last executing test programs: 6.245046026s ago: executing program 1 (id=91): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') openat$vcsu(0xffffffffffffff9c, 0x0, 0x183822, 0x0) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x759, &(0x7f0000000b40)={[{@nojournal_checksum}, {@noblock_validity}, {@discard}, {@errors_remount}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x1000000}, 0x0}, {@nouid32}, {@noload}, {@nodiscard}, {@nogrpid}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x6}}, {@init_itable}, {@noinit_itable}, {@journal_dev={'journal_dev', 0x3d, 0x765}}, {@norecovery}, {@abort}, {@dax_never}, {@resgid}], [{@audit}, {@fowner_lt}], 0x2c}, 0xa, 0x52e, &(0x7f0000000c80)="$eJzs3M9vG1UeAPCvHefXJtlkuz+73d1mt7vaaFc0TfrzwKGtQOoFhARC5YIUkrQqTQtqgtRWkZoi1EocQP0LCtyQOHHkBBcEiAOoVyokLiCkCuXS0AMaNPbYseM4v2onSvP5SI7fvHnjed+Z9+J582wHsGMNpn9yEb0R8U1vRH9psbbAYOlpYX52/Of52fFcJMmzP+WK5e7Pz46Xi5a368kWhvIR+Tdysad+t53TV66eH5uamryUZQzP5LPUhbGzk2cnL44eO3boYPfRI6OHmxJnT7lyu0+9cOup8dO3Xvr8gzQrybKr4ygZKP7tWPMe2haTHxaKT4MxWHssq/xnHXXfDvqq0rli+Pmtqwxrlrba9HS1p/0/+qMtCpV1/fHk61taOaClkiRJOutyK+9lc0m1XK60QZJcT4BHQC5WK7HkvwDwiCi/0d+fT0eqs+P14+BH270TURwBpXEvZI/SmkJxBDs4UBobtbdo/3+IiNNzD26Xr8F22vEHADbfxycibp4sXXeUH6U1+fhTVbnfRmluaCAifhcRuyLi99n1yx8jimX/HBF/qdqmb9VZgPbS/FOV+uufr7uzRPXlatOk13+PZ3Nbtdd/lZoPtGVLfcX423Nnzk1NHsiOyVC0d6bLI/UvXbmt9skTd95utP/B7Pqv/Ej3nz4vlsj/WFhyg25ibGbsYeMuu3e9eGCv1cT/XRQn8ArZ5FX6tDsi/rqB10+P2bn/vf+3Rutr4k/jrIv/rcYvXthAhZZI3o34b+n8z0XN+S8F35GlhmcuvDo8feXqY+eq5ydHjh4ZPTzcFVOTB4bLraLeF1/deCZL1g0jVjj/5a7R0om0e9ej6zfLtv/KzOVAmqrM106vfx837t5sOKbZaPvvyD1XTJfnZy+PzcxcGonoyM3V548ubnt5rLumfNr+h/Yt3/93RfzyTrbdnohIG/HfI+IfEbE3q/s/I+JfEbFvhfg/O/nvlxsNIVePv7XS+CfWdf4bJY5/GbH8qrbzn35Ut+M3B+vib48HtxfqJszT83+omBrKcibGZrpWi2ulmlYnHuLQAQAAwLaxNyJ6I5ffn91o6o18fv/+iJ7KHZTpmf+feeW1ixOl7wgMRHu+fKerv+p+6Eh2bzhdTrcarVpO1x8s3jdOkiTpTpfT8ftU39aGDjteT4P+n/qhbatrB7TcuubRGn2jDdiWlvb/u2vesvkfyAA2VxM+RwNsU/o/7Fxr7v+t+hYcsGWW6//XIha2oCrAJluu/z9fl3N8U+oCbC7jf9i5Nt7/fRgAtjvv/7AjrelL8htI7Dq1QplcoTU7bZzIRynx/YulsJf+CsBARDmnfE2z8gt+m49oTg3bHj7AtMZZTnfNOc0vu1VXNOOoRn7VMoV1/BBDw0R3k45zTSK/mJNbpXB3nH/6TkubaGd9g1zaeiuN7Vo5cbXVXabYCd7bwn9NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATfFrAAAA///c8MWj") lseek(r0, 0x10001, 0x0) 5.709151227s ago: executing program 1 (id=95): r0 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00') seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) pread64(r0, 0x0, 0x0, 0x66) 5.641926251s ago: executing program 0 (id=97): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x4361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}}, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r4, &(0x7f0000000440)="800000800000cd7a0000edf5c711", 0xe, 0x4000040, &(0x7f00000001c0)={0x11, 0x8100, r3, 0x1, 0xd8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x36}}, 0x14) 5.456082682s ago: executing program 1 (id=98): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) getxattr(0x0, 0x0, 0x0, 0x0) 5.214424156s ago: executing program 1 (id=101): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}}, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) 5.063811325s ago: executing program 1 (id=102): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0xa, 0xbf7ffffb) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000580)={'filter\x00', 0x2, [{}, {}]}, 0x48) 4.880745675s ago: executing program 0 (id=105): io_setup(0x2, 0x0) r0 = syz_open_dev$vcsn(0x0, 0x1, 0x400) write$cgroup_int(r0, 0x0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xbfffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x5}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x33, 0xee, 0x9, 0xac5b, 0x80000001, 0xa5ca, 0xdb3, 0x3, 0x7}}}}]}, 0x58}}, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r6, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r8, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accb", 0x26}], 0x1}, 0x4) 2.996467856s ago: executing program 2 (id=108): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff0000000002"], 0x7c}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="02030003130000002cbd7040fcdbdf2503000900800000001cdc0dca1d9f68846960e56de42944af05000600000000000a004e2300000007ff010000000000000000000000000001010000800000000002000100000000000000070c0000008005000500000000000a004e23000000fffe8000000000000000000000000000aaff01000000000000020013"], 0x98}, 0x1, 0x7}, 0x0) 2.740492641s ago: executing program 3 (id=111): r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) r1 = dup(r0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x80000) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, 0x0) 2.589069449s ago: executing program 3 (id=112): set_mempolicy(0x3, &(0x7f0000000040)=0x404000000ffb, 0x12) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002800500190084"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@newqdisc={0x24, 0x24, 0x1, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x7}, {0xffff, 0xffff}, {0x5, 0x7ff9}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x841) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.271784488s ago: executing program 2 (id=113): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x4361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}}, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r4, &(0x7f0000000440)="800000800000cd7a0000edf5c711", 0xe, 0x4000040, &(0x7f00000001c0)={0x11, 0x8100, r3, 0x1, 0xd8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x36}}, 0x14) 1.012737891s ago: executing program 0 (id=114): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1, 0x8}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=@newtfilter={0x60, 0x2c, 0xd27, 0x30bd29, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0xffe0, 0xf}, {}, {0x10, 0x9}}, [@filter_kind_options=@f_flow={{0x9}, {0x30, 0x2, [@TCA_FLOW_EMATCHES={0x2c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xff}}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x1000, 0x3, 0xc}, {0xfffffffd, 0x4, 0x3f0, 0x20005}}}]}]}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x20048084}, 0x2008c010) 929.150066ms ago: executing program 3 (id=115): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b7000000fe000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff000000003c040100000000002d400200000000004704000001ed00007b130000000000001d440200000000007a0a00fe00ffffffc3030000e1000000b5f10000000000009500000000000000023bc065b7a379d17cf9333379fc9e94af69912435f1a864a710aad58db6a6c3692e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5be14ecf7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b"], 0x0, 0xa}, 0x94) writev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000300)="10", 0x1}], 0x1) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000300)=""/8, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x4}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0xb6) 928.945836ms ago: executing program 2 (id=116): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000170900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}}, 0x2000c450) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0xb1954759f25c9ac2}, 0x4000080) 875.659109ms ago: executing program 3 (id=117): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r0, &(0x7f00000060c0)=[{{0x0, 0x0, &(0x7f00000035c0)=[{&(0x7f0000001040)="fc", 0x1}], 0x1}}], 0x1, 0x4000000) writev(r0, &(0x7f0000000940)=[{&(0x7f0000000340)="c8", 0x1}], 0x1) 814.003033ms ago: executing program 2 (id=118): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x72, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810df}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) r3 = openat$sndseq(0xffffffffffffff9c, 0x0, 0xa8c01) write$sndseq(r3, &(0x7f0000000080)=[{0x1e, 0x0, 0x8, 0xfd, @tick=0x8, {}, {}, @result}], 0x1c) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x40505330, &(0x7f0000000bc0)={0x800100, 0x0, 0x0, 0x724f, 0x0, 0x55a}) 721.160119ms ago: executing program 0 (id=119): chmod(&(0x7f0000000d00)='./file0\x00', 0x46) 721.010768ms ago: executing program 3 (id=120): syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000540)='./file0\x00', 0x1204018, &(0x7f0000000240)=ANY=[@ANYBLOB="6f76657272696465726f636b7065726d2c6e6f636f6d70726573732c686964652c73657373696f6e3d3078303030303030303030303030303032312c756e686964652c696f636861727365743d63703433372c6f76657272696465726f636b7065726d2c626c6f636b3d3078303030303030303030303030303430302c005fb50aab29cf1d32d24be5ab2a6506aa524c8f1cd5781842ee1c86bee627767fee958f25bb6db8e631262ed8a59d337d730b6698271aeb8c31c1902a7e236e5dd878e6c1352c0c799d8e80d7346f8d2870acebe617c694bbb925d3ab4fb01784c564c03d88c81d2f84f58e8c6ba18548f09fa6"], 0x1, 0x56f, &(0x7f0000000b00)="$eJzs3V1v08gawPHHpYUoR6qODkcIVQWGco5UpBKcBIIirnycSTqQ2JHtoPaKU9EUVaRwRDnSthfLcsPuSrsfgtv9EPuN0N7vXrCynfQtb6zSNgj9f1E7E3vsecaNZurWHgsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDLrdh23pK68Vpraji3EviNw7fdrfsWyO1jyYh6Raz4SzIZuZouuvrPw9VX4m9L//02fbcomTjJyP7frvz94eXZmd72IwI+F7t7+y82Op3262kHcnZ+/3Rp+Mqa9kzom4ZT08qEviqXSvbd1Wqoqqauw/Uw0g3lBtqJ/EAtu7dVvlwuKp1b91tereLUdW/hgzsF2y6pR7mmdoLQ9+4+yoXuqqnXjVdLysSr4zIP4g/iYxOpSDsNpba2O+3iuBbEhfKfU6gwrlDBLhTy+UIhX7pfvv/Atmf7FtgnSF+J6X9oMV2n2HsDk5npjv9SFyOetGRN1MCXKxUJxJfGkPVdvfH/33f1yHqPjv+L6aLFq4erF+JvS3I9fXd92Pg/JJbze+3KnuzLC9mQjnSkLa+nHtH5vmqixRMjofhipCFOskR1lygpS0lKYstTWZWqhKKkKkbqoiWUdQklEp18olwJRIsjkfgSiJJlceW2KMlLWcpSFCVacrIuvrTEk5pUxEn2siXbyXEvirKGxXhQKD+0Gdne564thRGtZfzH5E61/wYm8ak3/gMAAAAAgK+Wlfz1PT7/n5NrSa5q6tqedlgAAAAAAOAUJf/5X4yTuTh3TSzO/wEAAAAA+NpYyT12lohk5Uaa2xIruV1q0B8BLkwhRAAAAAAAMKHk///X4ySZA+WGWAfTpXARAAAAAAAAX4kfDmbfHTbHbti8ZP36mwTBnPWuufYvayeZm9fZ6V4K0HdFQFRdsOa7O0mSUprMzrp60cqkhQ4mwfzYTbbkbTeOdId9cVhBMPfHp9RBAN8NDyAjJwO4PCs/yc20zM3NNN3srUlryVZNXedcv/4wL44zPxPptej/L7e/kaT5P3qNeSsj25127tmrzmZyMN7Fe3m3051AsW8exWEH4/KsvEnmW0juuRh45OeSGzG69WYt2drutO2kTidt/0y6+czxGt/Oj6jzvSylpZa6M95mj7c/E9eZzw1rfTeK/IQtfy+30jK3lm+lyYAoCuOiKByNYvCxmDyK4rgoihNGAQDTsjVmFLKODPxDxp1eZkQvtzXutwyrr5a/+utF0qMvp2WWF5KOdXZhQI9uj+vR7QlHt1/6noE0bIyN6/35xKj6Id7gw9B6w3rBig/hhTc7/5Mru3v7d7Z3Np63n7dfFgrFkn3Ptu8XZC5pRjdh7AEADDD+GTtjS1j3xpxV/+PgkoKcPJNX0pFNWUnuNkiuOBi41+yRyxBWxpy1ZpNhMn3Cy8qIs7qLyV0Ovf0WRpY9HkPx7H8QAACco6Ux4/DnjP8rY867j4/lo8+Os0ee1gYAAM6GDj5a2eh7KwhM82m+XM470apWge8+VoGp1LQyXqQDd9Xxalo1Az/yXb8eZ56Yig5V2Go2/SBSVT9QTT80a8n0gar76PdQNxwvMm7YrGsn1Mr1vchxI1Uxoauarf/UTbiqg2TjsKldUzWuExnfU6HfClydUyrU+khBU9FeZKomznqqGZiGE2TUE7/eamhV0aEbmGbkpzvs1WW8qh80kt3mpn2wAQD4Quzu7b/Y6HTar88qc3HaLQQAACcdDtfTjgQAAAAAAAAAAAAAAAAAAAAAAAxz5vf/ncx0HwAgE+9Qzi9mMqMP+Mxp/UzJfDmZsV3H2zPtmACcuT8DAAD///GvUk8=") r0 = open(&(0x7f00000000c0)='.\x00', 0x8000, 0x50) getdents(r0, 0x0, 0x0) 668.616362ms ago: executing program 2 (id=121): syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file1\x00', 0x80, &(0x7f0000000b80)=ANY=[@ANYBLOB="636865636b3d7374726963742c757466383d312c757466383d302c757466383d312c6e66732c6572726f72733d72656d6f756e742d726f2c73686f72746e616d653d77696e6e742c00043518f9aad8a4f2c1cdb3e993cf0444d9d2d40bb509d4da042c2c85e3650de97db42c38cafa7a9d7503c3c985486cf7fc80515e9bef7e9e56fb346de370b3eb3ecbc59d343c36bf04efc3d68033308b0014b0c677ae5ef2932cc05f566112668fa4f6844dcf823618a2993da771384e8fc12467a56b33e3b00030dbfd82ea2f8ddbeb1d04bac86815ebe0b9d084d60edf56b15e74589892dce86962f611a4313120b738dddfd38d20b443570197dc795020ecf541601ef9a5618869febf769dd50261849a47e170ba166b97e76a0261d0dc1fb3e2646595f1c8b49057d94f10f7b5e35ead0a38", @ANYRES8=0x0], 0x3, 0x21f, &(0x7f0000000940)="$eJzs2j+LXFUcBuDfXRMSN2xmxH8kIB60UJtLZmqLLJKAOKBoRoiC5Ma9o8NcZ5a5w8KImK209SNYi6WdIClttvETWNhts2UK8Uoya5INY7GIO2Kep5kXzrzccziXwynu/uvffDYa1PmgmMValsXa5diNO1m0Yy3+shuvvXL95xfeu/7BW5u93pV3U7q6ea3TTSmdf/GnD7/4/qXbs3Pv/3D+xzOx1/5o/6D7295zexf2/7j26bBOwzqNJ7NUpJuTyay4WZVpa1iP8pTeqcqiLtNwXJfTI+ODarK9PU/FeGtjfXta1nUqxvM0KudpNkmz6TwVnxTDccrzPG2sB/9E/7s7TRMHzekb0TTNk9/Gudux8Wu0InsqZU9fzp69kT2/m104aJrWqqfKv8L+P94eOtTPRlRf7/R3+ovfxfjmIIZRRRmXohW/x93X5NAiX32zd+VSuqcdX1W3Dvu3dvpPHO13ohXt5f3Oop+O9s/EesTpiMN+N1rxzPJ+d2n/bLz68kPPz6MVv3wck6hiK+52H/S/7KT0xtu9R/oX7/0PAOD/Jk/3Lb2/5fnfjS/6x7gfPnK/OhUXT6127UTU889HRVWVU0EQhPth1ScTJ+HBpq96JgAAAAAAAAAAABzHSXxOuOo1AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/21/BgAA//9DWtUg") syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2901401, 0x0, 0x0, 0x0, &(0x7f000009de00)) rename(&(0x7f0000000180)='./file0\x00', &(0x7f0000000a00)='./bus/file0\x00') 645.855413ms ago: executing program 0 (id=122): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd27, 0xa000, {0x0, 0x0, 0x0, r3, {0xe, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_IPV4_SRC={0x8, 0x1b, @multicast1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0) 451.378614ms ago: executing program 2 (id=123): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000440)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x441, 0x2) truncate(&(0x7f0000000900)='./file1\x00', 0x3000000) write(r0, 0x0, 0x0) fallocate(r0, 0x8, 0x4000, 0x4000) 393.131217ms ago: executing program 3 (id=124): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x579, &(0x7f0000000a40)="$eJzs3c9rHFUcAPDvbLL9rU2hFBWRgAcrtZsm8UcFD/WsxYLe65JsQ8mmW7Kb0sSC7cGepXgRC+JdPPdY/Ac8+DcUbKFICXrwEpnN7ObX5FezSbbdzwc2vDczu2++++a9vDdvlw2gZw2mfwoRr0fE90nE8YhIsn39ke0cXDxu/tmtsfSRxMLCl38nzePSfOu1Ws87mmVei4jfv4s4U1hbbn12brJcrVams/xQY+r6UH127uzVqfJEZaJybWR09PwHoyMff/Rhx2J999K/P37xsC/LnbiXxIU4luWWx7EDt5dnBmMwe0+KcWHVgcMdKKybJLlbf9vz82B7+rJ2Xoy0DzgefVmrB15+30bEAtCjkm23/z+Lu3MmwN5qjQNac/sOzYNfGE8/XZwArY2/f/HeSBxqzo2OzCcrZkbpfHegA+WnZTx4fP9e+ojO3YcA2NTtOxFxrr9/bf+XZP3f8zu3hWOWyli8g6j/g73zMB3/vJc3/im0xz+RM/45uqLtPr/Vr7G2/ReedKCYdaXjv09yx7/tRauBviz3SnPMV0yuXK1W0r7t1Yg4HcWDaX6j9Zzz848W1tu3fPz3oHD/Xlp+ayyYnceT/oMrnzNebpR3EvNyT+9EvJE7/k3a9Z/k1H/6flzaYhmnKvffytncHD6viP9xXvy7a+GXiHdy639pRSvZeH1yqHk9DLWuirX+uXvqj/XK3+/40/o/snH8A8ny9dr69sv4+dB/lWivJ6+0Iv7Y+vV/IPmqmT6QbbtZbjSmhyMOJJ+3txda20eWntvKt45P4z/99sb9X971fzgivt5i/HdP/vrmevu6of7Hc+u/PbtdVf/bTzz67Juf1it/8/jT+n+/mTqdbdlK/7fVE9zJewcAAAAAAADdphARxyIplNrpQqFUWvx8x8k4UqjW6o0zV2oz18aj+V3ZgSgWWivdx5d9HmI4WzFs5UdW5Ucj4kRE/NB3uJkvjdWq4/sdPAAAAAAAAAAAAAAAAAAAAHSJo+t8/z/1V99+nx2w6/zkN/SuTdt/J37pCehK/v9D79L+oXdp/9C7tH/oXdo/9C7tH3pXbvs/tPfnAew9//8BAAAAAAAAAAAAAAAAAAAAAAAAAACgoy5dvJg+Fuaf3RpL8+M3ZmcmazfOjlfqk6WpmbHSWG36emmiVpuoVkpjtanNXq9aq10fHomZm0ONSr0xVJ+duzxVm7nWuHx1qjxRuVwp7klUAAAAAAAAAAAAAAAAAAAA8GKpz85NlqvVyrTEy5xIImKXiujvigAlOp3Y754JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJb8HwAA//9jbDB1") setxattr$incfs_metadata(&(0x7f0000000240)='./file1\x00', &(0x7f0000000280), &(0x7f00000002c0)="30573472b621739991c336124406e8a5c812ca847e3bf9b837c91d46ab", 0x1d, 0x1) lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f0000000000)=ANY=[], 0x361, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1800"], 0x18}, 0x0, 0x40000, 0x1}) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000000)=ANY=[], 0xfe37, 0x0) 305.593022ms ago: executing program 0 (id=125): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r0, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) r1 = syz_io_uring_setup(0x10d2, &(0x7f0000000340)={0x0, 0x6bf6, 0x100, 0x5, 0x12}, &(0x7f00000000c0)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=126): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f0000000640)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f00000005c0)={0x8, 0x0, 0xfff, 0xfffffffa}, 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000180)={0x0, 0xabe33e5d, 0xfa00, {0x0, 0x0, 0x106, 0x2}}, 0xff37) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.252' (ED25519) to the list of known hosts. [ 65.532648][ T5752] cgroup: Unknown subsys name 'net' [ 65.695120][ T5752] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 67.130603][ T5752] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 68.530734][ T5765] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.557402][ T5765] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.567611][ T5765] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.576506][ T5765] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.586804][ T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 68.599563][ T5773] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 68.607059][ T5773] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.615433][ T5773] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 68.623704][ T5773] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.631770][ T5773] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.640800][ T5775] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 68.678187][ T5774] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.686821][ T5774] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.695657][ T5774] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.703543][ T5776] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.704380][ T5774] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.718845][ T5776] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 68.722505][ T5774] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 68.727747][ T5776] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.735245][ T5774] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 68.741445][ T5776] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.748885][ T5774] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.757833][ T5776] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 68.769964][ T5776] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 69.202659][ T5763] chnl_net:caif_netlink_parms(): no params data found [ 69.283286][ T5767] chnl_net:caif_netlink_parms(): no params data found [ 69.307825][ T5766] chnl_net:caif_netlink_parms(): no params data found [ 69.318075][ T5768] chnl_net:caif_netlink_parms(): no params data found [ 69.446376][ T5763] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.453671][ T5763] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.463485][ T5763] bridge_slave_0: entered allmulticast mode [ 69.470635][ T5763] bridge_slave_0: entered promiscuous mode [ 69.480302][ T5763] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.487419][ T5763] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.494685][ T5763] bridge_slave_1: entered allmulticast mode [ 69.501533][ T5763] bridge_slave_1: entered promiscuous mode [ 69.541171][ T5767] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.548424][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.555561][ T5767] bridge_slave_0: entered allmulticast mode [ 69.562792][ T5767] bridge_slave_0: entered promiscuous mode [ 69.596717][ T5763] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.606180][ T5767] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.614588][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.621947][ T5767] bridge_slave_1: entered allmulticast mode [ 69.630116][ T5767] bridge_slave_1: entered promiscuous mode [ 69.654660][ T5763] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.673693][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.680966][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.689013][ T5768] bridge_slave_0: entered allmulticast mode [ 69.696503][ T5768] bridge_slave_0: entered promiscuous mode [ 69.705987][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.713189][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.720848][ T5768] bridge_slave_1: entered allmulticast mode [ 69.728664][ T5768] bridge_slave_1: entered promiscuous mode [ 69.791367][ T5766] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.798840][ T5766] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.806036][ T5766] bridge_slave_0: entered allmulticast mode [ 69.813416][ T5766] bridge_slave_0: entered promiscuous mode [ 69.822275][ T5766] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.829716][ T5766] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.836897][ T5766] bridge_slave_1: entered allmulticast mode [ 69.844030][ T5766] bridge_slave_1: entered promiscuous mode [ 69.852669][ T5767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.865265][ T5767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.886213][ T5763] team0: Port device team_slave_0 added [ 69.895455][ T5763] team0: Port device team_slave_1 added [ 69.922633][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.973213][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.992021][ T5766] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.002241][ T5763] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.009483][ T5763] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.036484][ T5763] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.050088][ T5763] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.057067][ T5763] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.083177][ T5763] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.096805][ T5767] team0: Port device team_slave_0 added [ 70.114080][ T5766] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.139704][ T5767] team0: Port device team_slave_1 added [ 70.148403][ T5768] team0: Port device team_slave_0 added [ 70.182522][ T5768] team0: Port device team_slave_1 added [ 70.204395][ T5766] team0: Port device team_slave_0 added [ 70.239613][ T5766] team0: Port device team_slave_1 added [ 70.249970][ T5763] hsr_slave_0: entered promiscuous mode [ 70.256426][ T5763] hsr_slave_1: entered promiscuous mode [ 70.267225][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.275017][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.301808][ T5767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.339733][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.346731][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.377647][ T5767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.402974][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.410536][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.436668][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.458685][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.465684][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.491802][ T5766] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.505875][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.512945][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.539218][ T5766] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.562561][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.569635][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.595912][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.632158][ T5767] hsr_slave_0: entered promiscuous mode [ 70.641391][ T5767] hsr_slave_1: entered promiscuous mode [ 70.647598][ T5767] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.655750][ T5767] Cannot create hsr debugfs directory [ 70.723072][ T5766] hsr_slave_0: entered promiscuous mode [ 70.730343][ T5766] hsr_slave_1: entered promiscuous mode [ 70.736429][ T5766] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.745045][ T5766] Cannot create hsr debugfs directory [ 70.745050][ T5776] Bluetooth: hci0: command tx timeout [ 70.798884][ T5768] hsr_slave_0: entered promiscuous mode [ 70.805785][ T5768] hsr_slave_1: entered promiscuous mode [ 70.812984][ T5768] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.819069][ T5774] Bluetooth: hci1: command tx timeout [ 70.820718][ T5768] Cannot create hsr debugfs directory [ 70.826457][ T5776] Bluetooth: hci2: command tx timeout [ 70.838111][ T5765] Bluetooth: hci3: command tx timeout [ 71.172049][ T5763] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 71.187611][ T5763] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 71.198892][ T5763] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 71.211514][ T5763] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 71.284115][ T5767] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 71.303624][ T5767] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 71.328220][ T5767] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 71.339538][ T5767] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 71.410722][ T5768] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 71.435930][ T5768] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 71.474269][ T5768] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 71.484018][ T5768] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 71.536509][ T5766] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 71.563488][ T5766] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.573200][ T5766] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.585840][ T5766] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.620516][ T5763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.671321][ T5763] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.695944][ T4401] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.703466][ T4401] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.716233][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.723274][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.762677][ T4401] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.769863][ T4401] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.822558][ T5767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.857290][ T5763] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.904969][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.966769][ T5767] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.003840][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.031623][ T5766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.042559][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.049803][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.089096][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.096276][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.126262][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.133452][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.156813][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.164034][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.236570][ T5766] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.263895][ T4401] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.271067][ T4401] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.297412][ T5763] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.314874][ T4401] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.322100][ T4401] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.407366][ T5766] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 72.431554][ T5766] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 72.544802][ T5763] veth0_vlan: entered promiscuous mode [ 72.583377][ T5763] veth1_vlan: entered promiscuous mode [ 72.696118][ T5763] veth0_macvtap: entered promiscuous mode [ 72.715926][ T5763] veth1_macvtap: entered promiscuous mode [ 72.746166][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.820908][ T5776] Bluetooth: hci0: command tx timeout [ 72.828160][ T5763] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.847712][ T5763] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.865801][ T5763] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.875215][ T5763] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.884517][ T5763] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.894029][ T5763] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.903328][ T5776] Bluetooth: hci2: command tx timeout [ 72.908009][ T5765] Bluetooth: hci3: command tx timeout [ 72.908910][ T5774] Bluetooth: hci1: command tx timeout [ 72.943790][ T5767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.000874][ T5766] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.074703][ T5768] veth0_vlan: entered promiscuous mode [ 73.099045][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.114722][ T5768] veth1_vlan: entered promiscuous mode [ 73.120394][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.193907][ T5767] veth0_vlan: entered promiscuous mode [ 73.211704][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.226761][ T5766] veth0_vlan: entered promiscuous mode [ 73.232793][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.245872][ T5767] veth1_vlan: entered promiscuous mode [ 73.275129][ T5768] veth0_macvtap: entered promiscuous mode [ 73.287506][ T5766] veth1_vlan: entered promiscuous mode [ 73.313871][ T5768] veth1_macvtap: entered promiscuous mode [ 73.376002][ T5766] veth0_macvtap: entered promiscuous mode [ 73.388153][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.400163][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.413536][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.431879][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.445937][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.457612][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.473612][ T5767] veth0_macvtap: entered promiscuous mode [ 73.488161][ T5766] veth1_macvtap: entered promiscuous mode [ 73.500826][ T5768] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.517842][ T5768] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.526879][ T5768] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.557467][ T5854] syz.1.2[5854]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 73.557847][ T5768] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.584529][ T5767] veth1_macvtap: entered promiscuous mode [ 73.594959][ T5854] loop1: detected capacity change from 0 to 512 [ 73.604450][ T5854] EXT4-fs: Ignoring removed orlov option [ 73.619296][ T5854] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 73.645003][ T5854] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 73.691827][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.705007][ T5854] EXT4-fs (loop1): 1 orphan inode deleted [ 73.711196][ T5854] EXT4-fs (loop1): 1 truncate cleaned up [ 73.718724][ T5854] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 73.723065][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.773404][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.798034][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.809983][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.815580][ T5763] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.822816][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.837260][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.848426][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.865037][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.875980][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.886926][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.924442][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.961506][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.973340][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.985374][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.996255][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.007252][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.045936][ T5767] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.056118][ T5767] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.065166][ T5767] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.078923][ T5767] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.096688][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.116811][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.143389][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.161260][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.171455][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.183468][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.195080][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.245590][ T5766] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.263767][ T5766] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.274168][ T5766] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.287835][ T5766] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.419060][ T4498] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.435994][ T4498] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.604549][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.612764][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.676293][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.687359][ T4401] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.727129][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.734928][ T4401] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.826534][ T4401] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.845193][ T4401] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.898641][ T5774] Bluetooth: hci0: command tx timeout [ 74.909837][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.917709][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.978383][ T5774] Bluetooth: hci3: command tx timeout [ 74.983850][ T5774] Bluetooth: hci1: command tx timeout [ 74.990908][ T5776] Bluetooth: hci2: command tx timeout [ 75.331599][ T5878] syzkaller0: entered promiscuous mode [ 75.347493][ T5878] syzkaller0: entered allmulticast mode [ 76.051758][ T5891] loop2: detected capacity change from 0 to 128 [ 76.119170][ T5893] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11'. [ 76.150373][ T5893] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 76.330509][ T5876] loop3: detected capacity change from 0 to 128 [ 76.345548][ T5893] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 76.382164][ T5876] EXT4-fs (loop3): VFS: Found ext4 filesystem with unknown checksum algorithm. [ 76.438568][ T5754] udevd[5754]: incorrect ext4 checksum on /dev/loop3 [ 76.472144][ T5900] loop2: detected capacity change from 0 to 512 [ 76.503523][ T5900] EXT4-fs: Ignoring removed mblk_io_submit option [ 76.542324][ T5900] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 76.626471][ T5900] EXT4-fs (loop2): 1 truncate cleaned up [ 76.634829][ T5900] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 76.679877][ T5903] syz.0.14 uses obsolete (PF_INET,SOCK_PACKET) [ 76.988009][ T5765] Bluetooth: hci0: command tx timeout [ 77.059807][ T5765] Bluetooth: hci1: command tx timeout [ 77.063743][ T5774] Bluetooth: hci2: command tx timeout [ 77.065464][ T5765] Bluetooth: hci3: command tx timeout [ 77.463387][ T5875] syz.3.4: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 77.465159][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.491927][ T5875] CPU: 0 PID: 5875 Comm: syz.3.4 Not tainted syzkaller #0 [ 77.499077][ T5875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 77.509178][ T5875] Call Trace: [ 77.512478][ T5875] [ 77.515418][ T5875] dump_stack_lvl+0x18c/0x250 [ 77.520140][ T5875] ? show_regs_print_info+0x20/0x20 [ 77.525463][ T5875] ? load_image+0x400/0x400 [ 77.530042][ T5875] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 77.536485][ T5875] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 77.543114][ T5875] warn_alloc+0x246/0x340 [ 77.547504][ T5875] ? zone_watermark_ok_safe+0x230/0x230 [ 77.553089][ T5875] ? _raw_spin_unlock+0x28/0x40 [ 77.557961][ T5875] __vmalloc_node_range+0x662/0x1330 [ 77.563269][ T5875] ? free_vm_area+0x50/0x50 [ 77.567772][ T5875] ? _raw_spin_unlock+0x28/0x40 [ 77.572637][ T5875] ? __kasan_kmalloc+0x8f/0xa0 [ 77.577400][ T5875] __vmalloc_node_range+0x568/0x1330 [ 77.582689][ T5875] ? hash_netiface_create+0x361/0xfe0 [ 77.588061][ T5875] ? __asan_memset+0x22/0x40 [ 77.592668][ T5875] ? free_vm_area+0x50/0x50 [ 77.597170][ T5875] ? kvmalloc_node+0x70/0x180 [ 77.601844][ T5875] ? rcu_is_watching+0x15/0xb0 [ 77.606631][ T5875] ? kvmalloc_node+0x70/0x180 [ 77.611419][ T5875] ? trace_kmalloc+0x1f/0x90 [ 77.616023][ T5875] kvmalloc_node+0x13f/0x180 [ 77.620621][ T5875] ? hash_netiface_create+0x361/0xfe0 [ 77.626007][ T5875] hash_netiface_create+0x361/0xfe0 [ 77.631222][ T5875] ? __lock_acquire+0x7d40/0x7d40 [ 77.636250][ T5875] ? __nla_parse+0x40/0x50 [ 77.640670][ T5875] ? hash_netport6_gc+0x560/0x560 [ 77.645693][ T5875] ip_set_create+0xad3/0x1970 [ 77.650367][ T5875] ? ip_set_create+0x4fe/0x1970 [ 77.655308][ T5875] ? ip_set_protocol+0x5b0/0x5b0 [ 77.660239][ T5875] ? trace_contention_end+0x39/0xe0 [ 77.665467][ T5875] nfnetlink_rcv_msg+0xbf0/0x12b0 [ 77.670503][ T5875] ? nfnetlink_rcv_msg+0x22a/0x12b0 [ 77.675720][ T5875] ? nfnetlink_unbind+0x160/0x160 [ 77.680785][ T5875] ? __dev_queue_xmit+0x1ac2/0x36b0 [ 77.686001][ T5875] ? __netlink_deliver_tap+0x5ab/0x830 [ 77.691473][ T5875] ? netlink_deliver_tap+0x19c/0x1b0 [ 77.696760][ T5875] ? netlink_unicast+0x72c/0x8d0 [ 77.701696][ T5875] ? netlink_sendmsg+0x8d0/0xbf0 [ 77.706632][ T5875] ? ____sys_sendmsg+0x5ba/0x960 [ 77.711571][ T5875] ? ___sys_sendmsg+0x2a6/0x360 [ 77.716417][ T5875] ? __se_sys_sendmsg+0x1c2/0x2b0 [ 77.721436][ T5875] ? do_syscall_64+0x55/0xa0 [ 77.726042][ T5875] netlink_rcv_skb+0x241/0x4d0 [ 77.730809][ T5875] ? nfnetlink_unbind+0x160/0x160 [ 77.735834][ T5875] ? netlink_ack+0x1180/0x1180 [ 77.740623][ T5875] ? apparmor_capable+0x137/0x1a0 [ 77.745647][ T5875] ? bpf_lsm_capable+0x9/0x10 [ 77.750338][ T5875] ? security_capable+0x89/0xb0 [ 77.755192][ T5875] nfnetlink_rcv+0x2c9/0x24a0 [ 77.759882][ T5875] ? __local_bh_enable_ip+0x13a/0x1c0 [ 77.765250][ T5875] ? lockdep_hardirqs_on+0x98/0x150 [ 77.770449][ T5875] ? __local_bh_enable_ip+0x13a/0x1c0 [ 77.775821][ T5875] ? _local_bh_enable+0xa0/0xa0 [ 77.780688][ T5875] ? __dev_queue_xmit+0x26b/0x36b0 [ 77.786067][ T5875] ? __dev_queue_xmit+0x26b/0x36b0 [ 77.791177][ T5875] ? __dev_queue_xmit+0x124f/0x36b0 [ 77.796387][ T5875] ? nfnetlink_net_exit_batch+0xa0/0xa0 [ 77.801945][ T5875] ? __dev_queue_xmit+0x26b/0x36b0 [ 77.807083][ T5875] ? ref_tracker_free+0x690/0x840 [ 77.812196][ T5875] ? refcount_inc+0x70/0x70 [ 77.816694][ T5875] ? __asan_memcpy+0x40/0x70 [ 77.821285][ T5875] ? __skb_clone+0x63/0x790 [ 77.825790][ T5875] ? __skb_clone+0x480/0x790 [ 77.830402][ T5875] ? __netlink_deliver_tap+0x7e8/0x830 [ 77.835872][ T5875] ? netlink_deliver_tap+0x2e/0x1b0 [ 77.841076][ T5875] ? __lock_acquire+0x7d40/0x7d40 [ 77.846195][ T5875] ? netlink_deliver_tap+0x2e/0x1b0 [ 77.851490][ T5875] netlink_unicast+0x751/0x8d0 [ 77.856390][ T5875] netlink_sendmsg+0x8d0/0xbf0 [ 77.861166][ T5875] ? netlink_getsockopt+0x590/0x590 [ 77.866375][ T5875] ? aa_sock_msg_perm+0x94/0x150 [ 77.871336][ T5875] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 77.876627][ T5875] ? security_socket_sendmsg+0x80/0xa0 [ 77.882083][ T5875] ? netlink_getsockopt+0x590/0x590 [ 77.887287][ T5875] ____sys_sendmsg+0x5ba/0x960 [ 77.892064][ T5875] ? __asan_memset+0x22/0x40 [ 77.896659][ T5875] ? __sys_sendmsg_sock+0x30/0x30 [ 77.901687][ T5875] ? __import_iovec+0x5f2/0x850 [ 77.906556][ T5875] ? import_iovec+0x73/0xa0 [ 77.911147][ T5875] ___sys_sendmsg+0x2a6/0x360 [ 77.915828][ T5875] ? __sys_sendmsg+0x2a0/0x2a0 [ 77.920631][ T5875] __se_sys_sendmsg+0x1c2/0x2b0 [ 77.925485][ T5875] ? __x64_sys_sendmsg+0x80/0x80 [ 77.930435][ T5875] ? lockdep_hardirqs_on+0x98/0x150 [ 77.935664][ T5875] do_syscall_64+0x55/0xa0 [ 77.940112][ T5875] ? clear_bhb_loop+0x40/0x90 [ 77.944801][ T5875] ? clear_bhb_loop+0x40/0x90 [ 77.949488][ T5875] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 77.955383][ T5875] RIP: 0033:0x7ff44b99aeb9 [ 77.959810][ T5875] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 77.979430][ T5875] RSP: 002b:00007ff44c80a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 77.987848][ T5875] RAX: ffffffffffffffda RBX: 00007ff44bc15fa0 RCX: 00007ff44b99aeb9 [ 77.995819][ T5875] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 78.003789][ T5875] RBP: 00007ff44ba08c1f R08: 0000000000000000 R09: 0000000000000000 [ 78.011848][ T5875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 78.019820][ T5875] R13: 00007ff44bc16038 R14: 00007ff44bc15fa0 R15: 00007ffdb832f978 [ 78.027814][ T5875] [ 78.082758][ T5875] Mem-Info: [ 78.085930][ T5875] active_anon:8589 inactive_anon:0 isolated_anon:0 [ 78.085930][ T5875] active_file:1072 inactive_file:39938 isolated_file:0 [ 78.085930][ T5875] unevictable:768 dirty:1785 writeback:0 [ 78.085930][ T5875] slab_reclaimable:9978 slab_unreclaimable:90583 [ 78.085930][ T5875] mapped:26995 shmem:4296 pagetables:531 [ 78.085930][ T5875] sec_pagetables:0 bounce:0 [ 78.085930][ T5875] kernel_misc_reclaimable:0 [ 78.085930][ T5875] free:1329769 free_pcp:11345 free_cma:0 [ 78.173900][ T5875] Node 0 active_anon:34056kB inactive_anon:0kB active_file:4288kB inactive_file:159552kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:107980kB dirty:7136kB writeback:0kB shmem:15448kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11248kB pagetables:2024kB sec_pagetables:0kB all_unreclaimable? no [ 78.242902][ T5875] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 78.275723][ T5875] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 78.316783][ T5912] ip6erspan0: entered allmulticast mode [ 78.356859][ T5875] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 78.378236][ T5875] Node 0 DMA32 free:1409804kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:34208kB inactive_anon:0kB active_file:4396kB inactive_file:158652kB unevictable:1536kB writepending:7156kB present:3129332kB managed:2586972kB mlocked:0kB bounce:0kB free_pcp:24936kB local_pcp:13864kB free_cma:0kB [ 78.457731][ T5875] lowmem_reserve[]: 0 0 0 0 0 [ 78.463342][ T5875] Node 0 Normal free:4kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:832kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 78.507521][ T5875] lowmem_reserve[]: 0 0 0 0 0 [ 78.517642][ T5875] Node 1 Normal free:3893220kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:20512kB local_pcp:9696kB free_cma:0kB [ 78.581265][ T5875] lowmem_reserve[]: 0 0 0 0 0 [ 78.591385][ T5875] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 78.627059][ T5875] Node 0 DMA32: 1*4kB (M) 3*8kB (UME) 1*16kB (E) 2*32kB (ME) 1*64kB (E) 1*128kB (E) 1*256kB (E) 2*512kB (ME) 3*1024kB (UME) 4*2048kB (ME) 341*4096kB (M) = 1409580kB [ 78.651462][ T5875] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 78.671849][ T5917] loop5: detected capacity change from 0 to 7 [ 78.686746][ T5917] Dev loop5: unable to read RDB block 7 [ 78.693729][ T5917] loop5: unable to read partition table [ 78.704081][ T5875] Node 1 Normal: 233*4kB (UME) 50*8kB (UME) 39*16kB (UME) 40*32kB (UME) 17*64kB (UME) 8*128kB (UME) 1*256kB (M) 1*512kB (U) 2*1024kB (UE) 1*2048kB (E) 948*4096kB (M) = 3893220kB [ 78.735141][ T5917] loop5: partition table beyond EOD, truncated [ 78.746499][ T5917] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 78.770809][ T5875] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 78.790216][ T5875] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 78.807802][ T5875] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 78.817684][ T5875] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 78.878184][ T5875] 45251 total pagecache pages [ 78.882966][ T5875] 0 pages in swap cache [ 78.887141][ T5875] Free swap = 124996kB [ 78.902304][ T5875] Total swap = 124996kB [ 78.906588][ T5875] 2097051 pages RAM [ 78.921518][ T5875] 0 pages HighMem/MovableOnly [ 78.926979][ T5875] 416922 pages reserved [ 78.933350][ T5875] 0 pages cma reserved [ 79.591680][ T5929] loop2: detected capacity change from 0 to 2048 [ 79.611110][ T5929] EXT4-fs: Ignoring removed mblk_io_submit option [ 79.704474][ T5929] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 80.198366][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.635509][ T5943] netlink: 8 bytes leftover after parsing attributes in process `syz.1.27'. [ 81.508032][ T5964] loop2: detected capacity change from 0 to 2048 [ 81.516402][ T5964] EXT4-fs: Ignoring removed mblk_io_submit option [ 81.554560][ T5966] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 81.586309][ T5964] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.178391][ T27] cfg80211: failed to load regulatory.db [ 82.406253][ T5978] syzkaller0: entered promiscuous mode [ 82.411942][ T5978] syzkaller0: entered allmulticast mode [ 82.444385][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.922445][ T5995] batman_adv: batadv0: Adding interface: dummy0 [ 82.947955][ T5995] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.990162][ T5995] batman_adv: batadv0: Interface activated: dummy0 [ 83.037203][ T6000] batadv0: mtu less than device minimum [ 83.054781][ T6000] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 83.067615][ T6000] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 83.080118][ T6000] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 83.092591][ T6000] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 83.105150][ T6000] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 83.117776][ T6000] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 83.130255][ T6000] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 83.142800][ T6000] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 83.155309][ T6000] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 83.186958][ T6002] netlink: 60 bytes leftover after parsing attributes in process `syz.2.49'. [ 83.225123][ T6002] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 83.241371][ T6002] bridge1: entered promiscuous mode [ 83.246728][ T6002] bridge1: entered allmulticast mode [ 83.609550][ T6009] syzkaller0: entered promiscuous mode [ 83.631098][ T6009] syzkaller0: entered allmulticast mode [ 83.696953][ T6017] netlink: 76 bytes leftover after parsing attributes in process `syz.0.56'. [ 83.743244][ T6018] syzkaller0: entered promiscuous mode [ 83.774555][ T6018] syzkaller0: entered allmulticast mode [ 83.823448][ T6020] loop0: detected capacity change from 0 to 736 [ 83.981781][ T6024] loop2: detected capacity change from 0 to 512 [ 84.019225][ T6026] netlink: 96 bytes leftover after parsing attributes in process `syz.1.60'. [ 84.019685][ T6024] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 84.049815][ T6020] rock: directory entry would overflow storage [ 84.093963][ T6020] rock: sig=0x3b10, size=4, remaining=3 [ 84.109875][ T6024] EXT4-fs error (device loop2): ext4_init_orphan_info:584: comm syz.2.59: inode #0: comm syz.2.59: iget: illegal inode # [ 84.166364][ T6024] EXT4-fs (loop2): Remounting filesystem read-only [ 84.214030][ T6031] netlink: 68 bytes leftover after parsing attributes in process `syz.0.63'. [ 84.218602][ T6024] EXT4-fs (loop2): get orphan inode failed [ 84.262716][ T6024] EXT4-fs (loop2): mount failed [ 84.625871][ T6039] syzkaller0: entered promiscuous mode [ 84.637706][ T6039] syzkaller0: entered allmulticast mode [ 84.949340][ T6048] syzkaller0: entered promiscuous mode [ 84.954866][ T6048] syzkaller0: entered allmulticast mode [ 85.301508][ T6062] netlink: 8 bytes leftover after parsing attributes in process `syz.1.76'. [ 85.480311][ T6066] syzkaller0: entered promiscuous mode [ 85.485844][ T6066] syzkaller0: entered allmulticast mode [ 85.604103][ T6074] loop3: detected capacity change from 0 to 128 [ 85.850071][ T6079] netlink: 'syz.2.85': attribute type 4 has an invalid length. [ 85.929751][ T6079] netlink: 'syz.2.85': attribute type 4 has an invalid length. [ 85.952005][ T6083] syzkaller0: entered promiscuous mode [ 85.959673][ T6083] syzkaller0: entered allmulticast mode [ 86.521404][ T6096] loop1: detected capacity change from 0 to 512 [ 86.558889][ T6096] ======================================================= [ 86.558889][ T6096] WARNING: The mand mount option has been deprecated and [ 86.558889][ T6096] and is ignored by this kernel. Remove the mand [ 86.558889][ T6096] option from the mount to silence this warning. [ 86.558889][ T6096] ======================================================= [ 86.633850][ T6099] syzkaller0: entered promiscuous mode [ 86.641745][ T6099] syzkaller0: entered allmulticast mode [ 86.652163][ T6096] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 86.667582][ T6096] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e02c, mo2=0002] [ 86.678248][ T6096] EXT4-fs (loop1): orphan cleanup on readonly fs [ 86.696628][ T6096] EXT4-fs error (device loop1): ext4_orphan_get:1424: comm syz.1.91: bad orphan inode 267 [ 86.760193][ T6096] EXT4-fs (loop1): Remounting filesystem read-only [ 86.800148][ T6096] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 86.899610][ T6102] syzkaller0: entered promiscuous mode [ 86.905240][ T6102] syzkaller0: entered allmulticast mode [ 86.922865][ T5763] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 87.130617][ T6106] netlink: 68 bytes leftover after parsing attributes in process `syz.2.96'. [ 87.136662][ T6108] syzkaller0: entered promiscuous mode [ 87.141736][ T28] audit: type=1326 audit(1770186296.504:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6103 comm="syz.1.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5b279aeb9 code=0x7ffc0000 [ 87.151898][ T6108] syzkaller0: entered allmulticast mode [ 87.177963][ T6106] netlink: 8 bytes leftover after parsing attributes in process `syz.2.96'. [ 87.198248][ T28] audit: type=1326 audit(1770186296.504:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6103 comm="syz.1.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5b279aeb9 code=0x7ffc0000 [ 87.288393][ T28] audit: type=1326 audit(1770186296.514:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6103 comm="syz.1.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5b279aeb9 code=0x7ffc0000 [ 87.355695][ T28] audit: type=1326 audit(1770186296.514:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6103 comm="syz.1.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5b279aeb9 code=0x7ffc0000 [ 87.413510][ T28] audit: type=1326 audit(1770186296.514:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6103 comm="syz.1.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5b279aeb9 code=0x7ffc0000 [ 87.426762][ T6114] loop3: detected capacity change from 0 to 2048 [ 87.473220][ T28] audit: type=1326 audit(1770186296.514:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6103 comm="syz.1.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7fa5b279aeb9 code=0x7ffc0000 [ 87.542114][ T6114] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.564706][ T28] audit: type=1326 audit(1770186296.514:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6103 comm="syz.1.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5b279aeb9 code=0x7ffc0000 [ 87.664571][ T28] audit: type=1326 audit(1770186296.514:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6103 comm="syz.1.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fa5b279aeb9 code=0x7ffc0000 [ 87.687848][ T28] audit: type=1326 audit(1770186296.514:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6103 comm="syz.1.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fa5b279aeb9 code=0x7ffc0000 [ 87.719091][ T28] audit: type=1800 audit(1770186297.014:11): pid=6114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.99" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 87.815130][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.625965][ T6136] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.634764][ T6136] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.149378][ T6136] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 89.198658][ T6136] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 89.519297][ T6136] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.528495][ T6136] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.537391][ T6136] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.546947][ T6136] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.702348][ T6136] syz.3.106 (6136) used greatest stack depth: 20264 bytes left [ 89.746697][ T6142] syzkaller0: entered promiscuous mode [ 89.769086][ T6142] syzkaller0: entered allmulticast mode [ 89.886037][ T6150] netlink: 24 bytes leftover after parsing attributes in process `syz.3.110'. [ 91.582227][ T6159] netlink: 8 bytes leftover after parsing attributes in process `syz.3.112'. [ 91.591348][ T6159] netlink: 12 bytes leftover after parsing attributes in process `syz.3.112'. [ 91.609449][ T6159] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.619069][ T6159] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.628006][ T6159] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.636723][ T6159] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.669857][ T6159] Zero length message leads to an empty skb [ 92.047713][ T6189] loop3: detected capacity change from 0 to 164 [ 92.083925][ T6193] loop2: detected capacity change from 0 to 128 [ 92.121374][ T6189] ISOFS: unable to read i-node block [ 92.126967][ T6189] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 92.346359][ T6198] loop2: detected capacity change from 0 to 512 [ 92.407414][ T6200] loop3: detected capacity change from 0 to 1024 [ 92.417099][ T6198] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.475994][ T6198] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.507524][ T6200] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 92.624202][ T6200] ================================================================== [ 92.632360][ T6200] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x94b/0x1e90 [ 92.640117][ T6200] Read of size 18446744073709551588 at addr ffff888018699840 by task syz.3.124/6200 [ 92.649596][ T6200] [ 92.651940][ T6200] CPU: 0 PID: 6200 Comm: syz.3.124 Not tainted syzkaller #0 [ 92.659248][ T6200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 92.669421][ T6200] Call Trace: [ 92.672727][ T6200] [ 92.675677][ T6200] dump_stack_lvl+0x18c/0x250 [ 92.680390][ T6200] ? read_lock_is_recursive+0x20/0x20 [ 92.685799][ T6200] ? show_regs_print_info+0x20/0x20 [ 92.691028][ T6200] ? load_image+0x400/0x400 [ 92.695551][ T6200] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 92.701035][ T6200] ? __virt_addr_valid+0x18c/0x540 [ 92.706181][ T6200] ? __virt_addr_valid+0x469/0x540 [ 92.711324][ T6200] print_report+0xa8/0x210 [ 92.715769][ T6200] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 92.721260][ T6200] kasan_report+0x117/0x150 [ 92.725790][ T6200] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 92.731292][ T6200] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 92.736785][ T6200] kasan_check_range+0x241/0x290 [ 92.741756][ T6200] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 92.747287][ T6200] __asan_memmove+0x29/0x70 [ 92.751831][ T6200] ext4_xattr_set_entry+0x94b/0x1e90 [ 92.757162][ T6200] ext4_xattr_block_set+0xae8/0x32b0 [ 92.762481][ T6200] ? ext4_destroy_inode+0x200/0x200 [ 92.767724][ T6200] ? proc_nr_inodes+0x230/0x230 [ 92.772600][ T6200] ? do_raw_spin_unlock+0x121/0x230 [ 92.777844][ T6200] ? _raw_spin_unlock+0x28/0x40 [ 92.782728][ T6200] ? ext4_xattr_block_find+0x350/0x350 [ 92.788223][ T6200] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 92.793740][ T6200] ext4_xattr_set_handle+0x1280/0x14c0 [ 92.799239][ T6200] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 92.805360][ T6200] ? __ext4_journal_start_sb+0x259/0x560 [ 92.811038][ T6200] ext4_xattr_set+0x252/0x340 [ 92.815752][ T6200] ? end_current_label_crit_section+0x170/0x170 [ 92.822036][ T6200] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 92.827625][ T6200] ? posix_xattr_acl+0x93/0xb0 [ 92.832417][ T6200] ? ext4_xattr_trusted_get+0x40/0x40 [ 92.837832][ T6200] __vfs_setxattr+0x431/0x470 [ 92.842547][ T6200] __vfs_setxattr_noperm+0x12d/0x5e0 [ 92.847872][ T6200] vfs_setxattr+0x16b/0x2f0 [ 92.852408][ T6200] ? xattr_permission+0x470/0x470 [ 92.857466][ T6200] ? __mnt_want_write+0x223/0x2a0 [ 92.862534][ T6200] ? path_setxattr+0x3a1/0x5d0 [ 92.867330][ T6200] path_setxattr+0x3f3/0x5d0 [ 92.871957][ T6200] ? simple_xattrs_free+0x150/0x150 [ 92.877199][ T6200] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 92.883208][ T6200] ? lock_chain_count+0x20/0x20 [ 92.888091][ T6200] __x64_sys_lsetxattr+0xb8/0xd0 [ 92.893071][ T6200] do_syscall_64+0x55/0xa0 [ 92.897517][ T6200] ? clear_bhb_loop+0x40/0x90 [ 92.902218][ T6200] ? clear_bhb_loop+0x40/0x90 [ 92.906918][ T6200] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 92.912925][ T6200] RIP: 0033:0x7ff44b99aeb9 [ 92.917373][ T6200] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 92.937095][ T6200] RSP: 002b:00007ff44c80a028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 92.945629][ T6200] RAX: ffffffffffffffda RBX: 00007ff44bc15fa0 RCX: 00007ff44b99aeb9 [ 92.953630][ T6200] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00002000000001c0 [ 92.961631][ T6200] RBP: 00007ff44ba08c1f R08: 0000000000000000 R09: 0000000000000000 [ 92.969628][ T6200] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 92.977627][ T6200] R13: 00007ff44bc16038 R14: 00007ff44bc15fa0 R15: 00007ffdb832f978 [ 92.985633][ T6200] [ 92.988667][ T6200] [ 92.991019][ T6200] Allocated by task 6200: [ 92.995353][ T6200] kasan_set_track+0x4e/0x70 [ 92.999973][ T6200] __kasan_kmalloc+0x8f/0xa0 [ 93.004586][ T6200] __kmalloc_node_track_caller+0xb2/0x230 [ 93.010513][ T6200] kmemdup+0x2b/0x70 [ 93.014434][ T6200] ext4_xattr_block_set+0x9ea/0x32b0 [ 93.019745][ T6200] ext4_xattr_set_handle+0x1280/0x14c0 [ 93.025225][ T6200] ext4_xattr_set+0x252/0x340 [ 93.029946][ T6200] __vfs_setxattr+0x431/0x470 [ 93.034652][ T6200] __vfs_setxattr_noperm+0x12d/0x5e0 [ 93.040045][ T6200] vfs_setxattr+0x16b/0x2f0 [ 93.044569][ T6200] path_setxattr+0x3f3/0x5d0 [ 93.049444][ T6200] __x64_sys_lsetxattr+0xb8/0xd0 [ 93.054405][ T6200] do_syscall_64+0x55/0xa0 [ 93.058924][ T6200] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 93.064831][ T6200] [ 93.067245][ T6200] Last potentially related work creation: [ 93.072962][ T6200] kasan_save_stack+0x3e/0x60 [ 93.077657][ T6200] __kasan_record_aux_stack+0xaf/0xc0 [ 93.083048][ T6200] call_rcu+0x153/0x950 [ 93.087237][ T6200] rht_deferred_worker+0x1ad9/0x22a0 [ 93.092573][ T6200] process_scheduled_works+0xa5d/0x15d0 [ 93.098142][ T6200] worker_thread+0xa55/0xfc0 [ 93.102747][ T6200] kthread+0x2fa/0x390 [ 93.106827][ T6200] ret_from_fork+0x48/0x80 [ 93.111259][ T6200] ret_from_fork_asm+0x11/0x20 [ 93.116040][ T6200] [ 93.118369][ T6200] The buggy address belongs to the object at ffff888018699800 [ 93.118369][ T6200] which belongs to the cache kmalloc-1k of size 1024 [ 93.132452][ T6200] The buggy address is located 64 bytes inside of [ 93.132452][ T6200] 1024-byte region [ffff888018699800, ffff888018699c00) [ 93.145745][ T6200] [ 93.148085][ T6200] The buggy address belongs to the physical page: [ 93.154518][ T6200] page:ffffea000061a600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18698 [ 93.164695][ T6200] head:ffffea000061a600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 93.173650][ T6200] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 93.181645][ T6200] page_type: 0xffffffff() [ 93.185993][ T6200] raw: 00fff00000000840 ffff888017c41dc0 dead000000000100 dead000000000122 [ 93.194605][ T6200] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 93.203200][ T6200] page dumped because: kasan: bad access detected [ 93.209633][ T6200] page_owner tracks the page as allocated [ 93.215357][ T6200] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 2519099117, free_ts 0 [ 93.235011][ T6200] post_alloc_hook+0x1c1/0x200 [ 93.239805][ T6200] get_page_from_freelist+0x1951/0x19e0 [ 93.245380][ T6200] __alloc_pages+0x1f0/0x460 [ 93.249995][ T6200] alloc_page_interleave+0x24/0x1e0 [ 93.255224][ T6200] alloc_slab_page+0x5d/0x160 [ 93.260008][ T6200] new_slab+0x87/0x2d0 [ 93.264103][ T6200] ___slab_alloc+0xc5d/0x12f0 [ 93.268808][ T6200] __kmem_cache_alloc_node+0x19e/0x250 [ 93.274301][ T6200] __kmalloc_node+0xa4/0x230 [ 93.278916][ T6200] kvmalloc_node+0x70/0x180 [ 93.283442][ T6200] rhashtable_init+0x57f/0xa80 [ 93.288223][ T6200] netlink_proto_init+0x9f/0x180 [ 93.293192][ T6200] do_one_initcall+0x242/0x790 [ 93.297980][ T6200] do_initcall_level+0x137/0x1f0 [ 93.302944][ T6200] do_initcalls+0x69/0xd0 [ 93.307293][ T6200] kernel_init_freeable+0x3ed/0x580 [ 93.312503][ T6200] page_owner free stack trace missing [ 93.317881][ T6200] [ 93.320207][ T6200] Memory state around the buggy address: [ 93.325850][ T6200] ffff888018699700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.333926][ T6200] ffff888018699780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.342003][ T6200] >ffff888018699800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 93.350351][ T6200] ^ [ 93.356517][ T6200] ffff888018699880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 93.364590][ T6200] ffff888018699900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 93.372666][ T6200] ================================================================== [ 93.399686][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.413251][ T6200] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 93.420503][ T6200] CPU: 0 PID: 6200 Comm: syz.3.124 Not tainted syzkaller #0 [ 93.427805][ T6200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 93.437875][ T6200] Call Trace: [ 93.441166][ T6200] [ 93.444106][ T6200] dump_stack_lvl+0x18c/0x250 [ 93.448813][ T6200] ? show_regs_print_info+0x20/0x20 [ 93.454030][ T6200] ? load_image+0x400/0x400 [ 93.458560][ T6200] panic+0x2dc/0x730 [ 93.462473][ T6200] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 93.468645][ T6200] ? bpf_jit_dump+0xd0/0xd0 [ 93.473172][ T6200] ? _raw_spin_unlock_irqrestore+0x111/0x120 [ 93.479249][ T6200] ? _raw_spin_unlock+0x40/0x40 [ 93.484127][ T6200] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 93.489608][ T6200] check_panic_on_warn+0x84/0xa0 [ 93.494568][ T6200] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 93.500051][ T6200] end_report+0x6f/0x130 [ 93.504331][ T6200] kasan_report+0x128/0x150 [ 93.508849][ T6200] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 93.514344][ T6200] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 93.519836][ T6200] kasan_check_range+0x241/0x290 [ 93.524792][ T6200] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 93.530284][ T6200] __asan_memmove+0x29/0x70 [ 93.534794][ T6200] ext4_xattr_set_entry+0x94b/0x1e90 [ 93.540090][ T6200] ext4_xattr_block_set+0xae8/0x32b0 [ 93.545374][ T6200] ? ext4_destroy_inode+0x200/0x200 [ 93.550571][ T6200] ? proc_nr_inodes+0x230/0x230 [ 93.555418][ T6200] ? do_raw_spin_unlock+0x121/0x230 [ 93.560618][ T6200] ? _raw_spin_unlock+0x28/0x40 [ 93.565491][ T6200] ? ext4_xattr_block_find+0x350/0x350 [ 93.570952][ T6200] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 93.576330][ T6200] ext4_xattr_set_handle+0x1280/0x14c0 [ 93.581883][ T6200] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 93.587866][ T6200] ? __ext4_journal_start_sb+0x259/0x560 [ 93.593500][ T6200] ext4_xattr_set+0x252/0x340 [ 93.598177][ T6200] ? end_current_label_crit_section+0x170/0x170 [ 93.604418][ T6200] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 93.610053][ T6200] ? posix_xattr_acl+0x93/0xb0 [ 93.614892][ T6200] ? ext4_xattr_trusted_get+0x40/0x40 [ 93.620269][ T6200] __vfs_setxattr+0x431/0x470 [ 93.624955][ T6200] __vfs_setxattr_noperm+0x12d/0x5e0 [ 93.630254][ T6200] vfs_setxattr+0x16b/0x2f0 [ 93.634762][ T6200] ? xattr_permission+0x470/0x470 [ 93.639778][ T6200] ? __mnt_want_write+0x223/0x2a0 [ 93.644814][ T6200] ? path_setxattr+0x3a1/0x5d0 [ 93.649663][ T6200] path_setxattr+0x3f3/0x5d0 [ 93.654348][ T6200] ? simple_xattrs_free+0x150/0x150 [ 93.659656][ T6200] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 93.665641][ T6200] ? lock_chain_count+0x20/0x20 [ 93.670489][ T6200] __x64_sys_lsetxattr+0xb8/0xd0 [ 93.675425][ T6200] do_syscall_64+0x55/0xa0 [ 93.679837][ T6200] ? clear_bhb_loop+0x40/0x90 [ 93.684528][ T6200] ? clear_bhb_loop+0x40/0x90 [ 93.689291][ T6200] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 93.695180][ T6200] RIP: 0033:0x7ff44b99aeb9 [ 93.699591][ T6200] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 93.719801][ T6200] RSP: 002b:00007ff44c80a028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 93.728301][ T6200] RAX: ffffffffffffffda RBX: 00007ff44bc15fa0 RCX: 00007ff44b99aeb9 [ 93.736263][ T6200] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00002000000001c0 [ 93.744231][ T6200] RBP: 00007ff44ba08c1f R08: 0000000000000000 R09: 0000000000000000 [ 93.752194][ T6200] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 93.760167][ T6200] R13: 00007ff44bc16038 R14: 00007ff44bc15fa0 R15: 00007ffdb832f978 [ 93.768195][ T6200] [ 93.771562][ T6200] Kernel Offset: disabled [ 93.775892][ T6200] Rebooting in 86400 seconds..