T16742] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 756.548330][T16742] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 756.580952][T16908] EXT4-fs: Ignoring removed bh option [ 756.591391][T16742] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 756.606267][T16742] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 756.615274][T16742] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 756.659881][T16742] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 756.670915][T16908] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 756.719027][T16908] ext4 filesystem being mounted at /12/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 756.806757][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 756.813211][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 756.832237][T16742] hsr_slave_0: entered promiscuous mode [ 756.846826][T16742] hsr_slave_1: entered promiscuous mode [ 756.859394][T16742] debugfs: 'hsr0' already exists in 'hsr' [ 756.865415][T16742] Cannot create hsr debugfs directory [ 757.015270][T16433] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 757.049141][ T1139] IPVS: stop unused estimator thread 0... [ 757.451568][ T52] Bluetooth: hci4: command tx timeout [ 757.584813][T16941] loop3: detected capacity change from 0 to 2048 [ 757.634902][T16941] Alternate GPT is invalid, using primary GPT. [ 757.648265][T16941] loop3: p1 p2 p3 [ 758.045522][T16742] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 758.076387][T16742] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 758.135514][T16742] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 758.185755][T16742] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 758.300995][T16971] loop0: detected capacity change from 0 to 512 [ 758.366171][T16971] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 758.405106][T16971] ext4 filesystem being mounted at /14/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 758.468065][T16978] loop3: detected capacity change from 0 to 2048 [ 758.501108][T16971] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz.0.3923: bg 0: block 18: invalid block bitmap [ 758.521184][T16742] 8021q: adding VLAN 0 to HW filter on device bond0 [ 758.535596][T16978] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 758.548049][T16971] Quota error (device loop0): write_blk: dquota write failed [ 758.572278][T16742] 8021q: adding VLAN 0 to HW filter on device team0 [ 758.580213][T16971] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 758.590720][T16971] EXT4-fs error (device loop0): ext4_acquire_dquot:6943: comm syz.0.3923: Failed to acquire dquot type 1 [ 758.620806][T14848] bridge0: port 1(bridge_slave_0) entered blocking state [ 758.628012][T14848] bridge0: port 1(bridge_slave_0) entered forwarding state [ 758.714949][T14848] bridge0: port 2(bridge_slave_1) entered blocking state [ 758.722158][T14848] bridge0: port 2(bridge_slave_1) entered forwarding state [ 758.774291][T15585] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 758.797752][T16433] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 759.256216][T16999] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3931'. [ 759.911137][T17013] hub 6-0:1.0: USB hub found [ 759.967787][T17013] hub 6-0:1.0: 1 port detected [ 760.418469][T16742] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 760.425244][T17025] netlink: 'syz.2.3940': attribute type 10 has an invalid length. [ 760.425275][T17025] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3940'. [ 761.275615][ T30] audit: type=1326 audit(1760491322.987:1906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17041 comm="syz.4.3945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aa7b8eec9 code=0x7ffc0000 [ 761.361546][ T30] audit: type=1326 audit(1760491323.037:1907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17041 comm="syz.4.3945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f7aa7b8eec9 code=0x7ffc0000 [ 761.451524][ T30] audit: type=1326 audit(1760491323.117:1908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17041 comm="syz.4.3945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aa7b8eec9 code=0x7ffc0000 [ 761.541567][ T30] audit: type=1326 audit(1760491323.117:1909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17041 comm="syz.4.3945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aa7b8eec9 code=0x7ffc0000 [ 761.622016][ T30] audit: type=1326 audit(1760491323.117:1910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17049 comm="syz.4.3945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7aa7bc1785 code=0x7ffc0000 [ 761.694586][ T30] audit: type=1326 audit(1760491323.287:1911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17049 comm="syz.4.3945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f7aa7b8eec9 code=0x7ffc0000 [ 761.904470][T17058] loop0: detected capacity change from 0 to 2048 [ 761.935407][T17058] EXT4-fs: Ignoring removed mblk_io_submit option [ 761.942065][T17058] EXT4-fs: Ignoring removed i_version option [ 761.960752][T16742] veth0_vlan: entered promiscuous mode [ 761.987638][T17058] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 761.991607][T16742] veth1_vlan: entered promiscuous mode [ 762.063840][T16433] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 762.110295][T16742] veth0_macvtap: entered promiscuous mode [ 762.167974][T16742] veth1_macvtap: entered promiscuous mode [ 762.259320][T16742] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 762.270020][T17069] loop4: detected capacity change from 0 to 256 [ 762.288544][T17069] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 762.317637][T17069] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 762.354179][T16742] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 762.408601][T14848] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 762.434729][T14848] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 762.459676][T14848] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 762.464791][T17075] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 762.480055][T14848] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 762.614298][ T30] audit: type=1326 audit(1760491324.317:1912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17078 comm="syz.0.3960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa9f4f85d67 code=0x7ffc0000 [ 762.691543][ T30] audit: type=1326 audit(1760491324.317:1913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17078 comm="syz.0.3960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa9f4f2af79 code=0x7ffc0000 [ 762.774338][ T30] audit: type=1326 audit(1760491324.317:1914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17078 comm="syz.0.3960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa9f4f85d67 code=0x7ffc0000 [ 762.787786][T14834] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 762.837599][T14834] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 762.868684][ T30] audit: type=1326 audit(1760491324.327:1915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17078 comm="syz.0.3960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa9f4f2af79 code=0x7ffc0000 [ 762.919741][T14863] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 762.940647][ T30] audit: type=1326 audit(1760491324.327:1916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17078 comm="syz.0.3960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f4f8eec9 code=0x7ffc0000 [ 762.964008][T14863] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 762.986370][T17065] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 763.476979][T17098] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3967'. [ 763.551176][T17103] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6 [ 763.608747][T17103] loop9: detected capacity change from 0 to 8 [ 763.633905][ C0] blk_print_req_error: 5 callbacks suppressed [ 763.633940][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 763.650289][ C0] buffer_io_error: 726 callbacks suppressed [ 763.650314][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 763.693624][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 763.693678][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 763.722812][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 763.722864][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 763.771947][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 763.772004][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 763.772555][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 763.826622][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 763.841571][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 763.851822][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 763.889676][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 763.900016][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 763.922277][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 763.932564][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 763.940856][T17103] ldm_validate_partition_table(): Disk read failed. [ 763.949978][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 763.960238][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 763.970237][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 763.980482][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 763.993628][T17103] Dev loop9: unable to read RDB block 0 [ 764.000155][T17112] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3971'. [ 764.033756][T17103] loop9: unable to read partition table [ 764.047622][T17103] loop9: partition table beyond EOD, truncated [ 764.061233][T17112] netlink: 'syz.3.3971': attribute type 30 has an invalid length. [ 764.061642][T17103] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 764.061642][T17103] ) failed (rc=-5) [ 764.112305][ T6111] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 764.139084][ T6111] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 764.177616][ T6111] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 764.212226][ T6111] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 764.293802][T17117] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3973'. [ 764.418307][T17119] loop0: detected capacity change from 0 to 256 [ 764.480196][T17119] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 764.852047][T12817] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 764.869330][T12817] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 764.879324][T12817] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 764.938194][T12817] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 764.946132][T12817] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 764.965502][T17134] loop4: detected capacity change from 0 to 1024 [ 764.973201][T17134] EXT4-fs: Ignoring removed orlov option [ 765.038488][T17134] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 765.266228][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 765.280979][T17151] loop9: detected capacity change from 0 to 8 [ 765.334092][T17151] ldm_validate_partition_table(): Disk read failed. [ 765.361006][T17151] Dev loop9: unable to read RDB block 0 [ 765.393346][T17151] loop9: unable to read partition table [ 765.399242][T17151] loop9: partition table beyond EOD, truncated [ 765.437477][T17156] loop4: detected capacity change from 0 to 128 [ 765.444077][T17151] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 765.444077][T17151] ) failed (rc=-5) [ 765.478869][T17156] FAT-fs (loop4): Directory bread(block 162) failed [ 765.486606][T17156] FAT-fs (loop4): Directory bread(block 163) failed [ 765.493865][T17156] FAT-fs (loop4): Directory bread(block 164) failed [ 765.500564][T17156] FAT-fs (loop4): Directory bread(block 165) failed [ 765.522114][T17156] FAT-fs (loop4): Directory bread(block 166) failed [ 765.528744][T17156] FAT-fs (loop4): Directory bread(block 167) failed [ 765.550245][T17156] FAT-fs (loop4): Directory bread(block 168) failed [ 765.557253][T17156] FAT-fs (loop4): Directory bread(block 169) failed [ 765.557621][T17127] chnl_net:caif_netlink_parms(): no params data found [ 765.580324][T17156] FAT-fs (loop4): Directory bread(block 162) failed [ 765.614257][T17156] FAT-fs (loop4): Directory bread(block 163) failed [ 765.629734][T17156] bio_check_eod: 739 callbacks suppressed [ 765.629757][T17156] syz.4.3985: attempt to access beyond end of device [ 765.629757][T17156] loop4: rw=3, sector=226, nr_sectors = 6 limit=128 [ 765.652604][T17156] syz.4.3985: attempt to access beyond end of device [ 765.652604][T17156] loop4: rw=2051, sector=232, nr_sectors = 2 limit=128 [ 765.707465][T17132] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 765.836099][T17127] bridge0: port 1(bridge_slave_0) entered blocking state [ 765.843580][T17127] bridge0: port 1(bridge_slave_0) entered disabled state [ 765.865974][T17127] bridge_slave_0: entered allmulticast mode [ 765.880686][T17127] bridge_slave_0: entered promiscuous mode [ 765.890379][T17127] bridge0: port 2(bridge_slave_1) entered blocking state [ 765.900909][T17127] bridge0: port 2(bridge_slave_1) entered disabled state [ 765.908357][T17127] bridge_slave_1: entered allmulticast mode [ 765.917029][T17127] bridge_slave_1: entered promiscuous mode [ 766.116871][T17127] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 766.138906][T17127] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 766.155574][T17176] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3993'. [ 766.202245][T17176] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3993'. [ 766.330084][T17176] team0 (unregistering): Port device team_slave_0 removed [ 766.343967][T17176] team0 (unregistering): Port device team_slave_1 removed [ 766.386677][T17127] team0: Port device team_slave_0 added [ 766.427075][T17127] team0: Port device team_slave_1 added [ 766.482456][T17183] netlink: 'syz.4.3997': attribute type 10 has an invalid length. [ 766.516655][T17183] team0: Port device dummy0 added [ 766.525196][T17127] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 766.525221][T17127] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 766.525269][T17127] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 766.528354][T17127] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 766.528378][T17127] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 766.528426][T17127] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 766.580575][T17183] netlink: 'syz.4.3997': attribute type 10 has an invalid length. [ 766.623960][T17183] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 766.633083][T17183] team0: Failed to send options change via netlink (err -105) [ 766.633341][T17183] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 766.633833][T17183] team0: Port device dummy0 removed [ 766.638794][T17183] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 766.737080][T17127] hsr_slave_0: entered promiscuous mode [ 766.795744][T17127] hsr_slave_1: entered promiscuous mode [ 766.801947][T17127] debugfs: 'hsr0' already exists in 'hsr' [ 766.824853][T17127] Cannot create hsr debugfs directory [ 766.866937][T17194] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3999'. [ 766.866971][T17194] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3999'. [ 766.874324][T17193] loop5: detected capacity change from 0 to 128 [ 766.879729][T17171] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 766.916714][T17171] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 766.916933][T17171] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 766.917168][T17171] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 766.925459][T17171] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 766.925583][T17171] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 766.930772][T17171] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 766.931476][T17193] ieee802154 phy0 wpan0: encryption failed: -22 [ 766.974011][T17171] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 766.974378][T17171] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 766.994146][T17171] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 767.438435][T17127] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 767.596322][T17127] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 767.635681][T17212] loop4: detected capacity change from 0 to 2048 [ 767.686051][T17212] EXT4-fs: Ignoring removed nobh option [ 767.709122][T17212] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 767.729855][T17220] netlink: 'syz.0.4010': attribute type 4 has an invalid length. [ 767.777508][T17127] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 767.880496][T17225] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4014'. [ 767.942497][T17225] team0: entered promiscuous mode [ 767.947627][T17225] team0: entered allmulticast mode [ 767.953340][T17225] 8021q: adding VLAN 0 to HW filter on device team0 [ 767.973981][T17127] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 768.026955][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 768.155378][T17235] program syz.5.4018 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 768.251415][T12817] Bluetooth: hci5: command 0x0405 tx timeout [ 768.256016][T17237] loop4: detected capacity change from 0 to 128 [ 768.471332][T17239] loop3: detected capacity change from 0 to 512 [ 768.495577][T17237] syz.4.4017: attempt to access beyond end of device [ 768.495577][T17237] loop4: rw=2049, sector=145, nr_sectors = 24 limit=128 [ 768.511593][T17241] syz.4.4017: attempt to access beyond end of device [ 768.511593][T17241] loop4: rw=2049, sector=297, nr_sectors = 80 limit=128 [ 768.519401][T17239] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 768.544063][T17127] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 768.551106][T17237] syz.4.4017: attempt to access beyond end of device [ 768.551106][T17237] loop4: rw=2049, sector=177, nr_sectors = 8 limit=128 [ 768.570640][T17127] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 768.580555][T17241] syz.4.4017: attempt to access beyond end of device [ 768.580555][T17241] loop4: rw=2049, sector=385, nr_sectors = 8 limit=128 [ 768.581738][T17243] netlink: 264 bytes leftover after parsing attributes in process `syz.1.4020'. [ 768.597194][T17241] syz.4.4017: attempt to access beyond end of device [ 768.597194][T17241] loop4: rw=2049, sector=401, nr_sectors = 8 limit=128 [ 768.624811][T17237] syz.4.4017: attempt to access beyond end of device [ 768.624811][T17237] loop4: rw=2049, sector=193, nr_sectors = 8 limit=128 [ 768.629357][T17239] EXT4-fs (loop3): 1 truncate cleaned up [ 768.658847][T17127] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 768.688639][T17239] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 768.713697][T17237] syz.4.4017: attempt to access beyond end of device [ 768.713697][T17237] loop4: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 768.746068][T17127] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 768.761844][T17241] syz.4.4017: attempt to access beyond end of device [ 768.761844][T17241] loop4: rw=2049, sector=417, nr_sectors = 8 limit=128 [ 768.854597][ T12] buffer_io_error: 20 callbacks suppressed [ 768.854624][ T12] Buffer I/O error on dev loop4, logical block 297, lost async page write [ 768.962417][T12817] Bluetooth: hci1: command 0x0c1a tx timeout [ 768.968620][T12817] Bluetooth: hci4: command 0x0c1a tx timeout [ 768.974963][T12817] Bluetooth: hci6: command 0x0c1a tx timeout [ 769.042234][ T52] Bluetooth: hci3: command 0x041b tx timeout [ 769.447783][T15585] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 770.125385][T17273] loop5: detected capacity change from 0 to 2048 [ 770.154596][T17273] EXT4-fs: Ignoring removed nobh option [ 770.277624][T17273] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 770.444755][T17271] syz.4.4028: vmalloc error: size 268439552, failed to allocated page array size 524296, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 770.464188][T17271] CPU: 1 UID: 0 PID: 17271 Comm: syz.4.4028 Not tainted syzkaller #0 PREEMPT(full) [ 770.464234][T17271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 770.464256][T17271] Call Trace: [ 770.464269][T17271] [ 770.464283][T17271] dump_stack_lvl+0x16c/0x1f0 [ 770.464344][T17271] warn_alloc+0x248/0x3a0 [ 770.464409][T17271] ? __pfx_warn_alloc+0x10/0x10 [ 770.464490][T17271] ? xskq_create+0xfb/0x1d0 [ 770.464534][T17271] ? srso_alias_return_thunk+0x5/0xfbef5 [ 770.464577][T17271] ? __vmalloc_node_noprof+0xad/0xf0 [ 770.464639][T17271] __vmalloc_node_range_noprof+0xfe2/0x1480 [ 770.464721][T17271] ? xskq_create+0xfb/0x1d0 [ 770.464780][T17271] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 770.464850][T17271] ? xskq_create+0xfb/0x1d0 [ 770.464897][T17271] vmalloc_user_noprof+0x9e/0xe0 [ 770.464948][T17271] ? xskq_create+0xfb/0x1d0 [ 770.464996][T17271] xskq_create+0xfb/0x1d0 [ 770.465047][T17271] xsk_setsockopt+0x792/0x9a0 [ 770.465094][T17271] ? __pfx_xsk_setsockopt+0x10/0x10 [ 770.465136][T17271] ? srso_alias_return_thunk+0x5/0xfbef5 [ 770.465180][T17271] ? find_held_lock+0x2b/0x80 [ 770.465244][T17271] ? srso_alias_return_thunk+0x5/0xfbef5 [ 770.465287][T17271] ? aa_sock_opt_perm+0xfd/0x1c0 [ 770.465351][T17271] ? __pfx_xsk_setsockopt+0x10/0x10 [ 770.465399][T17271] do_sock_setsockopt+0xf3/0x1d0 [ 770.465448][T17271] __sys_setsockopt+0x1a0/0x230 [ 770.465511][T17271] __x64_sys_setsockopt+0xbd/0x160 [ 770.465563][T17271] ? do_syscall_64+0x91/0xfa0 [ 770.465618][T17271] ? srso_alias_return_thunk+0x5/0xfbef5 [ 770.465661][T17271] ? lockdep_hardirqs_on+0x7c/0x110 [ 770.465722][T17271] do_syscall_64+0xcd/0xfa0 [ 770.465783][T17271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 770.465820][T17271] RIP: 0033:0x7f7aa7b8eec9 [ 770.465848][T17271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 770.465884][T17271] RSP: 002b:00007f7aa89f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 770.465917][T17271] RAX: ffffffffffffffda RBX: 00007f7aa7de6090 RCX: 00007f7aa7b8eec9 [ 770.465941][T17271] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000007 [ 770.465964][T17271] RBP: 00007f7aa7c11f91 R08: 0000000000000004 R09: 0000000000000000 [ 770.465988][T17271] R10: 00002000000004c0 R11: 0000000000000246 R12: 0000000000000000 [ 770.466012][T17271] R13: 00007f7aa7de6128 R14: 00007f7aa7de6090 R15: 00007ffd166bbd18 [ 770.466064][T17271] [ 770.466077][T17271] Mem-Info: [ 770.523142][T17284] netlink: 'syz.3.4027': attribute type 4 has an invalid length. [ 770.531527][T17271] active_anon:7361 inactive_anon:0 isolated_anon:0 [ 770.531527][T17271] active_file:4965 inactive_file:50453 isolated_file:0 [ 770.531527][T17271] unevictable:768 dirty:295 writeback:0 [ 770.531527][T17271] slab_reclaimable:11802 slab_unreclaimable:104224 [ 770.531527][T17271] mapped:34807 shmem:3684 pagetables:1298 [ 770.531527][T17271] sec_pagetables:0 bounce:0 [ 770.531527][T17271] kernel_misc_reclaimable:0 [ 770.531527][T17271] free:1275440 free_pcp:19495 free_cma:0 [ 770.773184][T17271] Node 0 active_anon:29544kB inactive_anon:0kB active_file:19860kB inactive_file:201612kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:143328kB dirty:1180kB writeback:0kB shmem:13200kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14876kB pagetables:5156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 770.819901][T16742] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 770.828464][T17271] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 770.873454][T17271] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 770.913577][T17290] Cannot find add_set index 0 as target [ 770.958679][T17271] lowmem_reserve[]: 0 2483 2485 2485 2485 [ 770.970220][T17271] Node 0 DMA32 free:1189588kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:31144kB inactive_anon:0kB active_file:19860kB inactive_file:201612kB unevictable:1536kB writepending:1180kB zspages:0kB present:3129332kB managed:2543524kB mlocked:0kB bounce:0kB free_pcp:52048kB local_pcp:32072kB free_cma:0kB [ 771.014022][T17271] lowmem_reserve[]: 0 0 1 1 1 [ 771.018965][T17271] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 771.050271][ T52] Bluetooth: hci4: command 0x0c1a tx timeout [ 771.071043][T17271] lowmem_reserve[]: 0 0 0 0 0 [ 771.082191][T17271] Node 1 Normal free:3896812kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:23248kB local_pcp:17456kB free_cma:0kB [ 771.131129][ T52] Bluetooth: hci3: command 0x041b tx timeout [ 771.131975][T17299] loop5: detected capacity change from 0 to 512 [ 771.155033][T17299] EXT4-fs: Ignoring removed bh option [ 771.177839][T17271] lowmem_reserve[]: 0 0 0 0 0 [ 771.197645][T17299] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 771.214841][T17271] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 771.235648][T17299] ext4 filesystem being mounted at /18/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 771.248915][T17271] Node 0 DMA32: 73*4kB (E) 570*8kB (ME) 138*16kB (UME) 154*32kB (ME) 254*64kB (ME) 416*128kB (UME) 583*256kB (UM) 327*512kB (UME) 157*1024kB (UM) 7*2048kB (UME) 150*4096kB (UM) = 1187668kB [ 771.284900][T17271] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 771.328224][T17271] Node 1 Normal: 69*4kB (UME) 5*8kB (UE) 35*16kB (UE) 144*32kB (UE) 48*64kB (UE) 5*128kB (UE) 4*256kB (U) 3*512kB (ME) 2*1024kB (UM) 2*2048kB (UE) 947*4096kB (M) = 3896812kB [ 771.367997][T17271] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 771.411884][T17271] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 771.421222][T17271] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 771.441363][T17271] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 771.450804][T17271] 60495 total pagecache pages [ 771.455759][T17271] 0 pages in swap cache [ 771.459914][T17271] Free swap = 124996kB [ 771.462633][T16742] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 771.464114][T17271] Total swap = 124996kB [ 771.477562][T17271] 2097051 pages RAM [ 771.481741][T17271] 0 pages HighMem/MovableOnly [ 771.486482][T17271] 429080 pages reserved [ 771.490852][T17271] 0 pages cma reserved [ 771.737123][T17310] netlink: 14 bytes leftover after parsing attributes in process `syz.5.4039'. [ 772.093616][T17310] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 772.127059][T17310] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 772.171719][T17310] bond0 (unregistering): Released all slaves [ 772.836855][T17312] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 772.872396][T17312] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 772.903037][T17312] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 772.909207][T17312] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 772.960533][T17312] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 773.001148][T17312] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 773.136601][T17127] 8021q: adding VLAN 0 to HW filter on device bond0 [ 773.207440][T17127] 8021q: adding VLAN 0 to HW filter on device team0 [ 773.233212][T17323] loop1: detected capacity change from 0 to 2048 [ 773.240736][T17323] EXT4-fs: Ignoring removed nobh option [ 773.370063][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 773.377362][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 773.417971][T17323] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 773.517508][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 773.524764][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 773.642836][T17337] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4051'. [ 773.762304][T16001] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 773.784261][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 773.784286][ T30] audit: type=1326 audit(1760491335.497:1975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17341 comm="syz.5.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f906298eec9 code=0x7ffc0000 [ 773.901634][ T30] audit: type=1326 audit(1760491335.497:1976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17341 comm="syz.5.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f906298eec9 code=0x7ffc0000 [ 773.970641][ T30] audit: type=1326 audit(1760491335.537:1977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17341 comm="syz.5.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f906298eec9 code=0x7ffc0000 [ 774.059496][ T30] audit: type=1326 audit(1760491335.537:1978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17341 comm="syz.5.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f906298eec9 code=0x7ffc0000 [ 774.117895][ T30] audit: type=1326 audit(1760491335.537:1979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17341 comm="syz.5.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f906298eec9 code=0x7ffc0000 [ 775.142216][ T52] Bluetooth: hci6: command 0x0c1a tx timeout [ 775.148365][ T52] Bluetooth: hci5: command 0x0405 tx timeout [ 775.154520][ T52] Bluetooth: hci4: command 0x0c1a tx timeout [ 775.416114][T12817] Bluetooth: hci1: command 0x0c1a tx timeout [ 775.422371][T12817] Bluetooth: hci3: command 0x041b tx timeout [ 776.084390][ T30] audit: type=1326 audit(1760491335.547:1980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17341 comm="syz.5.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f906298eec9 code=0x7ffc0000 [ 776.222037][ T30] audit: type=1326 audit(1760491335.547:1981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17341 comm="syz.5.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f906298eec9 code=0x7ffc0000 [ 776.266636][ T30] audit: type=1326 audit(1760491335.547:1982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17341 comm="syz.5.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f906298eec9 code=0x7ffc0000 [ 776.309440][ T30] audit: type=1326 audit(1760491335.547:1983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17341 comm="syz.5.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f906298eec9 code=0x7ffc0000 [ 776.396798][ T30] audit: type=1326 audit(1760491335.547:1984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17341 comm="syz.5.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f906298eec9 code=0x7ffc0000 [ 776.714988][T17127] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 776.888877][T17379] program syz.4.4063 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 776.954342][T17375] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 776.982266][T17375] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 777.091713][T17127] veth0_vlan: entered promiscuous mode [ 777.232871][T17368] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 777.245502][T17368] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 777.266186][T17368] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 777.284631][T17368] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 777.291736][T17368] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 777.308638][T17368] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 777.356155][T17395] loop9: detected capacity change from 0 to 8 [ 777.386257][ C0] blk_print_req_error: 20 callbacks suppressed [ 777.386285][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 777.402775][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 777.430217][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 777.440501][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 777.463461][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 777.463518][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 777.511528][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 777.511583][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 777.635773][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 777.635835][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 777.643300][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 777.643354][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 777.704825][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 777.704883][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 777.708067][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 777.708120][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 777.708409][T17395] ldm_validate_partition_table(): Disk read failed. [ 777.709422][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 777.709473][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 777.710628][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 777.710679][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 777.720049][T17395] Dev loop9: unable to read RDB block 0 [ 777.728622][T17395] loop9: unable to read partition table [ 778.013846][T17395] loop9: partition table beyond EOD, truncated [ 778.014495][T17395] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 778.014495][T17395] ) failed (rc=-5) [ 778.571605][ T52] Bluetooth: hci5: command 0x0405 tx timeout [ 779.197719][T17430] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4079'. [ 779.250469][T17375] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 779.282435][ T52] Bluetooth: hci1: command 0x0c1a tx timeout [ 779.289734][T12817] Bluetooth: hci6: command 0x0c1a tx timeout [ 779.342861][T17375] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 779.361658][T12817] Bluetooth: hci3: command 0x041b tx timeout [ 779.367776][ T52] Bluetooth: hci4: command 0x0c1a tx timeout [ 779.397895][T17433] program syz.4.4080 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 779.660492][T17437] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4082'. [ 779.769703][T17375] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 779.881826][T17375] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 779.927776][T17445] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4083'. [ 780.015447][T17127] veth1_vlan: entered promiscuous mode [ 780.218976][T17375] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 780.290721][T17375] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 780.347072][T17457] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6 [ 780.394925][T17457] loop9: detected capacity change from 0 to 8 [ 780.441509][T17457] ldm_validate_partition_table(): Disk read failed. [ 780.462008][T17457] Dev loop9: unable to read RDB block 0 [ 780.477739][T17127] veth0_macvtap: entered promiscuous mode [ 780.516506][T17457] loop9: unable to read partition table [ 780.516754][T17457] loop9: partition table beyond EOD, truncated [ 780.516782][T17457] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 780.516782][T17457] ) failed (rc=-5) [ 780.531682][T17127] veth1_macvtap: entered promiscuous mode [ 780.613559][T17127] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 780.630446][T17127] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 780.665520][ T6111] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 780.665603][ T6111] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 780.665665][ T6111] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 780.665734][ T6111] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 780.950533][ T6111] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 780.950565][ T6111] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 781.008600][ T6111] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 781.008652][ T6111] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 781.089730][ T6111] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 781.121261][ T6111] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 781.273579][ T6111] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 781.324033][ T6111] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 781.394599][T14890] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 781.403445][T14866] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 781.411383][T14890] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 781.419863][T14866] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 781.442315][ T52] Bluetooth: hci3: command 0x041b tx timeout [ 781.854390][T17480] loop1: detected capacity change from 0 to 2048 [ 781.955156][T17480] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 782.077128][T17480] EXT4-fs error (device loop1): ext4_find_extent:939: inode #2: comm syz.1.4096: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 782.131948][T17480] EXT4-fs (loop1): Remounting filesystem read-only [ 782.330110][T16001] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 782.647075][T17501] loop1: detected capacity change from 0 to 128 [ 782.706748][T12817] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 782.716386][T12817] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 782.728484][T12817] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 782.769341][T17504] bio_check_eod: 7 callbacks suppressed [ 782.778959][T17504] syz.1.4102: attempt to access beyond end of device [ 782.778959][T17504] loop1: rw=2049, sector=153, nr_sectors = 8 limit=128 [ 782.815777][T12817] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 782.826412][T12817] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 782.875690][T17504] syz.1.4102: attempt to access beyond end of device [ 782.875690][T17504] loop1: rw=2049, sector=169, nr_sectors = 8 limit=128 [ 783.083264][T14552] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 783.257285][T14552] usb 1-1: device descriptor read/64, error -71 [ 783.522034][T14552] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 783.530832][ T52] Bluetooth: hci3: command 0x041b tx timeout [ 783.663083][T14552] usb 1-1: device descriptor read/64, error -71 [ 783.792553][T14552] usb usb1-port1: attempt power cycle [ 783.961391][T17522] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4112'. [ 784.914433][ T52] Bluetooth: hci2: command tx timeout [ 784.997292][T17502] chnl_net:caif_netlink_parms(): no params data found [ 785.004757][T14552] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 785.046412][T14552] usb 1-1: device descriptor read/8, error -71 [ 785.168863][T14860] bridge_slave_1: left allmulticast mode [ 785.175887][T14860] bridge_slave_1: left promiscuous mode [ 785.182123][T14860] bridge0: port 2(bridge_slave_1) entered disabled state [ 785.193060][T14860] bridge_slave_0: left allmulticast mode [ 785.198710][T14860] bridge_slave_0: left promiscuous mode [ 785.205943][T14860] bridge0: port 1(bridge_slave_0) entered disabled state [ 785.321577][T14552] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 785.363160][T14552] usb 1-1: device descriptor read/8, error -71 [ 785.473030][T14552] usb usb1-port1: unable to enumerate USB device [ 785.690668][T17538] loop2: detected capacity change from 0 to 256 [ 785.752388][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 785.752414][ T30] audit: type=1804 audit(1760491347.447:1989): pid=17538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.4118" name="/newroot/10/file0/bus" dev="loop2" ino=1048678 res=1 errno=0 [ 785.967993][T14860] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 785.978877][T14860] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 785.988823][T17544] Bluetooth: MGMT ver 1.23 [ 786.000996][T14860] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 786.057627][T14860] bond0 (unregistering): Released all slaves [ 786.400563][T17558] loop1: detected capacity change from 0 to 128 [ 786.416462][T17558] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 786.436417][T17558] ext4 filesystem being mounted at /75/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 786.631881][T14860] tipc: Disabling bearer [ 786.637870][T14860] tipc: Left network mode [ 786.847800][T17502] bridge0: port 1(bridge_slave_0) entered blocking state [ 786.856766][T17502] bridge0: port 1(bridge_slave_0) entered disabled state [ 786.889313][T17502] bridge_slave_0: entered allmulticast mode [ 786.915963][T17502] bridge_slave_0: entered promiscuous mode [ 786.921414][T17565] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4124'. [ 786.966621][T16001] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 786.998456][ T52] Bluetooth: hci2: command tx timeout [ 787.172647][T17502] bridge0: port 2(bridge_slave_1) entered blocking state [ 787.179829][T17502] bridge0: port 2(bridge_slave_1) entered disabled state [ 787.191767][T17502] bridge_slave_1: entered allmulticast mode [ 787.199852][T17502] bridge_slave_1: entered promiscuous mode [ 787.366572][T17576] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4129'. [ 787.499347][T17502] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 787.552934][T14556] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 787.554768][T17502] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 787.610916][T14556] hid-generic 0000:0000:0000.0009: hidraw0: HID v0.00 Device [syz1] on syz0 [ 787.671199][T17582] wg2: entered promiscuous mode [ 787.676333][T17582] wg2: entered allmulticast mode [ 787.873551][T14860] hsr_slave_0: left promiscuous mode [ 787.892181][T14860] hsr_slave_1: left promiscuous mode [ 787.901264][T14860] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 787.926236][T14860] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 788.784306][T17606] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4140'. [ 789.041796][ T52] Bluetooth: hci2: command tx timeout [ 789.168854][T17460] Set syz1 is full, maxelem 65536 reached [ 789.207300][ T30] audit: type=1326 audit(1760491350.917:1990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17614 comm="syz.2.4144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf0998eec9 code=0x7ffc0000 [ 789.269913][ T30] audit: type=1326 audit(1760491350.947:1991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17614 comm="syz.2.4144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf0998eec9 code=0x7ffc0000 [ 789.313730][ T30] audit: type=1326 audit(1760491350.957:1992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17614 comm="syz.2.4144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbf0998eec9 code=0x7ffc0000 [ 789.338621][ T30] audit: type=1326 audit(1760491350.957:1993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17614 comm="syz.2.4144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf0998eec9 code=0x7ffc0000 [ 789.339344][T14860] team0 (unregistering): Port device team_slave_1 removed [ 789.348244][T17619] loop5: detected capacity change from 0 to 128 [ 789.378867][ T30] audit: type=1326 audit(1760491350.957:1994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17614 comm="syz.2.4144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf0998eec9 code=0x7ffc0000 [ 789.401780][ T30] audit: type=1326 audit(1760491350.957:1995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17614 comm="syz.2.4144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbf0998d710 code=0x7ffc0000 [ 789.428954][ T30] audit: type=1326 audit(1760491350.957:1996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17614 comm="syz.2.4144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fbf099906f7 code=0x7ffc0000 [ 789.454613][ T30] audit: type=1326 audit(1760491350.957:1997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17614 comm="syz.2.4144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbf0998eec9 code=0x7ffc0000 [ 789.472830][T17619] syz.5.4146: attempt to access beyond end of device [ 789.472830][T17619] loop5: rw=2049, sector=145, nr_sectors = 24 limit=128 [ 789.478197][ T30] audit: type=1326 audit(1760491350.957:1998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17614 comm="syz.2.4144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fbf099906f7 code=0x7ffc0000 [ 789.517052][T17619] syz.5.4146: attempt to access beyond end of device [ 789.517052][T17619] loop5: rw=2049, sector=177, nr_sectors = 8 limit=128 [ 789.517468][T14860] team0 (unregistering): Port device team_slave_0 removed [ 789.535264][T17619] syz.5.4146: attempt to access beyond end of device [ 789.535264][T17619] loop5: rw=2049, sector=193, nr_sectors = 8 limit=128 [ 789.558323][T17622] syz.5.4146: attempt to access beyond end of device [ 789.558323][T17622] loop5: rw=2049, sector=305, nr_sectors = 80 limit=128 [ 789.572865][T17619] syz.5.4146: attempt to access beyond end of device [ 789.572865][T17619] loop5: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 789.586649][T17622] syz.5.4146: attempt to access beyond end of device [ 789.586649][T17622] loop5: rw=2049, sector=393, nr_sectors = 8 limit=128 [ 789.599792][T17619] syz.5.4146: attempt to access beyond end of device [ 789.599792][T17619] loop5: rw=2049, sector=225, nr_sectors = 8 limit=128 [ 789.600703][T17622] syz.5.4146: attempt to access beyond end of device [ 789.600703][T17622] loop5: rw=2049, sector=409, nr_sectors = 8 limit=128 [ 789.641765][T17619] syz.5.4146: attempt to access beyond end of device [ 789.641765][T17619] loop5: rw=2049, sector=241, nr_sectors = 8 limit=128 [ 789.642828][T17624] loop2: detected capacity change from 0 to 512 [ 789.670329][T17622] syz.5.4146: attempt to access beyond end of device [ 789.670329][T17622] loop5: rw=2049, sector=425, nr_sectors = 8 limit=128 [ 789.686457][T17624] EXT4-fs: Ignoring removed bh option [ 789.725518][T17624] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 789.745354][T17624] ext4 filesystem being mounted at /21/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 789.782248][ T6111] buffer_io_error: 20 callbacks suppressed [ 789.782274][ T6111] Buffer I/O error on dev loop5, logical block 305, lost async page write [ 789.944102][T17127] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 790.116324][T17502] team0: Port device team_slave_0 added [ 790.169150][T17502] team0: Port device team_slave_1 added [ 790.305522][T17502] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 790.315184][T17502] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 790.343745][T17502] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 790.374894][T17640] loop3: detected capacity change from 0 to 2048 [ 790.406915][T17502] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 790.408580][T17640] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 790.420641][T17502] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 790.454899][T17502] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 790.542438][T17502] hsr_slave_0: entered promiscuous mode [ 790.550609][T17502] hsr_slave_1: entered promiscuous mode [ 790.557370][T17502] debugfs: 'hsr0' already exists in 'hsr' [ 790.563445][T17502] Cannot create hsr debugfs directory [ 790.711363][T17630] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 790.718202][T17630] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 790.723716][T14860] IPVS: stop unused estimator thread 0... [ 790.731395][T17630] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 790.756687][T17630] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 790.779580][T17630] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 790.801365][T17630] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 790.824295][T17630] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 790.852933][T17630] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 791.111596][T17651] program syz.2.4153 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 791.217465][T17640] EXT4-fs error (device loop3): ext4_validate_block_bitmap:440: comm syz.3.4151: bg 0: block 234: padding at end of block bitmap is not set [ 791.251335][T17640] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2048 with error 117 [ 791.306340][T17640] EXT4-fs (loop3): This should not happen!! Data will be lost [ 791.306340][T17640] [ 791.698955][T17502] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 791.748852][T14836] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 418 with error 28 [ 791.771139][T17502] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 791.801092][T17502] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 791.802258][T14836] EXT4-fs (loop3): This should not happen!! Data will be lost [ 791.802258][T14836] [ 791.832522][T17502] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 791.851525][T14836] EXT4-fs (loop3): Total free blocks count 0 [ 791.868142][T14836] EXT4-fs (loop3): Free/Dirty block details [ 791.887206][T14836] EXT4-fs (loop3): free_blocks=0 [ 791.901653][T14836] EXT4-fs (loop3): dirty_blocks=432 [ 791.914168][T14836] EXT4-fs (loop3): Block reservation details [ 791.919252][T17673] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4160'. [ 791.978336][T17673] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4160'. [ 792.138198][T17677] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma? [ 792.321920][ T52] Bluetooth: hci6: command 0x0c1a tx timeout [ 792.388247][T17502] 8021q: adding VLAN 0 to HW filter on device bond0 [ 792.526404][T17502] 8021q: adding VLAN 0 to HW filter on device team0 [ 792.617773][ T3013] bridge0: port 1(bridge_slave_0) entered blocking state [ 792.625026][ T3013] bridge0: port 1(bridge_slave_0) entered forwarding state [ 792.654007][ T3013] bridge0: port 2(bridge_slave_1) entered blocking state [ 792.661190][ T3013] bridge0: port 2(bridge_slave_1) entered forwarding state [ 792.683271][T17698] program syz.1.4167 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 792.724373][ T52] Bluetooth: hci1: command 0x0c1a tx timeout [ 792.802228][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 792.802882][T12817] Bluetooth: hci3: command 0x041b tx timeout [ 792.808333][T17362] Bluetooth: hci4: command 0x0c1a tx timeout [ 793.262939][T17715] loop3: detected capacity change from 0 to 2048 [ 793.264004][T17720] loop1: detected capacity change from 0 to 1024 [ 793.295107][T17720] EXT4-fs: inline encryption not supported [ 793.333781][T17720] EXT4-fs: Ignoring removed nobh option [ 793.353159][T17720] EXT4-fs: Ignoring removed bh option [ 793.386568][T17715] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 793.413092][T17720] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 793.511553][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 793.511579][ T30] audit: type=1800 audit(1760491355.217:2012): pid=17715 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.4171" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 793.668952][T16001] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 793.778445][T17502] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 793.904403][T17732] dummy0: entered allmulticast mode [ 793.942460][T17734] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6 [ 793.954191][T17736] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4176'. [ 793.965765][T17734] loop9: detected capacity change from 0 to 8 [ 793.992160][ C0] blk_print_req_error: 20 callbacks suppressed [ 793.992188][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 794.008560][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 794.037568][T17736] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4176'. [ 794.041518][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 794.050006][T17715] EXT4-fs error (device loop3): ext4_validate_block_bitmap:440: comm syz.3.4171: bg 0: block 234: padding at end of block bitmap is not set [ 794.056978][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 794.071986][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 794.089880][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 794.098578][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 794.108828][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 794.119880][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 794.130138][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 794.142037][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 794.144462][T17715] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2048 with error 117 [ 794.152274][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 794.152683][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 794.152733][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 794.153158][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 794.201457][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 794.210039][T17734] ldm_validate_partition_table(): Disk read failed. [ 794.220362][T17715] EXT4-fs (loop3): This should not happen!! Data will be lost [ 794.220362][T17715] [ 794.230138][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 794.230188][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 794.251757][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 794.283830][T17734] Dev loop9: unable to read RDB block 0 [ 794.298820][T17734] loop9: unable to read partition table [ 794.322584][T17734] loop9: partition table beyond EOD, truncated [ 794.345049][T17734] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 794.345049][T17734] ) failed (rc=-5) [ 794.572244][T17746] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4180'. [ 794.586568][T14860] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 508 with error 28 [ 794.634021][T14860] EXT4-fs (loop3): This should not happen!! Data will be lost [ 794.634021][T14860] [ 794.659318][T14860] EXT4-fs (loop3): Total free blocks count 0 [ 794.681816][T14860] EXT4-fs (loop3): Free/Dirty block details [ 794.694246][T14860] EXT4-fs (loop3): free_blocks=0 [ 794.699211][T14860] EXT4-fs (loop3): dirty_blocks=512 [ 794.725824][T14860] EXT4-fs (loop3): Block reservation details [ 794.890549][T17758] loop0: detected capacity change from 0 to 512 [ 794.901711][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 794.930739][T17758] EXT4-fs: Ignoring removed nobh option [ 794.942462][T17762] loop5: detected capacity change from 0 to 1024 [ 794.951375][T17762] EXT4-fs: inline encryption not supported [ 794.957506][T17762] EXT4-fs: Ignoring removed nobh option [ 794.963596][T17762] EXT4-fs: Ignoring removed bh option [ 795.019077][T17758] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 795.044361][T17762] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 795.051659][T17758] ext4 filesystem being mounted at /69/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 795.092104][T17502] veth0_vlan: entered promiscuous mode [ 795.138343][T17502] veth1_vlan: entered promiscuous mode [ 795.238773][T16742] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 795.247363][T17502] veth0_macvtap: entered promiscuous mode [ 795.344758][T17502] veth1_macvtap: entered promiscuous mode [ 795.437978][T17502] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 795.514387][T17502] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 795.636662][ T3013] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 795.676851][T17782] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6 [ 795.689458][ T3013] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 795.695736][T17782] loop9: detected capacity change from 0 to 8 [ 795.709054][ C1] buffer_io_error: 6 callbacks suppressed [ 795.709080][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 795.740059][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 795.752263][T17784] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4193'. [ 795.765708][T14860] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 795.765779][T14860] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 795.766293][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 795.767296][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 795.806549][T17786] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4193'. [ 795.828532][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 795.847079][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 795.855935][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 795.864154][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 795.872147][T17782] ldm_validate_partition_table(): Disk read failed. [ 795.879983][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 795.888396][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 795.897833][T17782] Dev loop9: unable to read RDB block 0 [ 795.906112][T17782] loop9: unable to read partition table [ 795.912883][T17782] loop9: partition table beyond EOD, truncated [ 795.930766][T17782] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 795.930766][T17782] ) failed (rc=-5) [ 796.022701][T16433] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 796.221952][T14836] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 796.229799][T14836] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 796.352565][ T6111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 796.367362][ T6111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 796.399651][T17800] loop1: detected capacity change from 0 to 512 [ 796.448737][T17800] EXT4-fs error (device loop1): ext4_validate_block_bitmap:440: comm syz.1.4200: bg 0: block 248: padding at end of block bitmap is not set [ 796.496065][T17800] Quota error (device loop1): write_blk: dquota write failed [ 796.540948][T17800] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 796.583448][T17800] EXT4-fs error (device loop1): ext4_acquire_dquot:6943: comm syz.1.4200: Failed to acquire dquot type 1 [ 796.638875][T17800] EXT4-fs (loop1): 1 truncate cleaned up [ 796.673551][T17800] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 796.721589][T17800] ext4 filesystem being mounted at /92/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 796.946676][T16001] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 796.963462][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 797.185336][T17824] loop3: detected capacity change from 0 to 512 [ 797.239325][T17824] EXT4-fs: Ignoring removed bh option [ 797.507225][T17824] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 797.971876][T17824] ext4 filesystem being mounted at /112/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 798.485181][T15585] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 798.487987][T17850] veth0: entered promiscuous mode [ 798.503869][T17849] veth0: left promiscuous mode [ 799.059402][T17869] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4226'. [ 800.056896][T17881] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4229'. [ 800.737729][T17886] netlink: 'syz.5.4231': attribute type 4 has an invalid length. [ 800.993522][T17890] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4234'. [ 801.008909][ T30] audit: type=1326 audit(1760491362.717:2013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17891 comm="syz.0.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f4f8eec9 code=0x7ffc0000 [ 801.040481][T17895] loop3: detected capacity change from 0 to 512 [ 801.041546][T17890] IPVS: Unknown mcast interface: ipvlan [ 801.064283][ T30] audit: type=1326 audit(1760491362.717:2014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17891 comm="syz.0.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f4f8eec9 code=0x7ffc0000 [ 801.134667][T17895] [ 801.137016][T17895] ====================================================== [ 801.144027][T17895] WARNING: possible circular locking dependency detected [ 801.146477][ T30] audit: type=1326 audit(1760491362.717:2015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17891 comm="syz.0.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa9f4f8eec9 code=0x7ffc0000 [ 801.151036][T17895] syzkaller #0 Not tainted [ 801.173494][ T30] audit: type=1326 audit(1760491362.717:2016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17891 comm="syz.0.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f4f8eec9 code=0x7ffc0000 [ 801.177789][T17895] ------------------------------------------------------ [ 801.201690][ T30] audit: type=1326 audit(1760491362.717:2017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17891 comm="syz.0.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f4f8eec9 code=0x7ffc0000 [ 801.207232][T17895] syz.3.4236/17895 is trying to acquire lock: [ 801.207253][T17895] ffff88803348eb98 [ 801.229719][ T30] audit: type=1326 audit(1760491362.747:2018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17891 comm="syz.0.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fa9f4f8eec9 code=0x7ffc0000 [ 801.235639][T17895] (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x27a/0x600 [ 801.235726][T17895] [ 801.235726][T17895] but task is already holding lock: [ 801.235739][T17895] ffff8880766fd6d8 (&ei->xattr_sem){++++}-{4:4}, at: __ext4_mark_inode_dirty+0x4ba/0x870 [ 801.235850][T17895] [ 801.235850][T17895] which lock already depends on the new lock. [ 801.235850][T17895] [ 801.235862][T17895] [ 801.235862][T17895] the existing dependency chain (in reverse order) is: [ 801.235875][T17895] [ 801.235875][T17895] -> #1 (&ei->xattr_sem){++++}-{4:4}: [ 801.235926][T17895] down_write+0x92/0x200 [ 801.235962][T17895] ext4_destroy_inline_data+0x2d/0xe0 [ 801.235999][T17895] ext4_do_writepages+0x1154/0x3cf0 [ 801.241208][ T30] audit: type=1326 audit(1760491362.747:2019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17891 comm="syz.0.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f4f8eec9 code=0x7ffc0000 [ 801.261964][T17895] ext4_writepages+0x37a/0x7d0 [ 801.262022][T17895] do_writepages+0x27a/0x600 [ 801.270497][ T30] audit: type=1326 audit(1760491362.747:2020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17891 comm="syz.0.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f4f8eec9 code=0x7ffc0000 [ 801.277739][T17895] filemap_fdatawrite_wbc+0x104/0x160 [ 801.287654][ T30] audit: type=1326 audit(1760491362.747:2021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17891 comm="syz.0.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa9f4f8eec9 code=0x7ffc0000 [ 801.297910][T17895] __filemap_fdatawrite_range+0xb9/0x100 [ 801.297949][T17895] file_write_and_wait_range+0xca/0x140 [ 801.426254][T17895] generic_buffers_fsync_noflush+0x76/0x310 [ 801.432702][T17895] ext4_sync_file+0x896/0xf10 [ 801.438009][T17895] vfs_fsync_range+0x139/0x220 [ 801.443393][T17895] ext4_buffered_write_iter+0x2e0/0x440 [ 801.449474][T17895] ext4_file_write_iter+0xa4c/0x1d10 [ 801.455291][T17895] vfs_write+0x7d3/0x11d0 [ 801.460150][T17895] __x64_sys_pwrite64+0x1eb/0x250 [ 801.465877][T17895] do_syscall_64+0xcd/0xfa0 [ 801.470921][T17895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.477335][T17895] [ 801.477335][T17895] -> #0 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 801.485781][T17895] __lock_acquire+0x126f/0x1c90 [ 801.491164][T17895] lock_acquire+0x179/0x350 [ 801.496198][T17895] ext4_writepages+0x224/0x7d0 [ 801.501511][T17895] do_writepages+0x27a/0x600 [ 801.506635][T17895] __writeback_single_inode+0x160/0xfb0 [ 801.512727][T17895] writeback_single_inode+0x2bc/0x550 [ 801.518653][T17895] write_inode_now+0x170/0x1e0 [ 801.523937][T17895] iput.part.0+0x487/0xb00 [ 801.528893][T17895] iput+0x35/0x40 [ 801.533061][T17895] ext4_xattr_block_set+0x67c/0x3650 [ 801.538874][T17895] ext4_expand_extra_isize_ea+0x1442/0x1ab0 [ 801.545300][T17895] __ext4_expand_extra_isize+0x346/0x480 [ 801.551460][T17895] __ext4_mark_inode_dirty+0x544/0x870 [ 801.557482][T17895] ext4_evict_inode+0x74e/0x18e0 [ 801.562957][T17895] evict+0x3e6/0x920 [ 801.567457][T17895] iput.part.0+0x6a9/0xb00 [ 801.572412][T17895] iput+0x35/0x40 [ 801.576586][T17895] ext4_orphan_cleanup+0x731/0x11e0 [ 801.582330][T17895] ext4_fill_super+0x8db7/0xaf70 [ 801.587793][T17895] get_tree_bdev_flags+0x38c/0x620 [ 801.593432][T17895] vfs_get_tree+0x8e/0x340 [ 801.598387][T17895] path_mount+0x7b9/0x23a0 [ 801.603336][T17895] __x64_sys_mount+0x293/0x310 [ 801.608638][T17895] do_syscall_64+0xcd/0xfa0 [ 801.613686][T17895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.620101][T17895] [ 801.620101][T17895] other info that might help us debug this: [ 801.620101][T17895] [ 801.630401][T17895] Possible unsafe locking scenario: [ 801.630401][T17895] [ 801.637841][T17895] CPU0 CPU1 [ 801.643206][T17895] ---- ---- [ 801.648569][T17895] lock(&ei->xattr_sem); [ 801.652904][T17895] lock(&sbi->s_writepages_rwsem); [ 801.660624][T17895] lock(&ei->xattr_sem); [ 801.667473][T17895] rlock(&sbi->s_writepages_rwsem); [ 801.672758][T17895] [ 801.672758][T17895] *** DEADLOCK *** [ 801.672758][T17895] [ 801.680892][T17895] 3 locks held by syz.3.4236/17895: [ 801.686083][T17895] #0: ffff88803348a0e0 (&type->s_umount_key#27/1){+.+.}-{4:4}, at: alloc_super+0x1e3/0xb60 [ 801.696333][T17895] #1: ffff88803348a610 (sb_internal){++++}-{0:0}, at: evict+0x3e6/0x920 [ 801.704835][T17895] #2: ffff8880766fd6d8 (&ei->xattr_sem){++++}-{4:4}, at: __ext4_mark_inode_dirty+0x4ba/0x870 [ 801.715162][T17895] [ 801.715162][T17895] stack backtrace: [ 801.721128][T17895] CPU: 0 UID: 0 PID: 17895 Comm: syz.3.4236 Not tainted syzkaller #0 PREEMPT(full) [ 801.721169][T17895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 801.721190][T17895] Call Trace: [ 801.721200][T17895] [ 801.721213][T17895] dump_stack_lvl+0x116/0x1f0 [ 801.721265][T17895] print_circular_bug+0x275/0x350 [ 801.721308][T17895] check_noncircular+0x14c/0x170 [ 801.721354][T17895] __lock_acquire+0x126f/0x1c90 [ 801.721398][T17895] ? __lock_acquire+0x622/0x1c90 [ 801.721445][T17895] lock_acquire+0x179/0x350 [ 801.721485][T17895] ? do_writepages+0x27a/0x600 [ 801.721531][T17895] ? __pfx___might_resched+0x10/0x10 [ 801.721590][T17895] ext4_writepages+0x224/0x7d0 [ 801.721642][T17895] ? do_writepages+0x27a/0x600 [ 801.721685][T17895] ? __pfx_ext4_writepages+0x10/0x10 [ 801.721737][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.721786][T17895] ? __lock_acquire+0xb8a/0x1c90 [ 801.721834][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.721876][T17895] ? __pfx_ext4_writepages+0x10/0x10 [ 801.721930][T17895] do_writepages+0x27a/0x600 [ 801.721976][T17895] ? __pfx_do_writepages+0x10/0x10 [ 801.722024][T17895] __writeback_single_inode+0x160/0xfb0 [ 801.722080][T17895] ? __pfx___writeback_single_inode+0x10/0x10 [ 801.722132][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.722171][T17895] ? do_raw_spin_unlock+0x172/0x230 [ 801.722220][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.722262][T17895] writeback_single_inode+0x2bc/0x550 [ 801.722319][T17895] write_inode_now+0x170/0x1e0 [ 801.722350][T17895] ? __pfx_write_inode_now+0x10/0x10 [ 801.722405][T17895] ? find_held_lock+0x2b/0x80 [ 801.722458][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.722499][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.722542][T17895] iput.part.0+0x487/0xb00 [ 801.722593][T17895] iput+0x35/0x40 [ 801.722636][T17895] ext4_xattr_block_set+0x67c/0x3650 [ 801.722689][T17895] ? __pfx_ext4_xattr_block_set+0x10/0x10 [ 801.722736][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.722781][T17895] ? xattr_find_entry+0x289/0x330 [ 801.722823][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.722862][T17895] ? ext4_xattr_block_find+0x59/0x430 [ 801.722905][T17895] ext4_expand_extra_isize_ea+0x1442/0x1ab0 [ 801.722967][T17895] ? __pfx_ext4_expand_extra_isize_ea+0x10/0x10 [ 801.723021][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.723060][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.723100][T17895] ? dquot_initialize_needed+0x183/0x2a0 [ 801.723150][T17895] __ext4_expand_extra_isize+0x346/0x480 [ 801.723194][T17895] __ext4_mark_inode_dirty+0x544/0x870 [ 801.723251][T17895] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 801.723306][T17895] ? __pfx___might_resched+0x10/0x10 [ 801.723364][T17895] ? ext4_journal_check_start+0x22b/0x340 [ 801.723415][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.723454][T17895] ? __ext4_journal_start_sb+0x19e/0x690 [ 801.723502][T17895] ? ext4_evict_inode+0x5cf/0x18e0 [ 801.723535][T17895] ext4_evict_inode+0x74e/0x18e0 [ 801.723569][T17895] ? __pfx_ext4_evict_inode+0x10/0x10 [ 801.723600][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.723644][T17895] ? __pfx_ext4_evict_inode+0x10/0x10 [ 801.723674][T17895] evict+0x3e6/0x920 [ 801.723720][T17895] ? __pfx_evict+0x10/0x10 [ 801.723763][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.723812][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.723858][T17895] iput.part.0+0x6a9/0xb00 [ 801.723902][T17895] ? __pfx_ext4_drop_inode+0x10/0x10 [ 801.723950][T17895] iput+0x35/0x40 [ 801.723993][T17895] ext4_orphan_cleanup+0x731/0x11e0 [ 801.724054][T17895] ? __pfx_ext4_orphan_cleanup+0x10/0x10 [ 801.724112][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.724151][T17895] ? ext4_register_li_request+0xec/0x9b0 [ 801.724190][T17895] ext4_fill_super+0x8db7/0xaf70 [ 801.724241][T17895] ? __pfx_ext4_fill_super+0x10/0x10 [ 801.724276][T17895] ? do_raw_spin_lock+0x12c/0x2b0 [ 801.724322][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.724361][T17895] ? find_held_lock+0x2b/0x80 [ 801.724417][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.724456][T17895] ? sb_set_blocksize+0x176/0x1d0 [ 801.724499][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.724538][T17895] ? setup_bdev_super+0x369/0x730 [ 801.724571][T17895] get_tree_bdev_flags+0x38c/0x620 [ 801.724607][T17895] ? __pfx_ext4_fill_super+0x10/0x10 [ 801.724643][T17895] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 801.724680][T17895] ? apparmor_capable+0x114/0x1d0 [ 801.724716][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.724755][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.724800][T17895] ? security_capable+0x7e/0x260 [ 801.724855][T17895] vfs_get_tree+0x8e/0x340 [ 801.724906][T17895] path_mount+0x7b9/0x23a0 [ 801.724953][T17895] ? __pfx_path_mount+0x10/0x10 [ 801.724997][T17895] ? putname+0x154/0x1a0 [ 801.725045][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.725084][T17895] ? putname+0x154/0x1a0 [ 801.725130][T17895] ? __x64_sys_mount+0x293/0x310 [ 801.725172][T17895] __x64_sys_mount+0x293/0x310 [ 801.725215][T17895] ? __pfx___x64_sys_mount+0x10/0x10 [ 801.725258][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 801.725304][T17895] do_syscall_64+0xcd/0xfa0 [ 801.725357][T17895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.725390][T17895] RIP: 0033:0x7fcecd59066a [ 801.725416][T17895] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 801.725449][T17895] RSP: 002b:00007fcece3bbe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 801.725479][T17895] RAX: ffffffffffffffda RBX: 00007fcece3bbef0 RCX: 00007fcecd59066a [ 801.725501][T17895] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fcece3bbeb0 [ 801.725523][T17895] RBP: 0000200000000180 R08: 00007fcece3bbef0 R09: 0000000000800700 [ 801.725546][T17895] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 801.725567][T17895] R13: 00007fcece3bbeb0 R14: 000000000000046f R15: 00002000000007c0 [ 801.725602][T17895] [ 802.326985][ T30] audit: type=1326 audit(1760491362.747:2022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17891 comm="syz.0.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f4f8eec9 code=0x7ffc0000 [ 802.340386][T17905] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4239'. [ 802.397915][T17895] ------------[ cut here ]------------ [ 802.397915][T17902] loop4: detected capacity change from 0 to 512 [ 802.410391][T17895] EA inode 11 i_nlink=2 [ 802.415912][T17902] EXT4-fs (loop4): 1 orphan inode deleted [ 802.447875][T17905] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4239'. [ 802.448748][T17902] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 802.460566][T17895] WARNING: CPU: 1 PID: 17895 at fs/ext4/xattr.c:1056 ext4_xattr_inode_update_ref+0x4ec/0x610 [ 802.479471][T17895] Modules linked in: [ 802.483431][T17895] CPU: 1 UID: 0 PID: 17895 Comm: syz.3.4236 Not tainted syzkaller #0 PREEMPT(full) [ 802.492907][T17895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 802.503027][T17895] RIP: 0010:ext4_xattr_inode_update_ref+0x4ec/0x610 [ 802.509663][T17895] Code: df 48 8d 7b 40 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 23 01 00 00 48 8b 73 40 44 89 e2 48 c7 c7 c0 5d a8 8b e8 35 00 ed fe 90 <0f> 0b 90 90 e9 d9 fe ff ff e8 36 cb 2e ff 44 0f b6 2d 22 8b dd 0d [ 802.530008][T17895] RSP: 0018:ffffc9000a95f178 EFLAGS: 00010282 [ 802.536675][T17895] RAX: 0000000000000000 RBX: ffff8880766fa8d8 RCX: ffffc90021229000 [ 802.544939][T17895] RDX: 0000000000080000 RSI: ffffffff817b5ef5 RDI: 0000000000000001 [ 802.553249][T17895] RBP: ffffc9000a95f240 R08: 0000000000000001 R09: 0000000000000000 [ 802.561413][T17895] R10: 0000000000000001 R11: 64203a34706f6f6c R12: 0000000000000002 [ 802.569433][T17895] R13: 0000000000000000 R14: 1ffff9200152be32 R15: ffff8880766faac8 [ 802.577501][T17895] FS: 00007fcece3bc6c0(0000) GS:ffff888124ada000(0000) knlGS:0000000000000000 [ 802.586486][T17895] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 802.593131][T17895] CR2: 0000000000000008 CR3: 00000000580f8000 CR4: 0000000000350ef0 [ 802.601114][T17895] Call Trace: [ 802.604421][T17895] [ 802.607358][T17895] ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10 [ 802.613771][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 802.619437][T17895] ? ext4_xattr_inode_iget+0x1ee/0x400 [ 802.624972][T17895] ext4_xattr_set_entry+0x158f/0x1f00 [ 802.630947][T17895] ? __pfx_ext4_xattr_set_entry+0x10/0x10 [ 802.637215][T17895] ? xattr_find_entry+0x289/0x330 [ 802.642328][T17895] ext4_xattr_ibody_set+0x3d6/0x5d0 [ 802.647565][T17895] ext4_expand_extra_isize_ea+0x148c/0x1ab0 [ 802.653575][T17895] ? __pfx_ext4_expand_extra_isize_ea+0x10/0x10 [ 802.659864][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 802.665553][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 802.671214][T17895] ? dquot_initialize_needed+0x183/0x2a0 [ 802.676935][T17895] __ext4_expand_extra_isize+0x346/0x480 [ 802.682637][T17895] __ext4_mark_inode_dirty+0x544/0x870 [ 802.688143][T17895] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 802.694191][T17895] ? __pfx___might_resched+0x10/0x10 [ 802.699525][T17895] ? ext4_journal_check_start+0x22b/0x340 [ 802.705338][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 802.710997][T17895] ? __ext4_journal_start_sb+0x19e/0x690 [ 802.716718][T17895] ? ext4_evict_inode+0x5cf/0x18e0 [ 802.721899][T17895] ext4_evict_inode+0x74e/0x18e0 [ 802.726857][T17895] ? __pfx_ext4_evict_inode+0x10/0x10 [ 802.732793][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 802.738457][T17895] ? __pfx_ext4_evict_inode+0x10/0x10 [ 802.744660][T17895] evict+0x3e6/0x920 [ 802.748592][T17895] ? __pfx_evict+0x10/0x10 [ 802.753096][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 802.758763][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 802.764468][T17895] iput.part.0+0x6a9/0xb00 [ 802.768918][T17895] ? __pfx_ext4_drop_inode+0x10/0x10 [ 802.774274][T17895] iput+0x35/0x40 [ 802.777947][T17895] ext4_orphan_cleanup+0x731/0x11e0 [ 802.783224][T17895] ? __pfx_ext4_orphan_cleanup+0x10/0x10 [ 802.788906][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 802.794623][T17895] ? ext4_register_li_request+0xec/0x9b0 [ 802.800278][T17895] ext4_fill_super+0x8db7/0xaf70 [ 802.805287][T17895] ? __pfx_ext4_fill_super+0x10/0x10 [ 802.810590][T17895] ? do_raw_spin_lock+0x12c/0x2b0 [ 802.815684][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 802.821338][T17895] ? find_held_lock+0x2b/0x80 [ 802.826100][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 802.831789][T17895] ? sb_set_blocksize+0x176/0x1d0 [ 802.837387][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 802.843825][T17895] ? setup_bdev_super+0x369/0x730 [ 802.848869][T17895] get_tree_bdev_flags+0x38c/0x620 [ 802.854085][T17895] ? __pfx_ext4_fill_super+0x10/0x10 [ 802.859392][T17895] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 802.865406][T17895] ? apparmor_capable+0x114/0x1d0 [ 802.870453][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 802.876150][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 802.881991][T17895] ? security_capable+0x7e/0x260 [ 802.886983][T17895] vfs_get_tree+0x8e/0x340 [ 802.891465][T17895] path_mount+0x7b9/0x23a0 [ 802.895943][T17895] ? __pfx_path_mount+0x10/0x10 [ 802.901037][T17895] ? putname+0x154/0x1a0 [ 802.905514][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 802.911173][T17895] ? putname+0x154/0x1a0 [ 802.915495][T17895] ? __x64_sys_mount+0x293/0x310 [ 802.920465][T17895] __x64_sys_mount+0x293/0x310 [ 802.925296][T17895] ? __pfx___x64_sys_mount+0x10/0x10 [ 802.930615][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 802.936330][T17895] do_syscall_64+0xcd/0xfa0 [ 802.941394][T17895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 802.947960][T17895] RIP: 0033:0x7fcecd59066a [ 802.952425][T17895] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 802.972421][T17895] RSP: 002b:00007fcece3bbe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 802.979281][T17902] xt_socket: unknown flags 0x50 [ 802.980845][T17895] RAX: ffffffffffffffda RBX: 00007fcece3bbef0 RCX: 00007fcecd59066a [ 802.980876][T17895] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fcece3bbeb0 [ 803.002558][T17895] RBP: 0000200000000180 R08: 00007fcece3bbef0 R09: 0000000000800700 [ 803.010984][T17895] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 803.019413][T17895] R13: 00007fcece3bbeb0 R14: 000000000000046f R15: 00002000000007c0 [ 803.027841][T17895] [ 803.030874][T17895] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 803.038164][T17895] CPU: 1 UID: 0 PID: 17895 Comm: syz.3.4236 Not tainted syzkaller #0 PREEMPT(full) [ 803.047551][T17895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 803.057617][T17895] Call Trace: [ 803.060898][T17895] [ 803.063842][T17895] dump_stack_lvl+0x3d/0x1f0 [ 803.068449][T17895] vpanic+0x640/0x6f0 [ 803.072437][T17895] ? ext4_xattr_inode_update_ref+0x4ec/0x610 [ 803.078435][T17895] panic+0xca/0xd0 [ 803.082186][T17895] ? __pfx_panic+0x10/0x10 [ 803.086612][T17895] check_panic_on_warn+0xab/0xb0 [ 803.091558][T17895] __warn+0xf6/0x3c0 [ 803.095468][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 803.101191][T17895] ? ext4_xattr_inode_update_ref+0x4ec/0x610 [ 803.107175][T17895] report_bug+0x3c3/0x580 [ 803.111519][T17895] ? ext4_xattr_inode_update_ref+0x4ec/0x610 [ 803.117527][T17895] handle_bug+0x184/0x210 [ 803.121866][T17895] exc_invalid_op+0x17/0x50 [ 803.126386][T17895] asm_exc_invalid_op+0x1a/0x20 [ 803.131237][T17895] RIP: 0010:ext4_xattr_inode_update_ref+0x4ec/0x610 [ 803.137838][T17895] Code: df 48 8d 7b 40 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 23 01 00 00 48 8b 73 40 44 89 e2 48 c7 c7 c0 5d a8 8b e8 35 00 ed fe 90 <0f> 0b 90 90 e9 d9 fe ff ff e8 36 cb 2e ff 44 0f b6 2d 22 8b dd 0d [ 803.157454][T17895] RSP: 0018:ffffc9000a95f178 EFLAGS: 00010282 [ 803.163529][T17895] RAX: 0000000000000000 RBX: ffff8880766fa8d8 RCX: ffffc90021229000 [ 803.171501][T17895] RDX: 0000000000080000 RSI: ffffffff817b5ef5 RDI: 0000000000000001 [ 803.179471][T17895] RBP: ffffc9000a95f240 R08: 0000000000000001 R09: 0000000000000000 [ 803.187441][T17895] R10: 0000000000000001 R11: 64203a34706f6f6c R12: 0000000000000002 [ 803.195412][T17895] R13: 0000000000000000 R14: 1ffff9200152be32 R15: ffff8880766faac8 [ 803.203406][T17895] ? __warn_printk+0x1a5/0x350 [ 803.208536][T17895] ? ext4_xattr_inode_update_ref+0x4eb/0x610 [ 803.214532][T17895] ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10 [ 803.220880][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 803.226526][T17895] ? ext4_xattr_inode_iget+0x1ee/0x400 [ 803.232013][T17895] ext4_xattr_set_entry+0x158f/0x1f00 [ 803.237417][T17895] ? __pfx_ext4_xattr_set_entry+0x10/0x10 [ 803.243149][T17895] ? xattr_find_entry+0x289/0x330 [ 803.248190][T17895] ext4_xattr_ibody_set+0x3d6/0x5d0 [ 803.253409][T17895] ext4_expand_extra_isize_ea+0x148c/0x1ab0 [ 803.259337][T17895] ? __pfx_ext4_expand_extra_isize_ea+0x10/0x10 [ 803.265688][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 803.271332][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 803.276976][T17895] ? dquot_initialize_needed+0x183/0x2a0 [ 803.282635][T17895] __ext4_expand_extra_isize+0x346/0x480 [ 803.288286][T17895] __ext4_mark_inode_dirty+0x544/0x870 [ 803.293775][T17895] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 803.299810][T17895] ? __pfx___might_resched+0x10/0x10 [ 803.305124][T17895] ? ext4_journal_check_start+0x22b/0x340 [ 803.310864][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 803.316505][T17895] ? __ext4_journal_start_sb+0x19e/0x690 [ 803.322160][T17895] ? ext4_evict_inode+0x5cf/0x18e0 [ 803.327274][T17895] ext4_evict_inode+0x74e/0x18e0 [ 803.332245][T17895] ? __pfx_ext4_evict_inode+0x10/0x10 [ 803.337618][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 803.343264][T17895] ? __pfx_ext4_evict_inode+0x10/0x10 [ 803.348636][T17895] evict+0x3e6/0x920 [ 803.352550][T17895] ? __pfx_evict+0x10/0x10 [ 803.356982][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 803.362633][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 803.368293][T17895] iput.part.0+0x6a9/0xb00 [ 803.372854][T17895] ? __pfx_ext4_drop_inode+0x10/0x10 [ 803.378157][T17895] iput+0x35/0x40 [ 803.381810][T17895] ext4_orphan_cleanup+0x731/0x11e0 [ 803.387128][T17895] ? __pfx_ext4_orphan_cleanup+0x10/0x10 [ 803.392787][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 803.398431][T17895] ? ext4_register_li_request+0xec/0x9b0 [ 803.404082][T17895] ext4_fill_super+0x8db7/0xaf70 [ 803.409043][T17895] ? __pfx_ext4_fill_super+0x10/0x10 [ 803.414332][T17895] ? do_raw_spin_lock+0x12c/0x2b0 [ 803.419377][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 803.425018][T17895] ? find_held_lock+0x2b/0x80 [ 803.429729][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 803.435368][T17895] ? sb_set_blocksize+0x176/0x1d0 [ 803.440402][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 803.446047][T17895] ? setup_bdev_super+0x369/0x730 [ 803.451077][T17895] get_tree_bdev_flags+0x38c/0x620 [ 803.456195][T17895] ? __pfx_ext4_fill_super+0x10/0x10 [ 803.461490][T17895] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 803.467130][T17895] ? apparmor_capable+0x114/0x1d0 [ 803.472158][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 803.477810][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 803.483449][T17895] ? security_capable+0x7e/0x260 [ 803.488414][T17895] vfs_get_tree+0x8e/0x340 [ 803.492852][T17895] path_mount+0x7b9/0x23a0 [ 803.497285][T17895] ? __pfx_path_mount+0x10/0x10 [ 803.502161][T17895] ? putname+0x154/0x1a0 [ 803.506444][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 803.512091][T17895] ? putname+0x154/0x1a0 [ 803.516354][T17895] ? __x64_sys_mount+0x293/0x310 [ 803.521304][T17895] __x64_sys_mount+0x293/0x310 [ 803.526081][T17895] ? __pfx___x64_sys_mount+0x10/0x10 [ 803.531381][T17895] ? srso_alias_return_thunk+0x5/0xfbef5 [ 803.537043][T17895] do_syscall_64+0xcd/0xfa0 [ 803.541576][T17895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 803.547474][T17895] RIP: 0033:0x7fcecd59066a [ 803.551888][T17895] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 803.571509][T17895] RSP: 002b:00007fcece3bbe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 803.579929][T17895] RAX: ffffffffffffffda RBX: 00007fcece3bbef0 RCX: 00007fcecd59066a [ 803.587900][T17895] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fcece3bbeb0 [ 803.595869][T17895] RBP: 0000200000000180 R08: 00007fcece3bbef0 R09: 0000000000800700 [ 803.603842][T17895] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 803.611843][T17895] R13: 00007fcece3bbeb0 R14: 000000000000046f R15: 00002000000007c0 [ 803.619842][T17895] [ 803.623262][T17895] Kernel Offset: disabled [ 803.627597][T17895] Rebooting in 86400 seconds..