last executing test programs: 17.23452905s ago: executing program 3 (id=3222): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 16.967083223s ago: executing program 3 (id=3223): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) 16.362773933s ago: executing program 3 (id=3226): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) socketpair(0x18, 0x0, 0x2, 0x0) socket$kcm(0x21, 0x2, 0x2) syz_read_part_table(0x5e6, &(0x7f0000001100)="$eJzs3D1oW1cYBuBPsVWVZPCSKXRIM4RSuiR0jChpkJSEBIwSLyWUBBJCiCYFCgoVTUmGRENCNBh38+IatPhnsqrBk40LnY3p4GLw4KEt9mLwYhWpp4VCbSiWKaXPg+Dw3ftK7zlIq27wn3Yifu3mupmI6Ob64z8y1ioUr50dvVy+HZGJOxHx+TcffNu7k0mJ/qdGxLk0r6d5avJk59XO1Wzrx1u75+8uNf4sftZ/xanp9tggzsfxmskvjzx/US29ruUfrZXqmy9Xf7g5u10ot280mnPXs1fup9xK+oKH0/wkavE0Hse9qMTX8SCqA+qfaG1c2D9Tai08vLRX7LxZvNhPDR39oIf093+w8W668vazZr371fzp8Y9r331f3krVldyxbQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAHKxvLI8xfV0uta/tFaqb75cvXnm7PbhXL7RqM5dz175X7KraR1OK1PohZP43Hci0pU4kFUD64YPqx/Jv/X/onWxoX9M6XWwsNLe8XOm8WLKTea1tp7Rzzwwf3dXv8X77/9pFn/9KP50+O92+Wtod9zldzfvfudwW4GAAAAAAAAAAAAAAAAAACA/61C8drZ0cvl2xGZuBMRH/7y5Yne9W76v3sm5c6ldT0X3ZGImJo82Xm1czUbcWv3/N2lxk8p/ywyMRQRp6bbY390HPoAAP5VvwUAAP//lyOMuQ==") 16.209651695s ago: executing program 3 (id=3228): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1900000004000000080000"], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000001800), &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="00631dda01aef2456795dd9b26209f1c0f624854ea3dd5a00bd6df44035f5c3ae796fec6d633a0ffad0569794acfef7da01767fd4175f2cd82df769aa2ee7bfe3640554507d2e660c9f9e222a72e1e3e71145c480657d2864e5e276f028d64701ae31cde0ceaf408fdb05c0f4142da00e900000100000149e6d308cbe315789f4baffe39bbced9b1d421d2e290e9fc563b62225f002ee310e1fa7321000000000000d6231001a4b2d467825f3abb0c167e129cf1fa0e7854103f4bf2d3a0194983bc86cbd3d75ccef3c8ac4516dac102"], 0x4, 0x26d, &(0x7f00000005c0)="$eJzs281OE18Yx/EfL/8/CMJUURSM8YludDOBegUNgcTYRIPU+JKYDDLVpkNLOg2mxgg7t14HcenOxHgDbLwCF+7YuGRhHMNMLS2UqAuZaL+fzXnI4deck+dMcxadnXuvV8vF0C16dfX3mQalTe1KGfVrQIm+5tgf1/+r3aauTeQ/Xbxz/8HNXD4/v2i2kFu6njWz8Uvvn714c/lDffTu2/F3Q9rOPNr5kv28Pbk9tfNt6WkptFJolWrdPFuuVuvecuDbSiksu2a3A98LfStVQr/WMV8MqmtrDfMqK2MjazU/DM2rNKzsN6xetXqtYd4Tr1Qx13VtbET4mcLW4qKXS3sV+LNqtZw3J2n60ExhK5UFAQCAVHH/72Xc/3vB3v3/YfP57cT9HwAAAAAAAAAAAAAAAAAAAACAv8FuFDlRFDk/xv+k+A2fqPn3CUkjkkYlnZQ0JmlckiMpI+mUpNOSJiSdkXRW0qSkc5LOS5pq+6y094rDjur/AP3vCTz/vY3+97a2F3eHpdVX64X1QjIm87miSgrka0aOvsa9bErqhRv5+RmLZXRhdaOZ31gvDHTmZ+XsHZhu+dkkb535ofjctfJZOXsHrFs+2zU/rKtX2vKuHH18rKoCrcRncj//ctZs7lb+QH46/r9/nWstXfvnukfNJ/lfOB/RTNf+DGp6MN29Qwobz8teEPg1CgoKilaR9jcTjsN+09NeCQAAAAAAAAAAAAAAAADgdxzHzwnT3iMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd9DwAA//+TC2AL") ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000280)={0x0, 0x0, 0x7fffffff, 0x400}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r2 = getpid() syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000080), 0x1, 0x7a5, &(0x7f0000000f80)="$eJzs3c9rXNUeAPDvnfxq0r6XPHjwXl0FBA2UTkyNrYKLigsRLBR0bRsm01AzyZTMpDQh0BYR3AgqLgTddO2PunPrj63+Fy6kpWparLiQkTuZSSbNTJq0mZlgPh+4uefcc2/O+c65P87MvcwEcGCNpn8yEUcj4v0kYri2PImIvmqqN+L02nr3V1dy6ZREpfL6r0l1nXurK7lo2CZ1uJb5f0R8907EsczWektLy7NThUJ+oZYfL89dGi8tLR+/ODc1k5/Jz5+cmJw8ceq5Uyf3Ltbff1w+cvuDV57+8vSfb//v5nvfJ3E6jtTKGuPYK6MxWntN+tKXcJOX97qyLku63QAeSXpo9qwd5XE0hqOnmmphsJMtAwDa5WpEVACAAyZx/QeAA6b+OcC91ZVcferuJxKddeeliDi0Fn/9/uZaSW/tnt2h6n3QoXvJpjsjSUSM7EH9oxHx6ddvfp5O0ab7kADNXLseEedHRree/5Mtzyzs1jPbFVYGqrPRBxY7/0HnfJOOf55vNv7LrI9/osn4Z6DJsfsoHn78Z27tQTUtpeO/FxuebbvfEH/NSE8t96/qmK8vuXCxkE/Pbf+OiLHoG0jzE9VVmz8FNXb3r7ut6m8c//324VufpfWn8401Mrd6BzZvMz1VnnrcuOvuXI94ordZ/Ml6/yctxr9nd1jHqy+8+0mrsjT+NN76tDX+9qrciHiqaf9v9GWy7fOJ49XdYby+UzTx1U8fD7Wqf6P/B6rztP76e4FOSPt/aPv4R5LG5zVLu6/jhxvD37Yqa9z/m8fffP/vT96opvtry65MlcsLExH9yWtbl5/Y2Laer6+fxj/2ZPPjv9X+n6k9G3t+Pbe93tu/fFH7V03jr7rWKv72SuOf3lX/b5Oo1LZ5oOjm/dmeVvXvrP8nq6mx2pKdnP8e0tLH2JsBAAAAAAAAAAAAAAAAAAAAAAAAYPcyEXEkkkx2PZ3JZLNrv+H93xjKFIql8rELxcX56aj+VvZI9GXqX3U53PB9qBO178Ov5088kH82Iv4TER8NDFbz2VyxMN3t4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5vDm3/+/ms6y2bWynwe63ToAoG0OdbsBAEDHuf4DwMGzu+v/YNvaAQB0zq7f/1eS9jQEAOiYHV//z7e3HQBA57j/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJudPXMmnSp/rK7k0vz05aXF2eLl49P50mx2bjGXzRUXLmVnisWZQj6bK861/EfX1maFYvHSZMwvXhkv50vl8dLS8rm54uJ8+dzFuamZ/Ll8X8ciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICdKy0tz04VCvkFiW0Tg/ujGfsm0Rv7ohn/+ER/12pvPEsMdu8EBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDP/R0AAP//aHclQg==") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x24020000) umount2(&(0x7f0000000040)='.\x00', 0x2) close_range(r1, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)}, 0x20) 15.83508499s ago: executing program 3 (id=3231): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_add_memb(r0, 0x107, 0x1, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000c80)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000340)=""/212, 0xd4}, {&(0x7f0000000200)=""/46, 0x2e}, {&(0x7f0000000240)=""/116, 0x74}, {&(0x7f0000000440)=""/2, 0x2}, {&(0x7f0000001040)=""/4096, 0x1000}], 0x5}, 0x8}, {{&(0x7f0000000580)=@in, 0x80, &(0x7f0000000ac0)=[{&(0x7f0000000480)}, {&(0x7f0000000600)=""/205, 0xcd}, {&(0x7f0000000700)=""/57, 0x39}, {&(0x7f0000000880)=""/169, 0xa9}, {&(0x7f0000000740)=""/22, 0x16}, {&(0x7f0000000940)=""/194, 0xc2}, {&(0x7f0000000a40)=""/83, 0x53}], 0x7, &(0x7f0000000780)=""/50, 0x32}, 0x9}, {{&(0x7f0000000b40)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000bc0)=""/132, 0x84}, {&(0x7f0000002040)=""/4096, 0x1000}], 0x2}, 0x3}], 0x3, 0x40000040, &(0x7f0000000d40)={0x0, 0x989680}) socket$can_raw(0x1d, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) accept4$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, &(0x7f00000000c0)=0x6e, 0x800) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r2 = add_key$keyring(&(0x7f0000003040), &(0x7f0000003080)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff9) add_key(&(0x7f0000000480)='cifs.idmap\x00', &(0x7f0000000d80)={'syz', 0x1}, &(0x7f0000000dc0), 0x0, r2) writev(r1, &(0x7f0000000840)=[{0x0}], 0x1) syz_usbip_server_init(0x1) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="f38a7e00"], 0x8) syz_open_pts(0xffffffffffffffff, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r4, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r4, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10) sendmmsg$inet(r4, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000240)="6744775eeb43b101515f6b6a20b15cd1283141e9dc84eb238064547d4b8c74e0eaa12f871a047def5cbe0b989994c8305cfcdc0b79eda345d7127451f8", 0x3d}], 0x1}}], 0x1, 0x20008000) setsockopt$inet_tcp_TLS_TX(r4, 0x6, 0x1, &(0x7f0000000080)=@ccm_128={{0x303}, "f1a0f9fff9e440b4", "881aae83544dfa6412f91b9057e3f415", "9dca43b6", "9ecb592c6ee49fbd"}, 0x28) close_range(r3, 0xffffffffffffffff, 0x0) r5 = syz_init_net_socket$llc(0x1a, 0x800, 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./bus\x00', 0x4490, &(0x7f0000000100)={[{@utf8no}, {@utf8no}, {@fat=@codepage={'codepage', 0x3d, '866'}}, {@utf8no}, {@utf8no}, {@numtail}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@fat=@flush}, {@iocharset={'iocharset', 0x3d, 'iso8859-14'}}]}, 0x1, 0x216, &(0x7f0000000e00)="$eJzs3bFqU1EYB/CvttVSkHQQiiJ4xcUpNBX3FKkgBhQlg04Wm6IksWAg0A6tTr6EvoKOroKDuPoCIkgVXOzWQYjUGxtb0jZS01vM77fkg3v+95zvEnLIkJN7Z+vV+cXGwvr6WoyNDcVIMYqxMRQTcSyGI/UkAID/yUarFd9bqazXAgAcDvs/AAyeHvf/m4e4JACgz3z/B4DBc/vO3eszpdLsrSQZi6g/a5ab5fQ1vT6zEA+jFpWYilz8iGhtSeur10qzU8mmLxNRrq+286vN8vD2fCFyMdE9X0hS2/OjMd7OfxyPSkxHLk51z093zR+Pixf+mD8fufhwPxajFvOxme3kVwpJcuVGaUf+xK9xAAAAAAAAAAAAAAAAAAAAAADQD/lkS9fze/L53a6n+d7PB9p5Ps9InBnJtncAAAAAAAAAAAAAAAAAAAA4KhpLy9W5Wq3yeK/i0fuXb/cb02Mx1J73oPc5eHHy/Ofnu495+jfP598Wb85l+Vh6LN6tPTh9qTF5+aisZ2m5OrrXW+tbLqJPs7/KtPffXe87ePJFce71yqevvd45gw8jAAAAAAAAAAAAAAAAAAAYcJ0f/Wa9EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADITuf///tXZN0jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8DAAA///UmKDH") bind$llc(r5, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x4, 0x81, 0x42, @link_local}, 0x10) connect$llc(r5, 0x0, 0x0) 2.813531676s ago: executing program 0 (id=3303): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) 2.627055749s ago: executing program 0 (id=3304): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x2, 0x2000000, @loopback, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f00000000c0)="04", 0x1, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @rand_addr, 0xfffffffc}, 0x1c) recvmsg(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000380)=""/121, 0x79}], 0x1}, 0x40000112) 2.485452801s ago: executing program 2 (id=3306): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000000)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="580000001000010400004000fedbdf2501f80000", @ANYRES32=0x0, @ANYBLOB="01020400000000002800128008000100736974001c00028008000200c6120001060008001900000005000a00fd000000080004000100010008000a00fa"], 0x58}}, 0x0) 2.285021853s ago: executing program 2 (id=3307): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1) 2.191116514s ago: executing program 2 (id=3308): set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, 0x0, 0x0) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e20, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 2.039786706s ago: executing program 1 (id=3309): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/anycast6\x00') r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000200)={0xf60e, 0x2, {0x3, 0x1, 0xe409, 0x2, 0x2}, 0xffff}) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) write$nci(r1, 0x0, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) 2.039284806s ago: executing program 2 (id=3310): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x56) connect$inet(r1, &(0x7f0000000380)={0x2, 0x4e25, @dev={0xac, 0x14, 0x14, 0x3e}}, 0x10) sendmmsg(r1, &(0x7f0000006140)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="65c6d96326a838047976a77611d4c4ecc94b3585c42786716ad7c93fd3a228e9a1cd93801f5b4033ea9ae2b561f18c2893aba2af73f86ac4a65917672e186b297cada86c7b329c4831efa7228c040c757e6ce437d7853ac2cca9605a2e18bf6553fac161511f4483dc8b5294583cc78cd79fb68fb57bd8697ac1639517070e92cd2d36932b0e26cf8fdd87e817f08f7d", 0x90}, {&(0x7f00000002c0)="b16b5d1ddcad4b5eedb9593060ada4a1778939f40388ef540871ce291c1010f3310edf7028093cf8709632cad4866d5e448d5385c80db3518564b1194247acfb3b463ee97c794123a991311e51e1790748a23c3301974b905bbd18b3e54cb3cc90c180fba7461df205130349d430083d2c66828f43a4f66e274175218e8e3f", 0x7f}], 0x2}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000002880)="13d0dc432d3d3391fafe26160c215d30a476f4ac80d634079b6b579bb04ade2653f8c0f6b1a55451ddad18f6d9a81e8bc2121377f7a87a5e076ea2c1e4b0094d472684241faf30ebff5e58a61ba1c2ce470b99036209", 0x56}], 0x1}}], 0x2, 0x4000) 1.909676818s ago: executing program 1 (id=3312): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x90, 0x10, 0x401, 0x4000, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x49108}, [@IFLA_LINKINFO={0x70, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x60, 0x2, 0x0, 0x1, [@IFLA_VLAN_INGRESS_QOS={0x4}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0xc, 0x11}}, @IFLA_VLAN_INGRESS_QOS={0x4c, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x5, 0xe265}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x48, 0xef8}}, @IFLA_VLAN_QOS_MAPPING={0xc}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xf03b, 0x15}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x2, 0x8}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x48, 0x81}}]}]}}}]}, 0x90}}, 0x0) 1.73970818s ago: executing program 4 (id=3314): munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0xc90}, [@printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1, 0x5, 0x2, 0xffff, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth0_macvtap\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x200, {0x0, 0x0, 0x0, r2, {0xfff2}, {}, {0x9}}}, 0x24}}, 0x0) 1.7112743s ago: executing program 0 (id=3315): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(0x0, r2) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x1c, r3, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x8004) write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="414601"], 0x4) 1.6997491s ago: executing program 1 (id=3316): ioperm(0x2, 0x1, 0x9) mbind(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x5, 0x0, 0x7e, 0x2) 1.69907483s ago: executing program 2 (id=3317): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) llistxattr(0x0, 0x0, 0x0) 1.490852363s ago: executing program 1 (id=3318): socket$inet6_tcp(0xa, 0x1, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000300)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') r3 = socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) bind$packet(r3, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x14) preadv(r2, &(0x7f0000000000)=[{&(0x7f0000000340)=""/187, 0xbb}], 0x1, 0x33, 0xf5) 1.461854872s ago: executing program 0 (id=3319): set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, 0x0, 0x0) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e20, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 1.435240602s ago: executing program 2 (id=3320): add_key$user(&(0x7f0000000200), &(0x7f00000001c0)={'syz', 0x2}, &(0x7f0000000540)="8d", 0x1, 0xfffffffffffffffe) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) dup(0xffffffffffffffff) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x400010, @void, @value}, 0x94) syz_usb_connect(0x0, 0x1cb, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) r4 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f0000000040)={0x1d, r5, 0x2, {0x2, 0xff, 0x2}, 0xfe}, 0x18) syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r4) socket$nl_route(0x10, 0x3, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x8080}, 0x10) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r3, {}, {0x6}, {0x0, 0xa}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 1.370336832s ago: executing program 0 (id=3321): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/anycast6\x00') r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000200)={0xf60e, 0x2, {0x3, 0x1, 0xe409, 0x2, 0x2}, 0xffff}) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x1c}}, 0x0) write$nci(r1, 0x0, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) 1.255077223s ago: executing program 1 (id=3322): bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB], 0x50) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]}) shmget$private(0x0, 0x1000, 0x8, &(0x7f0000000000/0x1000)=nil) 1.200900654s ago: executing program 1 (id=3323): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) unshare(0x64000600) 979.394327ms ago: executing program 0 (id=3324): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x2, 0x2000000, @loopback, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f00000000c0)="04", 0x1, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @rand_addr, 0xfffffffc}, 0x1c) recvmsg(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000380)=""/121, 0x79}], 0x1}, 0x40000112) 418.850585ms ago: executing program 4 (id=3325): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x90, 0x10, 0x401, 0x4000, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x49108}, [@IFLA_LINKINFO={0x70, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x60, 0x2, 0x0, 0x1, [@IFLA_VLAN_INGRESS_QOS={0x4}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0xc, 0x11}}, @IFLA_VLAN_INGRESS_QOS={0x4c, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x5, 0xe265}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x48, 0xef8}}, @IFLA_VLAN_QOS_MAPPING={0xc}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xf03b, 0x15}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x2, 0x8}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x48, 0x81}}]}]}}}]}, 0x90}}, 0x0) 175.795527ms ago: executing program 4 (id=3326): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x10) r2 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab190c092d077ce70590fbbd4f8bf4d6ab1cea6dbe9d4a54c17aac0db6e3845", 0x118) 153.400977ms ago: executing program 3 (id=3235): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) clock_settime(0x0, &(0x7f0000000040)={0x77359400}) 67.070059ms ago: executing program 4 (id=3327): syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="646f74732c646f74732c646f74732c636865636b3d72656c617865642c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030302c6e6f646f74732c646f74732c6e6f646f74732c6e6f646f74732c636865636b3d7374726963742c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030312c646f74732c646f74732c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030312c6e6f646f74732c646f74732c666d61736b3d30303030303030303030303030303030303030303030322c6e6f646f74732c646f74732c666c7573682c6e6f646f74732c636865636b3d6e6f726d616c2c0079c7cebee7a0df8765ffc536c4e752679b645307d1bf097e07b8e261bb27d1bb80ee490fc501e4f230ddf1483b11ac5c39a93cfc3ba360037c79a9be063a3bf5015e3d6a8cad0e98ccb29619c51c44ec612fc7ff44fa8cf7759eada764c43ba9d602a958bd209ace3df01c3dae04baa94aedc5515da8160ae0"], 0xfd, 0x1bf, &(0x7f0000000300)="$eJzs3TGL02AYB/Cn9bzmnG4TRCHg4nSon+BEThADgtJBJ4XT5SqCt0SX9mP4Af0A0qmLRGrSxkaHWmxS6++39En/edvnHZp26ZNXN99dnL+/fPvl+udIkl70T+M0Zr04jn4sTAIA2CezooivRanrXgCAdqzx/f+t5ZYAgC17/uLlkwdZdvYsTZOI6SQf5sPyscwfPc7O7qY/HNerpnk+vLLM76XN3w7z/Gpcq/L75fp0NT+MO7fLfJ49fJo18kGcb3frAAAAAAAAAAAAAAAAAAAAAADQmVuRLvx2vs/JSTM/qvLy6Kf5QI35PQdx46A6rMcDFeM2NgUAAAAAAAAAAAAAAAAAAAD/mMuPny5ej0ZvPtTFICJWn/mTole98IbL2y76sRNtKP5qke5GG6MNPwWHEbGtxmZFUax1cn2NGHR1cQIAAAAAAAAAAAAAAAAAgP9M/affX7Oki4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAP1/f83KMYRscbJyzc76nSrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7LHvAQAA///DgjXa") bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) mount$nfs(&(0x7f0000000100)='.5.', 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0) readv(r0, 0x0, 0x0) 51.550629ms ago: executing program 4 (id=3328): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(0x0, r2) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x1c, r3, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x8004) write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="414601"], 0x4) 0s ago: executing program 4 (id=3329): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000046c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x8000000, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x3, 0x0, 0x0, 0x0, 0xc0000020}, {0x3, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x7, 0x10, 0x2000000}}]}}]}, 0x58}}, 0x0) kernel console output (not intermixed with test programs): ter parsing attributes in process `syz.2.2586'. [ 722.841352][T12771] device bond1 left promiscuous mode [ 722.979398][T12777] loop3: detected capacity change from 0 to 128 [ 723.037696][T12777] FAT-fs (loop3): Directory bread(block 162) failed [ 723.057392][T12777] FAT-fs (loop3): Directory bread(block 163) failed [ 723.087666][T12777] FAT-fs (loop3): Directory bread(block 164) failed [ 723.109665][T12777] FAT-fs (loop3): Directory bread(block 165) failed [ 723.135529][T12777] FAT-fs (loop3): Directory bread(block 166) failed [ 723.152438][T12777] FAT-fs (loop3): Directory bread(block 167) failed [ 723.178135][T12777] FAT-fs (loop3): Directory bread(block 168) failed [ 723.203162][T12777] FAT-fs (loop3): Directory bread(block 169) failed [ 723.240687][T12785] loop4: detected capacity change from 0 to 512 [ 723.276572][T12785] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.2591: casefold flag without casefold feature [ 723.319756][T12785] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.2591: couldn't read orphan inode 15 (err -117) [ 723.350049][T12785] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 723.949772][ T4347] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 724.106276][T12794] netlink: 'syz.3.2594': attribute type 21 has an invalid length. [ 724.174233][ T4347] usb 5-1: config 1 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 169, changing to 11 [ 724.238538][ T4347] usb 5-1: config 1 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 724.248613][T12794] netlink: 'syz.3.2594': attribute type 13 has an invalid length. [ 724.257879][T12794] __nla_validate_parse: 1 callbacks suppressed [ 724.257892][T12794] netlink: 14540 bytes leftover after parsing attributes in process `syz.3.2594'. [ 724.282032][T12796] loop2: detected capacity change from 0 to 512 [ 724.290910][T12796] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 724.327532][ T4347] usb 5-1: config 1 interface 0 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 724.341876][T12796] EXT4-fs (loop2): 1 truncate cleaned up [ 724.347535][T12796] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 724.437584][ T4347] usb 5-1: config 1 interface 0 has no altsetting 0 [ 724.528136][ T4347] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 724.559775][T12807] loop3: detected capacity change from 0 to 2048 [ 724.566670][ T4347] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 724.566909][T12807] EXT4-fs: Ignoring removed i_version option [ 724.655221][T12815] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 724.661761][T12815] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 724.671068][T12815] vhci_hcd vhci_hcd.0: Device attached [ 724.716110][T12816] vhci_hcd: connection closed [ 724.716426][ T4349] vhci_hcd: stop threads [ 724.737224][ T4347] usb 5-1: Product: ᕨ臭滹ꨜ㱂敳ꓞ鵡嗵엚穈獜᥉惾ꃋ怙峬ښ偬딠珋㰸㵯移鞣ꦠ僝嬱퐴꟡⯜悩畷Ꮜኮ笘彑ﳰ禖昍극ૻ䶾諎쯴좷噵햳ꆛ嬁镼ꃺ圐鋵麙睪⯱䆱䤭譙㑨씞剹よ萦䱢譁愳퉩걪 [ 724.743682][ T4349] vhci_hcd: release socket [ 724.770086][T12807] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 724.778799][T12807] ext4 filesystem being mounted at /496/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 724.779509][ T4347] usb 5-1: SerialNumber: syz [ 724.793439][ T4349] vhci_hcd: disconnect device [ 724.816658][T12792] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 724.823930][T12792] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 724.965768][ T4263] EXT4-fs (loop3): unmounting filesystem. [ 725.512674][T12837] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2607'. [ 725.677154][T12842] netlink: 'syz.1.2609': attribute type 4 has an invalid length. [ 725.695414][T12842] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.2609'. [ 725.803259][T12845] loop0: detected capacity change from 0 to 512 [ 725.824436][T12845] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 725.846949][T12845] EXT4-fs (loop0): 1 truncate cleaned up [ 725.855713][T12845] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 725.941461][ T4252] EXT4-fs (loop0): unmounting filesystem. [ 726.089341][T12854] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2612'. [ 726.277685][T12863] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2614'. [ 726.325728][ T4347] usb 5-1: bad CDC descriptors [ 726.350564][ T4347] usb 5-1: USB disconnect, device number 22 [ 726.357925][ T4256] EXT4-fs (loop4): unmounting filesystem. [ 727.027015][T12885] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2625'. [ 727.184420][T12891] loop4: detected capacity change from 0 to 512 [ 727.256234][T12891] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.2628: casefold flag without casefold feature [ 727.278587][T12891] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.2628: couldn't read orphan inode 15 (err -117) [ 727.296279][T12891] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 727.326044][T12901] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2627'. [ 727.374089][T12900] loop0: detected capacity change from 0 to 2048 [ 727.394585][T12900] EXT4-fs: Ignoring removed i_version option [ 727.538017][ T4250] EXT4-fs (loop2): unmounting filesystem. [ 727.545936][T12900] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 727.567457][T12900] ext4 filesystem being mounted at /509/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 727.919585][ T5817] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 728.125550][ T5817] usb 5-1: config 1 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 169, changing to 11 [ 728.180311][ T5817] usb 5-1: config 1 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 728.213191][ T5817] usb 5-1: config 1 interface 0 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 728.280243][ T5817] usb 5-1: config 1 interface 0 has no altsetting 0 [ 728.294631][ T5817] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 728.310190][ T5817] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 728.334327][ T5817] usb 5-1: Product: ᕨ臭滹ꨜ㱂敳ꓞ鵡嗵엚穈獜᥉惾ꃋ怙峬ښ偬딠珋㰸㵯移鞣ꦠ僝嬱퐴꟡⯜悩畷Ꮜኮ笘彑ﳰ禖昍극ૻ䶾諎쯴좷噵햳ꆛ嬁镼ꃺ圐鋵麙睪⯱䆱䤭譙㑨씞剹よ萦䱢譁愳퉩걪 [ 728.363533][ T5817] usb 5-1: SerialNumber: syz [ 728.384092][T12905] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 728.391566][T12905] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 728.414202][ T4252] EXT4-fs (loop0): unmounting filesystem. [ 728.666240][T12923] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2637'. [ 728.687156][T12923] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2637'. [ 728.716013][T12926] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2638'. [ 729.068977][T12942] loop2: detected capacity change from 0 to 512 [ 729.097030][T12942] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 729.189225][T12942] EXT4-fs (loop2): 1 truncate cleaned up [ 729.203030][T12942] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 729.262538][ T4250] EXT4-fs (loop2): unmounting filesystem. [ 729.612609][T12955] loop2: detected capacity change from 0 to 1024 [ 729.620492][T12955] EXT4-fs: Ignoring removed oldalloc option [ 729.651440][T12955] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 729.677379][ T27] audit: type=1804 audit(1746490208.957:640): pid=12955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2648" name="/newroot/515/file1/file1" dev="loop2" ino=15 res=1 errno=0 [ 729.732908][ T4250] EXT4-fs (loop2): unmounting filesystem. [ 729.832542][T12961] __nla_validate_parse: 1 callbacks suppressed [ 729.832581][T12961] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2650'. [ 729.881367][T12961] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2650'. [ 729.886492][T12963] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2651'. [ 730.114659][T12970] netlink: 47 bytes leftover after parsing attributes in process `syz.0.2654'. [ 730.296299][ T4256] EXT4-fs (loop4): unmounting filesystem. [ 730.301008][ T5817] usb 5-1: bad CDC descriptors [ 730.313599][ T5817] usb 5-1: USB disconnect, device number 23 [ 730.494064][T12977] lo speed is unknown, defaulting to 1000 [ 730.854392][T12995] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2662'. [ 731.349256][T12991] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2660'. [ 731.409374][T12999] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2662'. [ 731.525331][T13001] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2663'. [ 731.534563][T12999] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2662'. [ 731.563507][T13001] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2663'. [ 731.957460][T13011] loop2: detected capacity change from 0 to 512 [ 731.994593][T13011] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.2667: casefold flag without casefold feature [ 732.020009][T13011] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.2667: couldn't read orphan inode 15 (err -117) [ 732.067415][T13011] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 732.729585][ T7] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 732.973260][ T7] usb 3-1: config 1 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 169, changing to 11 [ 733.003305][ T7] usb 3-1: config 1 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 733.037534][ T7] usb 3-1: config 1 interface 0 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 733.087715][ T7] usb 3-1: config 1 interface 0 has no altsetting 0 [ 733.144343][ T7] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 733.198260][ T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 733.241827][ T7] usb 3-1: Product: ᕨ臭滹ꨜ㱂敳ꓞ鵡嗵엚穈獜᥉惾ꃋ怙峬ښ偬딠珋㰸㵯移鞣ꦠ僝嬱퐴꟡⯜悩畷Ꮜኮ笘彑ﳰ禖昍극ૻ䶾諎쯴좷噵햳ꆛ嬁镼ꃺ圐鋵麙睪⯱䆱䤭譙㑨씞剹よ萦䱢譁愳퉩걪 [ 733.290662][ T7] usb 3-1: SerialNumber: syz [ 733.302859][T13019] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 733.310216][T13019] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 733.476413][T13041] loop3: detected capacity change from 0 to 512 [ 733.560822][T13041] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 733.579604][T13041] ext4 filesystem being mounted at /511/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 734.328556][ T4263] EXT4-fs (loop3): unmounting filesystem. [ 734.547714][T13057] loop3: detected capacity change from 0 to 512 [ 734.577692][T13057] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 734.584119][T13061] loop0: detected capacity change from 0 to 512 [ 734.607214][T13057] EXT4-fs (loop3): 1 truncate cleaned up [ 734.614963][T13057] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 734.656381][T13061] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 734.821071][ T4263] EXT4-fs (loop3): unmounting filesystem. [ 735.026455][ T7] usb 3-1: bad CDC descriptors [ 735.052382][ T4250] EXT4-fs (loop2): unmounting filesystem. [ 735.772347][T13069] loop3: detected capacity change from 0 to 128 [ 735.813722][ T7] usb 3-1: USB disconnect, device number 19 [ 735.845387][T13064] lo speed is unknown, defaulting to 1000 [ 736.149631][ T27] audit: type=1326 audit(1746490215.427:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13077 comm="syz.0.2686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c0258e969 code=0x7ffc0000 [ 736.188691][ T27] audit: type=1326 audit(1746490215.427:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13077 comm="syz.0.2686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c0258e969 code=0x7ffc0000 [ 736.213333][ T27] audit: type=1326 audit(1746490215.467:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13077 comm="syz.0.2686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0c0258e969 code=0x7ffc0000 [ 736.238732][ T27] audit: type=1326 audit(1746490215.467:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13077 comm="syz.0.2686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c0258e969 code=0x7ffc0000 [ 736.389327][T13086] __nla_validate_parse: 5 callbacks suppressed [ 736.389341][T13086] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2689'. [ 736.417710][ T27] audit: type=1326 audit(1746490215.467:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13077 comm="syz.0.2686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c0258e969 code=0x7ffc0000 [ 736.476708][T13086] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2689'. [ 736.749207][ T27] audit: type=1326 audit(1746490215.467:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13077 comm="syz.0.2686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0c0258e969 code=0x7ffc0000 [ 737.057195][ T27] audit: type=1326 audit(1746490215.467:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13077 comm="syz.0.2686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c0258e969 code=0x7ffc0000 [ 737.079774][ T27] audit: type=1326 audit(1746490215.467:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13077 comm="syz.0.2686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c0258e969 code=0x7ffc0000 [ 737.102284][ T27] audit: type=1326 audit(1746490215.467:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13077 comm="syz.0.2686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0c0258e969 code=0x7ffc0000 [ 737.109411][T13090] lo speed is unknown, defaulting to 1000 [ 737.124734][ T27] audit: type=1326 audit(1746490215.467:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13077 comm="syz.0.2686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c0258e969 code=0x7ffc0000 [ 737.780973][T13111] syz.1.2699[13111] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 737.781079][T13111] syz.1.2699[13111] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 737.896748][T13115] syz.4.2701[13115] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 737.953504][T13115] syz.4.2701[13115] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 738.037861][T13119] loop0: detected capacity change from 0 to 1024 [ 738.130647][T13119] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 738.205340][T13126] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2704'. [ 738.364472][ T4252] EXT4-fs (loop0): unmounting filesystem. [ 738.874488][T13142] lo speed is unknown, defaulting to 1000 [ 739.199779][T13148] loop4: detected capacity change from 0 to 512 [ 739.254982][T13148] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 739.501703][T13152] loop2: detected capacity change from 0 to 164 [ 739.579427][T13148] EXT4-fs (loop4): 1 truncate cleaned up [ 739.586260][T13148] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 739.619159][T13152] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 741.006207][T13174] syz.0.2724[13174] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 741.006301][T13174] syz.0.2724[13174] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 741.932846][T13180] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 742.465320][T13199] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2723'. [ 742.649052][T13205] netlink: 47 bytes leftover after parsing attributes in process `syz.1.2731'. [ 742.673656][T13205] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2731'. [ 743.785593][T13213] netlink: 'syz.2.2734': attribute type 1 has an invalid length. [ 743.841019][T13213] device bond2 entered promiscuous mode [ 743.862125][T13213] 8021q: adding VLAN 0 to HW filter on device bond2 [ 743.885541][T13215] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2734'. [ 743.913130][ T4256] EXT4-fs (loop4): unmounting filesystem. [ 743.925223][T13213] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2734'. [ 743.937217][T13213] device bond2 left promiscuous mode [ 744.084481][T13222] loop0: detected capacity change from 0 to 256 [ 744.133632][T13222] FAT-fs (loop0): Directory bread(block 64) failed [ 744.150790][T13222] FAT-fs (loop0): Directory bread(block 65) failed [ 744.171184][T13222] FAT-fs (loop0): Directory bread(block 66) failed [ 744.204678][T13222] FAT-fs (loop0): Directory bread(block 67) failed [ 744.233772][T13222] FAT-fs (loop0): Directory bread(block 68) failed [ 744.264816][T13222] FAT-fs (loop0): Directory bread(block 69) failed [ 744.324152][T13222] FAT-fs (loop0): Directory bread(block 70) failed [ 744.342523][T13222] FAT-fs (loop0): Directory bread(block 71) failed [ 744.355703][T13222] FAT-fs (loop0): Directory bread(block 72) failed [ 744.379612][T13222] FAT-fs (loop0): Directory bread(block 73) failed [ 744.571089][T13229] IPv4: Oversized IP packet from 127.202.26.0 [ 744.850707][T13233] lo speed is unknown, defaulting to 1000 [ 745.776478][T13240] loop2: detected capacity change from 0 to 512 [ 745.816568][T13240] EXT4-fs (loop2): VFS: Can't find ext4 filesystem [ 746.841629][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 746.847919][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 746.912868][T13252] loop2: detected capacity change from 0 to 512 [ 746.964872][T13252] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 747.033089][T13252] EXT4-fs (loop2): 1 truncate cleaned up [ 747.046357][T13252] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 747.174821][ T4250] EXT4-fs (loop2): unmounting filesystem. [ 747.318295][T13263] netlink: 47 bytes leftover after parsing attributes in process `syz.2.2750'. [ 747.782236][T13274] loop4: detected capacity change from 0 to 256 [ 747.872159][T13274] FAT-fs (loop4): Directory bread(block 64) failed [ 748.075293][T13274] FAT-fs (loop4): Directory bread(block 65) failed [ 748.089639][T13274] FAT-fs (loop4): Directory bread(block 66) failed [ 748.096182][T13274] FAT-fs (loop4): Directory bread(block 67) failed [ 748.141870][T13274] FAT-fs (loop4): Directory bread(block 68) failed [ 748.291895][T13281] lo speed is unknown, defaulting to 1000 [ 748.869604][T13274] FAT-fs (loop4): Directory bread(block 69) failed [ 748.876381][T13274] FAT-fs (loop4): Directory bread(block 70) failed [ 748.909531][T13274] FAT-fs (loop4): Directory bread(block 71) failed [ 748.916137][T13274] FAT-fs (loop4): Directory bread(block 72) failed [ 748.922078][T13286] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2756'. [ 748.950958][T13274] FAT-fs (loop4): Directory bread(block 73) failed [ 748.986151][T13288] loop0: detected capacity change from 0 to 512 [ 749.173607][T13288] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 750.753295][T13320] loop0: detected capacity change from 0 to 2048 [ 750.823168][T13320] EXT4-fs: Ignoring removed i_version option [ 750.983608][T13320] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 751.025979][T13320] ext4 filesystem being mounted at /547/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 751.862473][ T4252] EXT4-fs (loop0): unmounting filesystem. [ 752.555064][T13365] loop2: detected capacity change from 0 to 128 [ 752.696362][T13369] netlink: 47 bytes leftover after parsing attributes in process `syz.4.2785'. [ 752.786116][T13371] loop2: detected capacity change from 0 to 256 [ 752.932727][T13371] FAT-fs (loop2): Directory bread(block 64) failed [ 752.946773][T13371] FAT-fs (loop2): Directory bread(block 65) failed [ 752.960707][T13371] FAT-fs (loop2): Directory bread(block 66) failed [ 752.983232][T13371] FAT-fs (loop2): Directory bread(block 67) failed [ 752.994054][T13371] FAT-fs (loop2): Directory bread(block 68) failed [ 753.011059][T13371] FAT-fs (loop2): Directory bread(block 69) failed [ 753.027818][T13371] FAT-fs (loop2): Directory bread(block 70) failed [ 753.044760][T13371] FAT-fs (loop2): Directory bread(block 71) failed [ 753.082927][T13371] FAT-fs (loop2): Directory bread(block 72) failed [ 753.099900][T13371] FAT-fs (loop2): Directory bread(block 73) failed [ 753.295415][T13384] syz.3.2791[13384] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 753.295506][T13384] syz.3.2791[13384] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 754.022804][T13395] netlink: 47 bytes leftover after parsing attributes in process `syz.0.2799'. [ 754.116184][T13391] lo speed is unknown, defaulting to 1000 [ 754.384839][T13403] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2800'. [ 754.675823][ T48] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 754.684913][ T48] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 754.693665][ T48] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 754.705156][ T48] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 754.713013][ T48] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 754.720407][ T48] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 754.782887][T13407] lo speed is unknown, defaulting to 1000 [ 754.917877][T13418] lo speed is unknown, defaulting to 1000 [ 755.271270][T13422] loop0: detected capacity change from 0 to 256 [ 755.353150][T13422] FAT-fs (loop0): Directory bread(block 64) failed [ 755.362904][T13422] FAT-fs (loop0): Directory bread(block 65) failed [ 755.385009][T13422] FAT-fs (loop0): Directory bread(block 66) failed [ 755.408750][T13422] FAT-fs (loop0): Directory bread(block 67) failed [ 755.425555][T13422] FAT-fs (loop0): Directory bread(block 68) failed [ 755.435598][T13422] FAT-fs (loop0): Directory bread(block 69) failed [ 755.455843][T13422] FAT-fs (loop0): Directory bread(block 70) failed [ 755.471204][T13422] FAT-fs (loop0): Directory bread(block 71) failed [ 755.477968][T13422] FAT-fs (loop0): Directory bread(block 72) failed [ 755.484722][T13422] FAT-fs (loop0): Directory bread(block 73) failed [ 755.577632][T13435] loop2: detected capacity change from 0 to 1024 [ 755.613515][T13435] EXT4-fs: Ignoring removed orlov option [ 755.642738][T13407] chnl_net:caif_netlink_parms(): no params data found [ 755.666267][T13435] EXT4-fs: Ignoring removed nomblk_io_submit option [ 757.109613][ T48] Bluetooth: hci1: command 0x0409 tx timeout [ 757.243104][T13435] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 757.450001][T13407] bridge0: port 1(bridge_slave_0) entered blocking state [ 757.457121][T13407] bridge0: port 1(bridge_slave_0) entered disabled state [ 757.480101][ T4250] EXT4-fs (loop2): unmounting filesystem. [ 757.867380][T13407] device bridge_slave_0 entered promiscuous mode [ 758.043614][T13407] bridge0: port 2(bridge_slave_1) entered blocking state [ 758.053165][T13407] bridge0: port 2(bridge_slave_1) entered disabled state [ 758.891077][T13407] device bridge_slave_1 entered promiscuous mode [ 758.938543][T13471] lo speed is unknown, defaulting to 1000 [ 759.006512][T13473] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2818'. [ 759.112729][T13407] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 759.131537][T13481] loop4: detected capacity change from 0 to 256 [ 759.159852][ T48] Bluetooth: hci1: command 0x041b tx timeout [ 759.178082][T13407] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 759.185531][T13481] FAT-fs (loop4): Directory bread(block 64) failed [ 759.199963][T13481] FAT-fs (loop4): Directory bread(block 65) failed [ 759.206640][T13481] FAT-fs (loop4): Directory bread(block 66) failed [ 759.217786][T13481] FAT-fs (loop4): Directory bread(block 67) failed [ 759.224651][T13481] FAT-fs (loop4): Directory bread(block 68) failed [ 759.231253][T13481] FAT-fs (loop4): Directory bread(block 69) failed [ 759.237911][T13481] FAT-fs (loop4): Directory bread(block 70) failed [ 759.245194][T13481] FAT-fs (loop4): Directory bread(block 71) failed [ 759.257709][T13481] FAT-fs (loop4): Directory bread(block 72) failed [ 759.268488][T13481] FAT-fs (loop4): Directory bread(block 73) failed [ 759.453217][T13407] team0: Port device team_slave_0 added [ 759.494121][T13407] team0: Port device team_slave_1 added [ 760.843414][T13490] loop0: detected capacity change from 0 to 512 [ 760.861375][T13490] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 761.144282][T13490] EXT4-fs (loop0): 1 truncate cleaned up [ 761.150273][T13490] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 761.240736][ T48] Bluetooth: hci1: command 0x040f tx timeout [ 762.545834][ T4252] EXT4-fs (loop0): unmounting filesystem. [ 762.580596][T13407] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 762.588097][T13407] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 762.614070][T13407] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 762.784018][T13407] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 762.798013][T13407] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 762.827804][T13407] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 763.014855][T13531] loop2: detected capacity change from 0 to 512 [ 763.024262][T13531] EXT4-fs: Ignoring removed oldalloc option [ 763.038595][T13531] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 763.221617][T13531] EXT4-fs error (device loop2): ext4_xattr_inode_iget:400: comm syz.2.2832: Parent and EA inode have the same ino 15 [ 763.239825][T13531] EXT4-fs error (device loop2): ext4_xattr_inode_iget:400: comm syz.2.2832: Parent and EA inode have the same ino 15 [ 763.260050][T13531] EXT4-fs (loop2): 1 orphan inode deleted [ 763.265894][T13531] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 763.339606][ T48] Bluetooth: hci1: command 0x0419 tx timeout [ 763.629606][T13407] device hsr_slave_0 entered promiscuous mode [ 763.675965][T13407] device hsr_slave_1 entered promiscuous mode [ 763.730741][T13407] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 763.773530][T13407] Cannot create hsr debugfs directory [ 763.884533][T13542] loop4: detected capacity change from 0 to 256 [ 764.013424][T13542] FAT-fs (loop4): Directory bread(block 64) failed [ 764.028901][T13542] FAT-fs (loop4): Directory bread(block 65) failed [ 764.042817][T13542] FAT-fs (loop4): Directory bread(block 66) failed [ 764.050830][T13542] FAT-fs (loop4): Directory bread(block 67) failed [ 764.057552][T13542] FAT-fs (loop4): Directory bread(block 68) failed [ 764.066940][T13542] FAT-fs (loop4): Directory bread(block 69) failed [ 764.103587][T13542] FAT-fs (loop4): Directory bread(block 70) failed [ 764.126273][T13542] FAT-fs (loop4): Directory bread(block 71) failed [ 764.299634][T13542] FAT-fs (loop4): Directory bread(block 72) failed [ 764.326555][T13542] FAT-fs (loop4): Directory bread(block 73) failed [ 764.688236][ T4250] EXT4-fs (loop2): unmounting filesystem. [ 765.104224][T13554] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2835'. [ 765.464298][T13565] netlink: 188 bytes leftover after parsing attributes in process `syz.4.2838'. [ 765.599316][T13569] netlink: 47 bytes leftover after parsing attributes in process `syz.0.2840'. [ 765.692050][T13574] netlink: 'syz.2.2841': attribute type 1 has an invalid length. [ 765.758708][T13574] device bond3 entered promiscuous mode [ 765.775690][T13574] 8021q: adding VLAN 0 to HW filter on device bond3 [ 765.797341][T13580] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2841'. [ 765.861576][T13591] loop0: detected capacity change from 0 to 512 [ 765.869582][T13591] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 765.901797][T13591] EXT4-fs (loop0): 1 truncate cleaned up [ 765.908465][T13584] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2841'. [ 765.908466][T13591] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 765.964353][T13584] device bond3 left promiscuous mode [ 765.977089][ T4252] EXT4-fs (loop0): unmounting filesystem. [ 766.135786][T13599] loop0: detected capacity change from 0 to 1024 [ 766.193785][T13599] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 766.259355][T13603] loop2: detected capacity change from 0 to 512 [ 766.332448][T13603] EXT4-fs (loop2): VFS: Can't find ext4 filesystem [ 766.931262][T13607] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 766.937819][T13607] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 766.965286][T13607] vhci_hcd vhci_hcd.0: Device attached [ 767.250384][ T6126] usb 41-1: new low-speed USB device number 4 using vhci_hcd [ 767.347488][T13610] vhci_hcd: connection reset by peer [ 767.353253][ T11] vhci_hcd: stop threads [ 767.364243][ T11] vhci_hcd: release socket [ 767.383013][ T11] vhci_hcd: disconnect device [ 767.417052][T13616] loop2: detected capacity change from 0 to 256 [ 767.424028][T13607] loop4: detected capacity change from 0 to 256 [ 767.486839][T13616] FAT-fs (loop2): Directory bread(block 64) failed [ 767.541447][T13616] FAT-fs (loop2): Directory bread(block 65) failed [ 767.571954][T13616] FAT-fs (loop2): Directory bread(block 66) failed [ 767.598836][T13616] FAT-fs (loop2): Directory bread(block 67) failed [ 767.605631][ T4348] device hsr_slave_0 left promiscuous mode [ 767.620459][ T4348] device hsr_slave_1 left promiscuous mode [ 767.621224][ T4252] EXT4-fs (loop0): unmounting filesystem. [ 767.632204][T13616] FAT-fs (loop2): Directory bread(block 68) failed [ 767.639153][ T4348] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 767.642274][T13616] FAT-fs (loop2): Directory bread(block 69) failed [ 767.653589][ T4348] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 767.674594][ T4348] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 767.674993][T13616] FAT-fs (loop2): Directory bread(block 70) failed [ 767.796017][ T4348] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 767.803439][T13616] FAT-fs (loop2): Directory bread(block 71) failed [ 767.818274][T13616] FAT-fs (loop2): Directory bread(block 72) failed [ 767.834146][ T4348] device bridge_slave_1 left promiscuous mode [ 767.856983][ T4348] bridge0: port 2(bridge_slave_1) entered disabled state [ 767.863064][T13616] FAT-fs (loop2): Directory bread(block 73) failed [ 767.904621][ T4348] device bridge_slave_0 left promiscuous mode [ 767.957342][ T4348] bridge0: port 1(bridge_slave_0) entered disabled state [ 769.529015][T13631] loop0: detected capacity change from 0 to 2048 [ 769.808989][T13631] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 769.875495][ T27] kauditd_printk_skb: 68 callbacks suppressed [ 769.875508][ T27] audit: type=1326 audit(1746490249.157:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13641 comm="syz.4.2853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083978e969 code=0x7ffc0000 [ 769.980744][ T4348] device veth1_macvtap left promiscuous mode [ 770.009059][ T4348] device veth0_macvtap left promiscuous mode [ 770.036085][ T27] audit: type=1800 audit(1746490249.197:720): pid=13631 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2851" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 770.088157][ T4348] device veth1_vlan left promiscuous mode [ 770.113158][T13631] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.2851: bg 0: block 234: padding at end of block bitmap is not set [ 770.137211][ T4348] device veth0_vlan left promiscuous mode [ 770.169287][ T27] audit: type=1326 audit(1746490249.197:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13641 comm="syz.4.2853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083978e969 code=0x7ffc0000 [ 770.222673][ T27] audit: type=1326 audit(1746490249.207:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13641 comm="syz.4.2853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f083978e969 code=0x7ffc0000 [ 770.223093][T13631] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 15 with max blocks 640 with error 28 [ 770.266300][T13631] EXT4-fs (loop0): This should not happen!! Data will be lost [ 770.266300][T13631] [ 770.278857][T13631] EXT4-fs (loop0): Total free blocks count 0 [ 770.302170][T13631] EXT4-fs (loop0): Free/Dirty block details [ 770.323046][T13631] EXT4-fs (loop0): free_blocks=0 [ 770.341048][ T27] audit: type=1326 audit(1746490249.207:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13641 comm="syz.4.2853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083978e969 code=0x7ffc0000 [ 770.342069][T13631] EXT4-fs (loop0): dirty_blocks=656 [ 770.397174][ T27] audit: type=1326 audit(1746490249.207:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13641 comm="syz.4.2853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083978e969 code=0x7ffc0000 [ 770.431216][T13631] EXT4-fs (loop0): Block reservation details [ 770.437219][T13631] EXT4-fs (loop0): i_reserved_data_blocks=41 [ 770.457904][ T27] audit: type=1326 audit(1746490249.207:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13641 comm="syz.4.2853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7f083978e969 code=0x7ffc0000 [ 770.517545][ T27] audit: type=1326 audit(1746490249.207:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13641 comm="syz.4.2853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083978e969 code=0x7ffc0000 [ 770.553137][ T11] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 770.573017][ T27] audit: type=1326 audit(1746490249.207:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13641 comm="syz.4.2853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083978e969 code=0x7ffc0000 [ 770.677069][T13664] loop0: detected capacity change from 0 to 512 [ 770.685002][T13664] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 770.839609][ T4348] bond9 (unregistering): (slave bridge13): Releasing backup interface [ 770.848446][ T4348] device bridge13 left promiscuous mode [ 771.307698][ T4348] bond9 (unregistering): Released all slaves [ 771.325881][ T4348] bond8 (unregistering): (slave bridge12): Releasing backup interface [ 771.504139][ T4348] bond8 (unregistering): Released all slaves [ 771.921885][T13683] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 771.928445][T13683] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 771.981034][T13683] vhci_hcd vhci_hcd.0: Device attached [ 772.211231][T13684] vhci_hcd: connection closed [ 772.220725][T13494] vhci_hcd: stop threads [ 772.233577][T13494] vhci_hcd: release socket [ 772.238073][T13494] vhci_hcd: disconnect device [ 772.251473][ T4348] bond7 (unregistering): Released all slaves [ 772.269658][ T4347] usb 33-1: new low-speed USB device number 9 using vhci_hcd [ 772.281158][T13683] loop0: detected capacity change from 0 to 256 [ 772.287474][ T4347] usb 33-1: enqueue for inactive port 0 [ 772.370202][ T4347] vhci_hcd: vhci_device speed not set [ 772.439748][ T6126] vhci_hcd: vhci_device speed not set [ 772.455219][ T4348] bond6 (unregistering): Released all slaves [ 772.585018][ T4348] bond5 (unregistering): Released all slaves [ 772.603035][ T4348] bond4 (unregistering): (slave bridge7): Releasing backup interface [ 772.611181][ T4348] device bridge7 left promiscuous mode [ 772.770033][ T4348] bond4 (unregistering): Released all slaves [ 772.828968][ T4348] bond3 (unregistering): (slave bridge5): Releasing backup interface [ 772.837333][ T4348] device bridge5 left promiscuous mode [ 772.999611][ T4348] bond3 (unregistering): Released all slaves [ 773.017230][ T4348] bond2 (unregistering): (slave bridge4): Releasing backup interface [ 773.025392][ T4348] device bridge4 left promiscuous mode [ 773.213416][ T4348] bond2 (unregistering): Released all slaves [ 773.268470][ T4348] bond1 (unregistering): (slave bridge2): Releasing backup interface [ 773.440625][ T4348] bond1 (unregistering): Released all slaves [ 773.846672][ T4348] team0 (unregistering): Port device team_slave_1 removed [ 773.887956][ T4348] team0 (unregistering): Port device team_slave_0 removed [ 773.930390][ T4348] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 773.974957][ T4348] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 774.400910][ T4348] bond0 (unregistering): Released all slaves [ 774.495580][T13674] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2858'. [ 774.534613][T13407] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 774.567924][T13407] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 774.719009][T13694] loop4: detected capacity change from 0 to 512 [ 774.766774][T13407] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 774.785613][T13694] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 774.829305][T13407] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 774.878539][T13696] loop2: detected capacity change from 0 to 2048 [ 774.887582][T13694] EXT4-fs (loop4): 1 truncate cleaned up [ 774.901634][T13694] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 775.051552][T13407] 8021q: adding VLAN 0 to HW filter on device bond0 [ 775.095365][T13705] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2865'. [ 775.119720][ T4256] EXT4-fs (loop4): unmounting filesystem. [ 775.131326][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 775.142288][T13705] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2865'. [ 775.173169][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 775.213209][T13407] 8021q: adding VLAN 0 to HW filter on device team0 [ 775.252490][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 775.280068][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 775.292314][T13696] loop2: unable to read partition table [ 775.302551][ T4438] bridge0: port 1(bridge_slave_0) entered blocking state [ 775.309714][ T4438] bridge0: port 1(bridge_slave_0) entered forwarding state [ 775.311811][T13696] loop2: partition table beyond EOD, truncated [ 775.333528][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 775.349887][T13696] loop_reread_partitions: partition scan of loop2 () failed (rc=-5) [ 775.366865][T13698] device syzkaller1 entered promiscuous mode [ 775.380678][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 775.396547][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 775.443416][ T75] bridge0: port 2(bridge_slave_1) entered blocking state [ 775.450558][ T75] bridge0: port 2(bridge_slave_1) entered forwarding state [ 775.497059][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 775.512126][T13716] loop4: detected capacity change from 0 to 512 [ 775.518162][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 775.531268][ T3623] loop2: unable to read partition table [ 775.537983][T13716] EXT4-fs (loop4): VFS: Can't find ext4 filesystem [ 775.539689][ T3623] loop2: partition table beyond EOD, truncated [ 775.559232][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 775.592350][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 775.784017][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 775.829953][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 775.856810][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 775.875722][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 775.898205][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 776.149245][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 776.169955][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 776.181896][T13407] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 777.009045][T13754] loop4: detected capacity change from 0 to 512 [ 777.044901][T13754] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 777.080511][T13754] EXT4-fs (loop4): 1 truncate cleaned up [ 777.110296][T13754] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 777.138950][T13764] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2878'. [ 777.176144][ T4256] EXT4-fs (loop4): unmounting filesystem. [ 777.265533][T13765] loop2: detected capacity change from 0 to 2048 [ 777.350662][T13494] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 777.365635][T13494] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 777.414478][T13407] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 777.462215][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 777.506380][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 777.518456][T13776] loop0: detected capacity change from 0 to 2048 [ 777.525738][T13776] EXT4-fs: Ignoring removed i_version option [ 777.556020][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 777.601386][T13765] loop2: unable to read partition table [ 777.623214][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 777.642116][T13765] loop2: partition table beyond EOD, truncated [ 777.664544][T13776] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 777.678995][T13407] device veth0_vlan entered promiscuous mode [ 777.696014][T13765] loop_reread_partitions: partition scan of loop2 () failed (rc=-5) [ 777.707389][T13776] ext4 filesystem being mounted at /577/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 777.731268][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 777.746656][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 777.839172][T13407] device veth1_vlan entered promiscuous mode [ 777.961758][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 777.985615][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 778.001364][ T3623] loop2: unable to read partition table [ 778.007897][ T3623] loop2: partition table beyond EOD, truncated [ 778.018470][ T4252] EXT4-fs (loop0): unmounting filesystem. [ 778.024886][T13407] device veth0_macvtap entered promiscuous mode [ 778.039111][T13407] device veth1_macvtap entered promiscuous mode [ 778.098462][T13407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 778.247530][T13407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 778.297330][T13407] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 778.336405][T13407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 778.413231][T13407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 778.487311][T13407] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 778.514984][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 778.533203][T13806] loop4: detected capacity change from 0 to 256 [ 778.536871][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 778.558185][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 778.567361][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 778.576616][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 778.586105][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 778.587144][T13806] FAT-fs (loop4): Directory bread(block 64) failed [ 778.601703][T13803] netlink: 'syz.0.2890': attribute type 1 has an invalid length. [ 778.610848][T13806] FAT-fs (loop4): Directory bread(block 65) failed [ 778.617556][T13806] FAT-fs (loop4): Directory bread(block 66) failed [ 778.625112][T13806] FAT-fs (loop4): Directory bread(block 67) failed [ 778.629056][T13803] device bond5 entered promiscuous mode [ 778.633227][T13806] FAT-fs (loop4): Directory bread(block 68) failed [ 778.641673][T13803] 8021q: adding VLAN 0 to HW filter on device bond5 [ 778.644531][T13806] FAT-fs (loop4): Directory bread(block 69) failed [ 778.657261][T13806] FAT-fs (loop4): Directory bread(block 70) failed [ 778.666701][T13407] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 778.675879][T13806] FAT-fs (loop4): Directory bread(block 71) failed [ 778.682801][T13806] FAT-fs (loop4): Directory bread(block 72) failed [ 778.691617][T13806] FAT-fs (loop4): Directory bread(block 73) failed [ 778.702124][T13812] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2891'. [ 778.723215][T13407] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 778.734649][T13407] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 778.743530][T13407] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 778.756612][T13808] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2890'. [ 778.777073][T13809] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2890'. [ 778.800841][T13809] device bond5 left promiscuous mode [ 778.964485][ T4335] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 778.977358][T13816] loop2: detected capacity change from 0 to 512 [ 778.984425][ T4335] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 779.015175][T13816] EXT4-fs (loop2): VFS: Can't find ext4 filesystem [ 779.028197][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 779.112798][ T4335] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 779.162063][ T4335] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 779.208822][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 779.437530][T13825] loop2: detected capacity change from 0 to 2048 [ 779.450360][T13825] EXT4-fs: Ignoring removed i_version option [ 779.524194][T13825] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 779.576422][T13825] ext4 filesystem being mounted at /569/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 779.731882][ T4250] EXT4-fs (loop2): unmounting filesystem. [ 779.756774][T13841] loop0: detected capacity change from 0 to 512 [ 779.793853][T13841] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 779.865770][T13841] EXT4-fs (loop0): 1 truncate cleaned up [ 779.909536][T13841] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 780.031872][T13852] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2904'. [ 780.448049][T13858] loop2: detected capacity change from 0 to 512 [ 780.466248][T13858] EXT4-fs (loop2): VFS: Can't find ext4 filesystem [ 780.893485][T13865] loop2: detected capacity change from 0 to 2048 [ 781.030593][T13869] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2910'. [ 781.082171][T13865] loop2: unable to read partition table [ 781.099797][T13865] loop2: partition table beyond EOD, truncated [ 781.106027][T13865] loop_reread_partitions: partition scan of loop2 () failed (rc=-5) [ 781.220708][ T27] audit: type=1326 audit(1746490260.507:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13875 comm="syz.3.2913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff702f8e969 code=0x7ffc0000 [ 781.247231][T13871] loop1: detected capacity change from 0 to 2048 [ 781.279484][ T27] audit: type=1326 audit(1746490260.537:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13875 comm="syz.3.2913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff702f8e969 code=0x7ffc0000 [ 781.288175][T13871] EXT4-fs: Ignoring removed i_version option [ 781.326647][ T3623] loop2: unable to read partition table [ 781.338836][ T3623] loop2: partition table beyond EOD, truncated [ 781.342545][ T27] audit: type=1326 audit(1746490260.557:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13875 comm="syz.3.2913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff702f8e969 code=0x7ffc0000 [ 781.381628][T13871] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 781.412527][T13871] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 781.449712][ T27] audit: type=1326 audit(1746490260.557:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13875 comm="syz.3.2913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff702f8e969 code=0x7ffc0000 [ 781.534483][ T27] audit: type=1326 audit(1746490260.557:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13875 comm="syz.3.2913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff702f8e969 code=0x7ffc0000 [ 781.653076][ T27] audit: type=1326 audit(1746490260.557:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13875 comm="syz.3.2913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff702f8e969 code=0x7ffc0000 [ 781.677344][T13407] EXT4-fs (loop1): unmounting filesystem. [ 781.719526][ T27] audit: type=1326 audit(1746490260.557:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13875 comm="syz.3.2913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff702f8e969 code=0x7ffc0000 [ 781.794654][T13887] netlink: 'syz.1.2916': attribute type 72 has an invalid length. [ 781.859041][ T27] audit: type=1326 audit(1746490260.557:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13875 comm="syz.3.2913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff702f8e969 code=0x7ffc0000 [ 781.939747][ T27] audit: type=1326 audit(1746490260.557:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13875 comm="syz.3.2913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff702f8e969 code=0x7ffc0000 [ 782.017779][ T27] audit: type=1326 audit(1746490260.557:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13875 comm="syz.3.2913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff702f8e969 code=0x7ffc0000 [ 782.559698][T13908] loop4: detected capacity change from 0 to 256 [ 782.635484][T13908] FAT-fs (loop4): Directory bread(block 64) failed [ 782.656019][T13908] FAT-fs (loop4): Directory bread(block 65) failed [ 782.667109][T13908] FAT-fs (loop4): Directory bread(block 66) failed [ 782.686504][T13908] FAT-fs (loop4): Directory bread(block 67) failed [ 782.710887][T13908] FAT-fs (loop4): Directory bread(block 68) failed [ 782.737430][T13908] FAT-fs (loop4): Directory bread(block 69) failed [ 782.753027][T13908] FAT-fs (loop4): Directory bread(block 70) failed [ 782.769546][T13908] FAT-fs (loop4): Directory bread(block 71) failed [ 782.786421][T13908] FAT-fs (loop4): Directory bread(block 72) failed [ 782.796462][T13908] FAT-fs (loop4): Directory bread(block 73) failed [ 783.084871][T13925] loop2: detected capacity change from 0 to 512 [ 783.099633][T13923] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2934'. [ 783.133207][T13925] EXT4-fs (loop2): VFS: Can't find ext4 filesystem [ 783.417808][T13930] syz.2.2936[13930] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 783.417912][T13930] syz.2.2936[13930] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 783.915029][T13941] loop1: detected capacity change from 0 to 2048 [ 783.967676][T13951] netlink: 'syz.3.2943': attribute type 13 has an invalid length. [ 784.017089][T13941] EXT4-fs: Ignoring removed i_version option [ 784.018430][T13951] netlink: 24859 bytes leftover after parsing attributes in process `syz.3.2943'. [ 784.080484][T13941] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 784.089009][T13941] ext4 filesystem being mounted at /14/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 784.291806][T13960] netlink: 47 bytes leftover after parsing attributes in process `syz.3.2946'. [ 784.320305][T13407] EXT4-fs (loop1): unmounting filesystem. [ 784.402084][T13962] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2946'. [ 784.949935][ T4252] EXT4-fs (loop0): unmounting filesystem. [ 785.488448][T13997] loop0: detected capacity change from 0 to 2048 [ 785.534647][T14000] loop2: detected capacity change from 0 to 1024 [ 785.542236][T14000] EXT4-fs: Ignoring removed orlov option [ 785.557584][T13997] EXT4-fs: Ignoring removed i_version option [ 785.810378][T14008] lo speed is unknown, defaulting to 1000 [ 786.150215][T14000] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 786.170691][T13997] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 786.171670][T14012] loop1: detected capacity change from 0 to 128 [ 786.179191][T13997] ext4 filesystem being mounted at /583/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 786.205510][T14012] EXT4-fs: Mount option(s) incompatible with ext2 [ 786.374227][ T5300] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 786.426154][ T4252] EXT4-fs (loop0): unmounting filesystem. [ 786.432836][ T4250] EXT4-fs (loop2): unmounting filesystem. [ 786.434742][T14012] loop1: detected capacity change from 0 to 128 [ 786.459314][ T5300] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 786.500403][ T5300] Buffer I/O error on dev loop1, logical block 0, async page read [ 786.813965][T14021] loop1: detected capacity change from 0 to 256 [ 786.883412][T14021] FAT-fs (loop1): Directory bread(block 64) failed [ 786.909562][T14021] FAT-fs (loop1): Directory bread(block 65) failed [ 786.936605][T14021] FAT-fs (loop1): Directory bread(block 66) failed [ 786.949734][T14021] FAT-fs (loop1): Directory bread(block 67) failed [ 786.978177][T14021] FAT-fs (loop1): Directory bread(block 68) failed [ 786.997276][T14021] FAT-fs (loop1): Directory bread(block 69) failed [ 787.017952][T14021] FAT-fs (loop1): Directory bread(block 70) failed [ 787.036500][T14021] FAT-fs (loop1): Directory bread(block 71) failed [ 787.057193][T14021] FAT-fs (loop1): Directory bread(block 72) failed [ 787.076133][T14021] FAT-fs (loop1): Directory bread(block 73) failed [ 787.225339][ T7495] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 787.236526][ T7495] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 787.245987][ T7495] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 787.254537][ T7495] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 787.262654][ T7495] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 787.270742][ T7495] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 787.358683][T14034] lo speed is unknown, defaulting to 1000 [ 787.813322][T14043] loop2: detected capacity change from 0 to 512 [ 787.982900][T14043] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 788.054137][T14043] EXT4-fs (loop2): 1 truncate cleaned up [ 788.147569][T14043] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 788.437389][T14034] chnl_net:caif_netlink_parms(): no params data found [ 788.782897][T14034] bridge0: port 1(bridge_slave_0) entered blocking state [ 788.818256][T14034] bridge0: port 1(bridge_slave_0) entered disabled state [ 788.837624][T14034] device bridge_slave_0 entered promiscuous mode [ 788.875733][T14034] bridge0: port 2(bridge_slave_1) entered blocking state [ 788.888772][T14034] bridge0: port 2(bridge_slave_1) entered disabled state [ 788.901339][T14034] device bridge_slave_1 entered promiscuous mode [ 788.908645][ T9] tipc: Left network mode [ 788.973883][T14079] lo speed is unknown, defaulting to 1000 [ 789.290248][T14034] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 789.319754][ T7495] Bluetooth: hci3: command 0x0409 tx timeout [ 789.411598][T14034] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 789.550525][T14092] loop0: detected capacity change from 0 to 256 [ 789.576799][T14034] team0: Port device team_slave_0 added [ 789.606961][T14034] team0: Port device team_slave_1 added [ 789.618840][T14092] FAT-fs (loop0): Directory bread(block 64) failed [ 789.654723][T14092] FAT-fs (loop0): Directory bread(block 65) failed [ 789.691005][T14092] FAT-fs (loop0): Directory bread(block 66) failed [ 789.697642][T14092] FAT-fs (loop0): Directory bread(block 67) failed [ 789.730872][T14034] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 789.737923][T14034] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 789.769066][T14092] FAT-fs (loop0): Directory bread(block 68) failed [ 789.776048][T14092] FAT-fs (loop0): Directory bread(block 69) failed [ 789.786649][T14092] FAT-fs (loop0): Directory bread(block 70) failed [ 789.793979][T14092] FAT-fs (loop0): Directory bread(block 71) failed [ 789.804996][T14092] FAT-fs (loop0): Directory bread(block 72) failed [ 789.812725][T14034] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 789.837132][T14092] FAT-fs (loop0): Directory bread(block 73) failed [ 789.942006][T14034] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 789.948977][T14034] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 790.013311][T14034] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 790.376739][T14034] device hsr_slave_0 entered promiscuous mode [ 790.407259][T14034] device hsr_slave_1 entered promiscuous mode [ 790.423920][T14034] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 790.444072][T14034] Cannot create hsr debugfs directory [ 791.016209][T14114] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2989'. [ 791.114252][T14122] syz.0.2991[14122] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 791.114343][T14122] syz.0.2991[14122] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 791.301188][T14114] team0 (unregistering): Port device team_slave_0 removed [ 791.341861][T14114] team0 (unregistering): Port device team_slave_1 removed [ 791.416935][ T7495] Bluetooth: hci3: command 0x041b tx timeout [ 792.037746][ T4250] EXT4-fs (loop2): unmounting filesystem. [ 792.129285][ T9] device hsr_slave_0 left promiscuous mode [ 792.156829][ T9] device hsr_slave_1 left promiscuous mode [ 792.654718][ T9] bond3 (unregistering): Released all slaves [ 793.167664][ T9] bond2 (unregistering): Released all slaves [ 793.220590][ T9] bond1 (unregistering): (slave bridge1): Releasing backup interface [ 793.228716][ T9] device bridge1 left promiscuous mode [ 793.399941][T14176] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3004'. [ 793.425336][ T9] bond1 (unregistering): Released all slaves [ 793.487509][ T7495] Bluetooth: hci3: command 0x040f tx timeout [ 794.316625][ T9] bond0 (unregistering): Released all slaves [ 794.421553][T14155] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3001'. [ 794.573729][T14182] device bond6 entered promiscuous mode [ 794.596156][T14182] 8021q: adding VLAN 0 to HW filter on device bond6 [ 794.842637][T14191] loop1: detected capacity change from 0 to 1024 [ 794.868067][T14191] EXT4-fs: Ignoring removed oldalloc option [ 794.874680][T14182] bond6 (unregistering): Released all slaves [ 794.886349][T14191] EXT4-fs: Ignoring removed orlov option [ 794.979584][T14191] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 795.150106][ T4296] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 795.176238][T13407] EXT4-fs (loop1): unmounting filesystem. [ 795.400215][ T4296] usb 3-1: too many configurations: 241, using maximum allowed: 8 [ 795.444328][ T4296] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 795.474071][ T4296] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 795.497596][T14212] loop1: detected capacity change from 0 to 256 [ 795.513784][ T4296] usb 3-1: Product: syz [ 795.548085][ T4296] usb 3-1: Manufacturer: syz [ 795.559625][ T7495] Bluetooth: hci3: command 0x0419 tx timeout [ 795.569192][ T4296] usb 3-1: SerialNumber: syz [ 795.604902][T14034] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 795.618640][ T4296] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 795.733371][ T14] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 795.759149][T14034] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 795.849736][T14034] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 795.868025][T14034] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 795.874087][T14212] syz.1.3013: attempt to access beyond end of device [ 795.874087][T14212] loop1: rw=2049, sector=256, nr_sectors = 288 limit=256 [ 795.925636][T14212] syz.1.3013: attempt to access beyond end of device [ 795.925636][T14212] loop1: rw=2049, sector=608, nr_sectors = 320 limit=256 [ 795.970439][T14212] syz.1.3013: attempt to access beyond end of device [ 795.970439][T14212] loop1: rw=2049, sector=960, nr_sectors = 64 limit=256 [ 796.018276][T14212] syz.1.3013: attempt to access beyond end of device [ 796.018276][T14212] loop1: rw=2049, sector=1056, nr_sectors = 1380 limit=256 [ 796.090218][T14224] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3014'. [ 796.166204][T14034] 8021q: adding VLAN 0 to HW filter on device bond0 [ 796.208602][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 796.225097][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 796.257192][T14034] 8021q: adding VLAN 0 to HW filter on device team0 [ 796.316067][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 796.353164][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 796.396815][ T4348] bridge0: port 1(bridge_slave_0) entered blocking state [ 796.403978][ T4348] bridge0: port 1(bridge_slave_0) entered forwarding state [ 796.416303][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 796.439634][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 796.457670][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 796.467546][ T4348] bridge0: port 2(bridge_slave_1) entered blocking state [ 796.474704][ T4348] bridge0: port 2(bridge_slave_1) entered forwarding state [ 796.537991][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 796.551986][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 796.599344][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 796.618782][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 796.639804][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 796.681250][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 796.704967][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 796.731443][T14233] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3017'. [ 796.750473][T14233] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3017'. [ 796.760096][ T14] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 796.767083][ T14] ath9k_htc: Failed to initialize the device [ 796.777034][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 796.811697][ T14] usb 3-1: ath9k_htc: USB layer deinitialized [ 796.815258][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 796.881651][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 796.902906][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 796.941920][T14034] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 797.198688][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 797.198700][ T27] audit: type=1326 audit(1746490276.477:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14246 comm="syz.1.3022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b4f8e969 code=0x7ffc0000 [ 797.241169][ T27] audit: type=1326 audit(1746490276.517:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14246 comm="syz.1.3022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b4f8e969 code=0x7ffc0000 [ 797.286107][T14247] loop1: detected capacity change from 0 to 128 [ 797.302293][T14247] journal_path: Lookup failure for './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' [ 797.329139][ T27] audit: type=1326 audit(1746490276.527:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14246 comm="syz.1.3022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe6b4f8e969 code=0x7ffc0000 [ 797.494492][T14247] EXT4-fs: error: could not find journal device path [ 797.513925][ T27] audit: type=1326 audit(1746490276.527:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14246 comm="syz.1.3022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b4f8e969 code=0x7ffc0000 [ 797.674756][ T4347] usb 3-1: USB disconnect, device number 20 [ 797.712147][ T27] audit: type=1326 audit(1746490276.527:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14246 comm="syz.1.3022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b4f8e969 code=0x7ffc0000 [ 797.774196][T14034] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 797.784817][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 797.788446][ T27] audit: type=1326 audit(1746490276.527:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14246 comm="syz.1.3022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe6b4f8e969 code=0x7ffc0000 [ 797.815649][ T27] audit: type=1326 audit(1746490276.527:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14246 comm="syz.1.3022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b4f8e969 code=0x7ffc0000 [ 797.838237][ T27] audit: type=1326 audit(1746490276.527:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14246 comm="syz.1.3022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b4f8e969 code=0x7ffc0000 [ 797.859633][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 797.869950][ T27] audit: type=1326 audit(1746490276.557:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14246 comm="syz.1.3022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe6b4f8e969 code=0x7ffc0000 [ 797.997412][T14270] loop1: detected capacity change from 0 to 128 [ 798.011097][T14269] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3025'. [ 798.030572][ T27] audit: type=1326 audit(1746490276.557:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14246 comm="syz.1.3022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b4f8e969 code=0x7ffc0000 [ 798.197442][T14276] loop0: detected capacity change from 0 to 2048 [ 798.405277][T14276] loop0: unable to read partition table [ 798.440312][T14276] loop0: partition table beyond EOD, truncated [ 798.460020][T14276] loop_reread_partitions: partition scan of loop0 () failed (rc=-5) [ 798.628968][ T3623] loop0: unable to read partition table [ 798.643846][ T3623] loop0: partition table beyond EOD, truncated [ 798.649142][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 798.664868][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 798.727793][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 798.751383][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 798.802079][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 798.823169][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 798.869610][T14034] device veth0_vlan entered promiscuous mode [ 798.905398][T14034] device veth1_vlan entered promiscuous mode [ 799.075762][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 799.104729][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 799.169039][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 799.227081][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 799.265894][T14034] device veth0_macvtap entered promiscuous mode [ 799.302246][T14034] device veth1_macvtap entered promiscuous mode [ 799.353660][T14034] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 799.392546][T14034] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.428520][T14034] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 799.458529][T14034] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.496023][T14332] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3038'. [ 799.507761][T14034] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 799.543266][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 799.556534][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 799.594632][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 799.617317][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 799.702114][T14034] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 799.739459][T14034] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.768551][T14034] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 799.809581][T14034] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.850219][T14034] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 799.876777][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 799.901535][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 799.927271][T14034] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.968078][T14034] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.977005][T14034] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.985731][T14034] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.993981][T14347] loop2: detected capacity change from 0 to 512 [ 800.058751][T14353] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3047'. [ 800.081222][T14347] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.3045: casefold flag without casefold feature [ 800.161073][T14347] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.3045: couldn't read orphan inode 15 (err -117) [ 800.178805][T14353] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3047'. [ 800.220310][ T4438] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 800.239288][ T4438] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 800.254278][T14347] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 800.294453][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 800.420245][ T4438] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 800.465937][ T4438] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 800.505176][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 800.949523][ T5817] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 801.184333][ T5817] usb 3-1: config 1 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 169, changing to 11 [ 801.232937][ T5817] usb 3-1: config 1 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 801.275828][ T5817] usb 3-1: config 1 interface 0 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 801.325422][ T5817] usb 3-1: config 1 interface 0 has no altsetting 0 [ 801.383108][ T5817] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 801.432547][ T5817] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 801.470081][ T5817] usb 3-1: Product: ᕨ臭滹ꨜ㱂敳ꓞ鵡嗵엚穈獜᥉惾ꃋ怙峬ښ偬딠珋㰸㵯移鞣ꦠ僝嬱퐴꟡⯜悩畷Ꮜኮ笘彑ﳰ禖昍극ૻ䶾諎쯴좷噵햳ꆛ嬁镼ꃺ圐鋵麙睪⯱䆱䤭譙㑨씞剹よ萦䱢譁愳퉩걪 [ 801.590494][ T5817] usb 3-1: SerialNumber: syz [ 801.623734][T14366] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 801.631123][T14366] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 801.827831][T14396] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3053'. [ 802.207222][ T48] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 802.218633][ T48] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 802.226862][ T48] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 802.236039][ T48] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 802.243868][ T48] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 802.252801][ T48] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 802.394563][ T4335] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 802.491249][ T4335] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 802.628638][ T4335] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 802.755039][ T4335] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 803.053221][ T4250] EXT4-fs (loop2): unmounting filesystem. [ 803.064087][T14405] chnl_net:caif_netlink_parms(): no params data found [ 803.090346][ T5817] usb 3-1: bad CDC descriptors [ 803.116290][ T5817] usb 3-1: USB disconnect, device number 21 [ 803.744350][T14405] bridge0: port 1(bridge_slave_0) entered blocking state [ 803.757509][T14405] bridge0: port 1(bridge_slave_0) entered disabled state [ 803.778615][T14405] device bridge_slave_0 entered promiscuous mode [ 803.843783][T14405] bridge0: port 2(bridge_slave_1) entered blocking state [ 803.853484][T14405] bridge0: port 2(bridge_slave_1) entered disabled state [ 803.875113][T14405] device bridge_slave_1 entered promiscuous mode [ 803.954007][T14405] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 804.020456][T14405] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 804.135780][T14405] team0: Port device team_slave_0 added [ 804.182307][T14405] team0: Port device team_slave_1 added [ 804.267503][T14405] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 804.276479][T14405] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 804.286660][ T48] Bluetooth: hci2: command 0x0409 tx timeout [ 804.327916][T14405] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 804.484115][T14405] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 804.514266][T14405] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 804.608472][T14405] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 804.850820][T14405] device hsr_slave_0 entered promiscuous mode [ 804.864887][T14405] device hsr_slave_1 entered promiscuous mode [ 804.901725][T14405] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 804.918184][T14405] Cannot create hsr debugfs directory [ 805.155748][ T27] kauditd_printk_skb: 22 callbacks suppressed [ 805.155762][ T27] audit: type=1326 audit(1746490284.437:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14496 comm="syz.2.3074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9584f8e969 code=0x7ffc0000 [ 805.198764][ T4335] device hsr_slave_0 left promiscuous mode [ 805.208862][ T4335] device hsr_slave_1 left promiscuous mode [ 805.240049][ T27] audit: type=1326 audit(1746490284.477:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14496 comm="syz.2.3074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9584f8e969 code=0x7ffc0000 [ 805.303568][ T27] audit: type=1326 audit(1746490284.477:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14496 comm="syz.2.3074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=114 compat=0 ip=0x7f9584f8e969 code=0x7ffc0000 [ 805.339835][ T4335] device veth1_macvtap left promiscuous mode [ 805.345916][ T4335] device veth0_macvtap left promiscuous mode [ 805.361808][T14504] loop2: detected capacity change from 0 to 128 [ 805.409531][ T27] audit: type=1326 audit(1746490284.477:777): auid=4294967295 uid=0 gid=60928 ses=4294967295 subj=unconfined pid=14496 comm="syz.2.3074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9584f8e969 code=0x7ffc0000 [ 805.442460][ T4335] device veth1_vlan left promiscuous mode [ 805.458736][ T4335] device veth0_vlan left promiscuous mode [ 806.322182][ T4335] bond5 (unregistering): Released all slaves [ 806.360395][ T48] Bluetooth: hci2: command 0x041b tx timeout [ 806.767793][ T4335] bond4 (unregistering): Released all slaves [ 807.038138][ T4335] bond3 (unregistering): Released all slaves [ 807.243593][T14541] capability: warning: `syz.2.3090' uses 32-bit capabilities (legacy support in use) [ 807.420995][ T4335] bond2 (unregistering): Released all slaves [ 807.442127][ T4335] bond1 (unregistering): (slave bridge2): Releasing backup interface [ 807.450719][ T4335] device bridge2 left promiscuous mode [ 807.626140][ T4335] bond1 (unregistering): Released all slaves [ 808.066568][ T4335] team0 (unregistering): Port device team_slave_1 removed [ 808.108517][ T4335] team0 (unregistering): Port device team_slave_0 removed [ 808.152389][ T4335] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 808.199008][ T4335] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 808.289199][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.295528][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.398446][ T4335] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 808.439686][ T48] Bluetooth: hci2: command 0x040f tx timeout [ 808.683341][ T4335] bond0 (unregistering): Released all slaves [ 808.739469][T14551] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3092'. [ 809.169875][T14565] loop4: detected capacity change from 0 to 512 [ 809.228932][T14565] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 809.288009][T14565] EXT4-fs (loop4): 1 truncate cleaned up [ 809.305297][T14565] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 809.540356][T14034] EXT4-fs (loop4): unmounting filesystem. [ 809.793264][T14583] loop4: detected capacity change from 0 to 2048 [ 809.854474][T14583] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 809.897370][T14583] EXT4-fs (loop4): unmounting filesystem. [ 809.971906][T14405] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 810.095690][T14405] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 810.118273][T14405] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 810.148852][T14405] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 810.374097][T14405] 8021q: adding VLAN 0 to HW filter on device bond0 [ 810.418219][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 810.434096][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 810.463377][T14405] 8021q: adding VLAN 0 to HW filter on device team0 [ 810.484806][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 810.498119][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 810.520377][ T48] Bluetooth: hci2: command 0x0419 tx timeout [ 810.535356][ T4383] bridge0: port 1(bridge_slave_0) entered blocking state [ 810.542510][ T4383] bridge0: port 1(bridge_slave_0) entered forwarding state [ 810.665154][T14615] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3108'. [ 810.779502][T14615] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 810.789283][T14615] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 810.823604][T14615] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 810.855313][T14615] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 811.204929][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 811.225365][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 811.258017][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 811.302919][ T4383] bridge0: port 2(bridge_slave_1) entered blocking state [ 811.310125][ T4383] bridge0: port 2(bridge_slave_1) entered forwarding state [ 811.340525][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 811.354736][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 811.375310][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 811.399979][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 811.422615][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 811.449291][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 811.459312][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 811.473231][T14622] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3109'. [ 811.584563][T14636] netlink: 'syz.4.3112': attribute type 1 has an invalid length. [ 811.672497][T13494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 811.689156][T13494] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 811.717123][T14636] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3112'. [ 811.749845][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 811.760193][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 811.792902][T14405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 812.174503][T14675] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 812.294675][T14678] netlink: 'syz.1.3122': attribute type 1 has an invalid length. [ 812.339124][T14678] 8021q: adding VLAN 0 to HW filter on device bond1 [ 812.401351][T14685] 8021q: adding VLAN 0 to HW filter on device bond1 [ 812.457647][T14685] bond1: (slave vxcan1): The slave device specified does not support setting the MAC address [ 812.500957][T14685] bond1: (slave vxcan1): Error -95 calling set_mac_address [ 812.577932][T14405] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 812.590051][T14689] netlink: 'syz.3.3125': attribute type 1 has an invalid length. [ 812.694106][T14689] device bond6 entered promiscuous mode [ 812.724273][T14689] 8021q: adding VLAN 0 to HW filter on device bond6 [ 812.786982][T14691] bond6: (slave bridge12): making interface the new active one [ 812.795302][T14691] device bridge12 entered promiscuous mode [ 812.802231][T14691] bond6: (slave bridge12): Enslaving as an active interface with an up link [ 812.812542][T14696] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3125'. [ 812.835203][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 812.861521][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 812.888609][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): bond6: link becomes ready [ 812.931715][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 812.947603][T14718] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3127'. [ 812.962953][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 813.013659][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 813.027268][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 813.066399][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 813.084266][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 813.103946][T14724] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3132'. [ 813.122261][T14725] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3131'. [ 813.137444][T14405] device veth0_vlan entered promiscuous mode [ 813.157577][T14405] device veth1_vlan entered promiscuous mode [ 813.212029][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 813.223681][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 813.243104][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 813.261997][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 813.283645][T14405] device veth0_macvtap entered promiscuous mode [ 813.303862][T14405] device veth1_macvtap entered promiscuous mode [ 813.343946][T14405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 813.366885][T14405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 813.388733][T14405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 813.407842][T14405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 813.425700][T14405] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 813.435343][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 813.448147][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 813.457545][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 813.473824][T14405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 813.487755][T14405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 813.498713][T14405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 813.516295][T14405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 813.530927][T14405] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 813.552786][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 813.564716][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 813.585664][T14405] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 813.600458][T14405] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 813.619193][T14405] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 813.638028][T14405] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 813.811835][ T4383] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 813.833434][ T4383] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 813.855400][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 813.873881][ T4383] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 813.893249][ T4383] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 813.925227][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 814.297764][T14762] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3143'. [ 814.432989][T14767] netlink: 64827 bytes leftover after parsing attributes in process `syz.4.3144'. [ 814.484342][T14768] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3142'. [ 814.704798][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 814.722779][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 814.731153][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 814.741120][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 814.748579][ T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 814.756345][T14784] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3145'. [ 814.769086][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 814.911503][T13494] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 814.921653][T14778] loop0: detected capacity change from 0 to 2048 [ 814.965538][T14773] netlink: 'syz.0.3145': attribute type 10 has an invalid length. [ 814.996108][T14773] team0: Device hsr_slave_0 failed to register rx_handler [ 815.024806][T14778] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 815.144961][T13494] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 815.158755][T14778] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.3145: bg 0: block 234: padding at end of block bitmap is not set [ 815.189807][T14778] EXT4-fs (loop0): Remounting filesystem read-only [ 815.277638][T13494] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 815.387137][T13494] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 815.415542][T14803] netlink: 'syz.3.3155': attribute type 13 has an invalid length. [ 815.425656][T14803] netlink: 24859 bytes leftover after parsing attributes in process `syz.3.3155'. [ 815.559677][T14405] EXT4-fs (loop0): unmounting filesystem. [ 815.612684][T14811] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3156'. [ 815.658460][T14779] chnl_net:caif_netlink_parms(): no params data found [ 815.751198][T13494] tipc: Disabling bearer [ 815.764566][T13494] tipc: Left network mode [ 815.904702][T14829] syz.0.3161[14829] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 815.904847][T14829] syz.0.3161[14829] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 815.924187][T14829] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3161'. [ 816.190406][T14779] bridge0: port 1(bridge_slave_0) entered blocking state [ 816.197553][T14779] bridge0: port 1(bridge_slave_0) entered disabled state [ 816.221816][T14835] loop0: detected capacity change from 0 to 2048 [ 816.231895][T14779] device bridge_slave_0 entered promiscuous mode [ 816.290265][T14835] EXT4-fs: Ignoring removed i_version option [ 816.314843][T14835] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 816.323484][T14835] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 816.412633][T14779] bridge0: port 2(bridge_slave_1) entered blocking state [ 816.433067][T14779] bridge0: port 2(bridge_slave_1) entered disabled state [ 816.451965][T14779] device bridge_slave_1 entered promiscuous mode [ 816.486047][T14405] EXT4-fs (loop0): unmounting filesystem. [ 816.493336][T14850] netlink: 'syz.4.3166': attribute type 13 has an invalid length. [ 816.504397][T14850] netlink: 24859 bytes leftover after parsing attributes in process `syz.4.3166'. [ 816.668847][T14779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 816.821717][T14779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 816.942255][T14867] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3168'. [ 816.997449][ T7495] Bluetooth: hci0: command 0x0409 tx timeout [ 817.027368][T14779] team0: Port device team_slave_0 added [ 817.137930][T14779] team0: Port device team_slave_1 added [ 817.262326][T14779] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 817.289326][T14779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 817.332703][T14779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 817.366439][T14779] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 817.389373][T14779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 817.455112][T14779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 817.473380][T14883] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3172'. [ 817.597927][T14779] device hsr_slave_0 entered promiscuous mode [ 817.608405][T14779] device hsr_slave_1 entered promiscuous mode [ 817.621454][T14779] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 817.629073][T14779] Cannot create hsr debugfs directory [ 817.992985][T14902] netlink: 'syz.3.3178': attribute type 13 has an invalid length. [ 818.101853][T13494] device hsr_slave_0 left promiscuous mode [ 818.118332][T13494] device hsr_slave_1 left promiscuous mode [ 818.185217][T13494] device veth1_macvtap left promiscuous mode [ 818.192648][T13494] device veth0_macvtap left promiscuous mode [ 818.198931][T13494] device veth1_vlan left promiscuous mode [ 818.206420][T13494] device veth0_vlan left promiscuous mode [ 818.215685][T14912] loop0: detected capacity change from 0 to 512 [ 818.234421][T14912] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 818.591250][T13494] bond3 (unregistering): Released all slaves [ 819.089510][ T7495] Bluetooth: hci0: command 0x041b tx timeout [ 819.131307][T13494] bond2 (unregistering): Released all slaves [ 819.404250][T13494] bond1 (unregistering): Released all slaves [ 820.614282][T14936] loop0: detected capacity change from 0 to 512 [ 820.643458][T14936] EXT4-fs error (device loop0): ext4_orphan_get:1400: inode #15: comm syz.0.3190: casefold flag without casefold feature [ 820.661127][T14936] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.3190: couldn't read orphan inode 15 (err -117) [ 820.676216][T14936] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 821.160513][ T7495] Bluetooth: hci0: command 0x040f tx timeout [ 821.754183][T14951] __nla_validate_parse: 2 callbacks suppressed [ 821.754197][T14951] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3193'. [ 822.135903][T13494] bond0 (unregistering): Released all slaves [ 822.218096][T14905] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3180'. [ 822.227596][T14923] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3185'. [ 822.247662][T14957] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3195'. [ 822.744367][ T27] audit: type=1326 audit(1746490302.027:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14969 comm="syz.1.3199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b4f8e969 code=0x7ffc0000 [ 822.809475][ T27] audit: type=1326 audit(1746490302.047:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14969 comm="syz.1.3199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7fe6b4f8e969 code=0x7ffc0000 [ 822.874779][ T27] audit: type=1326 audit(1746490302.057:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14969 comm="syz.1.3199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b4f8e969 code=0x7ffc0000 [ 823.194188][T14779] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 823.206506][T14779] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 823.230298][T14779] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 823.239951][ T48] Bluetooth: hci0: command 0x0419 tx timeout [ 823.258023][T14779] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 823.346286][T14779] 8021q: adding VLAN 0 to HW filter on device bond0 [ 823.362783][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 823.374348][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 823.381145][T14994] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3203'. [ 823.395079][T14779] 8021q: adding VLAN 0 to HW filter on device team0 [ 823.417046][ T4349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 823.426948][ T4349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 823.444367][ T4349] bridge0: port 1(bridge_slave_0) entered blocking state [ 823.451547][ T4349] bridge0: port 1(bridge_slave_0) entered forwarding state [ 823.460376][ T4349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 823.485684][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 823.495949][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 823.505879][ T4335] bridge0: port 2(bridge_slave_1) entered blocking state [ 823.513007][ T4335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 823.530341][T13494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 823.550666][T13494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 823.563257][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 823.581856][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 823.594797][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 823.626115][T14779] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 823.637104][T14779] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 823.674259][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 823.705996][T14405] EXT4-fs (loop0): unmounting filesystem. [ 823.717564][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 823.747330][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 823.804110][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 823.813404][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 823.821976][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 823.831502][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 823.849301][T15000] tipc: Started in network mode [ 823.854301][T15000] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 823.879914][T15000] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 823.893077][T15000] tipc: Enabled bearer , priority 10 [ 824.367075][T15025] loop0: detected capacity change from 0 to 512 [ 824.385432][T15025] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 824.656417][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 824.688470][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 824.724065][T14779] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 824.782773][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 824.801459][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 824.827327][T15043] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3213'. [ 824.870058][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 824.889382][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 824.890937][ T6128] tipc: Node number set to 1 [ 824.921964][T14779] device veth0_vlan entered promiscuous mode [ 824.928644][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 824.963574][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 825.114625][T14779] device veth1_vlan entered promiscuous mode [ 825.142027][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 825.161433][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 825.208200][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 825.234584][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 825.270135][T14779] device veth0_macvtap entered promiscuous mode [ 825.288542][T14779] device veth1_macvtap entered promiscuous mode [ 825.355057][T14779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 825.388033][T14779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 825.419784][T14779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 825.441009][T14779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 825.487652][T14779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 825.511150][T14779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 825.535126][T14779] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 825.582685][T14779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 825.651176][T14779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 825.667921][T14779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 825.717352][T14779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 825.942065][T14779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 826.000131][T14779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 826.038481][T14779] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 826.050888][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 826.059301][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 826.067616][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 826.076307][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 826.087130][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 826.096296][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 826.153380][T14779] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 826.174729][T14779] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 826.203572][T14779] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 826.231254][T14779] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 826.332293][T15085] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 826.350780][T15085] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 826.378717][T15085] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 826.656201][T13492] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 826.690220][T13492] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 826.719160][T15099] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3227'. [ 826.764331][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 826.794662][ T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 826.833868][ T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 826.864666][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 826.951008][T15106] netlink: 'syz.4.3230': attribute type 1 has an invalid length. [ 827.043534][T15106] device bond1 entered promiscuous mode [ 827.056991][T15106] 8021q: adding VLAN 0 to HW filter on device bond1 [ 827.142908][T15108] bond1: (slave bridge1): making interface the new active one [ 827.172600][T15108] device bridge1 entered promiscuous mode [ 827.182449][T15108] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 827.193964][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 827.307768][T15123] loop2: detected capacity change from 0 to 256 [ 827.424622][T15123] FAT-fs (loop2): Directory bread(block 64) failed [ 827.452413][T15123] FAT-fs (loop2): Directory bread(block 65) failed [ 827.566253][T15123] FAT-fs (loop2): Directory bread(block 66) failed [ 827.595489][T15123] FAT-fs (loop2): Directory bread(block 67) failed [ 827.652216][T15129] loop0: detected capacity change from 0 to 1024 [ 827.659655][T15123] FAT-fs (loop2): Directory bread(block 68) failed [ 827.666232][T15123] FAT-fs (loop2): Directory bread(block 69) failed [ 827.755938][T15129] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 827.763470][T15123] FAT-fs (loop2): Directory bread(block 70) failed [ 827.774911][T15129] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 827.819586][T15123] FAT-fs (loop2): Directory bread(block 71) failed [ 827.826196][T15123] FAT-fs (loop2): Directory bread(block 72) failed [ 827.840699][T15129] JBD2: no valid journal superblock found [ 827.870837][T15129] EXT4-fs (loop0): error loading journal [ 827.877960][T15123] FAT-fs (loop2): Directory bread(block 73) failed [ 828.490096][ T7495] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 828.505643][ T7495] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 828.507743][T15154] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3240'. [ 828.524971][ T7495] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 828.533383][ T7495] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 828.541131][ T7495] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 828.548847][ T7495] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 828.891526][T15165] netlink: 'syz.0.3246': attribute type 1 has an invalid length. [ 829.134054][T15180] bridge0: port 3(vlan2) entered blocking state [ 829.140712][T15180] bridge0: port 3(vlan2) entered disabled state [ 829.171873][T15184] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3248'. [ 829.272617][T15150] chnl_net:caif_netlink_parms(): no params data found [ 829.293000][T15177] netlink: 'syz.2.3248': attribute type 10 has an invalid length. [ 829.466701][T15177] team0: Device hsr_slave_0 failed to register rx_handler [ 829.520335][T15178] loop2: detected capacity change from 0 to 2048 [ 829.628506][T15178] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 829.777032][T15177] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.3248: bg 0: block 234: padding at end of block bitmap is not set [ 829.797500][T15177] EXT4-fs (loop2): Remounting filesystem read-only [ 829.835604][ T4335] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 829.848442][T15211] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3255'. [ 829.886116][T15150] bridge0: port 1(bridge_slave_0) entered blocking state [ 829.893480][T15150] bridge0: port 1(bridge_slave_0) entered disabled state [ 829.902222][T15150] device bridge_slave_0 entered promiscuous mode [ 829.912510][T15150] bridge0: port 2(bridge_slave_1) entered blocking state [ 829.924623][T15150] bridge0: port 2(bridge_slave_1) entered disabled state [ 829.934052][T15150] device bridge_slave_1 entered promiscuous mode [ 829.945354][ T4335] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 829.996077][ T4335] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 830.010573][T15150] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 830.022333][T15150] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 830.063576][ T4335] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 830.064982][T14779] EXT4-fs (loop2): unmounting filesystem. [ 830.292510][T15222] netlink: 'syz.1.3260': attribute type 1 has an invalid length. [ 830.339705][T15222] device bond2 entered promiscuous mode [ 830.346410][T15222] 8021q: adding VLAN 0 to HW filter on device bond2 [ 830.362150][T15150] team0: Port device team_slave_0 added [ 830.397821][T15226] bond2: (slave bridge1): making interface the new active one [ 830.405405][T15226] device bridge1 entered promiscuous mode [ 830.417412][T15226] bond2: (slave bridge1): Enslaving as an active interface with an up link [ 830.441638][T15150] team0: Port device team_slave_1 added [ 830.494352][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 830.604201][ T7495] Bluetooth: hci4: command 0x0409 tx timeout [ 830.711606][T15150] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 830.774108][T15150] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 830.872473][T15150] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 830.944832][T15150] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 830.975957][T15150] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 831.022731][T15150] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 831.038666][ T4335] tipc: Disabling bearer [ 831.044271][ T4335] tipc: Left network mode [ 831.069970][T15255] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3266'. [ 831.134396][T15150] device hsr_slave_0 entered promiscuous mode [ 831.148782][T15260] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3267'. [ 831.164151][T15150] device hsr_slave_1 entered promiscuous mode [ 831.189229][T15251] netlink: 'syz.2.3266': attribute type 10 has an invalid length. [ 831.347807][T15251] team0: Device hsr_slave_0 failed to register rx_handler [ 831.834161][T15253] loop2: detected capacity change from 0 to 2048 [ 832.014927][T15253] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 832.265959][T15251] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.3266: bg 0: block 234: padding at end of block bitmap is not set [ 832.303862][T15251] EXT4-fs (loop2): Remounting filesystem read-only [ 832.574718][T14779] EXT4-fs (loop2): unmounting filesystem. [ 832.613173][T15281] netlink: 'syz.4.3272': attribute type 1 has an invalid length. [ 832.679680][ T7495] Bluetooth: hci4: command 0x041b tx timeout [ 832.724740][T15281] device bond2 entered promiscuous mode [ 832.781710][T15281] 8021q: adding VLAN 0 to HW filter on device bond2 [ 832.884499][T15283] bond2: (slave bridge2): making interface the new active one [ 832.914710][T15283] device bridge2 entered promiscuous mode [ 832.937514][T15283] bond2: (slave bridge2): Enslaving as an active interface with an up link [ 833.041037][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 833.075739][T15292] bridge0: port 3(vlan2) entered blocking state [ 833.117899][T15292] bridge0: port 3(vlan2) entered disabled state [ 833.435215][T15314] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3278'. [ 833.525083][T15313] netlink: 'syz.1.3280': attribute type 13 has an invalid length. [ 833.555012][T15313] netlink: 24859 bytes leftover after parsing attributes in process `syz.1.3280'. [ 833.649041][T15318] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3282'. [ 834.087684][T15150] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 834.102072][T15150] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 834.128963][T15150] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 834.158382][T15150] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 834.272486][T15338] netlink: 'syz.4.3288': attribute type 1 has an invalid length. [ 834.951481][ T7495] Bluetooth: hci4: command 0x040f tx timeout [ 834.969812][T15338] device bond3 entered promiscuous mode [ 834.975600][T15338] 8021q: adding VLAN 0 to HW filter on device bond3 [ 835.003670][ T4335] device hsr_slave_0 left promiscuous mode [ 835.022851][ T4335] device hsr_slave_1 left promiscuous mode [ 835.032636][ T4335] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 835.045537][ T4335] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 835.057343][ T4335] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 835.067060][ T4335] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 835.077796][ T4335] device bridge_slave_1 left promiscuous mode [ 835.089230][ T4335] bridge0: port 2(bridge_slave_1) entered disabled state [ 835.103942][ T4335] device bridge_slave_0 left promiscuous mode [ 835.112284][ T4335] bridge0: port 1(bridge_slave_0) entered disabled state [ 835.172689][ T4335] device veth1_macvtap left promiscuous mode [ 835.178894][ T4335] device veth0_macvtap left promiscuous mode [ 835.355339][ T4335] bond6 (unregistering): (slave bridge12): Releasing backup interface [ 835.372253][ T4335] device bridge12 left promiscuous mode [ 835.617097][ T4335] bond6 (unregistering): Released all slaves [ 835.861569][ T4335] bond5 (unregistering): Released all slaves [ 836.036487][ T4335] bond4 (unregistering): Released all slaves [ 836.216843][ T4335] bond3 (unregistering): Released all slaves [ 836.397942][ T4335] bond2 (unregistering): Released all slaves [ 836.459028][ T4335] bond1 (unregistering): (slave bridge5): Releasing backup interface [ 836.633602][ T4335] bond1 (unregistering): Released all slaves [ 837.010057][ T7495] Bluetooth: hci4: command 0x0419 tx timeout [ 837.274767][ T4335] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 837.284308][ T4335] device bond_slave_1 left promiscuous mode [ 837.614115][ T4335] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 837.654009][ T4335] device bond_slave_0 left promiscuous mode [ 838.427151][ T4335] bond0 (unregistering): Released all slaves [ 838.512750][T15341] bond3: (slave bridge3): making interface the new active one [ 838.520553][T15341] device bridge3 entered promiscuous mode [ 838.527098][T15341] bond3: (slave bridge3): Enslaving as an active interface with an up link [ 838.537722][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready [ 838.585306][T15357] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3289'. [ 838.739066][T15150] 8021q: adding VLAN 0 to HW filter on device bond0 [ 838.746858][T15372] netlink: 'syz.1.3294': attribute type 13 has an invalid length. [ 838.754856][T15372] netlink: 24859 bytes leftover after parsing attributes in process `syz.1.3294'. [ 838.826236][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 838.848662][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 838.863378][ T27] audit: type=1326 audit(1746490318.147:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15375 comm="syz.1.3296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe6b4f85927 code=0x7ffc0000 [ 838.913478][T15150] 8021q: adding VLAN 0 to HW filter on device team0 [ 838.946168][ T27] audit: type=1326 audit(1746490318.207:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15375 comm="syz.1.3296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe6b4f2ab39 code=0x7ffc0000 [ 839.004130][T15150] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 839.032535][T15150] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 839.084435][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 839.101588][ T27] audit: type=1326 audit(1746490318.207:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15375 comm="syz.1.3296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b4f8e969 code=0x7ffc0000 [ 839.125059][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 839.153882][ T4438] bridge0: port 1(bridge_slave_0) entered blocking state [ 839.161129][ T4438] bridge0: port 1(bridge_slave_0) entered forwarding state [ 839.167567][ T27] audit: type=1326 audit(1746490318.207:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15375 comm="syz.1.3296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe6b4f85927 code=0x7ffc0000 [ 839.209973][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 839.230011][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 839.266303][ T4438] bridge0: port 2(bridge_slave_1) entered blocking state [ 839.272566][ T27] audit: type=1326 audit(1746490318.207:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15375 comm="syz.1.3296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe6b4f2ab39 code=0x7ffc0000 [ 839.273518][ T4438] bridge0: port 2(bridge_slave_1) entered forwarding state [ 839.344494][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 839.353505][ T27] audit: type=1326 audit(1746490318.207:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15375 comm="syz.1.3296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b4f8e969 code=0x7ffc0000 [ 839.363825][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 839.391164][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 839.401036][ T27] audit: type=1326 audit(1746490318.207:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15375 comm="syz.1.3296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe6b4f85927 code=0x7ffc0000 [ 839.404721][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 839.438892][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 839.447935][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 839.455784][ T27] audit: type=1326 audit(1746490318.207:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15375 comm="syz.1.3296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe6b4f2ab39 code=0x7ffc0000 [ 839.455821][ T27] audit: type=1326 audit(1746490318.207:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15375 comm="syz.1.3296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b4f8e969 code=0x7ffc0000 [ 839.455852][ T27] audit: type=1326 audit(1746490318.207:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15375 comm="syz.1.3296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe6b4f85927 code=0x7ffc0000 [ 839.524356][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 839.532814][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 839.541540][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 839.552878][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 839.562402][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 839.570869][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 839.578675][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 839.743722][T15388] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3300'. [ 840.077063][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 840.088040][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 840.112529][T15150] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 840.192877][T13494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 840.204822][T13494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 840.249711][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 840.270416][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 840.288347][T15408] IPv6: sit1: Disabled Multicast RS [ 840.351613][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 840.364955][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 840.376003][T15150] device veth0_vlan entered promiscuous mode [ 840.407454][T15150] device veth1_vlan entered promiscuous mode [ 840.466772][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 840.480452][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 840.499718][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 840.520126][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 840.531890][T15150] device veth0_macvtap entered promiscuous mode [ 840.552996][T15150] device veth1_macvtap entered promiscuous mode [ 840.570568][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 840.586210][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 840.611025][T15150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 840.625052][T15150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 840.635268][T15150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 840.646198][T15150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 840.668797][T15150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 840.699435][T15150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 840.744072][T15150] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 840.757719][T15150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 840.769687][T15150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 840.782778][T15150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 840.793737][T15150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 840.813055][T15150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 840.835906][T15150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 840.854012][T15150] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 840.868608][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 840.880615][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 840.894582][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 840.908483][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 840.935611][T15150] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 840.964881][T15150] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 840.990382][T15150] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 840.999101][T15150] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 841.183785][T15430] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3314'. [ 841.714755][T15451] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3320'. [ 842.400503][T13494] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 842.452369][T13494] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 842.488599][T15456] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 842.504947][T13494] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 842.514230][T13494] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 842.532936][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 947.719382][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 947.726467][ C1] rcu: 0-...!: (1 GPs behind) idle=bb0c/1/0x4000000000000000 softirq=57999/58001 fqs=2 [ 947.737633][ C1] (detected by 1, t=10502 jiffies, g=78917, q=160 ncpus=2) [ 947.744928][ C1] Sending NMI from CPU 1 to CPUs 0: [ 947.750156][ C0] NMI backtrace for cpu 0 [ 947.750179][ C0] CPU: 0 PID: 15463 Comm: syz.3.3235 Not tainted 6.1.137-syzkaller #0 [ 947.750196][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 947.750209][ C0] RIP: 0010:kasan_check_range+0xf/0x290 [ 947.750242][ C0] Code: 0b b8 ea ff ff ff c3 0f 0b b8 ea ff ff ff c3 00 00 cc cc 00 00 cc cc 00 00 cc cc b0 01 48 85 f6 0f 84 a4 01 00 00 41 57 41 56 <53> 49 89 f8 49 01 f0 0f 82 57 02 00 00 49 89 f8 49 c1 e8 2f 41 81 [ 947.750256][ C0] RSP: 0018:ffffc90000007848 EFLAGS: 00000002 [ 947.750270][ C0] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff8162e936 [ 947.750281][ C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff908b8240 [ 947.750292][ C0] RBP: ffffc90000007ab0 R08: dffffc0000000000 R09: fffffbfff2117049 [ 947.750305][ C0] R10: fffffbfff2117049 R11: 1ffffffff2117048 R12: ffff88802ee1bb80 [ 947.750317][ C0] R13: 0000000000000002 R14: ffff88802ee1c688 R15: ffff88802ee1c6a8 [ 947.750329][ C0] FS: 0000555584f11500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 947.750343][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 947.750355][ C0] CR2: 000000110c2de4b1 CR3: 000000004a6ec000 CR4: 00000000003506f0 [ 947.750370][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 947.750379][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 947.750390][ C0] Call Trace: [ 947.750395][ C0] [ 947.750403][ C0] __lock_acquire+0xdc6/0x7c50 [ 947.750442][ C0] ? verify_lock_unused+0x140/0x140 [ 947.750465][ C0] ? __lock_acquire+0x13c0/0x7c50 [ 947.750487][ C0] ? verify_lock_unused+0x140/0x140 [ 947.750508][ C0] ? verify_lock_unused+0x140/0x140 [ 947.750535][ C0] lock_acquire+0x1b4/0x490 [ 947.750555][ C0] ? debug_object_deactivate+0x63/0x340 [ 947.750580][ C0] ? read_lock_is_recursive+0x10/0x10 [ 947.750602][ C0] ? __rwlock_init+0x140/0x140 [ 947.750631][ C0] _raw_spin_lock_irqsave+0xa4/0xf0 [ 947.750655][ C0] ? debug_object_deactivate+0x63/0x340 [ 947.750675][ C0] ? _raw_spin_lock+0x40/0x40 [ 947.750698][ C0] ? advance_sched+0x6cc/0x970 [ 947.750721][ C0] debug_object_deactivate+0x63/0x340 [ 947.750745][ C0] debug_deactivate+0x29/0x240 [ 947.750764][ C0] __hrtimer_run_queues+0x2d0/0xc80 [ 947.750785][ C0] ? taprio_free_sched_cb+0x190/0x190 [ 947.750810][ C0] ? hrtimer_interrupt+0x8d0/0x8d0 [ 947.750827][ C0] ? ktime_get_update_offsets_now+0x3ce/0x3e0 [ 947.750850][ C0] hrtimer_interrupt+0x3bb/0x8d0 [ 947.750877][ C0] __sysvec_apic_timer_interrupt+0x153/0x5a0 [ 947.750903][ C0] sysvec_apic_timer_interrupt+0x9b/0xc0 [ 947.750931][ C0] [ 947.750935][ C0] [ 947.750941][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 947.750957][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xa5/0x100 [ 947.750987][ C0] Code: 74 05 e8 4e 03 6e f7 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4b f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 36 7e 3e f7 65 8b 05 37 53 e9 75 85 c0 74 3c 48 c7 04 24 0e 36 [ 947.751000][ C0] RSP: 0018:ffffc900039d7a20 EFLAGS: 00000206 [ 947.751014][ C0] RAX: f6da83e1b6ab6c00 RBX: 0000000000000a06 RCX: f6da83e1b6ab6c00 [ 947.751026][ C0] RDX: dffffc0000000000 RSI: ffffffff8a6bfe00 RDI: 0000000000000001 [ 947.751037][ C0] RBP: ffffc900039d7ab0 R08: dffffc0000000000 R09: ffffed10171c54b1 [ 947.751061][ C0] R10: ffffed10171c54b1 R11: 1ffff110171c54b0 R12: dffffc0000000000 [ 947.751073][ C0] R13: ffff8880b8e2a600 R14: ffff8880b8e2a580 R15: 1ffff9200073af44 [ 947.751093][ C0] ? _raw_spin_unlock+0x40/0x40 [ 947.751127][ C0] ? timerqueue_del+0xaa/0x100 [ 947.751150][ C0] ? __remove_hrtimer+0x140/0x3a0 [ 947.751166][ C0] hrtimer_try_to_cancel+0x3b3/0x410 [ 947.751184][ C0] hrtimer_cancel+0x12/0x50 [ 947.751197][ C0] futex_wait+0x44a/0x530 [ 947.751213][ C0] ? futex_wait_setup+0x260/0x260 [ 947.751227][ C0] ? __remove_hrtimer+0x3a0/0x3a0 [ 947.751248][ C0] ? seqcount_lockdep_reader_access+0x120/0x1c0 [ 947.751264][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 947.751288][ C0] do_futex+0x310/0x320 [ 947.751309][ C0] ? _copy_from_user+0x10b/0x170 [ 947.751328][ C0] ? __ia32_sys_get_robust_list+0x80/0x80 [ 947.751353][ C0] ? ktime_get+0x247/0x270 [ 947.751369][ C0] __se_sys_futex+0x14a/0x440 [ 947.751390][ C0] ? bpf_trace_run2+0xda/0x3b0 [ 947.751413][ C0] ? __x64_sys_futex+0xf0/0xf0 [ 947.751441][ C0] ? __x64_sys_futex+0x1d/0xf0 [ 947.751463][ C0] do_syscall_64+0x4c/0xa0 [ 947.751481][ C0] ? clear_bhb_loop+0x45/0xa0 [ 947.751494][ C0] ? clear_bhb_loop+0x45/0xa0 [ 947.751507][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 947.751529][ C0] RIP: 0033:0x7ff76598e969 [ 947.751549][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 947.751560][ C0] RSP: 002b:00007ffd959d09c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 947.751573][ C0] RAX: ffffffffffffffda RBX: 00000000000cdb67 RCX: 00007ff76598e969 [ 947.751583][ C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ff765bb5fac [ 947.751592][ C0] RBP: 0000000000000032 R08: 0022a624d1058de4 R09: 00000004959d0cbf [ 947.751602][ C0] R10: 00007ffd959d0ac0 R11: 0000000000000246 R12: 00007ff765bb5fac [ 947.751612][ C0] R13: 00007ffd959d0ac0 R14: 00000000000cdb99 R15: 00007ffd959d0ae0 [ 947.751628][ C0] [ 947.752150][ C1] rcu: rcu_preempt kthread starved for 10498 jiffies! g78917 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 948.283181][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 948.293155][ C1] rcu: RCU grace-period kthread stack dump: [ 948.299044][ C1] task:rcu_preempt state:R running task stack:27848 pid:16 ppid:2 flags:0x00004000 [ 948.309840][ C1] Call Trace: [ 948.313119][ C1] [ 948.316060][ C1] __schedule+0x10e9/0x40d0 [ 948.320587][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 948.325812][ C1] ? _raw_spin_unlock+0x40/0x40 [ 948.330687][ C1] ? release_firmware_map_entry+0x18a/0x18a [ 948.336607][ C1] schedule+0xb9/0x180 [ 948.340686][ C1] schedule_timeout+0x15c/0x280 [ 948.345554][ C1] ? console_conditional_schedule+0x40/0x40 [ 948.351453][ C1] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 948.357357][ C1] ? update_process_times+0x1b0/0x1b0 [ 948.362748][ C1] ? prepare_to_swait_event+0x335/0x350 [ 948.368306][ C1] rcu_gp_fqs_loop+0x2f2/0x1310 [ 948.373172][ C1] ? dyntick_save_progress_counter+0x2b0/0x2b0 [ 948.379336][ C1] ? rcu_gp_init+0x14b0/0x14b0 [ 948.384103][ C1] ? rcu_gp_cleanup+0xb4c/0xca0 [ 948.388960][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 948.394168][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 948.399387][ C1] rcu_gp_kthread+0x95/0x380 [ 948.403994][ C1] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 948.409113][ C1] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 948.415019][ C1] ? __kthread_parkme+0x162/0x1c0 [ 948.420074][ C1] kthread+0x29d/0x330 [ 948.424165][ C1] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 948.429285][ C1] ? kthread_blkcg+0xd0/0xd0 [ 948.433897][ C1] ret_from_fork+0x1f/0x30 [ 948.438344][ C1] [ 948.441370][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 948.447687][ C1] CPU: 1 PID: 15470 Comm: syz.4.3329 Not tainted 6.1.137-syzkaller #0 [ 948.455840][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 948.465893][ C1] RIP: 0010:smp_call_function_many_cond+0xe7b/0x1270 [ 948.472575][ C1] Code: 00 00 00 41 8b 1f 89 de 83 e6 01 31 ff e8 5d e9 0a 00 83 e3 01 48 bb 00 00 00 00 00 fc ff df 75 07 e8 e9 e5 0a 00 eb 37 f3 90 <41> 0f b6 04 1c 84 c0 75 10 41 f7 07 01 00 00 00 74 1e e8 ce e5 0a [ 948.492183][ C1] RSP: 0018:ffffc9000366f560 EFLAGS: 00000246 [ 948.498257][ C1] RAX: ffffffff8175ddd2 RBX: dffffc0000000000 RCX: 0000000000080000 [ 948.506235][ C1] RDX: ffffc90013e7e000 RSI: 000000000007ffff RDI: 0000000000080000 [ 948.514296][ C1] RBP: ffffc9000366f6c0 R08: dffffc0000000000 R09: fffffbfff2117049 [ 948.522271][ C1] R10: fffffbfff2117049 R11: 1ffffffff2117048 R12: 1ffff110171c85a5 [ 948.530250][ C1] R13: ffff8880b8f3bb00 R14: 0000000000000000 R15: ffff8880b8e42d28 [ 948.538235][ C1] FS: 00007f44c66b66c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 948.547172][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 948.553758][ C1] CR2: 000000110c244a0e CR3: 000000005553e000 CR4: 00000000003506e0 [ 948.561734][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 948.569706][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 948.577679][ C1] Call Trace: [ 948.580964][ C1] [ 948.583911][ C1] ? text_poke_sync+0x20/0x20 [ 948.588599][ C1] ? smp_call_function_many+0x30/0x30 [ 948.593972][ C1] ? __SCT__tp_func_kmalloc+0x8/0x8 [ 948.599193][ C1] ? text_poke+0x90/0x90 [ 948.603463][ C1] ? text_poke_sync+0x20/0x20 [ 948.608156][ C1] on_each_cpu_cond_mask+0x3b/0x80 [ 948.613269][ C1] ? __SCT__tp_func_kmalloc+0x8/0x8 [ 948.618475][ C1] text_poke_bp_batch+0x2b0/0x7d0 [ 948.623519][ C1] ? text_poke_loc_init+0x570/0x570 [ 948.628733][ C1] ? trace_raw_output_contention_end+0xd0/0xd0 [ 948.634889][ C1] ? __mutex_trylock_common+0x14f/0x250 [ 948.640457][ C1] text_poke_bp+0xd2/0x150 [ 948.644890][ C1] ? __mutex_lock+0x19e/0xaf0 [ 948.649574][ C1] ? text_poke_queue+0x180/0x180 [ 948.654518][ C1] ? __mutex_lock+0x19e/0xaf0 [ 948.659208][ C1] __static_call_transform+0x318/0x500 [ 948.664694][ C1] ? __static_call_update+0x96/0x5b0 [ 948.669995][ C1] ? __SCT__tp_func_kmalloc+0x8/0x8 [ 948.675214][ C1] ? text_poke_bp+0x150/0x150 [ 948.679920][ C1] ? rcu_read_lock_any_held+0xb0/0x120 [ 948.685395][ C1] ? rcu_read_lock_bh_held+0xe0/0xe0 [ 948.690699][ C1] ? __bpf_trace_kmalloc+0x140/0x140 [ 948.696007][ C1] ? __SCT__tp_func_kmalloc+0x8/0x8 [ 948.701221][ C1] arch_static_call_transform+0xca/0x270 [ 948.706867][ C1] ? __SCT__tp_func_kmalloc+0x8/0x8 [ 948.712072][ C1] __static_call_update+0xdd/0x5b0 [ 948.717197][ C1] ? __bpf_trace_kmalloc+0x140/0x140 [ 948.722501][ C1] ? __static_call_return0+0x10/0x10 [ 948.727798][ C1] ? __kmem_cache_alloc_node+0x140/0x260 [ 948.733447][ C1] ? tracepoint_add_func+0x307/0x9a0 [ 948.738748][ C1] ? rcu_is_watching+0x11/0xa0 [ 948.743528][ C1] ? tracepoint_add_func+0x307/0x9a0 [ 948.748826][ C1] ? __bpf_trace_kmalloc+0x140/0x140 [ 948.754122][ C1] tracepoint_add_func+0x7fb/0x9a0 [ 948.759246][ C1] ? __radix_tree_preload+0x82/0x880 [ 948.764563][ C1] ? __bpf_trace_kmalloc+0x140/0x140 [ 948.769859][ C1] tracepoint_probe_register_prio_may_exist+0x5c/0x90 [ 948.776650][ C1] ? __bpf_trace_kmalloc+0x140/0x140 [ 948.781949][ C1] bpf_raw_tp_link_attach+0x3d1/0x550 [ 948.787339][ C1] ? bpf_insn_prepare_dump+0x840/0x840 [ 948.792826][ C1] bpf_raw_tracepoint_open+0x194/0x200 [ 948.798295][ C1] __sys_bpf+0x4e9/0x6d0 [ 948.802548][ C1] ? bpf_link_show_fdinfo+0x310/0x310 [ 948.807941][ C1] ? lock_chain_count+0x20/0x20 [ 948.812810][ C1] __x64_sys_bpf+0x78/0x90 [ 948.817233][ C1] do_syscall_64+0x4c/0xa0 [ 948.821657][ C1] ? clear_bhb_loop+0x45/0xa0 [ 948.826337][ C1] ? clear_bhb_loop+0x45/0xa0 [ 948.831048][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 948.836969][ C1] RIP: 0033:0x7f44c578e969 [ 948.841393][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 948.861025][ C1] RSP: 002b:00007f44c66b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 948.869449][ C1] RAX: ffffffffffffffda RBX: 00007f44c59b5fa0 RCX: 00007f44c578e969 [ 948.877421][ C1] RDX: 0000000000000018 RSI: 0000200000000200 RDI: 0000000000000011 [ 948.885394][ C1] RBP: 00007f44c5810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 948.893368][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 948.901338][ C1] R13: 0000000000000000 R14: 00007f44c59b5fa0 R15: 00007fff221106e8 [ 948.909327][ C1]