last executing test programs: 6.815080905s ago: executing program 2 (id=2387): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x202, 0x0) write$sequencer(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x8) ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000040)=@t={0x81, 0x5, 0x3, 0x4, @generic=0xffffe861}) 6.630469463s ago: executing program 2 (id=2389): r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f0000001900)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000002c0)=ANY=[@ANYBLOB="10000000250004"], 0x10}], 0x1, 0x0, 0x0, 0x20000801}, 0x40010) syz_genetlink_get_family_id$devlink(0x0, r1) recvmmsg(r1, &(0x7f00000086c0)=[{{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f00000005c0)=""/222, 0xde}, {&(0x7f0000000180)=""/128, 0x80}, {&(0x7f0000000400)=""/161, 0xa1}], 0x3}, 0x1000}], 0x1, 0x8042, 0x0) write$char_usb(r0, &(0x7f0000000040)="e2", 0x12d8) 6.399246404s ago: executing program 4 (id=2391): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$TCXONC(r3, 0x540a, 0x3) 5.231372341s ago: executing program 2 (id=2393): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd637f4b22667f2f00db5b686158bbcfe8875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001740)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x5, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffffc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b40)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce"], 0xcfa4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xff00}, 0x48) 4.996084784s ago: executing program 1 (id=2394): syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff4000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f9}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) r1 = socket$inet(0x2, 0x80001, 0x84) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{0x0, 0x10}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='8', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 4.995351974s ago: executing program 0 (id=2395): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1007f}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x57) r0 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1c, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="2ff000fea0"], 0x0, 0xb, 0x0, 0x0, 0x41100, 0x6e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 4.87210909s ago: executing program 4 (id=2396): mount$9p_fd(0x0, 0x0, 0x0, 0x1200810, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000001200)=ANY=[@ANYBLOB="240000002400010026bd7000fedbdf250900000006000400f40000"], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x4) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) set_mempolicy_home_node(&(0x7f0000146000/0x1000)=nil, 0x1000, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000380)=0x0) ptrace$ARCH_SHSTK_STATUS(0x1e, r1, &(0x7f0000000400), 0x5005) ioprio_set$pid(0x2, 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x10000, &(0x7f0000000080)={[{@quota}, {@delalloc}, {@acl}, {@journal_dev={'journal_dev', 0x3d, 0x11}}, {@usrjquota}, {@bsdgroups}]}, 0x1, 0x50a, &(0x7f0000001f40)="$eJzs3M9vVNUeAPDvnXZoC49HH49HQh/vvQLP2JjYQkFh4QYTExeaGHEhy6YdSGUAQ7sQ0siQGFyTuDcujTtN3OrSuPIPwIULE0NClA1gYjLmztw7nc6PzrTW1rafTzJwzp17z7nfuefMnHtP7w1g1xpP/0ki/hYR9yPiQD27coXx+n9PHi3NPn20NBuVavXCz0ltvcdpPpNvty/LTBQiCh8kLQXWLdy8dWWmXC7diEotP7V49d2phZu3np+/OnO5dLl0bfrcuTOnT519cfqFFWVHxHDPoDrUl8b1eOz960ePvHrx3uuzg62FNcfRVb7VL5Weq0b+2XbxTHN5O8D+pnTSHtftTd0Z+jacNcNi2v+XyscvbvUOAZumWq1Wh7q/Xam2utO2BNi2ktjqPQC2Rv5Dn57/5q/6kuJmDD+23MPz9ROgx4+WqrdjcPZJI/7BKGTrFFvOb1OrjJnWZDwi3q78+nH6itWuQ/ywQRUCALve1+ezYWASLeO/QhxuWu/v2RzKaET8IyIORsQ/I+JQRPwrYsW6KyQR1VXqP9S6oFH/F9ksQuHBemPrRzr+eymb28pfWb35KqMDWW5/RD5gLp3MPpOJKA5dmi+XTnUpf0+P+pvHf+krrT8fC2b78WCwZbA5N7M4s75o2z28EzE22Bp/MpgeuHwaJ4mIIxExtoZyR5vS8899erSRaTmt6B1/TbXDlN6GzJ9VP4l4tn78K9GIf2TFJGLSPD9ZaJufnBqOcunkVNoKTnbcyW+/u/tGt/p7xv/lj62bvHL2qwt/PPBMevz3NrX/yOdvl+MfTSKSxnztQkR1YG113P3+w1q54yfa31tv+9+TvFVL5/3rvZnFxRunIvYkr7Uvn17eNs/n66fxT5zo3P8PZtukn8S/IyJtxP+JiP9GDOT7fiwijkdEh9Aavnn5/+90e6/P9v+nSeOf6/j9l2TtoHb8l+fr+0zk5adLBq4cu/90rPPEfRb/gdWP/5laaiJb0vn7L1nxFdHvnm7ARwgAAAB/eYWo/e1/YbKRLhQmJ+vXgA7F3kL5+sLi/yLi2lz9HoHRKBYuzZdL+QW50Sgm+fXP0ab8dEv+dHbd+KOBkVp+cvZ6eW6rg4ddbl+tzydt/T/10xqv8wLb0A66Dw1Yo179//C9TdoRYNP5/Yfdq6n/d3uyRcVfysDO5Pcfdq9O/f92fLbqvQu+M2D7q+rLsKut3v97P28T2L4G481Gunbbc8e7bYGdqPvvvzMD2MF63yQ/tOZ7/5cT1aHObw1HhycGDK+rip6JkQ51bUkiHVltYIHFiOhv5ZH1VJEPAbs/4aGwtgKHov2tgVhtq6TzcxwiotJ1q/RT6bk/lw/32/hLN5Kn9Qdl9ggwfybKRjebz5f7abHPw90l8Vu/zc/5PgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsKP8HgAA//87jdA6") r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1, 0xb0) pwrite64(r2, &(0x7f0000000140)='2', 0xfdef, 0xe7c) mmap$usbfs(&(0x7f0000714000/0x4000)=nil, 0x4000, 0x4, 0x50, r2, 0xb1c) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) fdatasync(r3) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) epoll_pwait(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x80000001, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x101002, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000740)=0xe) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r5, 0xffffffffffffffff, 0x0) 4.692801813s ago: executing program 0 (id=2397): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) ioprio_set$pid(0x2, 0x0, 0x0) io_setup(0x9, &(0x7f0000000340)=0x0) socket$xdp(0x2c, 0x3, 0x0) io_submit(r0, 0x0, 0x0) 4.668387631s ago: executing program 3 (id=2398): timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x2}, &(0x7f0000000b80)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="12000000040000000400000001"], 0x48) r2 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000040), 0x0, 0x1}, 0x20) recvfrom(r2, &(0x7f00000004c0)=""/182, 0xb6, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) close(0x3) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 4.63227377s ago: executing program 1 (id=2399): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ff8000/0x2000)=nil, 0x0}, 0x68) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x10, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x4004045) r0 = io_uring_setup(0x1b7f, &(0x7f0000000040)={0x0, 0x970, 0x1f480, 0x0, 0x398}) syz_emit_ethernet(0x22, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaa"], 0x0) io_uring_enter(r0, 0x12a, 0xffffffdc, 0x17, 0x0, 0x0) 4.495324537s ago: executing program 4 (id=2400): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f00000025c0)=ANY=[@ANYBLOB="b7000000010003c3bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000065040200000000ff2d400500000000002000000001ed00007b030000000000001d440000000000007a0a00fe00ffffffdb03ff80f1000000b500feff000000009500000000000000023bc065b78111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e51815548000000000000000275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7f300c095199fe3ff3128e599b0eaebbdbd732c9cc00eec36574a8f6456e2ccae25ea21714eca8cf5d803e04d83b46e21557c0afc646cb7790b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2400000000000000800643a98d9ec21ead2ed51b104d4d91af25b845b9f75dd08d123deda8ebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987af1714e72ba7616536fd9aa58f2477184b6a89adaf17b0baf587aef370a2d426a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d64364c82770c8204a0deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee7d26b34381fcb59b854e9d5a17f4720082f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67051d355d84ce97bb0c6b4a595e487efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599ddd71063be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d38df9ba60248d9a0d61282dfb15eb6841bb64a1b3045024a982f3c48153baae2c4e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c3560811ea6c3560a43364d402ccdd9069bd50b994fd6a34ee18022a579dfc0229cc0dc9881610270928eaeb883418f562ae00003ea96d10f172c0374d6eed826407000000000000004a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea52acb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d851680f6f2f9a6a8906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f4ca2195234648e0a1ca50db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145eb6dc5f6a9037d2283c42efc54fa84323a3304f41ff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f928ba7554ba583fef3ec7932f5954f31a878e2fae6691df8b4b7ecd27ce82f7df3e7d1daac43738612e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e96735600000554f327a353511ccedde99493c31ac05a7b57f03ca91a01ba2c60ca99e8ebc15ecb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d40460780000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120968308c31db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd0000000069ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a003fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9e0600f86909bc90addb7b9aee813df534aac4b32fd691b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a000000000000000000000000000006acc19808d7cf29bc974b0ea92499a419aa095e203c1bafbb9b9a7c2bca3f0a18ee4952f2d325a56390578f12205db653a536f0100e0eda300a4dc6b3fb84f3738a4b6caa84feda91f3edb32231ec75300000000000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b88b5e7885e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035ab63de71a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db1829f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2744c46570e8f46da1ab990ca053cbfe801000000000000000000000000000000d55d7182af2ea5f8d0ad495e3eb9421963a5a683c3dcb2d300aa3b2cfe946d2348c35f5d67d68ac07c8f84b3679e77c2e629ecec7c12c35d6b6971b8ae13cc00956d2227db60c0a461ed2b3ecfb16d19037c8c88c91dda1f904fbbc864e95ad43d6dd6d5eadbcea25682ba4b91e14c3fbfdfd1d680aa1af102d97681656bf56ff0674237ce097d39008cc3257778de878bcd37467386f993be6d20c93a7791e7f2a155ce379b4cda2500108052aeb9bd03ff6d4c5dbda9ff485d6576a492d436d52edcd420e7deaa4343a0add3941ae7c5f58af43866ca64750f43e583ca1ceb3a805e46beef9dca77a4edcbb42aa0caf0bbd6cec72d85540293cb4849b0610800000000000000000000000000000000f9814d5f6c8673c143ff2f901e71b8818665b56f7a03afe3d900007656859db4cb06aaaf9f02cfab5b9e61cc00e8e19429921b8df4c4c53bddea4cc48737371cdf8f681dd7a2685df194ca89da8cf6d29a2be9779181fd5d105af5786094d9130f5826b18b9667b971a994f3fd069629a1052f441e96884f90c91f4a974242aabfc8adbadc9ca27955b5c90f0bd9a46ed044272383d3768871a9c8cfd7948aea445c55684351002ed4a4af45341de8e5e1f33624bd2ec1591dd00bbe05000000f89a928662e9b9449db34394fc5e946fadaee576e28ac0feab4e3585ed43d206218f524083840a78b7236bb7f5e42b537664"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000240)={0x73622a85, 0x0, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) dup3(r1, r0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [], [0x8200], 0x1}}}) ioctl$VIDIOC_QBUF(r5, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, "8000"}, 0x0, 0x2, {}, 0x20800}) 4.392262205s ago: executing program 1 (id=2401): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x202, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000040)=@t={0x81, 0x5, 0x3, 0x4, @generic=0xffffe861}) 3.748269659s ago: executing program 3 (id=2402): bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x4e22, @multicast1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_emit_ethernet(0x86, 0x0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000942000/0x2000)=nil) move_pages(r0, 0x1, &(0x7f0000000040)=[&(0x7f000047e000/0x1000)=nil], 0x0, &(0x7f0000000080)=[0x0, 0x0], 0x2) r3 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') r4 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x1, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) preadv(r3, &(0x7f0000000100)=[{&(0x7f0000000340)=""/104, 0x68}], 0x1, 0x5b, 0x100) 3.496897264s ago: executing program 0 (id=2403): creat(&(0x7f00000002c0)='./file0\x00', 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x73, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa12, 0xffffffff}, 0x0) 3.36641154s ago: executing program 2 (id=2404): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000080)={r2, 0x6, 0x3}, &(0x7f0000000140)=0x8) 3.288926675s ago: executing program 1 (id=2405): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) setsockopt$MRT6_TABLE(0xffffffffffffffff, 0x29, 0xcf, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) r3 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r3, 0x1, 0x0, 0x0) landlock_restrict_self(r3, 0x0) mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) 3.009002957s ago: executing program 0 (id=2406): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x3) 2.958414649s ago: executing program 2 (id=2407): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1007f}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x57) r0 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1c, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="2ff000fea0"], 0x0, 0xb, 0x0, 0x0, 0x41100, 0x6e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 2.958248543s ago: executing program 4 (id=2408): rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, 0x0) 2.189795255s ago: executing program 4 (id=2409): syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff4000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f9}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000580), 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) r1 = socket$inet(0x2, 0x80001, 0x84) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='8', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 1.635697126s ago: executing program 1 (id=2410): mount$9p_fd(0x0, 0x0, 0x0, 0x1200810, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000001200)=ANY=[@ANYBLOB="240000002400010026bd7000fedbdf250900000006000400f40000"], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x4) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) set_mempolicy_home_node(&(0x7f0000146000/0x1000)=nil, 0x1000, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000380)=0x0) ptrace$ARCH_SHSTK_STATUS(0x1e, r1, &(0x7f0000000400), 0x5005) ioprio_set$pid(0x2, 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x10000, &(0x7f0000000080)={[{@quota}, {@delalloc}, {@acl}, {@journal_dev={'journal_dev', 0x3d, 0x11}}, {@usrjquota}, {@bsdgroups}]}, 0x1, 0x50a, &(0x7f0000001f40)="$eJzs3M9vVNUeAPDvnXZoC49HH49HQh/vvQLP2JjYQkFh4QYTExeaGHEhy6YdSGUAQ7sQ0siQGFyTuDcujTtN3OrSuPIPwIULE0NClA1gYjLmztw7nc6PzrTW1rafTzJwzp17z7nfuefMnHtP7w1g1xpP/0ki/hYR9yPiQD27coXx+n9PHi3NPn20NBuVavXCz0ltvcdpPpNvty/LTBQiCh8kLQXWLdy8dWWmXC7diEotP7V49d2phZu3np+/OnO5dLl0bfrcuTOnT519cfqFFWVHxHDPoDrUl8b1eOz960ePvHrx3uuzg62FNcfRVb7VL5Weq0b+2XbxTHN5O8D+pnTSHtftTd0Z+jacNcNi2v+XyscvbvUOAZumWq1Wh7q/Xam2utO2BNi2ktjqPQC2Rv5Dn57/5q/6kuJmDD+23MPz9ROgx4+WqrdjcPZJI/7BKGTrFFvOb1OrjJnWZDwi3q78+nH6itWuQ/ywQRUCALve1+ezYWASLeO/QhxuWu/v2RzKaET8IyIORsQ/I+JQRPwrYsW6KyQR1VXqP9S6oFH/F9ksQuHBemPrRzr+eymb28pfWb35KqMDWW5/RD5gLp3MPpOJKA5dmi+XTnUpf0+P+pvHf+krrT8fC2b78WCwZbA5N7M4s75o2z28EzE22Bp/MpgeuHwaJ4mIIxExtoZyR5vS8899erSRaTmt6B1/TbXDlN6GzJ9VP4l4tn78K9GIf2TFJGLSPD9ZaJufnBqOcunkVNoKTnbcyW+/u/tGt/p7xv/lj62bvHL2qwt/PPBMevz3NrX/yOdvl+MfTSKSxnztQkR1YG113P3+w1q54yfa31tv+9+TvFVL5/3rvZnFxRunIvYkr7Uvn17eNs/n66fxT5zo3P8PZtukn8S/IyJtxP+JiP9GDOT7fiwijkdEh9Aavnn5/+90e6/P9v+nSeOf6/j9l2TtoHb8l+fr+0zk5adLBq4cu/90rPPEfRb/gdWP/5laaiJb0vn7L1nxFdHvnm7ARwgAAAB/eYWo/e1/YbKRLhQmJ+vXgA7F3kL5+sLi/yLi2lz9HoHRKBYuzZdL+QW50Sgm+fXP0ab8dEv+dHbd+KOBkVp+cvZ6eW6rg4ddbl+tzydt/T/10xqv8wLb0A66Dw1Yo179//C9TdoRYNP5/Yfdq6n/d3uyRcVfysDO5Pcfdq9O/f92fLbqvQu+M2D7q+rLsKut3v97P28T2L4G481Gunbbc8e7bYGdqPvvvzMD2MF63yQ/tOZ7/5cT1aHObw1HhycGDK+rip6JkQ51bUkiHVltYIHFiOhv5ZH1VJEPAbs/4aGwtgKHov2tgVhtq6TzcxwiotJ1q/RT6bk/lw/32/hLN5Kn9Qdl9ggwfybKRjebz5f7abHPw90l8Vu/zc/5PgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsKP8HgAA//87jdA6") r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1, 0xb0) pwrite64(r2, &(0x7f0000000140)='2', 0xfdef, 0xe7c) mmap$usbfs(&(0x7f0000714000/0x4000)=nil, 0x4000, 0x4, 0x50, r2, 0xb1c) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) fdatasync(r3) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) epoll_pwait(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x80000001, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x101002, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000740)=0xe) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r5, 0xffffffffffffffff, 0x0) 1.534379307s ago: executing program 3 (id=2411): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x202, 0x0) write$sequencer(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x8) 1.459667855s ago: executing program 2 (id=2412): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d01020301090212000100000000090401"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 1.322124951s ago: executing program 0 (id=2413): prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000480)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffff000}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) close(r4) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000000)={0x0, 0x1, 0x8, 0x13, 0x200, &(0x7f0000000d80)="1ae19327aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a730900000000fdfd000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000005000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c536689a4a62f872f9ca3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d228186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f91ffffffffd51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6ece06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a2a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0600000000000000a1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe021c773a6664b66ae04aa62c564d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000004000000000f800"}) mount_setattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400c800}, 0x300) 1.114445914s ago: executing program 1 (id=2414): syz_io_uring_setup(0x590c, &(0x7f0000000080)={0x0, 0xa4f1, 0x1000, 0x3, 0x3}, 0x0, 0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00222200000096231306e53f07070000002ad800070c00000083"], 0x0}, 0x0) 1.114197174s ago: executing program 3 (id=2415): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x8000) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032"], 0xf8}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}, 0x1, 0x0, 0x0, 0x24008840}, 0x0) 946.344701ms ago: executing program 4 (id=2416): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) r1 = epoll_create1(0x80000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x2000001c}) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r1, &(0x7f0000000000)={0xa0000001}) epoll_pwait(r4, &(0x7f0000000040)=[{}], 0x1, 0xff, 0x0, 0x2000) close(r0) socketpair$unix(0x1, 0x2, 0x0, 0x0) 199.129593ms ago: executing program 3 (id=2417): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c000000100085060000", @ANYRES32=r2, @ANYBLOB="010000000000ff7f1c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x428a4}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'dummy0\x00'}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x8000) 177.537697ms ago: executing program 0 (id=2418): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x50}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a1b000000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a0300000000000000000001"], 0x122}}, 0x0) 0s ago: executing program 3 (id=2419): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000d80), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000000f80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040}, 0x8010) kernel console output (not intermixed with test programs): TU to 1532 would solve the problem. [ 92.018647][ T5614] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.112518][ T5614] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.112533][ T5614] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.112552][ T5614] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.171596][ T5615] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.171609][ T5615] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.171636][ T5615] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.174470][ T5613] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.174481][ T5613] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.176562][ T5613] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.277726][ T5615] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.277739][ T5615] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.277758][ T5615] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.279699][ T5613] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.279709][ T5613] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.279727][ T5613] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.382632][ T5611] hsr_slave_0: entered promiscuous mode [ 92.384485][ T5611] hsr_slave_1: entered promiscuous mode [ 92.452868][ T5612] hsr_slave_0: entered promiscuous mode [ 92.461269][ T5612] hsr_slave_1: entered promiscuous mode [ 92.462930][ T5612] debugfs: 'hsr0' already exists in 'hsr' [ 92.463009][ T5612] Cannot create hsr debugfs directory [ 92.583320][ T5614] hsr_slave_0: entered promiscuous mode [ 92.592124][ T5614] hsr_slave_1: entered promiscuous mode [ 92.593591][ T5614] debugfs: 'hsr0' already exists in 'hsr' [ 92.593619][ T5614] Cannot create hsr debugfs directory [ 92.700930][ T5615] hsr_slave_0: entered promiscuous mode [ 92.702554][ T5615] hsr_slave_1: entered promiscuous mode [ 92.704472][ T5615] debugfs: 'hsr0' already exists in 'hsr' [ 92.705580][ T5615] Cannot create hsr debugfs directory [ 92.856070][ T5613] hsr_slave_0: entered promiscuous mode [ 92.857974][ T5613] hsr_slave_1: entered promiscuous mode [ 92.859405][ T5613] debugfs: 'hsr0' already exists in 'hsr' [ 92.859432][ T5613] Cannot create hsr debugfs directory [ 93.364791][ T5616] Bluetooth: hci0: command tx timeout [ 93.594880][ T5620] Bluetooth: hci1: command tx timeout [ 93.595285][ T5616] Bluetooth: hci2: command tx timeout [ 93.685259][ T5616] Bluetooth: hci3: command tx timeout [ 93.754851][ T5616] Bluetooth: hci4: command tx timeout [ 93.843870][ T5611] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.888416][ T5611] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 93.902985][ T5611] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.939603][ T5611] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 93.941217][ T5611] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.980795][ T5611] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 94.005277][ T5611] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.042377][ T5611] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 94.199631][ T5614] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.231349][ T5614] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 94.243956][ T5614] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.279450][ T5614] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 94.282818][ T5614] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.323245][ T5614] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 94.353364][ T5614] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.380904][ T5614] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 94.512620][ T5615] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.540075][ T5615] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 94.565696][ T5615] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.600506][ T5615] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 94.607058][ T5615] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.640324][ T5615] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 94.677298][ T5615] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.713448][ T5615] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 94.915096][ T5613] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 94.963859][ T5613] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 94.996980][ T5613] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 95.033365][ T5613] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 95.047644][ T5613] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 95.091483][ T5613] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 95.146257][ T5613] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 95.182558][ T5613] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 95.396347][ T5611] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.422647][ T5612] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 95.435307][ T5616] Bluetooth: hci0: command tx timeout [ 95.462871][ T5612] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 95.477653][ T5612] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 95.510573][ T5612] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 95.536127][ T5612] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 95.570492][ T5612] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 95.586221][ T5612] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 95.631192][ T5612] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 95.674914][ T5620] Bluetooth: hci1: command tx timeout [ 95.674962][ T5616] Bluetooth: hci2: command tx timeout [ 95.755064][ T5616] Bluetooth: hci3: command tx timeout [ 95.758036][ T5611] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.840381][ T5614] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.845771][ T5616] Bluetooth: hci4: command tx timeout [ 95.864256][ T1509] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.864450][ T1509] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.940975][ T1509] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.941348][ T1509] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.045772][ T5614] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.083183][ T5615] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.123054][ T1509] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.123274][ T1509] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.192734][ T1509] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.192884][ T1509] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.296774][ T5615] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.339731][ T5613] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.390998][ T1509] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.391230][ T1509] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.471295][ T1509] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.471505][ T1509] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.598180][ T5613] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.697258][ T5612] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.703300][ T1483] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.703559][ T1483] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.783150][ T1483] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.783335][ T1483] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.927722][ T5612] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.022987][ T1460] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.023191][ T1460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.147954][ T1483] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.148137][ T1483] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.728848][ T5611] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.079536][ T5614] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.349553][ T5611] veth0_vlan: entered promiscuous mode [ 98.489144][ T5611] veth1_vlan: entered promiscuous mode [ 98.570687][ T5615] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.800774][ T5613] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.801262][ T5614] veth0_vlan: entered promiscuous mode [ 98.919654][ T5614] veth1_vlan: entered promiscuous mode [ 98.969060][ T5611] veth0_macvtap: entered promiscuous mode [ 99.030885][ T5611] veth1_macvtap: entered promiscuous mode [ 99.168309][ T5612] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.168678][ T5615] veth0_vlan: entered promiscuous mode [ 99.226446][ T5611] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.289358][ T5614] veth0_macvtap: entered promiscuous mode [ 99.312566][ T5611] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.338508][ T5615] veth1_vlan: entered promiscuous mode [ 99.353913][ T5614] veth1_macvtap: entered promiscuous mode [ 99.391511][ T1184] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.423025][ T1184] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.443132][ T1184] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.462556][ T1184] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.608053][ T5614] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.723142][ T5614] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.042884][ T1460] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.071066][ T1460] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.087123][ T5612] veth0_vlan: entered promiscuous mode [ 100.094253][ T5615] veth0_macvtap: entered promiscuous mode [ 100.111160][ T1460] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.148664][ T5613] veth0_vlan: entered promiscuous mode [ 100.151875][ T1460] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.178534][ T5615] veth1_macvtap: entered promiscuous mode [ 100.290238][ T5612] veth1_vlan: entered promiscuous mode [ 100.324486][ T1460] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.326951][ T1460] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.386877][ T5613] veth1_vlan: entered promiscuous mode [ 100.571339][ T5615] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.680760][ T5615] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.706791][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.706814][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.773450][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.837575][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.866820][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.892747][ T1460] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.892769][ T1460] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.919887][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.066071][ T5612] veth0_macvtap: entered promiscuous mode [ 101.141549][ T5613] veth0_macvtap: entered promiscuous mode [ 101.263513][ T5612] veth1_macvtap: entered promiscuous mode [ 101.295909][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.295932][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.296859][ T5613] veth1_macvtap: entered promiscuous mode [ 101.570126][ T5807] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6'. [ 101.813189][ T5612] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.913792][ T5613] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.959750][ T5612] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.963381][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.963403][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.059058][ T5613] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.211930][ T1184] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.286694][ T1184] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.378563][ T1184] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.420722][ T1184] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.442294][ T1125] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.442315][ T1125] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.443547][ T1184] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.479433][ T1184] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.616928][ T1184] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.626171][ T1184] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.086054][ T5723] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 103.248125][ T5723] usb 1-1: device descriptor read/64, error -71 [ 103.282800][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.308345][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.535251][ T5723] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 103.661256][ T5821] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 103.680244][ T5821] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 103.692024][ T5723] usb 1-1: device descriptor read/64, error -71 [ 103.799695][ T5723] usb usb1-port1: attempt power cycle [ 104.154981][ T5723] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 104.175311][ T5723] usb 1-1: device descriptor read/8, error -71 [ 104.414867][ T5723] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 104.435558][ T5723] usb 1-1: device descriptor read/8, error -71 [ 104.545185][ T5723] usb usb1-port1: unable to enumerate USB device [ 104.652226][ T69] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.705294][ T69] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.968123][ T69] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.031089][ T69] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.119591][ T5826] ======================================================= [ 105.119591][ T5826] WARNING: The mand mount option has been deprecated and [ 105.119591][ T5826] and is ignored by this kernel. Remove the mand [ 105.119591][ T5826] option from the mount to silence this warning. [ 105.119591][ T5826] ======================================================= [ 105.208411][ T5828] loop3: detected capacity change from 0 to 512 [ 105.336526][ T5828] EXT4-fs: Ignoring removed bh option [ 105.424373][ T1125] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.424392][ T1125] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.659454][ T5828] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 105.748852][ T5834] loop0: detected capacity change from 0 to 512 [ 105.852330][ T5834] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 105.912938][ T5828] EXT4-fs (loop3): 1 truncate cleaned up [ 105.949790][ T5834] EXT4-fs (loop0): warning: maximal mount count reached, running e2fsck is recommended [ 106.019201][ T5828] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.103321][ T5834] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.15: inode #15: comm syz.0.15: iget: illegal inode # [ 106.103510][ T5834] loop0: lost filesystem error report for type 5 error -117 [ 106.105207][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 106.105228][ C1] EXT4-fs (loop0): initial error at time 1780077682: ext4_orphan_get:1397 [ 106.105250][ C1] EXT4-fs (loop0): last error at time 1780077682: ext4_orphan_get:1397 [ 106.162916][ T5834] EXT4-fs (loop0): Remounting filesystem read-only [ 106.178875][ T5834] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.197942][ T5834] EXT4-fs (loop0): shut down requested (2) [ 106.199002][ T5838] loop1: detected capacity change from 0 to 512 [ 106.224246][ T5838] EXT4-fs: Ignoring removed i_version option [ 106.283543][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.283562][ T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.484908][ T38] audit: type=1800 audit(1780077682.902:2): pid=5828 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.13" name="file0" dev="loop3" ino=13 res=0 errno=0 [ 106.503291][ T5611] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.686402][ T5838] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.686571][ T5838] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 106.861200][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.861224][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.111886][ T5614] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.461494][ T1509] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.461517][ T1509] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.019060][ T5615] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.958251][ T5855] netlink: 300 bytes leftover after parsing attributes in process `syz.3.18'. [ 109.500443][ T5860] netlink: 16 bytes leftover after parsing attributes in process `syz.0.22'. [ 109.500505][ T5861] netlink: 16 bytes leftover after parsing attributes in process `syz.0.22'. [ 109.500826][ T5861] Zero length message leads to an empty skb [ 110.295926][ T5875] netlink: 'syz.1.26': attribute type 21 has an invalid length. [ 110.295950][ T5875] netlink: 8 bytes leftover after parsing attributes in process `syz.1.26'. [ 110.304989][ T5875] bond0: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0) [ 111.353383][ T5905] loop0: detected capacity change from 0 to 128 [ 111.532770][ T5905] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 111.624067][ T5905] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 112.931769][ T5929] loop0: detected capacity change from 0 to 1024 [ 112.944170][ T5929] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 112.944249][ T5929] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (12687!=20869) [ 113.018063][ T5929] EXT4-fs error (device loop0): ext4_get_journal_inode:5896: inode #32: comm syz.0.41: iget: special inode unallocated [ 113.018247][ T5929] loop0: lost file I/O error report for ino 32 type 5 pos 0x0 len 0x0 error -117 [ 113.021416][ T5929] EXT4-fs (loop0): no journal found [ 113.021436][ T5929] EXT4-fs (loop0): can't get journal size [ 113.024611][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 113.024631][ C1] EXT4-fs (loop0): initial error at time 1780077689: ext4_get_journal_inode:5896: inode 32 [ 113.024661][ C1] EXT4-fs (loop0): last error at time 1780077689: ext4_get_journal_inode:5896: inode 32 [ 113.029802][ T5929] EXT4-fs error (device loop0): ext4_protect_reserved_inode:160: inode #32: comm syz.0.41: iget: special inode unallocated [ 113.029845][ T5929] loop0: lost file I/O error report for ino 32 type 5 pos 0x0 len 0x0 error -117 [ 113.148666][ T5929] EXT4-fs (loop0): failed to initialize system zone (-117) [ 113.149040][ T5929] EXT4-fs (loop0): mount failed [ 113.633594][ T5943] netlink: 8 bytes leftover after parsing attributes in process `syz.3.54'. [ 113.805032][ T5944] syz.1.36 uses obsolete (PF_INET,SOCK_PACKET) [ 114.483690][ T5968] netlink: 8 bytes leftover after parsing attributes in process `syz.3.62'. [ 115.189794][ T5968] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.068887][ T5998] netlink: 8 bytes leftover after parsing attributes in process `syz.3.74'. [ 116.110674][ T5982] netlink: 8 bytes leftover after parsing attributes in process `syz.0.67'. [ 116.272385][ T6000] loop1: detected capacity change from 0 to 128 [ 116.628006][ T6005] netlink: 28 bytes leftover after parsing attributes in process `syz.4.77'. [ 116.628042][ T6005] netlink: 28 bytes leftover after parsing attributes in process `syz.4.77'. [ 116.630469][ T6000] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 116.722007][ T6000] ext4 filesystem being mounted at /8/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 116.848698][ T5615] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 116.961655][ T6010] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.80'. [ 116.974255][ T6010] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.80'. [ 117.419793][ T6020] loop0: detected capacity change from 0 to 512 [ 117.680399][ T6025] netlink: 8 bytes leftover after parsing attributes in process `syz.1.86'. [ 117.925915][ T6020] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 118.961128][ T6052] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.91'. [ 118.963710][ T6052] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.91'. [ 119.621888][ T6073] loop1: detected capacity change from 0 to 764 [ 120.445375][ T6098] netlink: 16 bytes leftover after parsing attributes in process `syz.4.117'. [ 120.453256][ T6098] netlink: 16 bytes leftover after parsing attributes in process `syz.4.117'. [ 121.217635][ T6123] loop4: detected capacity change from 0 to 512 [ 121.296933][ T6123] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 121.307382][ T6123] EXT4-fs (loop4): warning: maximal mount count reached, running e2fsck is recommended [ 121.351966][ T6123] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.128: inode #15: comm syz.4.128: iget: illegal inode # [ 121.352001][ T6123] loop4: lost filesystem error report for type 5 error -117 [ 121.355248][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 121.355270][ C0] EXT4-fs (loop4): initial error at time 1780077697: ext4_orphan_get:1397 [ 121.355308][ C0] EXT4-fs (loop4): last error at time 1780077697: ext4_orphan_get:1397 [ 121.420767][ T6123] EXT4-fs (loop4): Remounting filesystem read-only [ 121.453315][ T6126] netlink: 16 bytes leftover after parsing attributes in process `syz.1.129'. [ 121.465853][ T6126] netlink: 16 bytes leftover after parsing attributes in process `syz.1.129'. [ 121.483950][ T6123] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.516125][ T6123] EXT4-fs (loop4): shut down requested (2) [ 121.720446][ T5613] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.082845][ T6156] loop4: detected capacity change from 0 to 512 [ 122.106879][ T6156] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 122.448083][ T6163] loop4: detected capacity change from 0 to 512 [ 122.466806][ T6163] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 122.526090][ T6163] EXT4-fs error (device loop4): ext4_ext_check_inode:521: inode #2: comm syz.4.142: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 122.526129][ T6163] loop4: lost file I/O error report for ino 2 type 5 pos 0x0 len 0x0 error -117 [ 122.534626][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 122.534647][ C1] EXT4-fs (loop4): initial error at time 1780077699: ext4_ext_check_inode:521: inode 2 [ 122.534730][ C1] EXT4-fs (loop4): last error at time 1780077699: ext4_ext_check_inode:521: inode 2 [ 122.569258][ T6163] EXT4-fs (loop4): get root inode failed [ 122.569310][ T6163] EXT4-fs (loop4): mount failed [ 122.638235][ T6165] netlink: 16 bytes leftover after parsing attributes in process `syz.1.143'. [ 122.638572][ T6166] netlink: 16 bytes leftover after parsing attributes in process `syz.1.143'. [ 123.173558][ T6183] tipc: Started in network mode [ 123.173597][ T6183] tipc: Node identity ced247e15fa2, cluster identity 4711 [ 123.256165][ T6183] tipc: Enabled bearer , priority 0 [ 123.263533][ T6190] syzkaller0: entered promiscuous mode [ 123.263557][ T6190] syzkaller0: entered allmulticast mode [ 123.529460][ T6183] tipc: Resetting bearer [ 123.655651][ T6175] tipc: Resetting bearer [ 123.893437][ T6175] tipc: Disabling bearer [ 124.427896][ T6227] netlink: 4 bytes leftover after parsing attributes in process `syz.0.167'. [ 126.036983][ T6253] loop4: detected capacity change from 0 to 512 [ 126.088866][ T6253] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 126.109369][ T6253] EXT4-fs (loop4): warning: maximal mount count reached, running e2fsck is recommended [ 126.230158][ T6253] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.176: inode #15: comm syz.4.176: iget: illegal inode # [ 126.230196][ T6253] loop4: lost filesystem error report for type 5 error -117 [ 126.237358][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 126.237381][ C0] EXT4-fs (loop4): initial error at time 1780077702: ext4_orphan_get:1397 [ 126.237402][ C0] EXT4-fs (loop4): last error at time 1780077702: ext4_orphan_get:1397 [ 126.256865][ T6253] EXT4-fs (loop4): Remounting filesystem read-only [ 126.393449][ T6253] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.438959][ T6267] netlink: 4 bytes leftover after parsing attributes in process `syz.0.182'. [ 126.523646][ T5613] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.723134][ T6279] syz_tun: entered allmulticast mode [ 126.757499][ T5343] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 126.904815][ T5343] usb 4-1: device descriptor read/64, error -71 [ 128.083929][ T5343] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 128.254693][ T5343] usb 4-1: device descriptor read/64, error -71 [ 128.367010][ T5343] usb usb4-port1: attempt power cycle [ 128.728022][ T5343] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 128.745333][ T5343] usb 4-1: device descriptor read/8, error -71 [ 128.985982][ T5343] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 129.005908][ T5343] usb 4-1: device descriptor read/8, error -71 [ 129.159237][ T5343] usb usb4-port1: unable to enumerate USB device [ 130.449542][ T6372] netlink: 36 bytes leftover after parsing attributes in process `syz.3.228'. [ 131.171733][ T6387] netlink: 8 bytes leftover after parsing attributes in process `syz.3.236'. [ 131.263372][ T6387] loop3: detected capacity change from 0 to 512 [ 131.278416][ T6387] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 131.308848][ T6391] Illegal XDP return value 4294967294 on prog (id 18) dev syz_tun, expect packet loss! [ 131.351392][ T6387] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz.3.236: iget: bad i_size value: 38620345925642 [ 131.351426][ T6387] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 131.354840][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 131.354861][ C1] EXT4-fs (loop3): initial error at time 1780077707: ext4_orphan_get:1397: inode 15 [ 131.354889][ C1] EXT4-fs (loop3): last error at time 1780077707: ext4_orphan_get:1397: inode 15 [ 131.421242][ T6387] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.236: couldn't read orphan inode 15 (err -117) [ 131.421275][ T6387] loop3: lost filesystem error report for type 5 error -117 [ 131.476287][ T6387] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.893305][ T6402] netlink: 28 bytes leftover after parsing attributes in process `syz.2.242'. [ 132.040937][ T6324] syz.1.205 (6324) used greatest stack depth: 18840 bytes left [ 132.154325][ T6408] loop1: detected capacity change from 0 to 512 [ 132.166450][ T5614] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.222574][ T6408] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 132.640961][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.651065][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.020177][ T6429] netlink: 28 bytes leftover after parsing attributes in process `syz.4.254'. [ 133.094478][ T6433] netlink: 8 bytes leftover after parsing attributes in process `syz.3.256'. [ 133.121027][ T6433] loop3: detected capacity change from 0 to 512 [ 133.142406][ T6433] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 133.179738][ T6433] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz.3.256: iget: bad i_size value: 38620345925642 [ 133.179772][ T6433] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 133.186185][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 133.186206][ C1] EXT4-fs (loop3): initial error at time 1780077709: ext4_orphan_get:1397: inode 15 [ 133.186235][ C1] EXT4-fs (loop3): last error at time 1780077709: ext4_orphan_get:1397: inode 15 [ 133.234285][ T6433] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.256: couldn't read orphan inode 15 (err -117) [ 133.234318][ T6433] loop3: lost filesystem error report for type 5 error -117 [ 133.343791][ T6433] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 133.493293][ T6438] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.256: bg 0: block 5: invalid block bitmap [ 133.550367][ T6438] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 452 with error 28 [ 133.550403][ T6438] EXT4-fs (loop3): This should not happen!! Data will be lost [ 133.550403][ T6438] [ 133.550421][ T6438] EXT4-fs (loop3): Total free blocks count 0 [ 133.550466][ T6438] EXT4-fs (loop3): Free/Dirty block details [ 133.550504][ T6438] EXT4-fs (loop3): free_blocks=0 [ 133.550536][ T6438] EXT4-fs (loop3): dirty_blocks=464 [ 133.550550][ T6438] EXT4-fs (loop3): Block reservation details [ 133.550563][ T6438] EXT4-fs (loop3): i_reserved_data_blocks=464 [ 133.639584][ T6440] loop4: detected capacity change from 0 to 512 [ 133.752093][ T6440] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 133.880036][ T56] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 452 with max blocks 12 with error 28 [ 133.974332][ T5614] EXT4-fs warning (device loop3): ext4_evict_inode:195: inode #18: comm syz-executor: data will be lost [ 135.914240][ T6471] netlink: 8 bytes leftover after parsing attributes in process `syz.3.269'. [ 135.928973][ T6470] netlink: 28 bytes leftover after parsing attributes in process `syz.4.268'. [ 136.076004][ T6473] netlink: 8 bytes leftover after parsing attributes in process `syz.3.271'. [ 136.101337][ T6473] loop3: detected capacity change from 0 to 512 [ 136.159716][ T6473] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 136.225817][ T6473] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz.3.271: iget: bad i_size value: 38620345925642 [ 136.225876][ T6473] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 136.226404][ T6473] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.271: couldn't read orphan inode 15 (err -117) [ 136.226432][ T6473] loop3: lost filesystem error report for type 5 error -117 [ 136.238117][ T6473] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 136.449066][ T6477] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.271: bg 0: block 5: invalid block bitmap [ 136.464342][ T6477] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 100 with error 28 [ 136.464373][ T6477] EXT4-fs (loop3): This should not happen!! Data will be lost [ 136.464373][ T6477] [ 136.464389][ T6477] EXT4-fs (loop3): Total free blocks count 0 [ 136.464403][ T6477] EXT4-fs (loop3): Free/Dirty block details [ 136.464417][ T6477] EXT4-fs (loop3): free_blocks=0 [ 136.464430][ T6477] EXT4-fs (loop3): dirty_blocks=103 [ 136.464444][ T6477] EXT4-fs (loop3): Block reservation details [ 136.464456][ T6477] EXT4-fs (loop3): i_reserved_data_blocks=103 [ 136.924012][ T5614] EXT4-fs warning (device loop3): ext4_evict_inode:195: inode #18: comm syz-executor: data will be lost [ 136.960360][ T5614] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.428786][ T6497] netlink: 28 bytes leftover after parsing attributes in process `syz.2.280'. [ 137.816355][ T6506] tipc: Failed to remove unknown binding: 66,0,0/0:1623432448/1623432449 [ 137.816395][ T6506] tipc: Failed to remove unknown binding: 66,0,0/0:1623432448/1623432449 [ 137.868637][ T6507] tipc: Failed to remove unknown binding: 66,0,0/0:4065092111/4065092113 [ 138.661654][ T6530] netlink: 28 bytes leftover after parsing attributes in process `syz.1.293'. [ 138.772439][ T6535] netlink: 28 bytes leftover after parsing attributes in process `syz.0.295'. [ 138.772486][ T6535] netlink: 'syz.0.295': attribute type 7 has an invalid length. [ 138.772502][ T6535] netlink: 'syz.0.295': attribute type 8 has an invalid length. [ 138.772516][ T6535] netlink: 4 bytes leftover after parsing attributes in process `syz.0.295'. [ 138.879782][ T6540] netlink: 36 bytes leftover after parsing attributes in process `syz.1.298'. [ 141.208513][ T6567] netlink: 28 bytes leftover after parsing attributes in process `syz.1.308'. [ 141.459972][ T6573] netlink: 28 bytes leftover after parsing attributes in process `syz.4.311'. [ 141.460009][ T6573] netlink: 'syz.4.311': attribute type 7 has an invalid length. [ 141.460023][ T6573] netlink: 'syz.4.311': attribute type 8 has an invalid length. [ 141.460062][ T6573] netlink: 4 bytes leftover after parsing attributes in process `syz.4.311'. [ 143.770745][ T6597] netlink: 32 bytes leftover after parsing attributes in process `syz.4.318'. [ 143.771933][ T6597] netlink: 32 bytes leftover after parsing attributes in process `syz.4.318'. [ 144.012988][ T6600] netlink: 20 bytes leftover after parsing attributes in process `syz.1.320'. [ 144.909094][ T6606] netlink: 'syz.4.324': attribute type 10 has an invalid length. [ 145.105804][ T6612] netlink: 28 bytes leftover after parsing attributes in process `syz.3.325'. [ 145.105864][ T6612] netlink: 'syz.3.325': attribute type 7 has an invalid length. [ 145.105879][ T6612] netlink: 'syz.3.325': attribute type 8 has an invalid length. [ 145.105892][ T6612] netlink: 4 bytes leftover after parsing attributes in process `syz.3.325'. [ 145.219078][ T6606] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 145.315033][ T6606] team0: Port device netdevsim1 added [ 145.640273][ T6623] netlink: 'syz.4.328': attribute type 10 has an invalid length. [ 145.829950][ T6627] netlink: 32 bytes leftover after parsing attributes in process `syz.1.331'. [ 145.839137][ T6627] netlink: 32 bytes leftover after parsing attributes in process `syz.1.331'. [ 145.946116][ T6630] netlink: 20 bytes leftover after parsing attributes in process `syz.3.332'. [ 146.429982][ T6645] process 'syz.4.338' launched './file0' with NULL argv: empty string added [ 146.431066][ T6645] Invalid argument reading file caps for ./file0 [ 146.504690][ T6647] netlink: 28 bytes leftover after parsing attributes in process `syz.3.339'. [ 146.504731][ T6647] netlink: 'syz.3.339': attribute type 7 has an invalid length. [ 146.504746][ T6647] netlink: 'syz.3.339': attribute type 8 has an invalid length. [ 146.504759][ T6647] netlink: 4 bytes leftover after parsing attributes in process `syz.3.339'. [ 146.929318][ T6656] loop1: detected capacity change from 0 to 764 [ 147.033196][ T6656] rock: directory entry would overflow storage [ 147.033206][ T6656] rock: sig=0x4654, size=5, remaining=4 [ 147.440737][ T6664] loop2: detected capacity change from 0 to 164 [ 147.666091][ T6664] rock: corrupted directory entry. extent=458780 out of volume (nzones=41) [ 147.805780][ T6664] rock: corrupted directory entry. extent=458780 out of volume (nzones=41) [ 147.962546][ T6664] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 148.098309][ T6679] netlink: 'syz.4.354': attribute type 7 has an invalid length. [ 148.098329][ T6679] netlink: 'syz.4.354': attribute type 8 has an invalid length. [ 149.113915][ T6707] __nla_validate_parse: 5 callbacks suppressed [ 149.113936][ T6707] netlink: 28 bytes leftover after parsing attributes in process `syz.0.368'. [ 149.113967][ T6707] netlink: 'syz.0.368': attribute type 7 has an invalid length. [ 149.113982][ T6707] netlink: 'syz.0.368': attribute type 8 has an invalid length. [ 149.113994][ T6707] netlink: 4 bytes leftover after parsing attributes in process `syz.0.368'. [ 149.187723][ T6710] loop4: detected capacity change from 0 to 512 [ 149.214217][ T6710] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 149.214243][ T6710] EXT4-fs (loop4): DAX unsupported by block device. [ 149.360325][ T6716] netlink: 5364 bytes leftover after parsing attributes in process `syz.0.372'. [ 149.371396][ T6716] netlink: 5364 bytes leftover after parsing attributes in process `syz.0.372'. [ 149.922301][ T6737] netlink: 28 bytes leftover after parsing attributes in process `syz.4.382'. [ 149.922337][ T6737] netlink: 'syz.4.382': attribute type 6 has an invalid length. [ 149.922351][ T6737] netlink: 'syz.4.382': attribute type 7 has an invalid length. [ 149.922365][ T6737] netlink: 'syz.4.382': attribute type 8 has an invalid length. [ 149.922378][ T6737] netlink: 4 bytes leftover after parsing attributes in process `syz.4.382'. [ 150.117884][ T6743] netlink: 12 bytes leftover after parsing attributes in process `syz.2.385'. [ 150.138492][ T6744] netlink: 5364 bytes leftover after parsing attributes in process `syz.1.386'. [ 150.141454][ T6744] netlink: 5364 bytes leftover after parsing attributes in process `syz.1.386'. [ 150.340273][ T6751] capability: warning: `syz.0.390' uses deprecated v2 capabilities in a way that may be insecure [ 150.488964][ T6754] 9pnet_fd: p9_fd_create_unix (6754): problem connecting socket: éq‰Y’3aK: -111 [ 150.800233][ T6765] tipc: Started in network mode [ 150.800268][ T6765] tipc: Node identity de5eb5975cdc, cluster identity 4711 [ 150.800460][ T6765] tipc: Enabled bearer , priority 0 [ 150.821895][ T6765] syzkaller0: entered promiscuous mode [ 150.821962][ T6765] syzkaller0: entered allmulticast mode [ 150.860569][ T6771] netlink: 28 bytes leftover after parsing attributes in process `syz.3.398'. [ 150.860740][ T6771] netlink: 'syz.3.398': attribute type 6 has an invalid length. [ 150.860758][ T6771] netlink: 'syz.3.398': attribute type 7 has an invalid length. [ 150.860773][ T6771] netlink: 'syz.3.398': attribute type 8 has an invalid length. [ 151.113168][ T6780] tipc: Resetting bearer [ 151.218364][ T6764] tipc: Resetting bearer [ 151.506827][ T6764] tipc: Disabling bearer [ 152.770233][ T6806] netlink: 'syz.3.411': attribute type 6 has an invalid length. [ 152.770256][ T6806] netlink: 'syz.3.411': attribute type 7 has an invalid length. [ 152.770271][ T6806] netlink: 'syz.3.411': attribute type 8 has an invalid length. [ 152.934419][ T6809] syz_tun: entered allmulticast mode [ 153.902773][ T6837] netlink: 'syz.4.424': attribute type 7 has an invalid length. [ 155.550906][ T6853] loop4: detected capacity change from 0 to 4096 [ 155.637239][ T6853] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 155.737921][ T6868] __nla_validate_parse: 12 callbacks suppressed [ 155.737943][ T6868] netlink: 24 bytes leftover after parsing attributes in process `syz.0.437'. [ 155.920121][ T5613] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.811912][ T6893] tipc: Started in network mode [ 156.811946][ T6893] tipc: Node identity 6292b0ccada2, cluster identity 4711 [ 156.812152][ T6893] tipc: Enabled bearer , priority 0 [ 156.841128][ T6890] syzkaller0: entered promiscuous mode [ 156.841157][ T6890] syzkaller0: entered allmulticast mode [ 156.983050][ T6890] tipc: Resetting bearer [ 157.053334][ T6889] tipc: Resetting bearer [ 157.206179][ T6889] tipc: Disabling bearer [ 157.435131][ T6905] netlink: 12 bytes leftover after parsing attributes in process `syz.1.453'. [ 158.202262][ T6924] loop4: detected capacity change from 0 to 512 [ 158.203328][ T6924] EXT4-fs: Ignoring removed nomblk_io_submit option [ 158.295769][ T6928] netlink: 1224 bytes leftover after parsing attributes in process `syz.3.466'. [ 158.355044][ T6924] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 158.484282][ T6924] EXT4-fs error (device loop4): mb_free_blocks:2049: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 158.490360][ C1] EXT4-fs (loop4): initial error at time 1780077735: mb_free_blocks:2049: inode 11: block 64 [ 158.490405][ C1] EXT4-fs (loop4): last error at time 1780077735: mb_free_blocks:2049: inode 11: block 64 [ 158.687120][ T6924] EXT4-fs (loop4): Remounting filesystem read-only [ 158.737602][ T6924] EXT4-fs (loop4): 1 truncate cleaned up [ 158.740581][ T6924] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 158.813573][ T6936] tipc: Started in network mode [ 158.813607][ T6936] tipc: Node identity dab3819c745f, cluster identity 4711 [ 158.813802][ T6936] tipc: Enabled bearer , priority 0 [ 158.833845][ T6936] syzkaller0: entered promiscuous mode [ 158.833871][ T6936] syzkaller0: entered allmulticast mode [ 158.907323][ T6936] tipc: Resetting bearer [ 158.960409][ T5613] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.982877][ T6935] tipc: Resetting bearer [ 159.136077][ T6935] tipc: Disabling bearer [ 159.454091][ T6958] loop7: detected capacity change from 0 to 16384 [ 159.895734][ T6962] loop7: detected capacity change from 16384 to 0 [ 160.191127][ T6986] netlink: 1224 bytes leftover after parsing attributes in process `syz.1.489'. [ 160.265081][ T6989] tipc: Enabling of bearer rejected, failed to enable media [ 160.942961][ T7018] netlink: 1204 bytes leftover after parsing attributes in process `syz.2.502'. [ 161.339726][ T7029] tipc: Enabled bearer , priority 0 [ 161.351342][ T7029] syzkaller0: entered promiscuous mode [ 161.351370][ T7029] syzkaller0: entered allmulticast mode [ 161.475905][ T7033] tipc: Resetting bearer [ 161.567616][ T7038] netlink: 48 bytes leftover after parsing attributes in process `syz.0.513'. [ 161.587132][ T7027] tipc: Resetting bearer [ 161.673045][ T7046] netlink: 8 bytes leftover after parsing attributes in process `syz.3.515'. [ 161.673069][ T7046] netlink: 24 bytes leftover after parsing attributes in process `syz.3.515'. [ 161.826819][ T7027] tipc: Disabling bearer [ 162.040303][ T7061] netlink: 12 bytes leftover after parsing attributes in process `syz.4.520'. [ 162.920588][ T7094] tipc: Enabled bearer , priority 0 [ 162.921586][ T7094] syzkaller0: entered promiscuous mode [ 162.921617][ T7094] syzkaller0: entered allmulticast mode [ 162.967445][ T7096] validate_nla: 1 callbacks suppressed [ 162.967465][ T7096] netlink: 'syz.0.536': attribute type 22 has an invalid length. [ 162.967481][ T7096] netlink: 8 bytes leftover after parsing attributes in process `syz.0.536'. [ 162.975734][ T7094] tipc: Resetting bearer [ 163.004433][ T7096] bond0: option ad_select: unable to set because the bond device is up [ 163.120554][ T7091] tipc: Resetting bearer [ 163.270021][ T7105] netlink: 12 bytes leftover after parsing attributes in process `syz.1.538'. [ 163.303317][ T7104] loop4: detected capacity change from 0 to 512 [ 163.314792][ T7104] EXT4-fs: Ignoring removed nomblk_io_submit option [ 163.337992][ T7091] tipc: Disabling bearer [ 163.419321][ T7104] EXT4-fs error (device loop4): mb_free_blocks:2049: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 163.424656][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 163.424678][ C1] EXT4-fs (loop4): initial error at time 1780077740: mb_free_blocks:2049: inode 11: block 64 [ 163.424715][ C1] EXT4-fs (loop4): last error at time 1780077740: mb_free_blocks:2049: inode 11: block 64 [ 163.440214][ T7104] EXT4-fs (loop4): Remounting filesystem read-only [ 163.511638][ T7113] netlink: 'syz.2.541': attribute type 4 has an invalid length. [ 163.526564][ T7104] EXT4-fs (loop4): 1 truncate cleaned up [ 163.572134][ T7104] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 163.768305][ T5613] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.975476][ T7127] netlink: 'syz.2.550': attribute type 22 has an invalid length. [ 163.975497][ T7127] netlink: 8 bytes leftover after parsing attributes in process `syz.2.550'. [ 163.975524][ T7127] bond0: option ad_select: unable to set because the bond device is up [ 164.559706][ T7147] netlink: 12 bytes leftover after parsing attributes in process `syz.1.558'. [ 164.612497][ T7153] netlink: 8 bytes leftover after parsing attributes in process `syz.1.558'. [ 164.631276][ T7148] tipc: Enabling of bearer rejected, failed to enable media [ 165.125470][ T7168] tipc: Enabled bearer , priority 0 [ 165.126549][ T7168] syzkaller0: entered promiscuous mode [ 165.126574][ T7168] syzkaller0: entered allmulticast mode [ 166.066528][ T7179] tipc: Resetting bearer [ 166.097074][ T7177] tipc: Enabled bearer , priority 0 [ 166.098602][ T7177] syzkaller0: entered promiscuous mode [ 166.098623][ T7177] syzkaller0: entered allmulticast mode [ 166.140782][ T7177] tipc: Resetting bearer [ 166.355625][ T7176] tipc: Resetting bearer [ 166.399053][ T7194] capability: warning: `syz.0.578' uses 32-bit capabilities (legacy support in use) [ 166.572244][ T7176] tipc: Disabling bearer [ 166.704882][ T5723] tipc: Node number set to 2934735260 [ 166.786744][ T7166] tipc: Resetting bearer [ 166.966359][ T7166] tipc: Disabling bearer [ 167.085795][ T7201] __nla_validate_parse: 1 callbacks suppressed [ 167.085816][ T7201] netlink: 8 bytes leftover after parsing attributes in process `syz.4.580'. [ 167.346478][ T7214] netlink: 24 bytes leftover after parsing attributes in process `syz.4.585'. [ 167.682888][ T7224] netlink: 8 bytes leftover after parsing attributes in process `syz.4.591'. [ 167.682922][ T7224] bond0: option lp_interval: invalid value (0) [ 167.682941][ T7224] bond0: option lp_interval: allowed values 1 - 2147483647 [ 168.728156][ T7252] netlink: 48 bytes leftover after parsing attributes in process `syz.2.602'. [ 168.832353][ T7242] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 168.832530][ T7242] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 170.136864][ T7267] netlink: 8 bytes leftover after parsing attributes in process `syz.3.606'. [ 170.136898][ T7267] bond0: option lp_interval: invalid value (0) [ 170.136918][ T7267] bond0: option lp_interval: allowed values 1 - 2147483647 [ 170.244987][ T7242] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 170.340467][ T7242] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 170.345777][ T7242] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 170.454168][ T7242] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 170.539882][ T7242] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 170.540016][ T7242] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 170.635539][ T7242] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 170.724358][ T7242] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 170.733121][ T7242] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 170.841386][ T7242] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 170.874669][ T5616] Bluetooth: hci0: command 0x0c1a tx timeout [ 170.913600][ T7286] netlink: 48 bytes leftover after parsing attributes in process `syz.2.614'. [ 171.079675][ T7242] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 171.079800][ T7242] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 171.282274][ T7242] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 171.341953][ T7298] netlink: 8 bytes leftover after parsing attributes in process `syz.0.620'. [ 171.341989][ T7298] bond0: option lp_interval: invalid value (0) [ 171.342007][ T7298] bond0: option lp_interval: allowed values 1 - 2147483647 [ 171.836691][ T7314] netlink: 8 bytes leftover after parsing attributes in process `syz.0.627'. [ 172.066781][ T7319] loop4: detected capacity change from 0 to 512 [ 172.070947][ T7319] EXT4-fs: Ignoring removed nomblk_io_submit option [ 172.130190][ T7319] EXT4-fs error (device loop4): mb_free_blocks:2049: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 172.148828][ T7319] EXT4-fs (loop4): Remounting filesystem read-only [ 172.149049][ T7319] EXT4-fs (loop4): 1 truncate cleaned up [ 172.235265][ T7319] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.396549][ T5616] Bluetooth: hci1: command 0x0c1a tx timeout [ 172.463051][ T5613] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.554758][ T5616] Bluetooth: hci2: command 0x0c1a tx timeout [ 172.599520][ T7329] netlink: 8 bytes leftover after parsing attributes in process `syz.0.633'. [ 172.804992][ T5616] Bluetooth: hci3: command 0x0c1a tx timeout [ 172.960975][ T5616] Bluetooth: hci0: command 0x0c1a tx timeout [ 173.114710][ T5616] Bluetooth: hci4: command 0x0c1a tx timeout [ 174.474766][ T5616] Bluetooth: hci1: command 0x0c1a tx timeout [ 174.644737][ T5616] Bluetooth: hci2: command 0x0c1a tx timeout [ 174.880832][ T5616] Bluetooth: hci3: command 0x0c1a tx timeout [ 174.920744][ T7383] loop4: detected capacity change from 0 to 512 [ 174.958590][ T7383] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 174.958616][ T7383] EXT4-fs (loop4): DAX unsupported by block device. [ 175.036183][ T5616] Bluetooth: hci0: command 0x0c1a tx timeout [ 175.194691][ T5616] Bluetooth: hci4: command 0x0c1a tx timeout [ 176.556168][ T5616] Bluetooth: hci1: command 0x0c1a tx timeout [ 176.715086][ T5616] Bluetooth: hci2: command 0x0c1a tx timeout [ 176.964655][ T5616] Bluetooth: hci3: command 0x0c1a tx timeout [ 177.274928][ T5616] Bluetooth: hci4: command 0x0c1a tx timeout [ 179.680647][ T7439] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.705411][ T7439] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.523373][ T7439] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 180.533034][ T7439] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 181.453331][ T1184] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.489942][ T1184] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.490053][ T1184] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.490095][ T1184] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.924296][ T7508] netlink: 8 bytes leftover after parsing attributes in process `syz.4.710'. [ 183.924331][ T7508] netlink: 12 bytes leftover after parsing attributes in process `syz.4.710'. [ 183.924358][ T7508] netlink: 'syz.4.710': attribute type 15 has an invalid length. [ 185.859002][ T7551] netlink: 8 bytes leftover after parsing attributes in process `syz.2.729'. [ 185.859026][ T7551] netlink: 12 bytes leftover after parsing attributes in process `syz.2.729'. [ 185.859055][ T7551] netlink: 'syz.2.729': attribute type 18 has an invalid length. [ 187.186462][ T7568] netlink: 44 bytes leftover after parsing attributes in process `syz.2.736'. [ 187.186505][ T7568] netlink: 43 bytes leftover after parsing attributes in process `syz.2.736'. [ 187.186523][ T7568] netlink: 'syz.2.736': attribute type 5 has an invalid length. [ 187.186537][ T7568] netlink: 43 bytes leftover after parsing attributes in process `syz.2.736'. [ 187.961127][ T7592] netlink: 8 bytes leftover after parsing attributes in process `syz.0.746'. [ 187.961151][ T7592] netlink: 12 bytes leftover after parsing attributes in process `syz.0.746'. [ 187.961178][ T7592] netlink: 'syz.0.746': attribute type 18 has an invalid length. [ 188.766563][ T7612] netlink: 48 bytes leftover after parsing attributes in process `syz.1.754'. [ 189.321044][ T7608] bond0: entered promiscuous mode [ 189.321069][ T7608] bond_slave_0: entered promiscuous mode [ 189.321334][ T7608] bond_slave_1: entered promiscuous mode [ 189.321568][ T7608] bond0: entered allmulticast mode [ 189.321584][ T7608] bond_slave_0: entered allmulticast mode [ 189.321608][ T7608] bond_slave_1: entered allmulticast mode [ 189.640873][ T7626] netlink: 32 bytes leftover after parsing attributes in process `syz.0.758'. [ 191.675334][ T7656] bond0: entered promiscuous mode [ 191.675358][ T7656] bond_slave_0: entered promiscuous mode [ 191.675595][ T7656] bond_slave_1: entered promiscuous mode [ 191.694014][ T7656] bond0: entered allmulticast mode [ 191.694040][ T7656] bond_slave_0: entered allmulticast mode [ 191.694068][ T7656] bond_slave_1: entered allmulticast mode [ 191.713896][ T7662] netlink: 32 bytes leftover after parsing attributes in process `syz.1.772'. [ 193.150696][ T7693] netlink: 32 bytes leftover after parsing attributes in process `syz.2.783'. [ 193.347616][ T7703] netlink: 8 bytes leftover after parsing attributes in process `syz.2.787'. [ 193.347641][ T7703] netlink: 4 bytes leftover after parsing attributes in process `syz.2.787'. [ 193.347674][ T7703] netlink: 'syz.2.787': attribute type 15 has an invalid length. [ 193.347694][ T7703] netlink: 'syz.2.787': attribute type 18 has an invalid length. [ 194.329363][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.329490][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.515826][ T7720] netlink: 8 bytes leftover after parsing attributes in process `syz.4.794'. [ 194.773740][ T7735] syzkaller0: entered promiscuous mode [ 194.773770][ T7735] syzkaller0: entered allmulticast mode [ 195.144571][ T7749] netlink: 12 bytes leftover after parsing attributes in process `syz.0.805'. [ 195.336446][ T7755] netlink: 56 bytes leftover after parsing attributes in process `syz.0.805'. [ 195.760405][ T7766] netlink: 8 bytes leftover after parsing attributes in process `syz.0.809'. [ 195.775769][ T7767] netlink: 8 bytes leftover after parsing attributes in process `syz.2.810'. [ 196.435253][ T7789] netlink: 12 bytes leftover after parsing attributes in process `syz.2.819'. [ 196.493205][ T7791] netlink: 56 bytes leftover after parsing attributes in process `syz.2.819'. [ 197.123341][ T7810] netlink: 4 bytes leftover after parsing attributes in process `syz.0.827'. [ 197.608511][ T7824] netlink: 'syz.0.834': attribute type 10 has an invalid length. [ 197.615769][ T7822] netlink: 12 bytes leftover after parsing attributes in process `syz.3.833'. [ 197.675990][ T7827] netlink: 56 bytes leftover after parsing attributes in process `syz.3.833'. [ 197.788261][ T7830] netlink: 36 bytes leftover after parsing attributes in process `syz.1.836'. [ 197.849906][ T7824] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 197.854093][ T7824] team0: Port device netdevsim1 added [ 198.757736][ T7863] bond0: option lp_interval: invalid value (0) [ 198.757766][ T7863] bond0: option lp_interval: allowed values 1 - 2147483647 [ 199.006389][ T5803] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 199.123168][ T7868] netlink: 'syz.3.850': attribute type 10 has an invalid length. [ 199.152843][ T7868] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 199.171505][ T7868] team0: Port device netdevsim1 added [ 199.184694][ T5803] usb 2-1: device descriptor read/64, error -71 [ 199.474702][ T5803] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 199.614706][ T5803] usb 2-1: device descriptor read/64, error -71 [ 199.725243][ T5803] usb usb2-port1: attempt power cycle [ 199.899387][ T7889] bond0: option lp_interval: invalid value (0) [ 199.899415][ T7889] bond0: option lp_interval: allowed values 1 - 2147483647 [ 200.053373][ T7895] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add() [ 200.096032][ T5803] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 200.133843][ T5803] usb 2-1: device descriptor read/8, error -71 [ 200.166721][ T7898] netlink: 'syz.4.865': attribute type 4 has an invalid length. [ 200.194783][ T7898] netlink: 'syz.4.865': attribute type 4 has an invalid length. [ 200.366212][ T5803] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 200.416299][ T5803] usb 2-1: device descriptor read/8, error -71 [ 200.526483][ T5803] usb usb2-port1: unable to enumerate USB device [ 201.108459][ T7922] __nla_validate_parse: 4 callbacks suppressed [ 201.108480][ T7922] netlink: 8 bytes leftover after parsing attributes in process `syz.0.875'. [ 201.108507][ T7922] bond0: option lp_interval: invalid value (0) [ 201.108526][ T7922] bond0: option lp_interval: allowed values 1 - 2147483647 [ 201.344896][ T7929] netlink: 8 bytes leftover after parsing attributes in process `syz.2.878'. [ 201.344936][ T7929] netlink: 4 bytes leftover after parsing attributes in process `syz.2.878'. [ 201.344962][ T7929] netlink: 'syz.2.878': attribute type 15 has an invalid length. [ 201.344978][ T7929] netlink: 'syz.2.878': attribute type 18 has an invalid length. [ 203.774399][ T7965] netlink: 8 bytes leftover after parsing attributes in process `syz.1.891'. [ 203.774425][ T7965] netlink: 4 bytes leftover after parsing attributes in process `syz.1.891'. [ 203.774722][ T7965] netlink: 'syz.1.891': attribute type 15 has an invalid length. [ 203.774742][ T7965] netlink: 'syz.1.891': attribute type 18 has an invalid length. [ 204.152396][ T7971] netlink: 12 bytes leftover after parsing attributes in process `syz.1.894'. [ 204.205553][ T7973] netlink: 16 bytes leftover after parsing attributes in process `syz.1.894'. [ 204.205592][ T7973] netlink: 8 bytes leftover after parsing attributes in process `syz.1.894'. [ 205.465201][ T8011] netlink: 12 bytes leftover after parsing attributes in process `syz.2.910'. [ 205.523634][ T8013] netlink: 16 bytes leftover after parsing attributes in process `syz.2.910'. [ 206.204123][ T8027] netlink: 8 bytes leftover after parsing attributes in process `syz.0.916'. [ 206.232423][ T8027] bond0: left allmulticast mode [ 206.232446][ T8027] bond_slave_0: left allmulticast mode [ 206.232474][ T8027] bond_slave_1: left allmulticast mode [ 206.958442][ T8051] netlink: 12 bytes leftover after parsing attributes in process `syz.2.924'. [ 207.076419][ T8053] netlink: 16 bytes leftover after parsing attributes in process `syz.2.924'. [ 207.960299][ T8068] netlink: 8 bytes leftover after parsing attributes in process `syz.2.931'. [ 207.984093][ T8068] bond0: left allmulticast mode [ 207.984117][ T8068] bond_slave_0: left allmulticast mode [ 207.984145][ T8068] bond_slave_1: left allmulticast mode [ 208.752621][ T8088] netlink: 12 bytes leftover after parsing attributes in process `syz.2.937'. [ 208.815006][ T8094] netlink: 16 bytes leftover after parsing attributes in process `syz.2.937'. [ 209.220769][ T8112] netlink: 12 bytes leftover after parsing attributes in process `syz.3.946'. [ 210.183506][ T8134] netlink: 12 bytes leftover after parsing attributes in process `syz.3.955'. [ 210.241118][ T8137] netlink: 16 bytes leftover after parsing attributes in process `syz.3.955'. [ 211.417058][ T8172] netlink: 12 bytes leftover after parsing attributes in process `syz.3.971'. [ 211.503125][ T8176] netlink: 16 bytes leftover after parsing attributes in process `syz.3.971'. [ 212.078999][ T8192] netlink: 'syz.0.977': attribute type 1 has an invalid length. [ 212.275528][ T8198] netlink: 'syz.4.979': attribute type 21 has an invalid length. [ 212.275552][ T8198] netlink: 8 bytes leftover after parsing attributes in process `syz.4.979'. [ 212.512414][ T8193] bond1: (slave gretap1): making interface the new active one [ 212.514408][ T8193] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 213.030384][ T8215] tipc: Enabled bearer , priority 0 [ 213.348258][ T8213] tipc: Disabling bearer [ 213.886490][ T8249] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1002'. [ 215.397461][ T8270] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1010'. [ 215.463399][ T8276] loop1: detected capacity change from 0 to 164 [ 215.510757][ T8274] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1012'. [ 215.592512][ T8276] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 215.642981][ T8276] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 216.702983][ T8291] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1019'. [ 216.888936][ T8288] tipc: Enabled bearer , priority 0 [ 216.898091][ T8288] syzkaller0: entered promiscuous mode [ 216.898162][ T8288] syzkaller0: entered allmulticast mode [ 217.073562][ T8297] netlink: 'syz.1.1020': attribute type 1 has an invalid length. [ 217.074269][ T8288] tipc: Resetting bearer [ 217.330704][ T8307] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1024'. [ 217.415074][ T8286] tipc: Resetting bearer [ 217.617788][ T8286] tipc: Disabling bearer [ 218.272353][ T8331] netlink: 'syz.0.1035': attribute type 1 has an invalid length. [ 218.344050][ T8334] netlink: 'syz.4.1036': attribute type 1 has an invalid length. [ 218.463708][ T8331] 8021q: adding VLAN 0 to HW filter on device bond2 [ 219.136619][ T8350] tipc: Enabled bearer , priority 0 [ 219.139732][ T8350] syzkaller0: entered promiscuous mode [ 219.139759][ T8350] syzkaller0: entered allmulticast mode [ 219.399660][ T8352] tipc: Resetting bearer [ 219.438248][ T8364] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1048'. [ 219.463613][ T8366] loop1: detected capacity change from 0 to 512 [ 219.546498][ T8366] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 219.546635][ T8366] ext4 filesystem being mounted at /212/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 219.583091][ T8349] tipc: Resetting bearer [ 219.845977][ T8349] tipc: Disabling bearer [ 219.930408][ T5615] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.022933][ T8383] netlink: 'syz.3.1056': attribute type 1 has an invalid length. [ 220.322218][ T8394] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1060'. [ 221.062981][ T8419] tipc: Enabling of bearer rejected, failed to enable media [ 221.095004][ T8422] IPVS: set_ctl: invalid protocol: 108 10.1.1.1:20004 [ 221.884826][ T8438] tipc: Enabling of bearer rejected, failed to enable media [ 221.977667][ T8443] netlink: 'syz.1.1077': attribute type 1 has an invalid length. [ 222.779403][ T8464] syzkaller0: entered promiscuous mode [ 222.779429][ T8464] syzkaller0: entered allmulticast mode [ 223.061924][ T8477] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1091'. [ 223.300473][ T8485] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1095'. [ 224.750324][ T8514] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1104'. [ 225.467199][ T8533] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1114'. [ 226.090398][ T8540] netlink: 112 bytes leftover after parsing attributes in process `syz.3.1117'. [ 226.492275][ T8548] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1120'. [ 226.574709][ T8549] loop2: detected capacity change from 0 to 512 [ 226.749948][ T8549] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 226.750100][ T8549] ext4 filesystem being mounted at /205/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 227.066337][ T5612] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.525152][ T8582] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1132'. [ 227.567352][ T8582] loop1: detected capacity change from 0 to 512 [ 227.588872][ T8582] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 227.693364][ T8582] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz.1.1132: iget: bad i_size value: 38620345925642 [ 227.693403][ T8582] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 227.693910][ T8582] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.1132: couldn't read orphan inode 15 (err -117) [ 227.693941][ T8582] loop1: lost filesystem error report for type 5 error -117 [ 227.694762][ C1] EXT4-fs (loop1): error count since last fsck: 2 [ 227.694782][ C1] EXT4-fs (loop1): initial error at time 1780077804: ext4_orphan_get:1397: inode 15 [ 227.694808][ C1] EXT4-fs (loop1): last error at time 1780077804: ext4_orphan_get:1402 [ 227.829346][ T8582] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 228.021225][ T8592] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.1132: bg 0: block 5: invalid block bitmap [ 228.023822][ T8592] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 56 with error 28 [ 228.023857][ T8592] EXT4-fs (loop1): This should not happen!! Data will be lost [ 228.023857][ T8592] [ 228.023873][ T8592] EXT4-fs (loop1): Total free blocks count 0 [ 228.023888][ T8592] EXT4-fs (loop1): Free/Dirty block details [ 228.023903][ T8592] EXT4-fs (loop1): free_blocks=0 [ 228.023918][ T8592] EXT4-fs (loop1): dirty_blocks=56 [ 228.023933][ T8592] EXT4-fs (loop1): Block reservation details [ 228.023946][ T8592] EXT4-fs (loop1): i_reserved_data_blocks=56 [ 228.463957][ T5615] EXT4-fs warning (device loop1): ext4_evict_inode:195: inode #18: comm syz-executor: data will be lost [ 228.497954][ T5615] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.249208][ T8623] program syz.2.1144 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 229.343848][ T8625] loop1: detected capacity change from 0 to 512 [ 229.359719][ T8625] EXT4-fs: Ignoring removed nomblk_io_submit option [ 229.372211][ T8625] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 229.431068][ T8625] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 229.431219][ T8625] ext4 filesystem being mounted at /226/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 229.483645][ T8625] EXT4-fs (loop1): shut down requested (0) [ 229.801040][ T8636] tipc: Enabling of bearer rejected, failed to enable media [ 230.074827][ T5615] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 230.392851][ T8648] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1150'. [ 230.653044][ T8654] loop3: detected capacity change from 0 to 512 [ 230.661694][ T8654] EXT4-fs: Ignoring removed bh option [ 230.688736][ T8654] EXT4-fs (loop3): 1 truncate cleaned up [ 230.730256][ T8654] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 230.892896][ T5614] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.680893][ T8683] tipc: Enabling of bearer rejected, failed to enable media [ 232.196667][ T8697] loop1: detected capacity change from 0 to 512 [ 232.432423][ T8697] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 232.432573][ T8697] ext4 filesystem being mounted at /231/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 232.522527][ T8702] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1168'. [ 232.841055][ T5615] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.879248][ T8695] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.889565][ T8695] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.833014][ T8695] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 233.854094][ T8695] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 235.466782][ T8724] tipc: Enabling of bearer rejected, failed to enable media [ 235.480463][ T1184] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.480710][ T1184] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.480753][ T1184] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.480792][ T1184] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.331285][ T8785] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1198'. [ 237.428943][ T8791] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1201'. [ 237.545151][ T8797] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1202'. [ 238.648324][ T8802] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1205'. [ 238.705162][ T8810] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1205'. [ 238.972902][ T8818] program syz.1.1213 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 239.080750][ T8822] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1214'. [ 239.212068][ T8826] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1215'. [ 239.285116][ T8830] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1217'. [ 239.920809][ T8855] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1228'. [ 240.193828][ T8863] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1233'. [ 240.550386][ T8873] netlink: 'syz.3.1238': attribute type 4 has an invalid length. [ 240.618715][ T8874] netlink: 'syz.3.1238': attribute type 4 has an invalid length. [ 241.547429][ T8904] netlink: 'syz.3.1252': attribute type 4 has an invalid length. [ 241.600915][ T8907] netlink: 'syz.3.1252': attribute type 4 has an invalid length. [ 242.388187][ T8942] __nla_validate_parse: 4 callbacks suppressed [ 242.388208][ T8942] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1268'. [ 242.397190][ T8942] bond0: left promiscuous mode [ 242.397251][ T8942] bond_slave_0: left promiscuous mode [ 242.397949][ T8942] bond_slave_1: left promiscuous mode [ 242.466291][ T8942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 242.468761][ T8945] loop3: detected capacity change from 0 to 128 [ 242.500001][ T8946] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1270'. [ 242.941801][ T8961] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1276'. [ 243.272413][ T8976] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1283'. [ 243.519518][ T8984] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1286'. [ 244.084353][ T9008] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1294'. [ 244.181158][ T9010] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1295'. [ 244.247371][ T9012] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1296'. [ 244.732123][ T9024] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1302'. [ 245.464050][ T9039] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1307'. [ 246.349732][ T9052] bond0: left promiscuous mode [ 246.349775][ T9052] bond_slave_0: left promiscuous mode [ 246.350048][ T9052] bond_slave_1: left promiscuous mode [ 246.382926][ T9053] loop4: detected capacity change from 0 to 128 [ 246.460521][ T9057] loop3: detected capacity change from 0 to 512 [ 246.553607][ T9057] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 246.553762][ T9057] ext4 filesystem being mounted at /259/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 246.755997][ T5614] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 247.442029][ T9080] __nla_validate_parse: 3 callbacks suppressed [ 247.442062][ T9080] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1323'. [ 247.792446][ T9086] loop3: detected capacity change from 0 to 128 [ 248.141139][ T9094] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1330'. [ 248.940862][ T9109] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1336'. [ 249.193541][ T9115] loop2: detected capacity change from 0 to 128 [ 249.751774][ T9124] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1342'. [ 250.490520][ T9144] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1351'. [ 250.921859][ T9163] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1357'. [ 251.203220][ T9171] syzkaller0: entered promiscuous mode [ 251.203257][ T9171] syzkaller0: entered allmulticast mode [ 251.315266][ T9176] loop1: detected capacity change from 0 to 512 [ 251.441659][ T9176] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 251.443034][ T9176] ext4 filesystem being mounted at /275/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 251.647752][ T5615] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.082363][ T9186] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1366'. [ 253.495450][ T9219] netlink: 84 bytes leftover after parsing attributes in process `syz.4.1378'. [ 253.646578][ T9218] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1377'. [ 255.752176][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.752294][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.943718][ T9275] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1398'. [ 256.483824][ T9292] netlink: 'syz.1.1406': attribute type 1 has an invalid length. [ 256.783905][ T9295] bond3: (slave dummy0): making interface the new active one [ 256.799903][ T9295] bond3: (slave dummy0): Enslaving as an active interface with an up link [ 256.981379][ T9306] netlink: 'syz.0.1409': attribute type 4 has an invalid length. [ 258.914504][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 258.934494][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 258.944502][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 259.004520][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 259.014502][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 259.024491][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 259.034506][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 259.264100][ T9341] 9pnet_fd: p9_fd_create_tcp (9341): problem connecting socket to 127.0.0.1 [ 259.854514][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 259.864522][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 259.874514][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 260.899530][ T9344] netlink: 'syz.4.1424': attribute type 4 has an invalid length. [ 260.984764][ T9348] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1426'. [ 261.039926][ T9348] loop1: detected capacity change from 0 to 512 [ 261.129557][ T9348] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 261.188578][ T9348] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz.1.1426: iget: bad i_size value: 38620345925642 [ 261.188619][ T9348] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 261.194862][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 261.194885][ C0] EXT4-fs (loop1): initial error at time 1780077837: ext4_orphan_get:1397: inode 15 [ 261.194915][ C0] EXT4-fs (loop1): last error at time 1780077837: ext4_orphan_get:1397: inode 15 [ 261.218742][ T9348] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.1426: couldn't read orphan inode 15 (err -117) [ 261.218776][ T9348] loop1: lost filesystem error report for type 5 error -117 [ 261.267386][ T9348] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 261.411211][ T9348] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.1426: bg 0: block 5: invalid block bitmap [ 261.429164][ T9348] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 464 with error 28 [ 261.429200][ T9348] EXT4-fs (loop1): This should not happen!! Data will be lost [ 261.429200][ T9348] [ 261.429216][ T9348] EXT4-fs (loop1): Total free blocks count 0 [ 261.429231][ T9348] EXT4-fs (loop1): Free/Dirty block details [ 261.429246][ T9348] EXT4-fs (loop1): free_blocks=0 [ 261.429260][ T9348] EXT4-fs (loop1): dirty_blocks=464 [ 261.429275][ T9348] EXT4-fs (loop1): Block reservation details [ 261.429288][ T9348] EXT4-fs (loop1): i_reserved_data_blocks=464 [ 261.683231][ T9358] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1429'. [ 262.077319][ T5615] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 263.088430][ T9383] netlink: 'syz.4.1437': attribute type 4 has an invalid length. [ 263.824804][ T9394] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1441'. [ 263.941968][ T9400] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1442'. [ 263.980197][ T9400] loop4: detected capacity change from 0 to 512 [ 264.108685][ T9400] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 264.212520][ T9400] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz.4.1442: iget: bad i_size value: 38620345925642 [ 264.212563][ T9400] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 264.216622][ T9400] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.1442: couldn't read orphan inode 15 (err -117) [ 264.216707][ T9400] loop4: lost filesystem error report for type 5 error -117 [ 264.224561][ C1] EXT4-fs (loop4): error count since last fsck: 2 [ 264.224617][ C1] EXT4-fs (loop4): initial error at time 1780077840: ext4_orphan_get:1397: inode 15 [ 264.224700][ C1] EXT4-fs (loop4): last error at time 1780077840: ext4_orphan_get:1402 [ 264.383729][ T9400] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 264.539257][ T9409] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.1442: bg 0: block 5: invalid block bitmap [ 264.540414][ T9409] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 100 with error 28 [ 264.540448][ T9409] EXT4-fs (loop4): This should not happen!! Data will be lost [ 264.540448][ T9409] [ 264.540466][ T9409] EXT4-fs (loop4): Total free blocks count 0 [ 264.540482][ T9409] EXT4-fs (loop4): Free/Dirty block details [ 264.540497][ T9409] EXT4-fs (loop4): free_blocks=0 [ 264.540514][ T9409] EXT4-fs (loop4): dirty_blocks=104 [ 264.540528][ T9409] EXT4-fs (loop4): Block reservation details [ 264.540543][ T9409] EXT4-fs (loop4): i_reserved_data_blocks=104 [ 265.092296][ T5613] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 265.876174][ T9429] netlink: 'syz.0.1452': attribute type 4 has an invalid length. [ 266.116051][ T9435] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1454'. [ 266.716809][ T9448] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1459'. [ 266.753960][ T9448] loop1: detected capacity change from 0 to 512 [ 266.776707][ T9448] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 266.839740][ T9448] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz.1.1459: iget: bad i_size value: 38620345925642 [ 266.839780][ T9448] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 266.843887][ T9448] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.1459: couldn't read orphan inode 15 (err -117) [ 266.843927][ T9448] loop1: lost filesystem error report for type 5 error -117 [ 266.844550][ C0] EXT4-fs (loop1): error count since last fsck: 2 [ 266.844571][ C0] EXT4-fs (loop1): initial error at time 1780077843: ext4_orphan_get:1397: inode 15 [ 266.844601][ C0] EXT4-fs (loop1): last error at time 1780077843: ext4_orphan_get:1402 [ 266.907996][ T9448] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 267.050682][ T9448] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.1459: bg 0: block 5: invalid block bitmap [ 267.052710][ T9448] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 36 with error 28 [ 267.052745][ T9448] EXT4-fs (loop1): This should not happen!! Data will be lost [ 267.052745][ T9448] [ 267.052761][ T9448] EXT4-fs (loop1): Total free blocks count 0 [ 267.052776][ T9448] EXT4-fs (loop1): Free/Dirty block details [ 267.052791][ T9448] EXT4-fs (loop1): free_blocks=0 [ 267.052806][ T9448] EXT4-fs (loop1): dirty_blocks=36 [ 267.052821][ T9448] EXT4-fs (loop1): Block reservation details [ 267.052834][ T9448] EXT4-fs (loop1): i_reserved_data_blocks=36 [ 267.291213][ T5615] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 268.424553][ T9470] loop3: detected capacity change from 0 to 512 [ 268.425810][ T9470] EXT4-fs: Ignoring removed nomblk_io_submit option [ 268.429156][ T9470] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 268.549915][ T9475] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1466'. [ 268.549940][ T9475] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1466'. [ 268.561166][ T9470] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 268.567911][ T9470] ext4 filesystem being mounted at /289/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 268.588443][ T9476] netlink: 'syz.0.1470': attribute type 4 has an invalid length. [ 268.793257][ T5614] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 268.982477][ T9487] loop1: detected capacity change from 0 to 512 [ 268.993309][ T9487] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 269.024859][ T9487] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz.1.1476: iget: bad i_size value: 38620345925642 [ 269.024896][ T9487] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 269.025539][ T9487] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.1476: couldn't read orphan inode 15 (err -117) [ 269.025571][ T9487] loop1: lost filesystem error report for type 5 error -117 [ 269.084296][ T9487] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 269.349045][ T9492] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.1476: bg 0: block 5: invalid block bitmap [ 269.372794][ T9492] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 28 [ 269.372831][ T9492] EXT4-fs (loop1): This should not happen!! Data will be lost [ 269.372831][ T9492] [ 269.372848][ T9492] EXT4-fs (loop1): Total free blocks count 0 [ 269.372865][ T9492] EXT4-fs (loop1): Free/Dirty block details [ 269.372880][ T9492] EXT4-fs (loop1): free_blocks=0 [ 269.372896][ T9492] EXT4-fs (loop1): dirty_blocks=64 [ 269.373171][ T9492] EXT4-fs (loop1): Block reservation details [ 269.373187][ T9492] EXT4-fs (loop1): i_reserved_data_blocks=64 [ 269.633797][ T5615] EXT4-fs warning (device loop1): ext4_evict_inode:195: inode #18: comm syz-executor: data will be lost [ 269.662905][ T5615] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 270.036956][ T9509] netlink: 'syz.0.1484': attribute type 4 has an invalid length. [ 270.070562][ T9508] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1483'. [ 270.464758][ T9523] loop3: detected capacity change from 0 to 128 [ 270.563732][ T9523] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 270.576290][ T9523] ext4 filesystem being mounted at /293/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 270.687591][ T9531] loop4: detected capacity change from 0 to 512 [ 270.708040][ T9531] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 270.744355][ T9531] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz.4.1491: iget: bad i_size value: 38620345925642 [ 270.744383][ T9531] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 270.749561][ T9531] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.1491: couldn't read orphan inode 15 (err -117) [ 270.749630][ T9531] loop4: lost filesystem error report for type 5 error -117 [ 270.756316][ C1] EXT4-fs (loop4): error count since last fsck: 2 [ 270.756361][ C1] EXT4-fs (loop4): initial error at time 1780077847: ext4_orphan_get:1397: inode 15 [ 270.756437][ C1] EXT4-fs (loop4): last error at time 1780077847: ext4_orphan_get:1402 [ 270.825258][ T9531] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 270.975430][ T9538] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.1491: bg 0: block 5: invalid block bitmap [ 271.088955][ T9538] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 40 with error 28 [ 271.088983][ T9538] EXT4-fs (loop4): This should not happen!! Data will be lost [ 271.088983][ T9538] [ 271.088994][ T9538] EXT4-fs (loop4): Total free blocks count 0 [ 271.089004][ T9538] EXT4-fs (loop4): Free/Dirty block details [ 271.089014][ T9538] EXT4-fs (loop4): free_blocks=0 [ 271.089030][ T9538] EXT4-fs (loop4): dirty_blocks=48 [ 271.089040][ T9538] EXT4-fs (loop4): Block reservation details [ 271.089049][ T9538] EXT4-fs (loop4): i_reserved_data_blocks=48 [ 271.206610][ T9541] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1496'. [ 271.264092][ T5614] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 271.498196][ T1125] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 40 with max blocks 8 with error 28 [ 271.507326][ T5613] EXT4-fs warning (device loop4): ext4_evict_inode:195: inode #18: comm syz-executor: data will be lost [ 271.640462][ T9550] netlink: 'syz.3.1497': attribute type 4 has an invalid length. [ 272.467520][ T9580] loop4: detected capacity change from 0 to 512 [ 272.535889][ T9582] netlink: 'syz.1.1514': attribute type 4 has an invalid length. [ 273.632972][ T9605] netlink: 'syz.0.1525': attribute type 4 has an invalid length. [ 273.707834][ T38] audit: type=1326 audit(1780077850.252:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9606 comm="syz.2.1526" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522f65ce59 code=0x7ffc0000 [ 273.711809][ T38] audit: type=1326 audit(1780077850.292:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9606 comm="syz.2.1526" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522f65ce59 code=0x7ffc0000 [ 273.740505][ T38] audit: type=1326 audit(1780077850.302:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9606 comm="syz.2.1526" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522f65ce59 code=0x7ffc0000 [ 273.741879][ T38] audit: type=1326 audit(1780077850.322:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9606 comm="syz.2.1526" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522f65ce59 code=0x7ffc0000 [ 273.742014][ T38] audit: type=1326 audit(1780077850.322:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9606 comm="syz.2.1526" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f522f65bcc7 code=0x7ffc0000 [ 273.758382][ T38] audit: type=1326 audit(1780077850.342:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9606 comm="syz.2.1526" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522f65ce59 code=0x7ffc0000 [ 273.764828][ T38] audit: type=1326 audit(1780077850.342:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9606 comm="syz.2.1526" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522f65ce59 code=0x7ffc0000 [ 273.770400][ T38] audit: type=1326 audit(1780077850.352:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9606 comm="syz.2.1526" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522f65ce59 code=0x7ffc0000 [ 273.778894][ T38] audit: type=1326 audit(1780077850.352:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9606 comm="syz.2.1526" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=84 compat=0 ip=0x7f522f65ce59 code=0x7ffc0000 [ 273.784747][ T38] audit: type=1326 audit(1780077850.352:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9606 comm="syz.2.1526" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522f65ce59 code=0x7ffc0000 [ 274.263947][ T9620] netlink: 'syz.2.1531': attribute type 1 has an invalid length. [ 274.263971][ T9620] netlink: 'syz.2.1531': attribute type 2 has an invalid length. [ 274.264154][ T9620] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1531'. [ 275.199532][ T9642] netlink: 'syz.3.1542': attribute type 4 has an invalid length. [ 276.849490][ T9668] loop1: detected capacity change from 0 to 128 [ 276.989473][ T9673] netlink: 'syz.4.1556': attribute type 4 has an invalid length. [ 277.086278][ T9668] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 277.098029][ T9668] ext4 filesystem being mounted at /syzcgroup/unified/syz1 supports timestamps until 2038-01-19 (0x7fffffff) [ 278.247094][ T9704] netlink: 'syz.3.1567': attribute type 4 has an invalid length. [ 279.511321][ T9733] netlink: 'syz.4.1579': attribute type 4 has an invalid length. [ 280.711051][ T9760] netlink: 'syz.2.1591': attribute type 4 has an invalid length. [ 280.884747][ T9761] loop4: detected capacity change from 0 to 4096 [ 281.496851][ T9768] loop4: detected capacity change from 0 to 512 [ 281.605910][ T9768] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 281.606066][ T9768] ext4 filesystem being mounted at /313/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 281.893661][ T5613] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 282.606263][ T9791] netlink: 'syz.3.1603': attribute type 4 has an invalid length. [ 283.119058][ T9809] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1611'. [ 283.440947][ T9819] netlink: 'syz.0.1615': attribute type 4 has an invalid length. [ 284.129412][ T9840] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1624'. [ 284.830890][ T9860] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1632'. [ 285.306207][ T9866] syzkaller0: entered promiscuous mode [ 285.306228][ T9866] syzkaller0: entered allmulticast mode [ 286.119620][ T9901] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1647'. [ 287.656376][ T9936] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1659'. [ 287.807941][ T9943] netlink: 'syz.4.1661': attribute type 1 has an invalid length. [ 288.911227][ T9972] netlink: 'syz.1.1674': attribute type 1 has an invalid length. [ 289.047380][ T9972] bond3: (slave dummy0): Releasing active interface [ 289.049340][ T9974] netlink: 'syz.2.1675': attribute type 1 has an invalid length. [ 289.997215][T10004] bond0: entered promiscuous mode [ 289.997242][T10004] bond_slave_0: entered promiscuous mode [ 289.997481][T10004] bond_slave_1: entered promiscuous mode [ 290.066951][T10004] batadv0: entered promiscuous mode [ 290.113811][T10010] netlink: 'syz.0.1691': attribute type 1 has an invalid length. [ 290.177540][T10004] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 290.555055][T10019] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1694'. [ 291.578323][T10048] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1707'. [ 291.693936][T10051] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1708'. [ 292.603343][T10073] loop3: detected capacity change from 0 to 128 [ 292.689745][T10075] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1719'. [ 292.829501][T10073] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 292.830998][T10073] ext4 filesystem being mounted at /336/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 292.977317][T10085] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1719'. [ 293.056469][ T5614] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 293.392718][T10091] netlink: 'syz.3.1723': attribute type 1 has an invalid length. [ 293.482839][T10097] program syz.4.1726 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 294.083205][T10038] syz.0.1702 (10038) used greatest stack depth: 18336 bytes left [ 294.180123][T10118] program syz.2.1736 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 294.257356][T10122] program syz.2.1737 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 294.707440][T10140] netlink: 'syz.3.1745': attribute type 1 has an invalid length. [ 295.350657][T10153] loop4: detected capacity change from 0 to 128 [ 295.425976][T10153] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 295.429674][T10153] ext4 filesystem being mounted at /340/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 295.577843][T10162] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1753'. [ 295.607472][ T5613] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 295.929827][T10173] loop3: detected capacity change from 0 to 1024 [ 295.970668][T10175] netlink: 'syz.2.1757': attribute type 1 has an invalid length. [ 296.056826][T10173] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 297.315677][ T5614] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 297.715641][T10214] syzkaller0: entered promiscuous mode [ 297.715672][T10214] syzkaller0: entered allmulticast mode [ 298.516974][T10247] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1786'. [ 298.617215][T10238] tipc: Failed to remove unknown binding: 66,0,0/0:4035241841/4035241842 [ 298.617256][T10238] tipc: Failed to remove unknown binding: 66,0,0/0:4035241841/4035241842 [ 298.629659][T10245] tipc: Failed to remove unknown binding: 66,0,0/0:3750875072/3750875074 [ 298.797610][T10247] ipvlan2: entered allmulticast mode [ 298.797632][T10247] syz_tun: entered allmulticast mode [ 298.970750][T10254] 9p: Bad value for 'wfdno' [ 299.082238][ T38] kauditd_printk_skb: 13 callbacks suppressed [ 299.082257][ T38] audit: type=1326 audit(1780077875.662:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10256 comm="syz.2.1789" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522f65ce59 code=0x7ffc0000 [ 299.102326][ T38] audit: type=1326 audit(1780077875.682:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10256 comm="syz.2.1789" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522f65ce59 code=0x7ffc0000 [ 299.108548][ T38] audit: type=1326 audit(1780077875.692:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10256 comm="syz.2.1789" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522f65ce59 code=0x7ffc0000 [ 299.168769][ T38] audit: type=1326 audit(1780077875.732:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10256 comm="syz.2.1789" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522f65ce59 code=0x7ffc0000 [ 299.168916][ T38] audit: type=1326 audit(1780077875.752:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10256 comm="syz.2.1789" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f522f65bcc7 code=0x7ffc0000 [ 299.169036][ T38] audit: type=1326 audit(1780077875.752:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10256 comm="syz.2.1789" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522f65ce59 code=0x7ffc0000 [ 299.181337][ T38] audit: type=1326 audit(1780077875.762:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10256 comm="syz.2.1789" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522f65ce59 code=0x7ffc0000 [ 299.183150][ T38] audit: type=1326 audit(1780077875.762:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10256 comm="syz.2.1789" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522f65ce59 code=0x7ffc0000 [ 299.183287][ T38] audit: type=1326 audit(1780077875.762:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10256 comm="syz.2.1789" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522f65ce59 code=0x7ffc0000 [ 299.186233][ T38] audit: type=1326 audit(1780077875.762:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10256 comm="syz.2.1789" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=84 compat=0 ip=0x7f522f65ce59 code=0x7ffc0000 [ 300.037895][T10278] tipc: Failed to remove unknown binding: 66,0,0/0:137810318/137810319 [ 300.037937][T10278] tipc: Failed to remove unknown binding: 66,0,0/0:137810318/137810319 [ 300.038733][T10281] tipc: Failed to remove unknown binding: 66,0,0/0:3424364365/3424364367 [ 300.123962][T10283] 9p: Bad value for 'wfdno' [ 300.209488][T10287] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1803'. [ 300.302016][T10287] ipvlan2: entered allmulticast mode [ 300.302670][T10287] syz_tun: entered allmulticast mode [ 300.617107][T10301] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1808'. [ 300.888659][T10312] 9p: Bad value for 'wfdno' [ 301.035324][T10313] tipc: Failed to remove unknown binding: 66,0,0/2934735260:1708482388/1708482390 [ 301.038934][T10311] tipc: Failed to remove unknown binding: 66,0,0/2934735260:270532525/270532526 [ 301.038976][T10311] tipc: Failed to remove unknown binding: 66,0,0/2934735260:270532525/270532526 [ 301.339894][T10325] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1818'. [ 301.435046][T10329] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1820'. [ 302.691724][T10356] loop4: detected capacity change from 0 to 128 [ 303.260046][T10356] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 303.487337][T10356] ext4 filesystem being mounted at /syzcgroup/unified/syz4 supports timestamps until 2038-01-19 (0x7fffffff) [ 303.621099][T10363] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1833'. [ 306.467457][T10401] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1847'. [ 306.562977][T10385] bridge0: port 2(bridge_slave_1) entered disabled state [ 306.579672][T10385] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.650009][T10405] loop3: detected capacity change from 0 to 512 [ 306.679752][T10405] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 306.706288][T10405] EXT4-fs (loop3): warning: maximal mount count reached, running e2fsck is recommended [ 306.748258][T10405] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.1849: inode #15: comm syz.3.1849: iget: illegal inode # [ 306.748296][T10405] loop3: lost filesystem error report for type 5 error -117 [ 306.751117][T10405] EXT4-fs (loop3): Remounting filesystem read-only [ 306.787951][T10405] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 306.982223][ T5614] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 307.414130][T10385] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 307.433469][T10385] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 308.812722][T10436] loop3: detected capacity change from 0 to 128 [ 308.831824][T10436] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 308.832286][T10436] ext4 filesystem being mounted at /syzcgroup/unified/syz3 supports timestamps until 2038-01-19 (0x7fffffff) [ 309.104306][T10446] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1866'. [ 309.207493][T10448] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1866'. [ 309.390114][ T1509] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 310.497284][T10467] loop2: detected capacity change from 0 to 128 [ 310.607968][T10467] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 310.611539][T10467] ext4 filesystem being mounted at /syzcgroup/unified/syz2 supports timestamps until 2038-01-19 (0x7fffffff) [ 311.807539][ T1509] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.840045][ T1509] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.840173][ T1509] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.871086][T10481] tipc: Failed to remove unknown binding: 66,0,0/0:3861764990/3861764992 [ 313.483198][T10508] tipc: Failed to remove unknown binding: 66,0,0/0:3586522870/3586522872 [ 313.910064][T10527] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1893'. [ 315.425545][T10561] tipc: Failed to remove unknown binding: 66,0,0/0:3920210136/3920210138 [ 315.462734][T10544] bridge0: port 2(bridge_slave_1) entered disabled state [ 315.463604][T10544] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.772441][T10544] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 315.781500][T10544] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 316.190927][T10594] tipc: Failed to remove unknown binding: 66,0,0/0:764467501/764467503 [ 316.332387][T10602] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1923'. [ 316.771822][ T1184] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.878751][ T1460] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.879155][ T1460] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.879201][ T1460] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.958775][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.958892][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.120942][T10622] tipc: Failed to remove unknown binding: 66,0,0/2934735260:1791271675/1791271677 [ 317.139739][T10628] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1936'. [ 317.248418][T10635] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1936'. [ 317.664264][T10648] netlink: 'syz.2.1941': attribute type 4 has an invalid length. [ 317.699527][T10631] syzkaller0: entered promiscuous mode [ 317.699555][T10631] syzkaller0: entered allmulticast mode [ 319.646922][T10685] program syz.2.1955 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 319.788696][T10689] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1957'. [ 319.996837][T10705] tipc: Failed to remove unknown binding: 66,0,0/0:3834193419/3834193421 [ 320.146431][T10713] syzkaller0: entered promiscuous mode [ 320.146458][T10713] syzkaller0: entered allmulticast mode [ 321.142128][T10721] program syz.4.1969 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 322.652198][T10762] tipc: Failed to remove unknown binding: 66,0,0/0:4014189158/4014189160 [ 322.716801][T10766] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1987'. [ 323.428275][T10781] program syz.4.1993 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 323.561243][T10786] syzkaller0: entered promiscuous mode [ 323.561269][T10786] syzkaller0: entered allmulticast mode [ 324.207818][ T37] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 324.842663][ T37] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 324.842696][ T37] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 324.842716][ T37] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 324.842770][ T37] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 324.891527][ T37] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 324.891559][ T37] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 324.891577][ T37] usb 2-1: Product: syz [ 324.891591][ T37] usb 2-1: Manufacturer: syz [ 325.113842][T10802] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2000'. [ 325.161028][ T37] cdc_wdm 2-1:1.0: skipping garbage [ 325.161054][ T37] cdc_wdm 2-1:1.0: skipping garbage [ 325.197296][ T37] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 325.197332][ T37] cdc_wdm 2-1:1.0: Unknown control protocol [ 325.649600][ T37] usb 2-1: USB disconnect, device number 6 [ 326.341426][T10819] tipc: Failed to remove unknown binding: 66,0,0/0:3645287369/3645287371 [ 327.783611][T10836] syzkaller0: entered promiscuous mode [ 327.783640][T10836] syzkaller0: entered allmulticast mode [ 329.015357][T10852] usb usb7: usbfs: interface 0 claimed by hub while 'syz.4.2018' sets config #0 [ 329.017398][T10852] usb usb7: usbfs: interface 0 claimed by hub while 'syz.4.2018' sets config #1 [ 329.396516][T10860] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2020'. [ 329.519138][T10862] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 331.727900][T10892] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2031'. [ 333.816117][T10922] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2043'. [ 336.379958][T10948] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2049'. [ 336.426557][T10951] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2050'. [ 338.022069][T10966] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2056'. [ 339.782861][T10982] tipc: Cannot configure node identity twice [ 340.043987][T10986] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2063'. [ 340.441432][T11000] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2069'. [ 343.931742][T11009] loop7: detected capacity change from 0 to 16383 [ 345.112529][T11030] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2076'. [ 345.419162][T11034] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2077'. [ 345.662073][T11040] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2081'. [ 349.626287][T11066] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2090'. [ 349.819929][T11070] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2091'. [ 349.964039][T11074] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2093'. [ 351.601246][T11103] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2102'. [ 351.709557][T11108] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2105'. [ 352.155144][T11128] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.2114'. [ 352.155421][T11128] openvswitch: netlink: Message has 512 unknown bytes. [ 353.487806][T11145] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2117'. [ 354.244841][T11153] bond6: (slave dummy0): Enslaving as an active interface with an up link [ 356.156553][T11176] tipc: Enabling of bearer rejected, failed to enable media [ 356.157651][T11176] syzkaller0: entered promiscuous mode [ 356.157677][T11176] syzkaller0: entered allmulticast mode [ 359.075029][T11214] program syz.4.2139 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 359.116133][ T37] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 359.369693][T11225] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2145'. [ 359.524904][ T37] usb 3-1: Using ep0 maxpacket: 32 [ 359.660815][ T37] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 359.660850][ T37] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 359.660872][ T37] usb 3-1: Product: syz [ 359.660888][ T37] usb 3-1: Manufacturer: syz [ 359.660903][ T37] usb 3-1: SerialNumber: syz [ 360.611757][ T37] usb 3-1: config 0 descriptor?? [ 360.680428][ T37] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 361.946286][T11253] tipc: Enabling of bearer rejected, failed to enable media [ 361.949636][T11249] syzkaller0: entered promiscuous mode [ 361.949663][T11249] syzkaller0: entered allmulticast mode [ 362.036935][ T37] gspca_ov534_9: reg_w failed -110 [ 362.467685][ T37] gspca_ov534_9: Unknown sensor 0000 [ 362.533556][ T37] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22 [ 362.837889][ T37] usb 3-1: USB disconnect, device number 2 [ 363.314187][T11264] program syz.3.2154 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 363.361185][T11266] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2157'. [ 365.276450][ T5620] Bluetooth: hci4: command 0x0c1a tx timeout [ 368.899292][T11299] syz.2.2166 (11299): drop_caches: 2 [ 369.212295][T11305] program syz.2.2169 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 369.392292][T11310] netlink: 'syz.1.2173': attribute type 1 has an invalid length. [ 369.672492][T11315] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2172'. [ 369.784899][T11314] bond7: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 371.410540][T11310] veth3: entered promiscuous mode [ 371.483124][T11310] bond7: (slave veth3): Enslaving as a backup interface with a down link [ 372.592291][T11335] syz.1.2179 (11335): drop_caches: 2 [ 373.127017][T11339] program syz.1.2182 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 373.244553][ T9] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 373.287945][T11346] tipc: Enabling of bearer rejected, failed to enable media [ 373.289964][T11346] syzkaller0: entered promiscuous mode [ 373.289988][T11346] syzkaller0: entered allmulticast mode [ 373.394689][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 373.397517][ T9] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 373.397544][ T9] usb 3-1: config 0 has no interface number 0 [ 373.408392][ T9] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 373.408425][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.408447][ T9] usb 3-1: Product: syz [ 373.408465][ T9] usb 3-1: Manufacturer: syz [ 373.408481][ T9] usb 3-1: SerialNumber: syz [ 373.740854][ T9] usb 3-1: config 0 descriptor?? [ 374.706305][ T9] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 374.744584][ T5343] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 374.790914][T11361] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2187'. [ 374.924843][ T5343] usb 4-1: Using ep0 maxpacket: 32 [ 375.011530][ T5343] usb 4-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 375.011567][ T5343] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 375.323569][ T5343] usb 4-1: config 0 descriptor?? [ 375.456351][ T5343] gspca_main: sunplus-2.14.0 probing 041e:400b [ 375.529740][ T9] gspca_spca1528: reg_w err -71 [ 375.530041][ T9] spca1528 3-1:0.1: probe with driver spca1528 failed with error -71 [ 375.668356][ T9] usb 3-1: USB disconnect, device number 3 [ 376.388266][ T5343] gspca_sunplus: reg_w_riv err -71 [ 376.388373][ T5343] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 376.419137][ T5343] usb 4-1: USB disconnect, device number 6 [ 376.811850][T11377] program syz.1.2194 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 377.062469][T11388] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2198'. [ 377.563548][T11399] tipc: Enabling of bearer rejected, failed to enable media [ 377.574862][T11399] syzkaller0: entered promiscuous mode [ 377.574907][T11399] syzkaller0: entered allmulticast mode [ 377.755804][ T37] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 377.914609][ T37] usb 3-1: Using ep0 maxpacket: 16 [ 377.917078][ T37] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 377.917107][ T37] usb 3-1: config 0 has no interface number 0 [ 377.943430][ T37] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 377.943592][ T37] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 377.943656][ T37] usb 3-1: Product: syz [ 377.943697][ T37] usb 3-1: Manufacturer: syz [ 377.943712][ T37] usb 3-1: SerialNumber: syz [ 378.032255][ T37] usb 3-1: config 0 descriptor?? [ 378.092504][ T37] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 378.467608][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.467744][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.746663][ T37] gspca_spca1528: reg_w err -110 [ 379.782186][ T37] spca1528 3-1:0.1: probe with driver spca1528 failed with error -110 [ 379.877891][T11434] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2213'. [ 381.589486][T11450] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2219'. [ 381.757799][ T37] usb 3-1: USB disconnect, device number 4 [ 383.100080][T11465] random: crng reseeded on system resumption [ 383.456872][T11467] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2225'. [ 384.314816][ T9] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 384.464825][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 384.466833][ T9] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 384.466854][ T9] usb 2-1: config 0 has no interface number 0 [ 384.468956][ T9] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 384.468977][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 384.468992][ T9] usb 2-1: Product: syz [ 384.469003][ T9] usb 2-1: Manufacturer: syz [ 384.469014][ T9] usb 2-1: SerialNumber: syz [ 384.534941][ T9] usb 2-1: config 0 descriptor?? [ 384.557215][ T9] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 384.621203][T11497] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2239'. [ 384.715328][ T37] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 384.864550][ T37] usb 5-1: Using ep0 maxpacket: 16 [ 384.880180][ T37] usb 5-1: config 5 has an invalid interface number: 175 but max is 0 [ 384.880213][ T37] usb 5-1: config 5 has no interface number 0 [ 384.880436][ T37] usb 5-1: config 5 interface 175 altsetting 9 endpoint 0xB has an invalid bInterval 127, changing to 10 [ 384.880500][ T37] usb 5-1: config 5 interface 175 has no altsetting 0 [ 384.886814][ T37] usb 5-1: New USB device found, idVendor=1410, idProduct=9011, bcdDevice=85.09 [ 384.886912][ T37] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 384.886935][ T37] usb 5-1: Product: syz [ 384.886966][ T37] usb 5-1: Manufacturer: syz [ 384.886983][ T37] usb 5-1: SerialNumber: syz [ 385.306292][ T37] qmi_wwan 5-1:5.175: probe with driver qmi_wwan failed with error -22 [ 385.330826][ T37] usb 5-1: USB disconnect, device number 2 [ 385.594570][ T9] gspca_spca1528: reg_w err -71 [ 385.594671][ T9] spca1528 2-1:0.1: probe with driver spca1528 failed with error -71 [ 385.650092][ T9] usb 2-1: USB disconnect, device number 7 [ 386.074569][ T5620] Bluetooth: hci5: command 0x1003 tx timeout [ 386.074989][ T5616] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 387.653844][T11540] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2255'. [ 391.001869][T11585] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2272'. [ 391.415140][T11582] syz.1.2271 (11582): drop_caches: 2 [ 392.296899][T11613] program syz.4.2285 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 392.298049][T11605] 9pnet: p9_errstr2errno: server reported unknown error 0x00000000 [ 392.682746][T11629] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2291'. [ 395.482584][T11679] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2313'. [ 396.427960][T11694] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2316'. [ 397.102785][T11722] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2327'. [ 397.247881][ T5803] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 397.314199][ T5803] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 397.905559][ T5803] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 397.958171][T11731] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2330'. [ 398.054504][ T5803] usb 4-1: Using ep0 maxpacket: 32 [ 398.056846][ T5803] usb 4-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 398.056898][ T5803] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 398.095425][ T5803] usb 4-1: config 0 descriptor?? [ 398.137422][T11731] bond6: (slave dummy0): Releasing backup interface [ 398.141421][ T5803] gspca_main: sunplus-2.14.0 probing 041e:400b [ 398.954155][ T5803] gspca_sunplus: reg_w_riv err -71 [ 398.954254][ T5803] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 399.020765][ T5803] usb 4-1: USB disconnect, device number 7 [ 400.576605][T11759] syzkaller0: entered promiscuous mode [ 400.576635][T11759] syzkaller0: entered allmulticast mode [ 400.691124][T11767] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2341'. [ 401.812536][T11794] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2355'. [ 401.999066][T11794] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2355'. [ 402.911219][T11800] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2357'. [ 404.369420][ T5343] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 404.580748][ T5343] usb 3-1: unable to get BOS descriptor or descriptor too short [ 404.583247][ T5343] usb 3-1: not running at top speed; connect to a high speed hub [ 404.605417][ T5343] usb 3-1: config 2 has an invalid interface number: 59 but max is 1 [ 404.605449][ T5343] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 404.605487][ T5343] usb 3-1: config 2 has no interface number 1 [ 404.605535][ T5343] usb 3-1: config 2 interface 59 has no altsetting 0 [ 404.647438][ T5343] usb 3-1: string descriptor 0 read error: -22 [ 404.647598][ T5343] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=b2.86 [ 404.647627][ T5343] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 404.910858][T11838] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2371'. [ 404.984183][T11842] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2372'. [ 405.003644][T11838] hsr_slave_0 (unregistering): left promiscuous mode [ 405.018513][T11823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 405.039669][T11823] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 405.043097][ T5343] snd-usb-6fire 3-1:2.59: unknown device firmware state received from device: [ 405.043120][ T5343] eb 2e 87 4b 9a 05 e6 5e [ 405.043366][ T5343] snd-usb-6fire 3-1:2.59: probe with driver snd-usb-6fire failed with error -5 [ 405.215143][ T5803] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 405.256911][ T5343] snd-usb-6fire 3-1:2.0: unknown device firmware state received from device: [ 405.256935][ T5343] 23 ad 01 c0 cd a8 9d bf [ 405.257025][ T5343] snd-usb-6fire 3-1:2.0: probe with driver snd-usb-6fire failed with error -5 [ 405.370543][ T5803] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 405.370605][ T5803] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 405.370630][ T5803] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.416068][ T5803] usb 2-1: config 0 descriptor?? [ 405.483308][T11823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 405.483939][T11823] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 405.521542][ T37] usb 3-1: USB disconnect, device number 5 [ 405.782022][ T5803] usb 2-1: USB disconnect, device number 8 [ 406.927861][ T1031] Bluetooth: hci5: Frame reassembly failed (-84) [ 407.065515][ T5803] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 407.277289][ T5803] usb 2-1: New USB device found, idVendor=04a5, idProduct=3035, bcdDevice=b8.ef [ 407.277326][ T5803] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 407.277350][ T5803] usb 2-1: Product: syz [ 407.277366][ T5803] usb 2-1: Manufacturer: syz [ 407.277382][ T5803] usb 2-1: SerialNumber: syz [ 407.409742][ T5803] usb 2-1: config 0 descriptor?? [ 407.467286][T11870] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2384'. [ 407.559092][ T5803] gspca_main: benq-2.14.0 probing 04a5:3035 [ 407.963379][ T5803] usb 2-1: USB disconnect, device number 9 [ 409.482280][T11884] [U]  [ 409.641380][T11832] Bluetooth: hci5: command 0x1003 tx timeout [ 409.697065][ T5616] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 410.124300][T11900] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2396'. [ 413.573250][T11941] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2410'. [ 413.789618][ T5343] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 413.934538][ T5343] usb 3-1: Using ep0 maxpacket: 16 [ 413.939217][ T5343] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 413.939249][ T5343] usb 3-1: config 0 has no interface number 0 [ 413.969496][ T5343] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 413.969529][ T5343] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 413.969551][ T5343] usb 3-1: Product: syz [ 413.969567][ T5343] usb 3-1: Manufacturer: syz [ 413.969582][ T5343] usb 3-1: SerialNumber: syz [ 414.764280][ T5343] usb 3-1: config 0 descriptor?? [ 414.793463][ T5343] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 414.798706][T11964] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2417'. [ 414.884578][ T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 414.930960][T11961] ================================================================== [ 414.930982][T11961] BUG: KASAN: slab-use-after-free in reverse_path_check_proc+0x5b/0x240 [ 414.931022][T11961] Read of size 8 at addr ffff888037947e00 by task syz.4.2416/11961 [ 414.931043][T11961] [ 414.931075][T11961] CPU: 1 UID: 0 PID: 11961 Comm: syz.4.2416 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 414.931104][T11961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 414.931129][T11961] Call Trace: [ 414.931143][T11961] [ 414.931154][T11961] dump_stack_lvl+0xe8/0x150 [ 414.931187][T11961] print_address_description+0x55/0x1e0 [ 414.931220][T11961] ? reverse_path_check_proc+0x5b/0x240 [ 414.931242][T11961] print_report+0x58/0x70 [ 414.931270][T11961] kasan_report+0x117/0x150 [ 414.931306][T11961] ? reverse_path_check_proc+0x5b/0x240 [ 414.931333][T11961] ? ep_insert+0xbbb/0x1820 [ 414.931366][T11961] reverse_path_check_proc+0x5b/0x240 [ 414.931392][T11961] ? ep_insert+0xbbb/0x1820 [ 414.931426][T11961] ep_insert+0xc6c/0x1820 [ 414.931469][T11961] ? __pfx_ep_insert+0x10/0x10 [ 414.931509][T11961] ? lockdep_hardirqs_on+0x7a/0x110 [ 414.931535][T11961] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 414.931573][T11961] ? mutex_lock_nested+0x152/0x1d0 [ 414.931610][T11961] ? do_epoll_ctl_file+0xc69/0xed0 [ 414.931647][T11961] do_epoll_ctl_file+0x8bb/0xed0 [ 414.931682][T11961] ? do_epoll_ctl_file+0xac3/0xed0 [ 414.931719][T11961] ? __pfx_do_epoll_ctl_file+0x10/0x10 [ 414.931757][T11961] ? __fget_files+0x3a6/0x420 [ 414.931790][T11961] ? __fget_files+0x2a/0x420 [ 414.931825][T11961] __se_sys_epoll_ctl+0x14e/0x210 [ 414.931861][T11961] ? __pfx___se_sys_epoll_ctl+0x10/0x10 [ 414.931903][T11961] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.931929][T11961] do_syscall_64+0x174/0x580 [ 414.931951][T11961] ? trace_irq_disable+0x3b/0x140 [ 414.931981][T11961] ? clear_bhb_loop+0x40/0x90 [ 414.932008][T11961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.932031][T11961] RIP: 0033:0x7f63299cce59 [ 414.932059][T11961] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 414.932081][T11961] RSP: 002b:00007f63277b9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 414.932107][T11961] RAX: ffffffffffffffda RBX: 00007f6329c46270 RCX: 00007f63299cce59 [ 414.932125][T11961] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000007 [ 414.932140][T11961] RBP: 00007f6329a62d6f R08: 0000000000000000 R09: 0000000000000000 [ 414.932156][T11961] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 414.932172][T11961] R13: 00007f6329c46308 R14: 00007f6329c46270 R15: 00007ffc1f5d7168 [ 414.932201][T11961] [ 414.932209][T11961] [ 414.932215][T11961] Allocated by task 11960: [ 414.932226][T11961] kasan_save_track+0x3e/0x80 [ 414.932254][T11961] __kasan_slab_alloc+0x6c/0x80 [ 414.932282][T11961] kmem_cache_alloc_noprof+0x33b/0x680 [ 414.932309][T11961] ep_insert+0x512/0x1820 [ 414.932339][T11961] do_epoll_ctl_file+0x8bb/0xed0 [ 414.932371][T11961] __se_sys_epoll_ctl+0x14e/0x210 [ 414.932404][T11961] do_syscall_64+0x174/0x580 [ 414.932425][T11961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.932446][T11961] [ 414.932451][T11961] Freed by task 11956: [ 414.932461][T11961] kasan_save_track+0x3e/0x80 [ 414.932486][T11961] kasan_save_free_info+0x46/0x50 [ 414.932507][T11961] __kasan_slab_free+0x5c/0x80 [ 414.932534][T11961] kmem_cache_free+0x187/0x6c0 [ 414.932564][T11961] eventpoll_release_file+0xc2/0x240 [ 414.932602][T11961] __fput+0x83c/0xa70 [ 414.932627][T11961] task_work_run+0x1d9/0x270 [ 414.932660][T11961] get_signal+0x11eb/0x1330 [ 414.932694][T11961] arch_do_signal_or_restart+0xbc/0x840 [ 414.932725][T11961] exit_to_user_mode_loop+0xa9/0x680 [ 414.932753][T11961] do_syscall_64+0x353/0x580 [ 414.932773][T11961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.932794][T11961] [ 414.932799][T11961] The buggy address belongs to the object at ffff888037947e00 [ 414.932799][T11961] which belongs to the cache ep_head of size 16 [ 414.932819][T11961] The buggy address is located 0 bytes inside of [ 414.932819][T11961] freed 16-byte region [ffff888037947e00, ffff888037947e10) [ 414.932845][T11961] [ 414.932851][T11961] The buggy address belongs to the physical page: [ 414.932874][T11961] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888037947200 pfn:0x37947 [ 414.932898][T11961] memcg:ffff88803ea73801 [ 414.932908][T11961] flags: 0x80000000000200(workingset|node=0|zone=1) [ 414.932934][T11961] page_type: f5(slab) [ 414.932955][T11961] raw: 0080000000000200 ffff88801ea8ddc0 ffffea0000a91e10 ffffea0000fbca50 [ 414.932977][T11961] raw: ffff888037947200 000000080080003a 00000000f5000000 ffff88803ea73801 [ 414.932989][T11961] page dumped because: kasan: bad access detected [ 414.933007][T11961] page_owner tracks the page as allocated [ 414.933015][T11961] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4977, tgid 4977 (udevd), ts 29772024714, free_ts 0 [ 414.933056][T11961] post_alloc_hook+0x1f9/0x250 [ 414.933084][T11961] get_page_from_freelist+0x265c/0x26e0 [ 414.933116][T11961] __alloc_frozen_pages_noprof+0x18d/0x380 [ 414.933149][T11961] allocate_slab+0x74/0x5e0 [ 414.933168][T11961] refill_objects+0x33c/0x3d0 [ 414.933188][T11961] __pcs_replace_empty_main+0x373/0x720 [ 414.933211][T11961] kmem_cache_alloc_noprof+0x433/0x680 [ 414.933238][T11961] ep_insert+0x512/0x1820 [ 414.933269][T11961] do_epoll_ctl_file+0x8bb/0xed0 [ 414.933300][T11961] __se_sys_epoll_ctl+0x14e/0x210 [ 414.933333][T11961] do_syscall_64+0x174/0x580 [ 414.933355][T11961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.933377][T11961] page_owner free stack trace missing [ 414.933385][T11961] [ 414.933390][T11961] Memory state around the buggy address: [ 414.933402][T11961] ffff888037947d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 414.933418][T11961] ffff888037947d80: 00 00 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 414.933434][T11961] >ffff888037947e00: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 414.933446][T11961] ^ [ 414.933458][T11961] ffff888037947e80: 00 00 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 414.933474][T11961] ffff888037947f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 414.933487][T11961] ================================================================== [ 414.993623][T11961] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 414.993661][T11961] CPU: 1 UID: 0 PID: 11961 Comm: syz.4.2416 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 414.993691][T11961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 414.993741][T11961] Call Trace: [ 414.993770][T11961] [ 414.993794][T11961] vpanic+0x56c/0xa60 [ 414.993840][T11961] ? __pfx_vpanic+0x10/0x10 [ 414.993880][T11961] panic+0xc5/0xd0 [ 414.993916][T11961] ? __pfx_panic+0x10/0x10 [ 414.993948][T11961] ? preempt_schedule_thunk+0x16/0x40 [ 414.993977][T11961] ? preempt_schedule_thunk+0x16/0x40 [ 414.994002][T11961] ? reverse_path_check_proc+0x5b/0x240 [ 414.994043][T11961] check_panic_on_warn+0x89/0xb0 [ 414.994114][T11961] ? reverse_path_check_proc+0x5b/0x240 [ 414.994151][T11961] end_report+0x73/0x170 [ 414.994186][T11961] ? reverse_path_check_proc+0x5b/0x240 [ 414.994242][T11961] kasan_report+0x128/0x150 [ 414.994311][T11961] ? reverse_path_check_proc+0x5b/0x240 [ 414.994346][T11961] ? ep_insert+0xbbb/0x1820 [ 414.994386][T11961] reverse_path_check_proc+0x5b/0x240 [ 414.994426][T11961] ? ep_insert+0xbbb/0x1820 [ 414.994484][T11961] ep_insert+0xc6c/0x1820 [ 414.994530][T11961] ? __pfx_ep_insert+0x10/0x10 [ 414.994625][T11961] ? lockdep_hardirqs_on+0x7a/0x110 [ 414.994661][T11961] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 414.994702][T11961] ? mutex_lock_nested+0x152/0x1d0 [ 414.994783][T11961] ? do_epoll_ctl_file+0xc69/0xed0 [ 414.994835][T11961] do_epoll_ctl_file+0x8bb/0xed0 [ 414.994891][T11961] ? do_epoll_ctl_file+0xac3/0xed0 [ 414.994979][T11961] ? __pfx_do_epoll_ctl_file+0x10/0x10 [ 414.995017][T11961] ? __fget_files+0x3a6/0x420 [ 414.995084][T11961] ? __fget_files+0x2a/0x420 [ 414.995152][T11961] __se_sys_epoll_ctl+0x14e/0x210 [ 414.995199][T11961] ? __pfx___se_sys_epoll_ctl+0x10/0x10 [ 414.995265][T11961] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.995291][T11961] do_syscall_64+0x174/0x580 [ 414.995314][T11961] ? trace_irq_disable+0x3b/0x140 [ 414.995345][T11961] ? clear_bhb_loop+0x40/0x90 [ 414.995372][T11961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.995395][T11961] RIP: 0033:0x7f63299cce59 [ 414.995416][T11961] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 414.995437][T11961] RSP: 002b:00007f63277b9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 414.995463][T11961] RAX: ffffffffffffffda RBX: 00007f6329c46270 RCX: 00007f63299cce59 [ 414.995482][T11961] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000007 [ 414.995497][T11961] RBP: 00007f6329a62d6f R08: 0000000000000000 R09: 0000000000000000 [ 414.995512][T11961] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 414.995526][T11961] R13: 00007f6329c46308 R14: 00007f6329c46270 R15: 00007ffc1f5d7168 [ 414.995553][T11961] [ 414.996188][T11961] Kernel Offset: disabled