last executing test programs: 1m31.134324031s ago: executing program 2 (id=259): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x4004743c, 0x40b942b37d0000) 1m17.910855529s ago: executing program 2 (id=259): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x4004743c, 0x40b942b37d0000) 1m2.978079166s ago: executing program 2 (id=259): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x4004743c, 0x40b942b37d0000) 46.971678178s ago: executing program 2 (id=259): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x4004743c, 0x40b942b37d0000) 28.759739942s ago: executing program 2 (id=259): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x4004743c, 0x40b942b37d0000) 12.305182826s ago: executing program 2 (id=259): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x4004743c, 0x40b942b37d0000) 2.042781099s ago: executing program 1 (id=1231): r0 = socket$rds(0x15, 0x5, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001300)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c3000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}], 0x1}}], 0x48}, 0x0) 1.85042354s ago: executing program 3 (id=1233): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x20c006, &(0x7f0000000200)={[{@i_version}, {@mblk_io_submit}, {@dax_never}, {@lazytime}, {@block_validity}, {@data_err_abort}], [{@seclabel}]}, 0x1, 0x43d, &(0x7f0000000900)="$eJzs281vG0UbAPBn7SR9+/FSU5WPpgUCBRHxkTRpKT1wAYHEASQkOJRjSNIq1G1QEyRaRRAQKkdUiTviiMRfwAkuCDghcYU7qlShXFrgYrTZ3cR27LQOTlzw7ydtMrM7zszj3bFnZ7IB9K2R9EcSsS8ifomI/Vm2scBI9uvmytL0HytL00nUaq//nqyWu7GyNF0ULV63t8gMRJQ+TuJwi3oXLl0+N1Wtzl7M8+OL598ZX7h0+em581NnZ8/OXpg8derE8YlnT04+05U407huDL8/f+TQy29efXX69NW3fvgqKeJviqNLRjY7+Fit1uXqeuv/delkoIcNoSPlrJvG4Gr/3x/lWD95++Olj3raOGBb1Wq12r3tDy/XgP+wJHrdAqA3ii/69P632HZo6HFHuP58dgOUxn0z37IjA1HKyww23d9200hEnF7+8/N0i+2ZhwAAaPBNOv55Kh//NSz8lKJ+XuiufA2lEhF3R8SBiDgZEQcj4p6I1bL3RcT9HdbfvEiycfxTutbhn+xIOv57Ll/bahz/FaO/qJQj/iqGy5UYTM7MVWeP5e/JaAzuSvMTm9Tx7Ys/f9ruWP34L93S+ouxYN6OawO7Gl8zM7U49U9irnf9w4jhgVbxJ2srAellcSgihrdYx9wTXx5pd+zW8Tcaqs90YZ2p9kXE49n5X46m+AvJ5uuT4/+L6uyx8eKq2OjHn6681q7+TuPvtvT872l5/a/FX0nq12sXOq/jyq+ftL2n2er1P5S80bDvvanFxYsTEUPJK1mj6/dPNpWbXC+fxj96tHX/PxDr78ThiEgv4gci4sGIeChv+8MR8UhEHN0k/u9fePTtxj1JB/FvrzT+mY7O/3piKJr3tE6Uz333dUOllegg/vT8n1hNjeZ7bufz73batbWrGQAAAP59ShGxL5LS2Fq6VBoby/6H/2DsKVXnFxafPDP/7oWZ7BmBSgyWipmubD44mw+dyG/ri/xkU/54Pm/8WXn3an5ser460+vgoc/tbdP/U7+Ve906YNt5Xgv6l/4P/Uv/h/6l/0P/atH/d/eiHcDOa/X9/0EP2gHsvKb+b9kP+oj7f+hf+j/0L/0f+tLC7rj1Q/ISEhsSUbojmiGxTYlefzIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0x98BAAD///1B6is=") stat(&(0x7f0000000300)='./file1/file0\x00', &(0x7f0000000340)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(r0, 0x8, &(0x7f00000002c0)=0x200002) 1.7665445s ago: executing program 1 (id=1235): socket$inet6_sctp(0xa, 0x1, 0x84) socket$pppl2tp(0x18, 0x1, 0x1) socket$kcm(0x10, 0x2, 0x10) socket(0x1d, 0x2, 0x6) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x5}, 0x0, 0x0) 1.474246772s ago: executing program 3 (id=1238): bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8911, &(0x7f0000000280)={'wlan0\x00', @multicast}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x18000000000002a0, 0x8f, 0x0, &(0x7f0000000100)="b9ff030f6044238cb89e14f088a81bff88f7ffff4000630677fbac14142c88a8a0a688a89f4b4d2f87e56dca6aab84fe13f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b62063", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) write$cgroup_devices(r4, &(0x7f0000000140)=ANY=[@ANYBLOB="1e0306003c5c980128876340860800702f1ffe80000000000000ff"], 0xffdd) r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x400454d0, 0xb) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r6}, &(0x7f0000000200), &(0x7f0000000280)=r5}, 0x20) socket$kcm(0x10, 0x2, 0x0) 1.351624653s ago: executing program 0 (id=1240): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000001640)='kfree\x00', r1}, 0x10) pread64(0xffffffffffffffff, 0x0, 0x0, 0x310) 1.259468343s ago: executing program 3 (id=1241): r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0xfffffeffffff7f7e, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmsg$inet(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="98e9bb716227d8af3e72", 0xa}], 0x1}, 0x8001) sendto(r0, &(0x7f0000000640)="a80e9c09f5ff75e7056e788027355e6cbed36b725e272406c909a2527d6355e52b8e6c89a6996d52172b4aef44f4c28abaa584c3f092344137a8f52275c8ca861b197dbb333a05a867532600297f44535f0db5cbb70d47a6", 0x58, 0x20000800, 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000006480)={&(0x7f0000c2b000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f0000005380)=""/231, 0x107f, 0x0, 0x0}, &(0x7f00000064c0)=0x40) sendmsg$OSF_MSG_REMOVE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x268, 0x1, 0x5, 0x201, 0x0, 0x0, {0x2, 0x0, 0x2}, [{{0x254, 0x1, {{0x1, 0x9}, 0x6, 0x7e, 0xf3, 0x1956, 0x21, 'syz1\x00', "da55111a7843e7c0338db4285e7e3d99b452bacba6c9a08010ff87794b888ea0", "7bf8dd79a6cef9a525f52091a00c91a9ec1318439574d8c21f98ad11cefb186d", [{0xe, 0x8001, {0x3, 0x2ff}}, {0x1, 0xf54, {0x1, 0x1}}, {0x7, 0xe16, {0x2, 0x9ad}}, {0x8, 0x9fd, {0x0, 0x8}}, {0x52f, 0x7, {0x3}}, {0x8, 0x7, {0x0, 0x13}}, {0x101, 0xd4ee, {0x2, 0x3}}, {0x24, 0x5, {0x2, 0x88}}, {0x3, 0x8b8, {0x1, 0x5}}, {0x2, 0x1, {0x1, 0x8000}}, {0xd, 0x3, {0x3, 0x400}}, {0xd5, 0x2, {0x1, 0xb9ca}}, {0x8, 0x6, {0x2, 0x7f4}}, {0xe2, 0x9, {0x1, 0xc7b7}}, {0x2f, 0x7, {0x1, 0x3}}, {0x7ff, 0x7, {0x1, 0x7}}, {0xe00, 0x8000, {0x0, 0x1}}, {0x80, 0x7, {0x0, 0x7}}, {0x2, 0x0, {0x2, 0x3}}, {0x5, 0xb, {0x2, 0x1}}, {0x5, 0xf, {0x0, 0x4}}, {0xd, 0x3, {0x1, 0xaa0}}, {0x9, 0x1, {0x0, 0x6}}, {0x1ff, 0x636b, {0x1, 0x4}}, {0x8, 0x9, {0x2, 0xc}}, {0x6e53, 0xc, {0x2c5c7c1dd87d2863, 0x9}}, {0x7fff, 0x3, {0x1, 0x4}}, {0x4, 0x5, {0x2, 0x9}}, {0x400, 0x101, {0x3, 0x5}}, {0x1000, 0x9, {0x1}}, {0x5, 0x5, {0x1, 0x8}}, {0x6, 0x15d8, {0x1, 0x3}}, {0x5471, 0x5, {0x2, 0x6}}, {0x4, 0x8, {0x0, 0x8}}, {0x6, 0x4, {0x3, 0x20a80}}, {0x8, 0x0, {0x0, 0x5}}, {0x4, 0x3, {0x3, 0x8}}, {0x95, 0x9, {0x2, 0x80000001}}, {0xa9, 0x6, {0x1, 0x5}}, {0x81, 0x7cc9, {0x3, 0xe}}]}}}]}, 0x268}, 0x1, 0x0, 0x0, 0x200080c5}, 0x8000) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 1.210077464s ago: executing program 0 (id=1243): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0, 0x0, 0xffffffffffffffff}, 0x13) r1 = socket$kcm(0x29, 0x5, 0x0) sendmsg(r1, &(0x7f0000003680)={0x0, 0x0, &(0x7f0000003140)=[{&(0x7f0000002d80)="0f", 0x1}, {0x0, 0x2}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0, 0x4d}, {0x0}], 0x9}, 0x0) 1.103633164s ago: executing program 0 (id=1244): syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000980)='./file1\x00', 0x280809a, &(0x7f0000000f40)=ANY=[], 0xd, 0x2b2, &(0x7f00000006c0)="$eJzs3U9rY1UUAPDz0jR9OosUcaMIPtCFqzJ166ZRRhC7UiKoCw3ODEgSBqYQmArGruYTuPR7+BHcuPEbDLgV3E0XlSfvX/7ga402VXR+v9Xh3nfuPXm3TbLJeZ+/Mh3ffZDE2dMnkaZJdI7iKM6T2I9ONL6JbgAA/x/neR6/5mWY5JUNM7udGy0MALgx1ef/X/rgBwD+4z78+JP3B8fHdz7IsjRe6j+eDZOImD6eDav5wf34MiZxL25HPy4i8oUqfve94zvRzQr78fp0PhsWmdPPfqzXH/wSUeYfRj/22/MPs8pK/nw23I3nI4vB/d2m1H682J7/Zkt+DHvxxmsr9R9EP376Ih7EJO5GkbvM//owy97Jv3361afFNkV+0onhXnldKfcFCQAAAAAAAAAAAAAAAAAAAACA7TrIsqRq31P27ymG6v47Oxfl/EHW2F/vz1PlJ81CVX+gvOmWM8/ju6a/zu0sy/L6wmV+N17uerAAAAAAAAAAAAAAAAAAAAAAFE4ePbk1mkzuPTx5dDq+dtB0A2h+1v931zlaGXk1TsejncsX3Nt8r9VuA0WtV14c3W5s6ba0B2eLkeeKera+xV4sRj6KKmgOZqt7vfB2tejpeJTVU81NHo+SP9srbQ7u+9WpXly3sLz8k7jI1880XZS6ntXb0t3o3Wqd+i3P883Weevn6ozqkaRssbHZ7rt10PoCiyAtziJd/OMXUz9cvuClbxk7137TAQAAAAAAAAAAAAAAAAAAWi1/9NsyeXZlaufGigIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf9jy+f9NkEbE+sgfgnmdfNU1ddCLhyf/8ksEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgGfB7AAAA//8rlFqg") r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) write$9p(r0, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c067", 0x1ff) sendfile(r0, r1, 0x0, 0xe066) 1.041740724s ago: executing program 4 (id=1245): r0 = socket$rds(0x15, 0x5, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001300)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c3000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}], 0x1}}], 0x48}, 0x0) 927.141635ms ago: executing program 0 (id=1246): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001800)={&(0x7f0000000580)='kfree\x00'}, 0x9) r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x58, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x62, 0x2, @TCA_SFB_PARMS={0x28}}}]}, 0x58}}, 0x0) 904.729885ms ago: executing program 4 (id=1247): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x1, @local}, 0x4a, {0x2, 0x0, @multicast1}}) ioctl$sock_inet_SIOCSARP(r1, 0x8953, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x0, @local}, 0x4a, {0x2, 0x4e21, @private=0xa010100}, 'syz_tun\x00'}) 729.441446ms ago: executing program 1 (id=1248): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) ioctl$PPPIOCATTACH(0xffffffffffffffff, 0x4004743d, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 728.617316ms ago: executing program 4 (id=1249): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000480), 0x800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f00000004c0)={{0xf0, 0x81}, 0x1, 0x8408, 0x9, {0x6, 0x2}, 0x5}) 683.740266ms ago: executing program 0 (id=1250): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x1, @local}, 0x4a, {0x2, 0x0, @dev}}) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8953, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x0, @local}, 0x4a, {0x2, 0x4e21, @private=0xa010100}, 'syz_tun\x00'}) 573.124807ms ago: executing program 1 (id=1251): bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8911, &(0x7f0000000280)={'wlan0\x00', @multicast}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x18000000000002a0, 0x8f, 0x0, &(0x7f0000000100)="b9ff030f6044238cb89e14f088a81bff88f7ffff4000630677fbac14142c88a8a0a688a89f4b4d2f87e56dca6aab84fe13f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b62063", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) write$cgroup_devices(r4, &(0x7f0000000140)=ANY=[@ANYBLOB="1e0306003c5c980128876340860800702f1ffe80000000000000ff"], 0xffdd) r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x400454d0, 0xb) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r6}, &(0x7f0000000200), &(0x7f0000000280)=r5}, 0x20) socket$kcm(0x10, 0x2, 0x0) 572.599247ms ago: executing program 4 (id=1252): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed7f0000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') quotactl$Q_GETNEXTQUOTA(0x0, &(0x7f0000002040)=@filename='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x0, 0x0) 458.413347ms ago: executing program 0 (id=1253): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000340)={[{@nogrpid}, {@resuid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@jqfmt_vfsv0}, {@nombcache}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0) creat(&(0x7f0000000140)='./file2\x00', 0x1ad) unlink(&(0x7f0000000180)='./file1\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) 370.347617ms ago: executing program 4 (id=1254): mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x3, 0x3a) ioctl$SIOCGETSGCNT(r0, 0x89e1, 0x0) 318.927738ms ago: executing program 1 (id=1255): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$inet6_icmp(0xa, 0x2, 0x3a) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050000000000000000", @ANYRES32=r6, @ANYBLOB="28000e00800000000802110000010802110000010802110000000000000000000000000064000000080026006c09000008000c006400000008000d"], 0x5c}}, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) 290.488248ms ago: executing program 3 (id=1256): syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000980)='./file1\x00', 0x280809a, &(0x7f0000000f40)=ANY=[], 0xd, 0x2b2, &(0x7f00000006c0)="$eJzs3U9rY1UUAPDz0jR9OosUcaMIPtCFqzJ166ZRRhC7UiKoCw3ODEgSBqYQmArGruYTuPR7+BHcuPEbDLgV3E0XlSfvX/7ga402VXR+v9Xh3nfuPXm3TbLJeZ+/Mh3ffZDE2dMnkaZJdI7iKM6T2I9ONL6JbgAA/x/neR6/5mWY5JUNM7udGy0MALgx1ef/X/rgBwD+4z78+JP3B8fHdz7IsjRe6j+eDZOImD6eDav5wf34MiZxL25HPy4i8oUqfve94zvRzQr78fp0PhsWmdPPfqzXH/wSUeYfRj/22/MPs8pK/nw23I3nI4vB/d2m1H682J7/Zkt+DHvxxmsr9R9EP376Ih7EJO5GkbvM//owy97Jv3361afFNkV+0onhXnldKfcFCQAAAAAAAAAAAAAAAAAAAACA7TrIsqRq31P27ymG6v47Oxfl/EHW2F/vz1PlJ81CVX+gvOmWM8/ju6a/zu0sy/L6wmV+N17uerAAAAAAAAAAAAAAAAAAAAAAFE4ePbk1mkzuPTx5dDq+dtB0A2h+1v931zlaGXk1TsejncsX3Nt8r9VuA0WtV14c3W5s6ba0B2eLkeeKera+xV4sRj6KKmgOZqt7vfB2tejpeJTVU81NHo+SP9srbQ7u+9WpXly3sLz8k7jI1880XZS6ntXb0t3o3Wqd+i3P883Weevn6ozqkaRssbHZ7rt10PoCiyAtziJd/OMXUz9cvuClbxk7137TAQAAAAAAAAAAAAAAAAAAWi1/9NsyeXZlaufGigIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf9jy+f9NkEbE+sgfgnmdfNU1ddCLhyf/8ksEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgGfB7AAAA//8rlFqg") r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) write$9p(r0, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c067", 0x1ff) sendfile(r0, r1, 0x0, 0xe066) 181.598909ms ago: executing program 3 (id=1257): r0 = socket$rds(0x15, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001300)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}], 0x1}}], 0x48}, 0x0) 80.892669ms ago: executing program 4 (id=1258): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001e80), r0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000001f40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="010000000000000000002100000709001f00706878301f"], 0x20}}, 0x0) 80.300669ms ago: executing program 3 (id=1259): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x5, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 0s ago: executing program 1 (id=1260): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001800)={&(0x7f0000000580)='kfree\x00'}, 0x9) r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x58, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x62, 0x2, @TCA_SFB_PARMS={0x28}}}]}, 0x58}}, 0x0) kernel console output (not intermixed with test programs): 744999][ T6248] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 124.810643][ T6248] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 124.821779][ T6445] loop3: detected capacity change from 0 to 512 [ 124.828535][ T6445] EXT4-fs: Ignoring removed oldalloc option [ 124.867628][ T6445] EXT4-fs error (device loop3): ext4_xattr_inode_iget:400: comm syz.3.661: Parent and EA inode have the same ino 15 [ 124.881573][ T4263] Bluetooth: hci4: command 0x040f tx timeout [ 124.907638][ T26] kauditd_printk_skb: 40 callbacks suppressed [ 124.907653][ T26] audit: type=1326 audit(1733286928.384:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.1.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 125.012861][ T6445] EXT4-fs (loop3): Remounting filesystem read-only [ 125.019423][ T6445] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 125.033421][ T26] audit: type=1326 audit(1733286928.384:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.1.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 125.060867][ T6445] EXT4-fs error (device loop3): ext4_xattr_inode_iget:400: comm syz.3.661: Parent and EA inode have the same ino 15 [ 125.084540][ T6445] EXT4-fs (loop3): Remounting filesystem read-only [ 125.091155][ T26] audit: type=1326 audit(1733286928.384:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.1.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 125.127945][ T6445] EXT4-fs (loop3): 1 orphan inode deleted [ 125.168538][ T6445] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 125.182973][ T6464] xt_CT: You must specify a L4 protocol and not use inversions on it [ 125.218080][ T26] audit: type=1326 audit(1733286928.384:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.1.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 125.231078][ T6248] 8021q: adding VLAN 0 to HW filter on device bond0 [ 125.278311][ T26] audit: type=1326 audit(1733286928.384:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.1.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 125.316555][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 125.336304][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 125.361591][ T26] audit: type=1326 audit(1733286928.384:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.1.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 125.377620][ T6248] 8021q: adding VLAN 0 to HW filter on device team0 [ 125.407226][ T26] audit: type=1326 audit(1733286928.384:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.1.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 125.424266][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 125.465845][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 125.497008][ T26] audit: type=1326 audit(1733286928.384:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.1.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 125.537559][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.544736][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 125.566686][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 125.575491][ T26] audit: type=1326 audit(1733286928.384:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.1.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 125.618461][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 125.630036][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 125.638240][ T26] audit: type=1326 audit(1733286928.384:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.1.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 125.663299][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.670459][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 125.713418][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 125.777420][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 125.802983][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 125.841734][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.860656][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 125.916991][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 125.926943][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 125.947676][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 125.978634][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 125.995743][ T6490] random: crng reseeded on system resumption [ 126.000406][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 126.023968][ T6248] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 126.042525][ T6248] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 126.057385][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 126.083099][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 126.180554][ T6494] device vlan1 entered promiscuous mode [ 126.317229][ T4254] EXT4-fs (loop3): unmounting filesystem. [ 126.706374][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 126.739539][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 126.783867][ T6248] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 126.869987][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 126.908827][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 126.961725][ T4263] Bluetooth: hci4: command 0x0419 tx timeout [ 126.969198][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 127.005731][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 127.045688][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 127.081954][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 127.128093][ T6248] device veth0_vlan entered promiscuous mode [ 127.162282][ T6248] device veth1_vlan entered promiscuous mode [ 127.217436][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 127.234327][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 127.273484][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 127.279638][ T6507] loop3: detected capacity change from 0 to 32768 [ 127.302801][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 127.308228][ T6507] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.674 (6507) [ 127.330817][ T6248] device veth0_macvtap entered promiscuous mode [ 127.354449][ T6507] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 127.374412][ T6248] device veth1_macvtap entered promiscuous mode [ 127.390517][ T6507] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 127.421572][ T6248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 127.434575][ T6507] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 127.452767][ T6248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.471648][ T6507] BTRFS info (device loop3): use zstd compression, level 3 [ 127.479173][ T6248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 127.490823][ T6507] BTRFS info (device loop3): using free space tree [ 127.505222][ T6248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.516111][ T6248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 127.527316][ T6248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.540975][ T6248] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 127.599233][ T6534] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 127.620357][ T6534] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 127.660251][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 127.679284][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 127.687119][ T6507] BTRFS info (device loop3): enabling ssd optimizations [ 127.735054][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 127.756033][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 127.768225][ T6248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 127.796989][ T6248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.831459][ T6248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 127.863922][ T6248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.880489][ T6248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 127.891612][ T6248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.906367][ T6248] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 127.918036][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 127.930126][ T4254] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 127.948955][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 128.010239][ T6248] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.037387][ T6559] loop4: detected capacity change from 0 to 128 [ 128.113848][ T6248] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.138519][ T6248] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.158798][ T6248] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.360807][ T1296] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.390414][ T1296] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.449836][ T4496] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.452689][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 128.481084][ T4496] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.555443][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 128.611708][ T6559] syz.4.684: attempt to access beyond end of device [ 128.611708][ T6559] loop4: rw=2049, sector=132, nr_sectors = 16 limit=128 [ 128.792427][ T6559] syz.4.684: attempt to access beyond end of device [ 128.792427][ T6559] loop4: rw=2049, sector=156, nr_sectors = 16 limit=128 [ 128.906332][ T6559] syz.4.684: attempt to access beyond end of device [ 128.906332][ T6559] loop4: rw=2049, sector=180, nr_sectors = 8 limit=128 [ 128.997450][ T6559] syz.4.684: attempt to access beyond end of device [ 128.997450][ T6559] loop4: rw=2049, sector=204, nr_sectors = 24 limit=128 [ 129.019666][ T6585] random: crng reseeded on system resumption [ 129.024694][ T6558] syz.4.684: attempt to access beyond end of device [ 129.024694][ T6558] loop4: rw=2049, sector=148, nr_sectors = 8 limit=128 [ 129.054217][ T6558] syz.4.684: attempt to access beyond end of device [ 129.054217][ T6558] loop4: rw=2049, sector=172, nr_sectors = 8 limit=128 [ 129.056607][ T6559] syz.4.684: attempt to access beyond end of device [ 129.056607][ T6559] loop4: rw=2049, sector=236, nr_sectors = 8 limit=128 [ 129.146684][ T6558] syz.4.684: attempt to access beyond end of device [ 129.146684][ T6558] loop4: rw=2049, sector=188, nr_sectors = 16 limit=128 [ 129.167037][ T6559] syz.4.684: attempt to access beyond end of device [ 129.167037][ T6559] loop4: rw=2049, sector=252, nr_sectors = 8 limit=128 [ 129.201134][ T6558] syz.4.684: attempt to access beyond end of device [ 129.201134][ T6558] loop4: rw=2049, sector=228, nr_sectors = 8 limit=128 [ 129.566032][ T6596] device batadv0 entered promiscuous mode [ 129.599274][ T6596] device vlan1 entered promiscuous mode [ 129.648412][ T6596] device batadv0 left promiscuous mode [ 130.021309][ T6614] netlink: 'syz.3.696': attribute type 5 has an invalid length. [ 130.346905][ T6623] loop4: detected capacity change from 0 to 256 [ 130.356382][ T6625] loop3: detected capacity change from 0 to 512 [ 130.401341][ T26] kauditd_printk_skb: 56 callbacks suppressed [ 130.401357][ T26] audit: type=1804 audit(1733286933.874:206): pid=6623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.700" name="/newroot/149/file1/file0" dev="loop4" ino=1048612 res=1 errno=0 [ 130.401586][ T6625] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 130.482497][ T46] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.566147][ T6625] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 130.588173][ T6625] ext4 filesystem being mounted at /168/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 130.770904][ T4254] EXT4-fs (loop3): unmounting filesystem. [ 131.080117][ T46] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.134334][ T46] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.173675][ T46] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.406268][ T6641] random: crng reseeded on system resumption [ 131.424937][ T6636] loop1: detected capacity change from 0 to 512 [ 131.464084][ T6636] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 131.673790][ T6645] netlink: 'syz.0.707': attribute type 3 has an invalid length. [ 131.752148][ T6647] device batadv0 entered promiscuous mode [ 131.758241][ T6647] device vlan1 entered promiscuous mode [ 131.795694][ T4246] EXT4-fs (loop1): unmounting filesystem. [ 131.802597][ T6647] device batadv0 left promiscuous mode [ 132.367261][ T6672] loop0: detected capacity change from 0 to 512 [ 132.376082][ T4263] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 132.391974][ T6672] EXT4-fs: Ignoring removed bh option [ 132.397537][ T4263] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 132.408295][ T4263] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 132.417372][ T4263] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 132.425005][ T4263] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 132.433662][ T4259] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 132.433681][ T6672] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 132.542462][ T6673] netlink: 4 bytes leftover after parsing attributes in process `syz.1.716'. [ 132.580603][ T6672] EXT4-fs (loop0): 1 truncate cleaned up [ 132.587388][ T6672] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 132.723566][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.729967][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.870047][ T4252] EXT4-fs (loop0): unmounting filesystem. [ 132.983718][ T6688] loop4: detected capacity change from 0 to 1024 [ 133.076215][ T6694] random: crng reseeded on system resumption [ 133.091835][ T6688] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 133.362736][ T4247] EXT4-fs (loop4): unmounting filesystem. [ 133.416257][ T46] device hsr_slave_0 left promiscuous mode [ 133.426237][ T46] device hsr_slave_1 left promiscuous mode [ 133.433700][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 133.441126][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 133.449403][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 133.456951][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 133.464825][ T46] device bridge_slave_1 left promiscuous mode [ 133.471056][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.480582][ T46] device bridge_slave_0 left promiscuous mode [ 133.487559][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.573603][ T46] device veth1_macvtap left promiscuous mode [ 133.579697][ T46] device veth0_macvtap left promiscuous mode [ 133.632303][ T46] device veth1_vlan left promiscuous mode [ 133.638169][ T46] device veth0_vlan left promiscuous mode [ 133.761207][ T26] audit: type=1326 audit(1733286937.234:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6718 comm="syz.3.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a897ff19 code=0x7ffc0000 [ 133.807418][ T26] audit: type=1326 audit(1733286937.264:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6718 comm="syz.3.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a897ff19 code=0x7ffc0000 [ 133.880401][ T26] audit: type=1326 audit(1733286937.264:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6718 comm="syz.3.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd4a897ff19 code=0x7ffc0000 [ 133.994780][ T26] audit: type=1326 audit(1733286937.474:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6718 comm="syz.3.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a897ff19 code=0x7ffc0000 [ 134.056258][ T26] audit: type=1326 audit(1733286937.474:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6718 comm="syz.3.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a897ff19 code=0x7ffc0000 [ 134.244014][ T6729] loop3: detected capacity change from 0 to 512 [ 134.264919][ T6729] EXT4-fs: inline encryption not supported [ 134.347845][ T6729] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 134.357956][ T6729] ext4 filesystem being mounted at /175/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.441994][ T6729] EXT4-fs error (device loop3): ext4_do_update_inode:5224: inode #2: comm syz.3.732: corrupted inode contents [ 134.460237][ T6729] EXT4-fs error (device loop3): ext4_dirty_inode:6089: inode #2: comm syz.3.732: mark_inode_dirty error [ 134.479256][ T6729] EXT4-fs error (device loop3): ext4_do_update_inode:5224: inode #2: comm syz.3.732: corrupted inode contents [ 134.496266][ T4263] Bluetooth: hci4: command 0x0409 tx timeout [ 134.504519][ T6729] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.732: mark_inode_dirty error [ 134.593754][ T4254] EXT4-fs (loop3): unmounting filesystem. [ 134.758977][ T46] team0 (unregistering): Port device team_slave_1 removed [ 134.766567][ T26] audit: type=1326 audit(1733286938.244:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6739 comm="syz.3.735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a897ff19 code=0x7ffc0000 [ 134.827368][ T26] audit: type=1326 audit(1733286938.244:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6739 comm="syz.3.735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd4a897ff19 code=0x7ffc0000 [ 134.870547][ T46] team0 (unregistering): Port device team_slave_0 removed [ 134.878379][ T26] audit: type=1326 audit(1733286938.244:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6739 comm="syz.3.735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a897ff19 code=0x7ffc0000 [ 134.951748][ T26] audit: type=1326 audit(1733286938.244:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6739 comm="syz.3.735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fd4a897ff19 code=0x7ffc0000 [ 134.990179][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 135.031685][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 135.455679][ T46] bond0 (unregistering): Released all slaves [ 135.538950][ T6743] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 135.763966][ T6667] chnl_net:caif_netlink_parms(): no params data found [ 135.866723][ T6761] loop3: detected capacity change from 0 to 512 [ 135.970073][ T6761] EXT4-fs error (device loop3): ext4_expand_extra_isize_ea:2759: inode #11: comm syz.3.742: corrupted xattr block 95 [ 136.001090][ T6667] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.041818][ T6667] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.049942][ T6667] device bridge_slave_0 entered promiscuous mode [ 136.081158][ T6761] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm syz.3.742: bg 0: block 7: invalid block bitmap [ 136.113015][ T6667] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.120143][ T6667] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.133214][ T6761] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 136.152650][ T6667] device bridge_slave_1 entered promiscuous mode [ 136.162042][ T6761] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2925: inode #11: comm syz.3.742: corrupted xattr block 95 [ 136.211060][ T6761] EXT4-fs warning (device loop3): ext4_evict_inode:299: xattr delete (err -117) [ 136.253461][ T6667] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 136.275990][ T6761] EXT4-fs (loop3): 1 orphan inode deleted [ 136.281977][ T6761] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 136.293649][ T6667] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 136.337820][ T6761] EXT4-fs warning (device loop3): ext4_resize_begin:74: won't resize using backup superblock at 1 [ 136.417516][ T6667] team0: Port device team_slave_0 added [ 136.443504][ T6667] team0: Port device team_slave_1 added [ 136.489539][ T4254] EXT4-fs (loop3): unmounting filesystem. [ 136.542731][ T6667] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 136.549718][ T6667] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 136.578168][ T4263] Bluetooth: hci4: command 0x041b tx timeout [ 136.668878][ T6667] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 136.730251][ T6667] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 136.794863][ T6667] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 136.873655][ T6798] loop4: detected capacity change from 0 to 256 [ 136.880145][ T6667] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 136.954912][ T26] kauditd_printk_skb: 9 callbacks suppressed [ 136.954925][ T26] audit: type=1804 audit(1733286940.434:225): pid=6798 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.751" name="/newroot/158/file1/file0" dev="loop4" ino=1048613 res=1 errno=0 [ 137.073139][ T6667] device hsr_slave_0 entered promiscuous mode [ 137.142699][ T6667] device hsr_slave_1 entered promiscuous mode [ 137.179788][ T6667] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 137.219691][ T6667] Cannot create hsr debugfs directory [ 137.385257][ T6815] loop4: detected capacity change from 0 to 128 [ 137.507011][ T6815] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 137.530645][ T6815] ext4 filesystem being mounted at /160/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 137.600043][ T6785] loop0: detected capacity change from 0 to 32768 [ 137.641694][ T6785] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.747 (6785) [ 137.666636][ T26] audit: type=1326 audit(1733286941.144:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6823 comm="syz.1.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 137.670254][ T6785] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 137.704233][ T4247] EXT4-fs (loop4): unmounting filesystem. [ 137.769111][ T26] audit: type=1326 audit(1733286941.214:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6823 comm="syz.1.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 137.828502][ T6822] loop3: detected capacity change from 0 to 2048 [ 137.861357][ T6785] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 137.886600][ T6822] EXT4-fs: Ignoring removed mblk_io_submit option [ 137.896152][ T26] audit: type=1326 audit(1733286941.214:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6823 comm="syz.1.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 137.931671][ T6785] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 137.960450][ T6822] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 138.011948][ T6785] BTRFS info (device loop0): use zstd compression, level 3 [ 138.020268][ T26] audit: type=1326 audit(1733286941.214:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6823 comm="syz.1.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 138.091956][ T26] audit: type=1326 audit(1733286941.214:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6823 comm="syz.1.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 138.111416][ T6785] BTRFS info (device loop0): using free space tree [ 138.117604][ T26] audit: type=1326 audit(1733286941.214:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6823 comm="syz.1.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 138.127606][ T6822] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 138.225436][ T26] audit: type=1326 audit(1733286941.214:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6823 comm="syz.1.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 138.289780][ T6841] loop4: detected capacity change from 0 to 512 [ 138.382753][ T6853] loop1: detected capacity change from 0 to 512 [ 138.403204][ T6841] loop4: detected capacity change from 0 to 512 [ 138.419535][ T6853] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 138.426308][ T6785] BTRFS info (device loop0): enabling ssd optimizations [ 138.453278][ T4254] EXT4-fs (loop3): unmounting filesystem. [ 138.461567][ T26] audit: type=1326 audit(1733286941.214:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6823 comm="syz.1.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 138.472145][ T6841] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 138.524444][ T6853] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 138.543010][ T6841] EXT4-fs (loop4): 1 truncate cleaned up [ 138.548703][ T6841] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 138.606047][ T26] audit: type=1326 audit(1733286941.214:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6823 comm="syz.1.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 138.623911][ T6853] EXT4-fs error (device loop1): ext4_orphan_get:1426: comm syz.1.765: bad orphan inode 131083 [ 138.641620][ T4263] Bluetooth: hci4: command 0x040f tx timeout [ 138.771921][ T6853] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 138.807911][ T4252] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 138.874677][ T6667] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 139.035251][ T6667] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 139.174328][ T4246] EXT4-fs (loop1): unmounting filesystem. [ 139.175127][ T6667] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 139.235100][ T6667] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 139.244270][ T4247] EXT4-fs (loop4): unmounting filesystem. [ 139.497065][ T6667] 8021q: adding VLAN 0 to HW filter on device bond0 [ 139.584796][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 139.603227][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 139.630210][ T6667] 8021q: adding VLAN 0 to HW filter on device team0 [ 139.648534][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 139.660694][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 139.702028][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.709151][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 139.806669][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 139.820985][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 139.864285][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 139.887075][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.894262][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 139.901647][ T6900] loop1: detected capacity change from 0 to 128 [ 139.952263][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 139.988290][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.012747][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 140.019759][ T6898] loop0: detected capacity change from 0 to 2048 [ 140.034808][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 140.042837][ T6906] bio_check_eod: 6 callbacks suppressed [ 140.042853][ T6906] syz.1.777: attempt to access beyond end of device [ 140.042853][ T6906] loop1: rw=2049, sector=145, nr_sectors = 680 limit=128 [ 140.072384][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 140.086264][ T6898] EXT4-fs: Ignoring removed mblk_io_submit option [ 140.111210][ T6898] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 140.143292][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 140.169712][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 140.194028][ T6898] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 140.249456][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 140.258623][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 140.268783][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 140.279654][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 140.290080][ T6667] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 140.318806][ T6900] syz.1.777: attempt to access beyond end of device [ 140.318806][ T6900] loop1: rw=524288, sector=145, nr_sectors = 224 limit=128 [ 140.335307][ T6913] mmap: syz.3.780 (6913) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 140.473949][ T4252] EXT4-fs (loop0): unmounting filesystem. [ 140.649688][ T6921] loop3: detected capacity change from 0 to 2048 [ 140.707518][ T6921] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 140.721617][ T4263] Bluetooth: hci4: command 0x0419 tx timeout [ 140.827729][ T4254] EXT4-fs (loop3): unmounting filesystem. [ 140.978864][ T6938] loop1: detected capacity change from 0 to 512 [ 141.049068][ T6938] EXT4-fs: Ignoring removed oldalloc option [ 141.076254][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 141.106368][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 141.145127][ T6667] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 141.155958][ T6938] EXT4-fs error (device loop1): ext4_xattr_inode_iget:400: comm syz.1.786: Parent and EA inode have the same ino 15 [ 141.202973][ T6938] EXT4-fs (loop1): Remounting filesystem read-only [ 141.257613][ T6938] EXT4-fs error (device loop1): ext4_xattr_inode_iget:400: comm syz.1.786: Parent and EA inode have the same ino 15 [ 141.273059][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 141.297033][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 141.337185][ T6938] EXT4-fs (loop1): Remounting filesystem read-only [ 141.344853][ T6950] netlink: 16 bytes leftover after parsing attributes in process `syz.0.789'. [ 141.377305][ T6938] EXT4-fs (loop1): 1 orphan inode deleted [ 141.392011][ T6952] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 141.397442][ T6938] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 141.427010][ T6952] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 141.547993][ T6667] device veth0_vlan entered promiscuous mode [ 141.580819][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 141.602752][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 141.659279][ T6667] device veth1_vlan entered promiscuous mode [ 141.681755][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 141.690307][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 141.736447][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 141.805442][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 141.823169][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 141.844380][ T6667] device veth0_macvtap entered promiscuous mode [ 141.893861][ T6667] device veth1_macvtap entered promiscuous mode [ 141.947255][ T6667] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 141.989082][ T6667] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.029766][ T6667] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.071593][ T6667] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.102667][ T6667] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.146900][ T6667] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.170492][ T6667] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 142.213917][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 142.222983][ T26] kauditd_printk_skb: 40 callbacks suppressed [ 142.222997][ T26] audit: type=1326 audit(1733286945.704:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6975 comm="syz.4.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 142.256319][ T0] NOHZ tick-stop error: local softirq work is pending, handler #20a!!! [ 142.271801][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 142.292001][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 142.309559][ T4246] EXT4-fs (loop1): unmounting filesystem. [ 142.317900][ T26] audit: type=1326 audit(1733286945.704:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6975 comm="syz.4.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 142.333400][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 142.435499][ T6667] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.479471][ T6667] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.502977][ T26] audit: type=1326 audit(1733286945.704:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6975 comm="syz.4.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 142.516297][ T6667] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.581470][ T26] audit: type=1326 audit(1733286945.844:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6975 comm="syz.4.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 142.607517][ T6667] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.691469][ T6667] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.707891][ T6667] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.730482][ T26] audit: type=1326 audit(1733286946.204:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6986 comm="syz.4.801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 142.760336][ T6667] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 142.788805][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 142.807908][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 142.828220][ T26] audit: type=1326 audit(1733286946.244:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6986 comm="syz.4.801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 142.837075][ T6994] netlink: 16 bytes leftover after parsing attributes in process `syz.1.802'. [ 142.898939][ T26] audit: type=1326 audit(1733286946.244:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6986 comm="syz.4.801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 142.965842][ T6667] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.995361][ T6667] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.004435][ T26] audit: type=1326 audit(1733286946.244:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6986 comm="syz.4.801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 143.017447][ T6667] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.043996][ T7001] loop3: detected capacity change from 0 to 2048 [ 143.084844][ T6667] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.093895][ T26] audit: type=1326 audit(1733286946.244:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6986 comm="syz.4.801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 143.093933][ T26] audit: type=1326 audit(1733286946.244:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6986 comm="syz.4.801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 143.107416][ T6998] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 143.159808][ T7001] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 143.344622][ T6998] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 143.362501][ T6998] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 143.615737][ T4496] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.651657][ T4496] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.677085][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 143.700792][ T4321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.734612][ T4321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.766530][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 143.953385][ T7017] loop1: detected capacity change from 0 to 2048 [ 143.982509][ T7017] EXT4-fs: Ignoring removed mblk_io_submit option [ 144.017522][ T7017] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 144.078802][ T7017] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 144.179902][ T1296] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 144.209801][ T1296] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 144.224172][ T1296] EXT4-fs (loop3): This should not happen!! Data will be lost [ 144.224172][ T1296] [ 144.235179][ T1296] EXT4-fs (loop3): Total free blocks count 0 [ 144.241190][ T1296] EXT4-fs (loop3): Free/Dirty block details [ 144.260946][ T1296] EXT4-fs (loop3): free_blocks=2415919104 [ 144.274982][ T4246] EXT4-fs (loop1): unmounting filesystem. [ 144.288200][ T1296] EXT4-fs (loop3): dirty_blocks=2304 [ 144.301542][ T1296] EXT4-fs (loop3): Block reservation details [ 144.308104][ T1296] EXT4-fs (loop3): i_reserved_data_blocks=144 [ 144.346000][ T1296] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28 [ 144.573707][ T7038] loop0: detected capacity change from 0 to 512 [ 144.614941][ T7038] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.810: invalid indirect mapped block 256 (level 2) [ 144.647496][ T7038] EXT4-fs (loop0): 2 truncates cleaned up [ 144.672893][ T7038] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 144.706767][ T7044] loop3: detected capacity change from 0 to 512 [ 144.726757][ T7044] EXT4-fs: Ignoring removed oldalloc option [ 144.743142][ T4252] EXT4-fs (loop0): unmounting filesystem. [ 144.781543][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 144.790996][ T7044] EXT4-fs error (device loop3): ext4_xattr_inode_iget:400: comm syz.3.808: Parent and EA inode have the same ino 15 [ 144.811920][ T7044] EXT4-fs (loop3): Remounting filesystem read-only [ 144.820018][ T7044] EXT4-fs error (device loop3): ext4_xattr_inode_iget:400: comm syz.3.808: Parent and EA inode have the same ino 15 [ 144.839120][ T7044] EXT4-fs (loop3): Remounting filesystem read-only [ 144.847354][ T7044] EXT4-fs (loop3): 1 orphan inode deleted [ 144.853956][ T7044] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 145.414546][ T4321] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.507224][ T7072] loop1: detected capacity change from 0 to 512 [ 145.530626][ T7072] EXT4-fs: Ignoring removed orlov option [ 145.558143][ T7072] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 145.584436][ T7072] EXT4-fs (loop1): orphan cleanup on readonly fs [ 145.610499][ T7072] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.817: bg 0: block 248: padding at end of block bitmap is not set [ 145.634217][ T7072] EXT4-fs error (device loop1): ext4_acquire_dquot:6801: comm syz.1.817: Failed to acquire dquot type 1 [ 145.692477][ T7072] EXT4-fs (loop1): 1 truncate cleaned up [ 145.720679][ T4254] EXT4-fs (loop3): unmounting filesystem. [ 145.734240][ T7072] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 145.749058][ T7072] EXT4-fs: Ignoring removed orlov option [ 145.755666][ T7072] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 145.770057][ T7072] EXT4-fs error (device loop1): __ext4_remount:6449: comm syz.1.817: Abort forced by user [ 145.804668][ T4321] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.867226][ T4246] EXT4-fs (loop1): unmounting filesystem. [ 145.928221][ T4321] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.026252][ T4321] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.453334][ T7103] loop0: detected capacity change from 0 to 512 [ 146.546104][ T7103] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 146.746337][ T7103] netlink: 12 bytes leftover after parsing attributes in process `syz.0.819'. [ 146.878261][ T4252] EXT4-fs (loop0): unmounting filesystem. [ 147.206224][ T4248] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 147.217160][ T4248] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 147.225746][ T4248] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 147.235520][ T4248] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 147.243520][ T4248] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 147.250860][ T4248] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 147.359402][ T7137] loop0: detected capacity change from 0 to 2048 [ 147.483447][ T7137] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 147.670595][ T4252] EXT4-fs (loop0): unmounting filesystem. [ 147.827906][ T7158] loop3: detected capacity change from 0 to 128 [ 147.936074][ T4321] device hsr_slave_0 left promiscuous mode [ 147.945064][ T7161] syz.3.836: attempt to access beyond end of device [ 147.945064][ T7161] loop3: rw=2049, sector=145, nr_sectors = 368 limit=128 [ 147.958936][ T4321] device hsr_slave_1 left promiscuous mode [ 148.005740][ T4321] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 148.029615][ T4321] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 148.046189][ T4321] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 148.074589][ T4321] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 148.084032][ T4321] device bridge_slave_1 left promiscuous mode [ 148.096281][ T4321] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.135628][ T4321] device bridge_slave_0 left promiscuous mode [ 148.182444][ T4321] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.256399][ T4321] device veth1_macvtap left promiscuous mode [ 148.265100][ T4321] device veth0_macvtap left promiscuous mode [ 148.271266][ T4321] device veth1_vlan left promiscuous mode [ 148.303126][ T26] kauditd_printk_skb: 63 callbacks suppressed [ 148.303139][ T26] audit: type=1326 audit(1733286951.784:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7172 comm="syz.3.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a897ff19 code=0x7ffc0000 [ 148.346647][ T26] audit: type=1326 audit(1733286951.814:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7172 comm="syz.3.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fd4a897ff19 code=0x7ffc0000 [ 148.348974][ T4321] device veth0_vlan left promiscuous mode [ 148.374528][ T26] audit: type=1326 audit(1733286951.814:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7172 comm="syz.3.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a897ff19 code=0x7ffc0000 [ 148.401802][ T26] audit: type=1326 audit(1733286951.824:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7172 comm="syz.3.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7fd4a897ff19 code=0x7ffc0000 [ 148.461882][ T26] audit: type=1326 audit(1733286951.944:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7172 comm="syz.3.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a897ff19 code=0x7ffc0000 [ 148.534801][ T26] audit: type=1326 audit(1733286951.944:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7172 comm="syz.3.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a897ff19 code=0x7ffc0000 [ 148.706687][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 148.949133][ T4321] team0 (unregistering): Port device team_slave_1 removed [ 148.987025][ T4321] team0 (unregistering): Port device team_slave_0 removed [ 149.020164][ T4321] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 149.056943][ T4321] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 149.283502][ T4263] Bluetooth: hci4: command 0x0409 tx timeout [ 149.414892][ T4321] bond0 (unregistering): Released all slaves [ 149.747794][ T7196] loop0: detected capacity change from 0 to 256 [ 149.779691][ T7194] netlink: 'syz.1.851': attribute type 10 has an invalid length. [ 149.828112][ T26] audit: type=1804 audit(1733286953.304:352): pid=7196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.847" name="/newroot/196/file1/file0" dev="loop0" ino=1048619 res=1 errno=0 [ 149.830312][ T7198] netlink: 868 bytes leftover after parsing attributes in process `syz.3.849'. [ 149.882495][ T7194] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 149.971523][ T7200] netlink: 4 bytes leftover after parsing attributes in process `syz.1.851'. [ 150.079052][ T7200] bond0: (slave bridge0): Releasing backup interface [ 150.148004][ T7125] chnl_net:caif_netlink_parms(): no params data found [ 150.350356][ T7221] loop3: detected capacity change from 0 to 1024 [ 150.375818][ T7214] loop0: detected capacity change from 0 to 512 [ 150.397580][ T7214] EXT4-fs: Ignoring removed oldalloc option [ 150.460622][ T7221] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 150.464360][ T7125] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.483186][ T7214] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz.0.855: Parent and EA inode have the same ino 15 [ 150.518100][ T7125] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.526295][ T7125] device bridge_slave_0 entered promiscuous mode [ 150.534883][ T7125] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.542120][ T7125] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.550379][ T7125] device bridge_slave_1 entered promiscuous mode [ 150.581831][ T7214] EXT4-fs (loop0): Remounting filesystem read-only [ 150.588456][ T7214] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz.0.855: Parent and EA inode have the same ino 15 [ 150.607127][ T7214] EXT4-fs (loop0): Remounting filesystem read-only [ 150.616800][ T7214] EXT4-fs (loop0): 1 orphan inode deleted [ 150.622856][ T7214] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 150.694404][ T7125] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 150.744055][ T7125] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 150.825986][ T4254] EXT4-fs (loop3): unmounting filesystem. [ 150.898120][ T7125] team0: Port device team_slave_0 added [ 150.912156][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 150.930271][ T7125] team0: Port device team_slave_1 added [ 151.031316][ T7125] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 151.050465][ T7125] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.175285][ T7125] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 151.198217][ T7125] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 151.221030][ T7125] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.254528][ T7255] netlink: 868 bytes leftover after parsing attributes in process `syz.4.866'. [ 151.281914][ T7125] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 151.305325][ T7257] loop3: detected capacity change from 0 to 512 [ 151.318258][ T7257] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 151.363154][ T4263] Bluetooth: hci4: command 0x041b tx timeout [ 151.423319][ T7257] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 151.432436][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 151.441155][ T7257] ext4 filesystem being mounted at /211/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 151.474886][ T7257] netlink: 12 bytes leftover after parsing attributes in process `syz.3.868'. [ 151.491016][ T7262] netlink: 888 bytes leftover after parsing attributes in process `syz.4.869'. [ 151.506308][ T7125] device hsr_slave_0 entered promiscuous mode [ 151.530137][ T7125] device hsr_slave_1 entered promiscuous mode [ 151.530548][ T4252] EXT4-fs (loop0): unmounting filesystem. [ 151.542309][ T7125] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 151.552445][ T7125] Cannot create hsr debugfs directory [ 151.568989][ T4254] EXT4-fs (loop3): unmounting filesystem. [ 151.708621][ T26] audit: type=1326 audit(1733286955.184:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7267 comm="syz.4.873" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2fd497ff19 code=0x0 [ 151.722265][ T7263] device syzkaller0 entered promiscuous mode [ 151.742337][ T7270] netlink: 'syz.3.872': attribute type 3 has an invalid length. [ 151.878214][ T7271] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.871'. [ 151.933855][ T7266] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.871'. [ 152.139906][ T7282] loop3: detected capacity change from 0 to 256 [ 152.169105][ T26] audit: type=1804 audit(1733286955.644:354): pid=7282 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.876" name="/newroot/215/file1/file0" dev="loop3" ino=1048620 res=1 errno=0 [ 152.798929][ T7306] loop0: detected capacity change from 0 to 512 [ 152.835703][ T7306] EXT4-fs: Ignoring removed oldalloc option [ 152.896809][ T7306] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz.0.881: Parent and EA inode have the same ino 15 [ 152.918505][ T7306] EXT4-fs (loop0): Remounting filesystem read-only [ 152.929504][ T7306] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz.0.881: Parent and EA inode have the same ino 15 [ 152.963782][ T7306] EXT4-fs (loop0): Remounting filesystem read-only [ 152.971005][ T7306] EXT4-fs (loop0): 1 orphan inode deleted [ 153.007036][ T7306] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 153.442162][ T4263] Bluetooth: hci4: command 0x040f tx timeout [ 153.496986][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 153.586542][ T7310] netlink: 888 bytes leftover after parsing attributes in process `syz.3.883'. [ 153.617154][ T26] audit: type=1326 audit(1733286957.094:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7311 comm="syz.4.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2fd4976ee7 code=0x7ffc0000 [ 153.639519][ T26] audit: type=1326 audit(1733286957.094:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7311 comm="syz.4.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2fd491c129 code=0x7ffc0000 [ 153.661756][ T26] audit: type=1326 audit(1733286957.094:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7311 comm="syz.4.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 153.684588][ T26] audit: type=1326 audit(1733286957.094:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7311 comm="syz.4.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2fd4976ee7 code=0x7ffc0000 [ 153.715466][ T26] audit: type=1326 audit(1733286957.094:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7311 comm="syz.4.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2fd491c129 code=0x7ffc0000 [ 153.752089][ T26] audit: type=1326 audit(1733286957.094:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7311 comm="syz.4.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 153.790208][ T26] audit: type=1326 audit(1733286957.094:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7311 comm="syz.4.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2fd4976ee7 code=0x7ffc0000 [ 153.826753][ T7314] netdevsim netdevsim4 netdevsim1: Unsupported IPsec algorithm [ 153.827284][ T26] audit: type=1326 audit(1733286957.094:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7311 comm="syz.4.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2fd491c129 code=0x7ffc0000 [ 153.840179][ T7314] netdevsim netdevsim4 netdevsim1: Failed to get key data for SA table [ 153.872371][ T26] audit: type=1326 audit(1733286957.094:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7311 comm="syz.4.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 154.550260][ T7316] netlink: 44 bytes leftover after parsing attributes in process `syz.4.886'. [ 154.628631][ T4252] EXT4-fs (loop0): unmounting filesystem. [ 154.694983][ T7318] usb usb9: usbfs: process 7318 (syz.3.887) did not claim interface 0 before use [ 155.524594][ T4263] Bluetooth: hci4: command 0x0419 tx timeout [ 155.633838][ T7346] loop3: detected capacity change from 0 to 128 [ 155.655741][ T26] audit: type=1800 audit(1733286959.134:364): pid=7346 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.895" name="file1" dev="loop3" ino=1048623 res=0 errno=0 [ 156.023785][ T7125] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 156.045273][ T7125] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 156.080794][ T7125] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 156.099127][ T7125] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 156.146683][ T7361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.897'. [ 156.345458][ T7364] netlink: 'syz.0.898': attribute type 13 has an invalid length. [ 156.377147][ T7364] netlink: 152 bytes leftover after parsing attributes in process `syz.0.898'. [ 156.407916][ T7364] syz_tun: refused to change device tx_queue_len [ 156.429335][ T7364] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 156.526466][ T7125] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.573449][ T7369] netlink: 'syz.3.900': attribute type 4 has an invalid length. [ 156.656040][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 156.677952][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 156.702272][ T7125] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.718817][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 156.737998][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 156.768215][ T1296] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.775406][ T1296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.847679][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 156.868825][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 156.907702][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 156.922751][ T1296] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.929880][ T1296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.981783][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 156.999470][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 157.032849][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 157.050359][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 157.102329][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 157.111233][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 157.142454][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 157.163116][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 157.183007][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 157.213836][ T7125] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 157.252438][ T7125] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 157.262235][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 157.302040][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 157.569790][ T7395] netlink: 56 bytes leftover after parsing attributes in process `syz.3.907'. [ 158.040900][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 158.050692][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 158.092702][ T7125] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.170471][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 158.192627][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 158.249216][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 158.276643][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 158.299214][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 158.320011][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 158.348332][ T7125] device veth0_vlan entered promiscuous mode [ 158.381090][ T7125] device veth1_vlan entered promiscuous mode [ 158.466273][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 158.480470][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 158.507766][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 158.536982][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 158.577285][ T7125] device veth0_macvtap entered promiscuous mode [ 158.741230][ T7125] device veth1_macvtap entered promiscuous mode [ 158.778194][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 158.802787][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 158.862869][ T7125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.916539][ T7125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.960251][ T7125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.996310][ T7125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.030652][ T7125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 159.067486][ T7125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.080633][ T7429] loop1: detected capacity change from 0 to 512 [ 159.090425][ T7125] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 159.121657][ T7424] netlink: 24 bytes leftover after parsing attributes in process `syz.3.913'. [ 159.144328][ T7429] EXT4-fs: Ignoring removed oldalloc option [ 159.188996][ T7429] EXT4-fs error (device loop1): ext4_xattr_inode_iget:400: comm syz.1.911: Parent and EA inode have the same ino 15 [ 159.201629][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 159.210376][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 159.290186][ T7125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.318634][ T7429] EXT4-fs (loop1): Remounting filesystem read-only [ 159.360027][ T7125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.360885][ T7429] EXT4-fs error (device loop1): ext4_xattr_inode_iget:400: comm syz.1.911: Parent and EA inode have the same ino 15 [ 159.380268][ T7125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.421429][ T7125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.447045][ T7429] EXT4-fs (loop1): Remounting filesystem read-only [ 159.461490][ T7125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.468707][ T7429] EXT4-fs (loop1): 1 orphan inode deleted [ 159.495338][ T7429] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 159.504074][ T7125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.580700][ T7125] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 159.603869][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 159.629085][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 159.641980][ T7125] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.653526][ T7125] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.664911][ T26] audit: type=1326 audit(1733286963.144:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7442 comm="syz.4.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 159.689044][ T7125] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.698083][ T26] audit: type=1326 audit(1733286963.144:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7442 comm="syz.4.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 159.720673][ T7125] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.803829][ T26] audit: type=1326 audit(1733286963.144:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7442 comm="syz.4.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 159.901074][ T26] audit: type=1326 audit(1733286963.144:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7442 comm="syz.4.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 159.971439][ T26] audit: type=1326 audit(1733286963.144:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7442 comm="syz.4.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 160.065888][ T4496] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 160.091795][ T4496] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.101991][ T26] audit: type=1326 audit(1733286963.524:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7450 comm="syz.4.918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 160.138746][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 160.164957][ T26] audit: type=1326 audit(1733286963.524:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7450 comm="syz.4.918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 160.173093][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 160.248886][ T26] audit: type=1326 audit(1733286963.524:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7450 comm="syz.4.918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=67 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 160.300602][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.339865][ T26] audit: type=1326 audit(1733286963.524:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7450 comm="syz.4.918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 160.369366][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 160.405232][ T4246] EXT4-fs (loop1): unmounting filesystem. [ 160.419586][ T26] audit: type=1326 audit(1733286963.524:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7450 comm="syz.4.918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fd497ff19 code=0x7ffc0000 [ 160.729165][ T7473] netlink: 12 bytes leftover after parsing attributes in process `syz.4.924'. [ 160.936569][ T7485] xt_connbytes: Forcing CT accounting to be enabled [ 160.948010][ T7485] Cannot find add_set index 0 as target [ 161.131300][ T7497] netlink: 44 bytes leftover after parsing attributes in process `syz.0.931'. [ 161.378679][ T7505] netlink: 20 bytes leftover after parsing attributes in process `syz.4.934'. [ 161.464773][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.819237][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.034788][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.085299][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.499466][ T7542] netlink: 8 bytes leftover after parsing attributes in process `syz.4.941'. [ 163.119783][ T4248] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 163.130217][ T4248] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 163.138403][ T4248] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 163.159829][ T4248] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 163.174877][ T4248] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 163.182198][ T4248] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 163.608924][ T11] device hsr_slave_0 left promiscuous mode [ 163.641635][ T11] device hsr_slave_1 left promiscuous mode [ 163.691598][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.699051][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 163.712231][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 163.719668][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.738461][ T7586] loop3: detected capacity change from 0 to 512 [ 163.753066][ T11] device bridge_slave_1 left promiscuous mode [ 163.759469][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.788086][ T7586] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 163.810018][ T11] device bridge_slave_0 left promiscuous mode [ 163.823263][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.831118][ T7586] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 163.844880][ T7586] ext4 filesystem being mounted at /237/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 163.893476][ T11] device veth1_macvtap left promiscuous mode [ 163.899666][ T11] device veth0_macvtap left promiscuous mode [ 163.906041][ T11] device veth1_vlan left promiscuous mode [ 163.912272][ T11] device veth0_vlan left promiscuous mode [ 163.947010][ T7586] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 164.525837][ T7615] loop1: detected capacity change from 0 to 512 [ 164.566527][ T4238] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 164.590983][ T7615] loop1: detected capacity change from 0 to 512 [ 164.609377][ T7615] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 164.641201][ T7615] EXT4-fs (loop1): 1 truncate cleaned up [ 164.650684][ T7615] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 164.748996][ T4246] EXT4-fs (loop1): unmounting filesystem. [ 164.859417][ T11] team0 (unregistering): Port device team_slave_1 removed [ 164.909109][ T11] team0 (unregistering): Port device team_slave_0 removed [ 164.953692][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 165.008294][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 165.204426][ T4263] Bluetooth: hci4: command 0x0409 tx timeout [ 165.551162][ T11] bond0 (unregistering): Released all slaves [ 165.644898][ T7583] netlink: 8 bytes leftover after parsing attributes in process `syz.0.954'. [ 165.661512][ T7589] netlink: 44 bytes leftover after parsing attributes in process `syz.4.957'. [ 165.807049][ T7621] atomic_op ffff888057d01198 conn xmit_atomic 0000000000000000 [ 167.281833][ T4263] Bluetooth: hci4: command 0x041b tx timeout [ 168.265652][ T7645] netlink: 8 bytes leftover after parsing attributes in process `syz.0.974'. [ 168.293715][ T7648] netlink: 44 bytes leftover after parsing attributes in process `syz.1.975'. [ 168.310727][ T7652] netlink: 16 bytes leftover after parsing attributes in process `syz.4.977'. [ 168.340978][ T7653] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 168.373498][ T4254] EXT4-fs (loop3): unmounting filesystem. [ 168.374964][ T7653] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 168.387144][ T7653] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 168.429893][ T7560] chnl_net:caif_netlink_parms(): no params data found [ 168.583182][ T7657] netlink: 24 bytes leftover after parsing attributes in process `syz.3.979'. [ 168.787374][ T7560] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.801568][ T7560] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.846916][ T7560] device bridge_slave_0 entered promiscuous mode [ 168.914408][ T7560] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.966394][ T7560] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.978704][ T7560] device bridge_slave_1 entered promiscuous mode [ 169.077990][ T7560] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 169.101796][ T7685] netlink: 40 bytes leftover after parsing attributes in process `syz.4.987'. [ 169.128564][ T7560] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.250554][ T7560] team0: Port device team_slave_0 added [ 169.282891][ T7560] team0: Port device team_slave_1 added [ 169.309392][ T7693] netlink: 8 bytes leftover after parsing attributes in process `syz.0.988'. [ 169.363722][ T4263] Bluetooth: hci4: command 0x040f tx timeout [ 169.372862][ T7560] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.398130][ T7560] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.481022][ T7560] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.497208][ T7699] netlink: 44 bytes leftover after parsing attributes in process `syz.0.990'. [ 169.508032][ T7560] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.518138][ T7560] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.581774][ T7560] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.608572][ T7701] netlink: 16 bytes leftover after parsing attributes in process `syz.1.991'. [ 169.640043][ T7703] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 169.657414][ T7703] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 169.674983][ T7703] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 169.777420][ T7560] device hsr_slave_0 entered promiscuous mode [ 169.803518][ T7560] device hsr_slave_1 entered promiscuous mode [ 169.862481][ T7560] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 169.870117][ T7560] Cannot create hsr debugfs directory [ 170.491330][ T7728] netdevsim netdevsim3 netdevsim1: Unsupported IPsec algorithm [ 170.553586][ T7728] netdevsim netdevsim3 netdevsim1: Failed to get key data for SA table [ 170.699972][ T7734] __nla_validate_parse: 1 callbacks suppressed [ 170.699990][ T7734] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1002'. [ 171.130818][ T7560] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 171.177055][ T7560] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 171.204745][ T7560] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 171.245034][ T7560] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 171.261019][ T26] kauditd_printk_skb: 24 callbacks suppressed [ 171.261032][ T26] audit: type=1326 audit(1733286974.734:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7754 comm="syz.0.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 171.354295][ T7755] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1008'. [ 171.367928][ T26] audit: type=1326 audit(1733286974.774:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7754 comm="syz.0.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 171.442437][ T4263] Bluetooth: hci4: command 0x0419 tx timeout [ 171.489683][ T26] audit: type=1326 audit(1733286974.774:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7754 comm="syz.0.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 171.574985][ T7560] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.610214][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.627469][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.649976][ T26] audit: type=1326 audit(1733286974.774:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7754 comm="syz.0.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 171.704698][ T7560] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.726543][ T26] audit: type=1326 audit(1733286974.774:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7754 comm="syz.0.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 171.774575][ T26] audit: type=1326 audit(1733286974.774:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7754 comm="syz.0.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 171.782364][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 172.066589][ T7767] loop3: detected capacity change from 0 to 2048 [ 172.301843][ T7767] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 172.445406][ T26] audit: type=1326 audit(1733286974.774:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7754 comm="syz.0.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 172.468022][ T26] audit: type=1326 audit(1733286974.774:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7754 comm="syz.0.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 172.491251][ T26] audit: type=1326 audit(1733286974.774:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7754 comm="syz.0.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=448 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 172.517621][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 172.537278][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.544455][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.601606][ T26] audit: type=1326 audit(1733286974.774:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7754 comm="syz.0.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 172.640665][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 172.652614][ T4254] EXT4-fs (loop3): unmounting filesystem. [ 172.699628][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 172.735640][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.742806][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.761258][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 172.785260][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 172.792584][ T7777] netdevsim netdevsim3 netdevsim1: Unsupported IPsec algorithm [ 172.800965][ T7777] netdevsim netdevsim3 netdevsim1: Failed to get key data for SA table [ 172.825054][ T7775] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1012'. [ 172.869090][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 172.888905][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 172.904092][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.934672][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.963187][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.988804][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 173.020193][ T7779] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1015'. [ 173.039692][ T7560] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 173.076539][ T7560] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 173.106475][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 173.134263][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 173.150529][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 173.172504][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 173.195355][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 173.611481][ T7768] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 173.618952][ T7768] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 173.703652][ T7560] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.766789][ T7768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 173.797833][ T7768] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 173.860832][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 173.879572][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 173.904177][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 173.932198][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 173.978247][ T7560] device veth0_vlan entered promiscuous mode [ 174.034404][ T7560] device veth1_vlan entered promiscuous mode [ 174.116967][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 174.136301][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 174.145968][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 174.164607][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 174.180417][ T7560] device veth0_macvtap entered promiscuous mode [ 174.198663][ T7560] device veth1_macvtap entered promiscuous mode [ 174.227855][ T7560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.244932][ T7560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.257474][ T7560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.264263][ T7820] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.1025'. [ 174.287006][ T7560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.313353][ T7560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.335105][ T7560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.356583][ T7560] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 174.370889][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 174.396853][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 174.419133][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 174.449094][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 174.477475][ T7560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.488720][ T7560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.500544][ T7560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.521846][ T7560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.533026][ T7560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.550428][ T7560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.570268][ T7560] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 174.587770][ T7823] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1026'. [ 174.602961][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 174.621902][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 174.639865][ T7560] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.663866][ T7560] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.691469][ T7560] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.723469][ T7560] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.981023][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.018231][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.035381][ T4321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.070310][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 175.071696][ T4321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.126638][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 175.737530][ T7859] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 175.789442][ T7859] device syzkaller0 entered promiscuous mode [ 176.294789][ T7881] loop1: detected capacity change from 0 to 512 [ 176.352232][ T7881] EXT4-fs: inline encryption not supported [ 176.427365][ T7881] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 176.456202][ T7881] ext4 filesystem being mounted at /242/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 176.586681][ T7881] EXT4-fs error (device loop1): ext4_do_update_inode:5224: inode #2: comm syz.1.1042: corrupted inode contents [ 176.621095][ T7881] EXT4-fs error (device loop1): ext4_dirty_inode:6089: inode #2: comm syz.1.1042: mark_inode_dirty error [ 176.659953][ T7881] EXT4-fs error (device loop1): ext4_do_update_inode:5224: inode #2: comm syz.1.1042: corrupted inode contents [ 176.699171][ T7881] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #2: comm syz.1.1042: mark_inode_dirty error [ 177.107125][ T26] kauditd_printk_skb: 55 callbacks suppressed [ 177.107141][ T26] audit: type=1800 audit(1733286980.584:464): pid=7890 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.1.1042" name="/file0" dev="loop1" ino=18 res=0 errno=0 [ 177.115751][ T7881] EXT4-fs warning (device loop1): ext4_empty_dir:3147: inode #18: comm syz.1.1042: directory missing '.' [ 177.290666][ T4246] EXT4-fs (loop1): unmounting filesystem. [ 177.452537][ T7911] 9pnet_fd: Insufficient options for proto=fd [ 179.072753][ T7931] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1052'. [ 179.094503][ T7934] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 179.123566][ T7934] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 179.131036][ T7934] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 179.590984][ T7952] loop3: detected capacity change from 0 to 2048 [ 179.626951][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.662290][ T7952] EXT4-fs: Ignoring removed mblk_io_submit option [ 179.688538][ T7952] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 179.798260][ T7952] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 179.874571][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.891300][ T4254] EXT4-fs (loop3): unmounting filesystem. [ 179.990087][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.068904][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.835749][ T26] audit: type=1326 audit(1733286984.314:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7995 comm="syz.0.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 180.881833][ T4248] Bluetooth: hci2: command 0x0406 tx timeout [ 180.887923][ T4248] Bluetooth: hci1: command 0x0406 tx timeout [ 180.991574][ T26] audit: type=1326 audit(1733286984.344:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7995 comm="syz.0.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 181.153705][ T26] audit: type=1326 audit(1733286984.344:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7995 comm="syz.0.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 181.197950][ T8009] loop3: detected capacity change from 0 to 512 [ 181.281498][ T26] audit: type=1326 audit(1733286984.344:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7995 comm="syz.0.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 181.307096][ T8009] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 181.381553][ T26] audit: type=1326 audit(1733286984.354:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7995 comm="syz.0.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 181.399766][ T8009] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 181.441581][ T26] audit: type=1326 audit(1733286984.354:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7995 comm="syz.0.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 181.441605][ T8009] ext4 filesystem being mounted at /260/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 181.469825][ T26] audit: type=1326 audit(1733286984.394:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7995 comm="syz.0.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 181.535873][ T4263] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 181.558823][ T4263] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 181.575862][ T26] audit: type=1326 audit(1733286984.394:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7995 comm="syz.0.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 181.598357][ T4263] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 181.613362][ T4263] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 181.622434][ T4263] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 181.629855][ T4263] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 181.760266][ T26] audit: type=1326 audit(1733286984.394:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7995 comm="syz.0.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 181.867671][ T4254] EXT4-fs (loop3): unmounting filesystem. [ 181.874036][ T11] device hsr_slave_0 left promiscuous mode [ 181.906917][ T11] device hsr_slave_1 left promiscuous mode [ 181.914112][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 181.937896][ T8033] loop1: detected capacity change from 0 to 2048 [ 181.957248][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 181.994377][ T8033] EXT4-fs: Ignoring removed mblk_io_submit option [ 181.996741][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 182.029447][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 182.061996][ T8033] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 182.079190][ T11] device bridge_slave_1 left promiscuous mode [ 182.093129][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.138052][ T11] device bridge_slave_0 left promiscuous mode [ 182.151895][ T8033] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 182.179723][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.346808][ T11] device veth1_macvtap left promiscuous mode [ 182.355117][ T4246] EXT4-fs (loop1): unmounting filesystem. [ 182.368615][ T11] device veth0_macvtap left promiscuous mode [ 182.389931][ T11] device veth1_vlan left promiscuous mode [ 182.425605][ T11] device veth0_vlan left promiscuous mode [ 182.573460][ T8063] TCP: request_sock_subflow_v6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 183.318101][ T11] team0 (unregistering): Port device team_slave_1 removed [ 183.373580][ T11] team0 (unregistering): Port device team_slave_0 removed [ 183.451686][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 183.526005][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 183.681523][ T4263] Bluetooth: hci4: command 0x0409 tx timeout [ 184.177782][ T11] bond0 (unregistering): Released all slaves [ 184.280217][ T8039] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 184.289629][ T8039] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 184.298459][ T8039] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 184.307215][ T8039] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 184.316671][ T8039] device vxlan0 entered promiscuous mode [ 184.325412][ T8039] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 184.334945][ T8039] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 184.343894][ T8039] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 184.352978][ T8039] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 184.702684][ T8093] loop0: detected capacity change from 0 to 2048 [ 184.758714][ T8093] EXT4-fs: Ignoring removed mblk_io_submit option [ 184.784708][ T8093] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 184.813193][ T8096] device pim6reg1 entered promiscuous mode [ 184.843022][ T8022] chnl_net:caif_netlink_parms(): no params data found [ 184.917249][ T8093] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 185.164999][ T4252] EXT4-fs (loop0): unmounting filesystem. [ 185.373011][ T8022] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.391213][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 185.417733][ T8022] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.444556][ T8123] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1099'. [ 185.448322][ T8022] device bridge_slave_0 entered promiscuous mode [ 185.483162][ T8022] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.490366][ T8022] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.499613][ T8022] device bridge_slave_1 entered promiscuous mode [ 185.631831][ T8022] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.709460][ T8022] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.716296][ T8135] loop0: detected capacity change from 0 to 512 [ 185.761525][ T4263] Bluetooth: hci4: command 0x041b tx timeout [ 185.769960][ T8135] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 185.835863][ T8022] team0: Port device team_slave_0 added [ 185.844998][ T8022] team0: Port device team_slave_1 added [ 185.847626][ T8135] EXT4-fs (loop0): 1 truncate cleaned up [ 185.893974][ T8022] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 185.900960][ T8022] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 185.904743][ T8142] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1101'. [ 185.981813][ T8142] bond0: (slave bond_slave_0): Slave does not support ipsec offload [ 185.990378][ T8135] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 186.028440][ T8022] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.097105][ T8022] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.118031][ T8022] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.211788][ T4252] EXT4-fs (loop0): unmounting filesystem. [ 186.219828][ T8022] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.378137][ T8022] device hsr_slave_0 entered promiscuous mode [ 186.402431][ T8150] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1103'. [ 186.426532][ T8022] device hsr_slave_1 entered promiscuous mode [ 186.437521][ T8022] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 186.460885][ T8022] Cannot create hsr debugfs directory [ 187.841475][ T4248] Bluetooth: hci4: command 0x040f tx timeout [ 188.262905][ T8022] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 188.319285][ T8022] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 188.342946][ T8022] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 188.383101][ T8022] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 188.549254][ T26] kauditd_printk_skb: 11 callbacks suppressed [ 188.549271][ T26] audit: type=1326 audit(1733286992.024:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8215 comm="syz.1.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 188.627219][ T8218] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 188.830920][ T26] audit: type=1326 audit(1733286992.064:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8215 comm="syz.1.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 189.301832][ T26] audit: type=1326 audit(1733286992.064:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8215 comm="syz.1.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 189.401768][ T26] audit: type=1326 audit(1733286992.064:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8215 comm="syz.1.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 189.497787][ T26] audit: type=1326 audit(1733286992.064:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8215 comm="syz.1.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 189.558048][ T8022] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.602924][ T7768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.617874][ T7768] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.625294][ T26] audit: type=1326 audit(1733286992.064:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8215 comm="syz.1.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 189.645340][ T8022] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.668031][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.698243][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.727287][ T38] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.734504][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.758519][ T26] audit: type=1326 audit(1733286992.064:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8215 comm="syz.1.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 189.792096][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.801062][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 189.832564][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.841287][ T38] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.848478][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.850530][ T26] audit: type=1326 audit(1733286992.064:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8215 comm="syz.1.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 189.879420][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.921452][ T4248] Bluetooth: hci4: command 0x0419 tx timeout [ 189.947954][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.968755][ T26] audit: type=1326 audit(1733286992.064:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8215 comm="syz.1.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 189.981113][ T8241] loop3: detected capacity change from 0 to 256 [ 190.008484][ T26] audit: type=1326 audit(1733286992.064:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8215 comm="syz.1.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=192 compat=0 ip=0x7ff61717ff19 code=0x7ffc0000 [ 190.030218][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.042248][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.050887][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.059861][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.069101][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 190.078906][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 190.087805][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 190.096758][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 190.122347][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.238227][ T8022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 190.476874][ T8255] loop3: detected capacity change from 0 to 512 [ 190.863363][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 190.877381][ T8255] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 191.736030][ T4254] EXT4-fs (loop3): unmounting filesystem. [ 191.986446][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 192.018536][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 192.058439][ T8022] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.164471][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 192.192322][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 192.255295][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 192.264440][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 192.334328][ T8022] device veth0_vlan entered promiscuous mode [ 192.353324][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 192.389152][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 192.418185][ T8022] device veth1_vlan entered promiscuous mode [ 192.505107][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 192.525767][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 192.546102][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 192.592346][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 192.615967][ T8022] device veth0_macvtap entered promiscuous mode [ 192.666833][ T8022] device veth1_macvtap entered promiscuous mode [ 192.739728][ T8309] loop3: detected capacity change from 0 to 512 [ 192.742072][ T8022] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 192.807907][ T8309] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 192.836021][ T8022] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.194489][ T8022] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 193.210323][ T8022] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.220590][ T8022] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 193.241488][ T8022] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.579319][ T8022] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 193.718804][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 193.735750][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 193.770524][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 193.812260][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 193.839788][ T8022] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.906834][ T8022] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.953768][ T8022] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.973427][ T8022] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.996017][ T8022] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.007254][ T8332] loop7: detected capacity change from 0 to 16384 [ 194.022180][ T8022] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.044442][ T4254] EXT4-fs (loop3): unmounting filesystem. [ 194.052665][ T8022] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 194.129975][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 194.155705][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 194.172323][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.178693][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.207718][ T8022] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.243445][ T8022] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.277850][ T8022] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.315951][ T8022] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.561706][ T38] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 194.569874][ T38] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 194.629166][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 194.699585][ T38] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 194.721844][ T38] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 194.751627][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 194.986187][ T8358] netlink: 828 bytes leftover after parsing attributes in process `syz.4.1156'. [ 195.115447][ T8361] loop0: detected capacity change from 0 to 512 [ 195.153684][ T8361] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 195.238842][ T8361] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 195.252050][ T8361] ext4 filesystem being mounted at /262/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 195.330077][ T8371] loop1: detected capacity change from 0 to 512 [ 195.372796][ T8371] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 195.391663][ T8361] EXT4-fs (loop0): shut down requested (0) [ 195.628958][ T4246] EXT4-fs (loop1): unmounting filesystem. [ 195.842427][ T4252] EXT4-fs (loop0): unmounting filesystem. [ 196.092033][ T4496] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.645747][ T4496] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.233477][ T4496] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.341550][ T4496] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.149275][ T8421] loop0: detected capacity change from 0 to 256 [ 198.226572][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 198.226588][ T26] audit: type=1804 audit(1733287001.704:501): pid=8421 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1165" name="/newroot/264/file1/file0" dev="loop0" ino=1048634 res=1 errno=0 [ 198.590560][ T26] audit: type=1326 audit(1733287002.064:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8430 comm="syz.0.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 198.695536][ T26] audit: type=1326 audit(1733287002.064:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8430 comm="syz.0.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 198.756487][ T26] audit: type=1326 audit(1733287002.104:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8430 comm="syz.0.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 198.780011][ T4496] device hsr_slave_0 left promiscuous mode [ 198.792563][ T4496] device hsr_slave_1 left promiscuous mode [ 198.826337][ T4496] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 198.827986][ T26] audit: type=1326 audit(1733287002.104:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8430 comm="syz.0.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 198.847866][ T4496] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 198.894732][ T4496] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 198.911236][ T26] audit: type=1326 audit(1733287002.104:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8430 comm="syz.0.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 198.919957][ T4496] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 198.956538][ T26] audit: type=1326 audit(1733287002.104:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8430 comm="syz.0.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 198.980413][ T4263] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 198.990385][ T4263] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 198.990525][ T4496] device bridge_slave_1 left promiscuous mode [ 199.004177][ T4259] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 199.012529][ T4259] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 199.020106][ T4259] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 199.023024][ T26] audit: type=1326 audit(1733287002.104:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8430 comm="syz.0.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 199.038506][ T4496] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.061952][ T4259] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 199.110339][ T4496] device bridge_slave_0 left promiscuous mode [ 199.144836][ T4496] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.178768][ T26] audit: type=1326 audit(1733287002.104:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8430 comm="syz.0.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 199.261132][ T4496] device veth1_macvtap left promiscuous mode [ 199.279334][ T26] audit: type=1326 audit(1733287002.104:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8430 comm="syz.0.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5bf977ff19 code=0x7ffc0000 [ 199.303293][ T4496] device veth0_macvtap left promiscuous mode [ 199.310645][ T4496] device veth1_vlan left promiscuous mode [ 199.318284][ T4496] device veth0_vlan left promiscuous mode [ 199.725112][ T8466] loop3: detected capacity change from 0 to 256 [ 200.249617][ T4496] team0 (unregistering): Port device team_slave_1 removed [ 200.289525][ T4496] team0 (unregistering): Port device team_slave_0 removed [ 200.326649][ T4496] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 200.364314][ T4496] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 200.744963][ T4496] bond0 (unregistering): Released all slaves [ 201.121487][ T4259] Bluetooth: hci4: command 0x0409 tx timeout [ 201.443289][ T8498] loop1: detected capacity change from 0 to 256 [ 201.478963][ T8442] chnl_net:caif_netlink_parms(): no params data found [ 201.739669][ T8442] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.750143][ T8442] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.758808][ T8442] device bridge_slave_0 entered promiscuous mode [ 201.769888][ T8442] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.784799][ T8442] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.796712][ T8442] device bridge_slave_1 entered promiscuous mode [ 201.871241][ T8442] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 201.885245][ T8442] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 201.937009][ T8442] team0: Port device team_slave_0 added [ 201.949995][ T8442] team0: Port device team_slave_1 added [ 201.988183][ T8442] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 201.996399][ T8442] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 202.026388][ T8442] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 202.057091][ T8442] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 202.064544][ T8442] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 202.090723][ T8442] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 202.130204][ T8442] device hsr_slave_0 entered promiscuous mode [ 202.137468][ T8442] device hsr_slave_1 entered promiscuous mode [ 202.144392][ T8442] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 202.152119][ T8442] Cannot create hsr debugfs directory [ 203.211927][ T4259] Bluetooth: hci4: command 0x041b tx timeout [ 203.490668][ T8550] loop1: detected capacity change from 0 to 256 [ 203.539442][ T26] kauditd_printk_skb: 29 callbacks suppressed [ 203.539457][ T26] audit: type=1804 audit(1733287007.014:540): pid=8550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1203" name="/newroot/278/file1/file0" dev="loop1" ino=1048637 res=1 errno=0 [ 203.574663][ T8551] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1204'. [ 203.660353][ T8442] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 203.698046][ T8442] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 203.737226][ T8442] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 203.748648][ T8442] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 203.879386][ T8442] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.903034][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 203.912040][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 203.923586][ T8442] 8021q: adding VLAN 0 to HW filter on device team0 [ 203.940904][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 203.950902][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 203.969911][ T38] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.977137][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.994514][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 204.003489][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.013035][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 204.028848][ T38] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.036019][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.045878][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 204.063110][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 204.072742][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 204.085385][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.114540][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 204.123674][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 204.134524][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.143613][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 204.153152][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 204.173815][ T8442] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 204.185822][ T8442] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 204.198327][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 204.208925][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 204.637675][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 204.648861][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 204.669567][ T8442] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 204.696474][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 204.707636][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 204.747881][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 204.778349][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 204.804092][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 204.842660][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 204.904156][ T8442] device veth0_vlan entered promiscuous mode [ 204.948430][ T8442] device veth1_vlan entered promiscuous mode [ 205.002424][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 205.020629][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 205.038099][ T8607] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1218'. [ 205.077448][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 205.089705][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 205.114379][ T8442] device veth0_macvtap entered promiscuous mode [ 205.136121][ T8442] device veth1_macvtap entered promiscuous mode [ 205.173356][ T8442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.208587][ T8442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.230454][ T8442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.251325][ T8442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.279285][ T8442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.291443][ T4248] Bluetooth: hci4: command 0x040f tx timeout [ 205.297660][ T8442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.320300][ T8442] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 205.369525][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 205.430363][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 205.474622][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 205.520266][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 205.548941][ T8442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.569315][ T8442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.583496][ T8442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.596308][ T8442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.607225][ T8442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.618565][ T8442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.654743][ T8442] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 205.675335][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 205.706598][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 205.741957][ T8442] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.760799][ T8442] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.800519][ T8442] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.827480][ T8442] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.020934][ T4496] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.050958][ T4496] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.076935][ T1296] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 206.131651][ T4496] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.139874][ T4496] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.185788][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 206.287699][ T8647] loop0: detected capacity change from 0 to 256 [ 206.366928][ T26] audit: type=1804 audit(1733287009.844:541): pid=8647 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1230" name="/newroot/279/file1/file0" dev="loop0" ino=1048641 res=1 errno=0 [ 206.494601][ T8655] loop3: detected capacity change from 0 to 512 [ 206.572736][ T8655] EXT4-fs: Ignoring removed i_version option [ 206.578776][ T8655] EXT4-fs: Ignoring removed mblk_io_submit option [ 206.638795][ T8655] ext4: Unknown parameter 'seclabel' [ 206.645035][ T8657] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1232'. [ 207.230999][ T8691] loop0: detected capacity change from 0 to 256 [ 207.269042][ T26] audit: type=1804 audit(1733287010.744:542): pid=8691 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1244" name="/newroot/284/file1/file0" dev="loop0" ino=1048642 res=1 errno=0 [ 207.475286][ T8701] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1246'. [ 207.777806][ T8716] syz.4.1252[8716] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 207.777916][ T8716] syz.4.1252[8716] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 207.876659][ T8719] loop0: detected capacity change from 0 to 512 [ 207.917303][ T8719] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 208.020286][ T8727] loop3: detected capacity change from 0 to 256 [ 208.035563][ T26] audit: type=1804 audit(1733287011.514:543): pid=8727 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1256" name="/newroot/306/file1/file0" dev="loop3" ino=1048643 res=1 errno=0 [ 208.039074][ T8719] EXT4-fs (loop0): 1 truncate cleaned up [ 208.141656][ T8719] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 208.307263][ T8719] ================================================================== [ 208.315391][ T8719] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x8ca/0x1f30 [ 208.323152][ T8719] Read of size 18446744073709551572 at addr ffff88807574f050 by task syz.0.1253/8719 [ 208.332614][ T8719] [ 208.334949][ T8719] CPU: 0 PID: 8719 Comm: syz.0.1253 Not tainted 6.1.119-syzkaller #0 [ 208.343014][ T8719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 208.353075][ T8719] Call Trace: [ 208.356353][ T8719] [ 208.359280][ T8719] dump_stack_lvl+0x1e3/0x2cb [ 208.363961][ T8719] ? nf_tcp_handle_invalid+0x642/0x642 [ 208.369423][ T8719] ? panic+0x764/0x764 [ 208.373480][ T8719] ? _printk+0xd1/0x111 [ 208.377628][ T8719] ? __virt_addr_valid+0x17f/0x530 [ 208.382732][ T8719] ? __virt_addr_valid+0x17f/0x530 [ 208.387844][ T8719] print_report+0x15f/0x4f0 [ 208.392342][ T8719] ? __virt_addr_valid+0x17f/0x530 [ 208.397446][ T8719] ? __virt_addr_valid+0x17f/0x530 [ 208.402549][ T8719] ? __virt_addr_valid+0x45b/0x530 [ 208.407662][ T8719] ? __phys_addr+0xb6/0x170 [ 208.412156][ T8719] ? ext4_xattr_set_entry+0x8ca/0x1f30 [ 208.417608][ T8719] kasan_report+0x136/0x160 [ 208.422102][ T8719] ? __x64_sys_unlink+0x45/0x50 [ 208.426948][ T8719] ? ext4_xattr_set_entry+0x8ca/0x1f30 [ 208.432395][ T8719] ? ext4_xattr_set_entry+0x8ca/0x1f30 [ 208.437841][ T8719] kasan_check_range+0x27f/0x290 [ 208.442769][ T8719] ? ext4_xattr_set_entry+0x8ca/0x1f30 [ 208.448218][ T8719] memmove+0x25/0x60 [ 208.452112][ T8719] ext4_xattr_set_entry+0x8ca/0x1f30 [ 208.457401][ T8719] ? ext4_xattr_inode_lookup_create+0x1ef0/0x1ef0 [ 208.463816][ T8719] ? ext4_xattr_block_set+0x884/0x3920 [ 208.469268][ T8719] ? kmemdup+0x41/0x60 [ 208.473325][ T8719] ? memcpy+0x3c/0x60 [ 208.477308][ T8719] ext4_xattr_block_set+0xa58/0x3920 [ 208.482597][ T8719] ? __getblk_gfp+0x50/0xa20 [ 208.487177][ T8719] ? _raw_spin_unlock+0x24/0x40 [ 208.492020][ T8719] ? ext4_xattr_block_find+0x510/0x510 [ 208.497473][ T8719] ? ext4_xattr_block_find+0x468/0x510 [ 208.502923][ T8719] ext4_expand_extra_isize_ea+0x10d5/0x1bb0 [ 208.508816][ T8719] ? ext4_xattr_set+0x3d0/0x3d0 [ 208.513663][ T8719] ? rwsem_write_trylock+0x166/0x210 [ 208.518943][ T8719] ? clear_nonspinnable+0x60/0x60 [ 208.523963][ T8719] ? ext4_reserve_inode_write+0x2b3/0x360 [ 208.529680][ T8719] ? dquot_initialize_needed+0x128/0x320 [ 208.535309][ T8719] __ext4_expand_extra_isize+0x2f7/0x3d0 [ 208.540962][ T8719] __ext4_mark_inode_dirty+0x54f/0x920 [ 208.546442][ T8719] ? ext4_blocks_for_truncate+0x270/0x270 [ 208.552165][ T8719] ? current_time+0x1ba/0x300 [ 208.556843][ T8719] ? atime_needs_update+0x7b0/0x7b0 [ 208.562045][ T8719] __ext4_unlink+0x6ed/0xba0 [ 208.566633][ T8719] ? __ext4_read_dirblock+0x890/0x890 [ 208.571996][ T8719] ? rwsem_write_trylock+0x166/0x210 [ 208.577277][ T8719] ? inode_permission+0xf7/0x450 [ 208.582208][ T8719] ? clear_nonspinnable+0x60/0x60 [ 208.587230][ T8719] ext4_unlink+0x1d5/0x670 [ 208.591643][ T8719] vfs_unlink+0x359/0x5f0 [ 208.595972][ T8719] do_unlinkat+0x4a5/0x820 [ 208.600383][ T8719] ? fsnotify_link_count+0xf0/0xf0 [ 208.605493][ T8719] __x64_sys_unlink+0x45/0x50 [ 208.610162][ T8719] do_syscall_64+0x3b/0xb0 [ 208.614576][ T8719] ? clear_bhb_loop+0x45/0xa0 [ 208.619249][ T8719] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 208.625135][ T8719] RIP: 0033:0x7f5bf977ff19 [ 208.629555][ T8719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.649200][ T8719] RSP: 002b:00007f5bfa545058 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 208.657610][ T8719] RAX: ffffffffffffffda RBX: 00007f5bf9945fa0 RCX: 00007f5bf977ff19 [ 208.665574][ T8719] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 208.673549][ T8719] RBP: 00007f5bf97f3986 R08: 0000000000000000 R09: 0000000000000000 [ 208.681522][ T8719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 208.689490][ T8719] R13: 0000000000000000 R14: 00007f5bf9945fa0 R15: 00007ffc35c625f8 [ 208.697464][ T8719] [ 208.700471][ T8719] [ 208.702780][ T8719] Allocated by task 8719: [ 208.707099][ T8719] kasan_set_track+0x4b/0x70 [ 208.711688][ T8719] __kasan_kmalloc+0x97/0xb0 [ 208.716265][ T8719] __kmalloc_node_track_caller+0xb1/0x220 [ 208.721985][ T8719] kmemdup+0x26/0x60 [ 208.725900][ T8719] ext4_xattr_block_set+0x884/0x3920 [ 208.731192][ T8719] ext4_expand_extra_isize_ea+0x10d5/0x1bb0 [ 208.737088][ T8719] __ext4_expand_extra_isize+0x2f7/0x3d0 [ 208.742725][ T8719] __ext4_mark_inode_dirty+0x54f/0x920 [ 208.748183][ T8719] __ext4_unlink+0x6ed/0xba0 [ 208.752766][ T8719] ext4_unlink+0x1d5/0x670 [ 208.757214][ T8719] vfs_unlink+0x359/0x5f0 [ 208.761535][ T8719] do_unlinkat+0x4a5/0x820 [ 208.765940][ T8719] __x64_sys_unlink+0x45/0x50 [ 208.770605][ T8719] do_syscall_64+0x3b/0xb0 [ 208.775020][ T8719] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 208.780904][ T8719] [ 208.783217][ T8719] Last potentially related work creation: [ 208.788913][ T8719] kasan_save_stack+0x3b/0x60 [ 208.793605][ T8719] __kasan_record_aux_stack+0xb0/0xc0 [ 208.798992][ T8719] call_rcu+0x163/0xa10 [ 208.803146][ T8719] process_one_work+0x8a9/0x11d0 [ 208.808086][ T8719] worker_thread+0xa47/0x1200 [ 208.812758][ T8719] kthread+0x28d/0x320 [ 208.816814][ T8719] ret_from_fork+0x1f/0x30 [ 208.821224][ T8719] [ 208.823535][ T8719] Second to last potentially related work creation: [ 208.830099][ T8719] kasan_save_stack+0x3b/0x60 [ 208.834770][ T8719] __kasan_record_aux_stack+0xb0/0xc0 [ 208.840130][ T8719] call_rcu+0x163/0xa10 [ 208.844280][ T8719] dev_shutdown+0x9d/0x440 [ 208.848685][ T8719] unregister_netdevice_many+0xaac/0x17a0 [ 208.854401][ T8719] unregister_netdevice_queue+0x2e6/0x350 [ 208.860112][ T8719] __tun_detach+0x6b6/0x1600 [ 208.864693][ T8719] tun_chr_close+0x104/0x1b0 [ 208.869275][ T8719] __fput+0x3f6/0x8d0 [ 208.873245][ T8719] task_work_run+0x246/0x300 [ 208.877830][ T8719] exit_to_user_mode_loop+0xde/0x100 [ 208.883103][ T8719] exit_to_user_mode_prepare+0xb1/0x140 [ 208.888634][ T8719] syscall_exit_to_user_mode+0x60/0x270 [ 208.894170][ T8719] do_syscall_64+0x47/0xb0 [ 208.898578][ T8719] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 208.904467][ T8719] [ 208.906779][ T8719] The buggy address belongs to the object at ffff88807574f000 [ 208.906779][ T8719] which belongs to the cache kmalloc-1k of size 1024 [ 208.920816][ T8719] The buggy address is located 80 bytes inside of [ 208.920816][ T8719] 1024-byte region [ffff88807574f000, ffff88807574f400) [ 208.934079][ T8719] [ 208.936391][ T8719] The buggy address belongs to the physical page: [ 208.942795][ T8719] page:ffffea0001d5d200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75748 [ 208.952978][ T8719] head:ffffea0001d5d200 order:3 compound_mapcount:0 compound_pincount:0 [ 208.961288][ T8719] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 208.969274][ T8719] raw: 00fff00000010200 ffffea00015ace00 dead000000000003 ffff888017c41dc0 [ 208.978555][ T8719] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 208.989205][ T8719] page dumped because: kasan: bad access detected [ 208.996076][ T8719] page_owner tracks the page as allocated [ 209.001879][ T8719] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4246, tgid 4246 (syz-executor), ts 53432907696, free_ts 53091844350 [ 209.023690][ T8719] post_alloc_hook+0x18d/0x1b0 [ 209.028722][ T8719] get_page_from_freelist+0x3731/0x38d0 [ 209.034529][ T8719] __alloc_pages+0x28d/0x770 [ 209.039410][ T8719] alloc_slab_page+0x6a/0x150 [ 209.044351][ T8719] new_slab+0x84/0x2d0 [ 209.048963][ T8719] ___slab_alloc+0xc20/0x1270 [ 209.053634][ T8719] __kmem_cache_alloc_node+0x19f/0x260 [ 209.059543][ T8719] __kmalloc+0xa1/0x230 [ 209.063702][ T8719] alloc_workqueue+0x197/0x13d0 [ 209.068551][ T8719] hci_register_dev+0x2a3/0xa40 [ 209.073744][ T8719] vhci_create_device+0x3ba/0x700 [ 209.078762][ T8719] vhci_write+0x38b/0x440 [ 209.083083][ T8719] vfs_write+0x857/0xbc0 [ 209.087312][ T8719] ksys_write+0x19c/0x2c0 [ 209.091630][ T8719] do_syscall_64+0x3b/0xb0 [ 209.096038][ T8719] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 209.101925][ T8719] page last free stack trace: [ 209.107279][ T8719] free_unref_page_prepare+0xf63/0x1120 [ 209.112815][ T8719] free_unref_page+0x33/0x3e0 [ 209.117480][ T8719] qlist_free_all+0x76/0xe0 [ 209.121980][ T8719] kasan_quarantine_reduce+0x156/0x170 [ 209.127428][ T8719] __kasan_slab_alloc+0x1f/0x70 [ 209.132263][ T8719] slab_post_alloc_hook+0x52/0x3a0 [ 209.137364][ T8719] __kmem_cache_alloc_node+0x137/0x260 [ 209.142815][ T8719] kmalloc_node_trace+0x23/0xe0 [ 209.147653][ T8719] __get_vm_area_node+0x126/0x360 [ 209.152681][ T8719] __vmalloc_node_range+0x37d/0x14b0 [ 209.157957][ T8719] vmalloc_user+0x70/0x80 [ 209.162277][ T8719] kcov_ioctl+0x55/0x630 [ 209.166510][ T8719] __se_sys_ioctl+0xf1/0x160 [ 209.171084][ T8719] do_syscall_64+0x3b/0xb0 [ 209.175491][ T8719] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 209.181415][ T8719] [ 209.183723][ T8719] Memory state around the buggy address: [ 209.189337][ T8719] ffff88807574ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 209.197385][ T8719] ffff88807574ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 209.205435][ T8719] >ffff88807574f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 209.213500][ T8719] ^ [ 209.220155][ T8719] ffff88807574f080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 209.228384][ T8719] ffff88807574f100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 209.236632][ T8719] ================================================================== [ 209.284326][ T8719] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 209.291572][ T8719] CPU: 0 PID: 8719 Comm: syz.0.1253 Not tainted 6.1.119-syzkaller #0 [ 209.299649][ T8719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 209.309719][ T8719] Call Trace: [ 209.313013][ T8719] [ 209.315948][ T8719] dump_stack_lvl+0x1e3/0x2cb [ 209.320647][ T8719] ? nf_tcp_handle_invalid+0x642/0x642 [ 209.326121][ T8719] ? panic+0x764/0x764 [ 209.330197][ T8719] ? preempt_schedule_common+0xa6/0xd0 [ 209.335668][ T8719] ? vscnprintf+0x59/0x80 [ 209.340016][ T8719] panic+0x318/0x764 [ 209.343912][ T8719] ? check_panic_on_warn+0x1d/0xa0 [ 209.349017][ T8719] ? memcpy_page_flushcache+0xfc/0xfc [ 209.354377][ T8719] ? _raw_spin_unlock_irqrestore+0x128/0x130 [ 209.360352][ T8719] ? _raw_spin_unlock+0x40/0x40 [ 209.365196][ T8719] check_panic_on_warn+0x7e/0xa0 [ 209.370124][ T8719] ? ext4_xattr_set_entry+0x8ca/0x1f30 [ 209.375569][ T8719] end_report+0x66/0x110 [ 209.379800][ T8719] kasan_report+0x143/0x160 [ 209.384383][ T8719] ? __x64_sys_unlink+0x45/0x50 [ 209.389226][ T8719] ? ext4_xattr_set_entry+0x8ca/0x1f30 [ 209.394700][ T8719] ? ext4_xattr_set_entry+0x8ca/0x1f30 [ 209.400148][ T8719] kasan_check_range+0x27f/0x290 [ 209.405072][ T8719] ? ext4_xattr_set_entry+0x8ca/0x1f30 [ 209.410515][ T8719] memmove+0x25/0x60 [ 209.414402][ T8719] ext4_xattr_set_entry+0x8ca/0x1f30 [ 209.419680][ T8719] ? ext4_xattr_inode_lookup_create+0x1ef0/0x1ef0 [ 209.426082][ T8719] ? ext4_xattr_block_set+0x884/0x3920 [ 209.431525][ T8719] ? kmemdup+0x41/0x60 [ 209.435583][ T8719] ? memcpy+0x3c/0x60 [ 209.439555][ T8719] ext4_xattr_block_set+0xa58/0x3920 [ 209.444831][ T8719] ? __getblk_gfp+0x50/0xa20 [ 209.449407][ T8719] ? _raw_spin_unlock+0x24/0x40 [ 209.454249][ T8719] ? ext4_xattr_block_find+0x510/0x510 [ 209.459698][ T8719] ? ext4_xattr_block_find+0x468/0x510 [ 209.465146][ T8719] ext4_expand_extra_isize_ea+0x10d5/0x1bb0 [ 209.471034][ T8719] ? ext4_xattr_set+0x3d0/0x3d0 [ 209.475874][ T8719] ? rwsem_write_trylock+0x166/0x210 [ 209.481153][ T8719] ? clear_nonspinnable+0x60/0x60 [ 209.486168][ T8719] ? ext4_reserve_inode_write+0x2b3/0x360 [ 209.491879][ T8719] ? dquot_initialize_needed+0x128/0x320 [ 209.497587][ T8719] __ext4_expand_extra_isize+0x2f7/0x3d0 [ 209.503233][ T8719] __ext4_mark_inode_dirty+0x54f/0x920 [ 209.508700][ T8719] ? ext4_blocks_for_truncate+0x270/0x270 [ 209.514438][ T8719] ? current_time+0x1ba/0x300 [ 209.519133][ T8719] ? atime_needs_update+0x7b0/0x7b0 [ 209.524338][ T8719] __ext4_unlink+0x6ed/0xba0 [ 209.528939][ T8719] ? __ext4_read_dirblock+0x890/0x890 [ 209.534306][ T8719] ? rwsem_write_trylock+0x166/0x210 [ 209.539591][ T8719] ? inode_permission+0xf7/0x450 [ 209.544519][ T8719] ? clear_nonspinnable+0x60/0x60 [ 209.549535][ T8719] ext4_unlink+0x1d5/0x670 [ 209.553943][ T8719] vfs_unlink+0x359/0x5f0 [ 209.558265][ T8719] do_unlinkat+0x4a5/0x820 [ 209.562694][ T8719] ? fsnotify_link_count+0xf0/0xf0 [ 209.567823][ T8719] __x64_sys_unlink+0x45/0x50 [ 209.572509][ T8719] do_syscall_64+0x3b/0xb0 [ 209.576922][ T8719] ? clear_bhb_loop+0x45/0xa0 [ 209.581594][ T8719] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 209.587482][ T8719] RIP: 0033:0x7f5bf977ff19 [ 209.591889][ T8719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.611756][ T8719] RSP: 002b:00007f5bfa545058 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 209.620270][ T8719] RAX: ffffffffffffffda RBX: 00007f5bf9945fa0 RCX: 00007f5bf977ff19 [ 209.628577][ T8719] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 209.636620][ T8719] RBP: 00007f5bf97f3986 R08: 0000000000000000 R09: 0000000000000000 [ 209.644574][ T8719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 209.652530][ T8719] R13: 0000000000000000 R14: 00007f5bf9945fa0 R15: 00007ffc35c625f8 [ 209.660497][ T8719] [ 209.663744][ T8719] Kernel Offset: disabled [ 209.668061][ T8719] Rebooting in 86400 seconds..