last executing test programs: 14.859547651s ago: executing program 2 (id=630): bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x6, 0x4, 0xfff, 0x9, 0x0, 0xffffffffffffffff, 0x7}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="05"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x2000}, 0x50) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f00000021c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10) 14.529547625s ago: executing program 2 (id=632): syz_usb_connect(0x6, 0x3d, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socketpair$unix(0x1, 0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r1, &(0x7f0000000340), 0x0) 10.859013116s ago: executing program 2 (id=648): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000b00)={'syz1\x00', {0x10, 0x4, 0x5, 0x4}, 0xe, [0x1000, 0xa, 0x5, 0x5, 0x3, 0x9, 0xf1, 0x51, 0xc, 0x9, 0x80000000, 0x8, 0x3800, 0x8, 0xf4a9, 0x101, 0x10000, 0x6, 0xa, 0x1, 0x8, 0x8, 0x870, 0x3, 0x7, 0x0, 0x1, 0x1, 0x2, 0x18, 0x0, 0x8, 0x77, 0x401, 0x52, 0x1, 0xffffffff, 0x5, 0x7fff, 0x1241, 0x4, 0x3599f3ab, 0x4000000, 0x1, 0x52f, 0x201, 0x1, 0xfffffffe, 0x40, 0x416f, 0x18, 0x5, 0x8, 0xf, 0x953d, 0x80, 0x1, 0x7, 0x7, 0x3, 0x1, 0x7fffffff, 0x81, 0x1], [0x5, 0x0, 0x6, 0x410, 0x4, 0x9a40, 0x2, 0x5, 0x78, 0x2, 0x6, 0x4, 0x6, 0x81, 0x36a7, 0x4, 0x8000, 0x9, 0x1, 0xff, 0x4, 0x500, 0x9, 0x8, 0x200, 0x1ff, 0x8e, 0x40, 0x7, 0x6, 0xf7, 0x6, 0xfd5, 0x6, 0xc4e, 0x4, 0x1, 0x3, 0x9, 0x1, 0x2, 0x1, 0x200, 0x5, 0x5, 0x6a, 0x93, 0x7ff, 0x7ff, 0x7, 0x4, 0x10001, 0x8, 0x5, 0xfffffffb, 0xfffffff8, 0x9, 0x5, 0x8001, 0x80000001, 0x1, 0x40, 0x2, 0x1], [0x5, 0x6, 0x6, 0x401, 0xd1f, 0x4, 0x2, 0x8000, 0x7, 0x47c0, 0x96bd, 0x9, 0xffffffe1, 0x8, 0x10001, 0x6, 0x3, 0xd, 0x2, 0xd78ed347, 0x8, 0x2, 0xffffffff, 0x6c3, 0x57b6d056, 0x100, 0x80, 0xfffffffb, 0x1, 0x6f25, 0x5, 0x10001, 0x6, 0x0, 0x40, 0x1, 0x7ff, 0x8, 0x8, 0xd65e, 0x0, 0x1, 0x893c, 0xfffffffe, 0x4, 0x1511, 0x3c2, 0x2, 0x0, 0x4, 0xe, 0x7, 0x7, 0x17, 0x5e, 0x7, 0xa, 0x9, 0x4, 0x200, 0x7f, 0x9, 0x3, 0x2], [0x2, 0xd3f8, 0x6, 0xdd20, 0xffffffff, 0x9, 0x5, 0x6, 0xb, 0x5d, 0xfff, 0xfb, 0x3, 0x1, 0x9, 0xcb7b, 0xdfa, 0x1ff, 0x8b9, 0x1, 0x6, 0x2, 0x81, 0x1, 0x1, 0x4d58, 0x8, 0x9, 0x1, 0x31, 0x7, 0x6, 0x2, 0x2, 0x0, 0xfffffff9, 0x1, 0x8, 0xea5, 0x0, 0x5, 0x2, 0x0, 0x9, 0x6, 0xd, 0x9, 0x6, 0x5, 0x2, 0x0, 0xb, 0x0, 0x1, 0x40, 0x4, 0xfffffff8, 0x5, 0x9, 0xf2, 0x4, 0x4, 0xffff, 0x1]}, 0x45c) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000000c0)={@cgroup=r3, 0xd, 0x1, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffff"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x4d8, 0x340, 0x11, 0x148, 0x0, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x0, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x21, 0x0, [{}, {}, {0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x4}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0xf}]}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}, {0x0, 0x0, 0x3}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 8.990050794s ago: executing program 2 (id=659): openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x141042, 0x1) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180), 0x10044, &(0x7f0000000540)=ANY=[@ANYRESOCT=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 8.448245779s ago: executing program 2 (id=660): bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff85000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x50) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$vsock_stream(0x28, 0x1, 0x0) getpeername(r0, &(0x7f0000000100)=@xdp, &(0x7f0000000600)=0x80) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000200)=@raw={'raw\x00', 0x3c1, 0x3, 0x368, 0x0, 0x1170, 0x1170, 0x0, 0x1170, 0x298, 0x1398, 0x1398, 0x298, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @private2={0xfc, 0x2, '\x00', 0x1}, [0xffffffff, 0xff000000], [0x0, 0x0, 0x0, 0xffffff00], 'veth0_vlan\x00', 'veth0_to_hsr\x00', {}, {}, 0x2e, 0x0, 0x0, 0x46}, 0x0, 0x188, 0x1a8, 0x0, {}, [@common=@inet=@socket2={{0x28}, 0x1}, @common=@unspec=@conntrack1={{0xb8}, {{@ipv4=@loopback, [0x0, 0xff000000, 0xffffff00, 0xff], @ipv6=@private1, [0xffffff00, 0xff000000, 0xffffffff, 0xffffff00], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [0xffffff00, 0xffffff00], @ipv4=@local, [0xffffffff, 0xffffff00, 0x0, 0xffff00], 0x0, 0x8, 0x8, 0x4e22, 0x4e21, 0x4e23, 0x4e20, 0x100, 0x1240}, 0x81, 0x41}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c8) r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) munlockall() ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x840, &(0x7f0000000040)={[{@nouid32}, {@grpid}]}, 0x1, 0x4e5, &(0x7f0000000480)="$eJzs3M9rHGUfAPDvbDZp0h9v8vbt+6N9q65WMSgmbeqPHjxYUfAiCHpowUtM0lKbttJEsCVgFGmPUvAiHsSbgn+BJ72IelFQ8KJ3KRTpxeppZHZmkt3tbprfKdnPB3b2efZ5dp757jOzmXmeyQbQtWrZIonYHRG/RMRgnm2uUMufbt2cm/jz5txEEmn68u9Jvd4fN+cmyqrl+3YVmeH+iHgvKQuqC+vsi4hLl8+OT09PXSxeGp0998bozKXLj505N3566vTU+bFjxx4/euSpJ8eeWGOEP9eXg0Xu4P4XTl57ceLEtde+/fzqnjzuaIlj9SpNuVrUmj/LBg+tvbG7yp6GdFLdwg1hRXqKA7O3fvwPRk/DYToYz7+75Jv7N2EDgQ2Tpmm6o3PxfJqL/hTYfpIonqsRW70twGYq/9Bn17/lY5NOPe4KN47nF0BZ3LeKR15SXbia7225vl1PtYg4Mf/Xx9kjWsch+jaoUQCgq315PGK+SDef/1XiPw31/lHMoQxFxD8jYm9E/Csi9kXEvweiXve/EfG/FbZfa8n3xFzLqHLl+oqDWoHs/O/pYm6r+fyvOPvri6GeIrcnHypPTp2ZnjpZvH84emtZ/kiebZnuqc+ExVfP/fh+p/Ybz/+yR9b+h001KterLQN0k+Oz42sMe8GNdyIOVIv4extLkoWZgCyo/RFxoN0KnrlzG2ce+exgp7J28Zfnwne0DvNM6ScRD+f9Px9F/+en3YtdmSw9PznaH9NTh0ezveBw2za+++HKS53aX1P86yDr/51t9/8y/qF6aqacr53JXx1YQRtXfr06UV/f/O1ltbyh7NEh/vb7f1/ySj3d17DMNrbcrvKVt8ZnZy+OLb63zNefj+TxDx9qf/zvjcVP4v8Rke3E90TEvRFxX9F390fEAxFxaIn4v3n2wdcbsrdNr59IYln9n769RCOrlMU/mff/jvb9H0PN/d+aSNOIDkVFoufs1190aj+fIV9q/6/89GqRGi6el/H9V5ueulh+O3TcrsW9GQAAALa3SkTsjqQyspCuVEZG8pHLfbGzMn1hZvbRUxfePD+Z3ys/FL2VcqQrHw/uTcrxz6GG/FhL/mgxbvxBz0A9PzJxYXpyq4OHLrerw/Gf+a1nq7cO2HD+Xwu6l+MfupfjH7pXNT5a6v4lYJtaxj2FvQsLYLtp/NWqoTKxAfcaA3eh8vp/1xZvB7D5jP9B96q6voeuVW1Y3s5dgLBNzaSd/zf+joly4LBDUfMryWKd8kcaVtVoc6LSvqj8zlrDmled+LT4rcBNbXQZiXR9VxiVjkUDrZ98stWxLybS5VeurM8uut6Jct9eos73a2giLRKb/U0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwMf4OAAD//5T+t7Q=") readlinkat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000012c0)=""/168, 0xff8c) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r5, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000000180)={0x3c, r6, 0x1, 0xfffffffe, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x10, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}]}]}, 0x3c}}, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000a00)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000980)={&(0x7f00000000c0)={0x1c, r6, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_TX_USECS_LOW={0x8, 0x10, 0x3d0}]}, 0x1c}}, 0x40804) 7.569048652s ago: executing program 3 (id=666): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}, 0x1, 0x0, 0x0, 0x4008001}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}, 0x1, 0x0, 0x0, 0x880}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@delchain={0x24, 0x66, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x9, 0xffe0}, {0xc, 0xffff}, {0xffe0}}}, 0x24}}, 0x0) 7.218136764s ago: executing program 3 (id=668): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0) epoll_create1(0x0) io_setup(0x1, &(0x7f0000000b80)=0x0) io_submit(r1, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8, 0x8146000000000000}, 0x0, &(0x7f0000000240)={0x1f, 0x3, 0x8000, 0x800, 0x1000000002, 0x80, 0x0, 0x6}, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x82, 0x8) 6.08314069s ago: executing program 3 (id=675): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000200)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x8, 0x28, 0x68, 0x0, 0x0, 0x5, 0x0, @initdev={0xac, 0x1e, 0x2, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) setrlimit(0x7, &(0x7f0000000f80)={0x2, 0x2}) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) 5.291160593s ago: executing program 4 (id=676): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x8922, &(0x7f0000000500)={'veth1_macvtap\x00', @ifru_data=&(0x7f00000004c0)="9ffc845eb739801d7097e968a5339b4bb9cc81b7cb80a620d95a528fb11d8b3d"}) 5.079425887s ago: executing program 3 (id=678): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f00000000c0)={0x0, 0x5, "00f400", 0x9, 0xf8}) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, 0x0, &(0x7f0000000180)) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="9feb0100180000000000000034000000340000000c00000004000000010000840203000000000000030000000000000302000000000000010500000020000000000000000000000b02000000006100302e"], 0x0, 0x58}, 0x28) r5 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000240)={'tunl0\x00'}) r6 = socket$vsock_stream(0x28, 0x1, 0x0) r7 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) r8 = fsmount(r7, 0x0, 0x80) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={0xffffffffffffffff, r8, 0x16, 0x0, @void}, 0x10) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r6, 0x28, 0x1, 0x0, 0x0) fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0) write(r1, &(0x7f0000000040)="05000000010000", 0x7) 4.926471879s ago: executing program 0 (id=679): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}, 0x1, 0x0, 0x0, 0x880}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@delchain={0x24, 0x66, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x9, 0xffe0}, {0xc, 0xffff}, {0xffe0}}}, 0x24}}, 0x0) 4.769536382s ago: executing program 4 (id=680): creat(&(0x7f00000002c0)='./file0\x00', 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], 0x0, 0x200000000000000, 0x1}}, 0x40) 4.719014287s ago: executing program 0 (id=681): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000180)) mount$cgroup(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x800800, &(0x7f0000000440)={[{@xattr}, {@subsystem='memory'}, {@release_agent={'release_agent', 0x3d, './file0'}}, {@subsystem='cpu'}, {@release_agent={'release_agent', 0x3d, './file0'}}, {@noprefix}, {@subsystem='cpuacct'}, {@nofavordynmods}, {}], [{@fowner_gt}, {@measure}, {@subj_role}]}) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000340), 0x2) r4 = memfd_create(&(0x7f0000000540)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV', 0x2) ftruncate(r4, 0xffff) fcntl$addseals(r4, 0x409, 0x7) r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000000)={r4, 0x0, 0x0, 0x8000}) ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, &(0x7f0000000440)=0x2) ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x18, 0x1, 0xfffffffe, 0x100, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in=@empty, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x80, 0x3500, 0xa, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=@base={0x9, 0x17, 0xa, 0x40, 0x42, 0x1, 0x5}, 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x2000, r7}, 0x38) 4.142507271s ago: executing program 4 (id=683): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000006c0015000000d9fece23b82000000000", @ANYRES32=r0, @ANYBLOB="000080000000000018003480"], 0x38}, 0x1, 0x300}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB='8\x00\x00\x00m'], 0x38}, 0x1, 0x300}, 0x0) 3.432661243s ago: executing program 0 (id=685): unshare(0x24020400) r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x1a, 0x1000, @ipv4={'\x00', '\xff\xff', @remote}, 0xc}, 0x1c) 3.37361827s ago: executing program 1 (id=686): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000009c0)=ANY=[@ANYBLOB="8401000010000100feffffff00010000fe803f430d695fcef05c0000000000aa6401010100000000000000000000000000010700003a00"/64, @ANYRES32=0x0, @ANYBLOB="7f000001000000000000000000000000000004d46c000000ac14143f00000000000000000000000007000000000000007f000000000000000600000000000000ffff0000000000001c250800100000000200000000000000f8ffffffffffffff0000000000000000ffffffffffffffff0000000000000000ffffffffffffff7ffeffffffffffffff02000000fcffffff000000002abd700004350000020001002000000000000000480003006465666c617465000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004c0014"], 0x184}, 0x1, 0x0, 0x0, 0x4}, 0x0) 3.30272538s ago: executing program 4 (id=687): timer_create(0x7, &(0x7f00000002c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000b80)=0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$'], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x1000, 0x1) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x200000002000000) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x200000002000000) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 3.203328299s ago: executing program 1 (id=688): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000200)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x8, 0x28, 0x68, 0x0, 0x0, 0x5, 0x0, @initdev={0xac, 0x1e, 0x2, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) setrlimit(0x7, &(0x7f0000000f80)={0x2, 0x2}) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) 3.118685447s ago: executing program 0 (id=689): r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0xcdd1dff97325e36a, &(0x7f00000003c0)={[{@block_validity}, {@nodiscard}, {@sysvgroups}, {@barrier_val={'barrier', 0x3d, 0x71b3}}, {@grpjquota}, {@orlov}, {@bsdgroups}, {@noauto_da_alloc}, {@usrjquota_path={'usrjquota', 0x3d, './file0/file0'}}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x30, r2, 0x1, 0x0, 0x0, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='timerslack_ns\x00') setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f00000000c0), 0x12) preadv(r4, 0x0, 0x0, 0x611, 0x1) sync() signalfd4(r0, &(0x7f0000000000)={[0x4]}, 0x8, 0x400) 2.257698916s ago: executing program 4 (id=690): socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file2\x00', 0x8, &(0x7f0000000080)={[{@nodioread_nolock}, {@sb={'sb', 0x3d, 0x1}}]}, 0x4, 0x523, &(0x7f00000018c0)="$eJzs3cFvG1kZAPBvnLhJs+mmC3sABGxZFgqq6iTubrTqhfYCQlUlRMWJQxsSN4pi11Hsiib0kB65V6ISJ+A/4MYBqScO3LjBjUs5IBWoQA0SB6MZT1I3sZNAnbiJfz9pMvPeTP29F/e953mR5wUwtC5ExGZEnImIOxExlecn+RbX2lt63csXDxe2XjxcSKLVuvX3JDuf5kXHv0m9k7/meER8/zsRP0r2xm2sb6zMV6uVtTw93aytTjfWNy4vF/Kc8tzs3MynVz4p962uH9R+/fzbyzd+8NvffOnZHza/+ZO0WJM/PZed66xHP7WrXozJjrzRiLhxFMEGZDT//8PJk7a2z0TEh1n7n4qR7N0EAE6zVmsqWlOdaQDgtEvv/ycjKZTyuYDJKBRKpfYc3vsxUajWG81LU/X79xYjm8M6H8XC3eVqZSafKzwfxSRNz2bHr9Ll19KPK1ci4r2IeDx2NjtfWqhXFwf5wQcAhtg7u8b/f421x/9OxUEVDgA4OuODLgAAcOyM/wAwfIz/ADB8/ofx37cDAeCUcP8PAMPH+A8Aw+fA8f/R8ZQDADgW37t5M91aW+3nX28/qfvyYqWxUqrdXygt1NdWS0v1+lK1UlpotQ56vWq9vjr78U6ysb5xu1a/f695e7k2v1S5XfEsAQAYvPc+ePqndNDfvHo226JjLQdjNZxuhUEXABiYkUEXABgY3+eB4XWIe3zTAHDKdVmity2fIEh6XfDE4q9wUl38vPl/GFZvMv9v7gBOtv9v/v9bfS8HcPyM4TC8Wq3Emv8AMGTM8QM9//6f6/mIkCf9LwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcFJPZlhRK2Vrgm+nPQqkUcS4izkcxubtcrcxExLsR8cex4lianh10oQGAN1T4a5Kv/3Vx6qPJ3WfPJP8ey/YR8eOf3/rZg/lmc202zf/HTn7zSZp/trlWPjOICgAAna7tzcrG73K+77iRf/ni4cL2dpxFfH69vbhoGncr39pnRmM0249HMSIm/pnk6bb088pIH+JvPoqIz23XfzwedESYzOZA2iuf7o6fxj7X9/idv//d8Quv1beQnUv3xex38dnYVTjgQE+vt/vJvO2lTTxvf4W4kO27t//xrId6c2n/lzbXrT39X2Gn/xvZEz/J2vyFnfT+JXn+8e++uyezNdU+9yjiC6Pd4ic78ZPu/W/xo0PW8c9f/PKHvc61fhFxsWv9t1ekrmXd7HSztjrdWN+4vFybX6osVe6Vy3OzczOfXvmkPJ3NUbd//r5bjL9dvfRur/hp/Sd6xB/fv/7xtUPW/5f/ufPDr+wT/xtf7f7+v79P/HRM/Poh489PXOu5fHcaf7FH/Q94/+PSIeM/+8vG4iEvBQCOQWN9Y2W+Wq2sHXCQftY86BoHhz9I7+3fgmJkB7EZ0a8XzCYlIqLrNekn6rejykd1kAws+q/6/YKD7pmAo/aq0Q+6JAAAAAAAAAAAAAAAQC+N9Y2Vse7f1urbwaDrCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOn13wAAAP//KHnENg==") r0 = fspick(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffffff, 0x0, 0x23) bpf$MAP_CREATE(0x0, &(0x7f00000013c0)=ANY=[@ANYRESOCT=r0, @ANYRES32, @ANYBLOB="0000faf2e3ca4adf8ac05800080000000000ce2e20e9d89a8e0585297431b4fe7c9ed60f6bf93b3fa1878739f599dfb2f7affb00"/61, @ANYRESDEC, @ANYRESHEX=0x0], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) r5 = fsmount(r4, 0x0, 0x80) openat$cgroup_procs(r5, &(0x7f00000002c0)='cgroup.procs\x00', 0x2, 0x0) timer_gettime(0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001080)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) lsetxattr$system_posix_acl(&(0x7f0000000140)='./file0\x00', &(0x7f0000003380)='system.posix_acl_access\x00', &(0x7f0000000280)=ANY=[@ANYBLOB="020000f8b97000010003000000000004000100000000001000050000000000200002000000"], 0x24, 0x0) lchown(&(0x7f0000000040)='./file0\x00', 0xffffffffffffffff, 0x0) 2.19951418s ago: executing program 1 (id=691): r0 = epoll_create(0xeed) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff7000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000ff1000/0xc000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x51) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x1, 0x800000c1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) r2 = openat$random(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f00000000c0)={0x20000003}) 2.087354289s ago: executing program 0 (id=692): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2040000, 0x0) 1.972677132s ago: executing program 1 (id=693): capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000001380)='ns/cgroup\x00') open_by_handle_at(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="20000000f10000000a"], 0x0) 1.850568355s ago: executing program 0 (id=694): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f00000001c0)={0x10, 0x0, 0x25dfdbfd, 0x2ffffffff}, 0x5b) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000)=0xa93f, 0x4) r2 = getpid() r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r4, 0x1, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r2}}]}, 0x3c}, 0x1, 0x600, 0x0, 0x4040010}, 0x30) getpid() setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0x5, &(0x7f0000000040)=0x1000, 0x4) ptrace$ARCH_SHSTK_LOCK(0x1e, r2, 0x2, 0x5003) 1.601188412s ago: executing program 1 (id=695): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000180)) mount$cgroup(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x800800, &(0x7f0000000440)={[{@xattr}, {@subsystem='memory'}, {@release_agent={'release_agent', 0x3d, './file0'}}, {@subsystem='cpu'}, {@release_agent={'release_agent', 0x3d, './file0'}}, {@noprefix}, {@subsystem='cpuacct'}, {@nofavordynmods}, {}], [{@fowner_gt}, {@measure}, {@subj_role}]}) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000340), 0x2) r4 = memfd_create(&(0x7f0000000540)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV', 0x2) ftruncate(r4, 0xffff) fcntl$addseals(r4, 0x409, 0x7) r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000000)={r4, 0x0, 0x0, 0x8000}) ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, &(0x7f0000000440)=0x2) ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x18, 0x1, 0xfffffffe, 0x100, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in=@empty, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x80, 0x3500, 0xa, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=@base={0x9, 0x17, 0xa, 0x40, 0x42, 0x1, 0x5}, 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x2000, r7}, 0x38) 1.090037551s ago: executing program 3 (id=696): openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x141042, 0x1) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180), 0x10044, &(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRESOCT=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 826.248661ms ago: executing program 4 (id=697): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000200)={[{@nouid32}, {@nogrpid}, {@bh}]}, 0x1, 0x51d, &(0x7f0000001480)="$eJzs3c9vHFcdAPDvTLK2k7h1WnoABG1oCwFFWceb1qp6gHJCCFVC9AhSauyNZXnXa3nXpTaRcM9ckajECY78AZx74s4FwY1LOSDxwwLVSBwGzezY2di79uaHvZb385FG89688X7fizPvzbxd7wtgbN2IiJ2ImIiI9yNipjyelFu8093y8z7bfbC4t/tgMYkse++fSVGeH4uen8ldK19zKiJ+8J2IHydH47a3tlcXGo36Rpmf7TTXZ9tb27dXmgvL9eX6Wq02Pzd/5627b9YeozVTx5a+0pwoU1/+9A873/hpXq3p8khvO56lbtMrB3FylyPie6cRbAQule2ZGHVFeCJpRLwYEa8W1/9MXCp+mwDARZZlM5HN9OYBgIsuLebAkrRazgVMR5pWq905vJfiatpotTu37rc215a6c2XXo5LeX2nU75RzhdejkuT5uSL9MF87lL8bES9ExC8mrxT56mKrsTTKGx8AGGPXDo3//5nsjv8AwAV3/MdmAICLyPgPAOPH+A8A48f4DwDjpzv+X3ncH8uy7GenUR0A4Ax4/geA8WP8B4Cx8v133823bK/8/uulD7Y2V1sf3F6qt1erzc3F6mJrY7263GotF9/Z0zzp9Rqt1vrcG7H54fVvrrc7s+2t7XvN1uZa517xvd736pXirJ0zaBkAMMgLr3zy5yQfkd++UmzRs5ZDZaQ1A05bOuoKACNzadQVAEbGal8wvh4+4z/2hwBMD8AF0WeJ3kdM9fsDoSzLstOrEnDKbn7B/D+Mq575f58ChjFz0vx/sTawNwnhQjL/D+Mry5Jh1/yPYU8EAM63Y+b4r5/lfQgwOgPe/3+x3P+2fHPgR0uHz/j4NGsFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA59v++r/Vcpnf6UjTajXiuWIBoEpyf6VRvxMRz0fEnyYrk3l+bsR1BgCeVvq3pFz/6+bM69OPFL187SA5ERE/+dV7v/xwodPZ+GPERPKvyf3jnY/L47UTg02dRgsAgOPtj9PFvudB/rPdB4v721nW5+/f7t4V5HH3didi7yD+5bhc7KeiEhFX/52U+a6kZ+7iaex8FBGf79f+JKaLOZDuLcvh+Hns5840fvpI/LRcoDkt/y0+9wzqAuPmk7z/eaff9ZfGjWLf//qfKnqop1f2f/lLLe4VfeDD+Pv936UB/d+NYWO88fvvdlNXjpZ9FPHFyxH7sfd6+p/9+MmA+K8PGf8vX3r51UFl2a8jbkb/+L2xZjvN9dn21vbtlebCcn25vlarzc/N33nr7pu12WKOenbwaPCPt289P6gsb//VAfGnTmj/V4ds/2/+9/4Pv3JM/K+/1i9+Gi8dEz8fE782ZPyFq78b+Nydx1862v5kmN//rSHjf/rX7SPLhgMAo9Pe2l5daDTqGxIS5z+R/5c9B9Xom/jWWcWaiP5FP3+te00fKsqyJ4o1qMd4FrNuwHlwcNFHxH9HXRkAAAAAAAAAAAAAAKCvs/iLpVG3EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIvr/wEAAP//Rb3T2A==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148) pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc) r1 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x50) sendfile(r1, r1, 0x0, 0x800000009) 644.295187ms ago: executing program 3 (id=698): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000009c0)=ANY=[@ANYBLOB="8401000010000100feffffff00010000fe803f430d695fcef05c0000000000aa6401010100000000000000000000000000010700003a00"/64, @ANYRES32=0x0, @ANYBLOB="7f000001000000000000000000000000000004d46c000000ac14143f00000000000000000000000007000000000000007f000000000000000600000000000000ffff0000000000001c250800100000000200000000000000f8ffffffffffffff0000000000000000ffffffffffffffff0000000000000000ffffffffffffff7ffeffffffffffffff02000000fcffffff000000002abd700004350000020001002000000000000000480003006465666c617465000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004c0014"], 0x184}, 0x1, 0x0, 0x0, 0x4}, 0x0) 697.326µs ago: executing program 1 (id=699): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000500)={0x2, 0x1, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f0000000b40)={0x54, 0x1, 0x1, {0x0, 0x1}, {0x60, 0x2}, @period={0x59, 0x0, 0x8, 0x2, 0x448, {0x2, 0x8, 0x679c, 0x401}, 0x0, 0x0}}) write$char_usb(r1, &(0x7f0000000040)="e2", 0x2250) 0s ago: executing program 2 (id=700): timer_create(0x7, &(0x7f00000002c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000b80)=0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$'], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x1000, 0x1) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x200000002000000) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x200000002000000) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.183' (ED25519) to the list of known hosts. [ 83.888478][ T5821] cgroup: Unknown subsys name 'net' [ 83.996854][ T5821] cgroup: Unknown subsys name 'cpuset' [ 84.006059][ T5821] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 85.617475][ T5821] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.803872][ T5837] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.812257][ T5837] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.820014][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.828253][ T5837] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.836198][ T5837] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.919175][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.928870][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.936718][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.952955][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.963452][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.981212][ T5843] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.989989][ T5843] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.997756][ T5843] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.009613][ T5843] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.021470][ T5843] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.061593][ T5843] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.071139][ T5843] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.085292][ T5843] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.109985][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.119358][ T5843] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.137281][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 88.152525][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 88.160912][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 88.169187][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.177936][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.805626][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 88.909966][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 88.949821][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 89.022030][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 89.056813][ T5848] chnl_net:caif_netlink_parms(): no params data found [ 89.114954][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.122317][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.130027][ T5839] bridge_slave_0: entered allmulticast mode [ 89.137727][ T5839] bridge_slave_0: entered promiscuous mode [ 89.180028][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.187448][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.194797][ T5839] bridge_slave_1: entered allmulticast mode [ 89.202458][ T5839] bridge_slave_1: entered promiscuous mode [ 89.322413][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.329867][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.337327][ T5834] bridge_slave_0: entered allmulticast mode [ 89.345047][ T5834] bridge_slave_0: entered promiscuous mode [ 89.373770][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.401636][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.408933][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.416262][ T5834] bridge_slave_1: entered allmulticast mode [ 89.424179][ T5834] bridge_slave_1: entered promiscuous mode [ 89.456842][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.489995][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.497360][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.504958][ T5842] bridge_slave_0: entered allmulticast mode [ 89.512396][ T5842] bridge_slave_0: entered promiscuous mode [ 89.544911][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.552109][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.559650][ T5845] bridge_slave_0: entered allmulticast mode [ 89.567242][ T5845] bridge_slave_0: entered promiscuous mode [ 89.586387][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.593839][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.601012][ T5842] bridge_slave_1: entered allmulticast mode [ 89.608895][ T5842] bridge_slave_1: entered promiscuous mode [ 89.616307][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.623963][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.631169][ T5848] bridge_slave_0: entered allmulticast mode [ 89.638774][ T5848] bridge_slave_0: entered promiscuous mode [ 89.659163][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.666455][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.674117][ T5845] bridge_slave_1: entered allmulticast mode [ 89.681513][ T5845] bridge_slave_1: entered promiscuous mode [ 89.708103][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.733574][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.740776][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.749175][ T5848] bridge_slave_1: entered allmulticast mode [ 89.756655][ T5848] bridge_slave_1: entered promiscuous mode [ 89.765699][ T5839] team0: Port device team_slave_0 added [ 89.784802][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.818379][ T5839] team0: Port device team_slave_1 added [ 89.827168][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.851902][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.887940][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.897761][ T51] Bluetooth: hci0: command tx timeout [ 89.918942][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.931413][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.965576][ T5834] team0: Port device team_slave_0 added [ 89.989697][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.011521][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.018724][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.045257][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.046105][ T51] Bluetooth: hci2: command tx timeout [ 90.056255][ T5843] Bluetooth: hci1: command tx timeout [ 90.080920][ T5834] team0: Port device team_slave_1 added [ 90.111963][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.119116][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.146056][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.159306][ T5845] team0: Port device team_slave_0 added [ 90.178688][ T5842] team0: Port device team_slave_0 added [ 90.186634][ T5848] team0: Port device team_slave_0 added [ 90.202856][ T5843] Bluetooth: hci4: command tx timeout [ 90.202957][ T51] Bluetooth: hci3: command tx timeout [ 90.215834][ T5848] team0: Port device team_slave_1 added [ 90.224138][ T5845] team0: Port device team_slave_1 added [ 90.258939][ T5842] team0: Port device team_slave_1 added [ 90.300240][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.307397][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.333794][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.380585][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.387963][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.414129][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.425989][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.433213][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.459575][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.471746][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.479063][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.505264][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.529128][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.536247][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.562431][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.574551][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.581524][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.608030][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.627422][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.635092][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.661169][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.678111][ T5839] hsr_slave_0: entered promiscuous mode [ 90.685730][ T5839] hsr_slave_1: entered promiscuous mode [ 90.693220][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.700203][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.726275][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.858542][ T5848] hsr_slave_0: entered promiscuous mode [ 90.865586][ T5848] hsr_slave_1: entered promiscuous mode [ 90.871812][ T5848] debugfs: 'hsr0' already exists in 'hsr' [ 90.877746][ T5848] Cannot create hsr debugfs directory [ 90.908578][ T5834] hsr_slave_0: entered promiscuous mode [ 90.915127][ T5834] hsr_slave_1: entered promiscuous mode [ 90.921621][ T5834] debugfs: 'hsr0' already exists in 'hsr' [ 90.927546][ T5834] Cannot create hsr debugfs directory [ 90.997731][ T5842] hsr_slave_0: entered promiscuous mode [ 91.008240][ T5842] hsr_slave_1: entered promiscuous mode [ 91.014971][ T5842] debugfs: 'hsr0' already exists in 'hsr' [ 91.020760][ T5842] Cannot create hsr debugfs directory [ 91.035499][ T5845] hsr_slave_0: entered promiscuous mode [ 91.042476][ T5845] hsr_slave_1: entered promiscuous mode [ 91.048982][ T5845] debugfs: 'hsr0' already exists in 'hsr' [ 91.054815][ T5845] Cannot create hsr debugfs directory [ 91.693641][ T5839] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 91.710738][ T5839] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 91.742129][ T5839] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 91.752228][ T5839] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 91.805158][ T29] cfg80211: failed to load regulatory.db [ 91.857667][ T5848] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 91.901090][ T5848] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 91.940838][ T5848] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 91.971879][ T5848] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 91.975391][ T51] Bluetooth: hci0: command tx timeout [ 92.034279][ T5842] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.045828][ T5842] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.059096][ T5842] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.104735][ T5842] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.122901][ T51] Bluetooth: hci2: command tx timeout [ 92.124369][ T5843] Bluetooth: hci1: command tx timeout [ 92.237296][ T5845] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.266468][ T5845] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.277524][ T5845] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.284783][ T5843] Bluetooth: hci4: command tx timeout [ 92.294984][ T5843] Bluetooth: hci3: command tx timeout [ 92.301606][ T5845] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.400830][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.511475][ T5834] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 92.537034][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.544557][ T5834] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 92.556117][ T5834] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 92.570227][ T5834] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 92.606845][ T77] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.614160][ T77] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.647032][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.654296][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.720074][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.758065][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.809698][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.833969][ T5848] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.854627][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.878421][ T3043] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.885607][ T3043] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.905090][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.912292][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.930814][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.941720][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.948909][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.977134][ T3043] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.984315][ T3043] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.011463][ T3043] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.018714][ T3043] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.076162][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.083403][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.166186][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.282054][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.367254][ T77] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.374479][ T77] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.455529][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.471882][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.479143][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.722526][ T5839] veth0_vlan: entered promiscuous mode [ 93.763281][ T5839] veth1_vlan: entered promiscuous mode [ 93.843967][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.892459][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.936622][ T5839] veth0_macvtap: entered promiscuous mode [ 93.975283][ T5839] veth1_macvtap: entered promiscuous mode [ 94.045393][ T5843] Bluetooth: hci0: command tx timeout [ 94.052288][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.109689][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.140507][ T5848] veth0_vlan: entered promiscuous mode [ 94.151957][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.175327][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.196816][ T5842] veth0_vlan: entered promiscuous mode [ 94.203663][ T5843] Bluetooth: hci2: command tx timeout [ 94.212492][ T979] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.215129][ T5843] Bluetooth: hci1: command tx timeout [ 94.261544][ T5842] veth1_vlan: entered promiscuous mode [ 94.270388][ T979] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.287503][ T979] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.300039][ T5848] veth1_vlan: entered promiscuous mode [ 94.326714][ T979] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.364791][ T5843] Bluetooth: hci3: command tx timeout [ 94.365649][ T51] Bluetooth: hci4: command tx timeout [ 94.420009][ T5845] veth0_vlan: entered promiscuous mode [ 94.517496][ T5842] veth0_macvtap: entered promiscuous mode [ 94.536521][ T5845] veth1_vlan: entered promiscuous mode [ 94.591206][ T5842] veth1_macvtap: entered promiscuous mode [ 94.609953][ T5848] veth0_macvtap: entered promiscuous mode [ 94.630237][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.638672][ T5848] veth1_macvtap: entered promiscuous mode [ 94.646073][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.709444][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.744749][ T5845] veth0_macvtap: entered promiscuous mode [ 94.759892][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.779428][ T979] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.787478][ T5845] veth1_macvtap: entered promiscuous mode [ 94.793355][ T979] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.807624][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.815569][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.837305][ T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.847554][ T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.871267][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.881604][ T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.925105][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.941494][ T5839] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 94.974968][ T3043] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.986039][ T3043] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.012310][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.023733][ T3043] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.105241][ T3043] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.106514][ T5950] netlink: 496 bytes leftover after parsing attributes in process `syz.3.4'. [ 95.116590][ T3043] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.141836][ T5834] veth0_vlan: entered promiscuous mode [ 95.155826][ T3043] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.174309][ T3043] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.209225][ T3043] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.311788][ T5834] veth1_vlan: entered promiscuous mode [ 95.417030][ T979] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.429268][ T979] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.461508][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.473280][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.527626][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.537359][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.565430][ T5834] veth0_macvtap: entered promiscuous mode [ 95.606387][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.615776][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.634297][ T5834] veth1_macvtap: entered promiscuous mode [ 95.741640][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.758373][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.767133][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.805340][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.891143][ T36] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.904320][ T3030] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.923202][ T3030] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.931176][ T36] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.997737][ T5961] loop1: detected capacity change from 0 to 512 [ 96.008710][ T36] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.024080][ T5961] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 96.038938][ T36] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.055154][ T5961] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 96.100889][ T5961] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 96.117418][ T5961] EXT4-fs (loop1): 1 truncate cleaned up [ 96.123656][ T51] Bluetooth: hci0: command tx timeout [ 96.172794][ T5961] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.283746][ T51] Bluetooth: hci1: command tx timeout [ 96.284945][ T5843] Bluetooth: hci2: command tx timeout [ 96.327861][ T5961] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 96.446912][ T5843] Bluetooth: hci4: command tx timeout [ 96.446924][ T51] Bluetooth: hci3: command tx timeout [ 96.486211][ T5848] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.512477][ T3043] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.557734][ T3043] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.638469][ T5974] loop0: detected capacity change from 0 to 1024 [ 96.646001][ T5974] EXT4-fs: Ignoring removed orlov option [ 96.687294][ T5979] loop3: detected capacity change from 0 to 128 [ 96.687915][ T5974] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.947429][ T3043] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.997807][ T3043] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.382787][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.493620][ T5991] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 97.593220][ T5968] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 97.703583][ T5997] loop4: detected capacity change from 0 to 1024 [ 97.768762][ T5997] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.781215][ T5968] usb 3-1: Using ep0 maxpacket: 16 [ 97.824181][ T5968] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 97.840724][ T5968] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 97.865786][ T5968] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 97.877796][ T5968] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.887254][ T5968] usb 3-1: Product: syz [ 97.891552][ T5968] usb 3-1: Manufacturer: syz [ 97.896432][ T5968] usb 3-1: SerialNumber: syz [ 97.911915][ T5968] usb 3-1: config 0 descriptor?? [ 98.020361][ T5834] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.156391][ T5968] usb 3-1: USB disconnect, device number 2 [ 98.251906][ T6009] netlink: 148 bytes leftover after parsing attributes in process `syz.4.23'. [ 98.352587][ T6011] netlink: 32 bytes leftover after parsing attributes in process `syz.3.25'. [ 98.580566][ T6018] netlink: 16 bytes leftover after parsing attributes in process `syz.4.27'. [ 99.293891][ T6042] loop0: detected capacity change from 0 to 128 [ 99.346185][ T6042] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 99.376855][ T6042] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.407957][ T6049] netlink: 148 bytes leftover after parsing attributes in process `syz.2.37'. [ 99.473251][ T6052] netlink: 32 bytes leftover after parsing attributes in process `syz.2.38'. [ 99.706049][ T6057] loop4: detected capacity change from 0 to 512 [ 99.744066][ T6057] EXT4-fs (loop4): 1 truncate cleaned up [ 99.752845][ T5842] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 99.786228][ T6057] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 99.938403][ T6057] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.40: bg 0: block 465: padding at end of block bitmap is not set [ 99.956096][ T30] audit: type=1800 audit(1769524080.362:2): pid=6057 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.40" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 100.129668][ T5834] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.451377][ T6080] netlink: 36 bytes leftover after parsing attributes in process `syz.2.46'. [ 100.753005][ T6089] ======================================================= [ 100.753005][ T6089] WARNING: The mand mount option has been deprecated and [ 100.753005][ T6089] and is ignored by this kernel. Remove the mand [ 100.753005][ T6089] option from the mount to silence this warning. [ 100.753005][ T6089] ======================================================= [ 101.581972][ T6092] netlink: 32 bytes leftover after parsing attributes in process `syz.2.49'. [ 101.812227][ T6096] loop0: detected capacity change from 0 to 8192 [ 102.112152][ T6118] netlink: 8 bytes leftover after parsing attributes in process `syz.3.59'. [ 102.121184][ T6118] netlink: 12 bytes leftover after parsing attributes in process `syz.3.59'. [ 102.133357][ T6117] loop4: detected capacity change from 0 to 128 [ 102.150732][ T6117] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 102.169562][ T6120] loop2: detected capacity change from 0 to 512 [ 102.186458][ T5842] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1) [ 102.221178][ T6117] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 102.232287][ T5842] FAT-fs (loop0): Filesystem has been set read-only [ 102.263700][ T6120] EXT4-fs: Ignoring removed mblk_io_submit option [ 102.364940][ T6120] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 102.502323][ T6120] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e028, mo2=0002] [ 102.586837][ T6120] EXT4-fs (loop2): orphan cleanup on readonly fs [ 102.608236][ T6120] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.57: bg 0: block 361: padding at end of block bitmap is not set [ 102.646408][ T6120] loop2: lost filesystem error report for type 5 error -117 [ 102.652723][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 102.666911][ C0] EXT4-fs (loop2): initial error at time 1769524083: ext4_validate_block_bitmap:441 [ 102.676365][ C0] EXT4-fs (loop2): last error at time 1769524083: ext4_validate_block_bitmap:441 [ 102.690315][ T6120] EXT4-fs (loop2): Remounting filesystem read-only [ 102.723555][ T6120] EXT4-fs (loop2): 1 truncate cleaned up [ 102.731195][ T6120] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 102.960138][ T6137] loop0: detected capacity change from 0 to 1024 [ 103.655660][ T6137] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.762585][ T30] audit: type=1800 audit(1769524084.192:3): pid=6137 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.63" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 103.801234][ T5845] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 103.822737][ T10] IPVS: starting estimator thread 0... [ 103.913290][ T6147] IPVS: using max 25 ests per chain, 60000 per kthread [ 103.942251][ T6149] netlink: 32 bytes leftover after parsing attributes in process `syz.3.65'. [ 104.014710][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.299201][ T6159] sg_write: data in/out 65536/120 bytes for SCSI command 0x0-- guessing data in; [ 104.299201][ T6159] program syz.0.68 not setting count and/or reply_len properly [ 104.384518][ T6168] netlink: 8 bytes leftover after parsing attributes in process `syz.1.71'. [ 104.410631][ T6168] netlink: 12 bytes leftover after parsing attributes in process `syz.1.71'. [ 105.246317][ T6191] netlink: 32 bytes leftover after parsing attributes in process `syz.2.79'. [ 105.293317][ T6192] loop0: detected capacity change from 0 to 512 [ 105.323720][ T6192] EXT4-fs: Ignoring removed mblk_io_submit option [ 105.372713][ T6192] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 105.425988][ T6192] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e028, mo2=0002] [ 105.434424][ T6192] EXT4-fs (loop0): orphan cleanup on readonly fs [ 105.441313][ T6192] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.76: bg 0: block 361: padding at end of block bitmap is not set [ 105.458586][ T6192] loop0: lost filesystem error report for type 5 error -117 [ 105.459314][ T6192] EXT4-fs (loop0): Remounting filesystem read-only [ 105.466802][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 105.466837][ C1] EXT4-fs (loop0): initial error at time 1769524085: ext4_validate_block_bitmap:441 [ 105.466867][ C1] EXT4-fs (loop0): last error at time 1769524085: ext4_validate_block_bitmap:441 [ 105.508574][ T6192] EXT4-fs (loop0): 1 truncate cleaned up [ 105.516960][ T6192] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 105.639743][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 105.857247][ T6214] Illegal XDP return value 4294967274 on prog (id 7) dev syz_tun, expect packet loss! [ 105.908847][ T6216] syz.2.88 uses obsolete (PF_INET,SOCK_PACKET) [ 105.999312][ T6219] loop3: detected capacity change from 0 to 1024 [ 106.080490][ T6219] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.161851][ T6219] overlayfs: missing 'lowerdir' [ 106.445238][ T6234] netlink: 64 bytes leftover after parsing attributes in process `syz.1.92'. [ 107.333810][ T5839] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.367351][ T6250] loop0: detected capacity change from 0 to 1024 [ 107.470821][ T6250] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.634156][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.664405][ T6264] loop3: detected capacity change from 0 to 1024 [ 108.240243][ T6282] netlink: 64 bytes leftover after parsing attributes in process `syz.4.106'. [ 109.160886][ T6296] loop2: detected capacity change from 0 to 1024 [ 109.251507][ T6296] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 109.508475][ T5845] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.109533][ T6324] netlink: 64 bytes leftover after parsing attributes in process `syz.3.121'. [ 110.926279][ T30] audit: type=1326 audit(1769524091.362:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.3.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa5b19aeb9 code=0x7fc00000 [ 110.987885][ T30] audit: type=1326 audit(1769524091.362:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.3.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faa5b19aeb9 code=0x7fc00000 [ 111.097780][ T30] audit: type=1326 audit(1769524091.362:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.3.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa5b19aeb9 code=0x7fc00000 [ 111.172984][ T30] audit: type=1326 audit(1769524091.362:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.3.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa5b19aeb9 code=0x7fc00000 [ 111.214276][ T6336] capability: warning: `syz.4.125' uses 32-bit capabilities (legacy support in use) [ 111.234217][ T30] audit: type=1326 audit(1769524091.362:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.3.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa5b19aeb9 code=0x7fc00000 [ 111.272804][ T6336] program syz.4.125 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 111.322976][ T30] audit: type=1326 audit(1769524091.362:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.3.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa5b19aeb9 code=0x7fc00000 [ 111.387946][ T30] audit: type=1326 audit(1769524091.362:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.3.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa5b19aeb9 code=0x7fc00000 [ 111.439828][ T6340] batman_adv: batadv0: Adding interface: dummy0 [ 111.462502][ T30] audit: type=1326 audit(1769524091.362:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.3.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa5b19aeb9 code=0x7fc00000 [ 111.504518][ T6340] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 111.564931][ T30] audit: type=1326 audit(1769524091.362:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.3.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7faa5b19aeb9 code=0x7fc00000 [ 111.602963][ T6340] batman_adv: batadv0: Interface activated: dummy0 [ 111.631882][ T6338] batadv0: mtu less than device minimum [ 111.642447][ T30] audit: type=1326 audit(1769524091.362:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.3.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa5b19aeb9 code=0x7fc00000 [ 111.677071][ T6338] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 111.689195][ T6338] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 111.701147][ T6338] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 111.713049][ T6338] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 111.724943][ T6338] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 111.736778][ T6338] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 111.748750][ T6338] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 111.760581][ T6338] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 111.772563][ T6338] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 112.065890][ T6352] netlink: 96 bytes leftover after parsing attributes in process `syz.4.128'. [ 112.156562][ T6358] netlink: 96 bytes leftover after parsing attributes in process `syz.4.128'. [ 112.486774][ T6365] netlink: 40 bytes leftover after parsing attributes in process `syz.1.134'. [ 112.573496][ T6365] netlink: 40 bytes leftover after parsing attributes in process `syz.1.134'. [ 113.304469][ T9] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 113.328440][ T6380] netlink: 'syz.2.139': attribute type 29 has an invalid length. [ 113.476422][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 113.512674][ T9] usb 4-1: New USB device found, idVendor=056a, idProduct=033b, bcdDevice= 0.00 [ 113.547642][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.581541][ T9] usb 4-1: config 0 descriptor?? [ 113.778437][ T6396] loop0: detected capacity change from 0 to 512 [ 113.882559][ T6396] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.922998][ T6396] ext4 filesystem being mounted at /26/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 113.997079][ T6407] netlink: 96 bytes leftover after parsing attributes in process `syz.2.148'. [ 114.013963][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.076398][ T6410] netlink: 96 bytes leftover after parsing attributes in process `syz.2.148'. [ 114.176213][ T6412] loop0: detected capacity change from 0 to 512 [ 114.201826][ T6412] EXT4-fs: Ignoring removed mblk_io_submit option [ 114.231625][ T6412] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 114.235797][ T6415] netlink: 'syz.1.151': attribute type 29 has an invalid length. [ 114.255835][ T6416] Zero length message leads to an empty skb [ 114.265007][ T6412] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e028, mo2=0002] [ 114.274542][ T6412] EXT4-fs (loop0): orphan cleanup on readonly fs [ 114.281636][ T6412] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.149: bg 0: block 361: padding at end of block bitmap is not set [ 114.300795][ T6412] loop0: lost filesystem error report for type 5 error -117 [ 114.302051][ T6412] EXT4-fs (loop0): Remounting filesystem read-only [ 114.309443][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 114.309462][ C0] EXT4-fs (loop0): initial error at time 1769524094: ext4_validate_block_bitmap:441 [ 114.309487][ C0] EXT4-fs (loop0): last error at time 1769524094: ext4_validate_block_bitmap:441 [ 114.346796][ T6412] EXT4-fs (loop0): 1 truncate cleaned up [ 114.354954][ T6412] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 114.444402][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 114.769683][ T6431] loop1: detected capacity change from 0 to 512 [ 114.835977][ T6431] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 114.888445][ T6431] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 115.007942][ T5848] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.407284][ T6448] xt_CT: You must specify a L4 protocol and not use inversions on it [ 115.430757][ T6448] hub 6-0:1.0: USB hub found [ 115.436502][ T6448] hub 6-0:1.0: 1 port detected [ 115.451866][ T6448] loop0: detected capacity change from 0 to 512 [ 115.460378][ T9] usbhid 4-1:0.0: can't add hid device: -71 [ 115.503796][ T6448] EXT4-fs (loop0): Invalid default hash set in the superblock [ 115.517782][ T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 115.545039][ T6451] netlink: 'syz.1.164': attribute type 29 has an invalid length. [ 115.573993][ T9] usb 4-1: USB disconnect, device number 2 [ 115.956323][ T6457] netlink: 32 bytes leftover after parsing attributes in process `syz.2.168'. [ 116.368739][ T6462] sctp: [Deprecated]: syz.2.170 (pid 6462) Use of struct sctp_assoc_value in delayed_ack socket option. [ 116.368739][ T6462] Use struct sctp_sack_info instead [ 116.435605][ T6464] netlink: 96 bytes leftover after parsing attributes in process `syz.4.172'. [ 116.544470][ T6470] netlink: 96 bytes leftover after parsing attributes in process `syz.4.172'. [ 116.675412][ T6472] loop1: detected capacity change from 0 to 512 [ 116.786482][ T6472] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.832802][ T6472] ext4 filesystem being mounted at /35/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 118.211888][ T5848] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.443280][ T10] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 118.501618][ T6490] netlink: 8 bytes leftover after parsing attributes in process `syz.3.180'. [ 118.615389][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 118.635898][ T10] usb 1-1: New USB device found, idVendor=056a, idProduct=033b, bcdDevice= 0.00 [ 118.656834][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.682512][ T10] usb 1-1: config 0 descriptor?? [ 118.800299][ T6503] loop3: detected capacity change from 0 to 1024 [ 118.808168][ T6503] EXT4-fs: Ignoring removed orlov option [ 118.861518][ T6503] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.950011][ T5839] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.129335][ T6510] loop1: detected capacity change from 0 to 8192 [ 119.257561][ T6510] loop1: p1 < > p3 < > p4 [ 119.277127][ T6510] loop1: partition table partially beyond EOD, truncated [ 119.309657][ T6510] loop1: p1 start 4294967040 is beyond EOD, truncated [ 119.323718][ T6517] netlink: 96 bytes leftover after parsing attributes in process `syz.2.189'. [ 119.360657][ T6510] loop1: p4 start 4227858432 is beyond EOD, truncated [ 119.370612][ T6515] xt_CT: You must specify a L4 protocol and not use inversions on it [ 119.384568][ T6515] hub 6-0:1.0: USB hub found [ 119.390429][ T6515] hub 6-0:1.0: 1 port detected [ 119.406109][ T6515] loop3: detected capacity change from 0 to 512 [ 119.414782][ T6515] EXT4-fs (loop3): Invalid default hash set in the superblock [ 119.432983][ T6519] netlink: 96 bytes leftover after parsing attributes in process `syz.2.189'. [ 119.699924][ T6067] udevd[6067]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 119.961557][ T6531] loop1: detected capacity change from 0 to 512 [ 119.974548][ T6531] EXT4-fs: Ignoring removed mblk_io_submit option [ 120.017578][ T6531] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 120.036076][ T10] usbhid 1-1:0.0: can't add hid device: -71 [ 120.042309][ T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 120.053392][ T10] usb 1-1: USB disconnect, device number 2 [ 120.066671][ T6531] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e028, mo2=0002] [ 120.081849][ T6531] EXT4-fs (loop1): orphan cleanup on readonly fs [ 120.108315][ T6531] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.194: bg 0: block 361: padding at end of block bitmap is not set [ 120.155402][ T6531] loop1: lost filesystem error report for type 5 error -117 [ 120.158249][ T6531] EXT4-fs (loop1): Remounting filesystem read-only [ 120.165682][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 120.165705][ C0] EXT4-fs (loop1): initial error at time 1769524100: ext4_validate_block_bitmap:441 [ 120.165733][ C0] EXT4-fs (loop1): last error at time 1769524100: ext4_validate_block_bitmap:441 [ 120.199001][ T6531] EXT4-fs (loop1): 1 truncate cleaned up [ 120.209704][ T6531] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 120.668540][ T6553] netlink: 'syz.2.202': attribute type 1 has an invalid length. [ 120.787719][ T5848] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 121.097423][ T6563] macvlan2: entered promiscuous mode [ 121.106503][ T6563] macvlan2: entered allmulticast mode [ 121.113938][ T6563] bond1: entered promiscuous mode [ 121.120134][ T6563] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 121.277098][ T6563] bond1: left promiscuous mode [ 121.576020][ T6575] netlink: 96 bytes leftover after parsing attributes in process `syz.1.206'. [ 121.780867][ T6579] netlink: 96 bytes leftover after parsing attributes in process `syz.1.206'. [ 121.836062][ T6582] xt_hashlimit: size too large, truncated to 1048576 [ 121.992938][ T29] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 122.157283][ T29] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 122.184784][ T29] usb 1-1: New USB device found, idVendor=056a, idProduct=033b, bcdDevice= 0.00 [ 122.204212][ T6592] batman_adv: batadv0: Adding interface: dummy0 [ 122.210623][ T29] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.219257][ T6592] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 122.247391][ T6592] batman_adv: batadv0: Interface activated: dummy0 [ 122.256120][ T29] usb 1-1: config 0 descriptor?? [ 122.285704][ T6595] net_ratelimit: 11 callbacks suppressed [ 122.285724][ T6595] batadv0: mtu less than device minimum [ 122.299530][ T6595] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.311408][ T6595] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.323313][ T6595] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.335141][ T6595] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.347019][ T6595] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.358863][ T6595] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.370734][ T6595] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.382735][ T6595] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.394659][ T6595] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.782903][ T6607] netlink: 56 bytes leftover after parsing attributes in process `syz.4.222'. [ 123.019939][ T6617] loop2: detected capacity change from 0 to 512 [ 123.090277][ T6617] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.272725][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 123.272757][ T30] audit: type=1800 audit(1769524103.682:72): pid=6617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.227" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 123.315407][ T5845] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.475607][ T6631] hub 6-0:1.0: USB hub found [ 123.480702][ T6631] hub 6-0:1.0: 1 port detected [ 123.496386][ T6631] loop4: detected capacity change from 0 to 512 [ 123.508918][ T6631] EXT4-fs (loop4): Invalid default hash set in the superblock [ 124.243257][ T6640] loop1: detected capacity change from 0 to 512 [ 124.288493][ T6640] EXT4-fs: Ignoring removed mblk_io_submit option [ 124.321004][ T6640] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 124.372145][ T29] usbhid 1-1:0.0: can't add hid device: -71 [ 124.378269][ T29] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 124.388902][ T29] usb 1-1: USB disconnect, device number 3 [ 124.410384][ T6640] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e028, mo2=0002] [ 124.471554][ T6640] EXT4-fs (loop1): orphan cleanup on readonly fs [ 124.510156][ T6640] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.234: bg 0: block 361: padding at end of block bitmap is not set [ 124.578897][ T6640] loop1: lost filesystem error report for type 5 error -117 [ 124.579375][ T6640] EXT4-fs (loop1): Remounting filesystem read-only [ 124.586799][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 124.586823][ C0] EXT4-fs (loop1): initial error at time 1769524105: ext4_validate_block_bitmap:441 [ 124.586853][ C0] EXT4-fs (loop1): last error at time 1769524105: ext4_validate_block_bitmap:441 [ 124.749979][ T6648] xt_hashlimit: size too large, truncated to 1048576 [ 124.759737][ T6640] EXT4-fs (loop1): 1 truncate cleaned up [ 124.778906][ T6640] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 124.914129][ T6654] capability: warning: `syz.2.240' uses deprecated v2 capabilities in a way that may be insecure [ 125.049260][ T5848] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 125.274611][ T6660] syzkaller1: entered promiscuous mode [ 125.288040][ T6660] syzkaller1: entered allmulticast mode [ 126.182961][ T5897] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 126.404700][ T6682] loop2: detected capacity change from 0 to 512 [ 126.412451][ T6682] EXT4-fs: Ignoring removed mblk_io_submit option [ 126.421745][ T6682] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 126.444809][ T5897] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 126.467560][ T6682] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e028, mo2=0002] [ 126.476845][ T6682] EXT4-fs (loop2): orphan cleanup on readonly fs [ 126.483920][ T6682] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.252: bg 0: block 361: padding at end of block bitmap is not set [ 126.488280][ T5897] usb 1-1: New USB device found, idVendor=056a, idProduct=033b, bcdDevice= 0.00 [ 126.498664][ T6682] loop2: lost filesystem error report for type 5 error -117 [ 126.512836][ T6682] EXT4-fs (loop2): Remounting filesystem read-only [ 126.526880][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 126.526905][ C1] EXT4-fs (loop2): initial error at time 1769524106: ext4_validate_block_bitmap:441 [ 126.526934][ C1] EXT4-fs (loop2): last error at time 1769524106: ext4_validate_block_bitmap:441 [ 126.552429][ T6682] EXT4-fs (loop2): 1 truncate cleaned up [ 126.574229][ T6682] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 126.580423][ T5897] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.629339][ T5897] usb 1-1: config 0 descriptor?? [ 126.812803][ T6695] option changes via remount are deprecated (pid=6694 comm=syz.4.257) [ 126.821201][ T6695] cgroup: option or name mismatch, new: 0x0 "pim6reg0", old: 0x0 "" [ 127.121885][ T6703] syzkaller1: entered promiscuous mode [ 127.127608][ T6703] syzkaller1: entered allmulticast mode [ 127.239330][ T5845] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 127.365846][ T6709] loop2: detected capacity change from 0 to 1024 [ 127.404055][ T6709] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 127.512212][ T6713] netlink: 8 bytes leftover after parsing attributes in process `syz.4.265'. [ 127.576357][ T5845] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.706357][ T6717] loop1: detected capacity change from 0 to 1024 [ 127.791033][ T6717] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 127.845456][ T5841] IPVS: starting estimator thread 0... [ 127.848156][ T30] audit: type=1800 audit(1769524108.262:73): pid=6717 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.267" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 127.950679][ T5848] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.965331][ T6726] IPVS: using max 25 ests per chain, 60000 per kthread [ 128.098981][ T6732] loop4: detected capacity change from 0 to 512 [ 128.120818][ T6732] EXT4-fs: Ignoring removed mblk_io_submit option [ 128.148254][ T6732] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 128.159377][ T6735] netlink: 24 bytes leftover after parsing attributes in process `syz.2.274'. [ 128.185563][ T6732] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e028, mo2=0002] [ 128.215118][ T6732] EXT4-fs (loop4): orphan cleanup on readonly fs [ 128.236481][ T6732] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.273: bg 0: block 361: padding at end of block bitmap is not set [ 128.251263][ T6732] loop4: lost filesystem error report for type 5 error -117 [ 128.252653][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 128.266550][ C1] EXT4-fs (loop4): initial error at time 1769524108: ext4_validate_block_bitmap:441 [ 128.276012][ C1] EXT4-fs (loop4): last error at time 1769524108: ext4_validate_block_bitmap:441 [ 128.287063][ T6732] EXT4-fs (loop4): Remounting filesystem read-only [ 128.294277][ T6732] EXT4-fs (loop4): 1 truncate cleaned up [ 128.302848][ T6732] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 128.342233][ T6741] netlink: 'syz.1.275': attribute type 29 has an invalid length. [ 128.361930][ T6741] netlink: 148 bytes leftover after parsing attributes in process `syz.1.275'. [ 128.527330][ T5897] usbhid 1-1:0.0: can't add hid device: -71 [ 128.533452][ T5897] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 128.558200][ T5897] usb 1-1: USB disconnect, device number 4 [ 128.627752][ T6749] netlink: 8 bytes leftover after parsing attributes in process `syz.0.279'. [ 128.878434][ T5834] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 129.022688][ T29] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 129.193010][ T29] usb 3-1: Using ep0 maxpacket: 16 [ 129.421936][ T29] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 129.434328][ T29] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 129.443736][ T29] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.462677][ T29] usb 3-1: Product: syz [ 129.466891][ T29] usb 3-1: Manufacturer: syz [ 129.549928][ T6780] xt_bpf: check failed: parse error [ 130.022693][ T29] usb 3-1: SerialNumber: syz [ 130.031616][ T29] usb 3-1: config 0 descriptor?? [ 130.046564][ T29] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 130.089390][ T10] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 130.272985][ T29] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 130.285021][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 130.303378][ T10] usb 5-1: New USB device found, idVendor=056a, idProduct=033b, bcdDevice= 0.00 [ 130.321592][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.336220][ T29] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 130.342704][ T10] usb 5-1: config 0 descriptor?? [ 130.415819][ T6788] loop0: detected capacity change from 0 to 128 [ 130.437609][ T29] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 130.457346][ T29] em28xx 3-1:0.0: board has no eeprom [ 130.532735][ T29] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 130.549102][ T29] em28xx 3-1:0.0: dvb set to bulk mode. [ 130.563790][ T5968] em28xx 3-1:0.0: Binding DVB extension [ 130.599548][ T29] usb 3-1: USB disconnect, device number 3 [ 130.625169][ T29] em28xx 3-1:0.0: Disconnecting em28xx [ 130.698384][ T5968] em28xx 3-1:0.0: Registering input extension [ 130.722892][ T29] em28xx 3-1:0.0: Closing input extension [ 130.764791][ T29] em28xx 3-1:0.0: Freeing device [ 131.076828][ T6797] loop2: detected capacity change from 0 to 1024 [ 131.155255][ T6797] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 131.283838][ T30] audit: type=1800 audit(1769524111.702:74): pid=6797 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.300" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 131.304254][ T5968] IPVS: starting estimator thread 0... [ 131.369698][ T5845] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.402843][ T6805] IPVS: using max 25 ests per chain, 60000 per kthread [ 131.474077][ T6808] loop0: detected capacity change from 0 to 512 [ 131.597049][ T6808] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.637747][ T6808] ext4 filesystem being mounted at /49/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 132.632826][ T10] usbhid 5-1:0.0: can't add hid device: -71 [ 132.647831][ T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 132.815145][ T10] usb 5-1: USB disconnect, device number 2 [ 132.862258][ T6829] xt_bpf: check failed: parse error [ 132.879303][ T6831] netlink: 8 bytes leftover after parsing attributes in process `syz.3.309'. [ 132.881511][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.108864][ T6837] loop4: detected capacity change from 0 to 1024 [ 133.553900][ T0] NOHZ tick-stop error: local softirq work is pending, handler #204!!! [ 133.591018][ T6837] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 133.604466][ T6843] netlink: 16 bytes leftover after parsing attributes in process `syz.0.312'. [ 133.671748][ T30] audit: type=1800 audit(1769524114.102:75): pid=6837 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.314" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 133.701997][ T10] IPVS: starting estimator thread 0... [ 133.804503][ T6846] tipc: Started in network mode [ 133.820827][ T6846] tipc: Node identity ac1414aa, cluster identity 4711 [ 133.835973][ T5834] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.854116][ T6846] tipc: Enabled bearer , priority 10 [ 133.862822][ T6845] IPVS: using max 32 ests per chain, 76800 per kthread [ 134.380969][ T6851] delete_channel: no stack [ 134.825769][ T6867] loop4: detected capacity change from 0 to 512 [ 134.931764][ T6867] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.976290][ T10] tipc: Node number set to 2886997162 [ 135.003066][ T6867] ext4 filesystem being mounted at /60/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 135.034891][ T6873] netlink: 8 bytes leftover after parsing attributes in process `syz.0.324'. [ 135.376014][ T6880] loop1: detected capacity change from 0 to 1024 [ 136.084290][ T5834] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.276601][ T6891] netlink: 72 bytes leftover after parsing attributes in process `syz.4.330'. [ 136.812008][ T6903] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 137.135631][ T6913] loop2: detected capacity change from 0 to 1024 [ 137.899435][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.907081][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.512832][ T6947] netlink: 8 bytes leftover after parsing attributes in process `syz.1.356'. [ 138.894926][ T6956] netlink: 148 bytes leftover after parsing attributes in process `syz.3.360'. [ 138.928444][ T6957] syzkaller1: entered promiscuous mode [ 138.935577][ T6957] syzkaller1: entered allmulticast mode [ 139.123059][ T6961] xt_bpf: check failed: parse error [ 140.087927][ T6978] netlink: 8 bytes leftover after parsing attributes in process `syz.0.368'. [ 140.226484][ T6982] netlink: 16 bytes leftover after parsing attributes in process `syz.4.367'. [ 140.276798][ T6982] tipc: Started in network mode [ 140.281743][ T6982] tipc: Node identity ac1414aa, cluster identity 4711 [ 140.305528][ T6988] infiniband: Added to hash: ib_dev=ffff888057d64000 (0)() ndev=ffff88805b78a000 (16)(bond_slave_0) [ 140.348553][ T6982] tipc: Enabled bearer , priority 10 [ 140.558179][ T6992] syzkaller1: entered promiscuous mode [ 140.604623][ T6992] syzkaller1: entered allmulticast mode [ 140.875786][ T7003] xt_bpf: check failed: parse error [ 141.673612][ T5968] tipc: Node number set to 2886997162 [ 142.637137][ T7014] loop0: detected capacity change from 0 to 1024 [ 142.741904][ T7014] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 142.776251][ T6988] infiniband syû: set active [ 142.781044][ T6988] infiniband syû: added bond_slave_0 [ 142.857035][ T6988] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR [ 142.859678][ T6988] infiniband syû: Couldn't open port 1 [ 142.988408][ T6988] RDS/IB: syû: added [ 142.999967][ T6988] smc: adding ib device syû with port count 1 [ 143.038344][ T6988] smc: ib device syû port 1 has no pnetid [ 143.112395][ T7014] EXT4-fs error (device loop0): mb_free_blocks:2047: group 0, inode 23: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 143.273177][ T7031] xt_bpf: check failed: parse error [ 143.554751][ T7038] xt_bpf: check failed: parse error [ 144.404958][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.667875][ T7043] xt_CT: You must specify a L4 protocol and not use inversions on it [ 144.706986][ T7043] hub 6-0:1.0: USB hub found [ 144.711959][ T7043] hub 6-0:1.0: 1 port detected [ 144.727282][ T7043] loop3: detected capacity change from 0 to 512 [ 144.735261][ T7043] EXT4-fs (loop3): Invalid default hash set in the superblock [ 144.985447][ T7050] syzkaller1: entered promiscuous mode [ 144.990966][ T7050] syzkaller1: entered allmulticast mode [ 145.266018][ T7059] loop4: detected capacity change from 0 to 128 [ 145.283899][ T7059] EXT4-fs: Ignoring removed orlov option [ 145.289641][ T7059] EXT4-fs: Ignoring removed nomblk_io_submit option [ 145.322131][ T7059] EXT4-fs: Ignoring removed nomblk_io_submit option [ 145.357144][ T7059] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 145.390404][ T7059] ext4 filesystem being mounted at /72/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 145.486528][ T7064] loop3: detected capacity change from 0 to 256 [ 145.570566][ T7064] FAT-fs (loop3): Directory bread(block 64) failed [ 145.577385][ T7064] FAT-fs (loop3): Directory bread(block 65) failed [ 145.584678][ T7064] FAT-fs (loop3): Directory bread(block 66) failed [ 145.591326][ T7064] FAT-fs (loop3): Directory bread(block 67) failed [ 145.598499][ T7064] FAT-fs (loop3): Directory bread(block 68) failed [ 145.605196][ T7064] FAT-fs (loop3): Directory bread(block 69) failed [ 145.612408][ T7064] FAT-fs (loop3): Directory bread(block 70) failed [ 145.619288][ T7064] FAT-fs (loop3): Directory bread(block 71) failed [ 145.626546][ T7064] FAT-fs (loop3): Directory bread(block 72) failed [ 145.633288][ T7064] FAT-fs (loop3): Directory bread(block 73) failed [ 146.576518][ T5834] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 147.353990][ T7074] xt_bpf: check failed: parse error [ 148.096136][ T7081] loop4: detected capacity change from 0 to 1024 [ 148.262163][ T7081] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 148.352735][ T7072] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 148.543539][ T7095] xt_bpf: check failed: parse error [ 148.659853][ T7081] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4224: comm syz.4.400: Allocating blocks 497-513 which overlap fs metadata [ 148.752363][ T7081] EXT4-fs (loop4): pa ffff88807de34e80: logic 128, phys. 385, len 8 [ 148.760552][ T7081] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5467: group 0, free 0, pa_free 1 [ 148.834112][ T7081] EXT4-fs error (device loop4): mb_free_blocks:2047: group 0, inode 23: block 369:freeing already freed block (bit 23); block bitmap corrupt. [ 149.298258][ T5834] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.413697][ T51] Bluetooth: hci0: command 0x0401 tx timeout [ 149.537782][ T7100] syzkaller1: entered promiscuous mode [ 149.549340][ T7100] syzkaller1: entered allmulticast mode [ 149.871451][ T7117] xt_bpf: check failed: parse error [ 150.484433][ T7119] netlink: 12 bytes leftover after parsing attributes in process `syz.3.416'. [ 150.630466][ T7124] netlink: 'syz.0.418': attribute type 29 has an invalid length. [ 150.639817][ T7124] netlink: 'syz.0.418': attribute type 29 has an invalid length. [ 150.681661][ T7124] netlink: 148 bytes leftover after parsing attributes in process `syz.0.418'. [ 150.714218][ T7126] loop3: detected capacity change from 0 to 512 [ 150.721564][ T7126] EXT4-fs: Ignoring removed mblk_io_submit option [ 150.755866][ T7126] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 150.781723][ T7128] loop4: detected capacity change from 0 to 1024 [ 150.820872][ T7126] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e028, mo2=0002] [ 150.839217][ T7126] EXT4-fs (loop3): orphan cleanup on readonly fs [ 150.847196][ T7126] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.419: bg 0: block 361: padding at end of block bitmap is not set [ 150.861994][ T7126] loop3: lost filesystem error report for type 5 error -117 [ 150.862650][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 150.876478][ C1] EXT4-fs (loop3): initial error at time 1769524131: ext4_validate_block_bitmap:441 [ 150.885957][ C1] EXT4-fs (loop3): last error at time 1769524131: ext4_validate_block_bitmap:441 [ 150.897366][ T7126] EXT4-fs (loop3): Remounting filesystem read-only [ 150.904343][ T7126] EXT4-fs (loop3): 1 truncate cleaned up [ 150.912155][ T7126] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 151.054637][ T7137] netlink: 24 bytes leftover after parsing attributes in process `syz.0.423'. [ 151.344844][ T7143] syzkaller1: entered promiscuous mode [ 151.350703][ T7143] syzkaller1: entered allmulticast mode [ 151.518725][ T5839] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 151.729127][ T7157] xt_bpf: check failed: parse error [ 151.975686][ T7158] netlink: 'syz.2.432': attribute type 29 has an invalid length. [ 152.107002][ T7159] netlink: 'syz.2.432': attribute type 29 has an invalid length. [ 152.330206][ T7158] netlink: 148 bytes leftover after parsing attributes in process `syz.2.432'. [ 152.534366][ T7165] loop2: detected capacity change from 0 to 1024 [ 152.568519][ T7171] netlink: 24 bytes leftover after parsing attributes in process `syz.4.436'. [ 152.599899][ T7170] netlink: 20 bytes leftover after parsing attributes in process `syz.1.437'. [ 152.890109][ T7178] syzkaller1: entered promiscuous mode [ 152.916128][ T7178] syzkaller1: entered allmulticast mode [ 152.929967][ T7184] netlink: 'syz.2.444': attribute type 29 has an invalid length. [ 152.945448][ T7184] netlink: 'syz.2.444': attribute type 29 has an invalid length. [ 152.976486][ T7184] netlink: 148 bytes leftover after parsing attributes in process `syz.2.444'. [ 153.277213][ T7201] xt_bpf: check failed: parse error [ 153.942308][ T7207] loop3: detected capacity change from 0 to 1024 [ 154.106933][ T7210] netlink: 24 bytes leftover after parsing attributes in process `syz.2.453'. [ 154.487438][ T7230] syzkaller1: entered promiscuous mode [ 154.527991][ T7230] syzkaller1: entered allmulticast mode [ 154.557918][ T7231] loop4: detected capacity change from 0 to 512 [ 154.666280][ T7231] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 154.705093][ T7231] ext4 filesystem being mounted at /84/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 154.766539][ T7246] xt_bpf: check failed: parse error [ 155.462999][ T7253] loop0: detected capacity change from 0 to 1024 [ 155.737120][ T5834] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 155.883216][ T7265] netlink: 'syz.3.472': attribute type 29 has an invalid length. [ 155.905507][ T7265] netlink: 'syz.3.472': attribute type 29 has an invalid length. [ 156.116980][ T7275] syzkaller1: entered promiscuous mode [ 156.122533][ T7275] syzkaller1: entered allmulticast mode [ 156.194252][ T7280] xt_bpf: check failed: parse error [ 156.891749][ T7289] loop0: detected capacity change from 0 to 1024 [ 157.161418][ T7298] netlink: 24 bytes leftover after parsing attributes in process `syz.0.486'. [ 157.201865][ T7301] netlink: 'syz.1.485': attribute type 29 has an invalid length. [ 157.222540][ T7301] netlink: 'syz.1.485': attribute type 29 has an invalid length. [ 157.652554][ T7324] Bluetooth: MGMT ver 1.23 [ 157.659837][ T7287] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 157.670920][ T7325] netlink: 24 bytes leftover after parsing attributes in process `syz.0.495'. [ 158.480457][ T7337] netlink: 'syz.4.499': attribute type 29 has an invalid length. [ 158.786786][ T7352] Bluetooth: hci0: Opcode 0x0401 failed: -22 [ 160.175360][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 160.578282][ T7377] netlink: 'syz.4.515': attribute type 29 has an invalid length. [ 160.612828][ T7377] netlink: 'syz.4.515': attribute type 29 has an invalid length. [ 160.694498][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 160.724353][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 161.151389][ T7399] Bluetooth: hci0: Opcode 0x0401 failed: -22 [ 161.287897][ T7405] loop0: detected capacity change from 0 to 512 [ 161.376135][ T7405] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 161.390512][ T7405] ext4 filesystem being mounted at /97/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 162.404348][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.467977][ T7414] netlink: 'syz.2.528': attribute type 29 has an invalid length. [ 162.491730][ T7416] xt_hashlimit: size too large, truncated to 1048576 [ 162.504564][ T7414] netlink: 'syz.2.528': attribute type 29 has an invalid length. [ 163.683911][ T7460] Bluetooth: hci0: Opcode 0x0401 failed: -22 [ 164.058907][ T5897] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 164.279943][ T5897] usb 2-1: Using ep0 maxpacket: 16 [ 164.294596][ T5897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 164.349350][ T5897] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 164.393209][ T5897] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.401406][ T5897] usb 2-1: Product: syz [ 164.411383][ T5897] usb 2-1: Manufacturer: syz [ 164.426359][ T5897] usb 2-1: SerialNumber: syz [ 164.471468][ T5897] usb 2-1: config 0 descriptor?? [ 164.485155][ T5897] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 164.516954][ T5897] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 164.760185][ T5897] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 164.850340][ T5897] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 164.882717][ T5897] em28xx 2-1:0.0: board has no eeprom [ 164.972661][ T5897] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 164.982671][ T5897] em28xx 2-1:0.0: dvb set to bulk mode. [ 164.988315][ T9] em28xx 2-1:0.0: Binding DVB extension [ 165.039320][ T5897] usb 2-1: USB disconnect, device number 2 [ 165.064313][ T5897] em28xx 2-1:0.0: Disconnecting em28xx [ 165.154244][ T9] em28xx 2-1:0.0: Registering input extension [ 165.176300][ T5897] em28xx 2-1:0.0: Closing input extension [ 165.224710][ T5897] em28xx 2-1:0.0: Freeing device [ 166.261460][ T7501] net_ratelimit: 12 callbacks suppressed [ 166.261480][ T7501] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3 [ 166.865406][ T979] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888057d64000 (11)(syû) rdma_ndev=ffff88805b78a000 (16)(bond_slave_0) cookie=ffff88802b874000 (12)(syzkaller0) start [ 166.933829][ T979] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888057d64000 (11)(syû) rdma_ndev=ffff88805b78a000 (16)(bond_slave_0) cookie=ffff88802b874000 (4)(syzkaller0) end [ 167.055807][ T7522] Bluetooth: hci0: Opcode 0x0401 failed: -22 [ 167.480083][ T7533] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3 [ 168.282082][ T7543] 9pnet_fd: Insufficient options for proto=fd [ 168.781085][ T7555] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3 [ 168.796644][ T7556] netlink: 'syz.3.587': attribute type 13 has an invalid length. [ 169.580873][ T7577] loop1: detected capacity change from 0 to 2048 [ 169.631236][ T7577] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 169.657171][ T7585] netlink: 24 bytes leftover after parsing attributes in process `syz.2.597'. [ 169.709116][ T7587] loop3: detected capacity change from 0 to 128 [ 169.717025][ T7587] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 169.731129][ T7587] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 169.778692][ T77] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 169.809622][ T5848] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.635227][ T7612] C: renamed from team_slave_0 (while UP) [ 170.653870][ T7612] netlink: 'syz.2.609': attribute type 2 has an invalid length. [ 170.670075][ T7612] netlink: 108 bytes leftover after parsing attributes in process `syz.2.609'. [ 170.688838][ T7612] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 170.711182][ T7614] loop4: detected capacity change from 0 to 2048 [ 170.777412][ T7614] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 170.868871][ T7619] netlink: 24 bytes leftover after parsing attributes in process `syz.2.611'. [ 170.962282][ T5834] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.277536][ T36] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888057d64000 (11)(syû) rdma_ndev=ffff88805b78a000 (16)(bond_slave_0) cookie=ffff88805a6d0000 (14)(netdevsim3) start [ 171.306105][ T7630] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.341624][ T7632] netlink: 'syz.1.617': attribute type 29 has an invalid length. [ 171.435261][ T36] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888057d64000 (11)(syû) rdma_ndev=ffff88805b78a000 (16)(bond_slave_0) cookie=ffff88805a6d0000 (6)(netdevsim3) end [ 171.595444][ T979] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888057d64000 (11)(syû) rdma_ndev=ffff88805b78a000 (16)(bond_slave_0) cookie=ffff88805a6d4000 (14)(netdevsim2) start [ 171.616529][ T7630] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.628959][ T979] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888057d64000 (11)(syû) rdma_ndev=ffff88805b78a000 (16)(bond_slave_0) cookie=ffff88805a6d4000 (8)(netdevsim2) end [ 171.851950][ T7630] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.862770][ T36] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888057d64000 (11)(syû) rdma_ndev=ffff88805b78a000 (16)(bond_slave_0) cookie=ffff88805a6d8000 (8)(netdevsim1) start [ 171.862853][ T36] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888057d64000 (11)(syû) rdma_ndev=ffff88805b78a000 (16)(bond_slave_0) cookie=ffff88805a6d8000 (8)(netdevsim1) end [ 172.101091][ T7645] netlink: 24 bytes leftover after parsing attributes in process `syz.0.622'. [ 172.228086][ T7630] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.238669][ T979] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888057d64000 (11)(syû) rdma_ndev=ffff88805b78a000 (16)(bond_slave_0) cookie=ffff88805bad8000 (11)(netdevsim0) start [ 172.276577][ T979] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888057d64000 (11)(syû) rdma_ndev=ffff88805b78a000 (16)(bond_slave_0) cookie=ffff88805bad8000 (8)(netdevsim0) end [ 172.583653][ T979] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.627789][ T7662] 9pnet_fd: Insufficient options for proto=fd [ 172.787078][ T7666] xt_CT: You must specify a L4 protocol and not use inversions on it [ 172.832002][ T7666] hub 6-0:1.0: USB hub found [ 172.839039][ T7666] hub 6-0:1.0: 1 port detected [ 172.897496][ T7666] loop1: detected capacity change from 0 to 512 [ 172.926067][ T7666] EXT4-fs (loop1): Invalid default hash set in the superblock [ 173.008351][ T979] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.044728][ T979] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.093029][ T979] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.122479][ T7669] netlink: 24 bytes leftover after parsing attributes in process `syz.0.628'. [ 174.169756][ T7670] netlink: 24 bytes leftover after parsing attributes in process `syz.0.628'. [ 174.773198][ T7687] xt_bpf: check failed: parse error [ 175.538125][ T7693] netlink: 24 bytes leftover after parsing attributes in process `syz.1.637'. [ 175.645636][ T7695] 9pnet_fd: Insufficient options for proto=fd [ 175.808906][ T7701] loop1: detected capacity change from 0 to 512 [ 175.931173][ T7701] EXT4-fs error (device loop1): ext4_do_update_inode:5596: inode #3: comm syz.1.641: corrupted inode contents [ 176.001950][ T7701] loop1: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 176.003057][ C0] EXT4-fs (loop1): initial error at time 1769524156: ext4_do_update_inode:5596: inode 3 [ 176.023595][ C0] EXT4-fs (loop1): last error at time 1769524156: ext4_do_update_inode:5596: inode 3 [ 176.048477][ T7701] EXT4-fs error (device loop1): ext4_dirty_inode:6481: inode #3: comm syz.1.641: mark_inode_dirty error [ 176.059896][ T7701] loop1: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 176.065229][ T7701] EXT4-fs error (device loop1): ext4_do_update_inode:5596: inode #3: comm syz.1.641: corrupted inode contents [ 176.105414][ T7701] loop1: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 176.106789][ T7701] EXT4-fs error (device loop1): __ext4_ext_dirty:207: inode #3: comm syz.1.641: mark_inode_dirty error [ 176.149937][ T7708] ip6tnl0: Caught tx_queue_len zero misconfig [ 176.185825][ T7701] loop1: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 176.190350][ T7701] Quota error (device loop1): write_blk: dquota write failed [ 176.212710][ T7710] netlink: 24 bytes leftover after parsing attributes in process `syz.4.644'. [ 176.238772][ T7710] netlink: 24 bytes leftover after parsing attributes in process `syz.4.644'. [ 176.264957][ T7701] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 176.352920][ T7701] EXT4-fs error (device loop1): ext4_acquire_dquot:7007: comm syz.1.641: Failed to acquire dquot type 0 [ 176.452799][ T7701] loop1: lost filesystem error report for type 5 error -117 [ 176.472193][ T7701] EXT4-fs error (device loop1): ext4_do_update_inode:5596: inode #16: comm syz.1.641: corrupted inode contents [ 176.554412][ T7715] netlink: 'syz.3.646': attribute type 1 has an invalid length. [ 176.573620][ T7701] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 176.576934][ T7701] EXT4-fs error (device loop1): ext4_dirty_inode:6481: inode #16: comm syz.1.641: mark_inode_dirty error [ 176.639336][ T7716] xt_CT: You must specify a L4 protocol and not use inversions on it [ 176.677122][ T7716] hub 6-0:1.0: USB hub found [ 176.687868][ T7716] hub 6-0:1.0: 1 port detected [ 176.747729][ T7716] loop0: detected capacity change from 0 to 512 [ 176.796497][ T7716] EXT4-fs (loop0): Invalid default hash set in the superblock [ 176.846734][ T7701] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 176.860294][ T7701] EXT4-fs error (device loop1): ext4_do_update_inode:5596: inode #16: comm syz.1.641: corrupted inode contents [ 177.089054][ T7701] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 177.095797][ T7701] EXT4-fs error (device loop1): __ext4_ext_dirty:207: inode #16: comm syz.1.641: mark_inode_dirty error [ 177.542840][ T7701] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 177.543883][ T7701] EXT4-fs error (device loop1): ext4_do_update_inode:5596: inode #16: comm syz.1.641: corrupted inode contents [ 177.695345][ T7701] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 177.698618][ T7701] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem [ 177.867733][ T7701] loop1: lost filesystem error report for type 5 error -117 [ 177.868327][ T7701] EXT4-fs error (device loop1): ext4_do_update_inode:5596: inode #16: comm syz.1.641: corrupted inode contents [ 177.962885][ T7701] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 177.963414][ T7701] EXT4-fs error (device loop1): ext4_truncate:4614: inode #16: comm syz.1.641: mark_inode_dirty error [ 178.013762][ T7701] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem [ 178.023864][ T7701] loop1: lost filesystem error report for type 5 error -117 [ 178.026769][ T7701] EXT4-fs (loop1): 1 truncate cleaned up [ 178.048370][ T7701] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.061869][ T7701] ext4 filesystem being mounted at /134/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 178.100531][ T7701] EXT4-fs warning (device loop1): ext4_es_cache_extent:1082: inode #3: comm syz.1.641: ES cache extent failed: add [1,1,41,0x1] conflict with existing [1,-2,576460752303423487,0x18] [ 178.100531][ T7701] [ 178.204192][ T7727] xt_bpf: check failed: parse error [ 178.813315][ T36] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888057d64000 (11)(syû) rdma_ndev=ffff88805b78a000 (16)(bond_slave_0) cookie=ffff88805305e000 (4)(gretap1) start [ 178.862737][ T7728] EXT4-fs error (device loop1): ext4_empty_dir:3118: inode #12: block 13: comm syz.1.641: bad entry in directory: inode out of bounds - offset=24, inode=33554445, rec_len=16, size=4096 fake=0 [ 179.016177][ T36] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888057d64000 (11)(syû) rdma_ndev=ffff88805b78a000 (16)(bond_slave_0) cookie=ffff88805305e000 (3)(gretap1) end [ 179.184853][ T5848] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.473823][ T7739] netlink: 24 bytes leftover after parsing attributes in process `syz.1.651'. [ 179.963549][ T7750] netlink: 24 bytes leftover after parsing attributes in process `syz.0.657'. [ 179.983633][ T7750] netlink: 24 bytes leftover after parsing attributes in process `syz.0.657'. [ 180.964575][ T7762] netlink: 'syz.4.662': attribute type 1 has an invalid length. [ 181.338195][ T77] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888057d64000 (11)(syû) rdma_ndev=ffff88805b78a000 (16)(bond_slave_0) cookie=ffff888077140000 (11)(gretap1) start [ 181.376413][ T7774] xt_CT: You must specify a L4 protocol and not use inversions on it [ 181.421482][ T7774] hub 6-0:1.0: USB hub found [ 181.422226][ T77] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888057d64000 (11)(syû) rdma_ndev=ffff88805b78a000 (16)(bond_slave_0) cookie=ffff888077140000 (4)(gretap1) end [ 181.446881][ T7774] hub 6-0:1.0: 1 port detected [ 181.455160][ T7777] netlink: 24 bytes leftover after parsing attributes in process `syz.3.666'. [ 181.465712][ T7770] C: renamed from team_slave_0 (while UP) [ 181.485223][ T7770] netlink: 152 bytes leftover after parsing attributes in process `syz.0.664'. [ 181.517878][ T7778] loop2: detected capacity change from 0 to 512 [ 181.599070][ T7778] EXT4-fs (loop2): Invalid default hash set in the superblock [ 182.255378][ T5968] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 182.302527][ T5968] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 182.320869][ T7794] loop4: detected capacity change from 0 to 2048 [ 182.358735][ T7794] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 182.636859][ T7803] mmap: syz.1.672 (7803) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 183.561850][ T5834] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.845758][ T7812] Bluetooth: hci0: Opcode 0x0401 failed: -22 [ 184.769543][ T7826] netlink: 64 bytes leftover after parsing attributes in process `syz.0.681'. [ 185.571074][ T7834] netlink: 148 bytes leftover after parsing attributes in process `syz.1.686'. [ 185.772905][ T7843] loop0: detected capacity change from 0 to 1024 [ 186.785046][ T7852] loop4: detected capacity change from 0 to 512 [ 186.895792][ T7852] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 186.913617][ T7852] ext4 filesystem being mounted at /130/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 187.171866][ T3043] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888057d64000 (11)(syû) rdma_ndev=ffff88805b78a000 (16)(bond_slave_0) cookie=ffff888059d84000 (16)(netdevsim3) start [ 187.208725][ T7861] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.243299][ T3043] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888057d64000 (11)(syû) rdma_ndev=ffff88805b78a000 (16)(bond_slave_0) cookie=ffff888059d84000 (8)(netdevsim3) end [ 188.004132][ T5834] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.172200][ T7872] netlink: 64 bytes leftover after parsing attributes in process `syz.1.695'. [ 188.409056][ T3014] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888057d64000 (11)(syû) rdma_ndev=ffff88805b78a000 (16)(bond_slave_0) cookie=ffff888059e78000 (13)(netdevsim2) start [ 188.517694][ T7861] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.722655][ T3014] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888057d64000 (11)(syû) rdma_ndev=ffff88805b78a000 (16)(bond_slave_0) cookie=ffff888059e78000 (8)(netdevsim2) end [ 188.799334][ T7874] loop4: detected capacity change from 0 to 512 [ 188.835346][ T7874] EXT4-fs: Ignoring removed bh option [ 188.889290][ T7874] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 188.914807][ T7877] netlink: 148 bytes leftover after parsing attributes in process `syz.3.698'. [ 188.944142][ T7882] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 [#1] SMP KASAN PTI [ 188.956116][ T7882] KASAN: null-ptr-deref in range [0x00000000000001c0-0x00000000000001c7] [ 188.957788][ T7874] ext4 filesystem being mounted at /131/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 188.964562][ T7882] CPU: 1 UID: 0 PID: 7882 Comm: syz.1.699 Not tainted syzkaller #0 PREEMPT(full) [ 188.964589][ T7882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 188.964603][ T7882] RIP: 0010:__queue_work+0xa2/0xf90 [ 188.964636][ T7882] Code: 11 31 ff 89 ee e8 4e f4 37 00 85 ed 0f 85 ef 0c 00 00 e8 01 f0 37 00 4d 8d b7 c0 01 00 00 4c 89 f0 48 c1 e8 03 48 89 44 24 28 <42> 0f b6 04 20 84 c0 0f 85 22 0d 00 00 4c 89 34 24 41 8b 2e 89 ee [ 188.964661][ T7882] RSP: 0018:ffffc9000ad1f4d8 EFLAGS: 00010002 [ 189.025670][ T7882] RAX: 0000000000000038 RBX: 0000000000000008 RCX: 0000000000080000 [ 189.033677][ T7882] RDX: ffffc9000bd22000 RSI: 0000000000000a3e RDI: 0000000000000a3f [ 189.041679][ T7882] RBP: 0000000000000000 R08: ffff88813ff72017 R09: 1ffff11027fee402 [ 189.049690][ T7882] R10: dffffc0000000000 R11: ffffed1027fee403 R12: dffffc0000000000 [ 189.057691][ T7882] R13: ffff88813ff72010 R14: 00000000000001c0 R15: 0000000000000000 [ 189.065684][ T7882] FS: 00007f3e715c16c0(0000) GS:ffff8881253b4000(0000) knlGS:0000000000000000 [ 189.074631][ T7882] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 189.081245][ T7882] CR2: 000000110c321157 CR3: 000000007d180000 CR4: 00000000003526f0 [ 189.089252][ T7882] Call Trace: [ 189.092562][ T7882] [ 189.095525][ T7882] ? __asan_memcpy+0x40/0x70 [ 189.100152][ T7882] ? __tty_insert_flip_string_flags+0x3e9/0x430 [ 189.106424][ T7882] queue_work_on+0x106/0x1d0 [ 189.111047][ T7882] k_pad+0x4c4/0xa90 [ 189.115109][ T7882] ? lock_acquire+0x106/0x330 [ 189.119817][ T7882] ? __pfx_k_pad+0x10/0x10 [ 189.124257][ T7882] ? notifier_chain_unregister+0x23d/0x280 [ 189.130100][ T7882] ? atomic_notifier_call_chain+0x26/0x180 [ 189.135941][ T7882] kbd_event+0x2ec1/0x40d0 [ 189.140408][ T7882] ? __pfx_kbd_event+0x10/0x10 [ 189.145197][ T7882] ? add_lock_to_list+0xc7/0x100 [ 189.150164][ T7882] ? lockdep_unlock+0x5d/0xd0 [ 189.154874][ T7882] ? __lock_acquire+0x146e/0x2cf0 [ 189.159932][ T7882] ? __lock_acquire+0x6b5/0x2cf0 [ 189.164988][ T7882] ? __lock_acquire+0x6b5/0x2cf0 [ 189.169961][ T7882] ? __lock_acquire+0x6b5/0x2cf0 [ 189.174923][ T7882] ? input_pass_values+0x8d/0x890 [ 189.179983][ T7882] ? lock_acquire+0x106/0x330 [ 189.184785][ T7882] ? input_pass_values+0x8d/0x890 [ 189.189844][ T7882] input_handle_events_default+0xd4/0x1a0 [ 189.195606][ T7882] ? input_pass_values+0x8d/0x890 [ 189.200668][ T7882] input_pass_values+0x288/0x890 [ 189.205643][ T7882] ? input_handle_event+0x70c/0xf30 [ 189.210997][ T7882] input_event_dispose+0x330/0x6b0 [ 189.216168][ T7882] input_inject_event+0x1dd/0x340 [ 189.221318][ T7882] ? input_inject_event+0xb6/0x340 [ 189.226496][ T7882] evdev_write+0x325/0x4c0 [ 189.230971][ T7882] ? __lock_acquire+0x6b5/0x2cf0 [ 189.236001][ T7882] ? __pfx_evdev_write+0x10/0x10 [ 189.241041][ T7882] ? bpf_lsm_file_permission+0x9/0x20 [ 189.246767][ T7882] ? security_file_permission+0x75/0x260 [ 189.252475][ T7882] ? rw_verify_area+0x255/0x4d0 [ 189.257507][ T7882] ? __pfx_evdev_write+0x10/0x10 [ 189.262510][ T7882] vfs_write+0x29a/0xb90 [ 189.266806][ T7882] ? __pfx_vfs_write+0x10/0x10 [ 189.271610][ T7882] ? __fget_files+0x2a/0x420 [ 189.276250][ T7882] ? __fget_files+0x2a/0x420 [ 189.280889][ T7882] ? __fget_files+0x3a0/0x420 [ 189.285736][ T7882] ? __fget_files+0x2a/0x420 [ 189.290372][ T7882] ksys_write+0x150/0x270 [ 189.294754][ T7882] ? __pfx_ksys_write+0x10/0x10 [ 189.299662][ T7882] do_syscall_64+0xe2/0xf80 [ 189.304305][ T7882] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.310419][ T7882] ? trace_irq_disable+0x37/0x100 [ 189.315486][ T7882] ? clear_bhb_loop+0x40/0x90 [ 189.320218][ T7882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.326158][ T7882] RIP: 0033:0x7f3e7079aeb9 [ 189.330824][ T7882] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 189.350558][ T7882] RSP: 002b:00007f3e715c1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 189.359226][ T7882] RAX: ffffffffffffffda RBX: 00007f3e70a15fa0 RCX: 00007f3e7079aeb9 [ 189.367251][ T7882] RDX: 0000000000002250 RSI: 0000200000000040 RDI: 0000000000000004 [ 189.375360][ T7882] RBP: 00007f3e70808c1f R08: 0000000000000000 R09: 0000000000000000 [ 189.383375][ T7882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 189.391693][ T7882] R13: 00007f3e70a16038 R14: 00007f3e70a15fa0 R15: 00007ffeca992f48 [ 189.399751][ T7882] [ 189.402806][ T7882] Modules linked in: [ 189.406757][ T7882] ---[ end trace 0000000000000000 ]--- [ 189.412236][ T7882] RIP: 0010:__queue_work+0xa2/0xf90 [ 189.417477][ T7882] Code: 11 31 ff 89 ee e8 4e f4 37 00 85 ed 0f 85 ef 0c 00 00 e8 01 f0 37 00 4d 8d b7 c0 01 00 00 4c 89 f0 48 c1 e8 03 48 89 44 24 28 <42> 0f b6 04 20 84 c0 0f 85 22 0d 00 00 4c 89 34 24 41 8b 2e 89 ee [ 189.437109][ T7882] RSP: 0018:ffffc9000ad1f4d8 EFLAGS: 00010002 [ 189.443210][ T7882] RAX: 0000000000000038 RBX: 0000000000000008 RCX: 0000000000080000 [ 189.451202][ T7882] RDX: ffffc9000bd22000 RSI: 0000000000000a3e RDI: 0000000000000a3f [ 189.459229][ T7882] RBP: 0000000000000000 R08: ffff88813ff72017 R09: 1ffff11027fee402 [ 189.467226][ T7882] R10: dffffc0000000000 R11: ffffed1027fee403 R12: dffffc0000000000 [ 189.475230][ T7882] R13: ffff88813ff72010 R14: 00000000000001c0 R15: 0000000000000000 [ 189.483229][ T7882] FS: 00007f3e715c16c0(0000) GS:ffff8881253b4000(0000) knlGS:0000000000000000 [ 189.492282][ T7882] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 189.498915][ T7882] CR2: 000000110c321157 CR3: 000000007d180000 CR4: 00000000003526f0 [ 189.506967][ T7882] Kernel panic - not syncing: Fatal exception [ 189.513663][ T7882] Kernel Offset: disabled [ 189.518093][ T7882] Rebooting in 86400 seconds..