last executing test programs: 11.852749806s ago: executing program 4 (id=1762): syz_mount_image$squashfs(&(0x7f0000000200), &(0x7f0000000000)='./file0\x00', 0x8010, &(0x7f0000000680)=ANY=[@ANYBLOB="005901e3fd18fb9c322293c67dcde48bfeffd1843c336e09b34af65ad26aafded7da5cfeeda2b8d8d900c2195f00f646f699eeb47813177405a6a6baf786c0d14f2079a9efa9db8973bcca25eb2973856c6760a483c41d0980c78a4cb096a5affa6b980600000000000000a1eacd2c820176737d4eb55dca564820dd769d8742f6d9ab243775a67afcdf845f978e95365cdf6f30aa43423b381881433e00ccbe6353b21300d8f0ca972589398eef9487db78486fcf174990c488031f8b39cc01bb509f3ea4bcde33d4c9e305ecb4dd88204c5d7bb5e469cabfda0feca3ce70c0acbc34d13e5a5c796eab23abfe3b717834f8e9d7120e1e925c4e210b4152c75210b3e979fbe8ddf23eef2d53733209b22206e0a4afc354c33d7ca2a00116a14d686e4aa86b6ec6a4130178c3ad8c723c0d8506bd7bff780000000000000000004b2ec61cfde813cc124715aaaf5508b93d8cf0860042108b660b74f94b1e4851eeec09fdb7a617eabeeeff8ce8bb99f4b1f9c2896cf31e19c3c24155b0ea7dc3cae1b56acb1946830cad94af3f1caf43ea03b38fc08a7e19480e283a4c0d", @ANYRESDEC, @ANYRESHEX, @ANYRESOCT, @ANYRES16, @ANYRES8, @ANYBLOB="eae535d4c5cd41b584d3bdb8d3fb3e37666220165c8aec9c235bc9af137d4058a50551a5b228bbbcf6cd1275ef3732adfeaebdf711988cbe9d1da671f8bbaac371392e227f548006163fc9aaf3d55e97410ccacb7df3444c03ac4170da3fbc69ae1c8a590318a7a33a774debbcc54bb6d6025bc65458b94791d5a8bcd898b75cce569e2c6fd55928c5084aab22c8196fb436916cff76302fd8c4b69ca674271f5db630ffad103ad9286287759d0d5470d0b54f701a713e8803665b87799065f31bb0cff21d9c109c1fbfffb640facdacd569f158f694c34ffb4c405b186aa90e8be7b47c56e6e439ae953605d89c131c711ff56f0adb96e5ee0d269b4cfc9d089794f60bdd06e845b5ffdccfefee032ecfd92f6cba5920130f685e807f88de4a2e595ea37f39a92dcbaeb2de15dab62a5a199d4666578eb1707e88ebb0b98140fdb62d60005fd6721f18a2054b2ba2ed308813164f8dbc7e1d26a11a707adc6978a25cca2fca5d62e51794447f656b92f8372ebf98934a0bc057b901080da81ef02ccfa18a29c9b82c90fd38eb554b83428948f3608cd8fd5845bed25a0d96b146f09bd4cce20efc1ecc7bf64bd88e7a460b372a298cb776eb1d78cc334da71dc6056b2d1119cdad3af9092a42c184e9d487076399f0be65a442fdc06901089e6b5178ecb57aa4b98ff1f538696e8510551dbb5cbd36b125efa2a3e719f22b96eeec80a178dae9c894a7dd170419c33817baedfc132cde868a1c55192b9c8a332772fc40fed9f6fee1aea0e2001752caeb58afb55ea7c421cd0eb5e6ea301f8e2f6b68484849f5d3e7bd1b4aa865d2cd049dfc773bb4281f5f8dd2a3f1563c8cd3655dd9e391424151dadf7415afb242cb99b9b9541b6780beafc6a8c2c0bd109749dde1e8535040d8d2cda8393abaa6cdae24e13917e867d6d301f6f39619bcbd70acc747e093ef3c22f0b1a8b8a4d8bd11bc19c7102e11a8603d563507423c96d1653a42d02ff1ee390934927f037d2022cbbf86cb605e82e2b6e2c2fa1d523f72b47738f318836defed1f898271bdd4fcbe7863e5aa7c7e468d9bad908de3c6851c696df710da87771840f46e63fc4c3d5d9b13b663ed2fef2e56a8690cdee9e6ac0a9824c9fe458ad29614f9485f9c18caf2d5c229f24a220ab84daa26ddb2a0d4059b43e073b703148d82fe4d91ae24db7224df2ee4e10d596846466d6a62faa9da7d24f9dd1e3b5cc291f4840b6603d1173204a452a9b05a5efcf4f9e09c2a3c38f2fd49322e718ddc8278ea182a359043387705c0be61be7e62ba7bb85dfa0f24400f89087f78d84d2296844944d186fb55045eb016dd3d602c85211d7b19dbebe3247313283da5bcbba09a3a74c590fdce8cdbef49a73b11413a9df4aaefc356e94f838cef801ba2380d7e5fdc8865140311f071c82bc1482c2033b8ad70d08a5a71e1c949f93cd8743b0bd4eefdaf45f5246efcf800444c8e9b8c2a01b76b6eb4e0639ee7381971172c53e165f14946fb56896e40424a3b981d97b4b01504806d797bb9e3405a7326d2ba7bfa6efc923c4c68d0165aea2d80ae953c7e2ec6534d0da7c28bbe255d81097e84254ff7bd065caa84fa7455885e1b28ab7d6243d0f02903860049935a764ebfe5384bdf9ae0b71f1641e457780da2071a84937dd88d2e4aec7ddaab66e335887f555a724ad9692ee996521ccaa35e2358aea1ab6a8c9845af8af552520fdec7ecb635d230074aa532c3efe6677c79b1328451a779501eccb4c11750744cfce16ba2ced0fc6dd2b75a5ff1770f3851c93bcf8850adf496012d94b8dd6a00d1f9f0c96989979b89838a29875072e0b678a2a55338f21625165c350134d7cb9119ac4dcc77f13a153fe6819d1bdc6b357e93531a68813913daf65d2e62d4bd09da6bb16e8d686518f6faff70dc0804b4b6810117d8698a4d27f0482f9adf9be3aae179dbcad90ab1fbd6b1ba15cdc78ee7686bd15a8fe1cf5af00fcc0a6981a77ac5c3485518921a1b4ea90b02e0059c2c71850d517bddc12bd61a5571da765a34b53e5f06a2b8bb122bf9d642f1ad50a0eb7afe34ef6fd2474d25f314adbf276a895b80b8de6e31eaee5fe4544f4709bf6416f26ec52d517dd3a350cb68df6791dc671495e0f056de8b158095b32ec8b43f65b1f3110cf7da37d2383e99a5bd9a0e0d5684a5b15246170bd11909ef22ee740aa5556dbc0f9dacc8ce440c137bf0ec673651067ef1146004701376116986c49b10226141bea12f679c3f53eaea945b1bb92e6c922a85a2221f768ff4f1c188dc82f9e8d947e140f43c4950430f88a47fb15dcd8ef8491ff08d7b287b280eab99e44a7fba6d4fe20fcb2c2cfa1a6f4d59b51755e66a3d9a325a08a286185c2bdac8c8c2910ed3ff8e047f28b2bf1827e0829f8ec8459241300583f1880c96b2e405b253af5f7e9ee91e34c3fa2cd5c53a71bc3b4b1a5741c17a7b73c8e7d3e8ec9e51a90772b8eb38f23fcb9e07eff8b0f68d4f7d4d68bfb8fbc8d90be681166fe5ed220e3a425c65c0e678e8b7470a99d7fccc7a3be07189ee02e1f8c81549b0b8c0113ef602d10d5d2429e8b60fa5aaddd55cb86141609bae35c185c5ad743d0fb0a1244ba6d67755e46073f3d428926c0d9033f8180120deab78a4b42664e36b6723039457195bff897760ede28bf2661a95715dd20bc744ae2a06bcb12ef8b7a373f3a5557f20256446ba95d45b7810d68494f954d1802aa8986279adc368c2365168c0619bc8952ec6ac60840d9968302edb8809d36f6b0c83dc6941193fb8eb2adcef36db70cbe51fd533ee108eaedebc05ab363058feecfb51e294419695019d0ba50a660ecbe3fd1b43ac973141b7e4c423c062f63ad24468ca79740502716b10a823821429d53f34409cc0757587a5de21663c33a8b194c988a3c209cec76b9fc18805649d9cc109635271c968972f4328e561b562ad6c32a71b269718a303ae3635e5b06717152817a11589d3efa0f803d7bb560c08132827333ada867d1a870e2feb3a5e7851363fc333bb681018764aab63eb740978994f62ec3147d4d6a40e099ada0c50c1a5f6a8196549be226508055aef349c76af40596f6c9b7217423628bb6dc07d9382f6d4c87c962ec97bee6384ba3e2522b76ee8619093500a75bcc8fd0fb9bb5093650ec0ca9c867a22260e2668ecf46047e3df87f5d82d992a558e45fb852be616c030edf6aeeae70848403dc1166e6a16776e8660f90449f297224f667563850480f259f6a59039b1a3ea5488971b5e4bcbf380c527c937055dbf4f5a676bacc09f4dde33c50a1286f6024980df1064a9dc4b3f101b129fa1fc141e54f52d4b7322a0cb1c2567205016f5ede0794122fcaa2d11fa77f5fddb3a5f3c7b3d85f0cb6f32cd11d752f755687fb8d93d40711a4c8873ec7c794f0f781bb9c10f9df22fa8f40cca06a48c37e66ea4480fcdd686526be62915ebe36e0bdf7dafd3940f698469ecdc792ca6105a37499a19382247a85bb734e4ba325dd307be8444b5860f99f9dbc7aa28c26747c89041bde3c10c459406786e10792078a52f4bcc32aff61b3f5798cb5dc2927f260f70a41d8e5fc38498b02d0053a86ae408d2efdc1aca9a8508ef9128dfd1fc6a92ba72f940ee469a3111e2cf6c28e77e5a206db6f09139db812fa4e4cfe33c8d184e4763bd8e54e0e473346215b8905d101463dd2ca855747c81c7ffd6c2625e0b59273a9516ec96a5cd8d9078c974980a16b6b87563986ba287821cd41f417792e42dd24e796e313b9cd943f1b9dd6ee35676ff4ad46dbd52db83abbc78f5dad11b6e7bd09a4ace8c246d0a52c36dcb1f0c6025f6ed2868f4b918b6e4e645c63689b7e7bc369dbe44725993b3b43f4572a7136b6e610adc161f45fc307c0937f2338ebc4fd571852b229b80ccd071e1a29c927f88b8b45efa503691758125d29463e742e2ef508babf30ae39ff8bb3a94cfee379f84348c002fdef77b410bee9f47f8119388b3fc159b409b9d9c9af97a4b75c38ca5fc0665cd975df293370de64714cefdd470c1d05a5d3e0f257182889d7a2d797ebf42d6935d1c6b5ef8cd1e2783cef3a316dbd4768510f26ee5b1c481bcac3e1608458d4b5ec6411cb3c921a131140440561931ca51b92231de91d1f950d992eec74c6500a6ecc9e8bc26eec367dba82720accd6dee234db88c132ec649baeef23a16ebb18c8e5b68b95aac984d8322a01b39636baf16911e458242730ea8b22c686bd01bc451e91c34f81fafe88485bbe97ec99299940ca897c3f802d080ecf8ca7e5032c728b8b33f162ab26a6805db239b88103c19ff8160a28268f8f7ac66593c67251fb0f3fa3004d5ad08107f48e0ecc1e4e910554f49ca72e3fd7e212d828fc3c0c40203e4642a3a372f36cfd13a037fd4dd107d6b386659b379c4c41813c8599cb71fd08e4b80f22dbb088d3d0257f30493b1c4d54201a00e049d998d291ecb659e65e2eed9776b367afc9b84b03957701bcbef289b0eea8e5722a63e1bd748d5af209c5ebff7df185d0d68e7ceabbf9a63bba55946cd3b52a09383fd9b9d2d956dc4e5af16986c5600dfd0db89e0e478420557d001c3716350c3e6ba0bbec1e5888435d296d8666f455d22205ea407a95eb60bc68a184e95ae3259f3783c594d3e550c018369df677ea11a37c757a3bd3c19eb257f5e228ad760562e431754a0c620004548962c3a4fb42d49259dafc1b9d365323fa2ace81876728a24f70b06e1198d5f863bfd00a04d5393b3adb15f4191d374c607c7ccb6b7ef84303454b6655392a23dccca41f55cb314a3bfbb637f57178cc9df4fe0645a8dc1ca0386d1fb0ff2cfc3e149991f97264d893fba0b013c027ce753c3e1f907a2988b1507eecd0e5e26368155ff5c55f616ffec31a613be450ee048955a46d68c272aa53f1db6ce199e2765f4be20933799d96f13b3a65f33cb60da1929023ff5d820172c423f83210a992264a37854033cd43c88129fabb5146367d2b748d84be96dc3a4ad95279ec7ed78dcb57056597a9f46a948708b0e9915b22f28216d94554db2082f4b9782a5802bf6700ef9017168a68304b6573f46c78a0a3be302e096b4f5b87313a2ef9a2b5f51956d9e315b08ee89a59aeec225227f3ece808c451e1103df7887f944138af1b93235bc93121fb84591d065d5f245c035c238a1c30d510be5db14725148919e8d57f1e3a36ead8be870e2505e3c9935c4461741c4a8dc4dff7e0e042167a7228bf218c9d8dd9c0be9e5ff4a79968d8f34cfc3206e0ade5889e9c5e44c918ed3755063d4148e7f1da9d2ce7aa45b9fc873f85cb92160b8a4d5b219884d0c43cc1194259ec4a6127887470d2fabbc1983b1bcc51e931f131d1238333c09740b43802fc5b1c01a942c5d08693b81e59429cb7d49f454f517cddc160d563a243182083008f2481e35312b4b35a2688468f18f4733f4b40d2f298c0b88ec2ad51e2efa509905233e3bbb9e172a1e697ab379f500c8c791aa97623bc8faa7f0468e02e6bc6f9bc40c75b4c01b92731fc371ad7c90928bead62a74580bb2d0aa1d8972fa857766ebe8aa00cd9eae79a591ea3e87a5ce636dc865b992c98a6fafe478973665936ad477558dac400fe179e86e6fef41aa074d0812f0c14f3992edb76358d02a2b763512ca9abc0940dd711670deb4d9abf196de9106efa5e1c14a673de86193908206ab9f72afd6ef1b05355f06ad0b9bc83750bb196654566b56e13e6e820d12bc34920b45c3"], 0xfd, 0x200, &(0x7f00000002c0)="$eJzskr9rFEEUx7+zO3fuaUIOORBFEDVoLJLbbDT+KBRsDCoIohADgsfdJS5u/JE90DsOXKsUNoIiJIiFIElhIf4DLqiN2CgEuxBJnSKFjSSsvNm3mwnY28ynuO/NvLfvve/M3A4fhDsAbK5360AZhEQF338JSAAHhNpCw07VYb3MWuT4BSvVmPUP6+bJzvgEIPxDy6NWvKdxUJTRU/n9dQV19N3E6deX3v24WnixtHvt7UfKv3i9/QHiaKPvzav3z87P9ary4saEXseO9887VAjA843x5RW5165ktfxoiVoXkPFyEsKddwAMfR6cO+v2PrW4Ztju3KkFQXMmPPfEwppq9XO9W6c/twAkBPsbA6DnkP1FzqG9fRK4BsBGkudIbFFtTd+vhu3OoD9dm2pONe963sioe9x1T3jVST9ouvQLcDf1OZ8gSI8BoGsq0QhCxXdRbINzdmI7VIfmivK496XE45fQrRe1qxs4jHRb65fZylQgZluOmgPKKlk+Ajrah5HQdvtVFQllbAwCNi+GpTZf2stRgaFP94LGLMgbf7YAmdcYXkUhX3j6YuRU5hCzrP3YujFigXWVNXvR2UuVqoLF73kgAop4VGu1kiR5jMUeXPmWRmhvxivm/8qRfmDUtWxvN3fG/setGAwGg8FgMBgMBsN/4m8AAAD//4Hjlpw=") r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x2802, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newtfilter={0x5c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xb, 0x4}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x6, 0x1, 0xff82}, {0x0, 0x3, 0x78, 0x4, 0x6, 0x0, 0x1}}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20041090}, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r5) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f0000000440)=@xdp={0x2c, 0x7, r6, 0x4003e}, 0x80, &(0x7f0000000380)=[{&(0x7f00000002c0)="a2", 0x5dc}], 0x1}, 0x4) 10.64060125s ago: executing program 4 (id=1767): syz_open_dev$usbfs(&(0x7f0000000000), 0x40000078, 0x515603) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000200), 0x4, 0x40100) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000005c0)={r4, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1c, 0x1c, "fee8a2ab78fc179fd1f8a0e9a1af1ea09dc2b7fb0a010000000000000000030000000000000000000000000000000000000000000000001b00", "28095397bab22d0000b42076c1ce8ef05f819e01177d3d458dac0000000000000000000800000000003788cf8f00", "90be8b1c5512406c7f00", [0x4, 0xa]}}) r5 = syz_open_dev$loop(&(0x7f0000000300), 0x8f, 0x40240) ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000001280)={r3, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0xe, 0x14, "fee8a2ab78fc179fd1f809000000aca7ca64c6a4b4e00d9683dda1af01000000deff1200100000000000000000000000000800", "2809e8dbe1b22d0000b420a1a93c7540f476779e0117613dd4070000ebff08000000000000000000020000000800000000faffffff00", "e7460000102000000000e4440000002000000000000000000000008bd02800", [0xe0]}}) 10.559749401s ago: executing program 1 (id=1770): syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0xb, 0xc9}}}, 0x7) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r4, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0x1}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe342"], 0x10b8}, 0xff4c) setsockopt$inet6_tcp_int(r0, 0x6, 0x1b, &(0x7f0000000080)=0x1, 0x4) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e20, 0xf, @empty, 0x5}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000ac0)=[{{&(0x7f0000000440)={0xa, 0x4e20, 0x2, @empty, 0x6}, 0x1c, &(0x7f0000000c40)=[{&(0x7f0000000300)="d5", 0x1}], 0x1}}], 0x1, 0x20080058) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r5, 0xffffffffffffffff, 0x0) 7.884711061s ago: executing program 1 (id=1773): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/udp6\x00') preadv(r2, &(0x7f0000000380)=[{&(0x7f0000000540)=""/229, 0xe5}], 0x1, 0xa3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)) 6.270110679s ago: executing program 4 (id=1779): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'veth0_to_bridge\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0x5}, {0xfff1, 0xffff}, {0x4, 0x7}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0) 5.992400612s ago: executing program 4 (id=1782): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x3c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_NAT_DST={0x4}]}, 0x3c}}, 0x0) 5.929051723s ago: executing program 4 (id=1783): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000040)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@minixdf}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141442, 0x40) write$UHID_INPUT(r0, &(0x7f0000001440)={0x8, {"715b1a6a9fca300288d0d6f164694e9be52056879d4f7f9e17a2f387a1e887ad9fea8a741f3a85292a8ca98e1512418fbd5b5beafe58966442a9c6d52bdef586966362501755a16514ded809c856f4e58261695dbfb4d87cd5d13b78c6cf696afecb55cca3e7607479bc2ceded20d446347481aa05e3083992814f23f6ba955daa8c5988fcc3e1f4a1657a94b74a6161fb233fa5146129889ae615315f974fd1e2c6db572e40a4ec1325c81eff25243f2fbe74fc9cc389297c04d98213ca54c33fe33622c7ebe8f6e9712c07be77c43bddb575411faf61123d450d3c608e581d9d1fd5562abd932bbdf70ff573330754d8f2a3c38906aefc04f438f74482b6e4ec9501b6b43d08d910bda4fc230cfbdc06b2447775f53c6aa87b73a284167aee5e05fc8d867afd4b6b8c3ec81a23be5df245d8e21aa8a630de4b680f34fee2af9de02aeaf31aa7d15edbee78a2a7a621305217678c619a19d41e927e798df495ff28a6485e978bb29cf5f82e31ee8e142134e0845f5c1eaa9664c7dbbfcfcd9dc0567fd447f25de86bea1c28e8a9973e3d5f00e74d022f2b9a97ff08f404af3911f7f086643bfd9004c2500b1684e73c885374cb382bcb37fc82a31c79991b2547fbbba3c005b4d88825488599a8cf0cdaebb4d137232516c9f897d72d034a5b69d03be18c0a0958495e3c0f9b7b31f7684236be8772de10aef1446909f13fb49b4516d00f889efe72769585f4e1ffaa5fc9c0dbfa7b05efbaa14a3e240cf7603c6a487f4155f92bc22c262f496e2f30eef1b95cf28235c0273f295a136f122539ceccb412f7c08a019efb4c270a417db7deb6973a6d0370df72d12456b2d2187c4abdb632bc6323eaaa10f6e8c829d9b556b04498de35a355907c9a17b99b2effaca8ffbfe486493740f3dded005e8bf91b417e2cde579f9232c04807dd2f2da29faf183dee67430972a0c85ee9e9319a7b55b03b3db7d2623f3b16da80eee507de1f18b298a045f32970903d4ee04f99c8a6c086c93f465ad8493f3f2e0579993374b1941818c67c448c4e218e64467ea9755042b593a33f5f909ba7eb4c14be439964ff2c5ff2367710438f2d306e721042b39499b21b034cf9a95048a43e8d96eb88c7e372ee61e7a909b6e947d416b2ac672fa3683771cf6986bda28ccd50c448e31985adf2b836349d8e1ac3ea17dd9256bac1f3c47f39953fceddef2e12b9956ad44347142d836ef531528fd9cbc0c132ac6e270c9f5e4d950d62b788dfb1e337be9629a02f945897bdd5168d73d78ec3a7651465949f5027dcd0affb6b24063499d4afb57b80aa62efaefe607fb9073c79d7083c629bf11a56527fe85a41c3b347c7ef54c85a6e6d046994101ae7627e74d14337a9bb042f5f0aeca0a6199dedb3e4b1aa30760131e8d76d43d9991ac1b3c443b25d7c4c8153d1c7763e6f2fda8c404697668f6aa61f8e28d568320ed190ca635c74d9948adcaa53776a2db303b848723b414bd192511f557f2a426822acecfa3ce6f9bfd60c0144b1a55294387238fbb196addf0502ee9af4108682d056f8965ce4fca03d8ecdcf5f302eaea2de59bf663b15bf8a20ce874ff7d3958fe6da3301b678c2930129b3cb4413400388a59ae939c58d96043d93a57a980ed6b9f35751e059ef6c06cffa4f5c3f8ba1ba67f0160390ec77311e4e67d921bb40a29d448f274da50115c2c67baa3d6f39f9ddfaf3e67392d9e3802c353f0b855c927d6a45e445f58526a09793bcc2e72163fb1b7a779d99f230bd95e5bce797cacb0b8343dcf1be080f18040fe288b157b01b074d25fe44ab6b3c0362f1931f6b174412a8d6a2a645270e7430b3884ac16930105786e469d1d8bcf9ed4010ee3accf78ecc138a8b11c15798eeb29ef4fc3bc5b376807348e1647148c35a1aa3d7ed05dc3a11274887f04f035837a9ea81fcb5eaccd4f43f2f6bbf3c426f72e1423c9175c2b234be0fd3c40c15e5e35c5c7359c894e95f82797c48fdca7ef07a6fa6f0dd0bb9a24c4aa9050000000000005c67e60f8814f67d86caba122def954662ae2c6f4f99cfbb55214c61216e8c8f84e9b172129642d754a49c923c6c6f1ba820e99a513308a03c9a080be7224244f2bc1d99d93ddcb25a3d2e0a6b4b868f877760b019c8c475c3e0b90109c21c309e7bc0ffc48753aeb70e7884c8eac52b2fb8576ae917199bfeea255da4b54667320798db03440fabaebb1e8e181506bf93ac67ba128a14c9dcc45d9f07ddfea21e7da2bf4215bc73e82e9a7187cd5fa7c17f7710f2cdf59bb22ce786328af52f17349c42ca7bce681619246b8b467b7b4c60125ea5687e1cd9bf36a67023759a8baeccb60e84c7102f284436584d0508486d96af8ea8358f7ac1f9a21c1229eda8a1a273b999a74f39d3851b6aec92d120f2c4ca0b2852844b5529eb40db91749f221568850f23f089dd704434b6fe736ab7eb67ebd52943000770e0a57c6ff7c1420a225fdeca0cddcf4083a3f5f9fb37490dfdf2c8aae282558c8a4af6ec41f7788d6340053ff69311489323c403becde20ae84c6a8968717e8923c13723be082aab3edd7cf0fd1b2a1f64692911d9e49c4d7d20f8c9364c454fdb51ff376abbae26df57ab7d458772a919879ea7caada2c17fb0011ecc8ced3d7dfa39250fc3c8cc9d0f377860d8b58fd81952f50d732adc73e470c1f5778a49d7f3d507e5ab5cb798420f3a56d9d3ad76b75e5d41921a7ae04099968867c816f6d44c4a41cefbe31623d6899a00c28454bdc0ea17f284dcb39a0221989e3c2bbcc5556e8f870bbf98be4b57be438797995d221ecd0515e4c89c431ff7b595f35527911371cc324cd4c76d4ea68cfdd1eed120ec16e89e4ec4c5ac28039de8b3aa451e1e55631d599612e94630ad3d67ba79e03c4ff023e8ddfd10c09517df736a01af5488a87f551c7e8e41dd0d0d10c58f3053cbdef2c4fd72e51c2d9724360687ab6d0395023626bbfcab24737a50bb27d78ebfe11b5e40a71b2141254074b3dca3cf45456ea1860704b0d5da04710667bf6454c81b33b5b429d2764afd13338d60b928140c05e0b7f41c6fb19b911216ca2357d8171b3673b454b5017bbf34dabdf5fd0d7fb602399ec434f40bc0450cd6e418713c68b349b7deb3ef014b8ec7a62f686b37b1c3a8b60340d0bbf09a6965013c68317d7a2e07bcd3bcaa7cd2cbf34d64534e1ff9cb4ba32d9a5cde63e2da7dfdfcc86886a0ee01fa0d95b78a12085d6dfb62d622041e97d8f03f4727e865be656d9286d628a8950b55dc71058b6dec200049738824a8200023be3f93e740f2a8d241e57deeb642ff28140ee91424db3cf2fafdd8a7d9fc80a7a54da30029ef65df2e7900059ab1141985376e7f9f46e712b4536ed49778e0629d284f56eef0906d21536427333d8a7d6d7e74591031a526eea16a627c5d9f399ec4628a26d9812b68b501716b602564504ab8f16e76a19c608ac550fa52fb80af1e81b48abf13c9996cf47f34d8e943b7d48de31c0d5d794af157c16209d3c0632c2801ab17f05de2c2fb9b9b8c0a257c18a832ac743c9341042af1e56619154fc4f7b20c8de3edbb1636f0a098ed6f6858c27905b00798fd8bedda5eaeeb12ff19943dad0a7f069a9e01dfc9730568784a07c0a6b01623b11a1e6f86cab4d95bf256cd28b00c17b5df66dd4c393471f0f18c68aeae404f5f3fb66bbfd62f1511b35caddad004408fe3b182edf81ad50ac3a639121236968c6be1ba7f7bee6409a91f4c7caf077c2a94c6d8d547cc680a1d7e6cd57c328f6e21312ab76491565c5f4271cbf64ed2be12d770e927cba3cfa0fb89452285a69fe205bc9943eee4466ca8f9998997e2c1a1fe782c9e2241c51dc008bb8f6fe9a49edefae6f43d3e0cd207439745dfd4c347058a4ec3c3bbd56f3108b9a034600f78dc5c889621a6b78e2f7256034d53ae7877de459b6895d5849eb4a8099a62a4bd50d5b4d48cf82fae64985e1e22435fe5d5a4b9119eed5d8ee03a6d1675b7b75d47b8e20a44c05812b36cc2e31947a02c48262c5a875e562dbd4a1a8d045a37afabb28079d3904f53d466e5abab09b8e5e0a56dbae4c4cd9bc6640b47cc6616b2e7cf19c6e9591d32ab0cf87880c81d63948a508ad0cbd50e348d399daf51efb2b96ef9d56a8ba89d04bf5e7d4f7353f71d1a6cb78da6644574664d08e848cf97bab16d6acf70f0e8a06dad5c741cb5eb483f809c4c35307595f00d00bf6a1474aef94cfc913d08c612387172aabc802c17753c6ccd752eaa81e7eefd61c037f958e23bcb9c1510ea47bcaefa72f070809de9f79faede74c87231411b17b353382974bcd334cf983c85ad9e1844cdbd9181a5bb976c35b6a638ae8dd20119858f8c525d735779b2f8e244ed2fc0d900445fe1fe775b4bcb1d2e8d456fd6234ddfcad7fe7abf716d9f4b4a6ee83be812cdda17ec43a895a5c03e5359cce3de61d9736f8a4d66051891b1431f2e61a324f252bd0e9b32e23bd31a5405642bbd2cdc5d3e45b56530568f05a72d475a7d3505b26d9fcdaeb30a62ddf09bcd9e59c1f34e375149782b8019a7a9883fd93397acb338af428f1e015a671b5c11651d3c0168f747fdc6e1fb084bdcbd760adce881492b2bbb76c0a1327e76c9c7ce0afff2f80ec30f2be04d9f93a9b291cc01bcc03f7b67e16a7f1bcc838aab9240df99691a2781da614fdcecf5115382e1357460f4b8e3a577d3ae922379eadc2416d40028c785905bb43a41f5fb7189a8704b8e492c86bd82d0560f81796693e74f08739b632e5226d3c3a963caf5db455ac20288d472611e7dc243531fd66718e94daa2bf93a30a38e6a497a50f2472a72bf9c4689e54105c44cd074bb87e087735791b436d6553c5f2b61ff75dc64ba597b77f7ea42a0ec14dc08107e7bbe97ae519beb5e18a8859493afd097d4609a3a2025fe9603b85f2b1350336d92e15d0bdea3a42bb8775ff2b38babf2ec27e77452c93a05a798ec789a6a012047481ea8e1a8dfc77a9f0f6ddebb9f3503702b147f663f01f70cdfc29afe0cfd7823823fa2e139ea7d1a010a67bb3a31e620aff5cbe1a99ac3cd0f91c472dd021213edf5a9225941b575e27f99c0cb94eb9598a443ec7665335305895ebc28e3f8d34adf6aa37084f823d293ba9dcb2f73d88457d0a55c9202dd309a9b36daa4e50c8f9c93ec7644a7a730b6b947f0f2381a34d67bce50e790a7655a34a2f70723f360af014befa4fd3dbbb8bc2f1461eb48b987a8b772b3ad31a1077c59ef45e4b2870739454ef56402115ab427527e67b6a6a97b2bb3d7a2c13d2a55d1032a64b83efc13939589e46abd78bcc493529cf38581fe3160b2c6eb5a9ac6cee0b05618e51450af077fba0dc943089f112e67a2c654ad94157e95295219d0bbab3a02a2c9ec08ce9d904a703760dc41a7943d52561aeb5519e82d0d390365cfd796434c3decf733d8f09789af0b990f4f9b791cf0d677f34d85fc2b3583b21737955cbaa098963bfa39755f335329f265db75c5d406a0a91ed76563a3ed5f3d2877c2b4b81dc1eaccde6d642c0d8791482e27c64103fc87a55ae91e7adf49ddc1dace5c3108d6a496d678ec5ba09b2a9e6990cb63ac3e4b787661800d11c73da87bf5d297c1fb531aa105d30464b0e023e4212a0d4a0ac119c1568280d49d084729e680a0f453a725ed08454fa874cf22f5718e2afd995a1d7acbe92e0a49307f1b322367dc12b3673708024a85fcc643bd00", 0x1000}}, 0x1006) 5.907006743s ago: executing program 0 (id=1784): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d) recvmmsg(r3, &(0x7f00000021c0), 0x5b, 0x40, 0x0) 5.900030403s ago: executing program 3 (id=1785): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000080)=0x1, 0x4) bind$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendto$inet(r0, 0x0, 0x0, 0x28040041, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0xffffffffffffff99, &(0x7f00000001c0)=[{&(0x7f0000000280)="1f", 0x1}], 0x1}, 0x8c0) recvmmsg(r0, &(0x7f00000005c0), 0x40000000000026c, 0x0, 0x0) 5.176342942s ago: executing program 3 (id=1786): r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f00000020c0)=[{{&(0x7f00000000c0)={0x2, 0x6e20, @empty}, 0x10, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) 5.143374832s ago: executing program 0 (id=1787): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x27, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b00)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a15f87b68bda69a800", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffc}, 0x3c) 5.052323873s ago: executing program 3 (id=1789): syz_open_dev$usbfs(&(0x7f0000000000), 0x40000078, 0x515603) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000200), 0x4, 0x40100) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000005c0)={r4, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1c, 0x1c, "fee8a2ab78fc179fd1f8a0e9a1af1ea09dc2b7fb0a010000000000000000030000000000000000000000000000000000000000000000001b00", "28095397bab22d0000b42076c1ce8ef05f819e01177d3d458dac0000000000000000000800000000003788cf8f00", "90be8b1c5512406c7f00", [0x4, 0xa]}}) r5 = syz_open_dev$loop(&(0x7f0000000300), 0x8f, 0x40240) ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000001280)={r3, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0xe, 0x14, "fee8a2ab78fc179fd1f809000000aca7ca64c6a4b4e00d9683dda1af01000000deff1200100000000000000000000000000800", "2809e8dbe1b22d0000b420a1a93c7540f476779e0117613dd4070000ebff08000000000000000000020000000800000000faffffff00", "e7460000102000000000e4440000002000000000000000000000008bd02800", [0xe0]}}) 3.443807631s ago: executing program 3 (id=1790): setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r3, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff4c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000ac0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20080058) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r4, 0xffffffffffffffff, 0x0) 3.430821951s ago: executing program 0 (id=1791): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)={0x30, r1, 0x5, 0x70bd2b, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_MAX_PEER_LINKS={0x6, 0x4, 0x66}, @NL80211_MESHCONF_MAX_RETRIES={0x5, 0x5, 0xb}]}]}, 0x30}}, 0x0) 2.117215006s ago: executing program 4 (id=1793): r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) fchdir(r0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0xe41, 0x0) mount(&(0x7f0000000000), &(0x7f0000000280)='./cgroup\x00', 0x0, 0x75809, 0x0) mount(0x0, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x21a8f5, 0x0) 2.028400087s ago: executing program 0 (id=1794): r0 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x12, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000071180a000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0xb, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x40000, 0x6) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r2, 0xb, 0x0, @void}, 0x10) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x4001, 0x0, @loopback}, 0x4f) 1.929859068s ago: executing program 3 (id=1796): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000080)=0x1, 0x4) bind$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendto$inet(r0, 0x0, 0x0, 0x28040041, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0xffffffffffffff99, &(0x7f00000001c0)=[{&(0x7f0000000280)="1f", 0x1}], 0x1}, 0x8c0) recvmmsg(r0, &(0x7f00000005c0), 0x40000000000026c, 0x0, 0x0) 1.708512971s ago: executing program 2 (id=1797): syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) openat$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file0/file1\x00', 0x40, 0x83) chdir(&(0x7f0000000140)='./file0\x00') capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40}) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r0, 0xc0189436, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x5f, 0x3}) 1.702714591s ago: executing program 2 (id=1798): r0 = socket(0x200000100000011, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'hsr0\x00', 0x0}) bind$packet(r0, &(0x7f0000000080)={0x11, 0x0, r2, 0x1, 0x7, 0x6, @local}, 0x14) sendmsg$netlink(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYRESDEC=r1], 0x34}], 0x1, 0x0, 0x0, 0x40000}, 0x20000810) 1.408899804s ago: executing program 1 (id=1799): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18) syz_emit_ethernet(0xc2, &(0x7f0000000380)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb4, 0x0, 0x0, 0xfb, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x3, 0x24, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x7, @loopback, @rand_addr=0x640100fe, {[@cipso={0x86, 0x77, 0x0, [{0x0, 0xc, "e256b28c590300000052"}, {0x0, 0x9, "020007651442eb"}, {0x0, 0xe, "7434954373561de584b703c8"}, {0x0, 0x9, "e706d30bd224f8"}, {0x2, 0x7, "cfa11cab1a"}, {0x0, 0x10, "8475be675de6a70a05a0dc91e5c6"}, {0x0, 0xa, "0000000000800000"}, {0x0, 0x12, "73bc23f9ffffffa30900a301c8460000"}, {0x0, 0x12, "c8f46976e79ea788f03d9d3205927e3d"}]}, @cipso={0x86, 0x6, 0x20}]}}, "fd85b2d1"}}}}}, 0x0) 1.316879055s ago: executing program 2 (id=1800): syz_open_dev$usbfs(&(0x7f0000000000), 0x40000078, 0x515603) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000200), 0x4, 0x40100) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000005c0)={r4, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1c, 0x1c, "fee8a2ab78fc179fd1f8a0e9a1af1ea09dc2b7fb0a010000000000000000030000000000000000000000000000000000000000000000001b00", "28095397bab22d0000b42076c1ce8ef05f819e01177d3d458dac0000000000000000000800000000003788cf8f00", "90be8b1c5512406c7f00", [0x4, 0xa]}}) r5 = syz_open_dev$loop(&(0x7f0000000300), 0x8f, 0x40240) ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000001280)={r3, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0xe, 0x14, "fee8a2ab78fc179fd1f809000000aca7ca64c6a4b4e00d9683dda1af01000000deff1200100000000000000000000000000800", "2809e8dbe1b22d0000b420a1a93c7540f476779e0117613dd4070000ebff08000000000000000000020000000800000000faffffff00", "e7460000102000000000e4440000002000000000000000000000008bd02800", [0xe0]}}) 1.283687295s ago: executing program 1 (id=1801): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback={0xff00000000000000}, 0x5}, 0x1c) 1.229416616s ago: executing program 1 (id=1802): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008000}, 0x80) 1.152827537s ago: executing program 1 (id=1803): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r0, 0x29, 0xcb, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x71bd0000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) syz_open_procfs$namespace(0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8000000, 0x3, 0x2b0, 0x0, 0xffffffff, 0xffffffff, 0x110, 0xffffffff, 0x1e0, 0xffffffff, 0xffffffff, 0x1e0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @private1, [0xff000000, 0xffffff00, 0x6dc8f3d6512d1aed, 0xffffffff], [0xff, 0xff000000, 0xff000000], 'bond_slave_0\x00', 'batadv0\x00', {}, {}, 0x3c, 0x2, 0x0, 0xe}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x10}, @mcast1, [0x0, 0x0, 0xff], [0x0, 0x0, 0xffffff00], 'veth1\x00', 'wlan1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0xd4b}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x835, 0x0) setxattr$security_capability(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000040), 0x0, 0x0, 0x1) setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000200), 0x0, 0x0, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000480)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002180)=ANY=[@ANYBLOB="400000001000050400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000200012800b00010065727370616e0000100002800500130000000000040012003ce38c2edfa65077d392eb92e2fa34c1a11e371a8171eeca0883a48f283fa872851fc8111848ce3c6584373a05a185562162d663129f5bc977261969d2a6ad30d4d7c44a80b0d4aa0d2e51ca9b856b7058e3f8be42f8c073bd32cc3969bac9e834b3e6605d976e3cb6"], 0x40}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000002840)='/proc/tty/drivers\x00', 0x0, 0x0) 711.506102ms ago: executing program 3 (id=1804): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000440)={{0xffbe, 0x5, 0x2, 0x5}, 'syz1\x00', 0x53}) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x12) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x2) ioctl$UI_DEV_CREATE(r2, 0x5501) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00', {0x7, 0x3, 0x1, 0x9}, 0x7, [0x4, 0x6, 0x802, 0xe9a2, 0x1, 0x0, 0xa9ba, 0x2, 0x1, 0x7f5b, 0x3, 0x6, 0x2, 0x10000, 0x2, 0x3, 0x0, 0x3, 0xe, 0x3, 0x0, 0x2, 0xd9, 0x2, 0x6, 0x3, 0x3, 0x9, 0xfff, 0x8a0, 0x6, 0x8001, 0x33b5, 0x1, 0xfffffffc, 0x0, 0x0, 0xb, 0xcc, 0x5, 0x80, 0x401, 0x5, 0x5, 0xfffffffd, 0x8, 0xb, 0x3, 0xffff8001, 0x6, 0x3, 0x80000000, 0x1, 0x9, 0x7, 0x0, 0x5, 0xfff, 0x1, 0x7fe, 0x7fff, 0x10000, 0x2, 0x8], [0x2, 0x1, 0x10000, 0x7, 0x9, 0x6, 0x5, 0x4, 0x9, 0x7, 0x5, 0xdd5a, 0x6, 0x5, 0x7, 0x8, 0x5, 0xcc, 0xbc1, 0x80000, 0x0, 0x5e81339d, 0xffffc256, 0x5, 0x80000201, 0x0, 0xfffffffd, 0x4, 0x4, 0xa, 0xa, 0x1, 0x1, 0x5, 0x5, 0xfffffb66, 0xfb5, 0x2, 0x4, 0x9550, 0x2, 0x8000, 0x7fff, 0x8001, 0x9425, 0x4, 0x6f, 0x80b, 0x1, 0x6, 0x525ba681, 0x4f74, 0x7, 0x1, 0x1, 0x8, 0x100, 0x6, 0x10000, 0x1306, 0x800, 0x10000, 0xfe4, 0x3ff], [0x2, 0x40, 0x4, 0xfffffff9, 0x7aa, 0x10, 0x80, 0x8001, 0x5, 0x0, 0x9, 0x8, 0x7fffffff, 0x3ff, 0x1, 0x4, 0x8, 0x1, 0x7, 0x9, 0x6, 0x4, 0x5, 0xffffffff, 0x3, 0x2, 0x0, 0x3, 0x4c, 0x3, 0x5, 0x2, 0xd21e, 0x9, 0x13, 0x0, 0x2, 0xfff, 0x6, 0x9, 0x7c83, 0xd, 0x1, 0x2, 0xf, 0x3, 0x47, 0x7, 0x0, 0x11, 0x3, 0xdfd, 0x7, 0x7, 0x7ffd, 0x7ff, 0x10, 0x2, 0x10001, 0x1, 0x0, 0x6, 0x71c, 0x2], [0x81, 0x3, 0x10, 0x4e26, 0x2, 0x40, 0xfffffff3, 0x497, 0x6, 0x1, 0x3, 0x5, 0x56, 0xc29, 0x9, 0x5, 0x5, 0x8000000a, 0x79a, 0x40, 0x40009, 0x6, 0xc41f, 0x5, 0x8b6, 0xffffffff, 0x0, 0x0, 0x6a, 0x9, 0x0, 0x0, 0x1003, 0x10, 0xd, 0x6, 0x8000, 0x3ff, 0xf, 0x4, 0x1, 0xffffb027, 0xfffffff8, 0x9, 0x7, 0x7, 0x101, 0x7, 0x7, 0x4, 0x0, 0xb, 0x400, 0x8, 0x0, 0x8, 0x100007, 0x9a33247, 0x8, 0x0, 0x1, 0x8001, 0xfffffff7, 0x5]}, 0x45c) 664.306073ms ago: executing program 0 (id=1805): r0 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r0, 0x40146f2c, &(0x7f0000000100)={0x1, 0x0, 0x3, 0x15}) 310.825936ms ago: executing program 2 (id=1806): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x5c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0, 0x0, 0x40}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x9}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x5c}}, 0x80) 291.47µs ago: executing program 2 (id=1807): write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000730eb98895c179d943fcbc000000000000000073797a310000000000000000000000000000000000000000000000000000000000002a793dad021d26f3000000000000000000000000000000000000000000007379"], 0x1aa) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$getregset(0x4205, r0, 0x409, &(0x7f00000002c0)={0x0}) 93.64µs ago: executing program 0 (id=1808): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x1403, 0x1, 0x70bd2a, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) syz_open_dev$video(&(0x7f0000000000), 0x7ff, 0x0) socket$netlink(0x10, 0x3, 0x9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r2 = socket$kcm(0xa, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000a00)=@generic={0xa, "8ab77fa26849ff26650042e2dacd00005efe0000000162e2adacd2737d00ad6f9fa9f3d7145e15dd9d6d2e19c211220940ad5def53b911ba5b9da13641f9826d7012a749f54b901ee80ea6132ca6e88c776553e1833052ca376304313c4b37780136a4b838570400"}, 0x80, 0x0}, 0x0) capset(0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000006040)={&(0x7f00000001c0)={0x20, 0x140f, 0x1, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0081) 0s ago: executing program 2 (id=1809): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/udp6\x00') preadv(r2, &(0x7f0000000380)=[{&(0x7f0000000540)=""/229, 0xe5}], 0x1, 0xa3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)) 0s ago: executing program 0 (id=1813): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff000000000000000458000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1) syz_genetlink_get_family_id$tipc2(&(0x7f0000001f00), r1) kernel console output (not intermixed with test programs): 8] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.507519][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 55.518048][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.526978][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 55.536150][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.547036][ T4199] device veth1_vlan entered promiscuous mode [ 55.557955][ T4189] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.567414][ T4189] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.576576][ T4189] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.585478][ T4189] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.599409][ T4188] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.609807][ T4188] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.618886][ T4188] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.627877][ T4188] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.689401][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.703274][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.721500][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.740364][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.749136][ T4199] device veth0_macvtap entered promiscuous mode [ 55.759166][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 55.769233][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 55.777390][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 55.786259][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.796398][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 55.815928][ T4199] device veth1_macvtap entered promiscuous mode [ 55.846434][ T4199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 55.861832][ T4199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 55.872001][ T4199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 55.883085][ T4232] Bluetooth: hci0: command 0x040f tx timeout [ 55.887930][ T4199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 55.889178][ T4232] Bluetooth: hci1: command 0x040f tx timeout [ 55.899029][ T4199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 55.905500][ T4232] Bluetooth: hci3: command 0x040f tx timeout [ 55.921026][ T4199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 55.931307][ T4199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 55.941960][ T4199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 55.958007][ T4199] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.963603][ T4229] Bluetooth: hci2: command 0x040f tx timeout [ 55.973710][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.988125][ T4229] Bluetooth: hci4: command 0x040f tx timeout [ 55.999474][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.009372][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 56.017335][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 56.026435][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.036201][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 56.046186][ T4199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.056805][ T4199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.067803][ T4199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.078490][ T4199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.088581][ T4199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.099035][ T4199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.109029][ T4199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.119936][ T4199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.131683][ T4199] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.154045][ T4199] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.184447][ T4199] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.198050][ T4199] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.206961][ T4199] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.243233][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 56.252638][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 56.316771][ T4246] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.329097][ T4246] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.353568][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 56.353707][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.397653][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.437920][ T4276] xt_hashlimit: size too large, truncated to 1048576 [ 56.455833][ T4272] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 56.479231][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.500686][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.557626][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 56.613418][ T4272] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.625791][ T4272] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.638593][ T4246] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.668152][ T4246] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.685808][ T4272] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 56.738816][ T4272] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 56.804218][ T4285] IPv6: addrconf: prefix option has invalid lifetime [ 56.820773][ T4236] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.836930][ T4236] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.910740][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 56.955611][ T4291] vivid-001: disconnect [ 56.991273][ T4290] vivid-001: reconnect [ 57.050968][ T4293] loop4: detected capacity change from 0 to 256 [ 57.228137][ T4301] hub 8-0:1.0: USB hub found [ 57.234943][ T4301] hub 8-0:1.0: 1 port detected [ 57.681383][ T4293] FAT-fs (loop4): Directory bread(block 64) failed [ 57.822709][ T4293] FAT-fs (loop4): Directory bread(block 65) failed [ 57.846508][ T4293] FAT-fs (loop4): Directory bread(block 66) failed [ 57.878713][ T4293] FAT-fs (loop4): Directory bread(block 67) failed [ 57.902168][ T4308] loop2: detected capacity change from 0 to 512 [ 57.910724][ T4293] FAT-fs (loop4): Directory bread(block 68) failed [ 57.928142][ T4293] FAT-fs (loop4): Directory bread(block 69) failed [ 57.963685][ T4232] Bluetooth: hci3: command 0x0419 tx timeout [ 57.973853][ T4293] FAT-fs (loop4): Directory bread(block 70) failed [ 57.980469][ T4293] FAT-fs (loop4): Directory bread(block 71) failed [ 58.003178][ T4293] FAT-fs (loop4): Directory bread(block 72) failed [ 58.008369][ T4232] Bluetooth: hci1: command 0x0419 tx timeout [ 58.010607][ T4293] FAT-fs (loop4): Directory bread(block 73) failed [ 58.054786][ T4232] Bluetooth: hci0: command 0x0419 tx timeout [ 58.175039][ T4308] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.16: corrupted in-inode xattr [ 58.209072][ T4230] Bluetooth: hci4: command 0x0419 tx timeout [ 58.215583][ T4230] Bluetooth: hci2: command 0x0419 tx timeout [ 58.248379][ T4308] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.16: couldn't read orphan inode 15 (err -117) [ 58.262295][ T4316] tipc: Started in network mode [ 58.315877][ T4308] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 58.383711][ T4316] tipc: Node identity 2e5beef9f04c, cluster identity 4711 [ 58.550996][ T4316] tipc: Enabled bearer , priority 0 [ 58.890330][ T4322] device syzkaller0 entered promiscuous mode [ 59.073572][ T4315] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 465: padding at end of block bitmap is not set [ 59.090911][ T4316] tipc: Resetting bearer [ 59.241685][ T4313] tipc: Resetting bearer [ 59.260712][ T4313] tipc: Disabling bearer [ 62.042767][ C0] sched: RT throttling activated [ 62.400676][ T4350] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 62.929310][ T4362] input: syz0 as /devices/virtual/input/input5 [ 63.004608][ T4364] netlink: 8 bytes leftover after parsing attributes in process `syz.2.33'. [ 63.040071][ T4367] loop1: detected capacity change from 0 to 512 [ 63.082709][ T4364] netlink: 40 bytes leftover after parsing attributes in process `syz.2.33'. [ 63.259766][ T4370] loop4: detected capacity change from 0 to 8192 [ 63.342401][ T4367] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 63.381093][ T4367] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 63.681507][ T4378] netlink: 28 bytes leftover after parsing attributes in process `syz.2.40'. [ 63.860009][ T4367] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1176: group 0, block bitmap and bg descriptor inconsistent: 222 vs 220 free clusters [ 63.972214][ T4230] Bluetooth: hci2: command 0x0406 tx timeout [ 63.985366][ T4367] EXT4-fs (loop1): Remounting filesystem read-only [ 63.992423][ T4367] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2807: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 64.018093][ T4367] EXT4-fs (loop1): 1 truncate cleaned up [ 64.026800][ T4367] EXT4-fs (loop1): mounted filesystem without journal. Opts: nogrpid,errors=remount-ro,debug_want_extra_isize=0x0000000000000066,nodioread_nolock,nodiscard,jqfmt=vfsv0,. Quota mode: none. [ 66.466931][ T4427] device bridge0 entered promiscuous mode [ 66.479437][ T4427] bridge0: port 3(vlan3) entered blocking state [ 66.487527][ T4427] bridge0: port 3(vlan3) entered disabled state [ 66.537340][ T4427] device bridge0 left promiscuous mode [ 66.538103][ T4429] Zero length message leads to an empty skb [ 66.590778][ T4429] No such timeout policy "syz1" [ 66.655154][ T4431] device syzkaller0 entered promiscuous mode [ 66.743008][ T23] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 66.921798][ T4439] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 66.969614][ T4438] netlink: 24 bytes leftover after parsing attributes in process `syz.3.61'. [ 67.093090][ T23] usb 3-1: Using ep0 maxpacket: 16 [ 67.223440][ T23] usb 3-1: config 0 has an invalid interface number: 104 but max is 1 [ 67.262527][ T23] usb 3-1: config 0 has an invalid interface number: 104 but max is 1 [ 67.381509][ T23] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 67.400751][ T23] usb 3-1: config 0 has no interface number 0 [ 67.411185][ T23] usb 3-1: config 0 interface 104 altsetting 0 endpoint 0x8 has invalid maxpacket 12336, setting to 64 [ 67.423711][ T23] usb 3-1: config 0 interface 104 has no altsetting 1 [ 67.759532][ T23] usb 3-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice= 0.00 [ 67.769620][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 67.778484][ T23] usb 3-1: Product: syz [ 67.782696][ T23] usb 3-1: Manufacturer: syz [ 67.787745][ T23] usb 3-1: SerialNumber: syz [ 67.798707][ T23] usb 3-1: config 0 descriptor?? [ 67.806912][ T4445] loop1: detected capacity change from 0 to 1024 [ 67.938218][ T23] asix: probe of 3-1:0.104 failed with error -22 [ 68.237208][ T4445] ======================================================= [ 68.237208][ T4445] WARNING: The mand mount option has been deprecated and [ 68.237208][ T4445] and is ignored by this kernel. Remove the mand [ 68.237208][ T4445] option from the mount to silence this warning. [ 68.237208][ T4445] ======================================================= [ 68.344333][ T4445] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.64: Invalid block bitmap block 0 in block_group 0 [ 68.376347][ T4231] usb 3-1: USB disconnect, device number 2 [ 68.390330][ T4445] Quota error (device loop1): write_blk: dquota write failed [ 68.401864][ T4445] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 68.411999][ T4445] EXT4-fs error (device loop1): ext4_acquire_dquot:6236: comm syz.1.64: Failed to acquire dquot type 0 [ 68.423865][ T4445] EXT4-fs error (device loop1): ext4_free_blocks:6231: comm syz.1.64: Freeing blocks not in datazone - block = 0, count = 4096 [ 68.460468][ T4445] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz.1.64: Invalid inode bitmap blk 0 in block_group 0 [ 68.477580][ T4381] Quota error (device loop1): remove_tree: Getting block too big (0 >= 8) [ 68.491948][ T4445] EXT4-fs error (device loop1) in ext4_free_inode:362: Corrupt filesystem [ 68.511766][ T4381] EXT4-fs error (device loop1): ext4_release_dquot:6272: comm kworker/u4:10: Failed to release dquot type 0 [ 68.526990][ T4445] EXT4-fs (loop1): 1 orphan inode deleted [ 68.532892][ T4445] EXT4-fs (loop1): mounted filesystem without journal. Opts: ; ,errors=continue. Quota mode: writeback. [ 68.598416][ T4445] syz.1.64 (4445) used greatest stack depth: 20760 bytes left [ 69.349009][ T4468] loop2: detected capacity change from 0 to 512 [ 69.401718][ T4468] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 69.414109][ T4469] No such timeout policy "syz1" [ 69.428511][ T4468] EXT4-fs (loop2): fragment/cluster size (8192) != block size (4096) [ 69.874174][ T4477] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 69.911582][ T4476] loop3: detected capacity change from 0 to 4096 [ 69.932506][ T4477] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 70.011264][ T4476] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 71.207509][ T4485] loop4: detected capacity change from 0 to 1024 [ 71.236801][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.243399][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.307167][ T4485] EXT4-fs (loop4): Ignoring removed oldalloc option [ 71.324087][ T4485] EXT4-fs (loop4): Ignoring removed oldalloc option [ 71.416958][ T4485] EXT4-fs (loop4): can't mount with journal_checksum, fs mounted w/o journal [ 73.395877][ T4511] device syzkaller0 entered promiscuous mode [ 73.413677][ T4515] netlink: 4 bytes leftover after parsing attributes in process `syz.2.87'. [ 73.444158][ T4515] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 73.453297][ T4515] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 73.462030][ T4515] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 73.470788][ T4515] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 73.490351][ T4515] netlink: 4 bytes leftover after parsing attributes in process `syz.2.87'. [ 73.705404][ T4523] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 73.817156][ T4524] loop3: detected capacity change from 0 to 512 [ 73.840405][ T4524] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 74.068627][ T4524] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2802e12c, mo2=0002] [ 74.160994][ T4524] System zones: 1-12 [ 74.301652][ T4524] EXT4-fs (loop3): orphan cleanup on readonly fs [ 74.418896][ T4524] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.91: invalid indirect mapped block 12 (level 1) [ 74.574017][ T4524] EXT4-fs (loop3): Remounting filesystem read-only [ 74.580569][ T4524] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.91: invalid indirect mapped block 2 (level 2) [ 74.609646][ T4524] EXT4-fs (loop3): Remounting filesystem read-only [ 74.633235][ T4524] EXT4-fs (loop3): 1 truncate cleaned up [ 74.650155][ T4524] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,jqfmt=vfsv1,noload,errors=remount-ro,i_version. Quota mode: none. [ 74.836383][ T4536] input: syz0 as /devices/virtual/input/input6 [ 75.546837][ T4540] loop4: detected capacity change from 0 to 512 [ 75.632997][ T4540] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 75.838534][ T4540] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 75.852973][ T4540] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01d, mo2=0142] [ 75.864188][ T4540] EXT4-fs (loop4): couldn't mount RDWR because of unsupported optional features (80) [ 75.904411][ T4540] EXT4-fs (loop4): Skipping orphan cleanup due to unknown ROCOMPAT features [ 76.013405][ T4540] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,abort,nomblk_io_submit,noblock_validity,nolazytime,jqfmt=vfsold,dax=inode,barrier=0x000000000000d95a,debug,,errors=continue. Quota mode: none. [ 76.624510][ T1334] cfg80211: failed to load regulatory.db [ 76.672156][ T4555] binfmt_misc: register: failed to install interpreter file ./file0 [ 77.646609][ T4563] No such timeout policy "syz1" [ 77.668039][ T4561] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 77.716228][ T4564] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 77.794651][ T4561] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 78.528740][ T4579] netlink: 20 bytes leftover after parsing attributes in process `syz.3.109'. [ 79.558531][ T4230] Bluetooth: hci3: command 0x0406 tx timeout [ 79.882980][ T23] Bluetooth: hci0: command 0x0406 tx timeout [ 80.177123][ T4589] could not allocate digest TFM handle hmac(sha3-224) [ 80.495030][ T4612] capability: warning: `syz.1.120' uses 32-bit capabilities (legacy support in use) [ 82.257117][ T4639] hfs: can't find a HFS filesystem on dev nullb0 [ 83.015700][ T4645] netlink: 4 bytes leftover after parsing attributes in process `syz.0.132'. [ 83.173224][ T4645] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 83.181963][ T4645] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 83.190742][ T4645] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 83.195551][ T4649] No such timeout policy "syz1" [ 83.199464][ T4645] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 83.215915][ T4645] netlink: 4 bytes leftover after parsing attributes in process `syz.0.132'. [ 88.015650][ T4724] No such timeout policy "syz1" [ 88.408685][ T4738] loop0: detected capacity change from 0 to 512 [ 88.508663][ T4738] EXT4-fs error (device loop0): ext4_orphan_get:1432: comm syz.0.162: bad orphan inode 11862016 [ 88.536463][ T4738] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 88.570889][ T4738] ext4 filesystem being mounted at /37/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.270195][ T4760] netlink: 8 bytes leftover after parsing attributes in process `syz.3.168'. [ 89.309927][ T4760] netlink: 'syz.3.168': attribute type 26 has an invalid length. [ 90.614904][ T4782] loop0: detected capacity change from 0 to 128 [ 90.713590][ T4782] EXT4-fs (loop0): Test dummy encryption mode enabled [ 90.810209][ T4782] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption=v1,bsdgroups,,errors=continue. Quota mode: none. [ 90.833089][ T4782] ext4 filesystem being mounted at /41/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 91.406674][ T4229] Bluetooth: hci1: command 0x0406 tx timeout [ 91.740327][ T4793] EXT4-fs error (device loop0): ext4_validate_block_bitmap:420: comm ext4lazyinit: bg 0: bad block bitmap checksum [ 91.810477][ T4811] No such timeout policy "syz1" [ 93.408623][ T4830] loop0: detected capacity change from 0 to 512 [ 93.661917][ T4830] EXT4-fs (loop0): Ignoring removed nobh option [ 93.701302][ T4830] fscrypt (loop0, inode 2): Error -61 getting encryption context [ 93.733055][ T4830] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -61 [ 93.778533][ T4830] EXT4-fs error (device loop0): ext4_orphan_get:1406: inode #13: comm syz.0.191: inode has both inline data and extents flags [ 93.863290][ T4830] EXT4-fs error (device loop0): ext4_orphan_get:1411: comm syz.0.191: couldn't read orphan inode 13 (err -117) [ 93.893035][ T4830] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,nouid32,nobh,stripe=0x000000000000ffff,block_validity,grpjquota=",errors=continue. Quota mode: writeback. [ 94.112065][ T4842] loop0: detected capacity change from 0 to 512 [ 94.208749][ T4842] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 94.263452][ T4842] EXT4-fs (loop0): 1 truncate cleaned up [ 94.278285][ T4842] EXT4-fs (loop0): mounted filesystem without journal. Opts: init_itable=0x0000000000000200,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,user_xattr,data=journal,quota,,errors=continue. Quota mode: writeback. [ 94.472996][ T4845] IPVS: set_ctl: invalid protocol: 43 0.0.0.0:20003 [ 94.739311][ T4851] netlink: 'syz.3.197': attribute type 8 has an invalid length. [ 94.747161][ T4851] netlink: 8 bytes leftover after parsing attributes in process `syz.3.197'. [ 95.422619][ T4854] loop3: detected capacity change from 0 to 256 [ 95.626355][ T4854] FAT-fs (loop3): Directory bread(block 64) failed [ 95.725485][ T4854] FAT-fs (loop3): Directory bread(block 65) failed [ 95.745433][ T4854] FAT-fs (loop3): Directory bread(block 66) failed [ 95.745496][ T4854] FAT-fs (loop3): Directory bread(block 67) failed [ 95.745558][ T4854] FAT-fs (loop3): Directory bread(block 68) failed [ 95.745592][ T4854] FAT-fs (loop3): Directory bread(block 69) failed [ 95.745655][ T4854] FAT-fs (loop3): Directory bread(block 70) failed [ 95.745682][ T4854] FAT-fs (loop3): Directory bread(block 71) failed [ 95.745742][ T4854] FAT-fs (loop3): Directory bread(block 72) failed [ 95.745769][ T4854] FAT-fs (loop3): Directory bread(block 73) failed [ 96.481367][ T4879] tmpfs: Unknown parameter 'quota' [ 97.011629][ T4889] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280 [ 99.008708][ T4922] No such timeout policy "syz1" [ 99.084195][ T4925] netlink: 20 bytes leftover after parsing attributes in process `syz.0.226'. [ 100.040780][ T4950] loop2: detected capacity change from 0 to 512 [ 100.145289][ T4950] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 100.199804][ T4950] ext4 filesystem being mounted at /37/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 101.659532][ T4997] capability: warning: `syz.2.256' uses deprecated v2 capabilities in a way that may be insecure [ 101.807552][ T5003] No such timeout policy "syz1" [ 101.859945][ T5004] netlink: 8 bytes leftover after parsing attributes in process `syz.0.259'. [ 103.022135][ T5024] loop1: detected capacity change from 0 to 1024 [ 103.029438][ T5019] netlink: 12 bytes leftover after parsing attributes in process `syz.0.264'. [ 103.048764][ T5024] EXT4-fs (loop1): Ignoring removed bh option [ 103.065410][ T5024] EXT4-fs (loop1): inline encryption not supported [ 103.081746][ T5024] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000] [ 103.099180][ T5024] EXT4-fs error (device loop1): ext4_map_blocks:631: inode #3: block 2: comm syz.1.266: lblock 2 mapped to illegal pblock 2 (length 1) [ 103.178563][ T5024] Quota error (device loop1): qtree_write_dquot: dquota write failed [ 103.211719][ T5024] EXT4-fs error (device loop1): ext4_map_blocks:631: inode #3: block 48: comm syz.1.266: lblock 0 mapped to illegal pblock 48 (length 1) [ 103.257453][ T5024] Quota error (device loop1): v2_write_file_info: Can't write info structure [ 103.267314][ T5024] EXT4-fs error (device loop1): ext4_acquire_dquot:6236: comm syz.1.266: Failed to acquire dquot type 0 [ 103.288642][ T5024] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 103.357245][ T5024] EXT4-fs error (device loop1): ext4_evict_inode:284: inode #11: comm syz.1.266: mark_inode_dirty error [ 103.387904][ T5024] EXT4-fs warning (device loop1): ext4_evict_inode:287: couldn't mark inode dirty (err -117) [ 103.417420][ T5024] EXT4-fs (loop1): 1 orphan inode deleted [ 103.431900][ T5024] EXT4-fs (loop1): mounted filesystem without journal. Opts: usrquota,noblock_validity,bh,max_batch_time=0x00000000000008c9,debug,inlinecrypt,,errors=continue. Quota mode: writeback. [ 103.454976][ T4379] EXT4-fs error (device loop1): ext4_map_blocks:631: inode #3: block 1: comm kworker/u4:9: lblock 1 mapped to illegal pblock 1 (length 1) [ 103.491328][ T4379] Quota error (device loop1): remove_tree: Can't read quota data block 1 [ 103.511647][ T4379] EXT4-fs error (device loop1): ext4_release_dquot:6272: comm kworker/u4:9: Failed to release dquot type 0 [ 103.602112][ T5024] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback. [ 104.595121][ T5034] syz.1.270 uses obsolete (PF_INET,SOCK_PACKET) [ 104.998541][ T5053] loop1: detected capacity change from 0 to 512 [ 105.136468][ T5053] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,journal_dev=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 105.184636][ T5053] ext4 filesystem being mounted at /39/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 105.459654][ T5053] EXT4-fs (loop1): shut down requested (1) [ 105.744201][ T5072] tipc: Started in network mode [ 105.766354][ T5072] tipc: Node identity 9aacec69d11f, cluster identity 4711 [ 105.834704][ T5072] tipc: Enabled bearer , priority 0 [ 105.883835][ T5072] device syzkaller0 entered promiscuous mode [ 106.892183][ T5072] tipc: Resetting bearer [ 106.990776][ T5071] tipc: Resetting bearer [ 106.996843][ T4190] Bluetooth: hci4: command 0x0406 tx timeout [ 107.049938][ T5071] tipc: Disabling bearer [ 107.246242][ T2856] tipc: Node number set to 1270082665 [ 108.506601][ T5106] binder: 5104:5106 unknown command 1074553620 [ 108.522090][ T5106] binder: 5104:5106 ioctl c0306201 200000000140 returned -22 [ 108.601009][ T5108] netlink: 24 bytes leftover after parsing attributes in process `syz.1.296'. [ 108.816515][ T5116] device syzkaller0 entered promiscuous mode [ 109.177632][ T4230] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 109.247428][ T4230] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz0 [ 109.602513][ T5136] fido_id[5136]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 109.719242][ T5149] SET target dimension over the limit! [ 110.495989][ T5154] netlink: 4 bytes leftover after parsing attributes in process `syz.2.316'. [ 110.528072][ T5156] x_tables: ip_tables: dccp match: only valid for protocol 33 [ 110.637904][ T5154] netlink: 4 bytes leftover after parsing attributes in process `syz.2.316'. [ 110.878804][ T5154] netlink: 4 bytes leftover after parsing attributes in process `syz.2.316'. [ 111.029229][ T5182] tipc: Started in network mode [ 111.044271][ T5182] tipc: Node identity b69746a1fffa, cluster identity 4711 [ 111.051738][ T5182] tipc: Enabled bearer , priority 0 [ 111.117623][ T5185] syzkaller0: MTU too low for tipc bearer [ 111.132257][ T5185] tipc: Disabling bearer [ 111.636350][ T5195] No such timeout policy "syz1" [ 111.744263][ T5198] loop1: detected capacity change from 0 to 512 [ 111.853074][ T5198] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 111.881740][ T5198] ext4 filesystem being mounted at /58/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 112.678335][ T5233] sock: sock_set_timeout: `syz.1.339' (pid 5233) tries to set negative timeout [ 112.951402][ T5216] crypto_alloc_aead failed rc=-4 [ 113.930199][ T5243] loop4: detected capacity change from 0 to 128 [ 113.995544][ T5243] FAT-fs (loop4): Unrecognized mount option "18446744073709551615" or missing value [ 114.726215][ T5255] device bridge1 entered promiscuous mode [ 115.199752][ T5281] loop3: detected capacity change from 0 to 128 [ 115.435074][ T5281] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a802c018, mo2=0002] [ 115.471960][ T5281] System zones: 1-3, 19-19, 35-36 [ 115.506392][ T5281] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,,errors=continue. Quota mode: none. [ 115.547132][ T5281] ext4 filesystem being mounted at /66/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 115.653407][ T5281] EXT4-fs warning (device loop3): ext4_group_extend:1847: will only finish group (8193 blocks, 8129 new) [ 115.685491][ T5281] EXT4-fs warning (device loop3): ext4_group_extend:1852: can't read last block, resize aborted [ 115.955994][ T5291] sock: sock_set_timeout: `syz.4.356' (pid 5291) tries to set negative timeout [ 117.854713][ T5299] vivid-001: disconnect [ 117.884259][ T5298] vivid-001: reconnect [ 119.573730][ T5322] No such timeout policy "syz1" [ 120.893970][ T5344] device syzkaller0 entered promiscuous mode [ 121.123981][ T5350] sock: sock_set_timeout: `syz.0.376' (pid 5350) tries to set negative timeout [ 123.329407][ T5360] loop1: detected capacity change from 0 to 128 [ 124.323769][ T5379] binder: 5377:5379 unknown command 0 [ 124.329195][ T5379] binder: 5377:5379 ioctl c0306201 200000000080 returned -22 [ 124.340441][ T5380] netlink: 'syz.2.388': attribute type 46 has an invalid length. [ 126.026390][ T5403] No such timeout policy "syz1" [ 126.890078][ T5409] device syzkaller0 entered promiscuous mode [ 126.981614][ T5411] loop4: detected capacity change from 0 to 512 [ 127.048094][ T5411] EXT4-fs error (device loop4): ext4_iget_extra_inode:4573: inode #15: comm syz.4.399: corrupted in-inode xattr [ 127.153014][ T5411] EXT4-fs error (device loop4): ext4_orphan_get:1411: comm syz.4.399: couldn't read orphan inode 15 (err -117) [ 127.190967][ T5411] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 127.902255][ T5427] loop0: detected capacity change from 0 to 512 [ 128.111317][ T5427] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 128.143062][ T5427] ext4 filesystem being mounted at /91/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 128.329517][ T5435] netlink: 24 bytes leftover after parsing attributes in process `syz.1.407'. [ 129.657136][ T5450] loop1: detected capacity change from 0 to 256 [ 132.344791][ T5466] loop2: detected capacity change from 0 to 8192 [ 132.674996][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.681328][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.811115][ T5487] loop1: detected capacity change from 0 to 4096 [ 132.905305][ T5487] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 133.102614][ T5499] No such timeout policy "syz1" [ 133.437576][ T5507] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 133.594190][ T5512] loop1: detected capacity change from 0 to 512 [ 133.683034][ T5512] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 133.713009][ T5512] ext4 filesystem being mounted at /89/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 133.922143][ T5520] loop2: detected capacity change from 0 to 256 [ 134.706341][ T1334] Bluetooth: hci2: command 0x2021 tx timeout [ 134.824181][ T5520] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 135.108461][ T5528] loop2: detected capacity change from 0 to 512 [ 135.225570][ T5528] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.434: corrupted in-inode xattr [ 135.284697][ T5528] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.434: couldn't read orphan inode 15 (err -117) [ 135.313361][ T5528] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 135.792901][ T5534] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 465: padding at end of block bitmap is not set [ 136.095557][ T5546] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 136.327463][ T5550] loop2: detected capacity change from 0 to 1024 [ 136.499108][ T5550] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:476: comm syz.2.441: Invalid block bitmap block 0 in block_group 0 [ 136.612655][ T5550] Quota error (device loop2): write_blk: dquota write failed [ 136.688641][ T5550] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 136.708902][ T5550] EXT4-fs error (device loop2): ext4_acquire_dquot:6236: comm syz.2.441: Failed to acquire dquot type 0 [ 136.724721][ T5550] EXT4-fs error (device loop2): ext4_free_blocks:6231: comm syz.2.441: Freeing blocks not in datazone - block = 0, count = 4096 [ 136.793640][ T5550] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.441: Invalid inode bitmap blk 0 in block_group 0 [ 136.821131][ T154] Quota error (device loop2): remove_tree: Getting block too big (0 >= 8) [ 136.833805][ T5550] EXT4-fs error (device loop2) in ext4_free_inode:362: Corrupt filesystem [ 136.848775][ T154] EXT4-fs error (device loop2): ext4_release_dquot:6272: comm kworker/u4:2: Failed to release dquot type 0 [ 136.867968][ T5550] EXT4-fs (loop2): 1 orphan inode deleted [ 136.892467][ T5550] EXT4-fs (loop2): mounted filesystem without journal. Opts: ; ,errors=continue. Quota mode: writeback. [ 137.001010][ T5550] syz.2.441 (5550) used greatest stack depth: 20336 bytes left [ 137.167458][ T5572] netlink: 28 bytes leftover after parsing attributes in process `syz.2.448'. [ 137.654636][ T5584] netlink: 4 bytes leftover after parsing attributes in process `syz.1.451'. [ 137.796969][ T5584] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.805908][ T5584] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.814669][ T5584] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.823441][ T5584] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.964777][ T5586] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 137.993268][ T5584] netlink: 4 bytes leftover after parsing attributes in process `syz.1.451'. [ 140.438044][ T5607] device syzkaller0 entered promiscuous mode [ 140.707258][ T5609] loop0: detected capacity change from 0 to 512 [ 140.824542][ T5609] EXT4-fs error (device loop0): ext4_iget_extra_inode:4573: inode #15: comm syz.0.460: corrupted in-inode xattr [ 140.896947][ T5609] EXT4-fs error (device loop0): ext4_orphan_get:1411: comm syz.0.460: couldn't read orphan inode 15 (err -117) [ 140.973008][ T5609] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 142.089203][ T5626] nullb0: AHDI p1 [ 142.108320][ T5630] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 142.829390][ T5647] No such timeout policy "syz1" [ 144.462357][ T5652] loop2: detected capacity change from 0 to 512 [ 145.543214][ T5652] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.474: corrupted in-inode xattr [ 145.626748][ T5652] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.474: couldn't read orphan inode 15 (err -117) [ 145.706044][ T5652] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 146.654715][ T5665] loop0: detected capacity change from 0 to 8192 [ 146.763239][ T4180] loop0: p1 < > p3 < p5 > p4 [ 146.814597][ T4180] loop0: p4 size 3081 extends beyond EOD, truncated [ 146.869855][ T4180] loop0: p5 size 3081 extends beyond EOD, truncated [ 147.042003][ T5665] loop0: p1 < > p3 < p5 > p4 [ 147.123382][ T5665] loop0: p4 size 3081 extends beyond EOD, truncated [ 147.644400][ T5665] loop0: p5 size 3081 extends beyond EOD, truncated [ 149.051984][ T5695] device syzkaller0 entered promiscuous mode [ 149.114182][ T5701] [U] : [ 149.117251][ T5701] [U] [ 149.119963][ T5701] [U] [ 149.122658][ T5701] [U] [ 149.125348][ T5701] [U] [ 149.128035][ T5701] [U] [ 149.130729][ T5701] [U] [ 149.133416][ T5701] [U] [ 150.042625][ T5701] [U] [ 150.045377][ T5701] [U] [ 150.048082][ T5701] [U] [ 150.050781][ T5701] [U] [ 150.053483][ T5701] [U] [ 150.056174][ T5701] [U] [ 150.058866][ T5701] [U] [ 150.061570][ T5701] [U] [ 150.303795][ T5701] [U] [ 150.306541][ T5701] [U] [ 150.309245][ T5701] [U] [ 150.311939][ T5701] [U] [ 150.314634][ T5701] [U] [ 150.317347][ T5701] [U] [ 150.320054][ T5701] [U] [ 150.322742][ T5701] [U] [ 150.353045][ T5701] [U] [ 150.355790][ T5701] [U] [ 150.357405][ T4180] udevd[4180]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 150.358476][ T5701] [U] [ 150.370874][ T5701] [U] [ 150.373584][ T5701] [U] [ 150.376281][ T5701] [U] [ 150.378996][ T5701] [U] [ 150.381706][ T5701] [U] [ 150.388803][ T4181] udevd[4181]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 150.405387][ T4179] udevd[4179]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 150.418450][ T4177] udevd[4177]: inotify_add_watch(7, /dev/loop0p5, 10) failed: No such file or directory [ 150.487148][ T5701] [U] [ 150.489895][ T5701] [U] [ 150.492384][ T4180] udevd[4180]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 150.492594][ T5701] [U] [ 150.504957][ T5701] [U] [ 150.507649][ T5701] [U] [ 150.510343][ T5701] [U] [ 150.513033][ T5701] [U] [ 150.515733][ T5701] [U] [ 150.521311][ T4181] udevd[4181]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 150.534883][ T4179] udevd[4179]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 150.558042][ T4177] udevd[4177]: inotify_add_watch(7, /dev/loop0p5, 10) failed: No such file or directory [ 150.579750][ T5701] [U] [ 150.582481][ T5701] [U] [ 150.585180][ T5701] [U] [ 150.587877][ T5701] [U] [ 150.590569][ T5701] [U] [ 150.593267][ T5701] [U] [ 150.595974][ T5701] [U] [ 150.598666][ T5701] [U] [ 150.602476][ T5701] [U] [ 150.605289][ T5701] [U] [ 150.607986][ T5701] [U] [ 150.610679][ T5701] [U] [ 150.613382][ T5701] [U] [ 150.616077][ T5701] [U] [ 150.618773][ T5701] [U] [ 150.621466][ T5701] [U] [ 150.625030][ T5701] [U] [ 150.627741][ T5701] [U] [ 150.630431][ T5701] [U] [ 150.633121][ T5701] [U] [ 150.635813][ T5701] [U] [ 150.638502][ T5701] [U] [ 150.641191][ T5701] [U] [ 150.643881][ T5701] [U] [ 150.717833][ T5701] [U] [ 150.720581][ T5701] [U] [ 150.723277][ T5701] [U] [ 150.725968][ T5701] [U] [ 150.728656][ T5701] [U] [ 150.731359][ T5701] [U] [ 150.734061][ T5701] [U] [ 150.736754][ T5701] [U] [ 150.755877][ T5724] device syzkaller0 entered promiscuous mode [ 150.773062][ T5701] [U] [ 150.775795][ T5701] [U] [ 150.778495][ T5701] [U] [ 150.781191][ T5701] [U] [ 150.783888][ T5701] [U] [ 150.786581][ T5701] [U] [ 150.789273][ T5701] [U] [ 150.791965][ T5701] [U] [ 150.836870][ T5701] [U] [ 151.019525][ T5738] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 151.238862][ T5743] loop4: detected capacity change from 0 to 512 [ 151.604900][ T5743] EXT4-fs error (device loop4): ext4_iget_extra_inode:4573: inode #15: comm syz.4.504: corrupted in-inode xattr [ 151.835550][ T5743] EXT4-fs error (device loop4): ext4_orphan_get:1411: comm syz.4.504: couldn't read orphan inode 15 (err -117) [ 152.111116][ T5743] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 153.033308][ T5746] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 465: padding at end of block bitmap is not set [ 154.188158][ T5784] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 154.319125][ T5788] device syzkaller0 entered promiscuous mode [ 155.281809][ T5797] loop4: detected capacity change from 0 to 512 [ 155.420922][ T5797] EXT4-fs error (device loop4): ext4_iget_extra_inode:4573: inode #15: comm syz.4.518: corrupted in-inode xattr [ 155.469005][ T5797] EXT4-fs error (device loop4): ext4_orphan_get:1411: comm syz.4.518: couldn't read orphan inode 15 (err -117) [ 155.542657][ T5797] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 155.824410][ T5801] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 465: padding at end of block bitmap is not set [ 156.471076][ T5807] device syzkaller0 entered promiscuous mode [ 157.852581][ T5839] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 159.822877][ T5850] No such timeout policy "syz1" [ 160.046954][ T5852] device syzkaller0 entered promiscuous mode [ 160.874124][ T4203] Bluetooth: hci4: link tx timeout [ 160.879828][ T4203] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 161.005459][ T5873] Illegal XDP return value 4294967294, expect packet loss! [ 161.376603][ T5879] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 161.533722][ T5882] device syzkaller0 entered promiscuous mode [ 161.618595][ T5885] misc userio: Can't change port type on an already running userio instance [ 161.787618][ T9] Bluetooth: hci5: Frame reassembly failed (-84) [ 161.830189][ T5891] loop3: detected capacity change from 0 to 512 [ 161.920593][ T5891] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 161.962463][ T5891] EXT4-fs (loop3): 1 truncate cleaned up [ 161.984288][ T5891] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 162.027957][ T5901] loop4: detected capacity change from 0 to 512 [ 162.206666][ T5901] EXT4-fs error (device loop4): ext4_iget_extra_inode:4573: inode #15: comm syz.4.552: corrupted in-inode xattr [ 162.272687][ T5908] No such timeout policy "syz1" [ 162.353517][ T5901] EXT4-fs error (device loop4): ext4_orphan_get:1411: comm syz.4.552: couldn't read orphan inode 15 (err -117) [ 162.399837][ T5901] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 163.732209][ T5913] device syzkaller0 entered promiscuous mode [ 163.760233][ T5915] loop3: detected capacity change from 0 to 1024 [ 163.793824][ T4231] Bluetooth: hci5: command 0x1003 tx timeout [ 163.799971][ T4200] Bluetooth: hci5: sending frame failed (-49) [ 163.814264][ T5915] EXT4-fs (loop3): Ignoring removed orlov option [ 163.897322][ T5915] EXT4-fs (loop3): mounted filesystem without journal. Opts: resgid=0x000000000000ee00,bsddf,grpquota,nobarrier,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 163.921275][ C1] vkms_vblank_simulate: vblank timer overrun [ 164.849717][ T5934] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 164.869802][ T5936] loop3: detected capacity change from 0 to 512 [ 164.973549][ T5936] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 165.272827][ T5936] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 165.634274][ T5936] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 165.730534][ T5936] System zones: 0-2, 18-18, 34-35 [ 165.875610][ T4190] Bluetooth: hci5: command 0x1001 tx timeout [ 165.879335][ T5936] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsdgroups,,errors=continue. Quota mode: none. [ 165.881709][ T4200] Bluetooth: hci5: sending frame failed (-49) [ 166.079030][ T5951] loop3: detected capacity change from 0 to 512 [ 166.170791][ T5951] EXT4-fs error (device loop3): ext4_iget_extra_inode:4573: inode #15: comm syz.3.567: corrupted in-inode xattr [ 166.321336][ T5951] EXT4-fs error (device loop3): ext4_orphan_get:1411: comm syz.3.567: couldn't read orphan inode 15 (err -117) [ 166.334220][ T5951] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 167.299416][ T5960] netlink: 4 bytes leftover after parsing attributes in process `syz.1.571'. [ 167.339856][ T5960] netlink: 24 bytes leftover after parsing attributes in process `syz.1.571'. [ 167.423981][ T5976] loop4: detected capacity change from 0 to 512 [ 167.502396][ T5977] device syzkaller0 entered promiscuous mode [ 167.567688][ T5976] EXT4-fs error (device loop4): ext4_iget_extra_inode:4573: inode #15: comm syz.4.574: corrupted in-inode xattr [ 167.648634][ T5976] EXT4-fs error (device loop4): ext4_orphan_get:1411: comm syz.4.574: couldn't read orphan inode 15 (err -117) [ 167.692493][ T5976] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 168.062647][ T1334] Bluetooth: hci5: command 0x1009 tx timeout [ 168.803998][ T5996] input: syz1 as /devices/virtual/input/input8 [ 168.945916][ T6002] loop0: detected capacity change from 0 to 512 [ 169.294988][ T6002] EXT4-fs error (device loop0): ext4_iget_extra_inode:4573: inode #15: comm syz.0.583: corrupted in-inode xattr [ 169.317847][ T6002] EXT4-fs error (device loop0): ext4_orphan_get:1411: comm syz.0.583: couldn't read orphan inode 15 (err -117) [ 169.345912][ T6002] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 170.479332][ T6021] device syzkaller0 entered promiscuous mode [ 170.726822][ T6027] loop0: detected capacity change from 0 to 512 [ 170.772495][ T6031] loop3: detected capacity change from 0 to 512 [ 170.788949][ T6027] EXT4-fs error (device loop0): ext4_iget_extra_inode:4573: inode #15: comm syz.0.590: corrupted in-inode xattr [ 170.848769][ T6031] EXT4-fs (loop3): Unrecognized mount option "smackfsdef=vfat" or missing value [ 170.912144][ T6027] EXT4-fs error (device loop0): ext4_orphan_get:1411: comm syz.0.590: couldn't read orphan inode 15 (err -117) [ 170.989299][ T6027] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 171.812062][ T6051] loop0: detected capacity change from 0 to 128 [ 171.933741][ T6051] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 171.965694][ T6051] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 172.582490][ T5083] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 172.646523][ T6057] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 172.759935][ T6059] device syzkaller0 entered promiscuous mode [ 172.767412][ T6063] netlink: 24 bytes leftover after parsing attributes in process `syz.0.601'. [ 172.860131][ T6065] process 'syz.1.604' launched './file0' with NULL argv: empty string added [ 173.000399][ T6074] loop4: detected capacity change from 0 to 512 [ 173.237303][ T6074] EXT4-fs error (device loop4): ext4_iget_extra_inode:4573: inode #15: comm syz.4.608: corrupted in-inode xattr [ 173.481413][ T6074] EXT4-fs error (device loop4): ext4_orphan_get:1411: comm syz.4.608: couldn't read orphan inode 15 (err -117) [ 173.779711][ T6074] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 173.976866][ T6086] tipc: Enabled bearer , priority 0 [ 174.000301][ T6086] device syzkaller0 entered promiscuous mode [ 174.041458][ T6086] tipc: Resetting bearer [ 174.072041][ T6092] loop3: detected capacity change from 0 to 128 [ 174.099456][ T6084] tipc: Resetting bearer [ 174.120143][ T6092] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 174.142679][ T6092] ext4 filesystem being mounted at /103/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 174.163799][ T6084] tipc: Disabling bearer [ 174.259090][ T6092] EXT4-fs (loop3): shut down requested (0) [ 175.111249][ T6101] device syzkaller0 entered promiscuous mode [ 175.636949][ T6118] device syzkaller0 entered promiscuous mode [ 175.895898][ T6124] loop4: detected capacity change from 0 to 512 [ 175.979116][ T6124] EXT4-fs error (device loop4): ext4_iget_extra_inode:4573: inode #15: comm syz.4.624: corrupted in-inode xattr [ 176.042476][ T6124] EXT4-fs error (device loop4): ext4_orphan_get:1411: comm syz.4.624: couldn't read orphan inode 15 (err -117) [ 176.090916][ T6124] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 176.195591][ T1334] Bluetooth: hci1: command 0x0406 tx timeout [ 176.201695][ T1334] Bluetooth: hci2: command 0x0406 tx timeout [ 176.207810][ T1334] Bluetooth: hci3: command 0x0406 tx timeout [ 176.906508][ T6139] dlm: non-version read from control device 8224 [ 176.931155][ T6138] loop3: detected capacity change from 0 to 128 [ 176.968463][ T6143] loop1: detected capacity change from 0 to 512 [ 177.031419][ T6138] EXT4-fs (loop3): Test dummy encryption mode enabled [ 177.048619][ T6143] EXT4-fs error (device loop1): ext4_iget_extra_inode:4573: inode #15: comm syz.1.631: corrupted in-inode xattr [ 177.083113][ T6145] device syzkaller0 entered promiscuous mode [ 177.106731][ T6143] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.631: couldn't read orphan inode 15 (err -117) [ 177.139363][ T6138] EXT4-fs (loop3): mounted filesystem without journal. Opts: test_dummy_encryption=v1,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: none. [ 177.201857][ T6138] ext4 filesystem being mounted at /105/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 177.239825][ T6143] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 177.523498][ T6165] loop2: detected capacity change from 0 to 512 [ 177.560036][ T6165] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.636: corrupted in-inode xattr [ 177.966466][ T6138] fscrypt (loop3): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 178.113610][ T6165] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.636: couldn't read orphan inode 15 (err -117) [ 178.134044][ T6165] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 178.760109][ T6195] syz.1.644 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 179.671451][ T6205] No such timeout policy "syz1" [ 181.143809][ T6213] netlink: 'syz.2.651': attribute type 5 has an invalid length. [ 181.287048][ T6221] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 181.294978][ T6221] IPv6: NLM_F_CREATE should be set when creating new route [ 181.304189][ T6223] loop2: detected capacity change from 0 to 512 [ 181.464519][ T6223] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.656: corrupted in-inode xattr [ 181.493373][ T6223] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.656: couldn't read orphan inode 15 (err -117) [ 181.537561][ T6223] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 181.881238][ T6226] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.889809][ T6226] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.541899][ T6226] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 182.731489][ T6226] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 183.036979][ T6226] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.047106][ T6226] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.056950][ T6226] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.066069][ T6226] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.175998][ T6247] netlink: 14560 bytes leftover after parsing attributes in process `syz.4.662'. [ 183.197951][ T6226] syz.3.655 (6226) used greatest stack depth: 19760 bytes left [ 183.428570][ T6260] sctp: [Deprecated]: syz.4.667 (pid 6260) Use of struct sctp_assoc_value in delayed_ack socket option. [ 183.428570][ T6260] Use struct sctp_sack_info instead [ 184.255751][ T6270] loop3: detected capacity change from 0 to 2048 [ 184.295145][ T3560] loop3: p1 < > p4 < > [ 184.299357][ T3560] loop3: partition table partially beyond EOD, truncated [ 184.336813][ T3560] loop3: p4 start 42180 is beyond EOD, truncated [ 184.515778][ T6270] loop3: p1 < > p4 < > [ 184.520058][ T6270] loop3: partition table partially beyond EOD, truncated [ 184.553854][ T6270] loop3: p4 start 42180 is beyond EOD, truncated [ 185.329895][ T3560] loop3: p1 < > p4 < > [ 185.340167][ T3560] loop3: partition table partially beyond EOD, truncated [ 185.370614][ T3560] loop3: p4 start 42180 is beyond EOD, truncated [ 185.613365][ T6295] binder: 6292:6295 unknown command 1074553619 [ 185.717308][ T6295] binder: 6292:6295 ioctl c0306201 200000000540 returned -22 [ 185.999040][ T6298] binder: 6292:6298 unknown command 1074553620 [ 186.150953][ T6298] binder: 6292:6298 ioctl c0306201 200000000640 returned -22 [ 186.483003][ T6311] netlink: 8 bytes leftover after parsing attributes in process `syz.3.685'. [ 186.505976][ T4180] udevd[4180]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 187.482343][ T4180] udevd[4180]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 187.587800][ T4180] udevd[4180]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 189.950879][ T6346] loop0: detected capacity change from 0 to 4096 [ 190.025092][ T1108] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 190.038516][ T6346] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 190.056219][ T6351] device syzkaller0 entered promiscuous mode [ 190.065475][ T6346] EXT4-fs (loop0): Online defrag not supported with bigalloc [ 190.066003][ T1108] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 191.720750][ T6398] loop3: detected capacity change from 0 to 128 [ 191.820229][ T6401] device syzkaller0 entered promiscuous mode [ 191.884253][ T6398] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 191.911129][ T6398] ext4 filesystem being mounted at /126/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 192.072645][ T6416] netlink: 12 bytes leftover after parsing attributes in process `syz.4.721'. [ 192.082654][ T6416] netlink: 20 bytes leftover after parsing attributes in process `syz.4.721'. [ 192.382464][ T6426] loop0: detected capacity change from 0 to 8 [ 192.442352][ T6422] MPI: mpi too large (30216 bits) [ 193.524320][ T6432] loop1: detected capacity change from 0 to 2048 [ 194.482748][ T6432] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=8802c128, mo2=0003] [ 194.505540][ T6432] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug,lazytime,noblock_validity,delalloc,norecovery,min_batch_time=0x000000000000c619,errors=remount-ro,. Quota mode: none. [ 194.698467][ T6432] EXT4-fs error (device loop1): ext4_ext_precache:626: inode #2: comm syz.1.726: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 194.755409][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.761788][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.783594][ T6432] EXT4-fs (loop1): Remounting filesystem read-only [ 196.037035][ T6474] ubi0: attaching mtd0 [ 196.115502][ T6474] ubi0: scanning is finished [ 196.143235][ T6474] ubi0: empty MTD device detected [ 196.331755][ T6474] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 196.415207][ T6474] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 196.460724][ T6474] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 196.498046][ T6474] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 196.506908][ T6474] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 196.513816][ T6474] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 196.521806][ T6474] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2513165725 [ 196.532078][ T6474] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 196.570985][ T6489] ubi0: background thread "ubi_bgt0d" started, PID 6489 [ 196.581160][ T6481] ubi0: detaching mtd0 [ 197.262956][ T6502] netlink: 'syz.4.742': attribute type 1 has an invalid length. [ 197.321176][ T6481] ubi0: mtd0 is detached [ 197.486786][ T6506] loop2: detected capacity change from 0 to 2048 [ 197.645641][ T4181] loop2: p1 p4 [ 197.645641][ T4181] p1: [ 197.718756][ T4181] loop2: p4 size 722688 extends beyond EOD, truncated [ 197.740357][ T6506] loop2: p1 p4 [ 197.740357][ T6506] p1: [ 198.434120][ T6506] loop2: p4 size 722688 extends beyond EOD, truncated [ 199.609203][ T6526] loop0: detected capacity change from 0 to 512 [ 199.764373][ T4177] udevd[4177]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 199.777391][ T4181] udevd[4181]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 199.790183][ T5715] udevd[5715]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory [ 199.835049][ T6526] EXT4-fs error (device loop0): ext4_iget_extra_inode:4573: inode #15: comm syz.0.752: corrupted in-inode xattr [ 199.859540][ T6529] device syzkaller0 entered promiscuous mode [ 199.983069][ T6526] EXT4-fs error (device loop0): ext4_orphan_get:1411: comm syz.0.752: couldn't read orphan inode 15 (err -117) [ 200.034989][ T6526] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 200.116798][ T4181] udevd[4181]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 200.116869][ T4179] udevd[4179]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory [ 200.465238][ T4180] udevd[4180]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 202.433069][ T6553] loop0: detected capacity change from 0 to 512 [ 202.483508][ T6553] EXT4-fs error (device loop0): ext4_iget_extra_inode:4573: inode #15: comm syz.0.756: corrupted in-inode xattr [ 202.563139][ T6553] EXT4-fs error (device loop0): ext4_orphan_get:1411: comm syz.0.756: couldn't read orphan inode 15 (err -117) [ 202.673129][ T6553] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 202.984009][ T6566] binder: BINDER_SET_CONTEXT_MGR already set [ 202.991403][ T6566] binder: 6564:6566 ioctl 4018620d 200000004a80 returned -16 [ 204.870680][ T6581] device syzkaller0 entered promiscuous mode [ 205.045241][ T6536] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 465: padding at end of block bitmap is not set [ 205.617164][ T6605] loop3: detected capacity change from 0 to 512 [ 205.644958][ T6606] netlink: 'syz.2.779': attribute type 10 has an invalid length. [ 205.738097][ T6605] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpjquota=,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 205.829679][ T6605] ext4 filesystem being mounted at /140/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 205.872647][ T6606] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 206.283476][ T6617] loop1: detected capacity change from 0 to 8 [ 206.999650][ T6621] device syzkaller0 entered promiscuous mode [ 207.635203][ T6641] loop0: detected capacity change from 0 to 512 [ 208.055188][ T6641] EXT4-fs error (device loop0): ext4_iget_extra_inode:4573: inode #15: comm syz.0.790: corrupted in-inode xattr [ 208.150931][ T6665] loop4: detected capacity change from 0 to 128 [ 208.235855][ T6662] netlink: 56 bytes leftover after parsing attributes in process `syz.1.794'. [ 208.248762][ T6641] EXT4-fs error (device loop0): ext4_orphan_get:1411: comm syz.0.790: couldn't read orphan inode 15 (err -117) [ 208.309860][ T6665] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 208.334132][ T6665] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 208.441686][ T6662] netlink: 8 bytes leftover after parsing attributes in process `syz.1.794'. [ 208.495736][ T6641] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 208.884942][ T155] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 209.094289][ T6672] device syzkaller0 entered promiscuous mode [ 210.506148][ T6716] loop0: detected capacity change from 0 to 128 [ 210.659666][ T6716] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 210.678731][ T6716] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 211.217579][ T155] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 211.330439][ T6721] netlink: 36 bytes leftover after parsing attributes in process `syz.1.813'. [ 211.432240][ T6724] device syzkaller0 entered promiscuous mode [ 211.489804][ T6727] netlink: 52 bytes leftover after parsing attributes in process `syz.1.814'. [ 211.569019][ T6727] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.576787][ T6727] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.679852][ T6729] netlink: 76 bytes leftover after parsing attributes in process `syz.1.814'. [ 211.732977][ T6729] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.740120][ T6729] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.747573][ T6729] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.754688][ T6729] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.789378][ T6729] netlink: 52 bytes leftover after parsing attributes in process `syz.1.814'. [ 211.869429][ T6729] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.876733][ T6729] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.125855][ T6740] loop2: detected capacity change from 0 to 512 [ 212.283047][ T6740] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.817: corrupted in-inode xattr [ 212.357466][ T6740] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.817: couldn't read orphan inode 15 (err -117) [ 212.433203][ T6740] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 212.452509][ T6760] loop1: detected capacity change from 0 to 8 [ 212.529685][ T6762] loop4: detected capacity change from 0 to 128 [ 213.183870][ T6762] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 213.199111][ T6762] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 213.372653][ T6768] loop1: detected capacity change from 0 to 512 [ 213.375606][ T5083] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 213.472812][ T6749] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 465: padding at end of block bitmap is not set [ 213.538143][ T6768] EXT4-fs (loop1): Mount option "dax=never" incompatible with ext2 [ 213.654294][ T6774] loop4: detected capacity change from 0 to 8 [ 213.738664][ T6776] loop3: detected capacity change from 0 to 512 [ 213.832798][ T6776] EXT4-fs (loop3): Ignoring removed oldalloc option [ 213.853302][ T6776] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 213.927365][ T6778] loop1: detected capacity change from 0 to 4096 [ 214.002528][ T6774] device syzkaller0 entered promiscuous mode [ 214.037441][ T6776] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1062: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 214.140794][ T6776] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.830: bg 0: block 248: padding at end of block bitmap is not set [ 214.175509][ T6776] Quota error (device loop3): write_blk: dquota write failed [ 214.193031][ T6776] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 214.252922][ T6776] EXT4-fs error (device loop3): ext4_acquire_dquot:6236: comm syz.3.830: Failed to acquire dquot type 1 [ 214.286344][ T6778] EXT4-fs (loop1): Test dummy encryption mode enabled [ 214.355999][ T6778] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 214.387276][ T6776] EXT4-fs (loop3): 1 truncate cleaned up [ 214.420945][ T6789] loop2: detected capacity change from 0 to 512 [ 214.435281][ T6778] System zones: 0-5 [ 214.446709][ T6776] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,oldalloc,,errors=continue. Quota mode: writeback. [ 214.449419][ T6778] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug,delalloc,resuid=0x0000000000000000,test_dummy_encryption,nodiscard,data_err=ignore,acl,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 214.531025][ T6778] EXT4-fs warning (device loop1): ext4_empty_dir:3156: inode #12: comm syz.1.831: directory missing '..' [ 214.590228][ T6789] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 214.642118][ T6776] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback. [ 214.696667][ T6789] ext4 filesystem being mounted at /135/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 214.742082][ T6776] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 214.839068][ T6776] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback. [ 215.728499][ T6813] loop1: detected capacity change from 0 to 128 [ 217.034559][ T6813] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 217.050803][ T6813] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 217.215339][ T4246] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 217.538490][ T6835] loop2: detected capacity change from 0 to 512 [ 217.620496][ T6835] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.840: corrupted in-inode xattr [ 217.658646][ T6838] loop0: detected capacity change from 0 to 512 [ 217.685744][ T6844] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 217.781529][ T6838] EXT4-fs error (device loop0): ext4_iget_extra_inode:4573: inode #15: comm syz.0.842: corrupted in-inode xattr [ 217.854808][ T6835] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.840: couldn't read orphan inode 15 (err -117) [ 217.867190][ T6838] EXT4-fs error (device loop0): ext4_orphan_get:1411: comm syz.0.842: couldn't read orphan inode 15 (err -117) [ 217.886763][ T6835] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 217.922302][ T6838] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 218.599170][ T6865] netlink: 'syz.3.851': attribute type 1 has an invalid length. [ 218.981162][ T6880] device syzkaller0 entered promiscuous mode [ 219.182773][ T6782] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 465: padding at end of block bitmap is not set [ 221.196420][ T6931] loop1: detected capacity change from 0 to 512 [ 221.308456][ T6931] EXT4-fs error (device loop1): ext4_iget_extra_inode:4573: inode #15: comm syz.1.866: corrupted in-inode xattr [ 221.332411][ T6931] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.866: couldn't read orphan inode 15 (err -117) [ 221.395734][ T6931] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 222.846957][ T6945] No such timeout policy "syz1" [ 225.034400][ T6935] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 465: padding at end of block bitmap is not set [ 225.749349][ T6959] loop2: detected capacity change from 0 to 128 [ 226.380524][ T6961] netlink: 12 bytes leftover after parsing attributes in process `syz.4.875'. [ 226.466681][ T6963] x_tables: ip6_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT/POSTROUTING [ 227.928445][ T6959] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 227.945929][ T6959] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 228.442202][ T4302] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 228.800081][ T7002] loop4: detected capacity change from 0 to 512 [ 229.103798][ T7002] EXT4-fs error (device loop4): ext4_iget_extra_inode:4573: inode #15: comm syz.4.887: corrupted in-inode xattr [ 229.235058][ T7009] loop3: detected capacity change from 0 to 2048 [ 229.309251][ T7002] EXT4-fs error (device loop4): ext4_orphan_get:1411: comm syz.4.887: couldn't read orphan inode 15 (err -117) [ 229.535574][ T7002] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 229.881811][ T7009] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 230.034592][ T7024] device syzkaller0 entered promiscuous mode [ 230.950335][ T7034] loop0: detected capacity change from 0 to 128 [ 231.088860][ T7034] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 231.115262][ T7034] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 231.340134][ T7007] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 465: padding at end of block bitmap is not set [ 231.631450][ T4325] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 233.364742][ T7059] netlink: 'syz.0.898': attribute type 10 has an invalid length. [ 233.449383][ T7059] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.459278][ T7059] bond0: (slave team0): Enslaving as an active interface with an up link [ 233.684321][ T7071] device syzkaller0 entered promiscuous mode [ 234.834897][ T7099] loop2: detected capacity change from 0 to 512 [ 234.879635][ T7098] device syzkaller0 entered promiscuous mode [ 235.935071][ T7111] loop3: detected capacity change from 0 to 128 [ 235.949616][ T7099] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.913: corrupted in-inode xattr [ 235.968986][ T7099] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.913: couldn't read orphan inode 15 (err -117) [ 235.982106][ T7099] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 236.230956][ T7111] EXT4-fs (loop3): Unrecognized mount option "fsmagic=0x0000000000000003" or missing value [ 236.569417][ T7129] loop3: detected capacity change from 0 to 512 [ 236.752144][ T7129] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,bsddf,stripe=0x0000000000000005,i_version,. Quota mode: writeback. [ 236.923289][ T7129] ext4 filesystem being mounted at /172/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 237.244676][ T7137] loop2: detected capacity change from 0 to 256 [ 237.672210][ T7149] netlink: 40 bytes leftover after parsing attributes in process `syz.3.932'. [ 237.783019][ T7149] netlink: 40 bytes leftover after parsing attributes in process `syz.3.932'. [ 237.819487][ T7152] netlink: 40 bytes leftover after parsing attributes in process `syz.3.932'. [ 237.982808][ T7160] [U] [ 238.132520][ T7165] device syzkaller0 entered promiscuous mode [ 238.438948][ T7171] device syzkaller0 entered promiscuous mode [ 238.764481][ T7181] netlink: 64 bytes leftover after parsing attributes in process `syz.3.939'. [ 239.657727][ T7192] loop7: detected capacity change from 0 to 7 [ 239.666510][ T7193] loop3: detected capacity change from 0 to 128 [ 239.702993][ T7192] Dev loop7: unable to read RDB block 7 [ 239.729364][ T7193] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 239.742136][ T7192] loop7: unable to read partition table [ 239.750259][ T7193] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 239.765139][ T7192] loop7: partition table beyond EOD, truncated [ 239.788215][ T7192] loop_reread_partitions: partition scan of loop7 (被x ) failed (rc=-5) [ 239.846962][ T7197] No such timeout policy "syz1" [ 239.961108][ T7201] loop2: detected capacity change from 0 to 256 [ 240.956450][ T4246] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 241.123558][ T7216] device syzkaller0 entered promiscuous mode [ 241.156780][ T7223] device syzkaller0 entered promiscuous mode [ 242.806823][ T7246] loop1: detected capacity change from 0 to 8 [ 243.706687][ T7248] loop3: detected capacity change from 0 to 128 [ 244.039307][ T7251] netlink: 12 bytes leftover after parsing attributes in process `syz.0.961'. [ 244.054637][ T7248] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 244.070665][ T7248] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 248.137195][ T7278] device syzkaller0 entered promiscuous mode [ 252.550703][ T7350] ip6_vti0 speed is unknown, defaulting to 1000 [ 252.606034][ T7350] ip6_vti0 speed is unknown, defaulting to 1000 [ 252.632940][ T7375] loop3: detected capacity change from 0 to 512 [ 252.643999][ T7350] ip6_vti0 speed is unknown, defaulting to 1000 [ 253.213668][ T7375] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 253.261890][ T7383] loop2: detected capacity change from 0 to 8 [ 253.610758][ T7350] infiniband syz2: set down [ 253.645489][ T4234] ip6_vti0 speed is unknown, defaulting to 1000 [ 253.679808][ T7350] infiniband syz2: added ip6_vti0 [ 253.738708][ T7350] infiniband syz2: Couldn't open port 1 [ 253.944503][ T7350] RDS/IB: syz2: added [ 253.979625][ T7350] smc: adding ib device syz2 with port count 1 [ 254.006445][ T7350] smc: ib device syz2 port 1 has pnetid [ 254.035677][ T4229] ip6_vti0 speed is unknown, defaulting to 1000 [ 254.063222][ T7350] ip6_vti0 speed is unknown, defaulting to 1000 [ 254.366279][ T7399] loop4: detected capacity change from 0 to 128 [ 254.454745][ T7399] FAT-fs (loop4): bogus number of reserved sectors [ 254.461688][ T7399] FAT-fs (loop4): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 254.556591][ T7407] device syzkaller0 entered promiscuous mode [ 254.563112][ T7399] FAT-fs (loop4): Can't find a valid FAT filesystem [ 254.696856][ T7350] ip6_vti0 speed is unknown, defaulting to 1000 [ 254.708835][ T4197] Bluetooth: Fragment is too long (len 14, expected 2) [ 254.870524][ T7419] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1018'. [ 254.912305][ T7415] loop1: detected capacity change from 0 to 2048 [ 255.038607][ T7415] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,noinit_itable,i_version,init_itable,,errors=continue. Quota mode: none. [ 255.131132][ T7415] ext4 filesystem being mounted at /228/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 255.271969][ T7350] ip6_vti0 speed is unknown, defaulting to 1000 [ 255.364346][ T7415] fs-verity: sha512 using implementation "sha512-avx2" [ 255.477423][ T7433] loop4: detected capacity change from 0 to 8 [ 255.665170][ T7434] loop3: detected capacity change from 0 to 128 [ 257.024250][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 257.030714][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.827565][ T26] audit: type=1804 audit(1778105371.740:2): pid=7434 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1022" name="/newroot/194/bus/bus" dev="loop3" ino=1048666 res=1 errno=0 [ 258.314986][ T7446] device syzkaller0 entered promiscuous mode [ 258.438255][ T7350] ip6_vti0 speed is unknown, defaulting to 1000 [ 259.456356][ T7350] ip6_vti0 speed is unknown, defaulting to 1000 [ 259.947993][ T7481] loop2: detected capacity change from 0 to 8 [ 261.008951][ T7350] ip6_vti0 speed is unknown, defaulting to 1000 [ 261.791223][ T7498] loop4: detected capacity change from 0 to 512 [ 261.944556][ T7502] No such timeout policy "syz1" [ 262.167139][ T7507] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1046'. [ 262.176326][ T7507] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1046'. [ 262.211935][ T7498] EXT4-fs error (device loop4): ext4_iget_extra_inode:4573: inode #15: comm syz.4.1045: corrupted in-inode xattr [ 262.403644][ T7350] ip6_vti0 speed is unknown, defaulting to 1000 [ 262.634124][ T7498] EXT4-fs error (device loop4): ext4_orphan_get:1411: comm syz.4.1045: couldn't read orphan inode 15 (err -117) [ 262.673881][ T7498] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 263.537598][ T7514] device syzkaller0 entered promiscuous mode [ 263.552763][ T7505] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 465: padding at end of block bitmap is not set [ 263.660591][ T7524] loop3: detected capacity change from 0 to 512 [ 263.863275][ T7524] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 263.900612][ T7524] EXT4-fs (loop3): orphan cleanup on readonly fs [ 263.956834][ T7524] EXT4-fs warning (device loop3): ext4_enable_quotas:6488: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 264.036226][ T7524] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 264.058284][ T7524] EXT4-fs error (device loop3): ext4_ext_check_inode:501: inode #13: comm syz.3.1052: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 264.142844][ T7524] EXT4-fs error (device loop3): ext4_orphan_get:1411: comm syz.3.1052: couldn't read orphan inode 13 (err -117) [ 264.200485][ T7524] EXT4-fs (loop3): mounted filesystem without journal. Opts: sysvgroups,noblock_validity,min_batch_time=0x000000000000082f,grpquota,debug,journal_dev=0x0000000000000001,grpid,inode_readahead_blks=0x0000000000002000,,errors=continue. Quota mode: writeback. [ 264.368953][ T7531] ip6_vti0 speed is unknown, defaulting to 1000 [ 265.078614][ T7543] loop0: detected capacity change from 0 to 8 [ 268.280442][ T7545] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1056'. [ 268.690599][ T7554] tipc: Started in network mode [ 268.707862][ T7554] tipc: Node identity fffffffe, cluster identity 4 [ 268.722317][ T7554] tipc: Node number set to 4294967294 [ 268.760112][ T7556] device syzkaller0 entered promiscuous mode [ 268.828296][ T7561] loop4: detected capacity change from 0 to 1024 [ 269.088251][ T7561] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 269.197851][ T7561] EXT4-fs (loop4): orphan cleanup on readonly fs [ 269.511556][ T7561] Quota error (device loop4): v2_read_file_info: Can't read info structure [ 269.573721][ T7561] EXT4-fs warning (device loop4): ext4_enable_quotas:6488: Failed to enable quota tracking (type=0, err=-5, ino=3). Please run e2fsck to fix. [ 269.592198][ T7561] EXT4-fs (loop4): Cannot turn on quotas: error -5 [ 269.628833][ T7571] loop0: detected capacity change from 0 to 512 [ 269.650895][ T7561] EXT4-fs (loop4): 1 truncate cleaned up [ 269.667032][ T7561] EXT4-fs (loop4): mounted filesystem without journal. Opts: nojournal_checksum,resgid=0x000000000000ee00,nolazytime,,errors=continue. Quota mode: writeback. [ 269.804917][ T7571] EXT4-fs error (device loop0): ext4_iget_extra_inode:4573: inode #15: comm syz.0.1066: corrupted in-inode xattr [ 269.872598][ T7571] EXT4-fs error (device loop0): ext4_orphan_get:1411: comm syz.0.1066: couldn't read orphan inode 15 (err -117) [ 269.887453][ T7571] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 270.547363][ T7575] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 465: padding at end of block bitmap is not set [ 271.138748][ T7595] ip6_vti0 speed is unknown, defaulting to 1000 [ 271.855863][ T7606] loop2: detected capacity change from 0 to 128 [ 271.943988][ T7606] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 271.968951][ T7606] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 272.222984][ T4272] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 272.393370][ T7610] device syzkaller0 entered promiscuous mode [ 272.608442][ T7618] tipc: Enabling of bearer rejected, failed to enable media [ 272.847577][ T7628] loop2: detected capacity change from 0 to 1024 [ 272.978032][ T7628] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 273.199431][ T7628] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,norecovery,resgid=0x0000000000000000,nojournal_checksum,debug_want_extra_isize=0x0000000000000080,nodelalloc,errors=remount-ro,grpid,auto_da_alloc=0x0000000000000343,grpid,barrier=0x0000000000000007,nombcache,. Quota mode: none. [ 278.040943][ T7666] device syzkaller0 entered promiscuous mode [ 278.419748][ T7678] tipc: Enabling of bearer rejected, failed to enable media [ 279.245281][ T7686] device syzkaller0 entered promiscuous mode [ 279.296294][ T7690] tipc: Enabled bearer , priority 10 [ 279.309110][ T7689] loop2: detected capacity change from 0 to 2044 [ 279.353834][ T7690] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1096'. [ 279.431749][ T7690] tipc: Enabling of bearer rejected, failed to enable media [ 279.449879][ T7689] Alternate GPT is invalid, using primary GPT. [ 279.457626][ T7698] sch_tbf: peakrate 7 is lower than or equals to rate 19 ! [ 279.472845][ T7689] loop2: p1 p2 p3 [ 280.512031][ T7718] device syzkaller0 entered promiscuous mode [ 280.657039][ T7721] tipc: Enabled bearer , priority 0 [ 280.711304][ T7721] tipc: Resetting bearer [ 280.735414][ T7725] loop2: detected capacity change from 0 to 4096 [ 280.750685][ T4180] udevd[4180]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 280.767965][ T4181] udevd[4181]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 280.783980][ T4179] udevd[4179]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 280.852885][ T7731] loop1: detected capacity change from 0 to 8 [ 281.067805][ T7731] SQUASHFS error: lzo decompression failed, data probably corrupt [ 281.076427][ T7731] SQUASHFS error: Failed to read block 0x91: -5 [ 281.111777][ T7725] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 281.203105][ T7731] SQUASHFS error: Unable to read metadata cache entry [8f] [ 281.210760][ T7731] SQUASHFS error: Unable to read inode 0x107 [ 281.754627][ T7740] loop3: detected capacity change from 0 to 256 [ 281.935194][ T7740] FAT-fs (loop3): Directory bread(block 64) failed [ 281.965145][ T7725] EXT4-fs error (device loop2): ext4_do_update_inode:5229: inode #15: comm syz.2.1111: corrupted inode contents [ 282.012844][ T7740] FAT-fs (loop3): Directory bread(block 65) failed [ 282.037069][ T7725] EXT4-fs error (device loop2): ext4_dirty_inode:6077: inode #15: comm syz.2.1111: mark_inode_dirty error [ 282.054672][ T7740] FAT-fs (loop3): Directory bread(block 66) failed [ 282.077062][ T7740] FAT-fs (loop3): Directory bread(block 67) failed [ 282.106947][ T7740] FAT-fs (loop3): Directory bread(block 68) failed [ 282.117536][ T7725] EXT4-fs error (device loop2): ext4_do_update_inode:5229: inode #15: comm syz.2.1111: corrupted inode contents [ 282.143490][ T7740] FAT-fs (loop3): Directory bread(block 69) failed [ 282.150614][ T7725] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #15: comm syz.2.1111: mark_inode_dirty error [ 282.172546][ T7740] FAT-fs (loop3): Directory bread(block 70) failed [ 282.181523][ T7725] EXT4-fs error (device loop2): ext4_do_update_inode:5229: inode #15: comm syz.2.1111: corrupted inode contents [ 282.203101][ T7740] FAT-fs (loop3): Directory bread(block 71) failed [ 282.246241][ T7740] FAT-fs (loop3): Directory bread(block 72) failed [ 282.252956][ T7740] FAT-fs (loop3): Directory bread(block 73) failed [ 282.259675][ T7725] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #15: comm syz.2.1111: mark_inode_dirty error [ 282.466184][ T7725] EXT4-fs error (device loop2): ext4_do_update_inode:5229: inode #15: comm syz.2.1111: corrupted inode contents [ 282.829632][ T7751] device syzkaller0 entered promiscuous mode [ 283.121551][ T7725] EXT4-fs error (device loop2): ext4_truncate:4286: inode #15: comm syz.2.1111: mark_inode_dirty error [ 283.197610][ T7725] EXT4-fs error (device loop2) in ext4_setattr:5645: Corrupt filesystem [ 283.243806][ T21] Bluetooth: hci4: command 0x0406 tx timeout [ 283.364339][ T7765] loop1: detected capacity change from 0 to 2048 [ 283.375855][ T7768] device syzkaller0 entered promiscuous mode [ 283.695561][ T7765] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 283.747721][ T7765] ext4 filesystem being mounted at /249/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 284.710798][ T7799] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1136'. [ 285.147547][ T7812] loop4: detected capacity change from 0 to 512 [ 285.891762][ T7822] nftables ruleset with unbound set [ 285.984322][ T7812] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.1143: bg 0: block 248: padding at end of block bitmap is not set [ 286.122829][ T7812] Quota error (device loop4): write_blk: dquota write failed [ 286.147590][ T7812] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 286.158311][ T7812] EXT4-fs error (device loop4): ext4_acquire_dquot:6236: comm syz.4.1143: Failed to acquire dquot type 1 [ 286.177537][ T7812] EXT4-fs (loop4): 1 truncate cleaned up [ 286.616897][ T7812] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 287.672886][ T7812] ext4 filesystem being mounted at /250/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 289.275080][ T7881] No such timeout policy "syz1" [ 289.577052][ T7891] loop1: detected capacity change from 0 to 128 [ 289.639466][ T7891] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 289.709825][ T7891] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 290.942196][ T7908] ip6_vti0 speed is unknown, defaulting to 1000 [ 291.512854][ T7913] loop2: detected capacity change from 0 to 2048 [ 291.630211][ T7913] loop2: p1 p3 p4 [ 291.630211][ T7913] p1: [ 291.734458][ T7913] loop2: p4 size 589824 extends beyond EOD, truncated [ 292.254979][ T7916] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1176'. [ 292.348235][ T7916] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 292.523595][ T4180] udevd[4180]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 292.537227][ T4181] udevd[4181]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 292.560699][ T4177] udevd[4177]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory [ 292.576248][ T4179] udevd[4179]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 292.586903][ T7916] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 292.620920][ T7916] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 292.666541][ T7916] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 292.811881][ T4181] udevd[4181]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 292.825626][ T4180] udevd[4180]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 293.211058][ T5083] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 293.628740][ T7931] loop0: detected capacity change from 0 to 1024 [ 293.674990][ T7931] EXT4-fs (loop0): Test dummy encryption mode enabled [ 293.719392][ T7931] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption,i_version,noblock_validity,commit=0x0000000000000005,noinit_itable,max_batch_time=0x0000000000000000,abort,auto_da_alloc,lazytime,noauto_da_alloc,block_validity,,errors=continue. Quota mode: writeback. [ 293.766990][ T7934] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 293.998677][ T7931] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 295.081154][ T7967] loop2: detected capacity change from 0 to 128 [ 295.440309][ T7967] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 296.121367][ T7967] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 297.232276][ T7983] loop1: detected capacity change from 0 to 512 [ 297.356916][ T7986] loop3: detected capacity change from 0 to 512 [ 297.394558][ T7983] EXT4-fs error (device loop1): ext4_iget_extra_inode:4573: inode #15: comm syz.1.1197: corrupted in-inode xattr [ 297.482034][ T7983] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.1197: couldn't read orphan inode 15 (err -117) [ 297.537755][ T7986] EXT4-fs error (device loop3): ext4_iget_extra_inode:4573: inode #15: comm syz.3.1199: corrupted in-inode xattr [ 297.573047][ T7986] EXT4-fs error (device loop3): ext4_orphan_get:1411: comm syz.3.1199: couldn't read orphan inode 15 (err -117) [ 297.585124][ T7983] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 297.622228][ T7986] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 297.846182][ T7992] tipc: Enabling of bearer rejected, already enabled [ 298.212971][ T7987] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 465: padding at end of block bitmap is not set [ 298.632192][ T4302] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 298.741485][ T7987] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 465: padding at end of block bitmap is not set [ 298.790656][ T8006] loop2: detected capacity change from 0 to 512 [ 298.828536][ T8006] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 298.930458][ T8006] EXT4-fs (loop2): 1 truncate cleaned up [ 298.950734][ T8006] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,stripe=0x00000000000000dc,data_err=abort,noload,data_err=ignore,errors=remount-ro,. Quota mode: none. [ 299.206817][ T8017] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1209'. [ 299.958073][ T8006] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.1205: invalid indirect mapped block 4294901760 (level 0) [ 300.037651][ T8021] tipc: Enabling of bearer rejected, failed to enable media [ 300.050826][ T8006] EXT4-fs (loop2): Remounting filesystem read-only [ 300.065287][ T8006] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.1205: invalid indirect mapped block 4294967295 (level 1) [ 300.183153][ T8006] EXT4-fs (loop2): Remounting filesystem read-only [ 300.334432][ T8031] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1214'. [ 300.767003][ T8044] loop0: detected capacity change from 0 to 128 [ 300.769390][ T8045] No such timeout policy "syz1" [ 300.854985][ T8047] loop1: detected capacity change from 0 to 512 [ 300.957428][ T8047] EXT4-fs error (device loop1): ext4_iget_extra_inode:4573: inode #15: comm syz.1.1216: corrupted in-inode xattr [ 300.991574][ T8044] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 301.007422][ T8047] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.1216: couldn't read orphan inode 15 (err -117) [ 301.008316][ T8047] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 301.211976][ T8044] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 301.519580][ T8052] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 302.111266][ T4581] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 303.497930][ T8089] tipc: Enabling of bearer rejected, already enabled [ 303.590391][ T8094] loop3: detected capacity change from 0 to 512 [ 303.604373][ T8095] loop4: detected capacity change from 0 to 512 [ 303.770228][ T8094] EXT4-fs error (device loop3): ext4_iget_extra_inode:4573: inode #15: comm syz.3.1227: corrupted in-inode xattr [ 303.782497][ T8095] EXT4-fs error (device loop4): ext4_iget_extra_inode:4573: inode #15: comm syz.4.1228: corrupted in-inode xattr [ 303.914457][ T8095] EXT4-fs error (device loop4): ext4_orphan_get:1411: comm syz.4.1228: couldn't read orphan inode 15 (err -117) [ 303.927053][ T8094] EXT4-fs error (device loop3): ext4_orphan_get:1411: comm syz.3.1227: couldn't read orphan inode 15 (err -117) [ 304.002941][ T8095] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 304.013884][ T8094] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 304.017901][ T8107] loop1: detected capacity change from 0 to 128 [ 304.171068][ T8107] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 304.241754][ T8107] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 304.263814][ T8100] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 465: padding at end of block bitmap is not set [ 305.428725][ T8118] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 305.538702][ T4302] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 306.625399][ T8132] tipc: Enabling of bearer rejected, failed to enable media [ 307.365315][ T8156] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1242'. [ 307.390246][ T8156] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 307.398552][ T8156] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 307.406763][ T8156] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 307.415117][ T8156] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 307.447357][ T8158] loop1: detected capacity change from 0 to 512 [ 307.478991][ T8160] loop4: detected capacity change from 0 to 512 [ 307.488539][ T8156] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1242'. [ 307.520146][ T8158] EXT4-fs error (device loop1): ext4_iget_extra_inode:4573: inode #15: comm syz.1.1243: corrupted in-inode xattr [ 307.551573][ T8160] EXT4-fs error (device loop4): ext4_iget_extra_inode:4573: inode #15: comm syz.4.1245: corrupted in-inode xattr [ 307.610378][ T8158] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.1243: couldn't read orphan inode 15 (err -117) [ 307.640355][ T8160] EXT4-fs error (device loop4): ext4_orphan_get:1411: comm syz.4.1245: couldn't read orphan inode 15 (err -117) [ 307.704056][ T8158] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 307.735663][ T8160] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 307.785026][ T8175] loop0: detected capacity change from 0 to 128 [ 307.985984][ T8175] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 308.643117][ T8175] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 308.790913][ T8181] loop2: detected capacity change from 0 to 256 [ 308.941680][ T8181] FAT-fs (loop2): Directory bread(block 64) failed [ 308.993811][ T8181] FAT-fs (loop2): Directory bread(block 65) failed [ 309.000453][ T8181] FAT-fs (loop2): Directory bread(block 66) failed [ 309.024899][ T8181] FAT-fs (loop2): Directory bread(block 67) failed [ 309.031529][ T8181] FAT-fs (loop2): Directory bread(block 68) failed [ 309.092184][ T8181] FAT-fs (loop2): Directory bread(block 69) failed [ 309.120205][ T8181] FAT-fs (loop2): Directory bread(block 70) failed [ 309.131551][ T8181] FAT-fs (loop2): Directory bread(block 71) failed [ 309.157922][ T8181] FAT-fs (loop2): Directory bread(block 72) failed [ 309.164976][ T8181] FAT-fs (loop2): Directory bread(block 73) failed [ 309.313021][ T8164] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 465: padding at end of block bitmap is not set [ 309.400551][ T8164] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 465: padding at end of block bitmap is not set [ 310.008472][ T8203] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 310.262416][ T4302] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 310.871562][ T8218] device syzkaller0 entered promiscuous mode [ 311.217531][ T8229] No such timeout policy "syz1" [ 311.331745][ T8234] loop3: detected capacity change from 0 to 512 [ 311.399927][ T8234] EXT4-fs error (device loop3): ext4_iget_extra_inode:4573: inode #15: comm syz.3.1261: corrupted in-inode xattr [ 311.462043][ T8234] EXT4-fs error (device loop3): ext4_orphan_get:1411: comm syz.3.1261: couldn't read orphan inode 15 (err -117) [ 311.490267][ T8234] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 312.191346][ T8241] loop4: detected capacity change from 0 to 512 [ 312.338809][ T8241] EXT4-fs error (device loop4): ext4_iget_extra_inode:4573: inode #15: comm syz.4.1262: corrupted in-inode xattr [ 312.368239][ T8241] EXT4-fs error (device loop4): ext4_orphan_get:1411: comm syz.4.1262: couldn't read orphan inode 15 (err -117) [ 312.432811][ T8241] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 313.514463][ T8259] device syzkaller0 entered promiscuous mode [ 313.676012][ T8264] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 313.691987][ T8270] No such timeout policy "syz1" [ 314.199344][ T8296] device syzkaller0 entered promiscuous mode [ 314.475934][ T8310] loop2: detected capacity change from 0 to 512 [ 314.616198][ T8310] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.1280: corrupted in-inode xattr [ 314.632374][ T8310] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.1280: couldn't read orphan inode 15 (err -117) [ 314.654972][ T8310] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 315.155165][ T8322] No such timeout policy "syz1" [ 315.704930][ T8337] device syzkaller0 entered promiscuous mode [ 316.148881][ T8357] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 317.303106][ T8376] device syzkaller0 entered promiscuous mode [ 317.451327][ T8382] loop2: detected capacity change from 0 to 128 [ 317.523420][ T8382] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 319.076152][ T8382] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 319.099634][ T8384] ip6_vti0 speed is unknown, defaulting to 1000 [ 319.672135][ T4381] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 319.894955][ T8403] device syzkaller0 left promiscuous mode [ 319.962999][ T8403] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 320.955150][ T8420] netlink: 'syz.3.1312': attribute type 11 has an invalid length. [ 321.070329][ T8425] device syzkaller0 entered promiscuous mode [ 321.096971][ T8425] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 321.178733][ T8431] loop2: detected capacity change from 0 to 128 [ 321.191331][ T8431] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 321.211588][ T8431] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 321.853775][ T8433] ip6_vti0 speed is unknown, defaulting to 1000 [ 322.856124][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.862436][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 323.671120][ T4272] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 325.050899][ T8458] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 325.083198][ T8458] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 325.196296][ T8461] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1324'. [ 325.390396][ T8472] device syzkaller0 entered promiscuous mode [ 325.444905][ T8472] tipc: Enabled bearer , priority 0 [ 325.667048][ T8472] tipc: Resetting bearer [ 326.197445][ T8471] tipc: Resetting bearer [ 326.284046][ T8489] loop0: detected capacity change from 0 to 128 [ 326.607995][ T8471] tipc: Disabling bearer [ 326.645268][ T8489] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 326.671367][ T8489] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 326.754295][ T8493] device syzkaller0 entered promiscuous mode [ 327.007739][ T4581] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 327.731227][ T8508] usb usb6: usbfs: process 8508 (syz.0.1335) did not claim interface 0 before use [ 329.927600][ T8538] loop0: detected capacity change from 0 to 512 [ 330.209702][ T8544] No such timeout policy "syz1" [ 330.233010][ T8538] EXT4-fs error (device loop0): ext4_iget_extra_inode:4573: inode #15: comm syz.0.1345: corrupted in-inode xattr [ 330.257608][ T8538] EXT4-fs error (device loop0): ext4_orphan_get:1411: comm syz.0.1345: couldn't read orphan inode 15 (err -117) [ 330.332193][ T8538] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 330.416303][ T8551] loop3: detected capacity change from 0 to 256 [ 330.470468][ T8549] loop4: detected capacity change from 0 to 8192 [ 331.236066][ T8549] Dev loop4: RDB in block 1 has bad checksum [ 331.303583][ T8559] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 331.354988][ T8551] FAT-fs (loop3): Directory bread(block 64) failed [ 331.361566][ T8551] FAT-fs (loop3): Directory bread(block 65) failed [ 331.423920][ T8551] FAT-fs (loop3): Directory bread(block 66) failed [ 331.440789][ T8551] FAT-fs (loop3): Directory bread(block 67) failed [ 331.468572][ T8551] FAT-fs (loop3): Directory bread(block 68) failed [ 331.508458][ T8551] FAT-fs (loop3): Directory bread(block 69) failed [ 331.539507][ T8563] device syzkaller0 entered promiscuous mode [ 331.558112][ T8551] FAT-fs (loop3): Directory bread(block 70) failed [ 331.714060][ T8551] FAT-fs (loop3): Directory bread(block 71) failed [ 331.768835][ T8551] FAT-fs (loop3): Directory bread(block 72) failed [ 331.847693][ T8567] device syzkaller0 left promiscuous mode [ 331.969984][ T8551] FAT-fs (loop3): Directory bread(block 73) failed [ 332.099079][ T8567] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 332.559237][ T8583] netlink: 'syz.4.1361': attribute type 4 has an invalid length. [ 332.630942][ T8585] loop1: detected capacity change from 0 to 512 [ 332.640474][ T8586] netlink: 'syz.4.1361': attribute type 4 has an invalid length. [ 332.690670][ T8582] device syzkaller0 entered promiscuous mode [ 332.770811][ T8585] EXT4-fs error (device loop1): ext4_iget_extra_inode:4573: inode #15: comm syz.1.1362: corrupted in-inode xattr [ 332.923431][ T8585] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.1362: couldn't read orphan inode 15 (err -117) [ 332.982299][ T8585] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 333.831654][ T8602] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 333.866772][ T8598] loop1: detected capacity change from 0 to 512 [ 334.015261][ T8598] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,sb=0x0000000000000001,,errors=continue. Quota mode: writeback. [ 334.040527][ T8598] ext4 filesystem being mounted at /300/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 335.186425][ T8624] loop1: detected capacity change from 0 to 8 [ 335.210654][ T8617] device syzkaller0 entered promiscuous mode [ 335.396833][ T8630] loop1: detected capacity change from 0 to 512 [ 335.531346][ T8630] EXT4-fs error (device loop1): ext4_iget_extra_inode:4573: inode #15: comm syz.1.1375: corrupted in-inode xattr [ 336.154178][ T8630] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.1375: couldn't read orphan inode 15 (err -117) [ 336.216492][ T8630] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 336.544766][ T8648] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 337.528572][ T8669] device syzkaller0 entered promiscuous mode [ 338.275533][ T8683] loop0: detected capacity change from 0 to 512 [ 338.712477][ T8683] EXT4-fs error (device loop0): ext4_iget_extra_inode:4573: inode #15: comm syz.0.1393: corrupted in-inode xattr [ 338.843222][ T8690] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 338.855673][ T8683] EXT4-fs error (device loop0): ext4_orphan_get:1411: comm syz.0.1393: couldn't read orphan inode 15 (err -117) [ 338.976558][ T8683] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 340.252143][ T8712] device syzkaller0 entered promiscuous mode [ 340.919971][ T8721] ip6_vti0 speed is unknown, defaulting to 1000 [ 341.204276][ T8724] loop0: detected capacity change from 0 to 512 [ 341.289468][ T8724] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 341.373851][ T8724] EXT4-fs (loop0): 1 truncate cleaned up [ 341.400992][ T8724] EXT4-fs (loop0): mounted filesystem without journal. Opts: resuid=0x0000000000000000,dax=inode,stripe=0x0000000000000000,noblock_validity,,errors=continue. Quota mode: none. [ 342.307870][ T8731] loop3: detected capacity change from 0 to 512 [ 342.432243][ T8735] loop4: detected capacity change from 0 to 1024 [ 342.460944][ T8731] EXT4-fs error (device loop3): ext4_iget_extra_inode:4573: inode #15: comm syz.3.1409: corrupted in-inode xattr [ 342.480748][ T8731] EXT4-fs error (device loop3): ext4_orphan_get:1411: comm syz.3.1409: couldn't read orphan inode 15 (err -117) [ 342.532540][ T8731] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 342.566092][ T8735] EXT4-fs (loop4): Ignoring removed orlov option [ 342.632471][ T8735] EXT4-fs (loop4): mounted filesystem without journal. Opts: block_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,norecovery,,errors=continue. Quota mode: none. [ 343.271942][ T8755] device syzkaller0 entered promiscuous mode [ 344.185086][ T8769] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1422'. [ 344.278081][ T8769] device bond0 entered promiscuous mode [ 344.320132][ T8769] device bond_slave_0 entered promiscuous mode [ 344.377645][ T8769] device bond_slave_1 entered promiscuous mode [ 344.417923][ T8769] device bond0 left promiscuous mode [ 344.427308][ T8769] device bond_slave_0 left promiscuous mode [ 344.435953][ T8769] device bond_slave_1 left promiscuous mode [ 344.506240][ T8776] ip6_vti0 speed is unknown, defaulting to 1000 [ 345.135191][ T8785] loop4: detected capacity change from 0 to 512 [ 345.261531][ T8785] EXT4-fs error (device loop4): ext4_iget_extra_inode:4573: inode #15: comm syz.4.1427: corrupted in-inode xattr [ 345.343266][ T8785] EXT4-fs error (device loop4): ext4_orphan_get:1411: comm syz.4.1427: couldn't read orphan inode 15 (err -117) [ 345.417306][ T8785] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 347.182749][ T8811] device syzkaller0 entered promiscuous mode [ 347.206958][ T8811] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 347.302768][ T8816] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1436'. [ 347.469748][ T8816] netlink: 'syz.2.1436': attribute type 8 has an invalid length. [ 347.484310][ T8816] device geneve2 entered promiscuous mode [ 349.235657][ T8840] No such timeout policy "syz1" [ 350.396701][ T8835] ip6_vti0 speed is unknown, defaulting to 1000 [ 350.400731][ T8847] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 350.987262][ T8866] loop1: detected capacity change from 0 to 512 [ 351.245025][ T8866] EXT4-fs error (device loop1): ext4_iget_extra_inode:4573: inode #15: comm syz.1.1452: corrupted in-inode xattr [ 351.479745][ T8866] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.1452: couldn't read orphan inode 15 (err -117) [ 351.749620][ T8866] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 352.427885][ T8896] device syzkaller0 entered promiscuous mode [ 352.535221][ T8895] ip6_vti0 speed is unknown, defaulting to 1000 [ 352.573971][ T8898] loop1: detected capacity change from 0 to 8 [ 352.690454][ T8897] No such timeout policy "syz1" [ 353.419443][ T8928] loop0: detected capacity change from 0 to 512 [ 353.501758][ T8928] EXT4-fs error (device loop0): ext4_iget_extra_inode:4573: inode #15: comm syz.0.1471: corrupted in-inode xattr [ 353.518529][ T8928] EXT4-fs error (device loop0): ext4_orphan_get:1411: comm syz.0.1471: couldn't read orphan inode 15 (err -117) [ 353.530943][ T8928] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 354.154956][ T8939] "syz.1.1473" (8939) uses obsolete ecb(arc4) skcipher [ 355.200108][ T8951] ip6_vti0 speed is unknown, defaulting to 1000 [ 355.240902][ T8954] loop1: detected capacity change from 0 to 8 [ 356.106936][ T8976] loop3: detected capacity change from 0 to 128 [ 356.234802][ T8976] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 356.255290][ T8976] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 356.935953][ T4272] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 357.253760][ T8984] ip6_vti0 speed is unknown, defaulting to 1000 [ 357.409351][ T8988] loop1: detected capacity change from 0 to 8 [ 358.153917][ T8997] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 358.311741][ T9003] loop4: detected capacity change from 0 to 128 [ 358.426679][ T9003] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 358.492865][ T9003] ext4 filesystem being mounted at /307/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 358.792146][ T9021] loop0: detected capacity change from 0 to 8 [ 358.803216][ T9019] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 358.825493][ T9019] device syzkaller0 entered promiscuous mode [ 360.298548][ T9035] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 361.209227][ T9047] device syzkaller0 entered promiscuous mode [ 361.399659][ T9054] device syzkaller0 entered promiscuous mode [ 361.531039][ T9061] loop1: detected capacity change from 0 to 128 [ 361.619964][ T9061] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 361.654312][ T9061] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 362.326663][ T4246] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 362.529452][ T9074] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 363.300918][ T9081] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 363.345894][ T9081] device syzkaller0 entered promiscuous mode [ 363.356724][ T9085] device syzkaller0 entered promiscuous mode [ 363.562064][ T9098] loop2: detected capacity change from 0 to 128 [ 363.707527][ T9098] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 363.737440][ T9098] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 364.296472][ T4381] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 364.364086][ T9092] device syzkaller0 entered promiscuous mode [ 364.494403][ T9113] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 364.526971][ T9112] tipc: Enabled bearer , priority 0 [ 365.346495][ T9127] No such timeout policy "syz1" [ 365.630875][ T4231] tipc: Node number set to 3726110457 [ 365.913033][ T9130] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 366.071714][ T9130] device syzkaller0 entered promiscuous mode [ 366.280663][ T9137] loop2: detected capacity change from 0 to 512 [ 366.378122][ T9137] EXT4-fs (loop2): Ignoring removed nobh option [ 366.391228][ T9137] EXT4-fs (loop2): Test dummy encryption mode enabled [ 366.807305][ T9137] EXT4-fs error (device loop2): ext4_orphan_get:1406: inode #15: comm syz.2.1547: iget: bad i_size value: 38620345925642 [ 366.876819][ T9137] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.1547: couldn't read orphan inode 15 (err -117) [ 366.937013][ T9137] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobh,test_dummy_encryption,data_err=ignore,,errors=continue. Quota mode: writeback. [ 366.992780][ T9150] device syzkaller0 entered promiscuous mode [ 367.055715][ T4581] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm kworker/u4:12: bg 0: block 5: invalid block bitmap [ 367.092343][ T9154] device syzkaller0 entered promiscuous mode [ 367.101850][ T4581] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 367.118500][ T4581] EXT4-fs (loop2): This should not happen!! Data will be lost [ 367.118500][ T4581] [ 367.129973][ T4581] EXT4-fs (loop2): Total free blocks count 0 [ 367.136758][ T4581] EXT4-fs (loop2): Free/Dirty block details [ 367.143083][ T4581] EXT4-fs (loop2): free_blocks=0 [ 367.148088][ T4581] EXT4-fs (loop2): dirty_blocks=1 [ 367.153671][ T4581] EXT4-fs (loop2): Block reservation details [ 367.160419][ T4581] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 367.627466][ T9179] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 367.731241][ T9179] device syzkaller0 entered promiscuous mode [ 367.778427][ T9187] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1564'. [ 368.525803][ T9198] No such timeout policy "syz1" [ 369.944748][ T9210] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 370.269261][ T9219] loop0: detected capacity change from 0 to 8 [ 371.381663][ T9237] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 371.456051][ T9237] device syzkaller0 entered promiscuous mode [ 371.517497][ T9246] usb usb5: usbfs: process 9246 (syz.4.1581) did not claim interface 0 before use [ 372.214558][ T9259] loop2: detected capacity change from 0 to 1024 [ 372.270449][ T9259] EXT4-fs (loop2): Test dummy encryption mode enabled [ 372.636761][ T9259] EXT4-fs (loop2): mounted filesystem without journal. Opts: test_dummy_encryption,i_version,noblock_validity,commit=0x0000000000000005,noinit_itable,max_batch_time=0x0000000000000000,abort,auto_da_alloc,lazytime,noauto_da_alloc,block_validity,,errors=continue. Quota mode: writeback. [ 374.685892][ T9292] loop3: detected capacity change from 0 to 8 [ 375.651215][ T9299] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 375.664945][ T9299] device syzkaller0 entered promiscuous mode [ 376.222146][ T9323] loop0: detected capacity change from 0 to 512 [ 376.515041][ T9323] EXT4-fs error (device loop0): ext4_iget_extra_inode:4573: inode #15: comm syz.0.1598: corrupted in-inode xattr [ 376.586829][ T9323] EXT4-fs error (device loop0): ext4_orphan_get:1411: comm syz.0.1598: couldn't read orphan inode 15 (err -117) [ 377.352908][ T9323] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 378.109393][ T9354] loop1: detected capacity change from 0 to 8 [ 379.502136][ T9370] device syzkaller0 entered promiscuous mode [ 379.535954][ T9376] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 379.553857][ T9376] device syzkaller0 entered promiscuous mode [ 380.688713][ T9403] loop4: detected capacity change from 0 to 512 [ 380.695804][ T9401] loop0: detected capacity change from 0 to 512 [ 380.830698][ T9403] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 380.855074][ T9401] EXT4-fs error (device loop0): ext4_iget_extra_inode:4573: inode #15: comm syz.0.1617: corrupted in-inode xattr [ 380.951064][ T9411] loop1: detected capacity change from 0 to 128 [ 384.029794][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.036167][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.074689][ T9411] EXT4-fs: failed to create workqueue [ 384.080482][ T9411] EXT4-fs (loop1): mount failed [ 384.142660][ T9401] EXT4-fs error (device loop0): ext4_orphan_get:1411: comm syz.0.1617: couldn't read orphan inode 15 (err -117) [ 384.160426][ T9403] EXT4-fs: failed to create workqueue [ 384.212384][ T9417] loop3: detected capacity change from 0 to 8 [ 384.228719][ T9403] EXT4-fs (loop4): mount failed [ 384.254283][ T9401] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 384.947921][ T9435] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 385.004542][ T9435] device syzkaller0 entered promiscuous mode [ 385.151315][ T9438] device syzkaller0 entered promiscuous mode [ 385.623951][ T9457] loop0: detected capacity change from 0 to 512 [ 385.801231][ T9457] EXT4-fs error (device loop0): ext4_iget_extra_inode:4573: inode #15: comm syz.0.1631: corrupted in-inode xattr [ 386.550945][ T9457] EXT4-fs error (device loop0): ext4_orphan_get:1411: comm syz.0.1631: couldn't read orphan inode 15 (err -117) [ 386.633257][ T9457] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 388.282808][ T9486] loop1: detected capacity change from 0 to 8 [ 389.099756][ T9520] loop2: detected capacity change from 0 to 512 [ 389.486293][ T9520] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.1645: corrupted in-inode xattr [ 389.648541][ T9520] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.1645: couldn't read orphan inode 15 (err -117) [ 390.030506][ T9520] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 391.129882][ T9549] loop0: detected capacity change from 0 to 8 [ 391.469312][ T9553] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1653'. [ 391.724190][ T9557] loop0: detected capacity change from 0 to 8 [ 392.752096][ T9564] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 392.796635][ T9564] device syzkaller0 entered promiscuous mode [ 393.824995][ T9578] loop3: detected capacity change from 0 to 512 [ 393.917702][ T9578] EXT4-fs error (device loop3): ext4_iget_extra_inode:4573: inode #15: comm syz.3.1661: corrupted in-inode xattr [ 393.969630][ T9578] EXT4-fs error (device loop3): ext4_orphan_get:1411: comm syz.3.1661: couldn't read orphan inode 15 (err -117) [ 394.019169][ T9578] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 394.112905][ T9531] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 465: padding at end of block bitmap is not set [ 394.570960][ T9595] loop4: detected capacity change from 0 to 8 [ 394.809483][ T9595] device syzkaller0 entered promiscuous mode [ 395.005317][ T9599] loop3: detected capacity change from 0 to 1024 [ 395.050722][ T9599] EXT4-fs (loop3): Ignoring removed bh option [ 395.387745][ T9599] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodelalloc,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000005,bh,init_itable,. Quota mode: none. [ 395.478451][ T9612] EXT4-fs error (device loop3): ext4_find_dest_de:2115: inode #12: block 7: comm syz.3.1669: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=56 fake=0 [ 395.544428][ T9612] EXT4-fs (loop3): Remounting filesystem read-only [ 395.590545][ T9599] overlayfs: conflicting lowerdir path [ 396.598619][ T9625] loop3: detected capacity change from 0 to 128 [ 396.681279][ T9626] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 396.702534][ T9626] device syzkaller0 entered promiscuous mode [ 396.744577][ T9625] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 396.813353][ T9625] FAT-fs (loop3): Filesystem has been set read-only [ 396.861538][ T9625] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 396.959079][ T9625] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 397.649849][ T9642] sctp: [Deprecated]: syz.2.1683 (pid 9642) Use of int in max_burst socket option. [ 397.649849][ T9642] Use struct sctp_assoc_value instead [ 397.702418][ T9646] loop1: detected capacity change from 0 to 8 [ 397.858617][ T9648] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1684'. [ 397.902732][ T9648] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1684'. [ 397.960520][ T9646] device syzkaller0 entered promiscuous mode [ 398.007054][ T9648] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1684'. [ 398.035832][ T9648] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1684'. [ 398.462574][ T9657] loop2: detected capacity change from 0 to 128 [ 398.730195][ T9657] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 398.741495][ T9657] ext4 filesystem being mounted at /276/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 400.853151][ T9667] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 400.877245][ T9667] device syzkaller0 entered promiscuous mode [ 402.192385][ T9685] loop3: detected capacity change from 0 to 8 [ 402.242191][ T9684] device syzkaller0 entered promiscuous mode [ 402.446261][ T9685] SQUASHFS error: zlib decompression failed, data probably corrupt [ 402.465529][ T9685] SQUASHFS error: Failed to read block 0x4e8: -5 [ 402.518983][ T9691] No such timeout policy "syz1" [ 403.294485][ T9685] SQUASHFS error: zlib decompression failed, data probably corrupt [ 403.332782][ T9685] SQUASHFS error: Failed to read block 0x4ee: -5 [ 404.797423][ T9706] netlink: 'syz.2.1702': attribute type 11 has an invalid length. [ 405.222207][ T9723] loop0: detected capacity change from 0 to 1024 [ 405.276634][ T9723] EXT4-fs (loop0): Ignoring removed orlov option [ 405.361569][ T9723] EXT4-fs (loop0): mounted filesystem without journal. Opts: block_validity,bsddf,nombcache,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,grpjquota=,,errors=continue. Quota mode: none. [ 406.390843][ T9753] No such timeout policy "syz1" [ 408.599979][ T9764] netlink: 'syz.4.1715': attribute type 11 has an invalid length. [ 408.626371][ T9768] device syzkaller0 entered promiscuous mode [ 410.722691][ T9804] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 410.742851][ T9804] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 411.268510][ T9812] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 411.593142][ T9812] device syzkaller0 entered promiscuous mode [ 412.919234][ T9845] loop1: detected capacity change from 0 to 512 [ 413.061320][ T9845] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 413.143115][ T9845] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 413.923249][ T9845] EXT4-fs (loop1): 1 truncate cleaned up [ 413.928945][ T9845] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,journal_ioprio=0x0000000000000002,noauto_da_alloc,lazytime,grpjquota=,quota,,errors=continue. Quota mode: writeback. [ 415.496481][ T9869] No such timeout policy "syz1" [ 415.844265][ T9872] loop4: detected capacity change from 0 to 8 [ 417.094955][ T9881] netlink: 'syz.0.1749': attribute type 4 has an invalid length. [ 417.305080][ T9882] device syzkaller0 entered promiscuous mode [ 417.319443][ T9881] netlink: 'syz.0.1749': attribute type 4 has an invalid length. [ 419.240096][ T9913] No such timeout policy "syz1" [ 421.559445][ T9923] netlink: 'syz.2.1761': attribute type 4 has an invalid length. [ 421.635661][ T9925] loop4: detected capacity change from 0 to 8 [ 422.518147][ T9926] netlink: 'syz.2.1761': attribute type 4 has an invalid length. [ 422.876765][ T9948] loop2: detected capacity change from 0 to 256 [ 422.969713][ T9953] binder: 9952:9953 ioctl c0306201 2000000003c0 returned -14 [ 425.302766][ T9962] No such timeout policy "syz1" [ 425.674308][ T9965] overlayfs: failed to set xattr on upper [ 425.680539][ T9965] overlayfs: ...falling back to index=off,metacopy=off. [ 427.458886][ T9980] device syzkaller0 entered promiscuous mode [ 427.551819][ T9992] loop4: detected capacity change from 0 to 512 [ 428.501903][ T9992] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 429.726166][T10017] No such timeout policy "syz1" [ 429.754888][ T9992] ext4 filesystem being mounted at /363/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 433.222215][T10057] input: syz1 as /devices/virtual/input/input10 [ 433.278492][T10062] No such timeout policy "syz1" [ 433.515448][T10029] ODEBUG: Out of memory. ODEBUG disabled [ 434.211035][T10082] loop3: detected capacity change from 0 to 128 [ 434.379652][T10084] [ 434.382027][T10084] ====================================================== [ 434.389036][T10084] WARNING: possible circular locking dependency detected [ 434.396054][T10084] syzkaller #0 Not tainted [ 434.400458][T10084] ------------------------------------------------------ [ 434.407463][T10084] syz.0.1813/10084 is trying to acquire lock: [ 434.413513][T10084] ffff888079eb3220 (sk_lock-AF_INET6){+.+.}-{0:0}, at: inet_sk_diag_fill+0xf5e/0x1ca0 [ 434.423107][T10084] [ 434.423107][T10084] but task is already holding lock: [ 434.430460][T10084] ffffc900017f4f18 (&h->lhash2[i].lock){+.+.}-{2:2}, at: mptcp_diag_dump+0x917/0x12b0 [ 434.440035][T10084] [ 434.440035][T10084] which lock already depends on the new lock. [ 434.440035][T10084] [ 434.450435][T10084] [ 434.450435][T10084] the existing dependency chain (in reverse order) is: [ 434.459444][T10084] [ 434.459444][T10084] -> #1 (&h->lhash2[i].lock){+.+.}-{2:2}: [ 434.467349][T10084] _raw_spin_lock+0x2a/0x40 [ 434.472383][T10084] __inet_hash+0xe3/0x960 [ 434.477238][T10084] inet_csk_listen_start+0x22f/0x320 [ 434.483044][T10084] inet_listen+0x2e1/0x590 [ 434.487984][T10084] __sys_listen+0x19d/0x220 [ 434.493007][T10084] __x64_sys_listen+0x56/0x60 [ 434.498208][T10084] do_syscall_64+0x4c/0xa0 [ 434.503141][T10084] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 434.509811][T10084] [ 434.509811][T10084] -> #0 (sk_lock-AF_INET6){+.+.}-{0:0}: [ 434.517536][T10084] __lock_acquire+0x2c42/0x7d10 [ 434.522910][T10084] lock_acquire+0x19e/0x400 [ 434.527938][T10084] mptcp_diag_get_info+0x1f2/0x9e0 [ 434.533573][T10084] inet_sk_diag_fill+0xf5e/0x1ca0 [ 434.539126][T10084] mptcp_diag_dump+0xce6/0x12b0 [ 434.544500][T10084] __inet_diag_dump+0x1f6/0x380 [ 434.549875][T10084] netlink_dump+0x694/0xcf0 [ 434.554899][T10084] __netlink_dump_start+0x523/0x700 [ 434.560616][T10084] inet_diag_handler_cmd+0x1d3/0x2b0 [ 434.566427][T10084] sock_diag_rcv_msg+0x164/0x3e0 [ 434.571883][T10084] netlink_rcv_skb+0x1f5/0x440 [ 434.577170][T10084] sock_diag_rcv+0x26/0x40 [ 434.582110][T10084] netlink_unicast+0x774/0x920 [ 434.587391][T10084] netlink_sendmsg+0x8ba/0xbe0 [ 434.592693][T10084] sock_write_iter+0x2a6/0x3a0 [ 434.597972][T10084] do_iter_readv_writev+0x47e/0x5f0 [ 434.603678][T10084] do_iter_write+0x205/0x7b0 [ 434.608780][T10084] do_writev+0x281/0x480 [ 434.613539][T10084] do_syscall_64+0x4c/0xa0 [ 434.618470][T10084] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 434.624886][T10084] [ 434.624886][T10084] other info that might help us debug this: [ 434.624886][T10084] [ 434.635105][T10084] Possible unsafe locking scenario: [ 434.635105][T10084] [ 434.642630][T10084] CPU0 CPU1 [ 434.647989][T10084] ---- ---- [ 434.653339][T10084] lock(&h->lhash2[i].lock); [ 434.658007][T10084] lock(sk_lock-AF_INET6); [ 434.665014][T10084] lock(&h->lhash2[i].lock); [ 434.672209][T10084] lock(sk_lock-AF_INET6); [ 434.676790][T10084] [ 434.676790][T10084] *** DEADLOCK *** [ 434.676790][T10084] [ 434.684936][T10084] 6 locks held by syz.0.1813/10084: [ 434.690118][T10084] #0: ffffffff8d446f68 (sock_diag_mutex){+.+.}-{3:3}, at: sock_diag_rcv+0x17/0x40 [ 434.699414][T10084] #1: ffffffff8d446e28 (sock_diag_table_mutex){+.+.}-{3:3}, at: sock_diag_rcv_msg+0x217/0x3e0 [ 434.709747][T10084] #2: ffff888061c0a698 (nlk_cb_mutex-SOCK_DIAG){+.+.}-{3:3}, at: __netlink_dump_start+0x11f/0x700 [ 434.720432][T10084] #3: ffffffff8d521028 (inet_diag_table_mutex){+.+.}-{3:3}, at: __inet_diag_dump+0x181/0x380 [ 434.730684][T10084] #4: ffffffff8c31eb20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 434.739990][T10084] #5: ffffc900017f4f18 (&h->lhash2[i].lock){+.+.}-{2:2}, at: mptcp_diag_dump+0x917/0x12b0 [ 434.749978][T10084] [ 434.749978][T10084] stack backtrace: [ 434.755854][T10084] CPU: 1 PID: 10084 Comm: syz.0.1813 Not tainted syzkaller #0 [ 434.763301][T10084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 434.773344][T10084] Call Trace: [ 434.776609][T10084] [ 434.779523][T10084] dump_stack_lvl+0x188/0x250 [ 434.784194][T10084] ? load_image+0x400/0x400 [ 434.788692][T10084] ? show_regs_print_info+0x20/0x20 [ 434.793880][T10084] ? print_circular_bug+0x12b/0x1a0 [ 434.799070][T10084] check_noncircular+0x296/0x330 [ 434.803995][T10084] ? add_chain_block+0x940/0x940 [ 434.808922][T10084] ? lockdep_lock+0xf1/0x1f0 [ 434.813504][T10084] ? __lock_acquire+0x12e8/0x7d10 [ 434.818520][T10084] ? mark_lock+0x94/0x320 [ 434.822837][T10084] __lock_acquire+0x2c42/0x7d10 [ 434.827802][T10084] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 434.833782][T10084] ? verify_lock_unused+0x140/0x140 [ 434.838981][T10084] ? lockdep_hardirqs_on_prepare+0x770/0x770 [ 434.844959][T10084] ? verify_lock_unused+0x140/0x140 [ 434.850149][T10084] ? __local_bh_enable_ip+0xd7/0x1c0 [ 434.855419][T10084] ? __local_bh_enable_ip+0x136/0x1c0 [ 434.860777][T10084] ? lockdep_hardirqs_on+0x94/0x140 [ 434.865965][T10084] ? __local_bh_enable_ip+0x136/0x1c0 [ 434.871318][T10084] ? _local_bh_enable+0xa0/0xa0 [ 434.876154][T10084] ? nla_put+0x130/0x1e0 [ 434.880381][T10084] lock_acquire+0x19e/0x400 [ 434.884890][T10084] ? inet_sk_diag_fill+0xf5e/0x1ca0 [ 434.890097][T10084] ? read_lock_is_recursive+0x10/0x10 [ 434.895468][T10084] ? rcu_lock_release+0x5/0x20 [ 434.900230][T10084] ? __lock_acquire+0x7d10/0x7d10 [ 434.905246][T10084] ? inet_sk_diag_fill+0xf5e/0x1ca0 [ 434.910435][T10084] mptcp_diag_get_info+0x1f2/0x9e0 [ 434.915534][T10084] ? inet_sk_diag_fill+0xf5e/0x1ca0 [ 434.920720][T10084] inet_sk_diag_fill+0xf5e/0x1ca0 [ 434.925734][T10084] ? inet_diag_msg_attrs_fill+0x930/0x930 [ 434.931445][T10084] ? do_raw_spin_lock+0x128/0x2f0 [ 434.936453][T10084] ? __rwlock_init+0x140/0x140 [ 434.941198][T10084] ? inet_diag_bc_sk+0x18b/0x1120 [ 434.946209][T10084] mptcp_diag_dump+0xce6/0x12b0 [ 434.951045][T10084] ? mptcp_token_join_cookie_init_state+0x460/0x460 [ 434.957618][T10084] __inet_diag_dump+0x1f6/0x380 [ 434.962457][T10084] netlink_dump+0x694/0xcf0 [ 434.966945][T10084] ? netlink_lookup+0x1d0/0x1d0 [ 434.971776][T10084] ? __inet_diag_dump_start+0x805/0x970 [ 434.977307][T10084] __netlink_dump_start+0x523/0x700 [ 434.982491][T10084] inet_diag_handler_cmd+0x1d3/0x2b0 [ 434.987761][T10084] ? rcu_lock_release+0x20/0x20 [ 434.992594][T10084] ? inet_diag_handler_get_info+0xb90/0xb90 [ 434.998471][T10084] ? inet_diag_dump_start+0x20/0x20 [ 435.003651][T10084] ? inet_diag_dump+0x50/0x50 [ 435.008313][T10084] ? rcu_lock_release+0x20/0x20 [ 435.013145][T10084] sock_diag_rcv_msg+0x164/0x3e0 [ 435.018069][T10084] netlink_rcv_skb+0x1f5/0x440 [ 435.022813][T10084] ? sock_diag_bind+0xa0/0xa0 [ 435.027472][T10084] ? netlink_ack+0xb50/0xb50 [ 435.032044][T10084] ? __lock_acquire+0x7d10/0x7d10 [ 435.037060][T10084] sock_diag_rcv+0x26/0x40 [ 435.041459][T10084] netlink_unicast+0x774/0x920 [ 435.046207][T10084] netlink_sendmsg+0x8ba/0xbe0 [ 435.050955][T10084] ? netlink_getsockopt+0x570/0x570 [ 435.056141][T10084] ? aa_sock_msg_perm+0x94/0x150 [ 435.061066][T10084] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 435.066337][T10084] ? security_socket_sendmsg+0x7c/0xa0 [ 435.071779][T10084] sock_write_iter+0x2a6/0x3a0 [ 435.076526][T10084] ? sock_read_iter+0x380/0x380 [ 435.081366][T10084] do_iter_readv_writev+0x47e/0x5f0 [ 435.086549][T10084] ? aa_path_link+0x880/0x880 [ 435.091244][T10084] ? generic_file_rw_checks+0x280/0x280 [ 435.096772][T10084] ? common_file_perm+0x171/0x1c0 [ 435.101808][T10084] ? fsnotify_perm+0x5d/0x560 [ 435.106470][T10084] ? security_file_permission+0x75/0xa0 [ 435.112004][T10084] do_iter_write+0x205/0x7b0 [ 435.116579][T10084] ? import_iovec+0x6f/0xa0 [ 435.121069][T10084] do_writev+0x281/0x480 [ 435.125296][T10084] ? do_readv+0x460/0x460 [ 435.129616][T10084] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 435.135583][T10084] ? lock_chain_count+0x20/0x20 [ 435.140420][T10084] ? vtime_user_exit+0x2c8/0x3e0 [ 435.145346][T10084] ? lockdep_hardirqs_on+0x94/0x140 [ 435.150532][T10084] do_syscall_64+0x4c/0xa0 [ 435.154932][T10084] ? clear_bhb_loop+0x30/0x80 [ 435.159593][T10084] ? clear_bhb_loop+0x30/0x80 [ 435.164253][T10084] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 435.170142][T10084] RIP: 0033:0x7fa557f93dd9 [ 435.174546][T10084] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 435.194394][T10084] RSP: 002b:00007fa5561ed028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 435.202794][T10084] RAX: ffffffffffffffda RBX: 00007fa55820cfa0 RCX: 00007fa557f93dd9 [ 435.210751][T10084] RDX: 0000000000000001 RSI: 0000200000000280 RDI: 0000000000000004 [ 435.218709][T10084] RBP: 00007fa558029d69 R08: 0000000000000000 R09: 0000000000000000 [ 435.226667][T10084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 435.234630][T10084] R13: 00007fa55820d038 R14: 00007fa55820cfa0 R15: 00007ffe2fb0c8a8 [ 435.242600][T10084] [ 435.246350][T10084] BUG: sleeping function called from invalid context at net/core/sock.c:3291 [ 435.255152][T10084] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 10084, name: syz.0.1813 [ 435.264285][T10084] INFO: lockdep is turned off. [ 435.269130][T10084] Preemption disabled at: [ 435.269138][T10084] [<0000000000000000>] 0x0 SYZFAIL: failed to send rpc fd=3 want=7064 sent=0 n=-1 (errno 32: Broken pipe) [ 435.277888][T10084] CPU: 1 PID: 10084 Comm: syz.0.1813 Not tainted syzkaller #0 [ 435.285345][T10084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 435.295401][T10084] Call Trace: [ 435.298680][T10084] [ 435.301607][T10084] dump_stack_lvl+0x188/0x250 [ 435.306288][T10084] ? show_regs_print_info+0x20/0x20 [ 435.311497][T10084] ? load_image+0x400/0x400 [ 435.316015][T10084] ___might_sleep+0x493/0x610 [ 435.320711][T10084] ? __might_sleep+0xf0/0xf0 [ 435.325313][T10084] ? read_lock_is_recursive+0x10/0x10 [ 435.330740][T10084] ? rcu_lock_release+0x5/0x20 [ 435.335520][T10084] __lock_sock_fast+0x2f/0xe0 [ 435.340209][T10084] ? inet_sk_diag_fill+0xf5e/0x1ca0 [ 435.345420][T10084] mptcp_diag_get_info+0x1fe/0x9e0 [ 435.350545][T10084] inet_sk_diag_fill+0xf5e/0x1ca0 [ 435.355588][T10084] ? inet_diag_msg_attrs_fill+0x930/0x930 [ 435.361321][T10084] ? do_raw_spin_lock+0x128/0x2f0 [ 435.366360][T10084] ? __rwlock_init+0x140/0x140 [ 435.371133][T10084] ? inet_diag_bc_sk+0x18b/0x1120 [ 435.376168][T10084] mptcp_diag_dump+0xce6/0x12b0 [ 435.381025][T10084] ? mptcp_token_join_cookie_init_state+0x460/0x460 [ 435.387713][T10084] __inet_diag_dump+0x1f6/0x380 [ 435.392581][T10084] netlink_dump+0x694/0xcf0 [ 435.397089][T10084] ? netlink_lookup+0x1d0/0x1d0 [ 435.401946][T10084] ? __inet_diag_dump_start+0x805/0x970 [ 435.407498][T10084] __netlink_dump_start+0x523/0x700 [ 435.412706][T10084] inet_diag_handler_cmd+0x1d3/0x2b0 [ 435.418004][T10084] ? rcu_lock_release+0x20/0x20 [ 435.422854][T10084] ? inet_diag_handler_get_info+0xb90/0xb90 [ 435.428757][T10084] ? inet_diag_dump_start+0x20/0x20 [ 435.433964][T10084] ? inet_diag_dump+0x50/0x50 [ 435.438645][T10084] ? rcu_lock_release+0x20/0x20 [ 435.443504][T10084] sock_diag_rcv_msg+0x164/0x3e0 [ 435.448442][T10084] netlink_rcv_skb+0x1f5/0x440 [ 435.453208][T10084] ? sock_diag_bind+0xa0/0xa0 [ 435.457889][T10084] ? netlink_ack+0xb50/0xb50 [ 435.462481][T10084] ? __lock_acquire+0x7d10/0x7d10 [ 435.467509][T10084] sock_diag_rcv+0x26/0x40 [ 435.471919][T10084] netlink_unicast+0x774/0x920 [ 435.476682][T10084] netlink_sendmsg+0x8ba/0xbe0 [ 435.481451][T10084] ? netlink_getsockopt+0x570/0x570 [ 435.486651][T10084] ? aa_sock_msg_perm+0x94/0x150 [ 435.491587][T10084] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 435.496877][T10084] ? security_socket_sendmsg+0x7c/0xa0 [ 435.502336][T10084] sock_write_iter+0x2a6/0x3a0 [ 435.507095][T10084] ? sock_read_iter+0x380/0x380 [ 435.511948][T10084] do_iter_readv_writev+0x47e/0x5f0 [ 435.517150][T10084] ? aa_path_link+0x880/0x880 [ 435.521836][T10084] ? generic_file_rw_checks+0x280/0x280 [ 435.527740][T10084] ? common_file_perm+0x171/0x1c0 [ 435.532770][T10084] ? fsnotify_perm+0x5d/0x560 [ 435.537449][T10084] ? security_file_permission+0x75/0xa0 [ 435.542996][T10084] do_iter_write+0x205/0x7b0 [ 435.547601][T10084] ? import_iovec+0x6f/0xa0 [ 435.552108][T10084] do_writev+0x281/0x480 [ 435.556357][T10084] ? do_readv+0x460/0x460 [ 435.560694][T10084] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 435.566682][T10084] ? lock_chain_count+0x20/0x20 [ 435.571535][T10084] ? vtime_user_exit+0x2c8/0x3e0 [ 435.576469][T10084] ? lockdep_hardirqs_on+0x94/0x140 [ 435.581668][T10084] do_syscall_64+0x4c/0xa0 [ 435.586082][T10084] ? clear_bhb_loop+0x30/0x80 [ 435.590773][T10084] ? clear_bhb_loop+0x30/0x80 [ 435.595445][T10084] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 435.601336][T10084] RIP: 0033:0x7fa557f93dd9 [ 435.605746][T10084] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 435.625351][T10084] RSP: 002b:00007fa5561ed028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 435.633768][T10084] RAX: ffffffffffffffda RBX: 00007fa55820cfa0 RCX: 00007fa557f93dd9 [ 435.641737][T10084] RDX: 0000000000000001 RSI: 0000200000000280 RDI: 0000000000000004 [ 435.649714][T10084] RBP: 00007fa558029d69 R08: 0000000000000000 R09: 0000000000000000 [ 435.657691][T10084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 435.665665][T10084] R13: 00007fa55820d038 R14: 00007fa55820cfa0 R15: 00007ffe2fb0c8a8 [ 435.673650][T10084] [ 436.057284][ T4302] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 436.093917][ T4302] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.155948][ T4302] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 436.184272][ T4302] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.268340][ T4302] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 436.282056][ T4302] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.365430][ T4302] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 436.376029][ T4302] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.584778][ T4302] tipc: Disabling bearer [ 436.590316][ T4302] tipc: Left network mode [ 437.172184][ T4302] device hsr_slave_0 left promiscuous mode [ 437.178836][ T4302] device hsr_slave_1 left promiscuous mode [ 437.186593][ T4302] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 437.194243][ T4302] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 437.202045][ T4302] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 437.211091][ T4302] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 437.218635][ T4302] device bridge_slave_1 left promiscuous mode [ 437.224820][ T4302] bridge0: port 2(bridge_slave_1) entered disabled state [ 437.232398][ T4302] device bridge_slave_0 left promiscuous mode [ 437.238775][ T4302] bridge0: port 1(bridge_slave_0) entered disabled state [ 437.247980][ T4302] device veth1_macvtap left promiscuous mode [ 437.255197][ T4302] device veth0_macvtap left promiscuous mode [ 437.261210][ T4302] device veth1_vlan left promiscuous mode [ 437.267054][ T4302] device veth0_vlan left promiscuous mode [ 437.355839][ T4302] team0 (unregistering): Port device team_slave_1 removed [ 437.367868][ T4302] team0 (unregistering): Port device team_slave_0 removed [ 437.378343][ T4302] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 437.389577][ T4302] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 437.424141][ T4302] bond0 (unregistering): Released all slaves [ 438.089473][ T4302] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 438.125019][ T4302] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 438.194511][ T4302] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 438.234413][ T4302] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 438.313609][ T4302] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.365742][ T4302] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.405563][ T4302] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.466438][ T4302] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.556196][ T4302] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 438.567271][ T4302] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.626549][ T4302] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 438.637620][ T4302] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.678346][ T4302] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 438.689136][ T4302] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.725946][ T4302] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 438.737196][ T4302] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.841994][ T4302] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 438.853558][ T4302] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.895718][ T4302] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 438.906595][ T4302] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.965952][ T4302] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 438.977137][ T4302] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.026509][ T4302] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 439.038233][ T4302] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.206966][ T4302] tipc: Left network mode [ 439.211820][ T4302] tipc: Left network mode [ 439.217731][ T4302] tipc: Disabling bearer [ 439.224706][ T4302] tipc: Disabling bearer [ 439.230646][ T4302] tipc: Left network mode [ 439.520876][ T4325] smc: removing ib device syz2 [ 440.280628][ T4302] bond0: (slave wlan1): Releasing backup interface [ 440.527167][ T4302] device hsr_slave_0 left promiscuous mode [ 440.533484][ T4302] device hsr_slave_1 left promiscuous mode [ 440.539538][ T4302] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 440.546983][ T4302] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 440.554587][ T4302] device bridge_slave_1 left promiscuous mode [ 440.560692][ T4302] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.568532][ T4302] device bridge_slave_0 left promiscuous mode [ 440.574996][ T4302] bridge0: port 1(bridge_slave_0) entered disabled state [ 440.584433][ T4302] device hsr_slave_0 left promiscuous mode [ 440.590457][ T4302] device hsr_slave_1 left promiscuous mode [ 440.596670][ T4302] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 440.604141][ T4302] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 440.611532][ T4302] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 440.619017][ T4302] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 440.626531][ T4302] device bridge_slave_1 left promiscuous mode [ 440.632709][ T4302] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.640257][ T4302] device bridge_slave_0 left promiscuous mode [ 440.646567][ T4302] bridge0: port 1(bridge_slave_0) entered disabled state [ 440.656756][ T4302] device hsr_slave_0 left promiscuous mode [ 440.663144][ T4302] device hsr_slave_1 left promiscuous mode [ 440.669256][ T4302] device bridge_slave_1 left promiscuous mode [ 440.675767][ T4302] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.683579][ T4302] device bridge_slave_0 left promiscuous mode [ 440.689684][ T4302] bridge0: port 1(bridge_slave_0) entered disabled state [ 440.699078][ T4302] device hsr_slave_0 left promiscuous mode [ 440.705239][ T4302] device hsr_slave_1 left promiscuous mode [ 440.711315][ T4302] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 440.718781][ T4302] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 440.726302][ T4302] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 440.733727][ T4302] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 440.741108][ T4302] device bridge_slave_1 left promiscuous mode [ 440.747271][ T4302] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.755589][ T4302] device bridge_slave_0 left promiscuous mode [ 440.761714][ T4302] bridge0: port 1(bridge_slave_0) entered disabled state [ 440.772207][ T4302] device veth1_macvtap left promiscuous mode [ 440.778250][ T4302] device veth0_macvtap left promiscuous mode [ 440.784289][ T4302] device veth1_vlan left promiscuous mode [ 440.790029][ T4302] device veth0_vlan left promiscuous mode [ 440.796365][ T4302] device veth1_macvtap left promiscuous mode [ 440.802343][ T4302] device veth0_macvtap left promiscuous mode [ 440.808370][ T4302] device veth1_vlan left promiscuous mode [ 440.814268][ T4302] device veth0_vlan left promiscuous mode [ 440.820362][ T4302] device veth1_macvtap left promiscuous mode [ 440.826448][ T4302] device veth0_macvtap left promiscuous mode [ 440.832456][ T4302] device veth1_vlan left promiscuous mode [ 440.838396][ T4302] device veth0_vlan left promiscuous mode [ 440.996016][ T4302] team0 (unregistering): Port device team_slave_1 removed [ 441.005580][ T4302] team0 (unregistering): Port device team_slave_0 removed [ 441.016692][ T4302] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 441.027883][ T4302] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 441.061916][ T4302] bond0 (unregistering): Released all slaves [ 441.134224][ T4302] team0 (unregistering): Port device team_slave_1 removed [ 441.144495][ T4302] team0 (unregistering): Port device team_slave_0 removed [ 441.156880][ T4302] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 441.167707][ T4302] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 441.201449][ T4302] bond0 (unregistering): Released all slaves [ 441.333082][ T4302] team0 (unregistering): Port device team_slave_1 removed [ 441.344338][ T4302] team0 (unregistering): Port device team_slave_0 removed [ 441.354184][ T4302] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 441.366553][ T4302] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 441.401280][ T4302] bond0 (unregistering): Released all slaves [ 441.501479][ T4302] team0 (unregistering): Port device team_slave_1 removed [ 441.510877][ T4302] team0 (unregistering): Port device team_slave_0 removed [ 441.520143][ T4302] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 441.530896][ T4302] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 441.560085][ T4302] bond0 (unregistering): (slave team0): Releasing backup interface [ 441.577469][ T4302] bond0 (unregistering): Released all slaves