last executing test programs: 3.248618347s ago: executing program 3 (id=530): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x10040) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x67, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x7, 0xc2, 0x0, 0x0, 0x0, {[@exp_smc={0xfe, 0x6}, @sack_perm={0x4, 0x2}]}}}}}}}, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0xfffe, 0x0, 0x95, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x4, 0xca, 0x0, 0x1000, {[@timestamp={0x8, 0xa, 0x81000001, 0x56}]}}}}}}}, 0x0) 2.516969339s ago: executing program 3 (id=532): r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) fcntl$notify(r0, 0x402, 0x29) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/sctp\x00') getdents64(r1, 0x0, 0x0) 2.51190776s ago: executing program 1 (id=533): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000022c0)=@newtfilter={0x94, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x1003d1, 0x3, 0x10000000, 0x6, 0x6}, 0x68}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0xc804}, 0x2) close(r1) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @random="af75355d1696"}) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000600), 0x4) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)=@xdp={0x2c, 0x0, r5, 0x1c}, 0x80, &(0x7f0000000cc0)=[{&(0x7f00000002c0)="27030200dc0f24000e00003c000c00000000ff840000000200000003125ce882cbf490d908f1523f000000032d9c2740e260a09c6911cda856d5ea9a141b", 0x3e}], 0x1}, 0x8bb3a301eb085f) 2.429306304s ago: executing program 0 (id=534): epoll_create1(0x80000) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$tipc(0xffffffffffffffff, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10) close(0xffffffffffffffff) 2.312436513s ago: executing program 3 (id=535): r0 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0xffffffffffffffff, r1) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r2) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0) r3 = syz_clone(0x20000400, 0x0, 0x3b54, 0x0, 0x0, 0x0) r4 = syz_open_procfs(r3, &(0x7f0000000040)='stat\x00') pread64(r4, 0x0, 0x0, 0x4) 2.293727786s ago: executing program 2 (id=536): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000003c0)=0x13) writev(r0, &(0x7f0000000600)=[{&(0x7f0000000d00)="83e16b", 0x3}], 0x1) 2.263687261s ago: executing program 0 (id=537): openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40) r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20fffe82) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0xc41, 0x20) fallocate(r2, 0x20, 0x4000, 0x3000000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x28) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x42, 0x60) ioctl$FICLONE(r4, 0x40049409, r3) 2.104351868s ago: executing program 2 (id=538): r0 = socket(0x1e, 0x4, 0x0) r1 = socket$inet(0x2, 0x1, 0x100) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) futex(&(0x7f0000004000), 0x5, 0x2, 0x0, 0x0, 0xb601fffc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) listen(r1, 0xfffd) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008451}, 0x20000040) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0x24, @loopback, 0x23}, 0x1c) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7817, 0x3, 0x0, 0x7d, 0x1ff, 0x1, 0x1}, 0x1c) recvmmsg$unix(r0, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000940)=""/4096, 0x1000}], 0x1}}, {{&(0x7f0000000380), 0x6e, &(0x7f0000000640)=[{&(0x7f00000005c0)=""/111, 0x6f}], 0x1, &(0x7f0000000680)=[@rights={{0x10}}, @rights={{0x10}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x80}}], 0x2, 0x400000a0, 0x0) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) 2.085271821s ago: executing program 1 (id=539): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x111, 0x5}}, 0x20) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x5, 0x3, 0xf06, 0x1, 0x94, 0xfffffffd, 0x5}, 0x9c) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x106, 0xb}}, 0x20) sendmmsg$inet(r1, &(0x7f0000002380)=[{{&(0x7f0000000a00)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000e00)=[{&(0x7f0000000a40)='R', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000440)="d2", 0x1}], 0x1}}], 0x2, 0x4040040) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty}}, 0xffffec47, 0x9, 0xffff1896, 0x100, 0x25, 0x7fff}, 0x9c) 2.050786197s ago: executing program 3 (id=540): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3000001, 0x11, r0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2000, &(0x7f0000003700)={0x77359400}) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x96, 0x200}, 0x0, 0x0, 0x0, 0x80004, 0x0, 0x0, 0xffffffffffffffff}) r1 = timerfd_create(0x9, 0x800) timerfd_settime(r1, 0x1, &(0x7f0000007000)={{}, {0x0, 0x989680}}, 0x0) 1.79225699s ago: executing program 3 (id=541): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0) close(r2) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000600)=ANY=[@ANYBLOB="00010000160001052cbd7000fedbdf25fe800000000000000000000000000027e00000020000000000000000000000004e2200064e24fffa0200802088000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac14140a000000000000000000000000000004d533000000fe8000000000000000000000000000bbff01000000000000a2000000000000000700000000000000fcffffffffffffff00000000000000000400000000000000ff7f000000000000fe4800000000000004000000000000000900000000000000de5f0000edff0000ffff00000000000005000000f8ffffff0900000026bd7000000000000a00027f010000000000000003000000de0000000800160000000080611c085f9014df676b33af4f69b2"], 0x100}, 0x1, 0x0, 0x0, 0x4075}, 0xc800) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="2400000001040102000001800000000000000000080005400000000005"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000080)={0x20, 0x1, 0x4, 0x401, 0x0, 0x0, {0x2}, [@NFULA_CFG_MODE={0xa, 0x2, {0xfffffff8, 0x2}}]}, 0x20}, 0x1, 0x0, 0x0, 0x20004051}, 0x24000808) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) getpid() r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x103c02, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) r6 = fsopen(&(0x7f00000003c0)='erofs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000000)='dax\x00', &(0x7f0000000040)='\x00\x80', 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14) syz_80211_join_ibss(&(0x7f0000000200)='wlan0\x00', &(0x7f00000002c0)=@default_ap_ssid, 0x6, 0x1) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r7, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c00000003060104000000000000000002000005050001000700000025e0144d06db249617cab2013cfc2694c2e1fbf957bf4ea85e3a962656fcaf7b2c5242df28d75e9a5317dfd9db9095578c19f6"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x20000080) 1.577991237s ago: executing program 2 (id=542): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='scalable', 0x8) 1.083874779s ago: executing program 0 (id=543): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0xfffffffffffffdbc, 0x2, {{0x1, 0xd, 0x0, 0x9, 0x8}, 0x6, 0x1, 0x1, 0x4, 0x8, 0xe, 0x7, 0x1d, 0x3, 0x9, {0xa2d6, 0x200, 0xb, 0x40, 0x2, 0x1ff}}}}]}, 0x78}}, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000027c0)=@newtfilter={0x4ac, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x5, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x478, 0x2, [@TCA_MATCHALL_ACT={0x474, 0x2, [@m_police={0x470, 0x1, 0x0, 0x0, {{0xb}, {0x444, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x1ff, 0x3, 0x10000, 0x81, 0x7f, 0x5, 0x4, 0x2, 0x4, 0x5, 0x2234, 0x83, 0x81b, 0x7fe, 0x8, 0x0, 0x3, 0x7ed53619, 0x1, 0x2, 0x9644, 0x800004, 0x58b, 0x85a, 0x3ff, 0x46, 0x2, 0x1, 0x0, 0x80000000, 0x1, 0x790, 0x5, 0x1, 0xfffffff9, 0x1a77, 0x9, 0x3, 0x400, 0x63c, 0x0, 0xffffffff, 0x1, 0x3, 0x3, 0x5b1f, 0x7b0, 0x3, 0x100, 0xfffffffe, 0xd, 0xff, 0x3, 0xfffc, 0x6, 0x10a4, 0x11ff, 0x80, 0x4, 0x7, 0x3, 0x1, 0x3, 0x2, 0x9, 0x81, 0x7, 0x8, 0x5, 0x10001, 0x8f7, 0x3, 0xfffffef9, 0x9, 0x4, 0x8, 0xfff, 0x3, 0xffffca9a, 0x6, 0x7, 0x8, 0x100, 0xc0000000, 0x0, 0x6, 0x6, 0x8, 0x80000001, 0x8, 0x1d24, 0x2, 0x7, 0x80000000, 0x7f, 0x7, 0x9, 0xff, 0x24, 0x5, 0x8, 0x6, 0x10007e, 0x8, 0x0, 0x5, 0x470, 0x7f, 0xe, 0x0, 0x1, 0x0, 0x4, 0x10009, 0x61, 0x200, 0x9, 0x2, 0x2, 0x6, 0x3ff, 0x8, 0x7, 0x11, 0xda56, 0x7ffffffe, 0x180, 0x2f0cb955, 0x7, 0x8, 0xf, 0x6ae, 0x9, 0x0, 0x9, 0x8001, 0x0, 0xec000, 0x0, 0x1, 0x2, 0x9, 0x7, 0x6, 0x4, 0x1, 0xffffcf1b, 0x282, 0x5517bc7b, 0x3, 0x4, 0xb6b, 0x5, 0xf7800000, 0x40ac, 0x8, 0x3, 0x10, 0x9, 0x8, 0x80000001, 0x0, 0x74, 0x2, 0x7fffffff, 0x3, 0xa, 0x3, 0xffffffff, 0x8, 0x9, 0x7, 0x7f, 0x5, 0x3, 0xa, 0x1, 0x0, 0xa, 0x300, 0x5, 0x3, 0x6, 0xffffffff, 0xffb, 0xff, 0x3, 0x8, 0x3, 0x2, 0x9, 0xb, 0x399d, 0x5, 0x8ab6, 0x18000, 0x2, 0xfffffff9, 0x2, 0x2, 0x528c, 0x206, 0x5f, 0xac, 0xf, 0xd05, 0x9a2ce73, 0x4, 0x6, 0xe074, 0x6b10, 0x5, 0x1, 0x6, 0xb, 0xa26, 0xaf6, 0x0, 0xec, 0x6, 0xde16, 0xc418, 0xffffffff, 0xffffffff, 0x9, 0x400, 0x80001, 0x5, 0x354d, 0x4, 0x2, 0x1, 0x200, 0x0, 0x8, 0x7, 0x0, 0x80, 0x5, 0x8, 0x1, 0x9, 0xe7b, 0x0, 0x7, 0x42bf, 0x10000, 0x9, 0x9, 0x6, 0x4b75, 0x80000001, 0xafb, 0x5915, 0x10001, 0x1]}], [@TCA_POLICE_TBF={0x3c, 0x1, {0xfffffe00, 0x8, 0x5, 0x1, 0xdbec, {0x8, 0x0, 0xb55, 0x5, 0xa, 0xb}, {0x6, 0x1, 0xd, 0x800, 0x1}, 0x2, 0x0, 0x6}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x4ac}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1.036029747s ago: executing program 1 (id=544): syz_open_procfs$namespace(0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000200)=0x1, 0x12) write$cgroup_pid(r1, &(0x7f0000000140), 0x12) 855.363557ms ago: executing program 1 (id=545): epoll_create1(0x80000) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$tipc(0xffffffffffffffff, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10) close(0xffffffffffffffff) 732.438178ms ago: executing program 1 (id=546): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000003c0)=0x13) writev(r0, &(0x7f0000000600)=[{&(0x7f0000000d00)="83e16b", 0x3}], 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000c00)=0x11) syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000600)='./file0\x00', 0x0, &(0x7f0000000640), 0x1, 0x5a8, &(0x7f0000000680)="$eJzs3U1sHFcdAPD/rO18OAl2AxWlSGBRBJGi+iNGZINAJD0hFaM2BS5FDUuysd2svZZ3LdUuh0SotDdUxKXqCVk58CWlUhEtFKkSoohD4cAJgcK9qqlUviQQWjSzs6kbb+yETTyV/ftJTzPzZnfff/Y/M5k3b+INYNcaiYiTEdEXEUcjYiivL+UlLrZL+rrVySszaUmi1XrkrSSSiHh28spM57OSfHog/4B9EXF6NaL01MZ2G8srFyq1WnUxXx5rzi2MNZZX7p+dq0xXp6vz5XJ5vFw+fmLi9m3ro4f3H37u11/4z89f++6Hv/K93zyZxnswX7d+O26XkRjJv5OB2Luuvj+JOH+7GytIut/0RzvXN+Pu6nd+eYdD4iZ9/geXSkXHAABsv/QC4HBEfCy7/h+KvuxqLuLkoa+9PRT/fLzo+AAAAIDetYaG4nPpFAAAANixStkzsElpNH8W4GCUSqOj7Wd4PxCDpVq90Tx6vr40f679rOxwDJTOz9aq4/mzwsMxkKTLE9n8O8vHrluejIi7IuKZof3Z8ujZeu1c0Tc/AAAAYIc7GHH10W+9/MEDN+j/p/48VHSUAAAAQC/S/v+hq4PZn+r6u34+AAAA7Ehp///tb//1t6H/DwAAADtWp///0NRUPDQ11VrNf/9qvj49e2Fm4cSx8dG5pbOjZ+uLC6PT9fp09j/257b+3Fq9vjBxLJaeGGtWG82xxvLKmbn60nzzTPa7XmeqA9uwbcDWHj55tlp0DAAAwPa566Ov/jGJiIuf2Z+V1J58nb467Gx+ABx2r76iAwAK0190AEBh9PGBZIv1+2604uLtjwUAALgzPvkh4/+wWxn/h93L+D/sXsb/YffSxweM/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNZarSRaAAAAwI7WWF65UKnVqotmzJgxc22m6DuTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALyXPTt5ZaZTtqvNV36xXS1xI2unImK4nf/VvLTX9Me+bLovBiJi8G9J9K97XxIRfT22/e97IkbisSdfbF1+KS2R74c9fiy34OKliLin2/GfpLtFDOd7wfX5L2V7Rm9+8sM0/6u/W18n/9url/wP9tj2yx9J8//g3evr5H/3uPfhoiOgSL9/pugIKNIf1oqOgCKdfqToCCjSlz5ddAQU6fm3io6AV09FxHi3/l8p7RZe6+Vf3//ry+4Q9ebISNr/e/ro+rqN/b/SGz02wybWTkV8NiJWN9z/K3VeMtyXLx3K7gcMJOdna9XxiHhfmsMY2JsuT2zSxuUzS491q3/wdJr/Kz9d+NMLP+uUtP10+s6rSm/07333+85VmpVet5u2tUsR9/Z3y39y7f5vcoP7v++/yTZmXv/G493qJ3+V5v+V5zfPP3dS6/sRn+h6/CfXXpPOjTXnFsYayyv3z85VpqvT1flyuTxeLh8/MTGWnQ7GOieFLobWDny1W/3XH0jz/98p+S9OevwPbp7/7PzfWF65UKnVqouNW2/jX2++vtqt/vBTaf4f+Ob/c/7fk3w5C3BPXvdEpdlcnIjYk3xxY/2xW495p+p8H53vK83/kfu6//vfuf5rn/9LG+7/D+fTdP3IJm0OHH/h6W71H78vG/+7+mLr8kuO/2Kk+T+3xfGfvOv4v/WZ5/7yjx91a/vHe9P8v/ZmZ/w3LWn7nbHgtvT4/1QWzJG8xvXf1m42QUXHCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6/0vAAD//wqlOeU=") mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x4080000) openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file4\x00', &(0x7f0000000380)={0x182}, 0x18) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file4\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00"], 0x50) r1 = openat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x100, 0x62) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@ipv6_newroute={0x1c, 0x18, 0xffffffffffffffff, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0xfe, 0x0, 0xfd, 0x9}}, 0x1c}}, 0x0) r4 = socket$inet6(0xa, 0x3, 0xff) sendmmsg$inet6(r4, &(0x7f0000004f00)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @private1}, 0x1c, 0x0}}], 0x1, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001800ef0100000000000000000a000000b000fd00000000001400050000000000000000000000000000000002"], 0x30}, 0x1, 0x11}, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0x40086610, &(0x7f00000004c0)={@desc={0x1, 0x0, @desc1}}) 731.241178ms ago: executing program 0 (id=547): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x94, 0x2c, 0xd27, 0x70bd2b, 0xfffffffe, {0x0, 0x0, 0x0, r5, {0x0, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x10001, 0x9f0, 0x7, 0x6, 0x3}, 0x52}}]}, {0xfffffffffffffd23}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}}, 0x80000) close(r3) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f0000000640)={&(0x7f0000000380)=@xdp={0x2c, 0x8, r6, 0x40}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000200)="27030200000314000e00203c0003000000000001", 0x14}], 0x1}, 0x4041) 580.423803ms ago: executing program 2 (id=548): r0 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0xffffffffffffffff, r1) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r2) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0) r3 = syz_clone(0x20000400, 0x0, 0x3b54, 0x0, 0x0, 0x0) r4 = syz_open_procfs(r3, &(0x7f0000000040)='stat\x00') pread64(r4, 0x0, 0x0, 0x4) 292.113931ms ago: executing program 1 (id=549): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000300), 0xffffffffffffffff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0) 274.065084ms ago: executing program 3 (id=550): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x10000, &(0x7f00000002c0)={[{@user_xattr}, {@auto_da_alloc}, {@mb_optimize_scan}, {@journal_dev={'journal_dev', 0x3d, 0x6}}]}, 0x3, 0x4d8, &(0x7f0000000880)="$eJzs3M9vFFUcAPDvbHdpC6IVEQVRCmhsTGyhoHDwgokJB02MeJBj01aCLGBoD0KIlMRwJ/FoYjwab/oH6NF48g/AgzdDQgwXwNOa2Z1pt/ur3bZsKfv5JNt9b/bNvPfmzdt9M68zAfSt0fRPEvFMRNyJiOdq0eUJRmtvD+9fn350//p0LFQqZ/5NqukepPFMvt6OLDJWiCh8kzRssGbu6rULU+Xy7JUsPjF/8cuJuavX3j5/cerc7LnZS5MnTx4/dvTEu5PvdF+pFvml9Xqw7+vL+/eePnv7o+livnwoe6+vR1vF7oox2uGzN7rb1BNvZ104ad5PN3paGFZtKDusS2n/v14+dHazCwT0TKVSqQy2/3ih0uhm0xJgy0pis0sAbI78hz49/81fPRp6PBHunaqdAKX1fpi9ap8Uo5ClKTWc326k0Yj4bOG/79NXdLoO8fdjKgAA0Hd+O5WPBBvHf4XYU5fu2WwOZSQino+IXRHxQkTsjogXI6ppX4qIlxszSCIqHfLf3RBfyv+XbBahcHfdlewgHf+9l81tLR//5aO/GBnIYjsj8gHz7JFsn4xFafDz8+XZo222v22F/OvHf+krzT8fC2bluFtsuEA3MzU/tbbaNrt3M2JfsbH+STFtuHwaJ4mIvRGxr4vtjtSFz7/14/7FSCl7/672tnL9qyotpvS6no9rpfJDxJu19l+I+vZPlnJMOs9PTgxFefbIRHoUHGmZxx9/3vq4Xf6d639ouMUqH5z49cy6651L23973fEf+fzt0iTqSBKRLM7XzkVUBrrL49Zf7VdY6/G/Lfm0Gs7711dT8/NXjkZsSz5sXj65tG4ez9On9R873Lr/78rWSffEKxGRHsSvRsRrEXEgK/vBtJUi4nCH+v/+/utfrL3+j1da/5mW33/L2n9pvn6VgXzldMnAhYN3HrX58lhd+x+vhsayJWn7Nx9RybKviNWWdJ27DwAAALaEQlT/978wvhguFMbHa9eAdsf2Qvny3PyBiLg0U7tHYCRKhfxKV+16cCnJr3+O1MUnG+LHsuvG3w4MV+Pj05fLM5tdeehzO6p9Pmnq/6l/urzOC2xBGzCPBmxRK/X/Pbd7VBCg5/z+Q/+q6/8LbZIs+E8ZeDqt8Pt/9nSvCgL0XKv+fyN+6njvgnMG2Poq+jL0Nf0f+lcxPlkMV297bnm3LfA08vsPfanb+/pXE8gf13DtQmWwdZqhaPHEgKENLkYWGG6R16YE0pHVBm6wFBGrSzy8lizyIWD7JzwUutvgYDR/NBCd1kq6eI5DHkj3yoqJz+3Z8IM/fybKRh82Py/101JdWxRXap31B3r6NQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDY/B8AAP///mPOTg==") r0 = open(&(0x7f00000000c0)='./file1\x00', 0x66842, 0x21) pwritev2(r0, &(0x7f0000000300)=[{&(0x7f00000004c0)='V', 0x1}], 0x1, 0x2000, 0x0, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628) 273.849215ms ago: executing program 2 (id=551): openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40) r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20fffe82) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0xc41, 0x20) fallocate(r2, 0x20, 0x4000, 0x3000000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x28) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x42, 0x60) ioctl$FICLONE(r4, 0x40049409, r3) 120.52292ms ago: executing program 0 (id=552): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x9}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000000c0)=[@in={0x2, 0x4e23, @remote}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000000)={r1, @in={{0x2, 0x0, @empty}}, 0x0, 0x7ffe}, 0x90) 74.393718ms ago: executing program 0 (id=553): socket$kcm(0x2, 0x1, 0x84) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1e0000000000000002000000"], 0x50) r1 = socket$kcm(0x10, 0x2, 0x0) socket$igmp(0x2, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000700)={r0, &(0x7f0000000540), &(0x7f0000000640)=""/144}, 0x20) socket(0x10, 0x3, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'ip_vti0\x00', 0x0}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r2}, &(0x7f00000001c0), &(0x7f0000000300)=r3}, 0x20) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000040)="2e00000011008188040f80ec59acbc0413a1f8480b0000005e140602000000000e0027001000000002800000121f", 0x2e}], 0x1, 0x0, 0x0, 0xe0ffff}, 0x0) 0s ago: executing program 2 (id=554): epoll_create1(0x80000) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$tipc(0xffffffffffffffff, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10) close(0xffffffffffffffff) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.41' (ED25519) to the list of known hosts. [ 65.623923][ T5756] cgroup: Unknown subsys name 'net' [ 65.790558][ T5756] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 67.142394][ T5756] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 68.661507][ T5777] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 68.670702][ T5777] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.684890][ T5778] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.693392][ T5777] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 68.702700][ T5777] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.710293][ T5778] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.717366][ T5779] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.718136][ T5777] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 68.725981][ T5779] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.735670][ T5780] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.740841][ T5779] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.747914][ T5780] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.755650][ T5779] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.763111][ T5780] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.769114][ T5779] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 68.783556][ T5779] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.785331][ T5780] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 68.799468][ T5779] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 68.801129][ T5780] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.813905][ T5781] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.821817][ T5780] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 68.823241][ T5781] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 68.837441][ T5780] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.854504][ T5780] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 69.251764][ T5768] chnl_net:caif_netlink_parms(): no params data found [ 69.278353][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 69.405800][ T5767] chnl_net:caif_netlink_parms(): no params data found [ 69.427966][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.436571][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.444256][ T5768] bridge_slave_0: entered allmulticast mode [ 69.451121][ T5768] bridge_slave_0: entered promiscuous mode [ 69.464584][ T5769] chnl_net:caif_netlink_parms(): no params data found [ 69.498872][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.506121][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.513807][ T5768] bridge_slave_1: entered allmulticast mode [ 69.520487][ T5768] bridge_slave_1: entered promiscuous mode [ 69.608892][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.621638][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.631037][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.639190][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.646726][ T5770] bridge_slave_0: entered allmulticast mode [ 69.654202][ T5770] bridge_slave_0: entered promiscuous mode [ 69.681874][ T5769] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.689248][ T5769] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.696771][ T5769] bridge_slave_0: entered allmulticast mode [ 69.704457][ T5769] bridge_slave_0: entered promiscuous mode [ 69.728674][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.736008][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.743229][ T5770] bridge_slave_1: entered allmulticast mode [ 69.749900][ T5770] bridge_slave_1: entered promiscuous mode [ 69.767476][ T5769] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.774715][ T5769] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.781836][ T5769] bridge_slave_1: entered allmulticast mode [ 69.788905][ T5769] bridge_slave_1: entered promiscuous mode [ 69.809112][ T5768] team0: Port device team_slave_0 added [ 69.818332][ T5768] team0: Port device team_slave_1 added [ 69.851951][ T5767] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.859461][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.866772][ T5767] bridge_slave_0: entered allmulticast mode [ 69.875944][ T5767] bridge_slave_0: entered promiscuous mode [ 69.892870][ T5767] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.900884][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.908207][ T5767] bridge_slave_1: entered allmulticast mode [ 69.915581][ T5767] bridge_slave_1: entered promiscuous mode [ 69.932157][ T5769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.961949][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.972996][ T5769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.983712][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.990859][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.017682][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.039859][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.057732][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.067500][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.094192][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.107736][ T5767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.120075][ T5767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.166981][ T5770] team0: Port device team_slave_0 added [ 70.187385][ T5769] team0: Port device team_slave_0 added [ 70.197221][ T5769] team0: Port device team_slave_1 added [ 70.228707][ T5770] team0: Port device team_slave_1 added [ 70.255019][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.262462][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.288842][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.311023][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.318112][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.344206][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.364591][ T5767] team0: Port device team_slave_0 added [ 70.376019][ T5768] hsr_slave_0: entered promiscuous mode [ 70.384391][ T5768] hsr_slave_1: entered promiscuous mode [ 70.419560][ T5767] team0: Port device team_slave_1 added [ 70.443738][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.450742][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.479821][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.501716][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.508891][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.535021][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.561432][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.570957][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.599877][ T5767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.635917][ T5769] hsr_slave_0: entered promiscuous mode [ 70.642207][ T5769] hsr_slave_1: entered promiscuous mode [ 70.648709][ T5769] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.656661][ T5769] Cannot create hsr debugfs directory [ 70.663471][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.670549][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.699221][ T5767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.776623][ T5770] hsr_slave_0: entered promiscuous mode [ 70.783490][ T5770] hsr_slave_1: entered promiscuous mode [ 70.789909][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.798325][ T5770] Cannot create hsr debugfs directory [ 70.854746][ T5776] Bluetooth: hci1: command tx timeout [ 70.854758][ T51] Bluetooth: hci0: command tx timeout [ 70.883982][ T5767] hsr_slave_0: entered promiscuous mode [ 70.892492][ T5767] hsr_slave_1: entered promiscuous mode [ 70.898800][ T5767] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.906518][ T5767] Cannot create hsr debugfs directory [ 70.933203][ T5776] Bluetooth: hci3: command tx timeout [ 70.933469][ T51] Bluetooth: hci2: command tx timeout [ 71.170939][ T5768] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 71.197063][ T5768] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 71.207521][ T5768] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 71.241236][ T5768] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 71.291028][ T5769] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 71.304677][ T5769] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 71.322046][ T5769] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 71.332954][ T5769] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 71.415425][ T5770] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 71.438063][ T5770] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 71.449818][ T5770] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 71.460723][ T5770] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 71.558680][ T5767] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 71.575052][ T5767] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.589027][ T5767] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.600158][ T5767] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.626810][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.681231][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.699946][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.726942][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.734402][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.750906][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.757904][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.785702][ T5769] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.796685][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.804249][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.838399][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.845565][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.885981][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.893258][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.922463][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.999965][ T5769] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 72.016437][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.064813][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.072038][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.086150][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.093351][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.151601][ T5767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.220789][ T5767] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.248491][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.255791][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.326459][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.333661][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.421637][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.452739][ T5767] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 72.473881][ T5767] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 72.581492][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.597257][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.670142][ T5768] veth0_vlan: entered promiscuous mode [ 72.702501][ T5768] veth1_vlan: entered promiscuous mode [ 72.762815][ T5770] veth0_vlan: entered promiscuous mode [ 72.788487][ T5770] veth1_vlan: entered promiscuous mode [ 72.810257][ T5767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.838804][ T5768] veth0_macvtap: entered promiscuous mode [ 72.851639][ T5769] veth0_vlan: entered promiscuous mode [ 72.878270][ T5770] veth0_macvtap: entered promiscuous mode [ 72.887645][ T5768] veth1_macvtap: entered promiscuous mode [ 72.902722][ T5770] veth1_macvtap: entered promiscuous mode [ 72.919810][ T5769] veth1_vlan: entered promiscuous mode [ 72.934315][ T51] Bluetooth: hci0: command tx timeout [ 72.944315][ T51] Bluetooth: hci1: command tx timeout [ 72.962631][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.975972][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.989416][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.002393][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.013297][ T51] Bluetooth: hci2: command tx timeout [ 73.015106][ T5776] Bluetooth: hci3: command tx timeout [ 73.032382][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.042537][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.054315][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.066097][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.079449][ T5769] veth0_macvtap: entered promiscuous mode [ 73.088318][ T5770] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.098608][ T5770] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.107593][ T5770] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.116350][ T5770] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.130758][ T5768] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.140919][ T5768] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.149750][ T5768] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.159393][ T5768] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.175158][ T5769] veth1_macvtap: entered promiscuous mode [ 73.241301][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.257768][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.268061][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.278939][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.291800][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.302970][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.314729][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.324851][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.335528][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.346469][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.359609][ T5767] veth0_vlan: entered promiscuous mode [ 73.415129][ T5769] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.427018][ T5769] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.440441][ T5769] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.451247][ T5769] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.495560][ T5767] veth1_vlan: entered promiscuous mode [ 73.501195][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.501253][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.615083][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.623032][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.641514][ T5767] veth0_macvtap: entered promiscuous mode [ 73.671063][ T5767] veth1_macvtap: entered promiscuous mode [ 73.704087][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.712241][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.716196][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.740369][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.812595][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.826138][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.837382][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.849128][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.859581][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.870825][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.882996][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.894889][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.902819][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.915582][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.932690][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.942822][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.956240][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.966304][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.977878][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.988131][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.998833][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.010632][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.048117][ T5767] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.058451][ T5767] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.068680][ T5767] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.082517][ T5767] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.220441][ T5830] syz.2.3[5830]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 74.238772][ T1128] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.250173][ T1128] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.266810][ T5830] loop2: detected capacity change from 0 to 128 [ 74.440371][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.464935][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.533403][ T5834] netlink: 1472 bytes leftover after parsing attributes in process `syz.1.2'. [ 74.621324][ T27] audit: type=1107 audit(1776202779.877:2): pid=5832 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 74.718791][ T5835] batadv_slave_0: entered promiscuous mode [ 74.736941][ T5835] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4'. [ 74.747071][ T5835] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 74.756595][ T5841] loop0: detected capacity change from 0 to 512 [ 74.904414][ T5841] EXT4-fs (loop0): 1 truncate cleaned up [ 74.918012][ T5835] batadv_slave_0 (unregistering): left promiscuous mode [ 74.926830][ T5835] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 74.930190][ T5841] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.017502][ T5776] Bluetooth: hci1: command tx timeout [ 75.017841][ T51] Bluetooth: hci0: command tx timeout [ 75.093734][ T51] Bluetooth: hci2: command tx timeout [ 75.098836][ T5776] Bluetooth: hci3: command tx timeout [ 75.319465][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.331142][ T787] cfg80211: failed to load regulatory.db [ 75.470144][ T5852] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 75.515011][ T5855] sg_write: process 6 (syz.0.7) changed security contexts after opening file descriptor, this is not allowed. [ 75.523103][ T5846] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 75.641664][ T5857] loop1: detected capacity change from 0 to 1024 [ 75.659630][ T5857] ======================================================= [ 75.659630][ T5857] WARNING: The mand mount option has been deprecated and [ 75.659630][ T5857] and is ignored by this kernel. Remove the mand [ 75.659630][ T5857] option from the mount to silence this warning. [ 75.659630][ T5857] ======================================================= [ 75.742470][ T5857] EXT4-fs (loop1): stripe (4) is not aligned with cluster size (4096), stripe is disabled [ 75.764945][ T5852] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 75.828365][ T5857] EXT4-fs error (device loop1): ext4_map_blocks:610: inode #3: block 2: comm syz.1.8: lblock 2 mapped to illegal pblock 2 (length 1) [ 75.871114][ T5862] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10'. [ 75.886161][ T5862] ipvlan2: entered allmulticast mode [ 75.891945][ T5862] syz_tun: entered allmulticast mode [ 75.901018][ T5857] Quota error (device loop1): qtree_write_dquot: dquota write failed [ 75.930949][ T5857] EXT4-fs error (device loop1): ext4_map_blocks:610: inode #3: block 48: comm syz.1.8: lblock 0 mapped to illegal pblock 48 (length 1) [ 75.938322][ T5864] loop0: detected capacity change from 0 to 512 [ 75.955817][ T5857] Quota error (device loop1): v2_write_file_info: Can't write info structure [ 75.959876][ T5864] EXT4-fs: Ignoring removed i_version option [ 75.979837][ T5864] EXT4-fs: Ignoring removed nomblk_io_submit option [ 75.988757][ T5857] EXT4-fs error (device loop1): ext4_acquire_dquot:6953: comm syz.1.8: Failed to acquire dquot type 0 [ 75.991534][ T5864] EXT4-fs error (device loop0): ext4_orphan_get:1430: comm syz.0.11: bad orphan inode 1 [ 76.017759][ T5857] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5939: Corrupt filesystem [ 76.018488][ T5864] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.042034][ T5857] EXT4-fs error (device loop1): ext4_evict_inode:254: inode #11: comm syz.1.8: mark_inode_dirty error [ 76.082289][ T5857] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 76.124539][ T5857] EXT4-fs (loop1): 1 orphan inode deleted [ 76.151087][ T5857] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 76.167465][ T41] EXT4-fs error (device loop1): ext4_map_blocks:610: inode #3: block 1: comm kworker/u4:2: lblock 1 mapped to illegal pblock 1 (length 1) [ 76.211824][ T41] Quota error (device loop1): remove_tree: Can't read quota data block 1 [ 76.232438][ T41] EXT4-fs error (device loop1): ext4_release_dquot:6989: comm kworker/u4:2: Failed to release dquot type 0 [ 76.251714][ T5872] loop2: detected capacity change from 0 to 512 [ 76.278310][ T5857] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.288861][ T5872] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 76.296421][ T5857] EXT4-fs error (device loop1): __ext4_get_inode_loc:4496: comm syz.1.8: Invalid inode table block 1 in block_group 0 [ 76.327615][ T5872] EXT4-fs error (device loop2): ext4_validate_block_bitmap:430: comm syz.2.12: bg 0: block 4: invalid block bitmap [ 76.341412][ T5857] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5939: Corrupt filesystem [ 76.364038][ T5857] EXT4-fs error (device loop1): ext4_quota_off:7237: inode #3: comm syz.1.8: mark_inode_dirty error [ 76.364591][ T5872] EXT4-fs (loop2): Remounting filesystem read-only [ 76.401100][ T5872] EXT4-fs (loop2): 1 truncate cleaned up [ 76.410533][ T5872] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 76.446427][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.495759][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.859837][ T5882] netlink: 'syz.1.16': attribute type 39 has an invalid length. [ 77.184808][ T5776] Bluetooth: hci0: command tx timeout [ 77.191814][ T5776] Bluetooth: hci1: command tx timeout [ 77.195175][ T51] Bluetooth: hci2: command tx timeout [ 77.211366][ T51] Bluetooth: hci3: command tx timeout [ 78.444317][ T5898] loop2: detected capacity change from 0 to 512 [ 78.493200][ T5898] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 79.241621][ T5898] EXT4-fs error (device loop2): ext4_xattr_inode_iget:441: inode #11: comm syz.2.21: iget: bad extra_isize 58 (inode size 256) [ 79.290115][ T5898] EXT4-fs (loop2): Remounting filesystem read-only [ 79.299206][ T5898] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 79.312741][ T5898] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -5) [ 79.323658][ T5898] EXT4-fs (loop2): 1 orphan inode deleted [ 79.330655][ T5898] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.547574][ T5898] syz.2.21 (5898): attempted to duplicate a private mapping with mremap. This is not supported. [ 79.629442][ T5910] Zero length message leads to an empty skb [ 80.364662][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.631762][ T5920] loop2: detected capacity change from 0 to 128 [ 80.658606][ T5918] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 80.665565][ T5918] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 80.684434][ T5918] vhci_hcd vhci_hcd.0: Device attached [ 80.730315][ T27] audit: type=1800 audit(1776202785.977:3): pid=5920 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.25" name="file2" dev="loop2" ino=1048593 res=0 errno=0 [ 80.732850][ T5920] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 80.770129][ T5921] vhci_hcd: connection closed [ 80.780225][ T11] vhci_hcd: stop threads [ 80.800462][ T11] vhci_hcd: release socket [ 80.802270][ T5920] FAT-fs (loop2): Filesystem has been set read-only [ 80.807136][ T11] vhci_hcd: disconnect device [ 80.833018][ T5920] syz.2.25: attempt to access beyond end of device [ 80.833018][ T5920] loop2: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 80.849072][ T5920] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 80.858335][ T5920] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 80.898298][ T5920] syz.2.25: attempt to access beyond end of device [ 80.898298][ T5920] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 80.952145][ T5920] syz.2.25: attempt to access beyond end of device [ 80.952145][ T5920] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 80.970503][ T5920] syz.2.25: attempt to access beyond end of device [ 80.970503][ T5920] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 80.993574][ T5920] syz.2.25: attempt to access beyond end of device [ 80.993574][ T5920] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 81.012612][ T5920] syz.2.25: attempt to access beyond end of device [ 81.012612][ T5920] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 81.026501][ T5920] syz.2.25: attempt to access beyond end of device [ 81.026501][ T5920] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 81.043238][ T5920] syz.2.25: attempt to access beyond end of device [ 81.043238][ T5920] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 81.057203][ T5920] syz.2.25: attempt to access beyond end of device [ 81.057203][ T5920] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 81.070930][ T5920] syz.2.25: attempt to access beyond end of device [ 81.070930][ T5920] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 81.187884][ T5916] loop3: detected capacity change from 0 to 32768 [ 81.247834][ T5916] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 81.323339][ T5916] XFS (loop3): Ending clean mount [ 81.353749][ T5916] XFS (loop3): Quotacheck needed: Please wait. [ 81.474618][ T5916] XFS (loop3): Quotacheck: Done. [ 81.947698][ T5925] loop1: detected capacity change from 0 to 32768 [ 81.998154][ T5769] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 82.065454][ T5925] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 82.246944][ T5925] XFS (loop1): Ending clean mount [ 82.402691][ T5937] loop0: detected capacity change from 0 to 32768 [ 82.429166][ T5937] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.30 (5937) [ 82.537425][ T5937] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 82.582410][ T5937] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 82.592638][ T5937] BTRFS info (device loop0): force clearing of disk cache [ 82.625541][ T5937] BTRFS info (device loop0): metadata ratio 0 [ 82.644361][ T5937] BTRFS info (device loop0): enabling ssd optimizations [ 82.675204][ T5937] BTRFS info (device loop0): using spread ssd allocation scheme [ 82.713161][ T5937] BTRFS info (device loop0): using free space tree [ 82.841087][ T5937] BTRFS info (device loop0): auto enabling async discard [ 82.866896][ T5937] BTRFS info (device loop0): rebuilding free space tree [ 83.017796][ T27] audit: type=1804 audit(1776202788.277:4): pid=5953 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.28" name="/newroot/4/file1/file1" dev="loop1" ino=6150 res=1 errno=0 [ 83.426387][ T5955] loop3: detected capacity change from 0 to 32768 [ 83.557299][ T5955] JBD2: Ignoring recovery information on journal [ 83.627394][ T5767] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 83.676468][ T5955] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 83.781432][ T5768] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 84.084127][ T5955] syz.3.33 (5955) used greatest stack depth: 20040 bytes left [ 84.317846][ T5769] ocfs2: Unmounting device (7,3) on (node local) [ 84.732632][ T5997] loop0: detected capacity change from 0 to 128 [ 84.779324][ T5999] loop3: detected capacity change from 0 to 128 [ 84.925349][ T27] audit: type=1800 audit(1776202790.187:5): pid=5999 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.40" name="file2" dev="loop3" ino=1048594 res=0 errno=0 [ 84.927488][ T5999] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 84.993224][ T5999] FAT-fs (loop3): Filesystem has been set read-only [ 85.016654][ T5999] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 85.019369][ T5987] loop2: detected capacity change from 0 to 32768 [ 85.036939][ T5999] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 85.069214][ T5987] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 85.079542][ T6003] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 85.163441][ T5987] XFS (loop2): Ending clean mount [ 85.201762][ T6003] netlink: 28 bytes leftover after parsing attributes in process `syz.0.44'. [ 85.599058][ T27] audit: type=1804 audit(1776202790.857:6): pid=6014 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.48" name="/newroot/15/file1/file1" dev="loop2" ino=6150 res=1 errno=0 [ 85.810142][ T5770] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 86.845049][ T6020] loop3: detected capacity change from 0 to 32768 [ 86.861460][ T6022] loop0: detected capacity change from 0 to 32768 [ 86.935381][ T6022] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 86.939099][ T6020] JBD2: Ignoring recovery information on journal [ 87.017627][ T6018] loop1: detected capacity change from 0 to 32768 [ 87.127841][ T6022] XFS (loop0): Ending clean mount [ 87.129538][ T6020] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 87.187800][ T6018] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 87.498317][ T5767] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 87.748064][ T6018] XFS (loop1): Ending clean mount [ 87.803521][ T6018] XFS (loop1): Quotacheck needed: Please wait. [ 87.811913][ T5769] ocfs2: Unmounting device (7,3) on (node local) [ 88.028429][ T6018] XFS (loop1): Quotacheck: Done. [ 88.166924][ T27] audit: type=1800 audit(1776202793.427:7): pid=6018 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.47" name="file1" dev="loop1" ino=6150 res=0 errno=0 [ 88.310416][ T27] audit: type=1800 audit(1776202793.427:8): pid=6018 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.47" name="file1" dev="loop1" ino=6150 res=0 errno=0 [ 88.583764][ T5768] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 89.061345][ T6061] loop0: detected capacity change from 0 to 32768 [ 89.113417][ T6067] netlink: 'syz.3.58': attribute type 39 has an invalid length. [ 89.127163][ T6061] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 89.262192][ T6061] XFS (loop0): Ending clean mount [ 89.861645][ T27] audit: type=1804 audit(1776202795.117:9): pid=6074 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.55" name="/newroot/14/file1/file1" dev="loop0" ino=6150 res=1 errno=0 [ 89.901443][ T6080] netlink: 28 bytes leftover after parsing attributes in process `syz.2.59'. [ 90.063287][ T5767] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 90.694663][ T6090] loop3: detected capacity change from 0 to 32768 [ 90.721344][ T6094] syzkaller0: entered promiscuous mode [ 90.746979][ T6090] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 90.751176][ T6094] syzkaller0: entered allmulticast mode [ 90.829807][ T6090] XFS (loop3): Ending clean mount [ 90.883508][ T6090] XFS (loop3): Quotacheck needed: Please wait. [ 90.975684][ T6090] XFS (loop3): Quotacheck: Done. [ 91.128853][ T5769] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 92.183640][ T6092] loop1: detected capacity change from 0 to 32768 [ 92.210418][ T6092] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 92.412728][ T6105] loop2: detected capacity change from 0 to 32768 [ 92.577356][ T6092] XFS (loop1): Ending clean mount [ 92.631032][ T6105] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 93.008198][ T5768] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 93.166318][ T6105] XFS (loop2): Ending clean mount [ 93.184094][ T6105] XFS (loop2): Quotacheck needed: Please wait. [ 93.278573][ T6105] XFS (loop2): Quotacheck: Done. [ 93.324557][ T27] audit: type=1800 audit(1776202798.587:10): pid=6105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.66" name="file1" dev="loop2" ino=6150 res=0 errno=0 [ 93.379623][ T27] audit: type=1800 audit(1776202798.587:11): pid=6105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.66" name="file1" dev="loop2" ino=6150 res=0 errno=0 [ 93.684650][ T5770] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 93.895172][ T6129] loop1: detected capacity change from 0 to 4096 [ 93.912845][ T6129] ntfs3: Unknown parameter 'ÿÿÿÿÿÿÿÿÿ' [ 95.113654][ T6129] loop1: detected capacity change from 0 to 40427 [ 95.155097][ T6129] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 95.214469][ T6129] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 95.282224][ T6129] F2FS-fs (loop1): invalid crc value [ 95.340804][ T6129] F2FS-fs (loop1): Found nat_bits in checkpoint [ 95.447004][ T6129] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 95.461909][ T6129] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 95.637851][ T6129] F2FS-fs (loop1): Stopped filesystem due to reason: 0 [ 96.342678][ T6135] netlink: 'syz.2.71': attribute type 39 has an invalid length. [ 96.764685][ T6155] netlink: 8 bytes leftover after parsing attributes in process `syz.3.75'. [ 97.038642][ T6144] loop1: detected capacity change from 0 to 32768 [ 97.121068][ T6144] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 97.334181][ T6144] XFS (loop1): Ending clean mount [ 97.548089][ T6151] loop2: detected capacity change from 0 to 32768 [ 97.658773][ T6178] syzkaller0: entered promiscuous mode [ 97.674650][ T6178] syzkaller0: entered allmulticast mode [ 97.682732][ T6151] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 97.933235][ T27] audit: type=1804 audit(1776202803.187:12): pid=6176 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.73" name="/newroot/14/file1/file1" dev="loop1" ino=6150 res=1 errno=0 [ 98.037668][ T6151] XFS (loop2): Ending clean mount [ 98.172770][ T5768] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 98.321743][ T5770] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 100.745499][ T6207] loop2: detected capacity change from 0 to 32768 [ 100.779031][ T6207] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 100.850978][ T6207] XFS (loop2): Ending clean mount [ 100.881033][ T6207] XFS (loop2): Quotacheck needed: Please wait. [ 101.105047][ T6207] XFS (loop2): Quotacheck: Done. [ 101.192436][ T5770] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 102.150092][ T6224] loop2: detected capacity change from 0 to 32768 [ 102.270145][ T6224] JBD2: Ignoring recovery information on journal [ 102.335564][ T6224] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 102.396877][ T6200] netlink: 'syz.1.86': attribute type 39 has an invalid length. [ 102.539900][ T5770] ocfs2: Unmounting device (7,2) on (node local) [ 102.861009][ T6235] netlink: 8 bytes leftover after parsing attributes in process `syz.1.93'. [ 104.063877][ T6252] netlink: 'syz.2.101': attribute type 39 has an invalid length. [ 104.360267][ T6256] syzkaller0: entered promiscuous mode [ 104.398301][ T6256] syzkaller0: entered allmulticast mode [ 104.706510][ T6247] loop0: detected capacity change from 0 to 32768 [ 104.906836][ T6254] loop3: detected capacity change from 0 to 32768 [ 104.958440][ T6247] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 105.110965][ T6247] XFS (loop0): Ending clean mount [ 105.118751][ T6254] JBD2: Ignoring recovery information on journal [ 105.151535][ T6247] XFS (loop0): Quotacheck needed: Please wait. [ 105.257738][ T6254] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 105.376804][ T6247] XFS (loop0): Quotacheck: Done. [ 105.530363][ T5767] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 105.585551][ T5769] ocfs2: Unmounting device (7,3) on (node local) [ 106.310421][ T6273] loop3: detected capacity change from 0 to 32768 [ 106.366358][ T6273] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 106.457659][ T6273] XFS (loop3): Ending clean mount [ 106.562939][ T6273] syz.3.105 (6273) used greatest stack depth: 19248 bytes left [ 106.576110][ T5769] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 107.506207][ T6287] loop0: detected capacity change from 0 to 32768 [ 107.526610][ T6287] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 107.572196][ T6287] XFS (loop0): Ending clean mount [ 107.600156][ T6287] XFS (loop0): Quotacheck needed: Please wait. [ 107.634093][ T6287] XFS (loop0): Quotacheck: Done. [ 107.647794][ T27] audit: type=1800 audit(1776202812.907:13): pid=6287 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.106" name="file1" dev="loop0" ino=6150 res=0 errno=0 [ 107.970751][ T5767] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 109.008600][ T6314] loop0: detected capacity change from 0 to 32768 [ 109.082702][ T6314] JBD2: Ignoring recovery information on journal [ 109.220595][ T6314] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 109.262908][ T6327] loop1: detected capacity change from 0 to 1024 [ 109.317856][ T6327] EXT4-fs (loop1): stripe (4) is not aligned with cluster size (4096), stripe is disabled [ 109.475454][ T6327] EXT4-fs error (device loop1): ext4_map_blocks:610: inode #3: block 2: comm syz.1.116: lblock 2 mapped to illegal pblock 2 (length 1) [ 109.546257][ T6327] Quota error (device loop1): qtree_write_dquot: dquota write failed [ 109.559241][ T5767] ocfs2: Unmounting device (7,0) on (node local) [ 109.566240][ T6327] EXT4-fs error (device loop1): ext4_map_blocks:610: inode #3: block 48: comm syz.1.116: lblock 0 mapped to illegal pblock 48 (length 1) [ 109.620847][ T6327] Quota error (device loop1): v2_write_file_info: Can't write info structure [ 109.647542][ T6327] EXT4-fs error (device loop1): ext4_acquire_dquot:6953: comm syz.1.116: Failed to acquire dquot type 0 [ 109.675179][ T6327] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5939: Corrupt filesystem [ 109.694534][ T6327] EXT4-fs error (device loop1): ext4_evict_inode:254: inode #11: comm syz.1.116: mark_inode_dirty error [ 109.723474][ T6327] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 109.753315][ T6327] EXT4-fs (loop1): 1 orphan inode deleted [ 109.773359][ T59] EXT4-fs error (device loop1): ext4_map_blocks:610: inode #3: block 1: comm kworker/u4:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 109.775235][ T6327] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 109.794786][ T59] Quota error (device loop1): remove_tree: Can't read quota data block 1 [ 109.831443][ T59] EXT4-fs error (device loop1): ext4_release_dquot:6989: comm kworker/u4:4: Failed to release dquot type 0 [ 110.050019][ T6326] loop2: detected capacity change from 0 to 32768 [ 110.066924][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.089426][ T5768] EXT4-fs error (device loop1): __ext4_get_inode_loc:4496: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 110.100620][ T6326] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 110.173457][ T5768] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5939: Corrupt filesystem [ 110.195931][ T5768] EXT4-fs error (device loop1): ext4_quota_off:7237: inode #3: comm syz-executor: mark_inode_dirty error [ 110.325070][ T6326] XFS (loop2): Ending clean mount [ 110.520880][ T5770] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 110.520952][ T6347] 9pnet_fd: Insufficient options for proto=fd [ 111.076622][ T6342] loop3: detected capacity change from 0 to 32768 [ 111.118960][ T6342] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.120 (6342) [ 111.193859][ T6355] syzkaller0: entered promiscuous mode [ 111.199906][ T6355] syzkaller0: entered allmulticast mode [ 111.211691][ T6342] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 111.254438][ T6342] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 111.319916][ T6342] BTRFS info (device loop3): force clearing of disk cache [ 111.403293][ T6342] BTRFS info (device loop3): metadata ratio 0 [ 111.469258][ T6342] BTRFS info (device loop3): enabling ssd optimizations [ 111.514996][ T6342] BTRFS info (device loop3): using spread ssd allocation scheme [ 111.566429][ T6342] BTRFS info (device loop3): using free space tree [ 111.723825][ T6342] BTRFS info (device loop3): auto enabling async discard [ 111.773297][ T6342] BTRFS info (device loop3): rebuilding free space tree [ 111.977609][ T5769] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 112.242310][ T6361] loop2: detected capacity change from 0 to 32768 [ 112.299124][ T6361] JBD2: Ignoring recovery information on journal [ 112.378981][ T6361] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 112.643453][ T5770] ocfs2: Unmounting device (7,2) on (node local) [ 113.568406][ T6386] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 113.730626][ T6394] 9pnet_fd: Insufficient options for proto=fd [ 114.058325][ T6392] loop1: detected capacity change from 0 to 32768 [ 114.102349][ T6392] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 114.326617][ T6392] XFS (loop1): Ending clean mount [ 114.526749][ T5768] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 114.534262][ T6396] loop2: detected capacity change from 0 to 32768 [ 114.619028][ T6396] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 114.726739][ T6396] XFS (loop2): Ending clean mount [ 114.790365][ T6396] XFS (loop2): Quotacheck needed: Please wait. [ 114.883928][ T6396] XFS (loop2): Quotacheck: Done. [ 114.924411][ T27] audit: type=1800 audit(1776202820.187:14): pid=6396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.131" name="file1" dev="loop2" ino=6150 res=0 errno=0 [ 115.272631][ T5770] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 115.708312][ T6421] loop1: detected capacity change from 0 to 32768 [ 115.718336][ T6421] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.134 (6421) [ 115.772768][ T6421] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 115.795379][ T6421] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 115.819838][ T6421] BTRFS info (device loop1): force clearing of disk cache [ 115.832606][ T6421] BTRFS info (device loop1): metadata ratio 0 [ 115.840167][ T6421] BTRFS info (device loop1): enabling ssd optimizations [ 115.855414][ T6421] BTRFS info (device loop1): using spread ssd allocation scheme [ 115.868519][ T6421] BTRFS info (device loop1): using free space tree [ 116.000697][ T6421] BTRFS info (device loop1): auto enabling async discard [ 116.022817][ T6421] BTRFS info (device loop1): rebuilding free space tree [ 116.227109][ T5768] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 117.202199][ T6459] loop3: detected capacity change from 0 to 32768 [ 117.214621][ T6459] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.137 (6459) [ 117.240811][ T6461] netlink: 'syz.2.140': attribute type 39 has an invalid length. [ 117.337685][ T6459] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 117.400366][ T6459] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 117.411031][ T6459] BTRFS info (device loop3): using free space tree [ 117.562453][ T6459] BTRFS info (device loop3): enabling ssd optimizations [ 117.595427][ T6459] BTRFS info (device loop3): auto enabling async discard [ 117.914700][ T5769] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 118.212376][ T6466] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 118.518693][ T6490] loop2: detected capacity change from 0 to 32768 [ 118.596185][ T6490] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 118.758467][ T6490] XFS (loop2): Ending clean mount [ 118.770943][ T6492] syzkaller0: entered promiscuous mode [ 118.781732][ T6490] XFS (loop2): Quotacheck needed: Please wait. [ 118.789940][ T6492] syzkaller0: entered allmulticast mode [ 118.798559][ T6507] netlink: 'syz.3.149': attribute type 39 has an invalid length. [ 118.919487][ T6490] XFS (loop2): Quotacheck: Done. [ 119.114303][ T5770] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 119.247361][ T6522] loop3: detected capacity change from 0 to 1024 [ 119.260614][ T6522] EXT4-fs (loop3): stripe (4) is not aligned with cluster size (4096), stripe is disabled [ 119.333211][ T6522] EXT4-fs error (device loop3): ext4_map_blocks:610: inode #3: block 2: comm syz.3.155: lblock 2 mapped to illegal pblock 2 (length 1) [ 119.357979][ T6522] Quota error (device loop3): qtree_write_dquot: dquota write failed [ 119.381620][ T6522] EXT4-fs error (device loop3): ext4_map_blocks:610: inode #3: block 48: comm syz.3.155: lblock 0 mapped to illegal pblock 48 (length 1) [ 119.430765][ T6522] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 119.446469][ T6522] EXT4-fs error (device loop3): ext4_acquire_dquot:6953: comm syz.3.155: Failed to acquire dquot type 0 [ 119.471980][ T6522] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5939: Corrupt filesystem [ 119.483602][ T6522] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.155: mark_inode_dirty error [ 119.519225][ T6522] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 119.544299][ T6522] EXT4-fs (loop3): 1 orphan inode deleted [ 119.560517][ T6522] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 119.573257][ T59] EXT4-fs error (device loop3): ext4_map_blocks:610: inode #3: block 1: comm kworker/u4:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 119.627503][ T59] Quota error (device loop3): remove_tree: Can't read quota data block 1 [ 119.647162][ T59] EXT4-fs error (device loop3): ext4_release_dquot:6989: comm kworker/u4:4: Failed to release dquot type 0 [ 119.688812][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.711054][ T5769] EXT4-fs error (device loop3): __ext4_get_inode_loc:4496: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 119.741802][ T5769] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5939: Corrupt filesystem [ 119.775151][ T5769] EXT4-fs error (device loop3): ext4_quota_off:7237: inode #3: comm syz-executor: mark_inode_dirty error [ 120.003920][ T6520] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 120.198531][ T6526] loop2: detected capacity change from 0 to 32768 [ 120.235751][ T6526] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 scanned by syz.2.153 (6526) [ 120.348667][ T6526] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 120.360245][ T6526] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 120.371228][ T6526] BTRFS info (device loop2): using free space tree [ 120.541820][ T6526] BTRFS info (device loop2): enabling ssd optimizations [ 120.571365][ T6526] BTRFS info (device loop2): auto enabling async discard [ 120.875789][ T5770] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 121.388077][ T6555] loop2: detected capacity change from 0 to 512 [ 121.439615][ T6555] EXT4-fs error (device loop2): ext4_orphan_get:1404: inode #15: comm syz.2.159: inode has both inline data and extents flags [ 121.463928][ T6555] EXT4-fs error (device loop2): ext4_orphan_get:1409: comm syz.2.159: couldn't read orphan inode 15 (err -117) [ 121.478190][ T6555] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.540977][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.054975][ T6558] loop2: detected capacity change from 0 to 32768 [ 122.108208][ T6558] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 122.190931][ T6558] XFS (loop2): Ending clean mount [ 122.465551][ T27] audit: type=1804 audit(1776202827.717:15): pid=6567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.160" name="/newroot/54/file1/file1" dev="loop2" ino=6150 res=1 errno=0 [ 122.694236][ T5770] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 123.341104][ T6576] netlink: 'syz.1.165': attribute type 39 has an invalid length. [ 123.719100][ T6587] loop1: detected capacity change from 0 to 128 [ 123.755614][ T6587] EXT4-fs: Ignoring removed i_version option [ 123.885852][ T6587] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a802c018, mo2=0003] [ 123.895048][ T6587] System zones: 1-3, 19-19, 35-36 [ 124.961380][ T6587] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 124.979555][ T6578] loop0: detected capacity change from 0 to 32768 [ 125.063245][ T6587] ext4 filesystem being mounted at /37/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 125.075703][ T6578] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.166 (6578) [ 125.364459][ T5768] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 125.573042][ C0] sched: RT throttling activated [ 125.602122][ T6578] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 125.683246][ T6578] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 125.740534][ T6578] BTRFS info (device loop0): using free space tree [ 126.093267][ T6578] BTRFS info (device loop0): enabling ssd optimizations [ 126.105714][ T6597] syzkaller0: entered promiscuous mode [ 126.111868][ T6597] syzkaller0: entered allmulticast mode [ 126.128711][ T6578] BTRFS info (device loop0): auto enabling async discard [ 126.200946][ T6593] loop2: detected capacity change from 0 to 32768 [ 126.317778][ T6593] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 126.359170][ T5767] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 126.464780][ T6593] XFS (loop2): Ending clean mount [ 126.507482][ T6593] XFS (loop2): Quotacheck needed: Please wait. [ 126.626964][ T6593] XFS (loop2): Quotacheck: Done. [ 126.721161][ T5760] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 10 /dev/loop0 scanned by udevd (5760) [ 126.923609][ T5770] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 129.313107][ T6633] netlink: 'syz.2.175': attribute type 39 has an invalid length. [ 129.538844][ T6643] loop3: detected capacity change from 0 to 512 [ 129.578501][ T6643] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 129.619516][ T6643] EXT4-fs (loop3): 1 truncate cleaned up [ 129.626657][ T6643] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.645422][ T6643] EXT4-fs (loop3): shut down requested (2) [ 129.697916][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.417937][ T6659] loop2: detected capacity change from 0 to 32768 [ 130.427512][ T6657] loop3: detected capacity change from 0 to 32768 [ 130.508311][ T6659] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 130.513390][ T6657] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 130.592538][ T6659] XFS (loop2): Ending clean mount [ 130.656060][ T6659] XFS (loop2): Quotacheck needed: Please wait. [ 130.768257][ T6657] XFS (loop3): Ending clean mount [ 130.772246][ T6659] XFS (loop2): Quotacheck: Done. [ 130.822840][ T27] audit: type=1800 audit(1776202836.077:16): pid=6659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.184" name="file1" dev="loop2" ino=6150 res=0 errno=0 [ 130.855035][ T6657] XFS (loop3): Quotacheck needed: Please wait. [ 131.066336][ T6657] XFS (loop3): Quotacheck: Done. [ 131.120564][ T5770] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 131.312620][ T5769] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 131.458088][ T6684] syzkaller0: entered promiscuous mode [ 131.471007][ T6684] syzkaller0: entered allmulticast mode [ 133.179508][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.195331][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.314762][ T6687] netlink: 'syz.3.188': attribute type 39 has an invalid length. [ 134.451369][ T6698] loop3: detected capacity change from 0 to 512 [ 134.507055][ T6698] EXT4-fs warning (device loop3): dx_probe:833: inode #2: comm syz.3.192: Unrecognised inode hash code 255 [ 134.538105][ T6698] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.192: Corrupt directory, running e2fsck is recommended [ 134.563884][ T6698] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 134.572379][ T6698] EXT4-fs error (device loop3): ext4_iget_extra_inode:4739: inode #15: comm syz.3.192: corrupted in-inode xattr: invalid ea_ino [ 134.597192][ T6698] EXT4-fs error (device loop3): ext4_orphan_get:1409: comm syz.3.192: couldn't read orphan inode 15 (err -117) [ 134.616148][ T6698] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.647973][ T6698] EXT4-fs error (device loop3): ext4_xattr_set_entry:1670: inode #2: comm syz.3.192: corrupted xattr entries [ 134.711012][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.109775][ T6705] loop0: detected capacity change from 0 to 32768 [ 135.133926][ T6705] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 135.254311][ T6705] XFS (loop0): Ending clean mount [ 135.296877][ T6705] XFS (loop0): Quotacheck needed: Please wait. [ 135.370189][ T6705] XFS (loop0): Quotacheck: Done. [ 135.413480][ T51] Bluetooth: hci4: command 0x1003 tx timeout [ 135.413730][ T5776] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 135.453928][ T27] audit: type=1800 audit(1776202840.717:17): pid=6705 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.195" name="file1" dev="loop0" ino=6150 res=0 errno=0 [ 135.522502][ T6725] netlink: 'syz.1.200': attribute type 39 has an invalid length. [ 135.551720][ T6723] loop2: detected capacity change from 0 to 128 [ 135.586909][ T6723] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 135.602062][ T6723] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 135.692585][ T5767] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 135.803102][ T59] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 135.898795][ T6728] syzkaller0: entered promiscuous mode [ 135.910530][ T6723] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 135.940045][ T6728] syzkaller0: entered allmulticast mode [ 138.496652][ T6731] netlink: 8 bytes leftover after parsing attributes in process `syz.0.202'. [ 139.045466][ T6746] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.054607][ T6746] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.268080][ T6751] loop0: detected capacity change from 0 to 32768 [ 139.379072][ T6751] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 139.446391][ T6751] XFS (loop0): Ending clean mount [ 139.463542][ T6751] XFS (loop0): Quotacheck needed: Please wait. [ 139.562557][ T6751] XFS (loop0): Quotacheck: Done. [ 139.628672][ T27] audit: type=1800 audit(1776202844.887:18): pid=6751 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.210" name="file1" dev="loop0" ino=6150 res=0 errno=0 [ 139.712083][ T6756] loop1: detected capacity change from 0 to 32768 [ 139.729655][ T6756] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.212 (6756) [ 139.790874][ T6756] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 139.795088][ T5767] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 139.802506][ T6756] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 139.832360][ T6756] BTRFS info (device loop1): force clearing of disk cache [ 139.842543][ T6756] BTRFS info (device loop1): metadata ratio 0 [ 139.860597][ T6756] BTRFS info (device loop1): enabling ssd optimizations [ 139.868425][ T6756] BTRFS info (device loop1): using spread ssd allocation scheme [ 139.878248][ T6756] BTRFS info (device loop1): using free space tree [ 139.997481][ T6756] BTRFS info (device loop1): auto enabling async discard [ 140.025529][ T6756] BTRFS info (device loop1): rebuilding free space tree [ 140.107332][ T6746] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 140.223366][ T6746] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 140.260951][ T5768] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 141.041727][ T6791] loop0: detected capacity change from 0 to 32768 [ 141.124263][ T6791] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 141.210627][ T6791] XFS (loop0): Ending clean mount [ 141.412491][ T6746] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.477565][ T6746] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.497554][ T6746] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.517807][ T6746] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.760468][ T27] audit: type=1804 audit(1776202847.017:19): pid=6802 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.217" name="/newroot/49/file1/file1" dev="loop0" ino=6150 res=1 errno=0 [ 141.853643][ T6749] netlink: 'syz.3.209': attribute type 39 has an invalid length. [ 142.169490][ T5767] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 142.178170][ T6806] syzkaller0: entered promiscuous mode [ 142.204182][ T6806] syzkaller0: entered allmulticast mode [ 142.251609][ T6812] tipc: Failed to remove unknown binding: 66,1,1/0:1094308170/1094308172 [ 142.262231][ T6812] tipc: Failed to remove unknown binding: 66,1,1/0:1094308170/1094308172 [ 143.015299][ T6814] loop1: detected capacity change from 0 to 32768 [ 143.036662][ T6814] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.223 (6814) [ 143.116004][ T6814] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 143.147731][ T6814] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 143.171722][ T6814] BTRFS info (device loop1): force clearing of disk cache [ 143.193160][ T6814] BTRFS info (device loop1): metadata ratio 0 [ 143.312490][ T6814] BTRFS info (device loop1): enabling ssd optimizations [ 143.319868][ T6814] BTRFS info (device loop1): using spread ssd allocation scheme [ 143.338854][ T6814] BTRFS info (device loop1): using free space tree [ 143.493158][ T6814] BTRFS info (device loop1): auto enabling async discard [ 143.536881][ T6814] BTRFS info (device loop1): rebuilding free space tree [ 143.753361][ T5768] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 145.600543][ T6825] netlink: 'syz.2.227': attribute type 39 has an invalid length. [ 146.088041][ T6867] loop0: detected capacity change from 0 to 128 [ 146.130369][ T6869] loop3: detected capacity change from 0 to 512 [ 146.142207][ T6870] netlink: 'syz.2.238': attribute type 39 has an invalid length. [ 146.254477][ T6869] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.301682][ T6869] ext4 filesystem being mounted at /53/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 146.604596][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.264505][ T6901] netlink: 'syz.1.248': attribute type 39 has an invalid length. [ 147.698053][ T6908] loop0: detected capacity change from 0 to 128 [ 148.115713][ T6912] syzkaller0: entered promiscuous mode [ 148.387226][ T6916] capability: warning: `syz.0.254' uses 32-bit capabilities (legacy support in use) [ 148.584496][ T6924] loop3: detected capacity change from 0 to 128 [ 148.592029][ T6924] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 148.647338][ T6924] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 148.777743][ T6928] netlink: 'syz.0.259': attribute type 39 has an invalid length. [ 148.847558][ T59] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 148.894172][ T5769] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 149.115108][ T6935] netlink: 12 bytes leftover after parsing attributes in process `syz.3.262'. [ 152.056035][ T6995] loop0: detected capacity change from 0 to 128 [ 152.176727][ T6995] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 152.259654][ T6995] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 152.301140][ T6980] loop3: detected capacity change from 0 to 32768 [ 152.413274][ T59] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 152.425625][ T5767] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 152.488312][ T6980] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 152.635802][ T6980] XFS (loop3): Ending clean mount [ 152.786873][ T27] audit: type=1804 audit(1776202858.037:20): pid=6980 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.279" name="/newroot/65/file1/file1" dev="loop3" ino=6150 res=1 errno=0 [ 152.962679][ T5769] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 153.621169][ T7024] syzkaller0: entered promiscuous mode [ 153.639648][ T7024] syzkaller0: entered allmulticast mode [ 154.733838][ T7033] loop0: detected capacity change from 0 to 32768 [ 154.780957][ T7033] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 154.900163][ T7033] XFS (loop0): Ending clean mount [ 154.990506][ T27] audit: type=1804 audit(1776202860.257:21): pid=7033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.296" name="/newroot/75/file1/file1" dev="loop0" ino=6150 res=1 errno=0 [ 155.147607][ T5767] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 155.792716][ T7081] loop3: detected capacity change from 0 to 512 [ 155.840113][ T7081] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 155.948742][ T7081] ext4 filesystem being mounted at /73/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 156.197396][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.366156][ T7096] netlink: 8 bytes leftover after parsing attributes in process `syz.2.313'. [ 156.388036][ T7100] loop3: detected capacity change from 0 to 1764 [ 157.235873][ T7123] netlink: 28 bytes leftover after parsing attributes in process `syz.0.324'. [ 157.263514][ T7123] netlink: 28 bytes leftover after parsing attributes in process `syz.0.324'. [ 157.297941][ T7123] syzkaller0: entered promiscuous mode [ 157.307362][ T7123] syzkaller0: entered allmulticast mode [ 158.303392][ T23] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 158.355708][ T23] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 159.214094][ T7164] netlink: 28 bytes leftover after parsing attributes in process `syz.3.337'. [ 159.243395][ T7164] netlink: 28 bytes leftover after parsing attributes in process `syz.3.337'. [ 159.265064][ T7164] syzkaller0: entered promiscuous mode [ 159.271633][ T7164] syzkaller0: entered allmulticast mode [ 159.677063][ T7172] netlink: 'syz.3.342': attribute type 39 has an invalid length. [ 160.403551][ T7190] netlink: 'syz.2.345': attribute type 39 has an invalid length. [ 160.522484][ T7194] netlink: 28 bytes leftover after parsing attributes in process `syz.3.350'. [ 160.543202][ T7194] netlink: 28 bytes leftover after parsing attributes in process `syz.3.350'. [ 160.578414][ T7194] syzkaller0: entered promiscuous mode [ 160.593143][ T7194] syzkaller0: entered allmulticast mode [ 161.079170][ T7205] loop3: detected capacity change from 0 to 764 [ 161.084795][ T7203] IPv6: NLM_F_CREATE should be specified when creating new route [ 162.180037][ T7232] loop0: detected capacity change from 0 to 512 [ 162.229873][ T7232] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 162.308708][ T7232] ext4 filesystem being mounted at /92/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 162.529537][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.644034][ T7242] netlink: 'syz.1.365': attribute type 39 has an invalid length. [ 163.036968][ T7257] bond0: entered allmulticast mode [ 163.042150][ T7257] bond_slave_0: entered allmulticast mode [ 163.087273][ T7257] bond_slave_1: entered allmulticast mode [ 163.438567][ T7255] loop0: detected capacity change from 0 to 32768 [ 163.512277][ T7255] JBD2: Ignoring recovery information on journal [ 163.657208][ T7274] loop3: detected capacity change from 0 to 128 [ 163.658195][ T7255] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 163.708702][ T7274] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 163.737152][ T7274] ext4 filesystem being mounted at /91/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 163.799843][ T27] audit: type=1800 audit(1776202869.057:22): pid=7255 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.371" name="file1" dev="loop0" ino=17058 res=0 errno=0 [ 163.993756][ T5767] ocfs2: Unmounting device (7,0) on (node local) [ 164.092071][ T7286] netlink: 12 bytes leftover after parsing attributes in process `syz.0.382'. [ 164.116541][ T5769] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 165.447349][ T7314] netlink: 16 bytes leftover after parsing attributes in process `syz.0.393'. [ 165.469107][ T7301] loop3: detected capacity change from 0 to 32768 [ 165.524022][ T7301] JBD2: Ignoring recovery information on journal [ 165.664277][ T7301] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 165.873826][ T27] audit: type=1800 audit(1776202871.137:23): pid=7301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.390" name="file1" dev="loop3" ino=17058 res=0 errno=0 [ 166.062729][ T5769] ocfs2: Unmounting device (7,3) on (node local) [ 167.251186][ T7362] netlink: 'syz.0.408': attribute type 39 has an invalid length. [ 168.106239][ T7384] netlink: 16 bytes leftover after parsing attributes in process `syz.2.414'. [ 168.236238][ T7388] netlink: 'syz.0.418': attribute type 39 has an invalid length. [ 169.224951][ T7414] netlink: 28 bytes leftover after parsing attributes in process `syz.1.427'. [ 169.406701][ T7418] netlink: 'syz.1.428': attribute type 39 has an invalid length. [ 169.410893][ T7422] loop3: detected capacity change from 0 to 512 [ 169.482651][ T7401] loop0: detected capacity change from 0 to 32768 [ 169.515099][ T7422] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 169.536040][ T7422] ext4 filesystem being mounted at /102/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 169.641910][ T7401] JBD2: Ignoring recovery information on journal [ 169.660211][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.797447][ T7401] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 169.852336][ T27] audit: type=1800 audit(1776202875.107:24): pid=7401 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.422" name="file1" dev="loop0" ino=17058 res=0 errno=0 [ 169.969843][ T5767] ocfs2: Unmounting device (7,0) on (node local) [ 170.081510][ T7446] loop3: detected capacity change from 0 to 128 [ 170.125479][ T7446] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 170.162976][ T7446] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 170.292789][ T11] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 170.331874][ T7446] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 170.432872][ T7458] netlink: 'syz.0.437': attribute type 39 has an invalid length. [ 170.754928][ T7471] netlink: 4 bytes leftover after parsing attributes in process `syz.3.446'. [ 170.847484][ T7481] loop3: detected capacity change from 0 to 128 [ 170.864041][ T7481] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 170.894768][ T7481] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 171.060976][ T2976] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 171.112583][ T7481] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 171.243615][ T7491] netlink: 76 bytes leftover after parsing attributes in process `syz.3.451'. [ 171.264481][ T11] wlan0: Trigger new scan to find an IBSS to join [ 171.582765][ T7507] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 171.853787][ T7512] netlink: 'syz.2.457': attribute type 39 has an invalid length. [ 172.757389][ T7541] syzkaller0: entered promiscuous mode [ 173.366993][ T7555] loop3: detected capacity change from 0 to 128 [ 173.381387][ T7555] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1) [ 173.728355][ T7561] netlink: 1472 bytes leftover after parsing attributes in process `syz.3.477'. [ 173.803071][ T27] audit: type=1107 audit(1776202879.057:25): pid=7560 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 174.140740][ T7571] syzkaller0: entered promiscuous mode [ 174.342885][ T7580] netlink: 8 bytes leftover after parsing attributes in process `syz.2.482'. [ 174.452641][ T7566] syz.3.477 (7566) used greatest stack depth: 17936 bytes left [ 174.523341][ T7568] syz.3.477 (7568) used greatest stack depth: 17608 bytes left [ 174.820805][ T7601] netlink: 'syz.3.490': attribute type 39 has an invalid length. [ 175.054404][ T7603] loop0: detected capacity change from 0 to 512 [ 175.130836][ T7603] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 175.254026][ T7603] IPv6: NLM_F_CREATE should be specified when creating new route [ 175.291571][ T7603] IPv6: NLM_F_REPLACE set, but no existing node found! [ 175.324089][ T7607] EXT4-fs (loop0): resizing filesystem from 64 to 27 blocks [ 175.359527][ T7617] netlink: 'syz.3.493': attribute type 4 has an invalid length. [ 175.359623][ T7607] EXT4-fs warning (device loop0): ext4_resize_fs:2048: can't shrink FS - resize aborted [ 175.494710][ T7618] netlink: 'syz.3.493': attribute type 4 has an invalid length. [ 175.549488][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.704960][ T7631] netlink: 1472 bytes leftover after parsing attributes in process `syz.0.497'. [ 175.756604][ T27] audit: type=1107 audit(1776202881.017:26): pid=7629 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 175.861020][ T7640] syzkaller0: entered promiscuous mode [ 176.214348][ T2976] wlan0: Trigger new scan to find an IBSS to join [ 176.341405][ T7658] netlink: 8 bytes leftover after parsing attributes in process `syz.2.507'. [ 177.317169][ T7676] loop3: detected capacity change from 0 to 512 [ 177.348403][ T7676] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.361508][ T7676] ext4 filesystem being mounted at /127/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 177.436123][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.455518][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 177.494953][ T7679] syzkaller0: entered promiscuous mode [ 177.513075][ T7683] netlink: 8 bytes leftover after parsing attributes in process `syz.2.519'. [ 177.683315][ T7685] netlink: 'syz.3.520': attribute type 39 has an invalid length. [ 178.339646][ T7706] netlink: 8 bytes leftover after parsing attributes in process `syz.2.528'. [ 181.026516][ T7762] netlink: 76 bytes leftover after parsing attributes in process `syz.0.543'. [ 181.375434][ T7771] IPv6: NLM_F_CREATE should be specified when creating new route [ 181.414707][ T7771] IPv6: NLM_F_REPLACE set, but no existing node found! [ 181.647806][ T7784] loop3: detected capacity change from 0 to 512 [ 181.694804][ T7784] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.550: invalid indirect mapped block 256 (level 2) [ 181.716373][ T7784] EXT4-fs (loop3): 2 truncates cleaned up [ 181.722979][ T7784] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 181.748803][ T7788] netlink: 'syz.1.549': attribute type 39 has an invalid length. [ 181.835600][ T27] audit: type=1800 audit(1776202887.077:27): pid=7784 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.550" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 181.964436][ T1128] [ 181.966818][ T1128] ====================================================== [ 181.973924][ T1128] WARNING: possible circular locking dependency detected [ 181.981025][ T1128] syzkaller #0 Not tainted [ 181.985424][ T1128] ------------------------------------------------------ [ 181.992688][ T1128] kworker/u4:5/1128 is trying to acquire lock: [ 181.998928][ T1128] ffff88805efde4c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_destroy_inline_data+0x28/0xe0 [ 182.009249][ T1128] [ 182.009249][ T1128] but task is already holding lock: [ 182.017084][ T1128] ffff888026372c58 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x1a4/0x350 [ 182.027748][ T1128] [ 182.027748][ T1128] which lock already depends on the new lock. [ 182.027748][ T1128] [ 182.038317][ T1128] [ 182.038317][ T1128] the existing dependency chain (in reverse order) is: [ 182.047314][ T1128] [ 182.047314][ T1128] -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 182.056262][ T1128] percpu_down_read+0x44/0x1a0 [ 182.061723][ T1128] ext4_writepages+0x1a4/0x350 [ 182.067178][ T1128] do_writepages+0x3b3/0x630 [ 182.072460][ T1128] __writeback_single_inode+0x153/0xec0 [ 182.078796][ T1128] writeback_single_inode+0x21f/0x760 [ 182.084765][ T1128] write_inode_now+0x183/0x210 [ 182.090042][ T1128] iput+0x5ae/0x920 [ 182.094355][ T1128] ext4_xattr_block_set+0x249e/0x32b0 [ 182.100863][ T1128] ext4_expand_extra_isize_ea+0x12c5/0x1e80 [ 182.107392][ T1128] __ext4_expand_extra_isize+0x306/0x400 [ 182.113634][ T1128] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 182.119606][ T1128] ext4_evict_inode+0x7f3/0xea0 [ 182.125053][ T1128] evict+0x4ca/0x8d0 [ 182.129459][ T1128] ext4_orphan_cleanup+0xbec/0x1420 [ 182.135273][ T1128] ext4_fill_super+0x5eea/0x67b0 [ 182.140725][ T1128] get_tree_bdev+0x3f3/0x520 [ 182.146171][ T1128] vfs_get_tree+0x8c/0x280 [ 182.151184][ T1128] do_new_mount+0x24b/0xa40 [ 182.156197][ T1128] __se_sys_mount+0x2e7/0x3d0 [ 182.161421][ T1128] do_syscall_64+0x55/0xa0 [ 182.166459][ T1128] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 182.174063][ T1128] [ 182.174063][ T1128] -> #0 (&ei->xattr_sem){++++}-{3:3}: [ 182.181938][ T1128] __lock_acquire+0x2df1/0x7d40 [ 182.187345][ T1128] lock_acquire+0x19e/0x420 [ 182.192383][ T1128] down_write+0x97/0x200 [ 182.197229][ T1128] ext4_destroy_inline_data+0x28/0xe0 [ 182.203132][ T1128] ext4_do_writepages+0x4f0/0x3990 [ 182.208790][ T1128] ext4_writepages+0x1dd/0x350 [ 182.214215][ T1128] do_writepages+0x3b3/0x630 [ 182.219976][ T1128] __writeback_single_inode+0x153/0xec0 [ 182.226169][ T1128] writeback_sb_inodes+0x7cd/0xf50 [ 182.231903][ T1128] wb_writeback+0x46a/0xbf0 [ 182.237441][ T1128] wb_workfn+0x400/0xe60 [ 182.242221][ T1128] process_scheduled_works+0xa5d/0x15d0 [ 182.248294][ T1128] worker_thread+0xa55/0xfc0 [ 182.253419][ T1128] kthread+0x2fa/0x390 [ 182.258290][ T1128] ret_from_fork+0x48/0x80 [ 182.263440][ T1128] ret_from_fork_asm+0x11/0x20 [ 182.268722][ T1128] [ 182.268722][ T1128] other info that might help us debug this: [ 182.268722][ T1128] [ 182.279054][ T1128] Possible unsafe locking scenario: [ 182.279054][ T1128] [ 182.286677][ T1128] CPU0 CPU1 [ 182.292133][ T1128] ---- ---- [ 182.297503][ T1128] rlock(&sbi->s_writepages_rwsem); [ 182.302820][ T1128] lock(&ei->xattr_sem); [ 182.309690][ T1128] lock(&sbi->s_writepages_rwsem); [ 182.317422][ T1128] lock(&ei->xattr_sem); [ 182.321772][ T1128] [ 182.321772][ T1128] *** DEADLOCK *** [ 182.321772][ T1128] [ 182.329922][ T1128] 3 locks held by kworker/u4:5/1128: [ 182.335200][ T1128] #0: ffff88801ce43938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 182.346520][ T1128] #1: ffffc9000492fd00 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 182.358964][ T1128] #2: ffff888026372c58 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x1a4/0x350 [ 182.369790][ T1128] [ 182.369790][ T1128] stack backtrace: [ 182.375695][ T1128] CPU: 1 PID: 1128 Comm: kworker/u4:5 Not tainted syzkaller #0 [ 182.383236][ T1128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 182.393566][ T1128] Workqueue: writeback wb_workfn (flush-7:3) [ 182.399649][ T1128] Call Trace: [ 182.403025][ T1128] [ 182.406107][ T1128] dump_stack_lvl+0x18c/0x250 [ 182.411305][ T1128] ? load_image+0x420/0x420 [ 182.415897][ T1128] ? show_regs_print_info+0x20/0x20 [ 182.421924][ T1128] ? print_circular_bug+0x12b/0x1a0 [ 182.427354][ T1128] check_noncircular+0x2fc/0x400 [ 182.432317][ T1128] ? print_deadlock_bug+0x5d0/0x5d0 [ 182.437660][ T1128] ? lockdep_lock+0xf5/0x230 [ 182.442260][ T1128] ? _find_first_zero_bit+0xd3/0x100 [ 182.447541][ T1128] __lock_acquire+0x2df1/0x7d40 [ 182.452417][ T1128] ? __read_once_word_nocheck+0x9/0x10 [ 182.458002][ T1128] ? verify_lock_unused+0x140/0x140 [ 182.463197][ T1128] ? __read_once_word_nocheck+0x9/0x10 [ 182.468661][ T1128] ? deref_stack_reg+0x1bd/0x240 [ 182.473591][ T1128] ? __read_once_word_nocheck+0x9/0x10 [ 182.479035][ T1128] ? deref_stack_reg+0x1bd/0x240 [ 182.483961][ T1128] ? __read_once_word_nocheck+0x9/0x10 [ 182.489414][ T1128] ? deref_stack_reg+0x1bd/0x240 [ 182.494343][ T1128] lock_acquire+0x19e/0x420 [ 182.498839][ T1128] ? ext4_destroy_inline_data+0x28/0xe0 [ 182.504400][ T1128] ? __might_sleep+0xe0/0xe0 [ 182.508977][ T1128] ? read_lock_is_recursive+0x20/0x20 [ 182.514440][ T1128] ? __might_sleep+0xe0/0xe0 [ 182.519109][ T1128] ? register_lock_class+0xc4/0x8a0 [ 182.524301][ T1128] down_write+0x97/0x200 [ 182.528542][ T1128] ? ext4_destroy_inline_data+0x28/0xe0 [ 182.534078][ T1128] ? down_read_killable+0x340/0x340 [ 182.539270][ T1128] ? ext4_journal_check_start+0x178/0x250 [ 182.545000][ T1128] ext4_destroy_inline_data+0x28/0xe0 [ 182.550378][ T1128] ext4_do_writepages+0x4f0/0x3990 [ 182.555507][ T1128] ? verify_lock_unused+0x140/0x140 [ 182.560720][ T1128] ? __lock_acquire+0x1347/0x7d40 [ 182.565923][ T1128] ? ext4_normal_submit_inode_data_buffers+0x240/0x240 [ 182.573019][ T1128] ? rcu_read_lock_any_held+0xb4/0x140 [ 182.578623][ T1128] ? __lock_acquire+0x1347/0x7d40 [ 182.583657][ T1128] ext4_writepages+0x1dd/0x350 [ 182.588422][ T1128] ? ext4_read_folio+0x2f0/0x2f0 [ 182.593357][ T1128] ? __rwlock_init+0x150/0x150 [ 182.598651][ T1128] ? do_raw_spin_unlock+0x121/0x230 [ 182.603853][ T1128] ? ext4_read_folio+0x2f0/0x2f0 [ 182.608875][ T1128] do_writepages+0x3b3/0x630 [ 182.613474][ T1128] ? folio_clear_dirty_for_io+0xc30/0xc30 [ 182.619199][ T1128] ? writeback_sb_inodes+0x4b0/0xf50 [ 182.624481][ T1128] ? __lock_acquire+0x7d40/0x7d40 [ 182.629603][ T1128] ? do_raw_spin_lock+0x11f/0x2c0 [ 182.634724][ T1128] __writeback_single_inode+0x153/0xec0 [ 182.640276][ T1128] writeback_sb_inodes+0x7cd/0xf50 [ 182.645558][ T1128] ? move_expired_inodes+0x321/0x730 [ 182.650929][ T1128] ? queue_io+0x550/0x550 [ 182.655270][ T1128] ? rcu_is_watching+0x15/0xb0 [ 182.660031][ T1128] wb_writeback+0x46a/0xbf0 [ 182.664530][ T1128] ? queue_io+0x341/0x550 [ 182.668889][ T1128] ? percpu_ref_tryget+0x250/0x250 [ 182.673992][ T1128] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 182.679974][ T1128] ? _raw_spin_unlock_irq+0x23/0x50 [ 182.685354][ T1128] wb_workfn+0x400/0xe60 [ 182.689592][ T1128] ? try_to_wake_up+0x70a/0x1190 [ 182.694613][ T1128] ? inode_wait_for_writeback+0x230/0x230 [ 182.700334][ T1128] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 182.706432][ T1128] ? read_lock_is_recursive+0x20/0x20 [ 182.711914][ T1128] ? _raw_spin_unlock_irq+0x23/0x50 [ 182.717170][ T1128] ? process_scheduled_works+0x96f/0x15d0 [ 182.722891][ T1128] ? process_scheduled_works+0x96f/0x15d0 [ 182.728727][ T1128] process_scheduled_works+0xa5d/0x15d0 [ 182.734389][ T1128] ? worker_attach_to_pool+0x380/0x380 [ 182.739860][ T1128] ? assign_work+0x3d2/0x5d0 [ 182.744465][ T1128] worker_thread+0xa55/0xfc0 [ 182.749077][ T1128] kthread+0x2fa/0x390 [ 182.753230][ T1128] ? pr_cont_work+0x560/0x560 [ 182.757900][ T1128] ? kthread_blkcg+0xd0/0xd0 [ 182.762498][ T1128] ret_from_fork+0x48/0x80 [ 182.767269][ T1128] ? kthread_blkcg+0xd0/0xd0 [ 182.771866][ T1128] ret_from_fork_asm+0x11/0x20 [ 182.776760][ T1128] [ 182.797594][ T7794] netlink: 'syz.0.553': attribute type 39 has an invalid length. [ 182.810431][ T1128] EXT4-fs error (device loop3): ext4_validate_block_bitmap:430: comm kworker/u4:5: bg 0: block 5: invalid block bitmap [ 182.824069][ T1128] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 182.844598][ T1128] EXT4-fs (loop3): This should not happen!! Data will be lost [ 182.844598][ T1128] [ 182.871040][ T1128] EXT4-fs (loop3): Total free blocks count 0 [ 182.877365][ T1128] EXT4-fs (loop3): Free/Dirty block details [ 182.884932][ T1128] EXT4-fs (loop3): free_blocks=0 [ 182.890024][ T1128] EXT4-fs (loop3): dirty_blocks=2 [ 182.895485][ T1128] EXT4-fs (loop3): Block reservation details [ 182.901516][ T1128] EXT4-fs (loop3): i_reserved_data_blocks=2 [ 182.915732][ T1128] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 1 with error 28 [ 191.576677][ T5774] Bluetooth: hci1: command 0x0406 tx timeout [ 191.576694][ T5779] Bluetooth: hci0: command 0x0406 tx timeout [ 191.576702][ T5777] Bluetooth: hci3: command 0x0406 tx timeout [ 191.593070][ T5781] Bluetooth: hci2: command 0x0406 tx timeout