last executing test programs: 16.900049246s ago: executing program 3 (id=1254): syz_usb_connect(0x2, 0x24, 0x0, 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xb, &(0x7f0000000180)=""/174, &(0x7f0000000040)=0xae) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0) listen(0xffffffffffffffff, 0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) epoll_create(0x7) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000440)=@nat={'nat\x00', 0x62, 0x5, 0x3e0, 0x0, 0x178, 0xffffffff, 0x0, 0x2a0, 0x348, 0x348, 0xffffffff, 0x348, 0x348, 0x5, 0x0, {[{{@uncond, 0x0, 0x98, 0xd0, 0x0, {0x22e}, [@common=@unspec=@state={{0x28}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x25, {0x3, @local, @broadcast}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @remote, @empty, @gre_key, @gre_key}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @remote, 0x0, 0x0, 'batadv0\x00', 'bond0\x00'}, 0x0, 0xf0, 0x128, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00'}}, @common=@addrtype={{0x30}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @multicast1, @multicast2, @gre_key, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @local, @broadcast, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x440) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="00000000000000004822e503a896497f0000006cc3000000001000002b08d3b1c1ae12890c7a954ba78d2eb4de45e13c03904ff1bafda5f6ede1ef134616a0e9bc834aa6a8a725c13597fac0f221041237f9b1edb02804afd330ebf0809606f2b94731b63c10e0d4a5e1f0e62711733985800182374aed3e532fc7a5deeb00100dde946baac32dd42dd5c2614bd39927fb860a16c1448305de51777c4edda38f2510cf395ae64dced7ab04fd40f615d97cc1777427e6461618a344c292c40a7904b9c6dd1e4855152883f1d393f82894409ee052071a060b5463d3f5add944df382962cffdc48d45e71d7975264953177c7f0050bf", @ANYRES32=0x0, @ANYRES32], 0x50) 13.312347296s ago: executing program 3 (id=1259): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, 0x0, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f00000002c0)={0x2, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @local}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000780)={0x2, {{0xa, 0x4e22, 0x1, @mcast2}}}, 0x90) connect$inet(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x8) sched_setscheduler(0x0, 0x1, 0x0) getpid() 12.26304509s ago: executing program 3 (id=1261): openat$kvm(0xffffffffffffff9c, 0x0, 0x101000, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0xb8) mount(0x0, 0x0, 0x0, 0x2080000, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000032680)=""/102400, 0x19000) r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = socket(0x10, 0x80003, 0x0) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000040)="240000001a005f0214f9f507000909000a000000000000000000000004001e0000000000", 0x24) write(r2, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000080)={'sit0\x00'}) 11.201811936s ago: executing program 3 (id=1262): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) ioctl$VIDIOC_ENUMSTD(r0, 0xc0485619, &(0x7f00000003c0)={0x8, 0x1000, "88ccc5daf80cd6a4471030967393bca9378705edf628163e", {0x7, 0x2}, 0x800}) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x50313134, 0x0, 0xa, [{}, {0x10}, {}, {0x0, 0xffffffff}, {0x6}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes-generic)\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000300)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10) sendto$inet6(r5, &(0x7f0000000080)="255b2a20f709b4a43a1307c620044218fe1f90c892edda55948fc95472faf24df297a8e4228b32dcc11a0a004c287b", 0x2f, 0x800, 0x0, 0x0) 10.771955351s ago: executing program 1 (id=1264): bpf$MAP_CREATE(0x0, 0x0, 0x24ac2624e5172d5d) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xffff, 0x20000000000008b}, 0x0) syz_usb_connect(0x0, 0x36, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x7b53a000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) socket$key(0xf, 0x3, 0x2) connect$unix(r2, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57) setsockopt$inet_mreqsrc(r3, 0x0, 0x28, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) 9.832465057s ago: executing program 2 (id=1265): mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xb635773f07ebbee1, 0x8031, 0xffffffffffffffff, 0x4ff72000) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) socket$kcm(0x2, 0xa, 0x2) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) socket$inet6(0xa, 0x5, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_init_net_socket$ax25(0x3, 0x2, 0xcc) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x8f) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r2, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r3], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r2, {0x3}, {0x0, 0xfff2}, {0xa, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x39, 0x1}}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x4004140}, 0x0) 9.29329803s ago: executing program 2 (id=1266): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000001200)={0x18, 0xef9, 0x1}) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x1000f0000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f00000003c0)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_sctp(0x2, 0x1, 0x84) r5 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r5, &(0x7f0000000200)={0x10, 0x0, 0x25dfdbfe, 0x2}, 0xc) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x10}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) 7.791998461s ago: executing program 2 (id=1267): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_DELLINK(r4, 0x0, 0x4000) r5 = openat$cgroup_subtree(r4, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r5, &(0x7f0000000980)={[{0x2d, 'pids'}]}, 0x1f) 7.628335334s ago: executing program 0 (id=1268): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) r3 = syz_open_dev$usbfs(0x0, 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r3, 0xc0105500, 0x0) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x317, 0x1, 0x34, 0x9}, 0x9c) 6.486882097s ago: executing program 2 (id=1269): r0 = add_key(0x0, &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) getpgrp(0xffffffffffffffff) keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0) r1 = msgget$private(0x0, 0x0) msgrcv(r1, 0x0, 0x0, 0x2, 0x3000) msgsnd(r1, &(0x7f0000000400)=ANY=[@ANYBLOB="0200000000000000"], 0xfd4, 0x0) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000140)=0x3) msgrcv(r1, &(0x7f0000000180)={0x0, ""/195}, 0xcb, 0x1, 0x3000) msgctl$IPC_SET(r1, 0x1, &(0x7f0000001440)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x8c, 0xff}, 0x0, 0x0, 0x8000000000000001, 0x9, 0x2, 0x4, 0x4, 0x800, 0x81b0, 0x7fff, 0x0, 0xffffffffffffffff}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/wireless\x00') read$FUSE(r2, &(0x7f0000000e00)={0x2020}, 0x2020) r3 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)) r4 = openat$comedi(0xffffff9c, 0x0, 0x2180, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={r3}) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) listen(r3, 0x3) accept4(r3, 0x0, 0x0, 0x0) 6.422033232s ago: executing program 1 (id=1270): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x804e20}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_io_uring_submit(0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000850) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000001ec0), 0xffffffffffffffff) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a70000000060a090400000000000000000200000044000480140001800c0001006e6f747261636b00040002802c0001800e000100696d6d656469617465000000180002800c00028005000100c400000008000140000000090900010073797a30000000000900020073797a320000000020000000080a05000000000000000000020000000900010073797a300000000014000000110001"], 0xb8}}, 0x0) 6.213055029s ago: executing program 0 (id=1271): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e) socket$phonet_pipe(0x23, 0x5, 0x2) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) dup(r1) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r5 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r5, 0x0, 0x484, &(0x7f0000000000)=""/108, &(0x7f0000000080)=0x18) 5.94441548s ago: executing program 3 (id=1272): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) r1 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="6ebd23d5", 0x4, 0xfffffffffffffffe) keyctl$update(0x2, r1, 0x0, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea048500000050000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'team_slave_0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x6, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r3, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94) preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) 5.255446556s ago: executing program 2 (id=1273): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="3c0000001800150000000000000000000a00ed000202000000000000200009801c"], 0x3c}], 0x1}, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', 0x0}) socket(0x10, 0x803, 0x0) 5.129914256s ago: executing program 1 (id=1274): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-blowfish-asm\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, 0x0, 0x0) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ad060000", 0x4) sendmsg$alg(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000024c0)="438dc77642449e6e17553493f7aeb57e36375ae9e2", 0x15}], 0x1, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4008011}, 0x4040004) recvmmsg(r1, &(0x7f0000002340)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f00000000c0)=""/20, 0x14}], 0x1}, 0xfff}], 0x1, 0x2021, 0x0) 5.025956814s ago: executing program 0 (id=1275): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6(0xa, 0x3, 0x8000000003c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xb, 0x30, '\x00', 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) r2 = socket$pppoe(0x18, 0x1, 0x0) ioctl$PPPIOCGCHAN(r2, 0x80047437, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$inet_tcp(0x2, 0x1, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x1, 0x0, 0x0, 0x0, 0x0) mount$9p_rdma(&(0x7f0000003540), &(0x7f0000003580)='./file0\x00', &(0x7f00000035c0), 0x3204489, &(0x7f0000000700)={'trans=rdma,', {'port', 0x3d, 0x4e22}, 0x2c, {[{@common=@fscache}, {@timeout={'timeout', 0x3d, 0x6}}, {@rq={'rq', 0x3d, 0x3}}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'syzkaller\x00'}}]}}) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0xc7ec}, 0x1c) 3.979907939s ago: executing program 1 (id=1276): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x804e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x141b82, 0x180) write$cgroup_int(r4, 0x0, 0x0) syz_open_dev$usbfs(0x0, 0xf, 0xc340) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000000)={'veth1_macvtap\x00', &(0x7f0000000500)=@ethtool_per_queue_op={0x4b, 0xe, [0x3, 0x9, 0x8, 0x75a29b65, 0xef, 0x6, 0x7, 0xa04, 0x0, 0x7, 0x82, 0x4, 0x6, 0x0, 0xff15, 0x6, 0x2, 0xfff, 0x7, 0x4, 0x4, 0x1ff, 0xc000000, 0xa8e, 0xfffeffff, 0x7fffffff, 0x1, 0xfffffffd, 0x5, 0x9, 0x8, 0x1, 0x3, 0x1, 0x268, 0x100, 0xfffffffd, 0x514, 0x5, 0x5b, 0x6, 0x5, 0x1, 0x7, 0x2f50, 0xbaf1, 0x7ff, 0x1, 0x7fff, 0x12, 0xb, 0x9, 0xff, 0x1, 0x2, 0x5, 0xffffffff, 0xfffffffe, 0x400, 0x7, 0x4, 0x9, 0xffffffff, 0x80000000, 0x2, 0x6, 0xeedc, 0x1, 0x5, 0x182, 0x10, 0x100, 0x0, 0xff, 0xffffffff, 0x9, 0x5, 0x1, 0x1ff, 0x5, 0x7, 0x2, 0x7, 0xb071, 0xffb9, 0x3, 0x0, 0xf, 0x348, 0x8, 0x0, 0x6, 0x14, 0x8, 0x73b, 0x0, 0x400, 0x2, 0x9, 0x3, 0xfc24, 0x7, 0x7, 0xfffffff0, 0x4, 0x100, 0x3, 0x7fffffff, 0x0, 0x7ff, 0x3, 0xb59, 0xf, 0x9, 0x8, 0x0, 0x401, 0x80000000, 0x1, 0xc71, 0x6, 0x3e0, 0x0, 0x9, 0x1ff, 0x1, 0x9, 0x1]}}) 2.329622742s ago: executing program 1 (id=1277): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) mprotect(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x5) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) capget(&(0x7f0000000180)={0x19980330, r2}, &(0x7f0000000580)={0xef3a, 0xe, 0x1, 0x4, 0x86, 0x4}) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60}, 0x94) syz_mount_image$iso9660(&(0x7f0000000780), &(0x7f00000007c0)='./file0\x00', 0x440, &(0x7f0000000040)=ANY=[@ANYBLOB="6d61703d6e6f726d616c2c73657373696f6e3d307830303030300036c031303030303063382c649419de3a4de06d7064653d3078666666666666666637666666666666662c636865636b3d72656c"], 0x2, 0x65b, &(0x7f00000000c0)="$eJzs3V9v29b9x/EPZdmW/fshKLahCII0Pk1WwME8RZIbB0Z2MY6ibHaSKJD0YAMDiqyxiyByuiUZ0Pgm883+AN0T2F1vdrEHsWHXexa7HFBsdwV2o4H/bNnWPydy3GXvl9DyiPyS53tIhQe0xEMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABZTr1SqVpqeu2tbTOcUw/81ojl6dZmdTst3B5br2TF/6lU0tV01tXvHC9+N/7fTV1P311XKZ6UdPB/775z/9vFQr7+iIRehc67wWcvDh4/6HZ3n045kW8AFSYI2nDbXuh7LXvDNV7om/W1tcqdzUZoGl7TDXfCyG0ZJ3ALkR+YZee2qa6vr/6/W97xt9obdbvp5jPvfb9WqayZj+azw3/no3LobHrNptfeSGLixXHMPfPFT9MQ124Zs/eou7s6Lsk4qDpJUG1cUK1Sq1WrtVp17e763XuVSvHMjMopOhMx9Q8t/stM7+QNvKZC3P//3ZKaKqmtLW3LDHw5qiuQr9aQ5Zm8///gjjuy3v7+P+/lrx4vvqak/7+RvrsxrP8fkouRseIVBi2xhsx/tdczvdCBHuuBuupqV0+ns92l6WV4sa8NqSh5CuXLU0u2NuTKZHOM1rWmNVX0sTbVUCijhjw15SrUjkJFctVKjkkgV7Yi+QpktCxHt2VU1brWtSojV2XtyNeW2tpQXba+7vV6e3qU7PfVETkqD6pOElTLZiz0fU7yz9Kw/v9nL9PP6bj+P46g/3+b5eevSWKAS9fLrv/PaelisgEAAAAAABfBSv76biXf3b8nqaeG13Qrl50WAAAAAACYouSb/+vxZDYuvSdryPV/783nBgAAAAAApsNK7rGzJC1qSe+kM9M7oSb5EcDMRecHAAAAAABeX/L9/405qZeMvbYk62gkFG4CAAAAAADgLfHbvjH2i/kYu738a/2CpLAzb/35ny8VzFqHne3vWvt2vMTez2LO/AIgalyzrmQD9SaTOUnJO8e9bmXjA2eDYFrpwL7SV3sFHeWhQWP9WsGpBOZm8j9fjEtgrZi90xd6P415P6v34UFByZK0lsWG13TLjt+8X5VtXylE7nb0yyePCv3t3HvU3S1/8ln3YZLLYTzrcD/O4+WJdArjcnmejLeQ3HMxqMULauRV/q7dWrSSeit5+2dk7xf6K5qs/b/WzTTm5mI6XTzIj0DS/lLc/mo5OWRHrf88GR3COs6ierrlgw7EkCxKSRa30phby7fSSZ5flsX3ZqRa+eQx+FyKPwHHWdT6sxi/L6x/ndkXY7KI98VqnMVf4w0NyWL1fFmcOSIAcFn2jnuhZBDzs2Psn+53X+UstzfqST6FuHf/4clanv+hl95wOCMVs+8mRtZSUnxGX05j5pScWIvXBpzRK1m/UtKQM3rlNXq3uK4/HT8DKUv7TBb/7vV696tJvb8/1at+Ga/w5dB6w2ZtJt6Fd57v/zwZAD/26e6nu09qtdW1yoeVyt2aZpNmZBP6HgDAAOOfsTM2wvrw6Kr64T8+SEsnerxvHf2koKxP9Jm6eqiV/BECS4O3upit8ytJK2evWuPYBelk7K6qWhl6VZf0pX2xtaPYWeWrnOypj2NXL/goAADwZt0c0w9P0v+v5Nfdy9cGXncv9v2kcOXME4KHxVbf8J4AAOB/hxt8ZS1Gv7GCwOt8XF1fr9rRpmsC3/mxCbz6hmu8duQGzqbd3nBNJ/Aj3/GbphNo3qu7oQm3Oh0/iEzDD0zHD73t5MnvJnv0e+i27HbkOWGn6dqhaxy/HdlOZOpe6JjO1o+aXrjpBsnKYcd1vIbn2JHnt03obwWOWzYmdN2+QK/utiOv4cXFtukEXssOdsxP/OZWyzV1N3QCrxP56Qbzurx2ww9ayWbL6p37QYcAALyNnr04ePyg2919OqJwqPExWWFu0AYvu40AAOAkemkAAAAAAAAAAAAAAAAAAAAAAL75Jrn/71yF2UE3C0pHc35xZaLtWJp2YucpFF599b+NiFk4mpPv/v6YwyFrff2XNPYiWqq0UJz+lhekyW8bnULhB3vpXhoaEy8cuGj+6FgUp//PIS48+ePxnFL/bun1er3Rq8+f3Idzoxp4slCU9HTuNQ7BJZyMALxR/wkAAP//5NA+xA==") open(&(0x7f00000000c0)='./bus\x00', 0xca942, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) 2.320459513s ago: executing program 0 (id=1285): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) keyctl$read(0xb, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0) r2 = getpid() ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$video(&(0x7f0000000080), 0x0, 0x80840) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket(0x1d, 0x2, 0x6) write$bt_hci(r5, 0x0, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(r5, 0x6a, 0x2, 0x20000000, 0x7fc) 1.48430217s ago: executing program 2 (id=1278): r0 = epoll_create1(0x0) r1 = fanotify_init(0x200, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, &(0x7f0000000440)={0x66, 0x1, 'client1\x00', 0x2, "7b06000000f99400", "b5a6753d21438c5ca95a7d36946ff4ea73820aa3358c0134137a768e1e52e700", 0x6, 0x9}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x26, 0x75b, &(0x7f0000000d40)="$eJzs3M9rHOUbAPBnptmmP/L9bgTBHwcRWmihdJM0IO2p8eKtUCh4rSGZhJBJNmQ3tRsLtp6F2lwUBFHPHr0Kpf4B3qSg4F0QrfEgXlZms0lpmt1um6Qr6ecDk3ne+fW8T3Z4swN5J4AX1pvFjyRiKCIuR0S5vT2NiMOt6EjEzY3j1h/cmCqWJJrNK78nxWmx3ixvXStpr49H65R4NSLulSLOfPR43lpjdX4yz7PldnukvrA0Umusnp1bmJzNZrPFsfELo+fHx8+Pjj+xhld6rPXkuxeO3vnhnbW1H7+t335j4GwSE626o11bj5d5Khu/k1JMtNuH2uvF/UjWR0m/OwAAQE/S9nfSgda31HIcakUAAADAQdIcbAIAAAAHXhL97gEAAACwvzb/D2Bzbu9+zYPt5Le3I2J4p/wDrTnEEUeiFBHH1pNHZiYkG6fBrty8FRF3J7bff18Xd9jNXV57dFv70TnSh3d5dfbC3WL8mdhp/Em3xp/YYfwZ2Hx3wi51Hv8e5j/UYfy73GOO7754rdQx/62I1wcey//Ww/v/SCvXTvnf6zH/7bWP73Ta1/wq4tSOf3+SR3J1eT/ExMxc3vX1A/f+OX2/W/3HOuVPute/1GP9H6z/Od9pLCnynz7R/fPfKX9xT3zS7kcaEXfa66K9ti3HiYWfvu9W/3REc6f6n/T5f9lj/b98M3i9x0MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgJY2IoUjSylacppVKxPGIeDmOpXm1Vj8zU11ZnC72RQxHKZ2Zy7PRiChvtJOiPdaKH7bPbWuPR8RLPx/dSDqXZ5Wpaj7d7+IBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYcjwihiJJKxGRRsRf5TStVCIGejh38Dn0DwAAANgjw/3uAAAAALDvPP8DAADAwfesz//JHvcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAONAuX7pULM31Bzemivb0tcbKfPXa2emsNl9ZWJmqTFWXlyqz1epsnlWmqgtPul5erS6NXYiV6yP1rFYfqTVWry5UVxbrV+cWJmezq1npuVQFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA0xpqLUlaiYi0FadppRLxv4gYjlIyM5dnoxHx/4i4Xy4NFu2xfncaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAPVdrrM5P5nm2LBAInlvwYUT8B7rRJej3yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQD/UGqvzk3meLdf63RMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6K/01iYhiOVU+ObR97+Hk73JrHRHvf37l0+uT9fryWLH9j63t9c/a28/1o/8AAADwQrj4NAdvPqdvPscDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0qtZYnZ/M82x5d8HFaKw2kw7H9LtGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg2fwbAAD//2Wnx3E=") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000000000000001}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x2, 0x1, 0x0, 0x2, 0x8, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @private}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x40}}, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001c00010000"], 0x14}}, 0x0) 571.818503ms ago: executing program 3 (id=1279): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) r3 = syz_open_dev$usbfs(0x0, 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r3, 0xc0105500, 0x0) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x317, 0x1, 0x34, 0x9}, 0x9c) 546.703516ms ago: executing program 0 (id=1280): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_triestat\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000001240)='./file2\x00', 0x8410, &(0x7f0000000480)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c666d61736b3d30313737373737373737373737373737373737373737332c73686f72746e616d653d6c6f7765722c636865636b3d7374726963742c2c756e695f786c6174653d302c726f6469722c726f6469722c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c6e6f6e756d7461696c3d302c756e695f786c6174653d312c756e695f786c6174653d312c6572726f72733d636f6e74696e75652c74696d655f6f66667365743d3078303030303030303030303030303465302c757466383d302c0077b5b28056fc4549d277ed7fab6b0be29df17f888ccab55cccc917ad315c8ea56f5a89c104f92d058b92f5881e69e06002f5914c03fefbeb09121733eaf5ded73df976fbd4cfcb8b70b0bf44da1b46bc0800000000000000f9e4ebbf71c77fc9a810ce726b8c6d6295a5f2e2b069b95ba8ecce52ded99b82923228c37d5e1ec11cdbcabb8a89cbf2cf2771d69e3cf0e6760094145e542e426bceaab9b2cf261046247bce0565db3ac5888b74efd48bc9f455e60f49496ca8137aba85fe39756814fda1f0624b33a2025792a2d47aff43355f9d23a606e1a477ccfff09befb1d0cf1599d272628028b9786e1fbfb3d637c2561421488c9d0000000094bf13ac582f6b67de0cad933631794271b2259fe5d73a74ad7da615c31505c7c0c168052d38e5b64c4bb7d0599e5dcf0000000000000000000000000000002790cf17418aa278cfc0c9d1c81c63e58b877706a808e9a51cc0d73e298db2939adc0efdab4745ab0e09ef8beaaf04e5374c2e7e4672e47fe5a25502919954242f8d779d84091f20646210edf871d3f20ad66fcf4b816323b8abb307381d4ada887dcc71e35f364baa1b93fd5ee36c02aa4628511442992ced893ab946472440b53fc08cc41403e167b1f2605e04d5f0c16ed49969b59d650d88642b10c7893fe9b664421a40f4822ffcc284dfe9aea76e4a04293c970f2dae776decf07b085e16511b0bd365b0f86c7fcd8df00a87f4dbbf8e623667e3b65e4c487055a2e5cd64402a4de537bf113fc7370099e4faebe6ea9d4f155f8f5f4c5f9b205ce1bbb16e002a19457e05a210d9e9820bc7f318ebfdfcc22f83150503b2", @ANYBLOB="d23c17f6ec95b3b820b1161ffa233394c6007d8285b061be4d1d842e4a63ec77a08347691f71d1e4132f09405a5b81867a01cf3df73c16fd31622d37a921bdbff76ef2fed6da828ab4e0f87928c18c0380050249fb6ab8e225d1"], 0x1, 0x2a0, &(0x7f00000001c0)="$eJzs3T9rA2UYAPDnkjSNOqSIiyJ4oINTaV1dGqWC2EmJoA4abAuShEILASsYO/UTOPo9/AguLn4DwVVwa4fKyeXumtSmf2hjCvb3m57ee8/zPrkX0inPffX6sL97kMTJ2e/RaiVR24qtOE9iLWpR+SEaAQD8f5xnWfyVPSSzUVt8NwDAMhT//wtP3QsAsByffPb5R52dne2P07QVr7ZPR90kIoano26x3tmPb2IQe7ER7biIyC4V8Qcf7mxHI82txVvD8aibZw6//LWs3/kzYpK/Ge1Ym5+/mRYu81+sukujs79S/dGOV+bnv/Pv/BiOo9uMt9+c6X892vHb13EQg9iNPHea//1mmr6f/Xj23Rf5Nnl+Uovu6uS+qay+pCMBAAAAAAAAAAAAAAAAAAAAAOAZWE/TpBjfM5nfk1+azM8ZdesXk/X1tDI732dczQdKqkLFfKAsyhE94yx+qubrbKRpmpU3TvMb8VrDiwUAAAAAAAAAAAAAAAAAAAAgd/Ttcb83GOwdLiSopgFUP+t/aJ2tmStvxHG/V7+54Or995qdNpD3euvN0WjEgh7LXcELeT8Lr7w6PdxPowiqg1noXi+/VxQ97vfScql6yP1ectderergfp5dasYjG2uWHWRXz7R12erVrOaCnkbzpblLf2dZdr867/5RnFF5JZmM2Ljf7itlMPcD5kHr+ln8cnPBG78y6o/+0gEAAAAAAAAAAAAAAAAAAOaa/uh3zuLJram1/6wpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFiy6fv/q6AVEVevXAvGZfJt95RBMw6PnvgjAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Az8EwAA//9I2EsX") truncate(&(0x7f0000000840)='./file1\x00', 0x2) close(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r1 = getpid() r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r2, 0xffffffffffffffff, 0x0) rmdir(0x0) fsmount(r0, 0x0, 0x1) r3 = syz_pidfd_open(r1, 0x0) setns(r3, 0x24020000) umount2(&(0x7f0000000040)='.\x00', 0x2) 316.012684ms ago: executing program 1 (id=1281): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0xfffffffffffffc7f) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) creat(0x0, 0x2a) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000780)=@newlink={0x50, 0x10, 0xffffff23, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x15610}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2a}}}]}}}, @IFLA_MTU={0x8, 0x4, 0x6}]}, 0x50}, 0x1, 0x0, 0x0, 0x20040001}, 0x8000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000100)={{0x1, 0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000780)={0x4, 0x8, 0x7f}) 0s ago: executing program 0 (id=1282): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="3c0000001800150000000000000000000a00ed000202000000000000200009801c"], 0x3c}], 0x1}, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', 0x0}) socket(0x10, 0x803, 0x0) kernel console output (not intermixed with test programs): [ 170.655103][ T6594] tipc: Disabling bearer [ 170.715617][ T6613] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 171.339875][ T6625] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 172.172965][ T5781] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.195000][ T6638] netlink: 'syz.2.182': attribute type 2 has an invalid length. [ 173.203895][ T6638] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.182'. [ 173.777839][ T6641] netlink: 32 bytes leftover after parsing attributes in process `syz.3.183'. [ 173.787324][ T6641] netlink: 32 bytes leftover after parsing attributes in process `syz.3.183'. [ 173.892413][ T6643] loop1: detected capacity change from 0 to 128 [ 174.844200][ T6653] loop0: detected capacity change from 0 to 128 [ 174.852557][ T6653] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 174.933011][ T6653] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 176.483324][ T3424] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 179.449206][ T6683] lo speed is unknown, defaulting to 1000 [ 182.494678][ T6711] tipc: Enabled bearer , priority 0 [ 183.598659][ T6714] syzkaller0: entered promiscuous mode [ 183.604156][ T6714] syzkaller0: entered allmulticast mode [ 183.838056][ T6711] tipc: Resetting bearer [ 183.866821][ T6717] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 183.873751][ T6717] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 183.888598][ T6709] tipc: Resetting bearer [ 183.920521][ T6722] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 183.945770][ T6717] vhci_hcd vhci_hcd.0: Device attached [ 183.971560][ T6722] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(7) [ 183.978161][ T6722] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 183.987103][ T6722] vhci_hcd vhci_hcd.0: Device attached [ 184.026524][ T6717] vhci_hcd vhci_hcd.0: pdev(0) rhport(3) sockfd(11) [ 184.033168][ T6717] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 184.045723][ T6717] vhci_hcd vhci_hcd.0: Device attached [ 184.082670][ T6717] vhci_hcd vhci_hcd.0: pdev(0) rhport(4) sockfd(13) [ 184.089348][ T6717] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 184.100022][ T6709] tipc: Disabling bearer [ 184.130097][ T6722] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 184.164306][ T6717] vhci_hcd vhci_hcd.0: Device attached [ 184.170165][ T5845] vhci_hcd: vhci_device speed not set [ 184.202586][ T6722] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 184.261460][ T5845] usb 33-1: new full-speed USB device number 2 using vhci_hcd [ 184.309070][ T6728] vhci_hcd: connection closed [ 184.310950][ T6719] vhci_hcd: connection reset by peer [ 184.322686][ T6731] vhci_hcd: connection closed [ 184.325016][ T6726] vhci_hcd: connection closed [ 184.359771][ T48] vhci_hcd: stop threads [ 184.410837][ T48] vhci_hcd: release socket [ 184.417969][ T48] vhci_hcd: disconnect device [ 184.434044][ T48] vhci_hcd: stop threads [ 184.443027][ T48] vhci_hcd: release socket [ 184.451052][ T48] vhci_hcd: disconnect device [ 184.486163][ T48] vhci_hcd: stop threads [ 184.490490][ T48] vhci_hcd: release socket [ 184.534196][ T48] vhci_hcd: disconnect device [ 184.579052][ T48] vhci_hcd: stop threads [ 184.592996][ T48] vhci_hcd: release socket [ 184.606121][ T48] vhci_hcd: disconnect device [ 186.866816][ T6749] loop0: detected capacity change from 0 to 512 [ 186.877074][ T6749] EXT4-fs: Ignoring removed nobh option [ 186.905645][ T6749] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #15: comm syz.0.208: iget: bad i_size value: 38620345925642 [ 186.966888][ T6749] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.208: couldn't read orphan inode 15 (err -117) [ 187.075077][ T6749] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 187.537477][ T6754] EXT4-fs error (device loop0): ext4_validate_block_bitmap:430: comm syz.0.208: bg 0: block 5: invalid block bitmap [ 187.930786][ T6754] overlayfs: failed to verify origin (/, ino=2, err=-28) [ 187.938426][ T6754] overlayfs: failed to verify upper root origin [ 188.080452][ T5781] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.066231][ T6759] loop2: detected capacity change from 0 to 1024 [ 189.278932][ T6759] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 190.267511][ T5845] vhci_hcd: vhci_device speed not set [ 190.333278][ T6769] loop3: detected capacity change from 0 to 2048 [ 191.093646][ T6769] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 192.174156][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.232755][ T6537] udevd[6537]: incorrect nilfs2 checksum on /dev/loop3 [ 192.270720][ T6778] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 192.355843][ T5789] Bluetooth: hci3: command 0x0405 tx timeout [ 192.361972][ T5785] Bluetooth: hci0: command 0x0406 tx timeout [ 192.468094][ T6783] loop2: detected capacity change from 0 to 256 [ 192.618995][ T6783] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 192.942709][ T6788] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 195.893288][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 196.339369][ T6805] UBIFS error (pid: 6805): cannot open "./file0", error -22 [ 198.065355][ T5790] Bluetooth: hci1: command 0x0406 tx timeout [ 198.201963][ T6810] netlink: 'syz.2.221': attribute type 1 has an invalid length. [ 198.389251][ T6810] 8021q: adding VLAN 0 to HW filter on device bond1 [ 198.571192][ T6817] gretap1: entered promiscuous mode [ 198.622768][ T6817] bond1: (slave gretap1): making interface the new active one [ 198.691150][ T6817] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 198.849870][ T6814] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 199.843026][ T6810] macvlan2: entered promiscuous mode [ 199.850042][ T6810] macvlan2: entered allmulticast mode [ 199.856572][ T6810] bond1: entered promiscuous mode [ 199.866862][ T6810] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 199.900693][ T6810] bond1: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 199.971955][ T6810] bond1: left promiscuous mode [ 206.718485][ T6862] loop2: detected capacity change from 0 to 128 [ 206.743324][ T6865] netlink: 24 bytes leftover after parsing attributes in process `syz.1.235'. [ 207.661847][ T6871] syz.2.234: attempt to access beyond end of device [ 207.661847][ T6871] loop2: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 208.721604][ T6865] netlink: 4 bytes leftover after parsing attributes in process `syz.1.235'. [ 210.100029][ T6880] netlink: 16 bytes leftover after parsing attributes in process `syz.0.237'. [ 210.872632][ T6882] netlink: 28 bytes leftover after parsing attributes in process `syz.2.238'. [ 210.956972][ T6889] process 'syz.0.240' launched './file0' with NULL argv: empty string added [ 211.008797][ T6889] loop0: detected capacity change from 0 to 8 [ 211.021913][ T6889] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 211.760687][ T6891] loop3: detected capacity change from 0 to 8 [ 213.212849][ T6899] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 213.734878][ T6902] SQUASHFS error: lzo decompression failed, data probably corrupt [ 213.754378][ T6902] SQUASHFS error: Failed to read block 0x0: -5 [ 213.761078][ T6902] SQUASHFS error: lzo decompression failed, data probably corrupt [ 213.769104][ T6902] SQUASHFS error: Failed to read block 0x0: -5 [ 213.777747][ T27] kauditd_printk_skb: 19 callbacks suppressed [ 213.777765][ T27] audit: type=1800 audit(1756482321.193:72): pid=6902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.241" name="file2" dev="loop3" ino=3 res=0 errno=0 [ 215.751058][ T6904] loop0: detected capacity change from 0 to 40427 [ 215.765565][ T6904] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 215.779107][ T6904] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 215.960866][ T6904] F2FS-fs (loop0): invalid crc value [ 216.026562][ T6904] F2FS-fs (loop0): Found nat_bits in checkpoint [ 216.163024][ T6930] tipc: Started in network mode [ 216.167971][ T6930] tipc: Node identity 5e917ec5153e, cluster identity 4711 [ 216.198316][ T6930] tipc: Enabled bearer , priority 0 [ 216.212667][ T6904] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 216.221182][ T6904] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 216.230090][ T6930] syzkaller0: entered promiscuous mode [ 216.235606][ T6930] syzkaller0: entered allmulticast mode [ 216.381165][ T6930] tipc: Resetting bearer [ 216.426607][ T6929] tipc: Resetting bearer [ 216.483931][ T6929] tipc: Disabling bearer [ 216.979449][ T6938] loop2: detected capacity change from 0 to 64 [ 217.340181][ T6941] tmpfs: Unknown parameter '0x0000000000000000' [ 218.133937][ T6946] gfs2: not a GFS2 filesystem [ 219.878169][ T6960] loop2: detected capacity change from 0 to 8 [ 220.219749][ T6962] SQUASHFS error: lzo decompression failed, data probably corrupt [ 220.228099][ T6962] SQUASHFS error: Failed to read block 0x0: -5 [ 220.238758][ T6962] SQUASHFS error: lzo decompression failed, data probably corrupt [ 220.246957][ T6962] SQUASHFS error: Failed to read block 0x0: -5 [ 220.922263][ T27] audit: type=1800 audit(1756482327.254:73): pid=6962 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.258" name="file2" dev="loop2" ino=3 res=0 errno=0 [ 222.421437][ T5779] Bluetooth: hci1: unexpected event for opcode 0x1004 [ 222.659227][ T6981] 9pnet_fd: p9_fd_create_unix (6981): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 223.748429][ T27] audit: type=1326 audit(1756482330.519:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6984 comm="syz.1.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 223.888934][ T27] audit: type=1326 audit(1756482330.631:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6984 comm="syz.1.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 224.615308][ T27] audit: type=1326 audit(1756482330.631:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6984 comm="syz.1.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 224.638422][ T27] audit: type=1326 audit(1756482330.631:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6984 comm="syz.1.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 224.808155][ T27] audit: type=1326 audit(1756482330.631:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6984 comm="syz.1.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 224.859749][ T27] audit: type=1326 audit(1756482330.631:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6984 comm="syz.1.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 224.943075][ T7002] loop1: detected capacity change from 0 to 8 [ 225.200982][ T27] audit: type=1326 audit(1756482330.640:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6984 comm="syz.1.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 225.223261][ T27] audit: type=1326 audit(1756482330.640:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6984 comm="syz.1.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 225.246736][ T27] audit: type=1326 audit(1756482330.640:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6984 comm="syz.1.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 225.363940][ T7004] SQUASHFS error: lzo decompression failed, data probably corrupt [ 225.372411][ T7004] SQUASHFS error: Failed to read block 0x0: -5 [ 225.379727][ T7004] SQUASHFS error: lzo decompression failed, data probably corrupt [ 225.387930][ T7004] SQUASHFS error: Failed to read block 0x0: -5 [ 226.140367][ T7009] 9pnet_fd: p9_fd_create_unix (7009): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 226.619773][ T27] kauditd_printk_skb: 31 callbacks suppressed [ 226.619813][ T27] audit: type=1326 audit(1756482333.203:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.1.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 226.823024][ T27] audit: type=1326 audit(1756482333.325:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.1.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 226.844754][ T5779] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 226.857089][ T5779] Bluetooth: hci1: Injecting HCI hardware error event [ 226.866383][ T5779] Bluetooth: hci1: hardware error 0x00 [ 226.876474][ T27] audit: type=1326 audit(1756482333.353:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.1.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 226.902040][ T7013] 9pnet_fd: p9_fd_create_unix (7013): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 226.911538][ T27] audit: type=1326 audit(1756482333.362:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.1.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 227.043598][ T27] audit: type=1326 audit(1756482333.372:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.1.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 227.069656][ T27] audit: type=1326 audit(1756482333.381:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.1.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 227.095395][ T27] audit: type=1326 audit(1756482333.381:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.1.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 227.118838][ T27] audit: type=1326 audit(1756482333.381:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.1.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 227.141791][ T27] audit: type=1326 audit(1756482333.390:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.1.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 227.165246][ T27] audit: type=1326 audit(1756482333.390:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.1.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 228.401315][ T7026] tipc: Enabled bearer , priority 0 [ 228.410447][ T7026] syzkaller0: entered promiscuous mode [ 228.416485][ T7026] syzkaller0: entered allmulticast mode [ 228.624128][ T7026] tipc: Resetting bearer [ 228.681135][ T7025] tipc: Resetting bearer [ 229.653661][ T5779] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 229.937093][ T5845] tipc: Node number set to 130999319 [ 230.053126][ T7025] tipc: Disabling bearer [ 233.040282][ T7067] 9pnet_fd: p9_fd_create_unix (7067): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 233.095109][ T7068] 9pnet_fd: p9_fd_create_unix (7068): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 233.683960][ C0] hrtimer: interrupt took 74878 ns [ 234.302308][ T7071] netlink: 'syz.1.282': attribute type 12 has an invalid length. [ 234.516312][ T7080] netlink: 80 bytes leftover after parsing attributes in process `syz.2.288'. [ 234.583282][ T7080] netlink: 80 bytes leftover after parsing attributes in process `syz.2.288'. [ 235.527110][ T7086] loop0: detected capacity change from 0 to 512 [ 235.553688][ T7086] EXT4-fs: Ignoring removed bh option [ 235.718431][ T7091] loop3: detected capacity change from 0 to 2048 [ 235.732077][ T7091] UDF-fs: bad mount option "uid=00000000000000000000¸DÝy¤¶" or missing value [ 236.285380][ T7086] EXT4-fs error (device loop0): __ext4_iget:5053: inode #15: block 1803188595: comm syz.0.292: invalid block [ 236.850567][ T7086] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.292: couldn't read orphan inode 15 (err -117) [ 236.888499][ T7086] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 237.048214][ T5781] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.408996][ T7104] 9pnet_fd: p9_fd_create_unix (7104): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 238.629770][ T7117] 9pnet_fd: p9_fd_create_unix (7117): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 239.052262][ T7119] lo speed is unknown, defaulting to 1000 [ 240.556591][ T7128] netlink: 'syz.1.300': attribute type 1 has an invalid length. [ 241.087192][ T7128] 8021q: adding VLAN 0 to HW filter on device bond2 [ 242.224856][ T7129] bond2: (slave ip6erspan0): making interface the new active one [ 242.236697][ T7129] bond2: (slave ip6erspan0): Enslaving as an active interface with an up link [ 242.271184][ T7131] gretap1: entered promiscuous mode [ 242.282058][ T7131] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 242.297013][ T7133] macvlan2: entered promiscuous mode [ 242.305921][ T7133] macvlan2: entered allmulticast mode [ 242.314311][ T7133] bond2: entered promiscuous mode [ 242.319386][ T7133] ip6erspan0: entered promiscuous mode [ 242.326448][ T7133] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 242.366457][ T7133] bond2: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 242.436872][ T7133] bond2: left promiscuous mode [ 242.460307][ T7133] ip6erspan0: left promiscuous mode [ 247.127736][ T7171] loop1: detected capacity change from 0 to 64 [ 247.213156][ T7174] 9pnet_fd: p9_fd_create_unix (7174): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 247.767949][ T7171] tmpfs: Unknown parameter '0x0000000000000000' [ 248.429454][ T7184] netlink: 'syz.3.314': attribute type 1 has an invalid length. [ 248.505427][ T7184] 8021q: adding VLAN 0 to HW filter on device bond1 [ 248.602521][ T7186] bond1: (slave ip6erspan0): making interface the new active one [ 248.653811][ T7186] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 249.097916][ T7184] gretap1: entered promiscuous mode [ 249.113061][ T7184] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 249.183102][ T7184] macvlan2: entered promiscuous mode [ 249.201123][ T7184] macvlan2: entered allmulticast mode [ 249.232456][ T7184] bond1: entered promiscuous mode [ 249.260045][ T7184] ip6erspan0: entered promiscuous mode [ 249.279195][ T7184] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 249.287394][ T7184] bond1: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 249.324807][ T7184] bond1: left promiscuous mode [ 249.329653][ T7184] ip6erspan0: left promiscuous mode [ 249.389007][ T7194] loop1: detected capacity change from 0 to 128 [ 249.584645][ T7193] tipc: Enabled bearer , priority 0 [ 249.595470][ T7193] syzkaller0: entered promiscuous mode [ 249.600999][ T7193] syzkaller0: entered allmulticast mode [ 249.627628][ T27] kauditd_printk_skb: 33 callbacks suppressed [ 249.627644][ T27] audit: type=1326 audit(1756482354.727:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7196 comm="syz.2.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84c158ebe9 code=0x7ffc0000 [ 249.663026][ T27] audit: type=1326 audit(1756482354.727:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7196 comm="syz.2.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84c158ebe9 code=0x7ffc0000 [ 249.689338][ T27] audit: type=1326 audit(1756482354.727:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7196 comm="syz.2.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f84c158ebe9 code=0x7ffc0000 [ 250.135947][ T7200] syz.1.316: attempt to access beyond end of device [ 250.135947][ T7200] loop1: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 250.381179][ T27] audit: type=1326 audit(1756482354.727:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7196 comm="syz.2.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84c158ebe9 code=0x7ffc0000 [ 250.774771][ T27] audit: type=1326 audit(1756482354.727:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7196 comm="syz.2.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84c158ebe9 code=0x7ffc0000 [ 250.804632][ T7193] tipc: Resetting bearer [ 250.864711][ T7191] tipc: Resetting bearer [ 250.907749][ T27] audit: type=1326 audit(1756482354.727:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7196 comm="syz.2.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f84c158ebe9 code=0x7ffc0000 [ 250.979144][ T7191] tipc: Disabling bearer [ 250.995240][ T27] audit: type=1326 audit(1756482354.727:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7196 comm="syz.2.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84c158ebe9 code=0x7ffc0000 [ 251.072882][ T27] audit: type=1326 audit(1756482354.727:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7196 comm="syz.2.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f84c158ebe9 code=0x7ffc0000 [ 251.095418][ T27] audit: type=1326 audit(1756482354.727:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7196 comm="syz.2.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84c158ebe9 code=0x7ffc0000 [ 251.132819][ T27] audit: type=1326 audit(1756482354.727:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7196 comm="syz.2.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84c158ebe9 code=0x7ffc0000 [ 252.761268][ T5846] IPVS: starting estimator thread 0... [ 252.981823][ T7217] 9pnet_fd: p9_fd_create_unix (7217): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 253.280092][ T7218] IPVS: using max 17 ests per chain, 40800 per kthread [ 254.263708][ T7230] netlink: 24 bytes leftover after parsing attributes in process `syz.2.335'. [ 254.655264][ T7241] loop3: detected capacity change from 0 to 128 [ 254.680803][ T7238] netlink: 4 bytes leftover after parsing attributes in process `syz.2.335'. [ 255.954268][ T7246] syz.3.329: attempt to access beyond end of device [ 255.954268][ T7246] loop3: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 256.660268][ T7250] tipc: Enabled bearer , priority 0 [ 256.804309][ T7250] syzkaller0: entered promiscuous mode [ 256.813394][ T7250] syzkaller0: entered allmulticast mode [ 256.938362][ T7255] netlink: 'syz.0.331': attribute type 3 has an invalid length. [ 256.948363][ T7255] netlink: 16 bytes leftover after parsing attributes in process `syz.0.331'. [ 257.729633][ T28] tipc: Node number set to 1988194412 [ 257.769632][ T7264] tipc: Resetting bearer [ 258.017332][ T7247] tipc: Resetting bearer [ 258.224746][ T7270] 9pnet_fd: p9_fd_create_unix (7270): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 262.197215][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 262.338262][ T7247] tipc: Disabling bearer [ 263.986762][ T7291] netlink: 28 bytes leftover after parsing attributes in process `syz.1.350'. [ 264.002375][ T7291] netlink: 8 bytes leftover after parsing attributes in process `syz.1.350'. [ 264.021102][ T7291] netlink: 'syz.1.350': attribute type 10 has an invalid length. [ 264.032314][ T7291] bridge0: port 3(team0) entered blocking state [ 264.039416][ T7291] bridge0: port 3(team0) entered disabled state [ 264.046552][ T7291] team0: entered allmulticast mode [ 264.052085][ T7291] team_slave_0: entered allmulticast mode [ 264.113191][ T7291] team_slave_1: entered allmulticast mode [ 264.131969][ T7291] team0: entered promiscuous mode [ 264.162607][ T7291] team_slave_0: entered promiscuous mode [ 264.168699][ T7291] team_slave_1: entered promiscuous mode [ 264.182646][ T7291] bridge0: port 3(team0) entered blocking state [ 264.189139][ T7291] bridge0: port 3(team0) entered forwarding state [ 264.196957][ T7294] netlink: 24 bytes leftover after parsing attributes in process `syz.3.341'. [ 264.248704][ T7297] (null): rxe_set_mtu: Set mtu to 256 [ 264.269127][ T7297] rdma_rxe: rxe_newlink: failed to add lo [ 264.778716][ T7297] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 265.243619][ T7294] netlink: 4 bytes leftover after parsing attributes in process `syz.3.341'. [ 265.534395][ T7304] loop0: detected capacity change from 0 to 128 [ 266.650948][ T7309] syz.0.344: attempt to access beyond end of device [ 266.650948][ T7309] loop0: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 267.605913][ T7317] tipc: Enabled bearer , priority 0 [ 267.614853][ T7317] syzkaller0: entered promiscuous mode [ 267.620908][ T7317] syzkaller0: entered allmulticast mode [ 267.700201][ T7317] tipc: Resetting bearer [ 267.748899][ T7316] tipc: Resetting bearer [ 268.431741][ T7316] tipc: Disabling bearer [ 273.317261][ T7363] loop0: detected capacity change from 0 to 2048 [ 273.644648][ T7363] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 273.675610][ T6492] udevd[6492]: incorrect nilfs2 checksum on /dev/loop0 [ 275.060594][ T7366] loop1: detected capacity change from 0 to 40427 [ 275.165883][ T7368] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 275.277335][ T7367] syz.1.362 (7367): drop_caches: 2 [ 275.381695][ T7366] F2FS-fs (loop1): Unrecognized mount option "18446744073709551615" or missing value [ 275.707440][ T7370] netlink: 28 bytes leftover after parsing attributes in process `syz.3.364'. [ 275.727904][ T7370] netlink: 8 bytes leftover after parsing attributes in process `syz.3.364'. [ 275.824877][ T7373] loop2: detected capacity change from 0 to 1024 [ 275.861203][ T7370] netlink: 'syz.3.364': attribute type 10 has an invalid length. [ 275.896764][ T7370] bridge0: port 3(team0) entered blocking state [ 275.924215][ T7370] bridge0: port 3(team0) entered disabled state [ 275.965076][ T7370] team0: entered allmulticast mode [ 275.988775][ T7370] team_slave_0: entered allmulticast mode [ 276.015856][ T7370] team_slave_1: entered allmulticast mode [ 276.047286][ T7370] team0: entered promiscuous mode [ 276.076071][ T7370] team_slave_0: entered promiscuous mode [ 276.103464][ T7370] team_slave_1: entered promiscuous mode [ 276.133192][ T7370] bridge0: port 3(team0) entered blocking state [ 276.139770][ T7370] bridge0: port 3(team0) entered forwarding state [ 276.930580][ T6052] hfsplus: b-tree write err: -5, ino 4 [ 279.062304][ T7399] dummy0: entered promiscuous mode [ 279.077558][ T7399] vlan2: entered promiscuous mode [ 279.720522][ T7406] loop2: detected capacity change from 0 to 512 [ 279.756926][ T7406] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #2: block 3: comm syz.2.371: lblock 0 mapped to illegal pblock 3 (length 1) [ 279.774309][ T7406] EXT4-fs (loop2): Remounting filesystem read-only [ 279.780914][ T7406] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.371: error -117 reading directory block [ 279.796055][ T7406] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 279.805670][ T7406] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 280.084054][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 283.882176][ T7431] loop2: detected capacity change from 0 to 2048 [ 283.941003][ T5779] Bluetooth: hci3: command 0x0405 tx timeout [ 284.129196][ T7431] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 284.378665][ T7436] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 284.404438][ T6492] udevd[6492]: incorrect nilfs2 checksum on /dev/loop2 [ 285.292976][ T7450] netlink: 24 bytes leftover after parsing attributes in process `syz.0.382'. [ 285.359012][ T7449] dummy0: entered promiscuous mode [ 285.376155][ T7449] vlan2: entered promiscuous mode [ 285.493622][ T7450] netlink: 4 bytes leftover after parsing attributes in process `syz.0.382'. [ 286.883200][ T7456] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 286.893631][ T7468] loop1: detected capacity change from 0 to 256 [ 287.005310][ T7468] FAT-fs (loop1): Directory bread(block 64) failed [ 287.025790][ T7468] FAT-fs (loop1): Directory bread(block 65) failed [ 287.043314][ T7468] FAT-fs (loop1): Directory bread(block 66) failed [ 287.070012][ T7468] FAT-fs (loop1): Directory bread(block 67) failed [ 287.078397][ T7468] FAT-fs (loop1): Directory bread(block 68) failed [ 287.085297][ T7468] FAT-fs (loop1): Directory bread(block 69) failed [ 287.091997][ T7468] FAT-fs (loop1): Directory bread(block 70) failed [ 287.101112][ T7468] FAT-fs (loop1): Directory bread(block 71) failed [ 287.113861][ T7468] FAT-fs (loop1): Directory bread(block 72) failed [ 287.129637][ T7468] FAT-fs (loop1): Directory bread(block 73) failed [ 287.272208][ T27] kauditd_printk_skb: 66 callbacks suppressed [ 287.272225][ T27] audit: type=1800 audit(1756482389.935:233): pid=7468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.390" name="cpu.stat" dev="loop1" ino=1048598 res=0 errno=0 [ 287.325214][ T7468] FAT-fs (loop1): error, invalid access to FAT (entry 0x00006c61) [ 288.389967][ T7482] @: renamed from vlan0 (while UP) [ 289.300172][ T7492] loop0: detected capacity change from 0 to 128 [ 289.307907][ T7492] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 290.176975][ T7492] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 292.155829][ T7420] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 293.180953][ T7510] loop3: detected capacity change from 0 to 16 [ 293.220394][ T7510] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 293.233274][ T7509] loop1: detected capacity change from 0 to 2048 [ 293.267932][ T7509] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 294.396847][ T6537] udevd[6537]: incorrect nilfs2 checksum on /dev/loop1 [ 294.484162][ T7518] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096 [ 296.167982][ T7509] NILFS (loop1): error -4 creating segctord thread [ 297.627020][ T7530] (null): rxe_set_mtu: Set mtu to 4096 [ 297.637340][ T7530] rdma_rxe: rxe_newlink: failed to add lo [ 297.672739][ T7530] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 303.301507][ T7568] loop2: detected capacity change from 0 to 40427 [ 303.330585][ T7567] syz.2.415 (7567): drop_caches: 2 [ 303.870111][ T7568] F2FS-fs (loop2): Unrecognized mount option "18446744073709551615" or missing value [ 305.469660][ T7576] (null): rxe_set_mtu: Set mtu to 4096 [ 305.487184][ T7576] rdma_rxe: rxe_newlink: failed to add lo [ 305.774958][ T7583] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 308.689831][ T5779] Bluetooth: hci0: command 0x0406 tx timeout [ 309.152440][ T7609] loop1: detected capacity change from 0 to 4096 [ 310.558431][ T7620] loop0: detected capacity change from 0 to 512 [ 310.569556][ T7620] EXT4-fs: Ignoring removed orlov option [ 310.575655][ T7620] ext4: Unknown parameter 'fsmagic' [ 310.758960][ T6537] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 314.172236][ T7636] syz.3.427 (7636): drop_caches: 2 [ 314.219272][ T7637] loop3: detected capacity change from 0 to 40427 [ 314.227309][ T7637] F2FS-fs (loop3): Unrecognized mount option "18446744073709551615" or missing value [ 315.573303][ T6492] I/O error, dev loop3, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 318.328905][ T7664] netlink: 28 bytes leftover after parsing attributes in process `syz.1.438'. [ 318.581408][ T7667] loop2: detected capacity change from 0 to 256 [ 318.661744][ T7667] FAT-fs (loop2): Directory bread(block 64) failed [ 318.684342][ T7667] FAT-fs (loop2): Directory bread(block 65) failed [ 318.706218][ T7667] FAT-fs (loop2): Directory bread(block 66) failed [ 318.745380][ T7667] FAT-fs (loop2): Directory bread(block 67) failed [ 318.774970][ T7667] FAT-fs (loop2): Directory bread(block 68) failed [ 318.784340][ T7667] FAT-fs (loop2): Directory bread(block 69) failed [ 318.795842][ T7667] FAT-fs (loop2): Directory bread(block 70) failed [ 318.806981][ T7667] FAT-fs (loop2): Directory bread(block 71) failed [ 318.816968][ T7667] FAT-fs (loop2): Directory bread(block 72) failed [ 318.828647][ T7667] FAT-fs (loop2): Directory bread(block 73) failed [ 319.178021][ T7667] FAT-fs (loop2): error, invalid access to FAT (entry 0x00006c61) [ 319.209289][ T27] audit: type=1800 audit(1756482419.793:234): pid=7667 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.439" name="cpu.stat" dev="loop2" ino=1048600 res=0 errno=0 [ 319.436086][ T7683] loop2: detected capacity change from 0 to 128 [ 319.519658][ T7683] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 319.643916][ T7683] ext4 filesystem being mounted at /117/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 319.993252][ T7689] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 320.883210][ T5782] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 321.598037][ T7695] loop2: detected capacity change from 0 to 1024 [ 321.815981][ T7698] loop0: detected capacity change from 0 to 2048 [ 321.891908][ T7698] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 322.071902][ T42] hfsplus: b-tree write err: -5, ino 4 [ 327.047647][ T7744] syz.0.454 (7744): drop_caches: 2 [ 327.458304][ T7744] loop0: detected capacity change from 0 to 40427 [ 327.524750][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 327.602366][ T7744] F2FS-fs (loop0): Unrecognized mount option "18446744073709551615" or missing value [ 328.836733][ T7748] loop1: detected capacity change from 0 to 2048 [ 329.175179][ T7748] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 329.320191][ T7754] loop0: detected capacity change from 0 to 512 [ 329.410310][ T7754] EXT4-fs: Ignoring removed orlov option [ 329.417734][ T7754] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 329.488068][ T7754] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002] [ 329.532662][ T7754] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2244: inode #15: comm syz.0.458: corrupted in-inode xattr: e_value size too large [ 329.554733][ T7754] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.458: couldn't read orphan inode 15 (err -117) [ 329.580312][ T7754] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 330.514811][ T5781] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 331.073068][ T7769] loop2: detected capacity change from 0 to 512 [ 331.082501][ T7769] EXT4-fs: Ignoring removed orlov option [ 331.091445][ T7769] ext4: Unknown parameter 'fsmagic' [ 332.417005][ T12] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 332.441136][ T12] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 70 with error 28 [ 332.896318][ T12] EXT4-fs (loop1): This should not happen!! Data will be lost [ 332.896318][ T12] [ 332.966261][ T12] EXT4-fs (loop1): Total free blocks count 0 [ 333.012082][ T12] EXT4-fs (loop1): Free/Dirty block details [ 333.056295][ T12] EXT4-fs (loop1): free_blocks=2415919504 [ 333.092485][ T12] EXT4-fs (loop1): dirty_blocks=80 [ 333.181346][ T12] EXT4-fs (loop1): Block reservation details [ 333.200415][ T12] EXT4-fs (loop1): i_reserved_data_blocks=5 [ 333.288944][ T5778] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 334.350163][ T7789] loop3: detected capacity change from 0 to 16 [ 334.397390][ T7789] erofs: (device loop3): erofs_read_inode: unsupported i_format 32 of nid 36 [ 335.779402][ T5846] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 336.656311][ T5846] usb 2-1: Using ep0 maxpacket: 16 [ 336.665021][ T5846] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 336.675314][ T5846] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 336.687273][ T5846] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 336.696412][ T5846] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 336.704502][ T5846] usb 2-1: Product: syz [ 336.708683][ T5846] usb 2-1: Manufacturer: syz [ 336.713651][ T5846] usb 2-1: SerialNumber: syz [ 337.676577][ T7821] loop2: detected capacity change from 0 to 128 [ 337.887610][ T7821] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 337.901071][ T7821] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 338.179340][ T5846] usb 2-1: 0:2 : does not exist [ 338.538070][ T5846] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 339.199238][ T5846] usb 2-1: USB disconnect, device number 3 [ 339.372137][ T7829] loop3: detected capacity change from 0 to 2048 [ 340.097975][ T7829] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 340.731705][ T6492] udevd[6492]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 343.460838][ T7861] loop0: detected capacity change from 0 to 1024 [ 343.483334][ T75] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 343.541780][ T75] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 16 with error 28 [ 343.580896][ T75] EXT4-fs (loop3): This should not happen!! Data will be lost [ 343.580896][ T75] [ 343.870462][ T75] EXT4-fs (loop3): Total free blocks count 0 [ 343.877989][ T75] EXT4-fs (loop3): Free/Dirty block details [ 343.887643][ T75] EXT4-fs (loop3): free_blocks=2415919504 [ 344.418725][ T75] EXT4-fs (loop3): dirty_blocks=32 [ 344.433377][ T75] EXT4-fs (loop3): Block reservation details [ 344.441132][ T75] EXT4-fs (loop3): i_reserved_data_blocks=2 [ 344.468291][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 344.622712][ T12] hfsplus: b-tree write err: -5, ino 4 [ 345.736935][ T7885] vlan0: entered promiscuous mode [ 348.517559][ T7908] loop2: detected capacity change from 0 to 2048 [ 348.716850][ T7908] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 349.022691][ T7898] GUP no longer grows the stack in syz.3.494 (7898): 200000004000-20000000a000 (200000002000) [ 349.591603][ T7898] CPU: 0 PID: 7898 Comm: syz.3.494 Not tainted syzkaller #0 [ 349.598972][ T7898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 349.609055][ T7898] Call Trace: [ 349.612363][ T7898] [ 349.615318][ T7898] dump_stack_lvl+0x16c/0x230 [ 349.620041][ T7898] ? show_regs_print_info+0x20/0x20 [ 349.625276][ T7898] ? load_image+0x3b0/0x3b0 [ 349.629798][ T7898] ? find_vma+0x12e/0x1b0 [ 349.634175][ T7898] __get_user_pages+0xfb9/0x1470 [ 349.639174][ T7898] ? populate_vma_page_range+0x370/0x370 [ 349.644854][ T7898] get_user_pages_remote+0x3de/0xc10 [ 349.650192][ T7898] ? get_dump_page+0x200/0x200 [ 349.655000][ T7898] __access_remote_vm+0x1ff/0x570 [ 349.660079][ T7898] ? generic_access_phys+0x650/0x650 [ 349.665435][ T7898] ? alloc_pages+0x4dc/0x740 [ 349.670053][ T7898] ? do_raw_spin_unlock+0x121/0x230 [ 349.675279][ T7898] proc_pid_cmdline_read+0x551/0x830 [ 349.680593][ T7898] ? _raw_spin_unlock+0x40/0x40 [ 349.685470][ T7898] ? comm_show+0x150/0x150 [ 349.689898][ T7898] ? common_file_perm+0xa0/0x1f0 [ 349.694843][ T7898] ? fsnotify_perm+0x271/0x5e0 [ 349.699630][ T7898] do_iter_read+0x506/0xc80 [ 349.704161][ T7898] ? comm_show+0x150/0x150 [ 349.708599][ T7898] ? vfs_iter_read+0xa0/0xa0 [ 349.713209][ T7898] ? __import_iovec+0x5f2/0x860 [ 349.718086][ T7898] ? import_iovec+0x73/0xa0 [ 349.722613][ T7898] do_preadv+0x1fa/0x330 [ 349.726876][ T7898] ? do_writev+0x410/0x410 [ 349.731432][ T7898] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 349.737431][ T7898] ? lock_chain_count+0x20/0x20 [ 349.742298][ T7898] ? lockdep_hardirqs_on+0x98/0x150 [ 349.747518][ T7898] do_syscall_64+0x55/0xb0 [ 349.751949][ T7898] ? clear_bhb_loop+0x40/0x90 [ 349.756633][ T7898] ? clear_bhb_loop+0x40/0x90 [ 349.761317][ T7898] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 349.767226][ T7898] RIP: 0033:0x7f869c58ebe9 [ 349.771648][ T7898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 349.791269][ T7898] RSP: 002b:00007f869d3d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 349.799697][ T7898] RAX: ffffffffffffffda RBX: 00007f869c7b6090 RCX: 00007f869c58ebe9 [ 349.807682][ T7898] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000009 [ 349.815758][ T7898] RBP: 00007f869c611e19 R08: 0000000000000000 R09: 0000000000000000 [ 349.823912][ T7898] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 349.831889][ T7898] R13: 00007f869c7b6128 R14: 00007f869c7b6090 R15: 00007ffdcbe6a708 [ 349.839880][ T7898] [ 349.842997][ C0] vkms_vblank_simulate: vblank timer overrun [ 350.327932][ T7911] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 351.344911][ T5779] Bluetooth: hci0: command 0x0406 tx timeout [ 351.857048][ T75] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 42 with error 28 [ 351.955187][ T75] EXT4-fs (loop2): This should not happen!! Data will be lost [ 351.955187][ T75] [ 352.131051][ T75] EXT4-fs (loop2): Total free blocks count 0 [ 353.126508][ T75] EXT4-fs (loop2): Free/Dirty block details [ 353.227218][ T75] EXT4-fs (loop2): free_blocks=2415919504 [ 353.233209][ T75] EXT4-fs (loop2): dirty_blocks=48 [ 353.238621][ T75] EXT4-fs (loop2): Block reservation details [ 353.245136][ T75] EXT4-fs (loop2): i_reserved_data_blocks=3 [ 353.367708][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 354.519615][ T7949] netlink: 12 bytes leftover after parsing attributes in process `syz.2.510'. [ 357.411011][ T7956] loop2: detected capacity change from 0 to 512 [ 357.458252][ T7956] EXT4-fs: Ignoring removed bh option [ 357.619105][ T7956] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 357.694372][ T7956] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 357.723480][ T7956] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 358.478574][ T7956] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 358.513689][ T7956] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 358.571777][ T7956] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 359.855246][ T7981] syz.1.514 uses obsolete (PF_INET,SOCK_PACKET) [ 360.047023][ T7983] loop0: detected capacity change from 0 to 65 [ 360.119137][ T7983] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop0 [ 360.130488][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 360.556004][ T7988] netlink: 20 bytes leftover after parsing attributes in process `syz.3.516'. [ 361.091659][ T5845] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 362.229944][ T5845] usb 2-1: unable to get BOS descriptor or descriptor too short [ 362.251954][ T5845] usb 2-1: not running at top speed; connect to a high speed hub [ 362.337134][ T5845] usb 2-1: config 8 has an invalid interface number: 11 but max is 0 [ 362.399511][ T8001] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 362.406103][ T8001] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 362.427729][ T8001] vhci_hcd vhci_hcd.0: Device attached [ 362.442486][ T5845] usb 2-1: config 8 has an invalid descriptor of length 4, skipping remainder of the config [ 362.593786][ T5845] usb 2-1: config 8 has no interface number 0 [ 362.709353][ T5845] usb 2-1: config 8 interface 11 has no altsetting 0 [ 362.867443][ T787] usb 33-1: new high-speed USB device number 3 using vhci_hcd [ 362.935977][ T5845] usb 2-1: Dual-Role OTG device on HNP port [ 363.029025][ T5845] usb 2-1: New USB device found, idVendor=08e9, idProduct=bdb3, bcdDevice=7c.ff [ 363.141533][ T5845] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 363.267984][ T5845] usb 2-1: Product: syz [ 363.330124][ T5845] usb 2-1: Manufacturer: syz [ 363.430465][ T5845] usb 2-1: SerialNumber: syz [ 364.252522][ T5845] usb 2-1: can't set config #8, error -71 [ 364.378872][ T5845] usb 2-1: USB disconnect, device number 4 [ 364.884349][ T8010] tipc: Enabled bearer , priority 0 [ 364.921256][ T8010] tipc: Resetting bearer [ 365.247664][ T8002] vhci_hcd: connection reset by peer [ 365.290115][ T8008] tipc: Disabling bearer [ 365.295063][ T12] vhci_hcd: stop threads [ 365.314072][ T12] vhci_hcd: release socket [ 365.357787][ T12] vhci_hcd: disconnect device [ 366.384882][ T8022] loop3: detected capacity change from 0 to 64 [ 366.593768][ T8026] loop2: detected capacity change from 0 to 1024 [ 370.342061][ T787] vhci_hcd: vhci_device speed not set [ 370.460964][ T8039] loop0: detected capacity change from 0 to 512 [ 371.452592][ T8039] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #16: comm syz.0.527: corrupted inode contents [ 371.472066][ T8039] EXT4-fs error (device loop0): ext4_dirty_inode:6106: inode #16: comm syz.0.527: mark_inode_dirty error [ 371.507139][ T8039] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #16: comm syz.0.527: corrupted inode contents [ 371.521868][ T8039] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm syz.0.527: mark_inode_dirty error [ 371.560327][ T8039] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #16: comm syz.0.527: corrupted inode contents [ 371.582138][ T8039] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem [ 371.592662][ T8039] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #16: comm syz.0.527: corrupted inode contents [ 371.608596][ T8039] EXT4-fs error (device loop0): ext4_truncate:4288: inode #16: comm syz.0.527: mark_inode_dirty error [ 371.632523][ T8039] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem [ 371.656491][ T8039] EXT4-fs (loop0): 1 truncate cleaned up [ 371.668284][ T8039] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 371.681603][ T8039] ext4 filesystem being mounted at /132/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 372.236246][ T70] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 372.250831][ T70] EXT4-fs error (device loop0): ext4_release_dquot:6976: comm kworker/u4:5: Failed to release dquot type 1 [ 372.303872][ T5781] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 373.276411][ T8058] loop1: detected capacity change from 0 to 16 [ 373.298064][ T8058] erofs: (device loop1): erofs_read_inode: unsupported i_format 32 of nid 36 [ 375.387484][ T8082] loop0: detected capacity change from 0 to 128 [ 375.437829][ T8082] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 375.603662][ T8082] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 376.187603][ T8089] loop1: detected capacity change from 0 to 128 [ 376.265629][ T8089] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 376.299582][ T8089] ext4 filesystem being mounted at /129/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 378.241780][ T5778] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 378.510249][ T8115] usb usb7: usbfs: process 8115 (syz.2.548) did not claim interface 0 before use [ 378.562431][ T8121] loop3: detected capacity change from 0 to 65 [ 378.597991][ T8121] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop3 [ 378.728274][ T6492] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 387.311751][ T8164] loop1: detected capacity change from 0 to 40427 [ 387.500238][ T8164] F2FS-fs (loop1): Unrecognized mount option "18446744073709551615" or missing value [ 392.436787][ T27] audit: type=1326 audit(1756482488.208:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8194 comm="syz.1.570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 392.595235][ T27] audit: type=1326 audit(1756482488.208:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8194 comm="syz.1.570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7ffc0000 [ 392.656740][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 393.744142][ T8210] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 394.323543][ T8219] tipc: Enabled bearer , priority 0 [ 394.443141][ T8219] syzkaller0: entered promiscuous mode [ 394.448639][ T8219] syzkaller0: entered allmulticast mode [ 395.215548][ T8225] tipc: Resetting bearer [ 395.290147][ T8218] tipc: Resetting bearer [ 395.376294][ T8218] tipc: Disabling bearer [ 395.437748][ T8229] syzkaller0: entered promiscuous mode [ 395.446155][ T8229] syzkaller0: entered allmulticast mode [ 395.470101][ T8229] tipc: Enabled bearer , priority 0 [ 395.530114][ T8229] tipc: Resetting bearer [ 395.588206][ T8228] tipc: Resetting bearer [ 398.134609][ T8228] tipc: Disabling bearer [ 399.653774][ T8252] loop1: detected capacity change from 0 to 2048 [ 399.764831][ T8252] EXT4-fs (loop1): mounted filesystem 00000800-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 399.801837][ T8254] netlink: 'syz.3.585': attribute type 10 has an invalid length. [ 400.744030][ T8254] 8021q: adding VLAN 0 to HW filter on device bond0 [ 400.833443][ T8254] bond0: entered promiscuous mode [ 400.852595][ T8254] bond_slave_0: entered promiscuous mode [ 400.938921][ T8254] bond_slave_1: entered promiscuous mode [ 400.987351][ T8254] bond0: entered allmulticast mode [ 400.993122][ T8254] bond_slave_0: entered allmulticast mode [ 401.033591][ T8254] bond_slave_1: entered allmulticast mode [ 401.162400][ T8254] team0: Port device bond0 added [ 402.138088][ T5778] EXT4-fs (loop1): unmounting filesystem 00000800-0000-0000-0000-000000000000. [ 403.555134][ T8281] block device autoloading is deprecated and will be removed. [ 404.809434][ T8284] batman_adv: batadv0: Adding interface: dummy0 [ 404.867475][ T8284] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 405.121123][ T8284] batman_adv: batadv0: Interface activated: dummy0 [ 405.510905][ T8296] loop2: detected capacity change from 0 to 512 [ 405.585979][ T8296] EXT4-fs error (device loop2): ext4_orphan_get:1425: comm syz.2.594: bad orphan inode 11862016 [ 405.603412][ T8303] loop1: detected capacity change from 0 to 128 [ 405.724955][ T8296] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 405.900678][ T8296] ext4 filesystem being mounted at /158/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 407.655278][ T8318] netlink: 20 bytes leftover after parsing attributes in process `syz.1.599'. [ 407.703273][ T8314] loop3: detected capacity change from 0 to 2048 [ 407.833715][ T8314] EXT4-fs (loop3): mounted filesystem 00000800-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 407.846400][ T27] audit: type=1804 audit(1756482502.688:237): pid=8296 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.594" name="/newroot/158/file1/file1" dev="loop2" ino=18 res=1 errno=0 [ 408.066436][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 408.859375][ T8334] netlink: 8 bytes leftover after parsing attributes in process `syz.2.601'. [ 409.758543][ T8321] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 411.610857][ T5787] EXT4-fs (loop3): unmounting filesystem 00000800-0000-0000-0000-000000000000. [ 413.797675][ T8371] Option 'TX¼÷Æ®€' to dns_resolver key: bad/missing value [ 421.463225][ T8413] loop1: detected capacity change from 0 to 2048 [ 421.579760][ T8413] NILFS (loop1): unrecognized mount option "cp=0x0000000000000003±£ø¢þápô" [ 427.492603][ T8448] netlink: 6336 bytes leftover after parsing attributes in process `syz.3.632'. [ 428.461105][ T8460] loop0: detected capacity change from 0 to 2048 [ 428.533353][ T8460] EXT4-fs (loop0): mounted filesystem 00000800-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 431.759106][ T5781] EXT4-fs (loop0): unmounting filesystem 00000800-0000-0000-0000-000000000000. [ 431.921317][ T8479] loop3: detected capacity change from 0 to 8192 [ 432.068578][ T8479] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 432.088691][ T8479] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 432.959618][ T8479] REISERFS (device loop3): using ordered data mode [ 432.966270][ T8479] reiserfs: using flush barriers [ 433.015798][ T8479] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 433.054004][ T8479] REISERFS (device loop3): checking transaction log (loop3) [ 433.127435][ T8479] REISERFS (device loop3): Using r5 hash to sort names [ 433.381537][ T8479] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 435.946519][ T8500] netlink: 16 bytes leftover after parsing attributes in process `syz.0.644'. [ 443.194183][ T8548] loop1: detected capacity change from 0 to 256 [ 443.443406][ T8550] Driver unsupported XDP return value 0 on prog (id 238) dev N/A, expect packet loss! [ 444.522432][ T8563] loop2: detected capacity change from 0 to 16 [ 444.838379][ T8563] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 447.609324][ T8586] loop1: detected capacity change from 0 to 512 [ 447.625287][ T8586] EXT4-fs: Ignoring removed bh option [ 448.678928][ T8586] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 448.763571][ T8586] ext4 filesystem being mounted at /157/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 450.043833][ T8602] ip6t_REJECT: ECHOREPLY is not supported [ 450.742876][ T8601] netlink: 6336 bytes leftover after parsing attributes in process `syz.0.666'. [ 451.034475][ T27] audit: type=1326 audit(1756482543.116:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8606 comm="syz.0.668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f181698ebe9 code=0x7ffc0000 [ 451.066663][ T27] audit: type=1326 audit(1756482543.116:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8606 comm="syz.0.668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f181698ebe9 code=0x7ffc0000 [ 451.216261][ T27] audit: type=1326 audit(1756482543.135:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8606 comm="syz.0.668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f181698ebe9 code=0x7ffc0000 [ 451.239409][ T27] audit: type=1326 audit(1756482543.135:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8606 comm="syz.0.668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f181698ebe9 code=0x7ffc0000 [ 451.268149][ T27] audit: type=1326 audit(1756482543.135:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8606 comm="syz.0.668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f181698ebe9 code=0x7ffc0000 [ 453.027190][ T8615] loop0: detected capacity change from 0 to 8192 [ 453.046621][ T8615] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 453.060116][ T8615] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 453.074816][ T8615] REISERFS (device loop0): using ordered data mode [ 453.082218][ T8615] reiserfs: using flush barriers [ 453.091510][ T8615] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 453.164319][ T8615] REISERFS (device loop0): checking transaction log (loop0) [ 453.249651][ T8615] REISERFS (device loop0): Using r5 hash to sort names [ 453.261918][ T8615] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 453.310909][ T5778] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 456.492400][ T8646] loop2: detected capacity change from 0 to 256 [ 456.524068][ T8646] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 456.570223][ T8646] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 456.608285][ T8646] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 458.897128][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 459.382392][ T8658] netlink: 8 bytes leftover after parsing attributes in process `syz.1.681'. [ 462.630094][ T8680] loop1: detected capacity change from 0 to 1024 [ 462.667237][ T8680] EXT4-fs: Ignoring removed nobh option [ 462.693186][ T8680] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 462.737284][ T8686] Bluetooth: MGMT ver 1.22 [ 462.767082][ T8680] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #11: comm syz.1.688: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 462.803069][ T8680] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.688: couldn't read orphan inode 11 (err -117) [ 462.838785][ T8680] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 463.004956][ T8166] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 465.119061][ T5778] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 473.097906][ T8729] loop3: detected capacity change from 0 to 1024 [ 473.105599][ T8729] EXT4-fs: Ignoring removed nobh option [ 473.183875][ T8729] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 474.203158][ T8729] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #11: comm syz.3.701: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 474.588190][ T8729] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.701: couldn't read orphan inode 11 (err -117) [ 474.651625][ T8729] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 477.597896][ T8756] netlink: 4 bytes leftover after parsing attributes in process `syz.1.707'. [ 477.610270][ T8756] netlink: 4 bytes leftover after parsing attributes in process `syz.1.707'. [ 477.619986][ T8756] netlink: 4 bytes leftover after parsing attributes in process `syz.1.707'. [ 477.840663][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 480.232623][ T8770] netlink: 'syz.2.712': attribute type 1 has an invalid length. [ 480.428177][ T8770] 8021q: adding VLAN 0 to HW filter on device bond2 [ 481.838428][ T8784] befs: (nbd3): No write support. Marking filesystem read-only [ 481.851394][ T8784] syz.3.713: attempt to access beyond end of device [ 481.851394][ T8784] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0 [ 481.864345][ T8784] befs: (nbd3): unable to read superblock [ 482.457058][ T8789] loop0: detected capacity change from 0 to 16 [ 482.477097][ T8789] erofs: (device loop0): mounted with root inode @ nid 36. [ 482.643720][ T8770] veth3: entered promiscuous mode [ 482.663220][ T8770] bond2: (slave veth3): Enslaving as an active interface with a down link [ 484.347556][ T8790] tipc: Enabled bearer , priority 10 [ 485.754102][ T8806] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 485.760707][ T8806] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 486.501636][ T8806] vhci_hcd vhci_hcd.0: Device attached [ 486.554039][ T8813] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(15) [ 486.560729][ T8813] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 486.705574][ T8813] vhci_hcd vhci_hcd.0: Device attached [ 487.003395][ T8802] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(12) [ 487.010067][ T8802] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 487.081633][ T8806] vhci_hcd vhci_hcd.0: pdev(0) rhport(3) sockfd(11) [ 487.088307][ T8806] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 487.110959][ T8802] vhci_hcd vhci_hcd.0: Device attached [ 487.141808][ T8813] vhci_hcd vhci_hcd.0: pdev(0) rhport(4) sockfd(19) [ 487.148493][ T8813] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 487.180905][ T8806] vhci_hcd vhci_hcd.0: Device attached [ 487.228970][ T8813] vhci_hcd vhci_hcd.0: Device attached [ 487.282757][ T8820] vhci_hcd: connection closed [ 487.283261][ T48] vhci_hcd: stop threads [ 487.294108][ T8816] vhci_hcd: connection closed [ 487.295010][ T8817] vhci_hcd: connection closed [ 487.332330][ T48] vhci_hcd: release socket [ 487.361729][ T8807] vhci_hcd: connection closed [ 487.394756][ T48] vhci_hcd: disconnect device [ 487.424516][ T8823] vhci_hcd: connection closed [ 487.437578][ T48] vhci_hcd: stop threads [ 487.462222][ T48] vhci_hcd: release socket [ 487.472973][ T48] vhci_hcd: disconnect device [ 487.480920][ T788] vhci_hcd: vhci_device speed not set [ 487.504113][ T48] vhci_hcd: stop threads [ 487.514926][ T48] vhci_hcd: release socket [ 487.536648][ T48] vhci_hcd: disconnect device [ 487.555738][ T48] vhci_hcd: stop threads [ 487.568234][ T48] vhci_hcd: release socket [ 487.573493][ T48] vhci_hcd: disconnect device [ 487.578557][ T48] vhci_hcd: stop threads [ 487.582869][ T48] vhci_hcd: release socket [ 487.587584][ T48] vhci_hcd: disconnect device [ 487.613917][ T788] usb 33-1: new full-speed USB device number 4 using vhci_hcd [ 487.634753][ T788] usb 33-1: enqueue for inactive port 0 [ 487.928474][ T788] vhci_hcd: vhci_device speed not set [ 490.094419][ T6052] bridge0: port 2(bridge_slave_1) entered disabled state [ 492.210755][ T27] audit: type=1800 audit(1756482581.636:243): pid=8854 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.730" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 492.211201][ T8854] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 492.241404][ T8854] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 492.251449][ T8854] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 492.420863][ T8858] loop1: detected capacity change from 0 to 4096 [ 492.430153][ T8858] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 492.547902][ T8858] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 497.198879][ T8897] loop3: detected capacity change from 0 to 1024 [ 497.236985][ T8897] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 497.292524][ T8897] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 500.184004][ T8912] loop1: detected capacity change from 0 to 16 [ 500.227697][ T8912] erofs: (device loop1): mounted with root inode @ nid 36. [ 500.260105][ T8910] lo speed is unknown, defaulting to 1000 [ 500.358027][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 502.044127][ T8923] netlink: 'syz.3.746': attribute type 1 has an invalid length. [ 502.152702][ T8923] 8021q: adding VLAN 0 to HW filter on device bond2 [ 505.008634][ T8948] netlink: 'syz.0.754': attribute type 1 has an invalid length. [ 505.100711][ T8948] 8021q: adding VLAN 0 to HW filter on device bond2 [ 505.621390][ T8956] loop3: detected capacity change from 0 to 1024 [ 505.686015][ T8951] bond2: (slave veth0_to_bond): making interface the new active one [ 505.721021][ T8951] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 505.791137][ T8955] loop2: detected capacity change from 0 to 4096 [ 505.958743][ T8950] bond2: (slave veth3): Enslaving as an active interface with a down link [ 506.539833][ T8948] vlan0: entered allmulticast mode [ 506.649171][ T42] hfsplus: b-tree write err: -5, ino 4 [ 506.665639][ T8955] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 506.679531][ T8948] veth1: entered allmulticast mode [ 506.685904][ T8948] veth1: entered promiscuous mode [ 506.694092][ T8955] ntfs3: loop2: Failed to initialize $Extend/$ObjId. [ 506.717726][ T8948] veth1: left promiscuous mode [ 506.767726][ T8948] bond2: (slave vlan0): Enslaving as an active interface with an up link [ 507.073137][ T8960] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 507.631171][ T12] ntfs3: loop2: ino=3, ntfs3_write_inode failed, -22. [ 507.651433][ T5782] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 507.670650][ T5782] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 507.694980][ T5782] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 507.736089][ T12] ntfs3: loop2: ino=3, ntfs3_write_inode failed, -22. [ 507.786070][ T8968] loop3: detected capacity change from 0 to 64 [ 508.269840][ T8972] netlink: 8 bytes leftover after parsing attributes in process `syz.3.759'. [ 508.281848][ T8972] netlink: 8 bytes leftover after parsing attributes in process `syz.3.759'. [ 508.292500][ T8972] netlink: 8 bytes leftover after parsing attributes in process `syz.3.759'. [ 508.302742][ T8972] netlink: 8 bytes leftover after parsing attributes in process `syz.3.759'. [ 514.434433][ T9025] infiniband syz2: set active [ 514.505204][ T9025] syz.1.769 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 514.516985][ T5824] lo speed is unknown, defaulting to 1000 [ 518.953531][ T9043] loop3: detected capacity change from 0 to 4096 [ 518.965260][ T9043] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 519.219059][ T9043] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 523.454403][ T9090] syz2: rxe_set_mtu: Set mtu to 256 [ 524.021819][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 524.222894][ T9090] infiniband syz2: set active [ 524.235746][ T9090] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 524.252480][ T8] lo speed is unknown, defaulting to 1000 [ 525.233791][ T9098] gtp0: entered promiscuous mode [ 527.589745][ T9120] loop2: detected capacity change from 0 to 1024 [ 528.648576][ T9124] hfsplus: xattr searching failed [ 530.147125][ T9144] loop1: detected capacity change from 0 to 16 [ 531.284190][ T9144] erofs: (device loop1): mounted with root inode @ nid 36. [ 531.302954][ T9143] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 531.312083][ T9143] erofs: (device loop1): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 531.578945][ T9141] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 532.398157][ T9152] loop1: detected capacity change from 0 to 64 [ 533.381383][ T9159] netlink: 8 bytes leftover after parsing attributes in process `syz.1.802'. [ 533.491546][ T9159] netlink: 8 bytes leftover after parsing attributes in process `syz.1.802'. [ 533.500967][ T9159] netlink: 8 bytes leftover after parsing attributes in process `syz.1.802'. [ 533.510334][ T9159] netlink: 8 bytes leftover after parsing attributes in process `syz.1.802'. [ 533.519992][ T9159] netlink: 8 bytes leftover after parsing attributes in process `syz.1.802'. [ 539.171330][ T9207] netlink: 4 bytes leftover after parsing attributes in process `syz.0.817'. [ 543.366812][ T9232] loop0: detected capacity change from 0 to 1024 [ 543.404305][ T9232] EXT4-fs: Ignoring removed orlov option [ 543.449050][ T9232] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 543.853557][ T27] audit: type=1804 audit(1756482629.940:244): pid=9232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="GPL" name="/newroot/200/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 544.219004][ T27] audit: type=1800 audit(1756482629.968:245): pid=9232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="GPL" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 544.493363][ T27] audit: type=1804 audit(1756482629.978:246): pid=9245 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.825" name="/newroot/200/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 545.221749][ T5781] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 547.450536][ T9269] loop1: detected capacity change from 0 to 32768 [ 547.471573][ T9269] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.834 (9269) [ 547.513120][ T9269] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 547.524230][ T9269] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 547.532977][ T9269] BTRFS info (device loop1): enabling disk space caching [ 547.540149][ T9269] BTRFS info (device loop1): setting nodatasum [ 547.546523][ T9269] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_LZO (0x8) [ 547.556641][ T9269] BTRFS info (device loop1): force lzo compression, level 0 [ 547.564152][ T9269] BTRFS info (device loop1): unrecognized rescue option 'ignoremetacsums' [ 547.572948][ T9269] BTRFS error (device loop1): unrecognized rescue value ignoremetacsums [ 547.581334][ T9269] BTRFS error (device loop1): cannot disable free space tree [ 547.591026][ T9269] BTRFS error (device loop1): open_ctree failed: -22 [ 550.308314][ T9288] netlink: 8 bytes leftover after parsing attributes in process `syz.2.837'. [ 550.324985][ T9288] IPVS: Error joining to the multicast group [ 550.511820][ T6537] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by udevd (6537) [ 552.277484][ T9312] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=640 (1280 ns) > initial count (34 ns). Using initial count to start timer. [ 561.909360][ T9361] loop2: detected capacity change from 0 to 64 [ 566.109773][ T9392] infiniband syz2: set active [ 566.139628][ T9392] team0: left allmulticast mode [ 566.145171][ T9392] team_slave_0: left allmulticast mode [ 566.151032][ T9392] team_slave_1: left allmulticast mode [ 566.637112][ T9392] team0: left promiscuous mode [ 566.666784][ T9392] team_slave_0: left promiscuous mode [ 566.758792][ T9392] team_slave_1: left promiscuous mode [ 566.852078][ T9392] bridge0: port 3(team0) entered disabled state [ 567.041240][ T9392] bridge_slave_0: left allmulticast mode [ 567.054673][ T9392] bridge_slave_0: left promiscuous mode [ 567.116091][ T9392] bridge0: port 1(bridge_slave_0) entered disabled state [ 567.456876][ T9392] bridge_slave_1: left allmulticast mode [ 567.568733][ T9392] bridge_slave_1: left promiscuous mode [ 567.750941][ T9392] bridge0: port 2(bridge_slave_1) entered disabled state [ 567.839519][ T9392] bond0: (slave bond_slave_0): Releasing backup interface [ 567.886608][ T9392] bond0: (slave bond_slave_1): Releasing backup interface [ 568.270409][ T9392] team0: Port device team_slave_0 removed [ 568.394894][ T9392] team0: Port device team_slave_1 removed [ 568.403596][ T9392] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 568.413785][ T9392] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 568.430790][ T9392] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 568.438393][ T9392] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 568.463919][ T9392] bond1: (slave veth3): Releasing active interface [ 568.488130][ T9392] bond1: (slave veth3): the permanent HWaddr of slave - 12:de:ec:b2:a6:75 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 568.506669][ T9392] vlan2: entered promiscuous mode [ 568.511749][ T9392] macvtap0: entered promiscuous mode [ 568.536392][ T9392] bond1: (slave vlan2): Releasing active interface [ 568.543727][ T9392] vlan2: left promiscuous mode [ 568.548689][ T9392] macvtap0: left promiscuous mode [ 568.630656][ T9392] bond2: (slave ip6erspan0): Releasing active interface [ 568.640322][ T9392] bond2: (slave ip6erspan0): the permanent HWaddr of slave - 76:d4:91:04:ae:a7 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 568.665026][ T9392] bond2: (slave gretap1): making interface the new active one [ 568.735961][ T9392] bond2: (slave gretap1): Releasing active interface [ 568.959381][ T8166] lo speed is unknown, defaulting to 1000 [ 569.066450][ T9395] team0: Mode changed to "loadbalance" [ 569.450382][ T9408] netlink: 16 bytes leftover after parsing attributes in process `syz.2.868'. [ 576.879202][ T9464] loop0: detected capacity change from 0 to 16 [ 577.659205][ T9464] erofs: (device loop0): mounted with root inode @ nid 36. [ 577.709549][ T9463] erofs: (device loop0): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 577.718305][ T9463] erofs: (device loop0): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 578.095916][ T9466] loop1: detected capacity change from 0 to 40427 [ 578.190754][ T9466] F2FS-fs (loop1): invalid crc value [ 578.203015][ T9466] F2FS-fs (loop1): Found nat_bits in checkpoint [ 578.267697][ T9466] F2FS-fs (loop1): Start checkpoint disabled! [ 578.283975][ T9466] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 578.402169][ T9472] kernel profiling enabled (shift: 17) [ 580.014236][ T9479] loop2: detected capacity change from 0 to 1024 [ 580.024648][ T9479] EXT4-fs: Ignoring removed orlov option [ 580.071718][ T9479] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 580.295583][ T27] audit: type=1800 audit(1756482664.017:247): pid=9479 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="GPL" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 581.313671][ T27] audit: type=1804 audit(1756482664.980:248): pid=9479 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="GPL" name="/newroot/230/bus/bus" dev="loop2" ino=18 res=1 errno=0 [ 581.416968][ T75] kworker/u4:6: attempt to access beyond end of device [ 581.416968][ T75] loop1: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 581.452467][ T75] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 581.462659][ T75] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 581.469603][ T75] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 581.574756][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 581.919304][ T8166] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 582.274889][ T8166] usb 1-1: Using ep0 maxpacket: 8 [ 582.339290][ T8166] usb 1-1: config index 0 descriptor too short (expected 30, got 18) [ 582.361595][ T8166] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 582.377527][ T8166] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 582.396215][ T8166] usb 1-1: Product: syz [ 582.400587][ T8166] usb 1-1: Manufacturer: syz [ 582.405739][ T8166] usb 1-1: SerialNumber: syz [ 582.452219][ T8166] usb 1-1: config 0 descriptor?? [ 582.485436][ T8166] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 582.540601][ T8166] usb 1-1: setting power ON [ 582.545805][ T8166] dvb-usb: bulk message failed: -22 (2/0) [ 582.607925][ T8166] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 582.627138][ T8166] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 582.635960][ T8166] usb 1-1: media controller created [ 582.691247][ T8166] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 582.785243][ T8166] usb 1-1: selecting invalid altsetting 6 [ 582.832246][ T9510] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 582.850923][ T8166] usb 1-1: digital interface selection failed (-22) [ 582.880571][ T8166] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 582.891575][ T9510] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 582.940776][ T8166] usb 1-1: setting power OFF [ 582.976726][ T8166] dvb-usb: bulk message failed: -22 (2/0) [ 582.995731][ T8166] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 583.036797][ T8166] (NULL device *): no alternate interface [ 583.105161][ T8166] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 583.155942][ T8166] usb 1-1: USB disconnect, device number 2 [ 583.386657][ T9514] netlink: 4 bytes leftover after parsing attributes in process `syz.3.895'. [ 584.241352][ T9518] netlink: 84 bytes leftover after parsing attributes in process `syz.2.894'. [ 586.887650][ T9535] hugetlbfs: syz.2.899 (9535): Using mlock ulimits for SHM_HUGETLB is obsolete [ 590.310125][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 592.313308][ T9553] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 592.376832][ T9553] batadv_slave_0: entered promiscuous mode [ 593.553533][ T9570] batman_adv: batadv0: Interface deactivated: dummy0 [ 593.560641][ T9570] batman_adv: batadv0: Removing interface: dummy0 [ 593.576770][ T9570] bridge_slave_0: left allmulticast mode [ 593.614801][ T9570] bridge_slave_0: left promiscuous mode [ 594.548593][ T9570] bridge0: port 1(bridge_slave_0) entered disabled state [ 594.655770][ T9570] bridge_slave_1: left allmulticast mode [ 594.661577][ T9570] bridge_slave_1: left promiscuous mode [ 594.727906][ T9570] bridge0: port 2(bridge_slave_1) entered disabled state [ 595.044426][ T9570] bond0: (slave bond_slave_0): Releasing backup interface [ 595.708484][ T9570] bond0: (slave bond_slave_1): Releasing backup interface [ 595.787836][ T9570] team_slave_0: left promiscuous mode [ 596.693255][ T9584] netlink: 172 bytes leftover after parsing attributes in process `syz.3.911'. [ 596.752355][ T9570] team0: Port device team_slave_0 removed [ 596.828352][ T9570] team_slave_1: left promiscuous mode [ 596.922132][ T9570] team0: Port device team_slave_1 removed [ 596.955090][ T9570] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 596.983605][ T9570] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 596.995267][ T9570] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 597.041178][ T9570] bond1: (slave gretap1): Releasing active interface [ 597.051737][ T9570] bond1: (slave gretap1): the permanent HWaddr of slave - 32:60:45:b5:e1:f7 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 597.086405][ T9570] bond1: (slave ip6erspan0): making interface the new active one [ 597.108020][ T9570] bond1: (slave ip6erspan0): Releasing active interface [ 597.154104][ T9570] bond2: (slave veth3): Releasing active interface [ 597.220135][ T9571] team0: Mode changed to "loadbalance" [ 597.421437][ T9594] misc userio: Invalid payload size [ 598.674266][ T9600] syz.0.915[9600] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 598.693153][ T9600] syz.0.915[9600] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 599.046238][ T9600] syz.0.915[9600] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 599.202984][ T9600] syz.0.915[9600] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 599.395774][ T9610] loop3: detected capacity change from 0 to 32768 [ 599.449657][ T9610] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 599.460462][ T9610] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 599.469389][ T9610] BTRFS info (device loop3): enabling disk space caching [ 599.476586][ T9610] BTRFS info (device loop3): setting nodatasum [ 599.482772][ T9610] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8) [ 599.492016][ T9610] BTRFS info (device loop3): force lzo compression, level 0 [ 599.499379][ T9610] BTRFS info (device loop3): unrecognized rescue option 'ignoremetacsums' [ 599.507998][ T9610] BTRFS error (device loop3): unrecognized rescue value ignoremetacsums [ 599.516331][ T9610] BTRFS error (device loop3): cannot disable free space tree [ 599.527938][ T9610] BTRFS error (device loop3): open_ctree failed: -22 [ 600.779093][ T6492] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by udevd (6492) [ 600.929273][ T9619] netlink: 'syz.2.918': attribute type 1 has an invalid length. [ 600.937563][ T9619] netlink: 'syz.2.918': attribute type 2 has an invalid length. [ 602.980673][ T9639] netlink: 'syz.1.924': attribute type 10 has an invalid length. [ 603.204484][ T9639] hsr0: entered promiscuous mode [ 603.316043][ T9639] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 603.328464][ T9639] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 603.442639][ T9639] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 603.455548][ T9639] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 610.463543][ T9696] kAFS: unable to lookup cell '\/' [ 611.847888][ T9706] loop2: detected capacity change from 0 to 764 [ 611.897257][ T9706] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 612.643106][ T9710] Symlink component flag not implemented [ 612.649388][ T9710] Symlink component flag not implemented (7) [ 613.072042][ T9704] loop0: detected capacity change from 0 to 32768 [ 614.217471][ T9704] JBD2: Ignoring recovery information on journal [ 615.348192][ T9704] JBD2: journal reset failed [ 615.386965][ T9704] (syz.0.941,9704,1):ocfs2_journal_load:1167 ERROR: Failed to load journal! [ 616.536439][ T9704] (syz.0.941,9704,0):ocfs2_check_volume:2434 ERROR: ocfs2 journal load failed! -4 [ 620.438657][ T5846] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 621.485842][ T5846] usb 1-1: Using ep0 maxpacket: 8 [ 622.159786][ T5846] usb 1-1: device descriptor read/all, error -71 [ 622.306316][ T9786] loop2: detected capacity change from 0 to 32768 [ 622.355339][ T9786] JBD2: Ignoring recovery information on journal [ 622.390952][ T9786] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 623.857983][ T9800] netlink: 4 bytes leftover after parsing attributes in process `syz.1.962'. [ 623.964534][ T5782] ocfs2: Unmounting device (7,2) on (node local) [ 626.134974][ T9821] syz.2.968[9821] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 626.135048][ T9821] syz.2.968[9821] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 626.170415][ T9821] syz.2.968[9821] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 626.181905][ T9821] syz.2.968[9821] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 628.294934][ T9838] loop2: detected capacity change from 0 to 4096 [ 630.715315][ T5846] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 631.374962][ T5846] usb 4-1: Using ep0 maxpacket: 8 [ 631.511339][ T5846] usb 4-1: config index 0 descriptor too short (expected 30, got 18) [ 631.945928][ T5846] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 631.959713][ T5846] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 631.976500][ T5846] usb 4-1: Product: syz [ 631.984759][ T5846] usb 4-1: Manufacturer: syz [ 631.989599][ T5846] usb 4-1: SerialNumber: syz [ 631.997779][ T5846] usb 4-1: config 0 descriptor?? [ 632.035497][ T5846] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 632.876044][ T5846] usb 4-1: setting power ON [ 632.880639][ T5846] dvb-usb: bulk message failed: -22 (2/0) [ 633.436409][ T5846] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 633.477076][ T9873] syz.1.981[9873] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 633.477150][ T9873] syz.1.981[9873] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 633.514944][ T9873] syz.1.981[9873] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 633.526516][ T9873] syz.1.981[9873] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 633.587026][ T5846] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 633.802816][ T5846] usb 4-1: media controller created [ 634.623637][ T5846] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 634.725315][ T5846] usb 4-1: selecting invalid altsetting 6 [ 634.743966][ T5846] usb 4-1: digital interface selection failed (-22) [ 634.751308][ T5846] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 634.769897][ T5846] usb 4-1: setting power OFF [ 634.775086][ T5846] dvb-usb: bulk message failed: -22 (2/0) [ 634.796556][ T5846] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 634.845325][ T5846] (NULL device *): no alternate interface [ 634.975835][ T5846] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 636.196577][ T9890] tty tty26: ldisc open failed (-12), clearing slot 25 [ 636.215016][ T5846] usb 4-1: USB disconnect, device number 2 [ 636.672019][ T11] Bluetooth: hci4: Frame reassembly failed (-84) [ 636.684892][ T11] Bluetooth: hci4: Frame reassembly failed (-84) [ 636.849321][ T9900] loop1: detected capacity change from 0 to 8 [ 638.815495][ T5779] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 645.363056][ T9940] syz.3.998[9940] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 645.363134][ T9940] syz.3.998[9940] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 645.376850][ T9940] syz.3.998[9940] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 645.388260][ T9940] syz.3.998[9940] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 645.986742][ T7272] Bluetooth: hci4: Frame reassembly failed (-84) [ 646.523318][ T9961] kAFS: unable to lookup cell '\/' [ 648.298588][ T5790] Bluetooth: hci4: command 0x1003 tx timeout [ 648.430384][ T5779] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 650.976243][ T9994] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1010'. [ 651.118429][ T9992] loop3: detected capacity change from 0 to 32768 [ 651.884925][ T9992] JBD2: Ignoring recovery information on journal [ 651.929987][ T9992] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 652.539492][T10001] syz.3.1009 (10001) used greatest stack depth: 18768 bytes left [ 652.614093][ T5787] ocfs2: Unmounting device (7,3) on (node local) [ 655.392850][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 659.247679][T10054] loop1: detected capacity change from 0 to 128 [ 659.255350][T10054] EXT4-fs: Ignoring removed nobh option [ 659.469193][T10054] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 659.495783][T10054] ext4 filesystem being mounted at /248/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 659.803136][ T5778] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 660.063043][T10065] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 660.071899][T10061] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 660.078646][T10061] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 660.093640][T10061] vhci_hcd vhci_hcd.0: Device attached [ 660.430190][T10061] vhci_hcd vhci_hcd.0: pdev(1) rhport(2) sockfd(8) [ 660.436901][T10061] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 660.446701][T10061] vhci_hcd vhci_hcd.0: Device attached [ 660.459056][T10061] vhci_hcd vhci_hcd.0: pdev(1) rhport(3) sockfd(12) [ 660.465716][T10061] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 660.474673][T10061] vhci_hcd vhci_hcd.0: Device attached [ 660.484971][T10061] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(14) [ 660.491604][T10061] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 660.538699][ T5846] usb 35-1: new low-speed USB device number 2 using vhci_hcd [ 660.576063][T10061] vhci_hcd vhci_hcd.0: Device attached [ 661.495768][T10061] vhci_hcd vhci_hcd.0: pdev(1) rhport(4) sockfd(18) [ 661.502475][T10061] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 661.526426][T10061] vhci_hcd vhci_hcd.0: Device attached [ 661.537719][T10061] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 661.563607][T10084] vhci_hcd: connection closed [ 661.563775][ T7272] vhci_hcd: stop threads [ 661.566882][T10075] vhci_hcd: connection closed [ 661.624312][T10077] vhci_hcd: connection closed [ 661.642802][T10090] xt_NFQUEUE: number of queues (8) out of range (got 65537) [ 661.680407][T10062] vhci_hcd: connection reset by peer [ 661.686508][T10073] vhci_hcd: connection closed [ 661.687642][ T7272] vhci_hcd: release socket [ 662.186819][T10090] lo speed is unknown, defaulting to 1000 [ 662.907903][ T7272] vhci_hcd: disconnect device [ 663.045887][ T7272] vhci_hcd: stop threads [ 663.051532][ T7272] vhci_hcd: release socket [ 663.064588][ T7272] vhci_hcd: disconnect device [ 663.159535][ T7272] vhci_hcd: stop threads [ 663.163859][ T7272] vhci_hcd: release socket [ 663.169947][ T7272] vhci_hcd: disconnect device [ 663.235840][ T7272] vhci_hcd: stop threads [ 663.254256][ T7272] vhci_hcd: release socket [ 664.005707][ T7272] vhci_hcd: disconnect device [ 664.130027][ T7272] vhci_hcd: stop threads [ 664.435135][ T7272] vhci_hcd: release socket [ 664.559826][ T7272] vhci_hcd: disconnect device [ 668.179519][ T5846] vhci_hcd: vhci_device speed not set [ 669.395091][T10115] loop1: detected capacity change from 0 to 256 [ 669.626829][T10115] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 670.235065][T10115] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 670.296271][T10115] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 671.078446][ T5824] usb usb36-port1: attempt power cycle [ 671.754127][T10127] loop3: detected capacity change from 0 to 512 [ 671.769633][T10127] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 671.812226][T10127] EXT4-fs (loop3): 1 truncate cleaned up [ 671.827745][T10127] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 672.134679][ T5824] usb usb36-port1: unable to enumerate USB device [ 672.692514][T10133] fscrypt (loop3, inode 18): Can't use IV_INO_LBLK_32 policy on filesystem 'loop3' because it doesn't have stable inode numbers [ 672.708828][T10137] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1043'. [ 672.977607][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 673.028968][T10139] loop1: detected capacity change from 0 to 128 [ 673.063100][T10139] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 673.108328][T10139] ext4 filesystem being mounted at /253/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 674.838250][ T5778] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 676.904318][T10166] loop0: detected capacity change from 0 to 8 [ 679.878752][T10176] loop3: detected capacity change from 0 to 40427 [ 679.936912][T10176] F2FS-fs (loop3): invalid crc value [ 679.949647][T10176] F2FS-fs (loop3): Found nat_bits in checkpoint [ 679.989433][T10176] F2FS-fs (loop3): Start checkpoint disabled! [ 680.109833][T10176] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 680.763289][T10187] tipc: Enabled bearer , priority 10 [ 681.839248][T10189] syz.3.1054: attempt to access beyond end of device [ 681.839248][T10189] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 681.861481][T10189] syz.3.1054: attempt to access beyond end of device [ 681.861481][T10189] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 681.879901][T10189] syz.3.1054: attempt to access beyond end of device [ 681.879901][T10189] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 681.895738][T10189] syz.3.1054: attempt to access beyond end of device [ 681.895738][T10189] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 681.912477][T10189] syz.3.1054: attempt to access beyond end of device [ 681.912477][T10189] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 681.937579][T10189] syz.3.1054: attempt to access beyond end of device [ 681.937579][T10189] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 681.953688][T10189] syz.3.1054: attempt to access beyond end of device [ 681.953688][T10189] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 682.259832][ T27] audit: type=1800 audit(1756482758.951:249): pid=10189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1054" name="bus" dev="loop3" ino=14 res=0 errno=0 [ 682.383896][T10192] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1056'. [ 683.112607][T10192] bridge1: port 1(veth5) entered blocking state [ 683.147499][T10192] bridge1: port 1(veth5) entered disabled state [ 683.165509][ T11] kworker/u4:0: attempt to access beyond end of device [ 683.165509][ T11] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 683.197722][ T11] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 683.218180][ T11] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 683.246583][T10192] veth5: entered allmulticast mode [ 683.268835][T10192] veth5: entered promiscuous mode [ 683.298996][ T11] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 683.337638][T10195] bond2: (slave veth0_to_bond): Releasing active interface [ 683.373877][T10195] bond2: (slave veth0_to_bond): the permanent HWaddr of slave - aa:aa:aa:aa:aa:1d - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 683.433038][T10195] bond2: (slave vlan0): making interface the new active one [ 683.450768][T10195] veth1: entered promiscuous mode [ 683.493481][T10195] bridge1: port 2(veth0_to_bond) entered blocking state [ 683.500692][T10195] bridge1: port 2(veth0_to_bond) entered disabled state [ 683.575921][T10195] veth0_to_bond: entered allmulticast mode [ 683.605965][T10195] veth0_to_bond: entered promiscuous mode [ 684.663188][T10197] vlan2: entered allmulticast mode [ 684.674001][T10197] veth0_to_hsr: entered allmulticast mode [ 684.695564][T10197] bridge1: port 3(vlan2) entered blocking state [ 684.711800][T10197] bridge1: port 3(vlan2) entered disabled state [ 684.737120][T10197] vlan2: entered promiscuous mode [ 684.748933][T10208] loop2: detected capacity change from 0 to 2048 [ 684.759403][T10197] veth0_to_hsr: entered promiscuous mode [ 684.773672][T10208] FAT-fs (loop2): Unrecognized mount option "msdos" or missing value [ 686.728122][T10214] ceph: No mds server is up or the cluster is laggy [ 686.953786][ T788] libceph: connect (1)[c::]:6789 error -101 [ 687.055756][ T788] libceph: mon0 (1)[c::]:6789 connect error [ 687.547781][ T788] libceph: connect (1)[c::]:6789 error -101 [ 687.686693][ T788] libceph: mon0 (1)[c::]:6789 connect error [ 687.897015][T10226] loop0: detected capacity change from 0 to 4096 [ 692.140597][T10248] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1070'. [ 692.477029][T10262] loop2: detected capacity change from 0 to 8 [ 698.322548][T10294] loop0: detected capacity change from 0 to 40427 [ 698.459714][T10294] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x7ffff [ 698.468192][T10294] F2FS-fs (loop0): Image doesn't support compression [ 698.475073][T10294] F2FS-fs (loop0): Image doesn't support compression [ 698.481983][T10294] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x4 [ 698.495241][T10294] F2FS-fs (loop0): invalid crc value [ 698.609884][T10294] F2FS-fs (loop0): Found nat_bits in checkpoint [ 698.653093][T10294] F2FS-fs (loop0): Start checkpoint disabled! [ 698.749171][T10294] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 699.136459][T10299] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1083'. [ 703.826869][T10338] netlink: 324 bytes leftover after parsing attributes in process `syz.2.1091'. [ 703.836390][T10338] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1091'. [ 710.703001][ T27] audit: type=1326 audit(1756482786.021:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10378 comm="syz.3.1104" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f869c58ebe9 code=0x0 [ 711.387463][T10381] loop2: detected capacity change from 0 to 2048 [ 711.639476][ T6537] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 712.540301][T10389] tipc: Enabled bearer , priority 0 [ 712.558168][T10389] syzkaller0: entered promiscuous mode [ 712.569480][T10389] syzkaller0: entered allmulticast mode [ 712.672575][T10389] tipc: Resetting bearer [ 712.721246][T10385] tipc: Resetting bearer [ 712.754185][T10385] tipc: Disabling bearer [ 716.436119][T10418] loop2: detected capacity change from 0 to 512 [ 716.467632][T10418] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (3832!=33349) [ 716.522784][T10418] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e02c, mo2=0002] [ 716.620399][T10418] System zones: 1-12 [ 716.639745][T10418] EXT4-fs (loop2): orphan cleanup on readonly fs [ 716.684638][T10418] EXT4-fs error (device loop2): ext4_read_inode_bitmap:168: comm syz.2.1122: Inode bitmap for bg 0 marked uninitialized [ 717.224073][T10418] EXT4-fs (loop2): Remounting filesystem read-only [ 717.231837][T10418] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 717.634966][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 719.705794][T10449] loop0: detected capacity change from 0 to 64 [ 719.722965][T10443] syz.3.1117 (10443) used greatest stack depth: 17960 bytes left [ 720.390978][T10455] syz.0.1119: attempt to access beyond end of device [ 720.390978][T10455] loop0: rw=0, sector=1024, nr_sectors = 2 limit=64 [ 720.405206][T10455] Buffer I/O error on dev loop0, logical block 512, async page read [ 720.414557][T10455] syz.0.1119: attempt to access beyond end of device [ 720.414557][T10455] loop0: rw=0, sector=113152, nr_sectors = 2 limit=64 [ 720.428437][T10455] Buffer I/O error on dev loop0, logical block 56576, async page read [ 720.681084][T10451] netlink: 212 bytes leftover after parsing attributes in process `syz.3.1120'. [ 720.717086][ T27] audit: type=1326 audit(1756482795.384:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10450 comm="syz.3.1120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869c58ebe9 code=0x7ffc0000 [ 720.765566][ T27] audit: type=1326 audit(1756482795.412:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10450 comm="syz.3.1120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f869c58ebe9 code=0x7ffc0000 [ 720.789132][ T27] audit: type=1326 audit(1756482795.412:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10450 comm="syz.3.1120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869c58ebe9 code=0x7ffc0000 [ 720.848112][ T27] audit: type=1326 audit(1756482795.412:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10450 comm="syz.3.1120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869c58ebe9 code=0x7ffc0000 [ 720.912246][ T27] audit: type=1326 audit(1756482795.459:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10450 comm="syz.3.1120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f869c58ebe9 code=0x7ffc0000 [ 720.940436][ T27] audit: type=1326 audit(1756482795.459:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10450 comm="syz.3.1120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869c58ebe9 code=0x7ffc0000 [ 721.030901][ T27] audit: type=1326 audit(1756482795.459:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10450 comm="syz.3.1120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869c58ebe9 code=0x7ffc0000 [ 721.078046][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 721.093901][ T27] audit: type=1326 audit(1756482795.543:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10450 comm="syz.3.1120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7f869c58ebe9 code=0x7ffc0000 [ 721.345769][ T27] audit: type=1326 audit(1756482795.543:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10450 comm="syz.3.1120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869c58ebe9 code=0x7ffc0000 [ 721.526224][ T27] audit: type=1326 audit(1756482795.543:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10450 comm="syz.3.1120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869c58ebe9 code=0x7ffc0000 [ 721.637054][T10471] binder_alloc: 10469: binder_alloc_buf, no vma [ 721.674372][T10472] tipc: Enabled bearer , priority 0 [ 721.696797][T10472] syzkaller0: entered promiscuous mode [ 721.741170][T10472] syzkaller0: entered allmulticast mode [ 722.357640][T10472] tipc: Resetting bearer [ 722.376612][T10470] tipc: Resetting bearer [ 722.419408][T10470] tipc: Disabling bearer [ 722.713681][T10483] loop0: detected capacity change from 0 to 2048 [ 722.784738][T10483] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 722.818926][T10483] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 727.191516][T10521] loop1: detected capacity change from 0 to 8 [ 727.965722][T10521] SQUASHFS error: lzo decompression failed, data probably corrupt [ 727.973624][T10521] SQUASHFS error: Failed to read block 0x0: -5 [ 727.980416][T10521] SQUASHFS error: lzo decompression failed, data probably corrupt [ 727.988312][T10521] SQUASHFS error: Failed to read block 0x0: -5 [ 727.998232][T10521] vivid-002: ================= START STATUS ================= [ 728.006406][T10521] vivid-002: Interlaced VBI Format: false [ 728.012590][T10521] vivid-002: ================== END STATUS ================== [ 728.104767][ T27] audit: type=1800 audit(1756482802.194:261): pid=10521 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1140" name="file2" dev="loop1" ino=3 res=0 errno=0 [ 728.213365][T10515] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 729.968847][T10537] autofs4:pid:10537:autofs_fill_super: called with bogus options [ 731.697918][T10552] loop0: detected capacity change from 0 to 2048 [ 731.717859][T10552] UDF-fs: bad mount option "0xffffffffffffffff" or missing value [ 731.784655][T10554] infiniband syz2: set active [ 732.502577][ T788] lo speed is unknown, defaulting to 1000 [ 732.783539][T10561] bridge0: port 1(netdevsim0) entered blocking state [ 732.804560][ T6492] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 732.822724][T10561] bridge0: port 1(netdevsim0) entered disabled state [ 732.830815][T10561] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 733.567604][T10561] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 733.584257][T10561] bridge0: port 1(netdevsim0) entered blocking state [ 733.592591][T10561] bridge0: port 1(netdevsim0) entered forwarding state [ 733.660753][T10569] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1153'. [ 734.013727][T10569] workqueue: Failed to create a rescuer kthread for wq "nbd64-recv": -EINTR [ 734.090619][T10569] block (null): Could not allocate knbd recv work queue. [ 734.108495][T10569] nbd: failed to add new device [ 735.663875][T10589] o2cb: This node has not been configured. [ 735.670194][T10589] o2cb: Cluster check failed. Fix errors before retrying. [ 735.677629][T10589] (syz.3.1158,10589,0):user_dlm_register:674 ERROR: status = -22 [ 735.685540][T10589] (syz.3.1158,10589,0):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file1" [ 738.138168][T10596] loop3: detected capacity change from 0 to 8 [ 738.496762][T10605] bridge3: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 738.922511][T10609] SQUASHFS error: lzo decompression failed, data probably corrupt [ 738.930548][T10609] SQUASHFS error: Failed to read block 0x0: -5 [ 738.937514][T10609] SQUASHFS error: lzo decompression failed, data probably corrupt [ 738.945639][T10609] SQUASHFS error: Failed to read block 0x0: -5 [ 739.563749][ T27] audit: type=1800 audit(1756482812.437:262): pid=10609 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1162" name="file2" dev="loop3" ino=3 res=0 errno=0 [ 739.991287][T10615] tipc: Enabled bearer , priority 0 [ 739.999224][T10615] syzkaller0: entered promiscuous mode [ 740.005487][T10615] syzkaller0: entered allmulticast mode [ 740.110257][T10619] warning: `syz.0.1166' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 740.943168][T10623] tipc: Resetting bearer [ 741.009354][T10614] tipc: Resetting bearer [ 741.160365][T10614] tipc: Disabling bearer [ 741.205631][T10628] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1167'. [ 741.236774][T10628] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1167'. [ 753.561094][T10751] loop3: detected capacity change from 0 to 64 [ 762.736945][T10802] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 762.736945][T10802] The task syz.1.1195 (10802) triggered the difference, watch for misbehavior. [ 763.684649][T10807] loop0: detected capacity change from 0 to 16 [ 763.701423][T10807] erofs: (device loop0): mounted with root inode @ nid 36. [ 763.968406][ T27] audit: type=1326 audit(1756482835.840:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10798 comm="syz.1.1195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7fc00000 [ 764.009400][ T27] audit: type=1326 audit(1756482835.840:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10798 comm="syz.1.1195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f6f37d8ebe9 code=0x7fc00000 [ 764.087454][T10815] autofs4:pid:10815:autofs_fill_super: called with bogus options [ 764.409350][ T27] audit: type=1326 audit(1756482835.840:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10798 comm="syz.1.1195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7fc00000 [ 764.780938][ T27] audit: type=1326 audit(1756482835.840:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10798 comm="syz.1.1195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7fc00000 [ 764.803419][ T27] audit: type=1326 audit(1756482835.840:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10798 comm="syz.1.1195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7fc00000 [ 764.826419][ T27] audit: type=1326 audit(1756482835.840:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10798 comm="syz.1.1195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7fc00000 [ 764.849084][ T27] audit: type=1326 audit(1756482835.840:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10798 comm="syz.1.1195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7fc00000 [ 764.874189][ T27] audit: type=1326 audit(1756482835.840:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10798 comm="syz.1.1195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7fc00000 [ 764.897024][ T27] audit: type=1326 audit(1756482835.840:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10798 comm="syz.1.1195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7fc00000 [ 764.919886][ T27] audit: type=1326 audit(1756482835.840:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10798 comm="syz.1.1195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f37d8ebe9 code=0x7fc00000 [ 765.672244][T10827] binder: BINDER_SET_CONTEXT_MGR already set [ 765.689996][T10827] binder: 10826:10827 ioctl 4018620d 200000004a80 returned -16 [ 766.553358][T10834] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1207'. [ 766.563200][T10834] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1207'. [ 766.573699][T10834] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1207'. [ 767.092748][T10838] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1203'. [ 767.385075][T10838] bridge0: port 3(team0) entered disabled state [ 767.391962][T10838] bridge0: port 2(bridge_slave_1) entered disabled state [ 767.399756][T10838] bridge0: port 1(bridge_slave_0) entered disabled state [ 768.004493][T10849] tipc: Enabling of bearer rejected, failed to enable media [ 768.866745][T10854] tipc: Enabled bearer , priority 0 [ 768.940501][T10852] tipc: Resetting bearer [ 769.157161][T10858] syzkaller0: entered promiscuous mode [ 769.179351][T10858] syzkaller0: entered allmulticast mode [ 769.253405][T10851] tipc: Resetting bearer [ 769.402786][T10851] tipc: Disabling bearer [ 775.826274][T10943] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1219'. [ 775.835392][T10943] team0: left allmulticast mode [ 775.840451][T10943] team_slave_0: left allmulticast mode [ 775.845951][T10943] team_slave_1: left allmulticast mode [ 775.851527][T10943] team0: left promiscuous mode [ 775.856327][T10943] team_slave_0: left promiscuous mode [ 775.862077][T10943] team_slave_1: left promiscuous mode [ 775.868122][T10943] bridge0: port 3(team0) entered disabled state [ 776.864602][T10943] bridge_slave_1: left allmulticast mode [ 776.870433][T10943] bridge_slave_1: left promiscuous mode [ 776.877130][T10943] bridge0: port 2(bridge_slave_1) entered disabled state [ 776.897281][T10943] bridge_slave_0: left allmulticast mode [ 776.903514][T10943] bridge_slave_0: left promiscuous mode [ 776.909593][T10943] bridge0: port 1(bridge_slave_0) entered disabled state [ 777.177131][T10943] bond0: (slave bridge0): Releasing backup interface [ 778.165477][T10959] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 781.866609][T10973] loop0: detected capacity change from 0 to 1024 [ 782.651426][T10973] hfsplus: unable to find HFS+ superblock [ 785.307002][T10993] capability: warning: `syz.0.1232' uses 32-bit capabilities (legacy support in use) [ 785.364525][T10993] loop0: detected capacity change from 0 to 164 [ 786.140615][T10993] Unable to read rock-ridge attributes [ 786.158063][T10991] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 786.754046][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 798.295463][T11063] loop1: detected capacity change from 0 to 2048 [ 798.333820][T11063] FAT-fs (loop1): Unrecognized mount option "msdos" or missing value [ 799.458529][T10770] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 802.019277][T11080] binder: BINDER_SET_CONTEXT_MGR already set [ 802.025501][T11080] binder: 11079:11080 ioctl 4018620d 200000004a80 returned -16 [ 807.660478][T11116] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1265'. [ 807.704494][T11116] macvtap1: entered promiscuous mode [ 807.713027][T11116] macvtap1: entered allmulticast mode [ 807.726111][T11116] team0: entered allmulticast mode [ 807.734910][T11116] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 816.308656][T11176] loop1: detected capacity change from 0 to 164 [ 816.599144][T11176] Unable to read rock-ridge attributes [ 816.663912][T11174] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 816.717294][T11180] loop2: detected capacity change from 0 to 2048 [ 816.748204][T11182] loop0: detected capacity change from 0 to 256 [ 816.766528][T11180] EXT4-fs (loop2): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 816.999375][T11180] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 817.099200][T11180] ext4 filesystem being mounted at /328/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 819.010013][T11197] ================================================================== [ 819.018148][T11197] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x598/0x11f0 [ 819.025911][T11197] Read of size 4 at addr ffff88802bf6a4a0 by task syz.2.1278/11197 [ 819.033841][T11197] [ 819.036191][T11197] CPU: 0 PID: 11197 Comm: syz.2.1278 Not tainted syzkaller #0 [ 819.043689][T11197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 819.053957][T11197] Call Trace: [ 819.057273][T11197] [ 819.060226][T11197] dump_stack_lvl+0x16c/0x230 [ 819.064971][T11197] ? __lock_acquire+0x7c80/0x7c80 [ 819.070459][T11197] ? show_regs_print_info+0x20/0x20 [ 819.075680][T11197] ? load_image+0x3b0/0x3b0 [ 819.080204][T11197] ? __virt_addr_valid+0x469/0x540 [ 819.085337][T11197] print_report+0xac/0x220 [ 819.089778][T11197] ? xfrm_alloc_spi+0x598/0x11f0 [ 819.094739][T11197] kasan_report+0x117/0x150 [ 819.099275][T11197] ? xfrm_alloc_spi+0x598/0x11f0 [ 819.104419][T11197] xfrm_alloc_spi+0x598/0x11f0 [ 819.109220][T11197] ? xfrm_alloc_spi+0x2a1/0x11f0 [ 819.114179][T11197] ? verify_spi_info+0x120/0x120 [ 819.119138][T11197] ? xfrm_find_acq+0x79/0x90 [ 819.123758][T11197] pfkey_getspi+0x79a/0xed0 [ 819.128379][T11197] pfkey_sendmsg+0xbed/0x1050 [ 819.133123][T11197] ? pfkey_release+0x320/0x320 [ 819.137925][T11197] ? aa_sock_msg_perm+0x94/0x150 [ 819.142890][T11197] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 819.148203][T11197] ? security_socket_sendmsg+0x80/0xa0 [ 819.153680][T11197] ? pfkey_release+0x320/0x320 [ 819.158471][T11197] ____sys_sendmsg+0x5bf/0x950 [ 819.163255][T11197] ? __asan_memset+0x22/0x40 [ 819.167875][T11197] ? __sys_sendmsg_sock+0x30/0x30 [ 819.172930][T11197] ? __import_iovec+0x5f2/0x860 [ 819.177912][T11197] ? import_iovec+0x73/0xa0 [ 819.182446][T11197] ___sys_sendmsg+0x220/0x290 [ 819.187150][T11197] ? __sys_sendmsg+0x270/0x270 [ 819.191958][T11197] __se_sys_sendmsg+0x1a5/0x270 [ 819.196832][T11197] ? __x64_sys_sendmsg+0x80/0x80 [ 819.201792][T11197] ? lockdep_hardirqs_on+0x98/0x150 [ 819.207011][T11197] do_syscall_64+0x55/0xb0 [ 819.211442][T11197] ? clear_bhb_loop+0x40/0x90 [ 819.216150][T11197] ? clear_bhb_loop+0x40/0x90 [ 819.220829][T11197] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 819.226737][T11197] RIP: 0033:0x7f84c158ebe9 [ 819.231159][T11197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 819.251039][T11197] RSP: 002b:00007f84c23d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 819.259468][T11197] RAX: ffffffffffffffda RBX: 00007f84c17b6270 RCX: 00007f84c158ebe9 [ 819.267467][T11197] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000009 [ 819.275471][T11197] RBP: 00007f84c1611e19 R08: 0000000000000000 R09: 0000000000000000 [ 819.283461][T11197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 819.291457][T11197] R13: 00007f84c17b6308 R14: 00007f84c17b6270 R15: 00007ffe57ca3e18 [ 819.299460][T11197] [ 819.302491][T11197] [ 819.304838][T11197] Allocated by task 9288: [ 819.309175][T11197] kasan_set_track+0x4e/0x70 [ 819.313786][T11197] __kasan_slab_alloc+0x6c/0x80 [ 819.318658][T11197] slab_post_alloc_hook+0x6e/0x4d0 [ 819.323790][T11197] kmem_cache_alloc+0x11e/0x2e0 [ 819.328664][T11197] xfrm_state_alloc+0x22/0x2a0 [ 819.333446][T11197] __find_acq_core+0x7d8/0x19d0 [ 819.338344][T11197] xfrm_find_acq+0x6a/0x90 [ 819.342786][T11197] xfrm_alloc_userspi+0x57a/0xa90 [ 819.347831][T11197] xfrm_user_rcv_msg+0x596/0x870 [ 819.352783][T11197] netlink_rcv_skb+0x216/0x480 [ 819.357589][T11197] xfrm_netlink_rcv+0x79/0x90 [ 819.362310][T11197] netlink_unicast+0x751/0x8d0 [ 819.367110][T11197] netlink_sendmsg+0x8c1/0xbe0 [ 819.371905][T11197] ____sys_sendmsg+0x5bf/0x950 [ 819.376792][T11197] ___sys_sendmsg+0x220/0x290 [ 819.382019][T11197] __se_sys_sendmsg+0x1a5/0x270 [ 819.386987][T11197] do_syscall_64+0x55/0xb0 [ 819.391432][T11197] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 819.397356][T11197] [ 819.399691][T11197] The buggy address belongs to the object at ffff88802bf6a400 [ 819.399691][T11197] which belongs to the cache xfrm_state of size 848 [ 819.413783][T11197] The buggy address is located 160 bytes inside of [ 819.413783][T11197] freed 848-byte region [ffff88802bf6a400, ffff88802bf6a750) [ 819.427612][T11197] [ 819.429951][T11197] The buggy address belongs to the physical page: [ 819.436464][T11197] page:ffffea0000afda00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802bf6a800 pfn:0x2bf68 [ 819.447943][T11197] head:ffffea0000afda00 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 819.456899][T11197] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 819.464899][T11197] page_type: 0xffffffff() [ 819.469250][T11197] raw: 00fff00000000840 ffff8880182e4c80 dead000000000122 0000000000000000 [ 819.477944][T11197] raw: ffff88802bf6a800 000000008010000f 00000001ffffffff 0000000000000000 [ 819.486554][T11197] page dumped because: kasan: bad access detected [ 819.492993][T11197] page_owner tracks the page as allocated [ 819.498740][T11197] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 7598, tgid 7589 (syz.3.421), ts 306940539650, free_ts 227952942137 [ 819.519377][T11197] post_alloc_hook+0x1cd/0x210 [ 819.524280][T11197] get_page_from_freelist+0x195c/0x19f0 [ 819.529947][T11197] __alloc_pages+0x1e3/0x460 [ 819.534587][T11197] alloc_slab_page+0x5d/0x170 [ 819.539300][T11197] new_slab+0x87/0x2e0 [ 819.543403][T11197] ___slab_alloc+0xc6d/0x12f0 [ 819.548113][T11197] kmem_cache_alloc+0x1b7/0x2e0 [ 819.552990][T11197] xfrm_state_alloc+0x22/0x2a0 [ 819.557780][T11197] xfrm_state_find+0x2944/0x4510 [ 819.562832][T11197] xfrm_resolve_and_create_bundle+0x727/0x2c20 [ 819.569018][T11197] xfrm_lookup_with_ifid+0x261/0x19c0 [ 819.574429][T11197] xfrm_lookup_route+0x3c/0x1b0 [ 819.579469][T11197] rawv6_sendmsg+0xd07/0x17f0 [ 819.584130][T11197] ____sys_sendmsg+0x5bf/0x950 [ 819.588878][T11197] ___sys_sendmsg+0x220/0x290 [ 819.593544][T11197] __sys_sendmmsg+0x275/0x4a0 [ 819.598230][T11197] page last free stack trace: [ 819.602892][T11197] free_unref_page_prepare+0x7ce/0x8e0 [ 819.608337][T11197] free_unref_page+0x32/0x2e0 [ 819.613087][T11197] __unfreeze_partials+0x1cf/0x210 [ 819.618181][T11197] put_cpu_partial+0x17c/0x250 [ 819.622924][T11197] __slab_free+0x31d/0x410 [ 819.627320][T11197] qlist_free_all+0x75/0xe0 [ 819.631817][T11197] kasan_quarantine_reduce+0x143/0x160 [ 819.637276][T11197] __kasan_slab_alloc+0x22/0x80 [ 819.642116][T11197] slab_post_alloc_hook+0x6e/0x4d0 [ 819.647217][T11197] kmem_cache_alloc+0x11e/0x2e0 [ 819.652067][T11197] getname_flags+0xbb/0x500 [ 819.656567][T11197] vfs_fstatat+0x111/0x1b0 [ 819.660970][T11197] __x64_sys_newfstatat+0x117/0x190 [ 819.666149][T11197] do_syscall_64+0x55/0xb0 [ 819.670563][T11197] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 819.676463][T11197] [ 819.678775][T11197] Memory state around the buggy address: [ 819.684391][T11197] ffff88802bf6a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 819.692438][T11197] ffff88802bf6a400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 819.700482][T11197] >ffff88802bf6a480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 819.708521][T11197] ^ [ 819.713612][T11197] ffff88802bf6a500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 819.721659][T11197] ffff88802bf6a580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 819.729697][T11197] ================================================================== [ 819.737863][T11197] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 819.745056][T11197] CPU: 0 PID: 11197 Comm: syz.2.1278 Not tainted syzkaller #0 [ 819.752498][T11197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 819.762623][T11197] Call Trace: [ 819.765890][T11197] [ 819.768810][T11197] dump_stack_lvl+0x16c/0x230 [ 819.773483][T11197] ? show_regs_print_info+0x20/0x20 [ 819.778744][T11197] ? load_image+0x3b0/0x3b0 [ 819.783244][T11197] panic+0x2c0/0x710 [ 819.787138][T11197] ? bpf_jit_dump+0xd0/0xd0 [ 819.791659][T11197] ? _raw_spin_unlock_irqrestore+0xa9/0x110 [ 819.797662][T11197] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 819.803567][T11197] ? _raw_spin_unlock+0x40/0x40 [ 819.808405][T11197] ? print_memory_metadata+0x314/0x400 [ 819.813883][T11197] ? xfrm_alloc_spi+0x598/0x11f0 [ 819.818829][T11197] check_panic_on_warn+0x84/0xa0 [ 819.823772][T11197] ? xfrm_alloc_spi+0x598/0x11f0 [ 819.828695][T11197] end_report+0x6f/0x140 [ 819.832925][T11197] kasan_report+0x128/0x150 [ 819.837444][T11197] ? xfrm_alloc_spi+0x598/0x11f0 [ 819.842454][T11197] xfrm_alloc_spi+0x598/0x11f0 [ 819.847215][T11197] ? xfrm_alloc_spi+0x2a1/0x11f0 [ 819.852136][T11197] ? verify_spi_info+0x120/0x120 [ 819.857141][T11197] ? xfrm_find_acq+0x79/0x90 [ 819.861825][T11197] pfkey_getspi+0x79a/0xed0 [ 819.866333][T11197] pfkey_sendmsg+0xbed/0x1050 [ 819.871001][T11197] ? pfkey_release+0x320/0x320 [ 819.875790][T11197] ? aa_sock_msg_perm+0x94/0x150 [ 819.880729][T11197] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 819.886049][T11197] ? security_socket_sendmsg+0x80/0xa0 [ 819.891500][T11197] ? pfkey_release+0x320/0x320 [ 819.896251][T11197] ____sys_sendmsg+0x5bf/0x950 [ 819.901081][T11197] ? __asan_memset+0x22/0x40 [ 819.905768][T11197] ? __sys_sendmsg_sock+0x30/0x30 [ 819.910795][T11197] ? __import_iovec+0x5f2/0x860 [ 819.916021][T11197] ? import_iovec+0x73/0xa0 [ 819.920536][T11197] ___sys_sendmsg+0x220/0x290 [ 819.925211][T11197] ? __sys_sendmsg+0x270/0x270 [ 819.929988][T11197] __se_sys_sendmsg+0x1a5/0x270 [ 819.934825][T11197] ? __x64_sys_sendmsg+0x80/0x80 [ 819.939759][T11197] ? lockdep_hardirqs_on+0x98/0x150 [ 819.944955][T11197] do_syscall_64+0x55/0xb0 [ 819.949354][T11197] ? clear_bhb_loop+0x40/0x90 [ 819.954016][T11197] ? clear_bhb_loop+0x40/0x90 [ 819.958675][T11197] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 819.964553][T11197] RIP: 0033:0x7f84c158ebe9 [ 819.969071][T11197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 819.988664][T11197] RSP: 002b:00007f84c23d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 819.997069][T11197] RAX: ffffffffffffffda RBX: 00007f84c17b6270 RCX: 00007f84c158ebe9 [ 820.005095][T11197] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000009 [ 820.013098][T11197] RBP: 00007f84c1611e19 R08: 0000000000000000 R09: 0000000000000000 [ 820.021093][T11197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 820.029052][T11197] R13: 00007f84c17b6308 R14: 00007f84c17b6270 R15: 00007ffe57ca3e18 [ 820.037009][T11197] [ 820.040241][T11197] Kernel Offset: disabled [ 820.044564][T11197] Rebooting in 86400 seconds..