last executing test programs: 10.986451349s ago: executing program 3 (id=2513): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) unshare(0x6a040000) ioctl$F2FS_IOC_SET_PIN_FILE(r0, 0x4004f50d, &(0x7f0000000040)) ioctl$IMGETCOUNT(0xffffffffffffffff, 0x618e, 0x0) 6.126732856s ago: executing program 1 (id=2528): ioctl$SIOCX25GCALLUSERDATA(0xffffffffffffffff, 0x89e4, 0x0) 6.086742873s ago: executing program 1 (id=2529): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_QUEUE_FLAGS={0x6, 0x3, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xbc}}, 0x0) 5.959387018s ago: executing program 1 (id=2531): socket(0x10, 0x3, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) syz_io_uring_setup(0x643c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = epoll_create1(0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001300)=ANY=[@ANYBLOB="38010000000101"], 0x138}}, 0x4) 5.745397771s ago: executing program 1 (id=2532): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003b40)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRES16=0x0, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f640d967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c8348100"/4195, @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRES64], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN") syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0xd, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000001000000000000000000180100002020642500000000002020207b1af8ff00000000bfa108000000000047010000f6f3ffffb702000008000000b70300000000000885000000a000000095"], &(0x7f0000000000)='syzkaller\x00', 0x2, 0xc, &(0x7f00000007c0)=""/12, 0x40f00, 0xc}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44000}, 0x7b35477d0633fa59) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44}, 0x20000000) recvmsg(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x40000000) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe33) readlinkat(0xffffffffffffff9c, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0185879, &(0x7f0000000000)={@desc={0x1, 0x0, @desc2}}) r4 = open(0x0, 0x80242, 0x0) ftruncate(r4, 0x2007ffc) sendfile(r4, r4, 0x0, 0x2000000000006) 5.506846998s ago: executing program 3 (id=2533): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x42082, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0) close(r1) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000200)=ANY=[@ANYRES16=r1, @ANYRES32=r0]) socket$netlink(0x10, 0x3, 0x4) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x11, 0x3, r3, 0x1, 0xd8}, 0x14) 4.004959227s ago: executing program 1 (id=2534): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x5, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000022c0)=@newtfilter={0x90, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0xffff, 0x5}, {}, {0x7, 0x3}}, [@filter_kind_options=@f_matchall={{0xd}, {0x5c, 0x2, [@TCA_MATCHALL_ACT={0x58, 0x2, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x57f}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x4e3, 0xca0b, 0x6, 0x3}, 0x3}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}]}]}}]}, 0x90}, 0x1, 0x0, 0x0, 0x40000}, 0x44000) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r5) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000140)='\r', 0x1}], 0x1}, 0x4) 3.580843191s ago: executing program 3 (id=2536): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 3.579659146s ago: executing program 1 (id=2537): r0 = syz_open_dev$amidi(&(0x7f0000000080), 0x2, 0x0) r1 = getpid() write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000400)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, 0x0, 0x0) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000003c0)=0x14) ioctl$TIOCVHANGUP(r7, 0x5437, 0x2) syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_FADVISE={0x18, 0x40, 0x0, @fd, 0x5, 0x0, 0x0, 0x3}) r8 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r8, 0x40605346, 0x0) prctl$PR_GET_TSC(0x43, &(0x7f0000000040)) sendmmsg$unix(r5, &(0x7f0000002f80)=[{{&(0x7f0000000480)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000000280), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000100000002000000", @ANYRES32=r1, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="100000000100000001000000", @ANYRES32=r8, @ANYBLOB="280000000100000001000000", @ANYRES32=r5, @ANYRES32=r8, @ANYRES32=r0, @ANYRES32, @ANYRES32=r5, @ANYRES32=r2, @ANYRES32=r2, @ANYBLOB="180000000100000002000000", @ANYRES32=r3, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="100000000100000001000000", @ANYRES32=r0, @ANYBLOB="180000000189ab0002000000", @ANYRES32=r1, @ANYRESHEX=r8, @ANYRES32=0x0], 0x90, 0x20008000}}, {{&(0x7f0000001c80)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000001fc0)=[{&(0x7f0000001d00)="43bd91ee097099bf1ecd20e5b4466b4bdc7e9dba9fb9b4b24cd690b03393da602a7d668103cbce0edbda381a63732d8eed32996cb7f57b9275272c1ad07463eb644ed522aa07821b8f619a9583dbb915019a2dd73c386564a3f7096c0cfe80a1bbf5c4e9a8728c034a8760167f9273932511e0349a673301dfe9bd4f6cec78d730533d60ad723dcde90f6a69afb2b8638b82699fcbe3404b360e57871c540264e9b13e68717f1303ab71f9014e5f8336a6a053dafb98dac89153e15c7e277c", 0xbf}, {&(0x7f0000001dc0)="65c597b75556aaf525abe11cb5c63f889cae96bc1c970cb3b87275d81ca435923f959f2ebfa9a9d95b4dc68553c7328aa9302a3e0766760ee626fac7856612", 0x3f}, {0x0}, {&(0x7f0000001f00)}, {&(0x7f0000001f40)="5c17f2e538db27da24bf0bad5c2225c7ddf1bec0019608fa58548d0f45b13c572dba16527da0a700fa6f64208f55d2dcdc1d08c650ac064bb774b9bfeec7b084a4f2b2770d3809", 0x47}], 0x5, &(0x7f0000002980)=[@rights={{0x20, 0x1, 0x1, [r0, r8, 0xffffffffffffffff, r6, r5]}}, @cred={{0x18, 0x1, 0x2, {0x0, 0xee01}}}, @cred={{0x18, 0x1, 0x2, {r3}}}, @cred={{0x18, 0x1, 0x2, {r3, 0x0, 0xee01}}}, @rights={{0x28, 0x1, 0x1, [r5, 0xffffffffffffffff, r2, r7, r0, r6, r7]}}, @rights={{0x10, 0x1, 0x1, [r8]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, r5, r0, 0xffffffffffffffff, r5, r0, r2, r0, 0xffffffffffffffff]}}], 0xd0, 0x8004}}, {{&(0x7f0000002a80)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000002cc0)=[{&(0x7f0000002b00)="0054632f7826f4b4b69c1c2be6ae1112369b175a659259c5ab8d90b1e89c3231f26fa70f0bfd44a9c18a450fe8180391883d49134186e1a6bdfb7d260d25739a49a1ef1ceb1c50e6c2a92ab37f13ba004c5e36ff9340d7f76d2ba414948fbe8340eac99d908d85613d4f85e32a2352839d1c7152e73c7df135750c48f5f6a54f076c4a93d53b1ed7fc4fbf23efbe51aee11181a9dc64e0cea0451b8f28a5b0e029749db859ac016bebe10964fd6651a6f8ac1d51a05deebd5a3b665bede130ea47cd473ce167559cae4e409256cdf00c83357d8cf43159735a544f1d9de1e450b3cb13c08d2ab15e36631eed03b5906bec134ef62da4c36546", 0xf9}], 0x1, 0x0, 0x0, 0x4008000}}], 0x3, 0x0) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x80383, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) 3.357385407s ago: executing program 3 (id=2540): r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000000)=0x2, 0x4) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x28) sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002'], 0x28}}], 0x1, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) recvfrom$inet6(r0, 0x0, 0x0, 0x10000, &(0x7f0000000040)={0xa, 0x4e21, 0x9, @private0, 0x23}, 0x1c) 3.148476781s ago: executing program 3 (id=2543): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) unshare(0x6a040000) ioctl$F2FS_IOC_SET_PIN_FILE(r0, 0x4004f50d, &(0x7f0000000040)) ioctl$IMGETCOUNT(0xffffffffffffffff, 0x618e, 0x0) 3.067300613s ago: executing program 0 (id=2544): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c00000010096122314a8bc2411e0000372ffba3f291c1f6973b4afb1a03aa58b961864c5bfb5023e3aa47312075646840226e31d322d129681b4f651941d744332f9656e3c18dd897d32f699b4497844b036ea26bfe3d57013a7765d0a4042c0de039c0a51886c6496ad10e66939c4d90aa2a58b8ae6c702925d5dda409f8c072b31cee0f0abe8de93d8de8be269dee1e9fbc41c285353b512f0c6710938ede47fd4ae4362c2184b1d6f1f3bcd71e4381ac42953c9a37448da502e9e1478dd651cdb5edf5b1880cc6e98ceb2a33136d0cc66d1e9ebc8c6c1421742a2e1cbde4ff63681784018ef82e07956be11a560d9594a77663efcb080000008fbafbcddd65d5287a4a279aee0570eb4eb3a0c8", @ANYRES64=0x0], 0x3c}}, 0x40000) sendmsg$nl_route(r1, 0x0, 0x440b0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r2, 0x400c330d, &(0x7f0000000280)={0x8, 0x7}) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000540), 0x3c) mkdir(&(0x7f0000001c00)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x800400, &(0x7f0000000100)=ANY=[@ANYBLOB="757271756f74612c75737271b43ff6f49dde4851636b5f686172640000000000000002cb"]) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = add_key$keyring(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) fsetxattr$trusted_overlay_origin(r2, &(0x7f0000000440), &(0x7f0000000480), 0x2, 0x0) keyctl$get_persistent(0x9, 0xffffffffffffffff, r3) r4 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, 0x0, 0x400, 0x70bd29, 0x25dfdbff, {{}, {}, {0xc, 0x14, 'syz1\x00'}}}, 0x28}, 0x1, 0x0, 0x0, 0x15}, 0x40) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r5, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x1000002, 0x204031, 0xffffffffffffffff, 0xec776000) r6 = signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0x2]}, 0x8, 0x80000) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000140)=0xff, 0xffffffffffffffff, 0x0, 0x3, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r6, &(0x7f0000000340)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e20, 0x3, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x3ff}}}, 0x30) readv(r6, &(0x7f00000001c0)=[{&(0x7f0000000140)=""/128, 0x80}], 0x1) landlock_restrict_self(r4, 0xe) 2.759798391s ago: executing program 2 (id=2546): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x42082, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0) close(r1) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000200)=ANY=[@ANYRES16=r1, @ANYRES32=r0]) socket$netlink(0x10, 0x3, 0x4) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x11, 0x3, r3, 0x1, 0xd8}, 0x14) 2.500078171s ago: executing program 4 (id=2547): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x5, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000022c0)=@newtfilter={0x90, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0xffff, 0x5}, {}, {0x7, 0x3}}, [@filter_kind_options=@f_matchall={{0xd}, {0x5c, 0x2, [@TCA_MATCHALL_ACT={0x58, 0x2, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x57f}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x4e3, 0xca0b, 0x6, 0x3}, 0x3}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}]}]}}]}, 0x90}, 0x1, 0x0, 0x0, 0x40000}, 0x44000) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r5) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000140)='\r', 0x1}], 0x1}, 0x4) 2.285574638s ago: executing program 2 (id=2548): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0xfffffffffffffdbc, 0x2, {{0x1, 0xd, 0x0, 0x9, 0x8}, 0x6, 0x1, 0x1, 0x4, 0x8, 0xe, 0x7, 0x1d, 0x3, 0x9, {0xa2d6, 0x200, 0xb, 0x40, 0x2, 0x1ff}}}}]}, 0x78}}, 0x0) socket$unix(0x1, 0x1, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) close(r4) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000022c0)=@newtfilter={0xe8c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0x5, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xe58, 0x2, [@TCA_MATCHALL_ACT={0xe54, 0x2, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x800, 0x2, 0x20000000, 0x10000, 0x40}, 0x8, 0x5}, [{0x7, 0x8, 0x2, 0x5, 0x2, 0x200}, {0xff, 0x7, 0x101, 0x8, 0x810, 0xffffffff}, {0x5, 0x8, 0xfff, 0x2, 0xffffffff, 0xb93}, {0x6, 0x4, 0x3, 0xfffffff0, 0x4, 0x6}, {0xd3d4, 0x2, 0x8, 0x6, 0x101, 0x10}, {0x9, 0x40, 0x6, 0x80000000, 0x6, 0x10001}, {0x4, 0x9, 0x100, 0xf9d8, 0x7, 0x2}, {0x5796, 0xffff, 0xd44b, 0x8, 0x1, 0x37a}, {0x6, 0x3, 0x1, 0x80000001, 0x3f, 0x10}, {0x4, 0x9e9c, 0x60, 0x7, 0x0, 0x1}, {0xffe00000, 0x1, 0x8000, 0x4, 0x3, 0x7}, {0x101, 0x9, 0x400, 0x3, 0x9, 0x3}, {0xce9, 0xfffffffb, 0x4, 0xae5e, 0x3ff, 0x2}, {0x3, 0x5, 0x6, 0x4, 0x197d, 0xfb56}, {0x2, 0xe42, 0xf3, 0x0, 0x6, 0x101}, {0x4, 0x5, 0x74d77b97, 0xfffffd8b, 0x0, 0x4}, {0x7fff, 0x5b, 0xb3a, 0x6, 0x2, 0xb5e}, {0x4c5be96a, 0x6, 0x2, 0x5, 0xd2a1, 0xbe47}, {0x6, 0x7, 0x9, 0x4, 0x3, 0x1}, {0x3, 0x8, 0x7, 0x4, 0x95, 0x3}, {0x6, 0x5, 0x2, 0x7fffffff, 0x8, 0xff}, {0x1, 0x71, 0x800000, 0xcf55, 0x3, 0x9}, {0x7933, 0x6e20, 0x6, 0x81, 0x2, 0x8}, {0xff, 0x8001, 0xff, 0x10001, 0x5, 0x5}, {0x6, 0x37, 0x0, 0x6, 0xed, 0x5}, {0xce, 0xa6, 0x4, 0x2, 0x10000, 0x800}, {0x200, 0x5, 0x6, 0x5, 0x9, 0x9}, {0x8, 0xdd8, 0x8, 0x8, 0x5}, {0x3, 0x3, 0xa, 0x6, 0x9, 0x9}, {0x9, 0x4, 0x9d42, 0x4, 0x1, 0xfffffffb}, {0x8c, 0x6b8, 0x6, 0x2, 0x2, 0xfffffffe}, {0x3, 0x811, 0x9, 0x5, 0x4}, {0x3, 0x80000001, 0x400, 0x2, 0x0, 0x8001}, {0xfffffe01, 0x2, 0x8, 0x2, 0x8, 0x8}, {0x0, 0x22, 0x5, 0x3, 0x401, 0x5}, {0xa, 0xfff, 0x101, 0x5, 0xfffffc01, 0x800}, {0x4, 0x5, 0x0, 0x0, 0xdb, 0x3d04b554}, {0x5, 0x9, 0xfffffffa, 0x1, 0x0, 0x2}, {0x8, 0x7, 0x8, 0x99f, 0x9, 0x3}, {0x5, 0x252, 0x8000, 0xffff8001, 0xb, 0x900}, {0x4, 0x3, 0x3, 0x21, 0x7, 0x7}, {0xfffffffb, 0x8a1, 0x2, 0x7, 0x0, 0x4}, {0x0, 0x7fff, 0x2, 0xfffff399, 0x20000009, 0xe756}, {0xfff, 0xc, 0x4, 0x8, 0x2, 0xe}, {0x6, 0x4, 0x6, 0x1, 0x80, 0x980}, {0x23ae789, 0xc, 0x4, 0x7, 0x200, 0x4}, {0x5, 0xe, 0x2, 0x9, 0x0, 0xf3}, {0x0, 0x9, 0x2, 0x4, 0x3, 0x4}, {0x8, 0x4, 0x5, 0xfffffffd, 0x400, 0x7f}, {0x9, 0x80, 0x6e6b, 0x6, 0x203}, {0x371cf7fc, 0x7, 0x2, 0x1ff, 0xfffffffa, 0x6a97}, {0xd1, 0x6, 0x4, 0x7, 0x5a, 0x9}, {0x8, 0x7f, 0x7fffffff, 0x7f, 0x2, 0x8}, {0x7ff, 0x1, 0x3, 0x2, 0x9, 0x400}, {0x6, 0x1ff, 0x0, 0x9, 0x7, 0x4}, {0x4, 0x6, 0xfe, 0x100, 0xc6}, {0x3, 0xfffffffd, 0xd, 0x6, 0xfffffffe, 0x1000}, {0x7, 0x2, 0x1, 0xd, 0xfffffffe, 0x3}, {0xfffffff9, 0x80000001, 0xe, 0x2, 0x200, 0x7}, {0x3, 0x0, 0xa820, 0x787e, 0x2, 0x2}, {0x8, 0x4, 0x5ae, 0x2, 0x8}, {0x5, 0x52, 0x8, 0x5, 0x10, 0x9}, {0x1, 0x7, 0x3, 0x280, 0x800, 0x6}, {0x10, 0x801, 0x0, 0x8, 0x3, 0x7}, {0xad, 0x8, 0x4, 0x5, 0x0, 0xfff}, {0x6, 0x6, 0x7fff, 0x0, 0xff, 0x7fffffff}, {0x8, 0x85e6, 0x3, 0x0, 0x5, 0xc}, {0x9, 0x78e3, 0x5, 0xbc27, 0x7, 0x9}, {0x6, 0x7, 0x2, 0xdb60, 0x3}, {0x80000001, 0x0, 0x3, 0x1, 0x81, 0xba}, {0x10001, 0xfff, 0x7, 0x0, 0x9, 0xc29}, {0x100, 0x2, 0x9, 0x7, 0x84e1, 0x3ff}, {0xdc, 0x8, 0xe, 0x7, 0x9}, {0x7, 0x5, 0x1, 0x80, 0x6, 0xff}, {0xd5e, 0x5, 0x0, 0x100, 0x0, 0x10}, {0x200, 0x2, 0x8000, 0x0, 0x6b, 0x4}, {0x0, 0x0, 0x9, 0x8, 0x100, 0x1000}, {0x4, 0x3ff, 0x0, 0x10000, 0x7, 0x7}, {0x6, 0x9, 0x1, 0x2001ff, 0x4, 0x1}, {0x4, 0xd38f, 0x6, 0x4, 0x170ddbc4, 0xe38}, {0x14a, 0x7, 0x0, 0x10001, 0x1, 0x2}, {0x9, 0x6, 0x1, 0x400, 0xffffffff, 0xfffffffc}, {0x7, 0x6, 0x3909, 0xffffffff, 0x1705, 0x7}, {0x3, 0x3b10fe2d, 0x4006, 0x5, 0x3, 0xffff7fff}, {0x9430, 0xb, 0x6, 0x2, 0x9, 0x5}, {0xa, 0xb1fb, 0x6, 0x6, 0xc5, 0x9}, {0x2a455dad, 0x5, 0x29, 0xfffffff9, 0x800, 0x7fff}, {0x3, 0x3, 0xee, 0x9, 0x6, 0x8}, {0x5ce, 0x3, 0x0, 0xb, 0x8, 0x99}, {0x2, 0x9, 0xf623, 0x7, 0xff, 0x8}, {0x101, 0x6, 0x80000000, 0x9, 0xfffff697, 0x8}, {0x9, 0x8, 0x7, 0x2, 0xa226, 0x9}, {0x8, 0x8, 0x3, 0xfffff246, 0xf, 0x2}, {0x3, 0xaf, 0x7ff, 0xe0, 0x0, 0x7cf}, {0x8, 0x7, 0x29af2cf0, 0x1, 0x7, 0x80000000}, {0x7fff, 0x9, 0x4b, 0xa4e}, {0xffffffff, 0x7, 0x6, 0x80000000, 0x0, 0x69}, {0x4, 0x9, 0x9, 0x4, 0x100, 0x5}, {0x6, 0x6, 0x2, 0x80000001, 0x6, 0x9}, {0x6, 0x401, 0x2, 0x2, 0x3, 0xb}, {0xd, 0x40, 0x3, 0xa, 0xffffffff, 0x1d1a}, {0xc0, 0x81, 0xb, 0x3, 0xea, 0x3}, {0xc, 0x2, 0x1, 0xa, 0x1, 0x2f4}, {0xf, 0x6, 0x9, 0x73e7, 0x1000, 0x4}, {0x6, 0x8000, 0x3ff, 0x8dcc, 0x4, 0x7ff}, {0x7, 0x12, 0x8, 0x8, 0x69, 0x9}, {0x7f, 0x7, 0x4, 0x0, 0x3, 0x2}, {0x6, 0x0, 0x7a, 0x5, 0x4, 0x1000}, {0xb06, 0x7, 0x7ff, 0x400009, 0x0, 0x7bffffff}, {0x4, 0x7b, 0x3, 0x4, 0x0, 0xa7}, {0x81, 0x56c3, 0x1, 0xdda, 0x6, 0xb27d}, {0x4, 0x3, 0x401, 0xad, 0xcf5, 0xf8c}, {0x8, 0x1, 0x3, 0x40, 0x1, 0x4907}, {0x6, 0x4, 0x38, 0x4, 0x5, 0x6}, {0x7, 0x2, 0xf, 0x64, 0x1, 0x7}, {0x1, 0x2, 0x4010, 0xffffffad, 0x0, 0x751e}, {0xfff0, 0x2, 0x4, 0x3, 0x3, 0x5}, {0x5, 0x7, 0x8, 0x1, 0x5, 0xfff}, {0x4fb, 0x0, 0x0, 0x7ff, 0x4, 0x5}, {0xf455, 0x3, 0x7fff, 0x59ed, 0xb4e9, 0xe4}, {0x7, 0x2, 0xe, 0x0, 0x3da78e9c, 0x8000}, {0x2, 0x0, 0x400, 0x765, 0x4, 0x7}, {0x5, 0x7, 0x5, 0x8, 0x8, 0x7}, {0x10, 0x3, 0x9, 0x5, 0x8, 0x2}, {0x6a, 0x200, 0x81, 0xffffffff, 0x4, 0x200}, {0x3, 0x8007, 0x3, 0x4a, 0x6, 0x1}, {0x0, 0x2, 0x7, 0x616, 0x5, 0x4}, {0x6, 0xb25b, 0x3, 0x0, 0x6, 0xb}], [{0x4, 0x1}, {0x5}, {}, {}, {0x5, 0x1}, {}, {0x0, 0x1}, {0x5, 0x1}, {0x6}, {0x0, 0x1}, {0x2}, {0x4}, {0x5}, {0x4, 0x1}, {0x1, 0x1}, {0x1}, {0x1}, {0x2}, {0x4}, {0x1, 0x1}, {0x0, 0x1}, {0x5}, {0x5, 0x1}, {0x5}, {0x2, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x4}, {0x3, 0x1}, {}, {0x4, 0x1}, {0x4}, {}, {0x5}, {0x5, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x4, 0x1}, {}, {0x3, 0x1}, {0x1, 0x1}, {0x1}, {}, {0x5}, {0x3}, {0xd}, {0x0, 0x338f50ad6d91f11}, {0x1, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x4}, {}, {0x4}, {0x3}, {0x1, 0x1}, {0x4}, {0x5}, {0x4, 0x1}, {0x5, 0x1}, {}, {0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x3}, {0x1, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x4}, {0x1}, {0x4}, {0x3}, {}, {0x5, 0x1}, {0x2, 0x1}, {}, {0x1, 0x1}, {0x3}, {0x3, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x1}, {0x6, 0x1}, {0x5}, {0x3}, {0x1, 0x1}, {0x1, 0x1}, {0x3}, {0x3, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x3}, {0x5, 0x1}, {0x3}, {0x3}, {0x3}, {0x4}, {0x5, 0x1}, {0x3}, {0x0, 0x1}, {0x2, 0x1}, {0x3}, {0x5}, {0x5, 0x1}, {0x2, 0x1}, {0x3}, {0x3, 0x1}, {0x4}, {0x4}, {0x5}, {0x5, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x4}]}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0xe8c}, 0x1, 0x0, 0x0, 0x10}, 0x0) setsockopt$sock_attach_bpf(r5, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000500)=@xdp={0x2c, 0x0, 0x0, 0xc}, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf", 0x22}, {&(0x7f0000000c00)="4307ed2e", 0x4}], 0x2}, 0x4) 2.172440477s ago: executing program 3 (id=2549): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, 0x0, 0x0) listen(r0, 0x5) socket$vsock_stream(0x28, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r2 = socket$packet(0x11, 0x3, 0x300) unshare(0x22020600) setsockopt$packet_fanout_data(r2, 0x107, 0x16, 0x0, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x0}, 0x1c) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000280), r4) sendmsg$NFC_CMD_DISABLE_SE(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x1c, r5, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24040880}, 0x20000010) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x1403, 0x1f, 0x70bd2a, 0x25dfdbfe, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bond0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) write$binfmt_elf64(r7, 0x0, 0x78) close(r7) bind$802154_dgram(r7, &(0x7f0000000140)={0x24, @none={0x0, 0xffff}}, 0x14) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="2e00000011008b88040f80ee59acbc04130800480f0000005e2900421803001825800000000000000280000c0012", 0x2e}], 0x1}, 0x0) 2.151325988s ago: executing program 4 (id=2550): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 1.301953849s ago: executing program 4 (id=2551): capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7}) r0 = getpid() sched_setaffinity(r0, 0x0, 0x0) 988.615644ms ago: executing program 4 (id=2552): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x10040) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x32}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x67, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010001, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) syz_emit_ethernet(0x38, &(0x7f0000000200)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x32}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2a, 0x67, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010001, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x40}, {"22d6"}}}}}}, 0x0) 870.437559ms ago: executing program 4 (id=2553): r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000000)=0x2, 0x4) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000001c80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x1}, 0x28) sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002'], 0x28}}], 0x1, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) recvfrom$inet6(r0, 0x0, 0x0, 0x10000, &(0x7f0000000040)={0xa, 0x4e21, 0x9, @private0, 0x23}, 0x1c) 831.870762ms ago: executing program 0 (id=2554): socket(0x10, 0x3, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) syz_io_uring_setup(0x643c, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0xfffffffe, 0x1a4}, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = epoll_create1(0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001300)=ANY=[@ANYBLOB="38010000000101"], 0x138}}, 0x4) 677.361293ms ago: executing program 4 (id=2555): mkdir(&(0x7f0000000080)='./file1\x00', 0x8) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x2000408, &(0x7f00000001c0)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) setreuid(0x0, 0xee00) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, 0x0) 653.189896ms ago: executing program 2 (id=2556): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0}], 0x1, 0x40800) recvmsg(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/73, 0x49}], 0x1}, 0x2043) 558.34862ms ago: executing program 0 (id=2557): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x0, 0xfffffffe, 0x4}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8801}, 0x20008850) r4 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000c00)=@newtfilter={0x40, 0x2c, 0xd3f, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0xfff3, 0xffe0}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x14, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}, @TCA_BPF_POLICE={0x4}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) 432.701281ms ago: executing program 2 (id=2558): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x42082, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0) close(r1) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000200)=ANY=[@ANYRES16=r1, @ANYRES32=r0]) socket$netlink(0x10, 0x3, 0x4) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x11, 0x3, r3, 0x1, 0xd8}, 0x14) 293.145925ms ago: executing program 0 (id=2559): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) r1 = socket(0x8, 0x3, 0x0) ioctl$F2FS_IOC_SET_PIN_FILE(r0, 0x4004f50d, &(0x7f0000000040)) ioctl$IMGETCOUNT(r1, 0x618e, 0x0) 206.904094ms ago: executing program 2 (id=2560): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x5, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000022c0)=@newtfilter={0x90, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0xffff, 0x5}, {}, {0x7, 0x3}}, [@filter_kind_options=@f_matchall={{0xd}, {0x5c, 0x2, [@TCA_MATCHALL_ACT={0x58, 0x2, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x57f}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x4e3, 0xca0b, 0x6, 0x3}, 0x3}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}]}]}}]}, 0x90}, 0x1, 0x0, 0x0, 0x40000}, 0x44000) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r5) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000140)='\r', 0x1}], 0x1}, 0x4) 50.60136ms ago: executing program 0 (id=2561): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r0, 0x0, 0x0) 16.149784ms ago: executing program 0 (id=2562): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 0s ago: executing program 2 (id=2563): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/vlan/vlan0\x00') socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r1, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00'}) syz_emit_vhci(&(0x7f00000000c0)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x3, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0x4, 0x4}, {0x5, 0x6d99}}}}, 0x11) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='cpuset\x00', 0x2015034, &(0x7f0000000180)='}(\x00') ptrace$pokeuser(0x6, r2, 0x108, 0x4) ptrace$pokeuser(0x6, r2, 0x118, 0x20000000) read$FUSE(r0, 0x0, 0x0) kernel console output (not intermixed with test programs): nal. Quota mode: writeback. [ 173.307869][ T8460] ext4 filesystem being mounted at /167/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 173.330100][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.420298][ T5839] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.841846][ T8510] loop1: detected capacity change from 0 to 128 [ 174.631672][ T8518] netlink: 'syz.2.911': attribute type 1 has an invalid length. [ 174.662089][ T8519] loop4: detected capacity change from 0 to 512 [ 174.698671][ T8519] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 174.737247][ T8519] System zones: 0-2, 18-18, 34-35 [ 174.763303][ T8519] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 174.905776][ T8519] ext4 filesystem being mounted at /161/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 175.071315][ T8524] 8021q: adding VLAN 0 to HW filter on device bond11 [ 175.097344][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.121484][ T8524] bond10: (slave bond11): making interface the new active one [ 175.176262][ T8524] bond10: (slave bond11): Enslaving as an active interface with an up link [ 175.359317][ T12] kworker/u8:0: attempt to access beyond end of device [ 175.359317][ T12] loop1: rw=1, sector=145, nr_sectors = 896 limit=128 [ 175.380748][ T8532] netlink: 8 bytes leftover after parsing attributes in process `syz.2.916'. [ 176.027361][ T8555] netlink: 4 bytes leftover after parsing attributes in process `syz.4.922'. [ 176.047009][ T8557] netlink: 72 bytes leftover after parsing attributes in process `syz.1.923'. [ 176.344711][ T8564] netlink: 'syz.0.926': attribute type 1 has an invalid length. [ 177.286343][ T8570] 8021q: adding VLAN 0 to HW filter on device bond7 [ 177.333632][ T8576] netlink: 8 bytes leftover after parsing attributes in process `syz.4.931'. [ 177.348195][ T8570] bond6: (slave bond7): making interface the new active one [ 177.398910][ T8570] bond6: (slave bond7): Enslaving as an active interface with an up link [ 177.685217][ T8585] loop4: detected capacity change from 0 to 512 [ 177.748973][ T8585] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 177.810295][ T8585] System zones: 0-2, 18-18, 34-35 [ 177.868099][ T8585] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.950982][ T8585] ext4 filesystem being mounted at /166/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 178.161073][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.180359][ T49] Bluetooth: hci5: Frame reassembly failed (-84) [ 178.342035][ T8611] netlink: 8 bytes leftover after parsing attributes in process `syz.2.942'. [ 178.407898][ T8615] netlink: 'syz.1.944': attribute type 1 has an invalid length. [ 178.569113][ T8620] 8021q: adding VLAN 0 to HW filter on device bond6 [ 178.595559][ T8620] bond5: (slave bond6): making interface the new active one [ 178.612715][ T8620] bond5: (slave bond6): Enslaving as an active interface with an up link [ 178.859700][ T8634] loop4: detected capacity change from 0 to 128 [ 178.872167][ T8638] loop1: detected capacity change from 0 to 512 [ 178.916487][ T8638] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 178.926322][ T8638] System zones: 0-2, 18-18, 34-35 [ 178.935490][ T8638] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.948201][ T8638] ext4 filesystem being mounted at /192/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 179.025356][ T5841] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.180474][ T8650] netlink: 8 bytes leftover after parsing attributes in process `syz.3.955'. [ 179.375539][ T8660] netlink: 'syz.2.958': attribute type 1 has an invalid length. [ 179.482010][ T8660] 8021q: adding VLAN 0 to HW filter on device bond13 [ 179.494277][ T8660] bond12: (slave bond13): making interface the new active one [ 179.502841][ T8660] bond12: (slave bond13): Enslaving as an active interface with an up link [ 179.675538][ T8674] loop2: detected capacity change from 0 to 512 [ 179.701783][ T8674] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 179.726774][ T8674] System zones: 0-2, 18-18, 34-35 [ 179.753421][ T8674] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 179.783193][ T8674] ext4 filesystem being mounted at /219/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 179.837499][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.048736][ T8690] netlink: 8 bytes leftover after parsing attributes in process `syz.2.966'. [ 180.253956][ T8604] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 180.255092][ T5163] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 180.267090][ T5852] Bluetooth: hci0: command 0x0401 tx timeout [ 180.273304][ T51] Bluetooth: hci5: command 0x1003 tx timeout [ 180.287914][ T8704] netlink: 'syz.2.973': attribute type 1 has an invalid length. [ 180.400863][ T8711] loop0: detected capacity change from 0 to 512 [ 180.597735][ T8711] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 180.614629][ T8711] System zones: 0-2, 18-18, 34-35 [ 180.617317][ T8707] 8021q: adding VLAN 0 to HW filter on device bond15 [ 180.637254][ T8707] bond14: (slave bond15): making interface the new active one [ 180.645783][ T8707] bond14: (slave bond15): Enslaving as an active interface with an up link [ 180.657092][ T8725] loop1: detected capacity change from 0 to 128 [ 180.700986][ T8711] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 180.752189][ T8711] ext4 filesystem being mounted at /195/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 180.930730][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.007131][ T8737] netlink: 8 bytes leftover after parsing attributes in process `syz.2.981'. [ 181.159300][ T1151] Bluetooth: hci5: Frame reassembly failed (-84) [ 181.168848][ T1151] Bluetooth: hci5: Frame reassembly failed (-84) [ 181.424094][ T8759] netlink: 'syz.4.989': attribute type 1 has an invalid length. [ 181.540034][ T8759] netlink: 60 bytes leftover after parsing attributes in process `syz.4.989'. [ 181.581526][ T8763] 8021q: adding VLAN 0 to HW filter on device bond10 [ 181.600768][ T8763] bond9: (slave bond10): making interface the new active one [ 181.621437][ T8763] bond9: (slave bond10): Enslaving as an active interface with an up link [ 181.630940][ T8772] loop1: detected capacity change from 0 to 512 [ 181.659329][ T8772] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 181.677227][ T8772] System zones: 0-2, 18-18, 34-35 [ 181.715307][ T8772] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 181.730416][ T8772] ext4 filesystem being mounted at /201/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 181.785668][ T5841] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.984993][ T8789] netlink: 100 bytes leftover after parsing attributes in process `syz.2.997'. [ 182.118960][ T8794] netlink: 12 bytes leftover after parsing attributes in process `syz.1.998'. [ 182.140297][ T8794] netlink: 8 bytes leftover after parsing attributes in process `syz.1.998'. [ 182.317446][ T8799] loop2: detected capacity change from 0 to 128 [ 182.419504][ T8806] netlink: 'syz.1.1004': attribute type 1 has an invalid length. [ 182.469254][ T8811] loop0: detected capacity change from 0 to 512 [ 182.487702][ T8811] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 182.501167][ T8811] System zones: 0-2, 18-18, 34-35 [ 182.510146][ T8811] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 182.524309][ T8811] ext4 filesystem being mounted at /199/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 182.547204][ T8806] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1004'. [ 182.556200][ T8812] 8021q: adding VLAN 0 to HW filter on device bond8 [ 182.566033][ T8812] bond7: (slave bond8): making interface the new active one [ 182.574657][ T8812] bond7: (slave bond8): Enslaving as an active interface with an up link [ 182.625472][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.725748][ T8821] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1007'. [ 182.876872][ T8829] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1011'. [ 182.924963][ T8831] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1012'. [ 182.955388][ T8831] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1012'. [ 183.214269][ T5852] Bluetooth: hci5: command 0x1003 tx timeout [ 183.215709][ T5163] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 183.221869][ T51] Bluetooth: hci0: command 0x0401 tx timeout [ 183.227664][ T8744] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 183.370499][ T8850] loop3: detected capacity change from 0 to 512 [ 183.396679][ T8850] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 183.408403][ T8850] System zones: 0-2, 18-18, 34-35 [ 183.420471][ T8850] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 183.436490][ T8850] ext4 filesystem being mounted at /186/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 183.463396][ T8855] netlink: 'syz.2.1019': attribute type 1 has an invalid length. [ 183.526559][ T5839] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.817079][ T8859] 8021q: adding VLAN 0 to HW filter on device bond17 [ 183.826464][ T8859] bond16: (slave bond17): making interface the new active one [ 183.835360][ T8859] bond16: (slave bond17): Enslaving as an active interface with an up link [ 184.037703][ T8885] loop3: detected capacity change from 0 to 128 [ 184.173557][ T1151] Bluetooth: hci5: Frame reassembly failed (-84) [ 184.287414][ T8898] loop4: detected capacity change from 0 to 512 [ 184.327736][ T8898] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 184.336348][ T8898] System zones: 0-2, 18-18, 34-35 [ 184.351110][ T8898] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 184.365150][ T8898] ext4 filesystem being mounted at /189/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 184.415962][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.841753][ T8920] netlink: 'syz.4.1041': attribute type 1 has an invalid length. [ 184.990194][ T8925] 8021q: adding VLAN 0 to HW filter on device bond12 [ 185.000388][ T8925] bond11: (slave bond12): making interface the new active one [ 185.018249][ T8925] bond11: (slave bond12): Enslaving as an active interface with an up link [ 185.181979][ T8940] loop2: detected capacity change from 0 to 512 [ 185.216903][ T8940] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 185.247019][ T8940] System zones: 0-2, 18-18, 34-35 [ 185.287171][ T8940] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 185.325767][ T8940] ext4 filesystem being mounted at /234/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 185.400206][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 185.779567][ T8969] loop2: detected capacity change from 0 to 128 [ 185.849025][ T8971] netlink: 'syz.3.1057': attribute type 1 has an invalid length. [ 185.971398][ T8971] 8021q: adding VLAN 0 to HW filter on device bond3 [ 185.998427][ T8971] bond2: (slave bond3): making interface the new active one [ 186.008738][ T8971] bond2: (slave bond3): Enslaving as an active interface with an up link [ 186.102856][ T8986] loop0: detected capacity change from 0 to 512 [ 186.132470][ T8986] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 186.145501][ T8986] System zones: 0-2, 18-18, 34-35 [ 186.161833][ T8986] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 186.180681][ T5163] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 186.210213][ T8986] ext4 filesystem being mounted at /217/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 186.212795][ T8889] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 186.254478][ T5163] Bluetooth: hci0: command 0x0401 tx timeout [ 186.482600][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 186.530982][ T9003] __nla_validate_parse: 10 callbacks suppressed [ 186.530997][ T9003] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1067'. [ 186.828462][ T9019] netlink: 'syz.3.1072': attribute type 1 has an invalid length. [ 186.957219][ T9024] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1072'. [ 187.003785][ T1151] Bluetooth: hci5: Frame reassembly failed (-84) [ 187.027125][ T9019] 8021q: adding VLAN 0 to HW filter on device bond5 [ 187.047838][ T9019] bond4: (slave bond5): making interface the new active one [ 187.061618][ T9019] bond4: (slave bond5): Enslaving as an active interface with an up link [ 187.127560][ T9032] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1075'. [ 187.186988][ T9034] loop3: detected capacity change from 0 to 512 [ 187.210073][ T9034] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 187.221318][ T9034] System zones: 0-2, 18-18, 34-35 [ 187.231611][ T9034] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 187.248280][ T9034] ext4 filesystem being mounted at /200/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 187.331695][ T5839] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.869105][ T9049] loop0: detected capacity change from 0 to 128 [ 188.142581][ T9064] netlink: 'syz.1.1086': attribute type 1 has an invalid length. [ 188.219888][ T9067] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1087'. [ 188.277005][ T9064] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1086'. [ 188.309977][ T9064] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1086'. [ 188.332885][ T9076] loop3: detected capacity change from 0 to 512 [ 188.361075][ T9076] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 188.395017][ T9076] System zones: 0-2, 18-18, 34-35 [ 188.399179][ T9068] 8021q: adding VLAN 0 to HW filter on device bond10 [ 188.433528][ T9076] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 188.446629][ T9076] ext4 filesystem being mounted at /207/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 188.479854][ T9068] bond9: (slave bond10): making interface the new active one [ 188.488258][ T9068] bond9: (slave bond10): Enslaving as an active interface with an up link [ 188.581614][ T5839] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.701812][ T9088] loop1: detected capacity change from 0 to 1024 [ 188.746320][ T9088] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 188.837270][ T5841] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.056114][ T5163] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 189.068173][ T5163] Bluetooth: hci0: command 0x0401 tx timeout [ 189.076778][ T9026] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 189.320710][ T9103] loop1: detected capacity change from 0 to 128 [ 189.988710][ T9108] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1099'. [ 190.815777][ T1156] kworker/u8:8: attempt to access beyond end of device [ 190.815777][ T1156] loop1: rw=1, sector=145, nr_sectors = 896 limit=128 [ 190.903226][ T9132] netlink: 'syz.4.1104': attribute type 1 has an invalid length. [ 191.018119][ T9135] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1104'. [ 191.054419][ T5163] Bluetooth: hci2: command 0x0406 tx timeout [ 191.060772][ T5853] Bluetooth: hci1: command 0x0406 tx timeout [ 191.060809][ T5856] Bluetooth: hci3: command 0x0406 tx timeout [ 191.069568][ T5163] Bluetooth: hci4: command 0x0406 tx timeout [ 191.092055][ T9135] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1104'. [ 191.134117][ T51] Bluetooth: hci0: command 0x0401 tx timeout [ 191.460479][ T9134] 8021q: adding VLAN 0 to HW filter on device bond14 [ 191.489683][ T9134] bond13: (slave bond14): making interface the new active one [ 191.514938][ T9134] bond13: (slave bond14): Enslaving as an active interface with an up link [ 191.537828][ T9147] loop0: detected capacity change from 0 to 128 [ 191.726695][ T9152] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1110'. [ 192.196123][ T9159] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1113'. [ 192.827772][ T9162] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1114'. [ 192.946176][ T9168] loop4: detected capacity change from 0 to 128 [ 194.116975][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.125375][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.434258][ T58] kworker/u8:4: attempt to access beyond end of device [ 194.434258][ T58] loop4: rw=1, sector=145, nr_sectors = 896 limit=128 [ 194.546179][ T9188] netlink: 'syz.3.1121': attribute type 1 has an invalid length. [ 194.652584][ T9197] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1124'. [ 194.657029][ T9198] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1121'. [ 194.675288][ T9198] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1121'. [ 194.753524][ T9195] 8021q: adding VLAN 0 to HW filter on device bond7 [ 194.769891][ T9195] bond6: (slave bond7): making interface the new active one [ 194.797325][ T9195] bond6: (slave bond7): Enslaving as an active interface with an up link [ 195.142838][ T9210] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1128'. [ 195.358839][ T9222] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1130'. [ 196.255945][ T9214] loop4: detected capacity change from 0 to 128 [ 197.281276][ T9233] loop0: detected capacity change from 0 to 128 [ 198.232640][ T1168] kworker/u8:9: attempt to access beyond end of device [ 198.232640][ T1168] loop0: rw=1, sector=145, nr_sectors = 896 limit=128 [ 198.352757][ T9251] netlink: 'syz.1.1139': attribute type 1 has an invalid length. [ 198.490002][ T9258] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1139'. [ 198.526529][ T9258] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1139'. [ 198.650324][ T9253] 8021q: adding VLAN 0 to HW filter on device bond12 [ 198.662958][ T9253] bond11: (slave bond12): making interface the new active one [ 198.671588][ T9253] bond11: (slave bond12): Enslaving as an active interface with an up link [ 199.212732][ T9275] loop4: detected capacity change from 0 to 128 [ 199.863940][ T9276] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1145'. [ 199.931652][ T9291] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1150'. [ 200.447262][ T9296] loop0: detected capacity change from 0 to 128 [ 201.138675][ T9301] netlink: 'syz.4.1153': attribute type 1 has an invalid length. [ 201.274198][ T9308] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1153'. [ 201.348742][ T9308] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1153'. [ 201.918848][ T9305] bond15 (unregistering): Released all slaves [ 201.929602][ T13] kworker/u8:1: attempt to access beyond end of device [ 201.929602][ T13] loop0: rw=1, sector=145, nr_sectors = 896 limit=128 [ 202.079722][ T9301] workqueue: Failed to create a rescuer kthread for wq "bond15": -EINTR [ 202.740645][ T9343] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1164'. [ 202.826843][ T9344] loop3: detected capacity change from 0 to 128 [ 203.577268][ T9362] loop2: detected capacity change from 0 to 128 [ 203.956157][ T9364] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1169'. [ 204.520269][ T9371] netlink: 'syz.3.1172': attribute type 1 has an invalid length. [ 204.598964][ T9371] 8021q: adding VLAN 0 to HW filter on device bond9 [ 204.609571][ T9371] bond8: (slave bond9): making interface the new active one [ 204.618565][ T9371] bond8: (slave bond9): Enslaving as an active interface with an up link [ 204.636355][ T9371] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1172'. [ 204.645588][ T9371] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1172'. [ 205.089155][ T1168] kworker/u8:9: attempt to access beyond end of device [ 205.089155][ T1168] loop2: rw=1, sector=145, nr_sectors = 896 limit=128 [ 205.342874][ T1168] Bluetooth: hci5: Frame reassembly failed (-84) [ 205.554435][ T9390] loop3: detected capacity change from 0 to 128 [ 205.762213][ T9402] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1180'. [ 206.158194][ T9414] netlink: 'syz.0.1185': attribute type 1 has an invalid length. [ 206.240846][ T9416] loop4: detected capacity change from 0 to 128 [ 206.866192][ T9421] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1185'. [ 207.375068][ T5855] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 207.383340][ T5855] Bluetooth: hci0: command 0x0401 tx timeout [ 207.460790][ T9384] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 207.761732][ T1151] kworker/u8:7: attempt to access beyond end of device [ 207.761732][ T1151] loop4: rw=1, sector=145, nr_sectors = 896 limit=128 [ 208.103205][ T9440] loop4: detected capacity change from 0 to 128 [ 208.341555][ T9453] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1193'. [ 208.617325][ T9466] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1196'. [ 208.782205][ T9470] netlink: 'syz.0.1198': attribute type 1 has an invalid length. [ 208.910311][ T9470] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1198'. [ 208.964370][ T9472] 8021q: adding VLAN 0 to HW filter on device bond11 [ 208.995200][ T9472] bond10: (slave bond11): making interface the new active one [ 209.005852][ T9472] bond10: (slave bond11): Enslaving as an active interface with an up link [ 209.186092][ T171] Bluetooth: hci5: Frame reassembly failed (-84) [ 209.489349][ T9486] loop4: detected capacity change from 0 to 128 [ 211.086959][ T9498] loop0: detected capacity change from 0 to 128 [ 211.172136][ T9500] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1208'. [ 211.186474][ T13] kworker/u8:1: attempt to access beyond end of device [ 211.186474][ T13] loop4: rw=1, sector=145, nr_sectors = 896 limit=128 [ 211.226712][ T9479] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 211.236520][ T5843] Bluetooth: hci0: command 0x0401 tx timeout [ 211.242580][ T5843] Bluetooth: hci5: command 0x1003 tx timeout [ 211.294982][ T5847] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 211.727062][ T9511] netlink: 'syz.2.1210': attribute type 1 has an invalid length. [ 211.870433][ T9519] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1210'. [ 212.135241][ T9517] 8021q: adding VLAN 0 to HW filter on device bond19 [ 212.165863][ T9517] bond18: (slave bond19): making interface the new active one [ 212.201352][ T9517] bond18: (slave bond19): Enslaving as an active interface with an up link [ 212.530682][ T9538] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1215'. [ 213.016983][ T9549] loop4: detected capacity change from 0 to 128 [ 213.918832][ T9556] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1221'. [ 213.963511][ T9488] Bluetooth: hci5: Frame reassembly failed (-84) [ 214.478750][ T9488] kworker/u8:13: attempt to access beyond end of device [ 214.478750][ T9488] loop4: rw=1, sector=145, nr_sectors = 896 limit=128 [ 214.519377][ T9564] loop0: detected capacity change from 0 to 128 [ 214.738132][ T9570] netlink: 'syz.2.1226': attribute type 1 has an invalid length. [ 214.883099][ T9577] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1226'. [ 215.040083][ T9575] 8021q: adding VLAN 0 to HW filter on device bond21 [ 215.079638][ T9575] bond20: (slave bond21): making interface the new active one [ 215.110199][ T9575] bond20: (slave bond21): Enslaving as an active interface with an up link [ 216.010493][ T9602] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1232'. [ 216.023319][ T5847] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 216.029965][ T5843] Bluetooth: hci5: command 0x1003 tx timeout [ 216.033756][ T9555] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 216.042233][ T5855] Bluetooth: hci0: command 0x0401 tx timeout [ 216.330335][ T9612] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1237'. [ 216.429746][ T9615] loop3: detected capacity change from 0 to 128 [ 217.331231][ T9623] netlink: 'syz.2.1240': attribute type 1 has an invalid length. [ 217.473875][ T9636] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1240'. [ 217.952760][ T1156] kworker/u8:8: attempt to access beyond end of device [ 217.952760][ T1156] loop3: rw=1, sector=145, nr_sectors = 896 limit=128 [ 218.306595][ T9657] loop3: detected capacity change from 0 to 128 [ 218.944075][ T9663] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1248'. [ 219.518301][ T9488] Bluetooth: hci5: Frame reassembly failed (-84) [ 219.801654][ T9682] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1255'. [ 219.866316][ T9684] netlink: 'syz.3.1256': attribute type 1 has an invalid length. [ 219.958219][ T9686] 8021q: adding VLAN 0 to HW filter on device bond11 [ 219.968388][ T9686] bond10: (slave bond11): making interface the new active one [ 219.977176][ T9686] bond10: (slave bond11): Enslaving as an active interface with an up link [ 219.984043][ T9684] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1256'. [ 220.063614][ T9689] loop1: detected capacity change from 0 to 128 [ 220.921769][ T9695] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1259'. [ 221.573568][ T5843] Bluetooth: hci0: command 0x0401 tx timeout [ 221.579775][ T5847] Bluetooth: hci5: command 0x1003 tx timeout [ 221.589996][ T5855] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 221.592760][ T1347] kworker/u8:10: attempt to access beyond end of device [ 221.592760][ T1347] loop1: rw=1, sector=145, nr_sectors = 896 limit=128 [ 221.599728][ T9665] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 221.990551][ T9724] loop2: detected capacity change from 0 to 128 [ 222.446221][ T9739] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1269'. [ 223.337950][ T9757] loop3: detected capacity change from 0 to 128 [ 224.866338][ T12] kworker/u8:0: attempt to access beyond end of device [ 224.866338][ T12] loop3: rw=1, sector=145, nr_sectors = 896 limit=128 [ 225.130516][ T9782] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1284'. [ 226.553197][ T9812] loop0: detected capacity change from 0 to 128 [ 228.186999][ T9819] netlink: 'syz.3.1296': attribute type 1 has an invalid length. [ 228.346480][ T9420] kworker/u8:12: attempt to access beyond end of device [ 228.346480][ T9420] loop0: rw=1, sector=145, nr_sectors = 896 limit=128 [ 228.476024][ T9821] 8021q: adding VLAN 0 to HW filter on device bond13 [ 228.509728][ T9821] bond12: (slave bond13): making interface the new active one [ 228.540530][ T9821] bond12: (slave bond13): Enslaving as an active interface with an up link [ 229.379574][ T9860] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1310'. [ 229.507715][ T9863] loop3: detected capacity change from 0 to 128 [ 229.698210][ T9870] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1313'. [ 231.316701][ T9895] loop2: detected capacity change from 0 to 512 [ 231.340478][ T9895] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 231.426795][ T9895] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #17: comm syz.2.1324: inode has both inline data and extents flags [ 231.453487][ T9895] fserror_report: 1 callbacks suppressed [ 231.453502][ T9895] loop2: lost file I/O error report for ino 17 type 5 pos 0x0 len 0x0 error -117 [ 231.468639][ T9895] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.1324: couldn't read orphan inode 17 (err -117) [ 231.477860][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 231.477890][ C0] EXT4-fs (loop2): initial error at time 1773887706: ext4_orphan_get:1391: inode 17 [ 231.477924][ C0] EXT4-fs (loop2): last error at time 1773887706: ext4_orphan_get:1391: inode 17 [ 231.548840][ T9895] loop2: lost filesystem error report for type 5 error -117 [ 231.555685][ T9895] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 231.704364][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.925049][ T9912] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1330'. [ 232.445177][ T9906] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 232.569333][ T9921] netlink: 388 bytes leftover after parsing attributes in process `syz.2.1334'. [ 233.514647][ T30] audit: type=1326 audit(1773887708.357:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9946 comm="syz.3.1342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7108d9c799 code=0x7ffc0000 [ 233.594182][ T30] audit: type=1326 audit(1773887708.387:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9946 comm="syz.3.1342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7108d9c799 code=0x7ffc0000 [ 233.681482][ T30] audit: type=1326 audit(1773887708.397:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9946 comm="syz.3.1342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7108d9c799 code=0x7ffc0000 [ 233.710831][ T5855] Bluetooth: hci0: command 0x0401 tx timeout [ 233.721198][ T30] audit: type=1326 audit(1773887708.397:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9946 comm="syz.3.1342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7108d9c799 code=0x7ffc0000 [ 233.751923][ T30] audit: type=1326 audit(1773887708.397:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9946 comm="syz.3.1342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f7108d9c799 code=0x7ffc0000 [ 233.761032][ T9956] netlink: 388 bytes leftover after parsing attributes in process `syz.1.1346'. [ 233.775401][ T30] audit: type=1326 audit(1773887708.397:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9946 comm="syz.3.1342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7108d9c799 code=0x7ffc0000 [ 233.805650][ T30] audit: type=1326 audit(1773887708.407:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9946 comm="syz.3.1342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=424 compat=0 ip=0x7f7108d9c799 code=0x7ffc0000 [ 233.828448][ T30] audit: type=1326 audit(1773887708.407:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9946 comm="syz.3.1342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7108d9c799 code=0x7ffc0000 [ 233.966593][ T9958] loop1: detected capacity change from 0 to 512 [ 233.983149][ T9958] EXT4-fs: inline encryption not supported [ 234.007711][ T9958] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 234.047690][ T9958] EXT4-fs (loop1): orphan cleanup on readonly fs [ 234.070979][ T9958] EXT4-fs error (device loop1): ext4_orphan_get:1391: comm syz.1.1347: inode #15: comm syz.1.1347: iget: illegal inode # [ 234.126973][ T9958] loop1: lost filesystem error report for type 5 error -117 [ 234.129276][ T9958] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.1347: couldn't read orphan inode 15 (err -117) [ 234.136678][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 234.136697][ C0] EXT4-fs (loop1): initial error at time 1773887708: ext4_orphan_get:1391 [ 234.136721][ C0] EXT4-fs (loop1): last error at time 1773887708: ext4_orphan_get:1391 [ 234.185398][ T9958] loop1: lost filesystem error report for type 5 error -117 [ 234.197460][ T9958] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 234.359076][ T5841] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.515773][ T9954] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 234.708872][ T9984] netlink: 'syz.3.1356': attribute type 1 has an invalid length. [ 234.957089][ T9991] netlink: 388 bytes leftover after parsing attributes in process `syz.2.1358'. [ 235.256575][T10004] loop1: detected capacity change from 0 to 512 [ 235.358371][T10004] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.1363: invalid indirect mapped block 256 (level 2) [ 235.381084][T10004] loop1: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 235.381738][T10004] EXT4-fs (loop1): 2 truncates cleaned up [ 235.390947][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 235.390966][ C0] EXT4-fs (loop1): initial error at time 1773887710: ext4_free_branches:1023: inode 11 [ 235.390997][ C0] EXT4-fs (loop1): last error at time 1773887710: ext4_free_branches:1023: inode 11 [ 235.426059][T10004] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 235.443041][ T30] audit: type=1800 audit(1773887710.287:18): pid=10004 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1363" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 235.474336][T10004] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1363'. [ 235.483286][T10004] bond0: option min_links: invalid value (18446744072127363710) [ 235.491029][T10004] bond0: option min_links: allowed values 0 - 2147483647 [ 235.775184][ T5855] Bluetooth: hci0: command 0x0401 tx timeout [ 235.781477][T10018] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 236.093775][T10009] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 236.665393][ T5841] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.665832][T10058] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 237.847063][T10083] loop1: detected capacity change from 0 to 512 [ 237.855735][ T5855] Bluetooth: hci0: command 0x0401 tx timeout [ 237.893385][T10083] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 237.918060][T10083] System zones: 0-2, 18-18, 34-35 [ 237.944105][T10083] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 237.977982][T10083] ext4 filesystem being mounted at /283/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 238.020498][ T5841] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 238.155949][T10092] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1394'. [ 238.715925][ T9420] Bluetooth: hci5: Frame reassembly failed (-84) [ 239.290693][T10122] loop2: detected capacity change from 0 to 512 [ 239.321716][T10122] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 239.338255][T10122] System zones: 0-2, 18-18, 34-35 [ 239.449180][T10122] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 239.474156][T10122] ext4 filesystem being mounted at /307/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 239.557576][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 239.805402][T10141] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1410'. [ 239.934293][ T5847] Bluetooth: hci0: command 0x0401 tx timeout [ 240.735045][ T5855] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 240.742710][T10165] loop3: detected capacity change from 0 to 512 [ 240.762043][T10166] netlink: 292 bytes leftover after parsing attributes in process `syz.1.1418'. [ 240.838783][T10165] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 240.873827][T10165] System zones: 0-2, 18-18, 34-35 [ 240.891326][T10165] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 240.911261][T10165] ext4 filesystem being mounted at /276/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 241.016560][T10175] netlink: 380 bytes leftover after parsing attributes in process `syz.0.1421'. [ 241.105268][ T5839] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 241.657690][T10205] loop0: detected capacity change from 0 to 512 [ 241.701843][T10205] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 241.715658][T10205] System zones: 0-2, 18-18, 34-35 [ 241.762845][T10205] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 241.813489][T10214] netlink: 380 bytes leftover after parsing attributes in process `syz.1.1438'. [ 241.830776][T10205] ext4 filesystem being mounted at /277/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 241.913399][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 242.467553][T10245] netlink: 380 bytes leftover after parsing attributes in process `syz.1.1451'. [ 242.491500][T10243] loop2: detected capacity change from 0 to 512 [ 242.563418][T10243] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 242.577669][T10243] System zones: 0-2, 18-18, 34-35 [ 242.585969][T10243] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 242.600242][T10243] ext4 filesystem being mounted at /318/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 242.692373][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 242.987103][T10265] netlink: 'syz.2.1459': attribute type 32 has an invalid length. [ 243.403376][T10287] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1464'. [ 243.454186][ T5847] Bluetooth: hci5: command 0x1003 tx timeout [ 243.462889][ T5855] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 243.500715][T10292] netlink: 388 bytes leftover after parsing attributes in process `syz.2.1467'. [ 243.542553][T10290] loop4: detected capacity change from 0 to 512 [ 243.573173][T10290] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 243.612220][T10290] System zones: 0-2, 18-18, 34-35 [ 243.628847][T10290] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 243.656066][T10290] ext4 filesystem being mounted at /275/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 243.802846][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.861255][T10307] loop3: detected capacity change from 0 to 128 [ 245.858849][ T1151] kworker/u8:7: attempt to access beyond end of device [ 245.858849][ T1151] loop3: rw=1, sector=145, nr_sectors = 896 limit=128 [ 246.145683][T10336] netlink: 388 bytes leftover after parsing attributes in process `syz.2.1480'. [ 246.248726][T10340] loop1: detected capacity change from 0 to 512 [ 246.278141][T10340] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 246.305074][T10340] System zones: 0-2, 18-18, 34-35 [ 246.330743][T10340] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 246.378144][T10340] ext4 filesystem being mounted at /309/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 246.398248][T10352] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1484'. [ 246.552235][ T5841] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 246.870368][T10369] loop0: detected capacity change from 0 to 128 [ 247.731037][T10380] netlink: 388 bytes leftover after parsing attributes in process `syz.2.1495'. [ 248.093796][ T5855] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 248.101143][ T5847] Bluetooth: hci5: command 0x1003 tx timeout [ 248.327497][T10389] loop4: detected capacity change from 0 to 512 [ 248.367097][T10389] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 248.381286][ T1151] kworker/u8:7: attempt to access beyond end of device [ 248.381286][ T1151] loop0: rw=1, sector=145, nr_sectors = 896 limit=128 [ 248.399476][T10389] System zones: 0-2, 18-18, 34-35 [ 248.429456][T10389] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 248.446244][T10389] ext4 filesystem being mounted at /278/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 248.518313][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 248.543939][T10396] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1500'. [ 249.012037][T10411] loop2: detected capacity change from 0 to 128 [ 249.160331][T10412] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1505'. [ 250.436602][T10423] loop1: detected capacity change from 0 to 128 [ 251.199707][T10430] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1514'. [ 251.465511][T10441] capability: warning: `syz.3.1516' uses 32-bit capabilities (legacy support in use) [ 251.550348][T10443] program syz.3.1516 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 251.929983][ T9488] kworker/u8:13: attempt to access beyond end of device [ 251.929983][ T9488] loop1: rw=1, sector=145, nr_sectors = 896 limit=128 [ 251.968283][T10454] loop4: detected capacity change from 0 to 512 [ 251.976181][T10454] EXT4-fs: Ignoring removed nobh option [ 252.031297][T10454] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 252.057250][T10454] ext4 filesystem being mounted at /283/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 252.229766][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.319349][T10468] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1527'. [ 252.442630][T10476] loop1: detected capacity change from 0 to 128 [ 252.960312][T10492] loop4: detected capacity change from 0 to 128 [ 254.199834][T10505] loop3: detected capacity change from 0 to 256 [ 254.390953][T10509] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1541'. [ 254.402280][T10505] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 254.449930][T10509] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1541'. [ 254.477465][T10505] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 254.487734][T10505] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 254.503696][ T30] audit: type=1800 audit(1773887729.347:19): pid=10505 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1540" name="file1" dev="loop3" ino=1048641 res=0 errno=0 [ 254.532906][ T9420] kworker/u8:12: attempt to access beyond end of device [ 254.532906][ T9420] loop4: rw=1, sector=145, nr_sectors = 896 limit=128 [ 254.685405][T10513] loop3: detected capacity change from 0 to 512 [ 255.124551][T10528] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1548'. [ 255.545004][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.551422][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.757000][T10533] loop2: detected capacity change from 0 to 1024 [ 255.776218][T10533] EXT4-fs: Ignoring removed orlov option [ 255.792622][T10533] EXT4-fs: Ignoring removed nobh option [ 255.846171][T10533] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 256.496936][T10552] loop0: detected capacity change from 0 to 128 [ 258.830804][ T13] kworker/u8:1: attempt to access beyond end of device [ 258.830804][ T13] loop0: rw=1, sector=145, nr_sectors = 896 limit=128 [ 258.967183][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 259.858765][T10599] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1561'. [ 260.294914][T10610] loop2: detected capacity change from 0 to 256 [ 260.392359][T10612] loop1: detected capacity change from 0 to 2048 [ 260.416301][T10612] EXT4-fs: Ignoring removed oldalloc option [ 260.465660][T10612] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 260.716727][ T5841] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 261.015314][T10637] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1575'. [ 261.058343][T10637] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1575'. [ 261.352499][T10644] loop3: detected capacity change from 0 to 512 [ 261.391311][T10644] EXT4-fs (loop3): 1 truncate cleaned up [ 261.419595][T10644] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 261.637488][T10653] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1580'. [ 261.823018][T10659] loop0: detected capacity change from 0 to 2048 [ 261.866598][T10659] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 261.883856][ T5839] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 261.918515][T10659] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1315: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 261.978213][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 261.983467][T10668] loop3: detected capacity change from 0 to 512 [ 261.987466][T10666] loop2: detected capacity change from 0 to 512 [ 261.998339][T10668] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #15: comm syz.3.1584: inode has both inline data and extents flags [ 262.014570][T10668] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 262.014852][T10668] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.1584: couldn't read orphan inode 15 (err -117) [ 262.024044][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 262.024063][ C0] EXT4-fs (loop3): initial error at time 1773887736: ext4_orphan_get:1391: inode 15 [ 262.024091][ C0] EXT4-fs (loop3): last error at time 1773887736: ext4_orphan_get:1391: inode 15 [ 262.061667][T10668] loop3: lost filesystem error report for type 5 error -117 [ 262.070314][T10668] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 262.117153][T10666] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 262.173196][T10666] EXT4-fs (loop2): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 262.319861][ T5838] EXT4-fs (loop2): unmounting filesystem 00800000-0000-0000-0000-000000000000. [ 262.393087][T10676] loop4: detected capacity change from 0 to 136 [ 262.445217][ T5839] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 262.499317][T10681] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1589'. [ 262.712873][T10684] loop0: detected capacity change from 0 to 4096 [ 262.769952][T10684] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 262.917413][ T30] audit: type=1800 audit(1773887737.767:20): pid=10684 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1592" name="file0" dev="loop0" ino=13 res=0 errno=0 [ 263.057376][T10710] netlink: 'syz.4.1600': attribute type 1 has an invalid length. [ 263.088744][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 263.195606][T10710] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1600'. [ 263.323368][T10713] 8021q: adding VLAN 0 to HW filter on device bond17 [ 263.333134][T10713] bond16: (slave bond17): making interface the new active one [ 263.341686][T10713] bond16: (slave bond17): Enslaving as an active interface with an up link [ 263.886638][T10758] loop3: detected capacity change from 0 to 128 [ 264.157996][ T5938] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 264.336801][ T5938] usb 5-1: device descriptor read/64, error -71 [ 264.468139][T10775] loop0: detected capacity change from 0 to 128 [ 264.538322][T10775] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 264.609336][T10775] ext4 filesystem being mounted at /318/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 264.628419][ T5938] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 264.699901][T10781] netlink: 'syz.3.1616': attribute type 1 has an invalid length. [ 264.726764][ T5846] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 264.783847][ T5938] usb 5-1: device descriptor read/64, error -71 [ 264.811181][T10785] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1616'. [ 264.907949][ T5938] usb usb5-port1: attempt power cycle [ 264.970924][T10783] 8021q: adding VLAN 0 to HW filter on device bond15 [ 264.994058][T10783] bond14: (slave bond15): making interface the new active one [ 265.006747][T10783] bond14: (slave bond15): Enslaving as an active interface with an up link [ 265.295422][ T5938] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 265.335748][ T5938] usb 5-1: device descriptor read/8, error -71 [ 265.555790][T10813] netlink: 'syz.2.1629': attribute type 1 has an invalid length. [ 265.604761][ T5938] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 265.656144][ T5938] usb 5-1: device descriptor read/8, error -71 [ 265.674709][T10816] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1629'. [ 265.805076][T10823] capability: warning: `syz.0.1631' uses deprecated v2 capabilities in a way that may be insecure [ 265.812346][ T5938] usb usb5-port1: unable to enumerate USB device [ 265.818963][T10823] program syz.0.1631 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 265.835321][T10815] 8021q: adding VLAN 0 to HW filter on device bond25 [ 265.845170][T10815] bond24: (slave bond25): making interface the new active one [ 265.855445][T10815] bond24: (slave bond25): Enslaving as an active interface with an up link [ 265.994619][T10829] loop0: detected capacity change from 0 to 512 [ 266.167119][T10837] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1636'. [ 266.226641][T10839] loop0: detected capacity change from 0 to 1024 [ 266.248698][T10839] EXT4-fs: Ignoring removed bh option [ 266.317110][T10839] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 266.410318][T10852] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1641'. [ 266.433149][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 266.483581][T10854] loop2: detected capacity change from 0 to 512 [ 266.519235][T10854] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.1643: inode has both inline data and extents flags [ 266.569990][T10854] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 266.570800][T10854] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.1643: couldn't read orphan inode 15 (err -117) [ 266.580004][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 266.581066][ C0] EXT4-fs (loop2): initial error at time 1773887741: ext4_orphan_get:1391: inode 15 [ 266.581100][ C0] EXT4-fs (loop2): last error at time 1773887741: ext4_orphan_get:1391: inode 15 [ 266.633755][T10854] loop2: lost filesystem error report for type 5 error -117 [ 266.642375][T10854] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 266.807149][T10863] netlink: 'syz.3.1646': attribute type 1 has an invalid length. [ 266.931854][T10871] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1646'. [ 267.081434][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 267.226312][T10866] 8021q: adding VLAN 0 to HW filter on device bond17 [ 267.238318][T10866] bond16: (slave bond17): making interface the new active one [ 267.247287][T10866] bond16: (slave bond17): Enslaving as an active interface with an up link [ 267.482952][T10891] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1653'. [ 267.974716][T10906] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1659'. [ 268.555102][T10908] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 268.562071][T10908] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 268.589705][T10908] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 268.597061][T10908] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 268.619157][T10908] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 268.626637][T10908] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 268.691293][T10908] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 268.697306][T10908] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 268.721760][T10908] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 268.727843][T10908] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 268.821557][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 268.928394][T10918] netlink: 'syz.4.1663': attribute type 1 has an invalid length. [ 268.979322][T10922] loop0: detected capacity change from 0 to 512 [ 269.036153][T10922] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.1665: inode has both inline data and extents flags [ 269.093826][T10922] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 269.094153][T10922] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.1665: couldn't read orphan inode 15 (err -117) [ 269.102693][T10932] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1663'. [ 269.123631][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 269.130920][ C1] EXT4-fs (loop0): initial error at time 1773887743: ext4_orphan_get:1391: inode 15 [ 269.140363][ C1] EXT4-fs (loop0): last error at time 1773887743: ext4_orphan_get:1391: inode 15 [ 269.165896][T10922] loop0: lost filesystem error report for type 5 error -117 [ 269.170983][T10922] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 269.277784][T10928] 8021q: adding VLAN 0 to HW filter on device bond19 [ 269.289724][T10928] bond18: (slave bond19): making interface the new active one [ 269.307184][T10928] bond18: (slave bond19): Enslaving as an active interface with an up link [ 269.388151][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 269.820776][T10957] loop2: detected capacity change from 0 to 4096 [ 269.855634][T10957] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 269.911509][T10962] netlink: 'syz.0.1678': attribute type 1 has an invalid length. [ 269.959787][T10957] Quota error (device loop2): do_check_range: Getting block 256 out of range 1-5 [ 269.985402][T10957] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 270.043084][T10957] EXT4-fs error (device loop2): ext4_acquire_dquot:7001: comm syz.2.1676: Failed to acquire dquot type 1 [ 270.090777][T10968] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1678'. [ 270.236195][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 270.323393][T10966] 8021q: adding VLAN 0 to HW filter on device bond13 [ 270.365487][T10985] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1681'. [ 270.386456][T10983] loop4: detected capacity change from 0 to 512 [ 270.422709][T10966] bond12: (slave bond13): making interface the new active one [ 270.425406][T10983] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #15: comm syz.4.1682: inode has both inline data and extents flags [ 270.468567][T10983] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 270.471129][T10983] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.1682: couldn't read orphan inode 15 (err -117) [ 270.480385][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 270.480405][ C1] EXT4-fs (loop4): initial error at time 1773887745: ext4_orphan_get:1391: inode 15 [ 270.480436][ C1] EXT4-fs (loop4): last error at time 1773887745: ext4_orphan_get:1391: inode 15 [ 270.494053][ T5847] Bluetooth: hci0: command 0x0401 tx timeout [ 270.509018][T10983] loop4: lost filesystem error report for type 5 error -117 [ 270.536426][T10966] bond12: (slave bond13): Enslaving as an active interface with an up link [ 270.620894][T10983] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 270.654011][ T5847] Bluetooth: hci2: command 0x0406 tx timeout [ 270.663102][ T5847] Bluetooth: hci1: command 0x0406 tx timeout [ 270.733785][ T5847] Bluetooth: hci3: command 0x0406 tx timeout [ 270.813704][ T5847] Bluetooth: hci4: command 0x0406 tx timeout [ 270.922636][T10998] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1687'. [ 270.942715][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 271.369378][T11015] netlink: 'syz.2.1695': attribute type 1 has an invalid length. [ 271.564473][T11015] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1695'. [ 271.610673][T11029] loop4: detected capacity change from 0 to 512 [ 271.627565][T11029] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #15: comm syz.4.1700: inode has both inline data and extents flags [ 271.640980][T11029] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 271.642662][T11029] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.1700: couldn't read orphan inode 15 (err -117) [ 271.651887][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 271.651909][ C1] EXT4-fs (loop4): initial error at time 1773887746: ext4_orphan_get:1391: inode 15 [ 271.651940][ C1] EXT4-fs (loop4): last error at time 1773887746: ext4_orphan_get:1391: inode 15 [ 271.665388][T11021] 8021q: adding VLAN 0 to HW filter on device bond27 [ 271.671540][T11029] loop4: lost filesystem error report for type 5 error -117 [ 271.708179][T11029] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 271.790418][T11021] bond26: (slave bond27): making interface the new active one [ 271.820758][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 271.839557][T11021] bond26: (slave bond27): Enslaving as an active interface with an up link [ 272.090731][T11043] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1704'. [ 272.526056][T11064] loop2: detected capacity change from 0 to 512 [ 272.550001][T11064] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.1714: inode has both inline data and extents flags [ 272.574227][ T5847] Bluetooth: hci0: command 0x0401 tx timeout [ 272.599894][T11064] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 272.601012][T11064] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.1714: couldn't read orphan inode 15 (err -117) [ 272.610234][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 272.610250][ C1] EXT4-fs (loop2): initial error at time 1773887747: ext4_orphan_get:1391: inode 15 [ 272.610276][ C1] EXT4-fs (loop2): last error at time 1773887747: ext4_orphan_get:1391: inode 15 [ 272.738602][ T5847] Bluetooth: hci1: command 0x0406 tx timeout [ 272.745018][ T5855] Bluetooth: hci2: command 0x0406 tx timeout [ 272.798340][T11069] netlink: 'syz.1.1715': attribute type 1 has an invalid length. [ 272.814248][ T5847] Bluetooth: hci3: command 0x0406 tx timeout [ 272.876553][T11064] loop2: lost filesystem error report for type 5 error -117 [ 272.878745][T11064] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 272.893688][ T5847] Bluetooth: hci4: command 0x0406 tx timeout [ 272.980679][T11077] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1715'. [ 273.087255][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 273.129733][T11072] 8021q: adding VLAN 0 to HW filter on device bond14 [ 273.139959][T11072] bond13: (slave bond14): making interface the new active one [ 273.150120][T11072] bond13: (slave bond14): Enslaving as an active interface with an up link [ 273.181126][T11086] Bluetooth: MGMT ver 1.23 [ 273.985122][T11091] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 273.991155][T11091] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 273.997286][T11091] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 274.003237][T11091] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 274.009226][T11091] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 274.351857][T11119] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1729'. [ 274.650732][T11131] netlink: 'syz.4.1732': attribute type 1 has an invalid length. [ 274.785808][T11135] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1732'. [ 274.862199][T11140] loop1: detected capacity change from 0 to 512 [ 274.920490][T11131] 8021q: adding VLAN 0 to HW filter on device bond21 [ 274.927685][T11140] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.1733: inode has both inline data and extents flags [ 275.000415][T11131] bond20: (slave bond21): making interface the new active one [ 275.010964][T11140] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 275.013645][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 275.029260][ C0] EXT4-fs (loop1): initial error at time 1773887749: ext4_orphan_get:1391: inode 15 [ 275.038709][ C0] EXT4-fs (loop1): last error at time 1773887749: ext4_orphan_get:1391: inode 15 [ 275.076215][T11131] bond20: (slave bond21): Enslaving as an active interface with an up link [ 275.090338][T11140] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.1733: couldn't read orphan inode 15 (err -117) [ 275.090372][T11140] loop1: lost filesystem error report for type 5 error -117 [ 275.109962][T11140] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 275.535287][ T5841] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 276.562741][ T5843] Bluetooth: hci4: command 0x0406 tx timeout [ 276.564633][ T5847] Bluetooth: hci2: command 0x0406 tx timeout [ 276.568817][ T5843] Bluetooth: hci0: command 0x0401 tx timeout [ 276.575700][ T5855] Bluetooth: hci3: command 0x0406 tx timeout [ 276.580745][ T5843] Bluetooth: hci1: command 0x0406 tx timeout [ 276.647553][T11183] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 276.654415][T11183] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 276.660412][T11183] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 276.666489][T11183] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 276.672440][T11183] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 276.980258][ T5938] IPVS: starting estimator thread 0... [ 277.067750][T11202] loop1: detected capacity change from 0 to 128 [ 277.137184][T11204] loop2: detected capacity change from 0 to 128 [ 277.163735][T11203] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1746'. [ 277.275949][T11197] IPVS: using max 31 ests per chain, 74400 per kthread [ 278.699342][ T1156] kworker/u8:8: attempt to access beyond end of device [ 278.699342][ T1156] loop2: rw=1, sector=145, nr_sectors = 896 limit=128 [ 278.733739][ T5855] Bluetooth: hci4: command 0x0406 tx timeout [ 278.733848][ T5843] Bluetooth: hci3: command 0x0406 tx timeout [ 278.740309][ T5847] Bluetooth: hci2: command 0x0406 tx timeout [ 278.747440][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 278.752375][ T5852] Bluetooth: hci0: command 0x0401 tx timeout [ 278.975861][T11225] netlink: 'syz.4.1754': attribute type 1 has an invalid length. [ 279.340128][T11239] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1758'. [ 279.558688][T11249] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1762'. [ 279.840101][T11254] loop4: detected capacity change from 0 to 128 [ 281.738328][T10579] kworker/u8:14: attempt to access beyond end of device [ 281.738328][T10579] loop4: rw=1, sector=145, nr_sectors = 896 limit=128 [ 282.693041][T11282] Driver unsupported XDP return value 0 on prog (id 84) dev N/A, expect packet loss! [ 282.728512][T11284] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1775'. [ 282.838549][T11288] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1778'. [ 283.403283][T11308] tipc: Started in network mode [ 283.416228][T11308] tipc: Node identity fffffffd, cluster identity 4711 [ 283.437502][T11308] tipc: Node number set to 4294967293 [ 283.485038][T11313] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1790'. [ 283.698965][T11321] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1793'. [ 284.177174][T11342] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1803'. [ 284.640847][T11360] loop0: detected capacity change from 0 to 128 [ 284.770850][T11362] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1811'. [ 285.223542][T11373] warning: `syz.4.1815' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 285.440554][T11375] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1816'. [ 286.269244][T11410] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1831'. [ 286.841648][T11429] loop2: detected capacity change from 0 to 128 [ 288.040135][T11444] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1848'. [ 288.361985][ T171] kworker/u8:6: attempt to access beyond end of device [ 288.361985][ T171] loop2: rw=1, sector=145, nr_sectors = 896 limit=128 [ 288.564764][T11460] loop3: detected capacity change from 0 to 512 [ 288.618875][T11460] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #15: comm syz.3.1856: inode has both inline data and extents flags [ 288.635825][T11460] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 288.637960][T11460] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.1856: couldn't read orphan inode 15 (err -117) [ 288.647172][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 288.647191][ C0] EXT4-fs (loop3): initial error at time 1773887763: ext4_orphan_get:1391: inode 15 [ 288.647221][ C0] EXT4-fs (loop3): last error at time 1773887763: ext4_orphan_get:1391: inode 15 [ 288.797034][T11460] loop3: lost filesystem error report for type 5 error -117 [ 288.813486][T11460] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 288.860238][T11471] syzkaller1: entered promiscuous mode [ 288.881023][T11471] syzkaller1: entered allmulticast mode [ 289.070163][T11483] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1866'. [ 289.162336][ T5839] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 289.270446][T11487] loop1: detected capacity change from 0 to 128 [ 289.900828][T11489] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1864'. [ 290.556693][T11507] syzkaller0: entered promiscuous mode [ 290.577984][T11507] syzkaller0: entered allmulticast mode [ 290.668558][T11511] tipc: Started in network mode [ 290.683715][T11511] tipc: Node identity 4e5d1e36ea8a, cluster identity 4711 [ 290.700634][T11511] tipc: Enabled bearer , priority 0 [ 290.772303][ T1156] kworker/u8:8: attempt to access beyond end of device [ 290.772303][ T1156] loop1: rw=1, sector=145, nr_sectors = 896 limit=128 [ 290.792081][T11514] loop2: detected capacity change from 0 to 512 [ 290.802866][T11509] tipc: Disabling bearer [ 290.818107][T11514] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.1878: inode has both inline data and extents flags [ 290.865573][T11514] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 290.865883][T11514] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.1878: couldn't read orphan inode 15 (err -117) [ 290.875052][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 290.875071][ C1] EXT4-fs (loop2): initial error at time 1773887765: ext4_orphan_get:1391: inode 15 [ 290.875105][ C1] EXT4-fs (loop2): last error at time 1773887765: ext4_orphan_get:1391: inode 15 [ 290.975090][T11514] loop2: lost filesystem error report for type 5 error -117 [ 290.977484][T11514] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 291.039973][T11522] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1879'. [ 291.394443][T11540] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1888'. [ 291.541485][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 291.730557][T11546] loop4: detected capacity change from 0 to 128 [ 292.452197][T11550] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1893'. [ 292.602753][T11558] loop1: detected capacity change from 0 to 128 [ 292.636619][T11559] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1895'. [ 292.787047][T11561] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1896'. [ 293.258276][T10579] kworker/u8:14: attempt to access beyond end of device [ 293.258276][T10579] loop4: rw=1, sector=145, nr_sectors = 896 limit=128 [ 293.420121][T11572] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1902'. [ 293.627858][T11579] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1904'. [ 294.182706][T11579] syzkaller0: entered promiscuous mode [ 294.194229][T11579] syzkaller0: entered allmulticast mode [ 294.248008][T11579] tc action pedit offset must be on 32 bit boundaries [ 294.255440][T11579] tc action pedit offset must be on 32 bit boundaries [ 294.262238][T11579] tc action pedit offset must be on 32 bit boundaries [ 294.269064][T11579] tc action pedit offset must be on 32 bit boundaries [ 294.275874][T11579] tc action pedit offset must be on 32 bit boundaries [ 294.282635][T11579] tc action pedit offset must be on 32 bit boundaries [ 294.289428][T11579] tc action pedit offset must be on 32 bit boundaries [ 294.296218][T11579] tc action pedit offset must be on 32 bit boundaries [ 294.302976][T11579] tc action pedit offset must be on 32 bit boundaries [ 294.309762][T11579] tc action pedit offset must be on 32 bit boundaries [ 294.316564][T11579] 0: reclassify loop, rule prio 0, protocol 800 [ 294.384595][T11589] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1907'. [ 294.772492][T11606] loop4: detected capacity change from 0 to 512 [ 294.801012][T11606] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #15: comm syz.4.1915: inode has both inline data and extents flags [ 294.814837][T11606] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 294.815964][T11606] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.1915: couldn't read orphan inode 15 (err -117) [ 294.825199][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 294.825218][ C1] EXT4-fs (loop4): initial error at time 1773887769: ext4_orphan_get:1391: inode 15 [ 294.825248][ C1] EXT4-fs (loop4): last error at time 1773887769: ext4_orphan_get:1391: inode 15 [ 294.851429][T11612] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1914'. [ 294.854881][T11606] loop4: lost filesystem error report for type 5 error -117 [ 294.876558][T11606] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 295.009285][T11614] loop0: detected capacity change from 0 to 512 [ 295.090457][T11614] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 295.105687][T11614] ext4 filesystem being mounted at /390/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 295.228331][ T30] audit: type=1800 audit(1773887770.077:21): pid=11614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1916" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 295.329596][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 295.493255][T11620] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1917'. [ 295.529792][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 296.474390][T11632] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1921'. [ 296.749301][T11644] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1935'. [ 296.762533][T11639] syzkaller0: entered promiscuous mode [ 296.780282][T11639] syzkaller0: entered allmulticast mode [ 296.807396][T11641] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1925'. [ 296.928310][T11645] syzkaller0: entered promiscuous mode [ 296.952431][T11645] syzkaller0: entered allmulticast mode [ 296.986764][T11641] 0: reclassify loop, rule prio 0, protocol 800 [ 297.349182][T11653] tipc: Started in network mode [ 297.360422][T11660] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1929'. [ 297.362152][T11653] tipc: Node identity 86f2050b3175, cluster identity 4711 [ 297.377961][T11653] tipc: Enabled bearer , priority 0 [ 297.482522][T11652] tipc: Disabling bearer [ 297.570348][T11669] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1931'. [ 298.329906][T11706] tipc: Enabled bearer , priority 0 [ 298.425349][T11705] tipc: Disabling bearer [ 298.462995][T11716] __nla_validate_parse: 2 callbacks suppressed [ 298.463010][T11716] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1952'. [ 298.688045][T11729] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1955'. [ 299.035264][T11747] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1959'. [ 299.077383][T11750] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1961'. [ 299.268708][T11756] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1962'. [ 299.549114][T11769] loop0: detected capacity change from 0 to 512 [ 299.592363][T11769] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.1968: inode has both inline data and extents flags [ 299.651162][T11769] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 299.653636][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 299.669269][ C1] EXT4-fs (loop0): initial error at time 1773887774: ext4_orphan_get:1391: inode 15 [ 299.678713][ C1] EXT4-fs (loop0): last error at time 1773887774: ext4_orphan_get:1391: inode 15 [ 299.691523][T11769] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.1968: couldn't read orphan inode 15 (err -117) [ 299.740748][T11769] loop0: lost filesystem error report for type 5 error -117 [ 299.742830][T11769] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 299.930785][T11790] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1973'. [ 299.946823][T11792] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1972'. [ 300.148653][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 300.193057][T11795] syzkaller0: entered promiscuous mode [ 300.216798][T11795] syzkaller0: entered allmulticast mode [ 301.173772][T11825] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1983'. [ 301.238867][T11820] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 301.244991][T11820] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 301.250956][T11820] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 301.256953][T11820] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 301.284154][T11829] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1983'. [ 301.385895][T11831] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1985'. [ 301.523078][T11834] syzkaller0: entered promiscuous mode [ 301.544168][T11834] syzkaller0: entered allmulticast mode [ 301.669937][T11842] loop4: detected capacity change from 0 to 512 [ 301.724452][T11842] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #15: comm syz.4.1988: inode has both inline data and extents flags [ 301.764142][T11842] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 301.764508][T11842] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.1988: couldn't read orphan inode 15 (err -117) [ 301.773747][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 301.773768][ C1] EXT4-fs (loop4): initial error at time 1773887776: ext4_orphan_get:1391: inode 15 [ 301.773799][ C1] EXT4-fs (loop4): last error at time 1773887776: ext4_orphan_get:1391: inode 15 [ 301.919478][T11842] loop4: lost filesystem error report for type 5 error -117 [ 301.930014][T11842] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 302.220323][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 303.116473][T11876] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 303.122502][T11876] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 303.129109][T11876] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 303.135113][T11876] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 303.177847][T11880] syzkaller0: entered promiscuous mode [ 303.196633][T11880] syzkaller0: entered allmulticast mode [ 304.037038][T11897] __nla_validate_parse: 5 callbacks suppressed [ 304.037056][T11897] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2005'. [ 304.173164][T11900] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 304.179271][T11900] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 304.185276][T11900] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 304.191235][T11900] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 304.427186][T11914] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2012'. [ 304.477338][T11918] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2015'. [ 304.652762][T11926] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2020'. [ 304.664524][T11926] syzkaller0: entered promiscuous mode [ 304.670046][T11926] syzkaller0: entered allmulticast mode [ 304.727490][T11930] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2021'. [ 305.317302][T11934] loop1: detected capacity change from 0 to 512 [ 305.390533][T11934] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 305.411313][T11941] netlink: 'syz.2.2034': attribute type 1 has an invalid length. [ 305.450602][T11934] ext4 filesystem being mounted at /389/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 305.502672][T11935] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 305.508858][T11935] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 305.514897][T11935] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 305.520849][T11935] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 305.665395][ T5841] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 305.727762][T11945] 8021q: adding VLAN 0 to HW filter on device bond29 [ 305.778414][T11945] bond28: (slave bond29): making interface the new active one [ 305.807513][T11945] bond28: (slave bond29): Enslaving as an active interface with an up link [ 306.145620][T11977] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2035'. [ 306.294349][T11982] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2038'. [ 306.339185][T11982] syzkaller0: entered promiscuous mode [ 306.380363][T11982] syzkaller0: entered allmulticast mode [ 306.919099][T11993] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2041'. [ 307.012212][T11990] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 307.018508][T11990] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 307.024568][T11990] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 307.031395][T11990] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 307.299866][T12012] loop0: detected capacity change from 0 to 512 [ 307.356415][T12012] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.2048: inode has both inline data and extents flags [ 307.385390][T12012] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 307.393661][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 307.404464][T12012] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.2048: couldn't read orphan inode 15 (err -117) [ 307.409240][ C1] EXT4-fs (loop0): initial error at time 1773887782: ext4_orphan_get:1391: inode 15 [ 307.430431][ C1] EXT4-fs (loop0): last error at time 1773887782: ext4_orphan_get:1391: inode 15 [ 307.477995][T12020] syzkaller0: entered promiscuous mode [ 307.483838][T12020] syzkaller0: entered allmulticast mode [ 307.520095][T12012] loop0: lost filesystem error report for type 5 error -117 [ 307.527675][T12012] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 307.655276][T12027] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2053'. [ 307.696584][T12024] syzkaller0: entered promiscuous mode [ 307.723097][T12024] syzkaller0: entered allmulticast mode [ 307.950062][T12033] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2056'. [ 307.969512][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 308.618807][T12035] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 308.624874][T12035] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 308.630862][T12035] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 308.636868][T12035] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 309.062424][T12061] loop1: detected capacity change from 0 to 512 [ 309.075318][T12061] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.2067: inode has both inline data and extents flags [ 309.076790][T12059] syzkaller0: entered promiscuous mode [ 309.090293][T12061] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 309.104506][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 309.120151][ C1] EXT4-fs (loop1): initial error at time 1773887783: ext4_orphan_get:1391: inode 15 [ 309.129631][ C1] EXT4-fs (loop1): last error at time 1773887783: ext4_orphan_get:1391: inode 15 [ 309.153446][T12061] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.2067: couldn't read orphan inode 15 (err -117) [ 309.171378][T12059] syzkaller0: entered allmulticast mode [ 309.177500][T12065] __nla_validate_parse: 1 callbacks suppressed [ 309.177513][T12065] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2068'. [ 309.196460][T12061] loop1: lost filesystem error report for type 5 error -117 [ 309.198373][T12061] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 309.511259][T12074] loop0: detected capacity change from 0 to 512 [ 309.614400][T12074] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 309.627691][T12074] ext4 filesystem being mounted at /423/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 309.989665][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 310.001309][ T5841] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 310.229110][T12080] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2072'. [ 310.575592][ T5852] Bluetooth: hci1: command 0x0406 tx timeout [ 310.665594][T12091] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2088'. [ 310.745250][T12097] loop0: detected capacity change from 0 to 128 [ 310.807568][ T5852] Bluetooth: hci3: command 0x0406 tx timeout [ 310.813801][ T5852] Bluetooth: hci4: command 0x0406 tx timeout [ 310.820076][ T5852] Bluetooth: hci2: command 0x0406 tx timeout [ 311.841638][T12108] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2081'. [ 311.911788][T12107] syzkaller0: entered promiscuous mode [ 311.949574][T12107] syzkaller0: entered allmulticast mode [ 311.985925][T12110] netlink: 292 bytes leftover after parsing attributes in process `syz.1.2082'. [ 312.152695][T12112] loop3: detected capacity change from 0 to 512 [ 312.190069][ T1156] kworker/u8:8: attempt to access beyond end of device [ 312.190069][ T1156] loop0: rw=1, sector=145, nr_sectors = 896 limit=128 [ 312.236735][T12112] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 312.250636][T12114] syzkaller0: entered promiscuous mode [ 312.283791][T12114] syzkaller0: entered allmulticast mode [ 312.324672][T12112] ext4 filesystem being mounted at /409/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 312.458943][ T30] audit: type=1800 audit(1773887787.297:22): pid=12112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2083" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 312.635672][T12133] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2093'. [ 312.772361][T12135] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2094'. [ 313.163229][ T5839] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 313.519557][T12145] netlink: 292 bytes leftover after parsing attributes in process `syz.0.2096'. [ 313.973241][T12157] loop0: detected capacity change from 0 to 128 [ 315.011904][T12168] loop4: detected capacity change from 0 to 512 [ 315.063623][T12173] loop2: detected capacity change from 0 to 512 [ 315.075797][T12168] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 315.111339][T12173] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.2104: invalid indirect mapped block 256 (level 2) [ 315.160405][T12168] ext4 filesystem being mounted at /400/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 315.250708][ T30] audit: type=1800 audit(1773887790.097:23): pid=12168 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2103" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 315.310212][T12173] loop2: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 315.313633][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 315.329290][ C0] EXT4-fs (loop2): initial error at time 1773887790: ext4_free_branches:1023: inode 11 [ 315.338974][ C0] EXT4-fs (loop2): last error at time 1773887790: ext4_free_branches:1023: inode 11 [ 315.363518][T12173] EXT4-fs (loop2): 2 truncates cleaned up [ 315.437002][T12173] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 315.452546][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 315.483024][ T171] kworker/u8:6: attempt to access beyond end of device [ 315.483024][ T171] loop0: rw=1, sector=145, nr_sectors = 896 limit=128 [ 315.594149][ T30] audit: type=1800 audit(1773887790.447:24): pid=12173 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2104" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 315.641682][T12179] netlink: 292 bytes leftover after parsing attributes in process `syz.1.2108'. [ 315.660100][T12173] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2104'. [ 315.685251][T12182] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2107'. [ 315.703524][T12173] bond0: option min_links: invalid value (18446744072127363710) [ 315.737320][T12173] bond0: option min_links: allowed values 0 - 2147483647 [ 315.791183][T12188] syzkaller0: entered promiscuous mode [ 315.802413][T12188] syzkaller0: entered allmulticast mode [ 316.173711][T12174] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 316.593226][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 316.981333][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.987818][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.183039][T12204] loop1: detected capacity change from 0 to 512 [ 317.237527][T12204] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 317.365597][T12204] ext4 filesystem being mounted at /412/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 317.402268][ T30] audit: type=1800 audit(1773887792.247:25): pid=12204 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2116" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 317.520061][T12215] loop4: detected capacity change from 0 to 128 [ 318.402253][ T5841] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 318.703148][T12227] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2121'. [ 318.884136][T12231] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2121'. [ 319.031823][ T1156] kworker/u8:8: attempt to access beyond end of device [ 319.031823][ T1156] loop4: rw=1, sector=145, nr_sectors = 896 limit=128 [ 319.473554][T12245] loop0: detected capacity change from 0 to 128 [ 319.853991][T12262] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2137'. [ 319.896033][T12262] syzkaller0: entered promiscuous mode [ 319.921649][T12262] syzkaller0: entered allmulticast mode [ 320.031555][T12266] loop2: detected capacity change from 0 to 128 [ 321.469739][T12274] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2142'. [ 321.831481][ T1168] kworker/u8:9: attempt to access beyond end of device [ 321.831481][ T1168] loop2: rw=1, sector=145, nr_sectors = 896 limit=128 [ 322.077520][T12292] loop2: detected capacity change from 0 to 512 [ 322.138243][T12292] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.2148: inode has both inline data and extents flags [ 322.284987][T12292] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 322.292185][T12292] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2148: couldn't read orphan inode 15 (err -117) [ 322.301402][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 322.301419][ C0] EXT4-fs (loop2): initial error at time 1773887797: ext4_orphan_get:1391: inode 15 [ 322.301445][ C0] EXT4-fs (loop2): last error at time 1773887797: ext4_orphan_get:1391: inode 15 [ 322.374011][T12292] loop2: lost filesystem error report for type 5 error -117 [ 322.376209][T12292] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 322.418557][T12299] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2151'. [ 322.605216][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 322.662834][T12299] syzkaller0: entered promiscuous mode [ 322.683701][T12299] syzkaller0: entered allmulticast mode [ 323.333867][T12311] netlink: 'syz.2.2153': attribute type 1 has an invalid length. [ 325.149301][T12311] workqueue: Failed to create a rescuer kthread for wq "bond31": -EINTR [ 325.167010][T12312] bond31 (unregistering): Released all slaves [ 325.225746][T12308] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 325.231745][T12308] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 325.237755][T12308] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 325.243754][T12308] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 325.385856][T12334] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2157'. [ 325.439870][T12336] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2159'. [ 325.583945][T12341] loop3: detected capacity change from 0 to 128 [ 326.407209][T12346] lo speed is unknown, defaulting to 1000 [ 326.549885][T12355] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2165'. [ 326.777821][T12356] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2165'. [ 326.885082][T12362] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2167'. [ 326.898377][T12362] syzkaller0: entered promiscuous mode [ 326.905500][T12362] syzkaller0: entered allmulticast mode [ 327.068092][ T1168] kworker/u8:9: attempt to access beyond end of device [ 327.068092][ T1168] loop3: rw=1, sector=145, nr_sectors = 896 limit=128 [ 327.294934][ T5847] Bluetooth: hci4: command 0x0406 tx timeout [ 327.301394][ T5847] Bluetooth: hci3: command 0x0406 tx timeout [ 327.309076][ T5852] Bluetooth: hci2: command 0x0406 tx timeout [ 327.316366][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 327.432201][T12372] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2171'. [ 328.007330][T12376] loop2: detected capacity change from 0 to 512 [ 328.047954][T12381] netlink: 'syz.0.2172': attribute type 1 has an invalid length. [ 328.073025][T12373] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 328.080611][T12373] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 328.086658][T12373] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 328.092607][T12373] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 328.134985][T12376] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 328.221265][T12376] ext4 filesystem being mounted at /462/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 328.279578][ T30] audit: type=1800 audit(1773887803.127:26): pid=12376 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2173" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 328.301002][T12390] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2176'. [ 328.359230][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 328.434855][T12387] 8021q: adding VLAN 0 to HW filter on device bond15 [ 328.447535][T12387] bond14: (slave bond15): making interface the new active one [ 328.457203][T12387] bond14: (slave bond15): Enslaving as an active interface with an up link [ 328.679615][T12402] loop4: detected capacity change from 0 to 128 [ 329.538307][T12409] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2183'. [ 329.674427][T12414] netlink: 292 bytes leftover after parsing attributes in process `syz.1.2185'. [ 330.063715][ T5843] Bluetooth: hci1: command 0x0406 tx timeout [ 330.118125][T10748] kworker/u8:15: attempt to access beyond end of device [ 330.118125][T10748] loop4: rw=1, sector=145, nr_sectors = 896 limit=128 [ 330.175976][ T5843] Bluetooth: hci4: command 0x0406 tx timeout [ 330.175997][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 330.182260][ T5843] Bluetooth: hci2: command 0x0406 tx timeout [ 330.237056][T12430] loop4: detected capacity change from 0 to 2048 [ 330.255963][T12430] EXT4-fs: Ignoring removed oldalloc option [ 330.279453][T12430] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 330.388649][T12430] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1315: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 330.412237][T12438] netlink: 'syz.0.2192': attribute type 1 has an invalid length. [ 330.447426][T12434] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2191'. [ 330.497408][T12430] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28 [ 330.558794][T12430] EXT4-fs (loop4): This should not happen!! Data will be lost [ 330.558794][T12430] [ 330.581564][T12430] EXT4-fs (loop4): Total free blocks count 0 [ 330.589445][T12430] EXT4-fs (loop4): Free/Dirty block details [ 330.595606][T12430] EXT4-fs (loop4): free_blocks=66060288 [ 330.603304][T12430] EXT4-fs (loop4): dirty_blocks=48 [ 330.608657][T12430] EXT4-fs (loop4): Block reservation details [ 330.614814][T12430] EXT4-fs (loop4): i_reserved_data_blocks=3 [ 330.703815][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 330.776305][T12446] 8021q: adding VLAN 0 to HW filter on device bond17 [ 330.822189][T12446] bond16: (slave bond17): making interface the new active one [ 330.844815][T12446] bond16: (slave bond17): Enslaving as an active interface with an up link [ 330.854679][T12447] syzkaller0: entered promiscuous mode [ 330.875046][T12447] syzkaller0: entered allmulticast mode [ 330.886076][T12457] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2200'. [ 331.342255][T12475] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2207'. [ 331.413832][T12470] lo speed is unknown, defaulting to 1000 [ 331.766356][T12496] __nla_validate_parse: 1 callbacks suppressed [ 331.766373][T12496] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2215'. [ 331.825542][T12500] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2216'. [ 331.846681][T12500] syzkaller0: entered promiscuous mode [ 331.853739][T12500] syzkaller0: entered allmulticast mode [ 332.301348][T12516] 9p: Bad value for 'rfdno' [ 332.311162][T12516] netlink: 292 bytes leftover after parsing attributes in process `syz.0.2223'. [ 333.304352][T12548] TC_ACT_REPEAT abuse ? [ 333.320693][T12550] 9p: Bad value for 'rfdno' [ 333.339924][T12550] netlink: 292 bytes leftover after parsing attributes in process `syz.3.2236'. [ 333.367530][T12552] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2237'. [ 333.908638][T12574] loop2: detected capacity change from 0 to 512 [ 333.926511][T12574] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.2246: inode has both inline data and extents flags [ 333.939949][T12574] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 333.940218][T12574] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2246: couldn't read orphan inode 15 (err -117) [ 333.949415][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 333.949435][ C0] EXT4-fs (loop2): initial error at time 1773887808: ext4_orphan_get:1391: inode 15 [ 333.949463][ C0] EXT4-fs (loop2): last error at time 1773887808: ext4_orphan_get:1391: inode 15 [ 333.998883][T12577] loop4: detected capacity change from 0 to 128 [ 334.475233][T12574] loop2: lost filesystem error report for type 5 error -117 [ 334.679180][T12574] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 334.851993][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 335.066563][T12585] 9p: Bad value for 'rfdno' [ 335.084621][T12584] netlink: 'syz.1.2249': attribute type 1 has an invalid length. [ 335.122524][T12584] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2249'. [ 335.180400][T12588] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.2249'. [ 335.478521][T12600] netlink: 'syz.3.2253': attribute type 1 has an invalid length. [ 335.532825][T12588] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2249'. [ 335.568854][T12597] syzkaller0: entered promiscuous mode [ 335.569653][ T49] kworker/u8:3: attempt to access beyond end of device [ 335.569653][ T49] loop4: rw=1, sector=145, nr_sectors = 896 limit=128 [ 335.575921][T12597] syzkaller0: entered allmulticast mode [ 335.688347][T12602] 8021q: adding VLAN 0 to HW filter on device bond19 [ 335.699291][T12602] bond18: (slave bond19): making interface the new active one [ 335.708485][T12602] bond18: (slave bond19): Enslaving as an active interface with an up link [ 336.006129][T12616] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2258'. [ 336.102457][T12622] bridge0: port 2(bridge_slave_1) entered disabled state [ 336.174148][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 336.183186][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 336.194188][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 336.271197][T12628] 9p: Bad value for 'rfdno' [ 336.657448][T12644] loop1: detected capacity change from 0 to 128 [ 337.018053][T10579] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 337.027690][T10579] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 337.035990][T10579] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 337.044231][T10579] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 337.549401][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 337.558127][ T808] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 337.628329][T12656] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2272'. [ 337.653467][T12651] syzkaller0: entered promiscuous mode [ 337.673223][T12651] syzkaller0: entered allmulticast mode [ 337.833528][T12660] 9p: Bad value for 'rfdno' [ 337.868415][ C0] vcan0: j1939_tp_rxtimer: 0xffff888033ebe400: rx timeout, send abort [ 338.101845][ T49] kworker/u8:3: attempt to access beyond end of device [ 338.101845][ T49] loop1: rw=1, sector=145, nr_sectors = 896 limit=128 [ 338.368788][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802a2ba000: rx timeout, send abort [ 338.378813][ C0] vcan0: j1939_tp_rxtimer: 0xffff888033ebe400: abort rx timeout. Force session deactivation [ 338.444378][T12674] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2281'. [ 338.450107][T12682] loop4: detected capacity change from 0 to 512 [ 338.516712][T12684] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2286'. [ 338.675082][T12691] netlink: 292 bytes leftover after parsing attributes in process `syz.1.2288'. [ 338.877045][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802a2ba000: abort rx timeout. Force session deactivation [ 338.940185][T12704] loop4: detected capacity change from 0 to 512 [ 338.998367][T12704] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #15: comm syz.4.2294: inode has both inline data and extents flags [ 339.012378][T12710] loop1: detected capacity change from 0 to 512 [ 339.044414][T12704] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 339.044711][T12704] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2294: couldn't read orphan inode 15 (err -117) [ 339.054096][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 339.054120][ C0] EXT4-fs (loop4): initial error at time 1773887813: ext4_orphan_get:1391: inode 15 [ 339.054151][ C0] EXT4-fs (loop4): last error at time 1773887813: ext4_orphan_get:1391: inode 15 [ 339.148302][T12704] loop4: lost filesystem error report for type 5 error -117 [ 339.150840][T12704] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 339.186849][ C1] vcan0: j1939_tp_rxtimer: 0xffff888057277800: rx timeout, send abort [ 339.292129][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 339.426180][T12726] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2302'. [ 339.686975][ C1] vcan0: j1939_tp_rxtimer: 0xffff888057277400: rx timeout, send abort [ 339.695365][ C1] vcan0: j1939_tp_rxtimer: 0xffff888057277800: abort rx timeout. Force session deactivation [ 340.021326][T12756] netlink: 'syz.3.2314': attribute type 7 has an invalid length. [ 340.075249][T12756] netlink: 'syz.3.2314': attribute type 7 has an invalid length. [ 340.076079][ T1168] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 340.106780][ T1168] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 340.124570][ T1168] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 340.143498][ T1168] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 340.195259][ C1] vcan0: j1939_tp_rxtimer: 0xffff888057277400: abort rx timeout. Force session deactivation [ 340.296543][T12762] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2317'. [ 340.702036][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880798a7c00: rx timeout, send abort [ 340.785903][T12785] 9p: Bad value for 'rfdno' [ 340.804584][T12785] netlink: 292 bytes leftover after parsing attributes in process `syz.1.2326'. [ 340.844735][T12790] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2329'. [ 340.920660][T12793] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2329'. [ 341.020722][T12787] netdevsim netdevsim4 netdevsim0: IPsec offload requires 128 bit authentication [ 341.202166][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880798a7000: rx timeout, send abort [ 341.210536][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880798a7c00: abort rx timeout. Force session deactivation [ 341.710429][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880798a7000: abort rx timeout. Force session deactivation [ 341.934281][ C1] vcan0: j1939_tp_rxtimer: 0xffff888056ff4400: rx timeout, send abort [ 342.017807][T12837] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2349'. [ 342.434406][ C1] vcan0: j1939_tp_rxtimer: 0xffff888056ff4c00: rx timeout, send abort [ 342.442638][ C1] vcan0: j1939_tp_rxtimer: 0xffff888056ff4400: abort rx timeout. Force session deactivation [ 342.530352][T12855] net_ratelimit: 4 callbacks suppressed [ 342.530366][T12855] TC_ACT_REPEAT abuse ? [ 342.610806][T12858] loop4: detected capacity change from 0 to 128 [ 342.942636][ C1] vcan0: j1939_tp_rxtimer: 0xffff888056ff4c00: abort rx timeout. Force session deactivation [ 343.243737][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 344.144927][ T9488] kworker/u8:13: attempt to access beyond end of device [ 344.144927][ T9488] loop4: rw=1, sector=145, nr_sectors = 896 limit=128 [ 344.548311][T12902] loop4: detected capacity change from 0 to 512 [ 344.580328][T12902] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #15: comm syz.4.2373: inode has both inline data and extents flags [ 344.626015][T12905] lo speed is unknown, defaulting to 1000 [ 344.632644][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802b00fc00: rx timeout, send abort [ 344.651207][T12902] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 344.653641][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 344.669233][ C1] EXT4-fs (loop4): initial error at time 1773887819: ext4_orphan_get:1391: inode 15 [ 344.678648][ C1] EXT4-fs (loop4): last error at time 1773887819: ext4_orphan_get:1391: inode 15 [ 344.690092][T12902] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2373: couldn't read orphan inode 15 (err -117) [ 344.710227][T12902] loop4: lost filesystem error report for type 5 error -117 [ 344.731480][T12902] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 344.834332][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 345.132760][ C0] vcan0: j1939_tp_rxtimer: 0xffff888069538400: rx timeout, send abort [ 345.141114][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802b00fc00: abort rx timeout. Force session deactivation [ 345.641065][ C0] vcan0: j1939_tp_rxtimer: 0xffff888069538400: abort rx timeout. Force session deactivation [ 345.941489][T12929] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.950788][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 346.104451][T12925] loop4: detected capacity change from 0 to 128 [ 346.386993][T12918] lo speed is unknown, defaulting to 1000 [ 346.957682][ T49] kworker/u8:3: attempt to access beyond end of device [ 346.957682][ T49] loop4: rw=1, sector=145, nr_sectors = 896 limit=128 [ 347.058582][ T5929] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 347.130176][T12942] loop2: detected capacity change from 0 to 512 [ 347.161096][T12942] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.2388: inode has both inline data and extents flags [ 347.178297][T12942] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 347.178572][T12942] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2388: couldn't read orphan inode 15 (err -117) [ 347.187789][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 347.187807][ C0] EXT4-fs (loop2): initial error at time 1773887822: ext4_orphan_get:1391: inode 15 [ 347.187838][ C0] EXT4-fs (loop2): last error at time 1773887822: ext4_orphan_get:1391: inode 15 [ 347.226676][T12942] loop2: lost filesystem error report for type 5 error -117 [ 347.229914][T12942] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 347.387401][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 347.638956][T12958] loop2: detected capacity change from 0 to 2048 [ 347.659608][T12958] EXT4-fs: Ignoring removed oldalloc option [ 347.766989][ T5929] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 347.776717][ T5929] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 347.812945][ T5929] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 347.832709][T12958] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 347.919138][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 348.181009][T12972] loop4: detected capacity change from 0 to 128 [ 348.879626][T12976] netlink: 'syz.2.2397': attribute type 1 has an invalid length. [ 349.330601][ C1] vcan0: j1939_tp_rxtimer: 0xffff888087ef4c00: rx timeout, send abort [ 349.460284][T12977] 8021q: adding VLAN 0 to HW filter on device bond32 [ 349.479445][T12977] bond31: (slave bond32): making interface the new active one [ 349.504818][T12977] bond31: (slave bond32): Enslaving as an active interface with an up link [ 349.687089][ T1168] kworker/u8:9: attempt to access beyond end of device [ 349.687089][ T1168] loop4: rw=1, sector=145, nr_sectors = 896 limit=128 [ 349.719538][T12994] loop0: detected capacity change from 0 to 512 [ 349.830730][ C1] vcan0: j1939_tp_rxtimer: 0xffff888087ef4800: rx timeout, send abort [ 349.839920][ C1] vcan0: j1939_tp_rxtimer: 0xffff888087ef4c00: abort rx timeout. Force session deactivation [ 349.902400][T12994] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.2402: inode has both inline data and extents flags [ 349.972021][T12994] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 349.973619][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 349.989217][ C0] EXT4-fs (loop0): initial error at time 1773887824: ext4_orphan_get:1391: inode 15 [ 349.998641][ C0] EXT4-fs (loop0): last error at time 1773887824: ext4_orphan_get:1391: inode 15 [ 350.012181][T12994] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.2402: couldn't read orphan inode 15 (err -117) [ 350.029871][T12994] loop0: lost filesystem error report for type 5 error -117 [ 350.031777][T12994] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 350.155971][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 350.245453][T13007] loop2: detected capacity change from 0 to 2048 [ 350.280328][T13007] EXT4-fs: Ignoring removed oldalloc option [ 350.338965][ C1] vcan0: j1939_tp_rxtimer: 0xffff888087ef4800: abort rx timeout. Force session deactivation [ 350.362935][T13007] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 350.444392][ T1168] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 350.467356][ T1168] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 350.482226][ T1168] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 350.491419][ T1168] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 350.541667][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 350.730228][T13026] netlink: 'syz.3.2415': attribute type 1 has an invalid length. [ 350.983733][T13034] loop1: detected capacity change from 0 to 128 [ 351.646363][T13039] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2412'. [ 351.826397][T13026] 8021q: adding VLAN 0 to HW filter on device bond22 [ 351.890734][T13026] bond21: (slave bond22): making interface the new active one [ 351.958473][T13026] bond21: (slave bond22): Enslaving as an active interface with an up link [ 352.342030][T13047] nbd: must specify a size in bytes for the device [ 352.467528][ T49] kworker/u8:3: attempt to access beyond end of device [ 352.467528][ T49] loop1: rw=1, sector=145, nr_sectors = 896 limit=128 [ 352.652536][T13057] loop2: detected capacity change from 0 to 2048 [ 352.684136][T13057] EXT4-fs: Ignoring removed oldalloc option [ 352.731269][T13057] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 352.895132][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 353.933759][T13083] syzkaller0: entered promiscuous mode [ 353.942581][T13083] syzkaller0: entered allmulticast mode [ 353.977217][T13090] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 353.984052][T13090] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 353.990014][T13090] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 353.996375][T13090] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 354.059171][T13102] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2433'. [ 354.091273][T13103] loop2: detected capacity change from 0 to 512 [ 354.152680][T13103] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 354.183956][T13103] ext4 filesystem being mounted at /517/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 354.325807][ T30] audit: type=1800 audit(1773887829.177:27): pid=13103 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2434" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 354.420154][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 354.692616][T13119] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 354.890331][T13122] syzkaller0: entered promiscuous mode [ 354.896791][T13122] syzkaller0: entered allmulticast mode [ 355.178190][T13130] loop0: detected capacity change from 0 to 2048 [ 355.210028][T13130] EXT4-fs: Ignoring removed oldalloc option [ 355.267996][T13130] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 355.431933][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 355.468350][T13144] 9pnet_virtio: no channels available for device syz [ 356.014071][ T5843] Bluetooth: hci3: command 0x0406 tx timeout [ 356.014071][ T5852] Bluetooth: hci2: command 0x0406 tx timeout [ 356.014108][ T5843] Bluetooth: hci1: command 0x0406 tx timeout [ 356.020180][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 356.250858][T13149] lo speed is unknown, defaulting to 1000 [ 356.556943][T13151] lo speed is unknown, defaulting to 1000 [ 357.166912][T13177] netlink: 'syz.1.2448': attribute type 1 has an invalid length. [ 357.297737][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 357.306023][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 357.314288][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 357.322482][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 357.354092][T13169] syzkaller0: entered promiscuous mode [ 357.360539][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 357.368771][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 357.377004][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 357.402779][ T5929] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 357.425282][T13169] syzkaller0: entered allmulticast mode [ 357.525132][T13195] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2450'. [ 357.533383][T13183] 8021q: adding VLAN 0 to HW filter on device bond16 [ 357.545009][T13183] bond15: (slave bond16): making interface the new active one [ 357.554195][T13183] bond15: (slave bond16): Enslaving as an active interface with an up link [ 357.638165][T13203] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2450'. [ 358.151687][T13221] lo speed is unknown, defaulting to 1000 [ 358.164589][T13225] syzkaller0: entered promiscuous mode [ 358.180938][T13225] syzkaller0: entered allmulticast mode [ 358.302760][T13233] loop2: detected capacity change from 0 to 2048 [ 358.314534][T13233] EXT4-fs: Ignoring removed oldalloc option [ 358.366555][T13233] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 358.561712][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 358.898565][T13262] nbd: must specify a size in bytes for the device [ 358.957687][T13266] netlink: 'syz.4.2461': attribute type 1 has an invalid length. [ 359.354934][T13296] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2468'. [ 359.412938][T13271] 8021q: adding VLAN 0 to HW filter on device bond23 [ 359.445504][T13271] bond22: (slave bond23): making interface the new active one [ 359.466227][T13271] bond22: (slave bond23): Enslaving as an active interface with an up link [ 359.521223][T13296] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2468'. [ 359.776014][T13312] syzkaller0: entered promiscuous mode [ 359.781782][T13312] syzkaller0: entered allmulticast mode [ 359.889406][T13316] lo speed is unknown, defaulting to 1000 [ 359.928912][T13317] lo speed is unknown, defaulting to 1000 [ 360.735717][T13352] loop0: detected capacity change from 0 to 512 [ 361.370619][T13379] loop2: detected capacity change from 0 to 128 [ 361.686992][T13385] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2486'. [ 361.756272][T13389] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2486'. [ 362.093532][T13396] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2485'. [ 362.559572][T13413] lo speed is unknown, defaulting to 1000 [ 362.960889][T13421] lo speed is unknown, defaulting to 1000 [ 363.060699][ T1156] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 363.068899][ T1156] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 363.077090][ T1156] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 363.085266][ T1156] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 363.094921][ T808] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 363.103164][ T808] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 363.111380][ T808] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 363.124257][ T5954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 363.309640][T13432] loop1: detected capacity change from 0 to 512 [ 363.723182][T13445] syzkaller0: entered promiscuous mode [ 363.729728][T13445] syzkaller0: entered allmulticast mode [ 365.196669][T13460] lo speed is unknown, defaulting to 1000 [ 365.539863][T13473] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2503'. [ 365.661691][T13478] loop3: detected capacity change from 0 to 512 [ 365.676170][T13472] lo speed is unknown, defaulting to 1000 [ 365.702824][T13480] 9p: Bad value for 'rfdno' [ 365.722422][T13480] netlink: 292 bytes leftover after parsing attributes in process `syz.2.2507'. [ 365.864768][T13485] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2509'. [ 367.742286][T13511] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2514'. [ 368.205675][T13506] lo speed is unknown, defaulting to 1000 [ 368.815038][ T1168] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 368.823322][ T1168] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 368.831521][ T1168] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 368.838928][T13540] 9p: Bad value for 'rfdno' [ 368.840972][ T1168] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 368.853842][ T5954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 368.862125][ T5954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 368.870340][ T5954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 368.881407][ T5929] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 368.898366][T13540] netlink: 292 bytes leftover after parsing attributes in process `syz.1.2520'. [ 369.100623][T13523] process 'syz.2.2515' launched '/dev/fd/8' with NULL argv: empty string added [ 369.208141][T13545] loop1: detected capacity change from 0 to 128 [ 371.815885][T13533] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2519'. [ 372.284837][ T5929] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 372.397304][T13578] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2530'. [ 372.453402][T13577] 9p: Bad value for 'rfdno' [ 372.462169][ T5929] usb 1-1: Using ep0 maxpacket: 16 [ 372.474198][T13577] netlink: 292 bytes leftover after parsing attributes in process `syz.1.2531'. [ 372.489817][ T5929] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 372.516324][ T5929] usb 1-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 372.551573][ T5929] usb 1-1: config 0 interface 0 has no altsetting 0 [ 372.569717][ T5929] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 372.597865][ T5929] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.750034][ T5929] usb 1-1: config 0 descriptor?? [ 372.841015][T13583] loop1: detected capacity change from 0 to 128 [ 373.741221][ T5929] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 374.363239][ T5844] usb 1-1: USB disconnect, device number 2 [ 374.404591][T13587] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2535'. [ 374.509431][T13587] syzkaller0: entered promiscuous mode [ 374.528512][T13587] syzkaller0: entered allmulticast mode [ 374.592006][T10748] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 374.600208][T10748] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 374.608445][T10748] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 374.616610][T10748] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 374.626560][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 374.634802][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 374.643057][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 374.661127][ T5929] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 374.883275][T13602] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 375.150802][T13609] 9p: Bad value for 'rfdno' [ 375.167470][T13609] netlink: 292 bytes leftover after parsing attributes in process `syz.0.2542'. [ 375.487945][ T51] Bluetooth: hci1: SCO packet for unknown connection handle 172 [ 375.518017][T13622] tmpfs: Unknown parameter 'urquota' [ 375.691127][T13615] lo speed is unknown, defaulting to 1000 [ 375.762403][T13617] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 375.782030][T13617] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 375.822620][T13617] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 375.865917][T13617] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 376.122660][T13634] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2548'. [ 376.367136][T13643] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2549'. [ 377.177265][T13637] syzkaller0: entered promiscuous mode [ 377.190302][T13637] syzkaller0: entered allmulticast mode [ 377.266375][T13643] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 377.330119][T13643] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 377.375241][T13643] bond0 (unregistering): Released all slaves [ 377.555340][T13640] smbdirect: ib_dev[syz1]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 377.586785][T13652] 9p: Bad value for 'rfdno' [ 377.593720][T13640] smbdirect: ib_dev[syz1]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 377.624530][T13652] netlink: 292 bytes leftover after parsing attributes in process `syz.0.2554'. [ 377.650974][T13640] smbdirect: ib_dev[syz1]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 377.703400][T13640] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 377.775716][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 377.854059][ T5843] Bluetooth: hci2: command 0x0406 tx timeout [ 377.854375][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 377.934183][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 378.309800][T13673] node ffff88806920b700 offset 0 parent ffff88806901fc80 shift 0 count 64 values 0 array ffff8880769d71a0 list ffff88806920b718 ffff88806920b718 marks 0 0 0 [ 378.334408][T13673] ------------[ cut here ]------------ [ 378.339901][T13673] kernel BUG at ./include/linux/xarray.h:1441! [ 378.376008][ T51] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 378.380172][T13673] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 378.389897][T13673] CPU: 1 UID: 0 PID: 13673 Comm: syz.4.2555 Not tainted syzkaller #0 PREEMPT(full) [ 378.399271][T13673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 378.409323][T13673] RIP: 0010:collapse_scan_file+0x4f98/0x5230 [ 378.415381][T13673] Code: ff 4c 89 e7 48 c7 c6 20 b2 dc 8b e8 72 52 f1 fe 90 0f 0b 48 85 db 0f 84 03 01 00 00 e8 41 e5 8f ff 48 89 df e8 89 90 7b 09 90 <0f> 0b e8 31 e5 8f ff 48 89 df 48 c7 c6 20 b2 dc 8b e8 42 52 f1 fe [ 378.434981][T13673] RSP: 0018:ffffc9003b736e20 EFLAGS: 00010246 [ 378.441077][T13673] RAX: 0000000000000000 RBX: ffff88806920b700 RCX: f8ae094bc3b4d700 [ 378.449033][T13673] RDX: ffffc9000f523000 RSI: 0000000000008c12 RDI: 0000000000008c13 [ 378.456990][T13673] RBP: ffffc9003b737130 R08: ffffc9003b736ba7 R09: 1ffff920076e6d74 [ 378.464942][T13673] R10: dffffc0000000000 R11: fffff520076e6d75 R12: ffffea00024de0f0 [ 378.472902][T13673] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc9003b737010 [ 378.480864][T13673] FS: 00007f9f205de6c0(0000) GS:ffff888125536000(0000) knlGS:0000000000000000 [ 378.489781][T13673] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 378.496351][T13673] CR2: 0000200000e12030 CR3: 0000000068d9c000 CR4: 00000000003526f0 [ 378.504313][T13673] Call Trace: [ 378.507648][T13673] [ 378.510571][T13673] ? collapse_scan_file+0x1c1/0x5230 [ 378.515891][T13673] ? __pfx___schedule+0x10/0x10 [ 378.520762][T13673] ? __pfx_collapse_scan_file+0x10/0x10 [ 378.526294][T13673] ? __lock_acquire+0x6b5/0x2cf0 [ 378.531221][T13673] ? schedule+0x16e/0x360 [ 378.535546][T13673] ? __up_read+0x291/0x6b0 [ 378.539978][T13673] ? __pfx___up_read+0x10/0x10 [ 378.544729][T13673] collapse_single_pmd+0x22b/0x4510 [ 378.549926][T13673] ? lockdep_hardirqs_on+0x7a/0x110 [ 378.555173][T13673] ? debug_object_free+0x2d7/0x490 [ 378.560347][T13673] ? __flush_work+0xa26/0xc50 [ 378.565010][T13673] ? __pfx_collapse_single_pmd+0x10/0x10 [ 378.570624][T13673] ? __flush_work+0x100/0xc50 [ 378.575291][T13673] ? madvise_collapse+0x18c/0x820 [ 378.580303][T13673] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 378.585923][T13673] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 378.591892][T13673] madvise_collapse+0x34c/0x820 [ 378.596735][T13673] madvise_vma_behavior+0x1094/0x4460 [ 378.602126][T13673] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 378.607841][T13673] ? __lock_acquire+0x6b5/0x2cf0 [ 378.612776][T13673] ? unwind_next_frame+0xa5/0x23c0 [ 378.617899][T13673] ? is_bpf_text_address+0x26/0x2b0 [ 378.623103][T13673] ? is_bpf_text_address+0x292/0x2b0 [ 378.628373][T13673] ? is_bpf_text_address+0x26/0x2b0 [ 378.633561][T13673] ? kernel_text_address+0xa5/0xe0 [ 378.638663][T13673] ? __kernel_text_address+0xd/0x30 [ 378.643847][T13673] ? unwind_get_return_address+0x4d/0x90 [ 378.649463][T13673] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 378.655605][T13673] ? arch_stack_walk+0xfb/0x150 [ 378.660444][T13673] ? mas_prev_slot+0xb7b/0xbf0 [ 378.665204][T13673] ? find_vma_prev+0x123/0x1b0 [ 378.669970][T13673] ? __pfx_find_vma_prev+0x10/0x10 [ 378.675072][T13673] ? file_ioctl+0x273/0x860 [ 378.679559][T13673] madvise_walk_vmas+0x573/0xae0 [ 378.684490][T13673] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 378.689933][T13673] ? blk_start_plug+0x6e/0x1b0 [ 378.694747][T13673] madvise_do_behavior+0x386/0x540 [ 378.699840][T13673] ? __pfx_madvise_do_behavior+0x10/0x10 [ 378.705456][T13673] ? down_read+0x270/0x2e0 [ 378.709866][T13673] ? madvise_lock+0x146/0x2e0 [ 378.714532][T13673] do_madvise+0x1fa/0x2e0 [ 378.718846][T13673] ? __pfx_do_madvise+0x10/0x10 [ 378.723681][T13673] ? rcu_is_watching+0x15/0xb0 [ 378.728437][T13673] ? __pfx_kcov_ioctl+0x10/0x10 [ 378.733273][T13673] __x64_sys_madvise+0xa6/0xc0 [ 378.738019][T13673] do_syscall_64+0x14d/0xf80 [ 378.742594][T13673] ? trace_irq_disable+0x3b/0x150 [ 378.747600][T13673] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.753648][T13673] ? clear_bhb_loop+0x40/0x90 [ 378.758306][T13673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.764179][T13673] RIP: 0033:0x7f9f1f79c799 [ 378.768585][T13673] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 378.788172][T13673] RSP: 002b:00007f9f205de028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 378.796566][T13673] RAX: ffffffffffffffda RBX: 00007f9f1fa16090 RCX: 00007f9f1f79c799 [ 378.804520][T13673] RDX: 0000000000000019 RSI: 0000000000600003 RDI: 0000200000000000 [ 378.812472][T13673] RBP: 00007f9f1f832c99 R08: 0000000000000000 R09: 0000000000000000 [ 378.820425][T13673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 378.828382][T13673] R13: 00007f9f1fa16128 R14: 00007f9f1fa16090 R15: 00007ffd7eeb3888 [ 378.836338][T13673] [ 378.839344][T13673] Modules linked in: [ 378.844553][T13673] ---[ end trace 0000000000000000 ]--- [ 378.864018][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.871050][ T171] smbdirect: ib_dev[syz1] removed [ 378.899688][T13673] RIP: 0010:collapse_scan_file+0x4f98/0x5230 [ 378.921133][T13673] Code: ff 4c 89 e7 48 c7 c6 20 b2 dc 8b e8 72 52 f1 fe 90 0f 0b 48 85 db 0f 84 03 01 00 00 e8 41 e5 8f ff 48 89 df e8 89 90 7b 09 90 <0f> 0b e8 31 e5 8f ff 48 89 df 48 c7 c6 20 b2 dc 8b e8 42 52 f1 fe [ 378.944149][T13673] RSP: 0018:ffffc9003b736e20 EFLAGS: 00010246 [ 378.950288][T13673] RAX: 0000000000000000 RBX: ffff88806920b700 RCX: f8ae094bc3b4d700 [ 378.961307][T13673] RDX: ffffc9000f523000 RSI: 0000000000008c12 RDI: 0000000000008c13 [ 378.969571][T13673] RBP: ffffc9003b737130 R08: ffffc9003b736ba7 R09: 1ffff920076e6d74 [ 378.977852][T13673] R10: dffffc0000000000 R11: fffff520076e6d75 R12: ffffea00024de0f0 [ 378.987103][T13673] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc9003b737010 [ 378.995319][T13673] FS: 00007f9f205de6c0(0000) GS:ffff888125436000(0000) knlGS:0000000000000000 [ 379.004482][T13673] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 379.011159][T13673] CR2: 0000200000000040 CR3: 0000000068d9c000 CR4: 00000000003526f0 [ 379.020267][T13673] Kernel panic - not syncing: Fatal exception [ 379.026586][T13673] Kernel Offset: disabled [ 379.030893][T13673] Rebooting in 86400 seconds..