last executing test programs: 3m11.714095904s ago: executing program 2 (id=304): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=ANY=[@ANYBLOB="ac00000021000100000000000100000000000000000000000000000000000000fe8000000000000000000000000000bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000050001100e0000000000000000000e340980e5f1fac141400000000ac1414aa000000000000010000000000ffffffff0000000000000000000000003c04000005"], 0xac}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x4, 0xffff2153, 0x2, 0xa, 0xd, 0x1c4, 0x7, 0x2, 0x6}}}}]}, 0x58}}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x4, 0x5}, {}, {0x7, 0x5}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0xd, 0x0, 0x9, 0x3}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20048081}, 0xc0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) r8 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r8, &(0x7f00000000c0)={&(0x7f0000000840)=@xdp={0x2c, 0x7, r9, 0x3e}, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)='\x00@', 0x5dc}], 0x1}, 0x4) 3m10.810130314s ago: executing program 2 (id=309): r0 = socket$inet_tcp(0x2, 0x1, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_init_net_socket$llc(0x1a, 0x802, 0x0) readlinkat(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup\x00', 0xfffffffffffffffe, 0xfe9c) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x40) r4 = dup(0xffffffffffffffff) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x106}}, 0x20) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r4, &(0x7f0000000180)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf) close_range(r0, 0xffffffffffffffff, 0x0) 3m9.571845198s ago: executing program 2 (id=318): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$can_raw(0x1d, 0x3, 0x1) socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(0xffffffffffffffff, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0b0000000f000000cc000200060000ec05"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000700)={0x0, &(0x7f0000000540)=""/245, &(0x7f00000000c0), &(0x7f0000000680), 0x2, r3}, 0x38) socket$alg(0x26, 0x5, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000006c0)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 3m8.50401577s ago: executing program 2 (id=323): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000200)='./file0\x00', 0x2048c5, &(0x7f0000000340)={[{@fat=@sys_immutable}, {@fat=@dmask={'dmask', 0x3d, 0x8}}, {@fat=@errors_continue}, {@shortname_mixed}, {@shortname_lower}, {@uni_xlateno}, {@shortname_win95}, {@utf8no}, {@shortname_lower}, {@shortname_winnt}, {@numtail}, {@utf8}, {@rodir}]}, 0x0, 0x2a7, &(0x7f0000000580)="$eJzs3UFrE1sYxvGnSdukKW2yKBfuhct9uW50M7TxEwRpQQwotRF1IUztREPGpGRiJCK2O7d+juLSlYL6Bbpx517cFEFw04UYaZKxaRswqY2p5v+DMqfnnHfmJGcmvDOQk53rT+8V84GTd6uKxE0RaVO7Umqv1DbW3kaa5Ul12tS56c/v/r164+alTDa7uGy2lFk5nzaz2f9ePXj07P831elrz2dfxrSdurXzKf1++6/tv3e+roR7L0uurZbLVXfV92ytEBQdsyu+5waeFUqBV6laR3veL6+v180trc0k1iteEJhbqlvRq1u1bNVK3dw7bqFkjuPYTEKjJtp3RG5rednNDGQwGIapbpWVSsaNdW3Mbf2KQQEAgNNlWPn/3UJghcBK5QP5fZj/S2H+H1Ef+b800vl//8j/R8Fe/p9oX78Hkf8DAAAAAAAAAAAAAAAAAAAAAPA72G00ko1GIxluw7+YpLik8P9hjxODwfyPto4v7sUl/0ktV8u1tq32TF4F+fI0PyF9aZ4Pba3y0sXs4rw1pfTa32jHb9RyUcXC+FCqe/xCK9464zc0oUTn8dNKaq57fLpLfC03qbNnGrH2kT05SurtbZXla615Xu/HP14wu3A5eyh+qtkPAAAAAIA/gWPfHbl/b7Y7Fi4bcqi9Vbn/fEDJHzwfOHR/Pa5/xo+uSAIAAAAAAE5eUH9YdH3fq4xAIfz9gxPZ4fDfunivnccltWtenJa56KUQkXTc8OjPzfJHSQdq5oY+3SdR+HC/dQX00nmYn0oAAAAABiFM+sf6CYoNbjwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIyiXhcPC/sfZ+2xjsNFh/MqAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNPhWwAAAP//vsUWxg==") r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00') mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333c06, 0x0) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x310f848, 0x0) read$FUSE(r0, &(0x7f0000000b00)={0x2020}, 0x2020) 3m8.234673213s ago: executing program 2 (id=326): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f0000001740)={0x0, @in={0x2, 0x4e21, @broadcast}, @ethernet={0x306, @remote}, @nl=@unspec, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xb, 0x4}) 3m7.482943801s ago: executing program 2 (id=328): r0 = socket$inet_tcp(0x2, 0x1, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_init_net_socket$llc(0x1a, 0x802, 0x0) readlinkat(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup\x00', 0xfffffffffffffffe, 0xfe9c) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x40) r4 = dup(0xffffffffffffffff) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x106}}, 0x20) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r4, &(0x7f0000000180)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf) close_range(r0, 0xffffffffffffffff, 0x0) 3m7.239457154s ago: executing program 32 (id=328): r0 = socket$inet_tcp(0x2, 0x1, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_init_net_socket$llc(0x1a, 0x802, 0x0) readlinkat(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup\x00', 0xfffffffffffffffe, 0xfe9c) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x40) r4 = dup(0xffffffffffffffff) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x106}}, 0x20) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r4, &(0x7f0000000180)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf) close_range(r0, 0xffffffffffffffff, 0x0) 2m10.008366818s ago: executing program 0 (id=560): r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x1, 0x4, 0x60, 0x7f, 0x17, "9f9413a4d68de2d71b63e573229ac6de50806c"}) mount$9p_fd(0x0, &(0x7f0000000280)='./cgroup\x00', &(0x7f0000000340), 0x8401, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}}) 2m8.883003201s ago: executing program 0 (id=567): r0 = syz_open_dev$video(&(0x7f0000000040), 0x9, 0x4a142) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000140)={0x4, @capture={0x0, 0x0, {0x6, 0xffffff01}, 0x5, 0x3}}) 2m8.736570902s ago: executing program 0 (id=568): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)={0x18, r1, 0x1, 0x4, 0x0, {}, [@TIPC_NLA_MEDIA={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0xc011}, 0x0) 2m8.008546191s ago: executing program 0 (id=569): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@test_dummy_encryption}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000000dc0)="$eJzs3M1vG0UbAPBn13H65k0hoZSvlo9AQVQIkqYt0AMHQCBxKBISHOBoJaEqTQtqgkSrSKQcygkhJO6II/8CJ7ggxAmJK9xRpQr1QsvJaL27iZ3YTtPYcYt/P8ntM/vhmce7Y8/u2AlgaE1l/yQReyPi94iYyIutG0zl/12/tjJ349rKXBL1+tt/JY3t/r62MlduWu433lyIJA62qXfpwsUztcXFhfNFeWb57EczSxcuPnf6bO3UwqmFc0dPnDh+bPbFF44+35M8xyMtojfe++rNk1+05L8hjx6Z6rbyqXq9x9UN1l1N8cgA28H2VIrjVW30/4moNB29iXj9s7XCpwNqINA39Xq9Pt559Wod+A9LorWsy8OwKD/oy+vfdtfBL/dt9DF4V1/JL4CyvK8Xj3zNyNodg+qG69temoqId1f/+SZ7RH/uQwAAtPghG/88m412Vuayscf6+CON+5u2u7uYG5qMiHsiYl9E3BvnYn9E3BfR2PaBiHhwm/U3TZI0hpmbxz/plVtO7iZk47+Xirmt1vFfOfqLyUqjdCEvRDV5//TiwpHiNTkc1T1ZebZLHT++9tuXndY1j/+yR1Z/ORYs2nFlZE/rPvO15dqtZ9zq6qWIAyPt8k/WZgKSiHgoIg60e4J06zpOP/Pdw53WbZ1/Fz2YaKp/G/F0fvxXY0P+paT7/OTM/2Jx4chMeVZs9suvl9/qVP+O8u+B7Pj/v+35v5b/ZNI8X7u0/Tou//F5x2uaqWoRbOP8X60t10aTdxrxaLHsk9ry8vnZiNHkZN7o5uVH1/cty+X2Wf6HD7Xv//ti/ZU4GBHZSfxIRDwaEY8Vx+7xiHgiIg51yf/nV5/8YOOysTL/2+D4z2/r+K8Ho9G6JG2zTRZUzvz0fUulk+thkf+N7u9/xxvR4WLJzbz/bW5F+2Cnrx8AAADcCdKI2BtJOr0Wp+n0dP4d/v351Hfm43Pz+W8EJqOalne6Jpruh84Wl/V5+VJE5F8tKNcfi7Rx3/jrylijPD334eL8QDMHxjv0/8yflUG3Dug7P9iC4aX/w/Dq2v+ru9cOYPdt6v9d+/yevrYF2F1tPv/HBtEOYPe1G//7ez8wHDb0f9N+METc/4fhpf/D8NL/YSgtjcXWP5LvGpTPdIu7bxVMROy0hYMJonpbNKNvQaR9r2K0v6dW34LkDmzzpmBw70kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC99G8AAAD//1KFzjw=") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000b80), 0x10000, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) 2m6.602676287s ago: executing program 0 (id=578): socket$unix(0x1, 0x1, 0x0) r0 = socket$kcm(0x10, 0x100000000002, 0x4) sendmsg$kcm(r0, &(0x7f00000039c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="39000000140081ae00002c000500015601618575e285af0100d41f215c0000883795c04a31ba377a1b2cc32b38d3440c6942cb76cab3000000", 0x39}], 0x1, 0x0, 0x0, 0xc00e}, 0x0) 2m4.764391737s ago: executing program 0 (id=587): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r1) sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000006780)={0x0, 0x0, &(0x7f0000006740)={&(0x7f00000003c0)={0x40, r2, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x3}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_LLSEC_SECLEVEL={0x5, 0x2a, 0x7}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x6}]}, 0x40}, 0x1, 0x0, 0x0, 0x8004}, 0x4000000) 2m3.791419058s ago: executing program 33 (id=587): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r1) sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000006780)={0x0, 0x0, &(0x7f0000006740)={&(0x7f00000003c0)={0x40, r2, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x3}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_LLSEC_SECLEVEL={0x5, 0x2a, 0x7}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x6}]}, 0x40}, 0x1, 0x0, 0x0, 0x8004}, 0x4000000) 5.081097543s ago: executing program 1 (id=1310): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x20102, 0x0) ioctl$PTP_EXTTS_REQUEST(r0, 0x40103d02, 0xfffffffffffffffe) 4.966949925s ago: executing program 6 (id=1311): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000cc0)={0x7c, r1, 0x5, 0x1, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x3d, 0xe, {{{}, {}, @broadcast, @broadcast, @random="0c26364ebeb3"}, 0x0, @default, 0x1, @void, @val, @void, @void, @val={0x6, 0x2, 0x6}, @void, @void, @void, @val={0x3c, 0x4, {0x1, 0xf, 0xa1, 0x4}}, @void, @void, @val={0x71, 0x7, {0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xff, 0x60}}, @void}}, @NL80211_ATTR_PROBE_RESP={0x6, 0x91, "c466"}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x5}]}, 0x7c}, 0x1, 0x0, 0x0, 0x84}, 0x0) 4.951757225s ago: executing program 1 (id=1312): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @multicast2}, 0x10) socket$inet6(0xa, 0x80002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) clock_getres(0x8, &(0x7f0000000000)) 4.817377976s ago: executing program 3 (id=1313): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$inet6(r0, &(0x7f0000000040)={&(0x7f0000000000)={0xa, 0x0, 0x8, @private0={0xfc, 0x0, '\x00', 0x1}, 0x82}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=[@rthdrdstopts={{0x18, 0x29, 0x37, {0x87}}}, @flowinfo={{0x14, 0x29, 0xb, 0x401}}], 0x30}, 0x24004800) 4.736085277s ago: executing program 5 (id=1314): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x42, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x20) fallocate(r0, 0x3, 0x80007, 0x8000c62) 4.615028448s ago: executing program 3 (id=1315): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f00000030c0)={0x0, 0x0, &(0x7f0000003080)={&(0x7f0000002040)={0x14, 0x14, 0x1, 0x70bd2a, 0x25dfdbfb, {0x1, 0x27}}, 0x14}, 0x1, 0x0, 0x0, 0x20000010}, 0x48004) 4.614767728s ago: executing program 6 (id=1316): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x48}}, 0x400400c0) r3 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2b, 0x2, {0x0, 0x0, 0x0, r4, {0x0, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}]}}]}, 0x44}}, 0x2) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="100000"], 0x14}}, 0x0) sendmmsg$alg(r2, &(0x7f00000000c0), 0x492492492492627, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) close(r6) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r7 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r7, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r7, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r5, 0xc}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf", 0x22}, {&(0x7f0000000c00)="4307ed2e", 0x4}], 0x2}, 0x4) 3.926597736s ago: executing program 3 (id=1317): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=0xffffffffffffffff], 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x5, &(0x7f0000000100)=ANY=[@ANYRESOCT=r0], &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffffde, 0x10, 0x0, 0xfffffff0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x0, 0x10, 0xffff}, 0x9a) 3.898941016s ago: executing program 1 (id=1318): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x5, 0x0, 0x40}]}) ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0) 3.898818666s ago: executing program 4 (id=1319): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="6c00000010000100000000000000000004000000", @ANYRES32=r1, @ANYBLOB="00140000000000004c0012800b00010067656e65766500003c00028008000200e0"], 0x6c}, 0x1, 0x2, 0x0, 0x4800}, 0x0) 3.819023097s ago: executing program 4 (id=1320): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='dctcp', 0x5) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000300)="a6", 0x1, 0x20000045, &(0x7f0000000140)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) gettid() r5 = fsopen(&(0x7f00000001c0)='bdev\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00', @ANYRES16, @ANYBLOB="0100040000000100000009000000280003800800030000000000140002007663616e3000000000000000000000000800010001000000e6c3628372cce68cbb4c173a66362e9bc107f304c171ced7ed47403118a2665e82294291c8b397d2c0a925bb890376795399c003716ae0effe8838c159fcf97651b378bc16dab2a012dfde8324bf906f7cafda339898d91f8dc69057dc5f3cccdf1599710073e1f3f0bfd7834fa35fe186592e3b7b5494143694040e7525e53ff80e3816c0da6a2d9bd8c2864ae2a25775bf0e4ba92f4485b8d164a38352c725478ffc3a8fd98780fbe5fe336d33038f5275adc80771db7f603b75dc0d7e66b5"], 0x3c}, 0x1, 0x0, 0x0, 0x48c1}, 0x0) ioctl$sock_bt_hci(r4, 0x400448c9, 0x0) write$P9_RMKNOD(r0, &(0x7f0000000280)={0x14, 0x13, 0x2, {0x4, 0x2}}, 0xfffffe5c) 3.818875108s ago: executing program 3 (id=1321): setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$evdev(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) add_key$user(0x0, &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd) add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="180000001600010a"], 0x78}}, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r3) recvmmsg$unix(r3, &(0x7f0000006b40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x2, 0x0) syz_genetlink_get_family_id$nl802154(&(0x7f000000f840), 0xffffffffffffffff) socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x54) 3.818809828s ago: executing program 5 (id=1322): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00') prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000001180)={&(0x7f0000ff7000/0x7000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f000000f000/0x3000)=nil, &(0x7f000000d000/0x4000)=nil, &(0x7f000024f000/0x2000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) preadv(r0, &(0x7f0000001200)=[{&(0x7f0000000080)=""/4097, 0xffffff51}], 0x1, 0x3f, 0x6a76) 2.164017096s ago: executing program 3 (id=1323): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000300)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0xf, 0x0, 0x0) 2.163568626s ago: executing program 6 (id=1324): syz_mount_image$ext4(&(0x7f0000000100)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x1000081, &(0x7f00000000c0), 0x6, 0x595, &(0x7f0000000840)="$eJzs3U9sHFcZAPBvJnZ2nTgkhR4KAhpKIaCq69hpo4pLywUJqgqkwqmH1LI3VuR1NvKuS20sYZ84cEWiEie4cOHEoRIHpJ4QV25w41IOSBGKQDUSQlPN7Gyyu911NvGfrePfTxrtm5m387038r4388a7L4BT63JE7ETE2Yh4OyIuRlJsT8olXusseb6P7m0v7d3bXkoiy97811R5hO2lbv6u8xHxs+5K5cH2nmS0NrdWFxuN+nq5PtdeuzPX2tx68dba4kp9pX57YeH6/PWrr1x7eeHQ6vrs2u/vfufW6z/64x++9OFfdr75k7zMr5b78rr1ZE2yLDt4wFe752U6ZstNaUTkZ+71gx/9U+FMWZ+zky4IjyX/e/xsRDxXpu+rTq5MAMDRyrKLkV3sXe9Io7P0SgbyAAAnU37PPxtJWivv/2cjTWu1Ygyv+nScSxvNVvuFm82N20l3iG86vXmrUb9ajBVGVGI6ydfnI+JSsXTWFwbWr0XEUxHxi8pMsV5bajaWJ3LFAwCcH+j//1PJ+//KOG/1hAAATjI9OQCcPp/s/6cnUg4A4Pi4/weA06en/x/ryT8AcPJVB777P1SWHEtZAIDjMXT8/60LD9LPJAM/8QUAnHSe/wPAqfKDN97Il2wvS4rfv15+Z3NjtfnOi8v11mptbWOpttRcv1NbaTZXit/sWRtyiN3elUazeWf+pdh4d65db7XnWptbN9aaG7fbN4rf9b5R98UCAJi8p5794G9JROx8a6ZYojuXw8P/IQA44dKImUmXAZiMM5MuADAxUx7/wallPB542D/3Dr1GmImI90ZnMLAAn25XPj9i/H/w2qD/ecD/D2F2bGDCyo/11KTLARy/g43/Gz2Ak2z/jt+TAXiSZVliPn8AOGXGuIMfPkTw08O/FgEm47Ge/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApN1ssSVor5wKfjTSt1SIuRMSlmE5u3mrUr0bEZyLir5XpSr4+P+lCAwAHlP4zKef/unLx+dnBvWeT/1aK14j48a/e/OW7i+3u1IH3t7ffK7a31xeGBqgcfR0AgB5Tgxu6/XTx2nMj/9G97aXucpwFvPvtzuSiedy9e9tLD+YjnioLX41827l/J32VSUZOTPxodnYj4pnB+qf3918qZz4djJ/HvnBk8aOo4Wxf/P7LqLTY13nNz8XnZsaMdwhlhifFB3n789qwz18al4vX8vM31d+YVuPnn2xcH0O3/dvLOu3fXk/8/Pjfv1At2pph7d/lcWO89Kfvjty3eyb7wlREN/ZeT/vTUS1Sw+I/P2b8v3/xy8+NOlnZryOuxH7xO6m59tqdudbm1u++9/6fV+or9dsLC9fnr1995drLC3PFGPVcd6S61NM57Nc03t2NODcifvUh9f/amPX/zf/efusr+8T/xleHxU/j6X3i533i12N9rPiL594fOX13Hn95RP2n+uKf7Xtfvu2FwYON+IP88B9by2MVFAA4Fq3NrdXFRqO+Pk4ija3Vxe7V1Njv6kvMPNa7xkzEkR15eGK67yRUjyrW+RG7fvvIB5yOYz0/h5bYfYTMlckU9Uw0urccD81c5ts5SNAsO0CZL5eJdJ88E2qQgGPz4EM/6ZIAAAAAAAAAAAAAAACjtH5Y/uTfIX8pqvfLcJOuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+ujwMAAP//IhjD+Q==") r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000940)=ANY=[@ANYBLOB="b405000000000000611034000000000063012000000000009500000000000000f4c32bf3df05a034da1b7fdcf645f3580fe49be316bdb665f1b42ff7ef474df46c0f44ef6fb5e031f7cfef720e05af49fad256a74dbc05ae220102a88002814a88e2fac93f6bba2d4d44db49d45e449d31fa52c326486bc1c908dd9b372f7a455c9566ed5ee0a65f3909cfe1219a0a38b416dc55927f32ab452e0ccaf193c27af10a12c42ef8a3199d0fad0a9521094cc7"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000f00)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000b80)="924a47d58460977aa3ca02e00a7f5a29c19a836ac747ed79c3facf74da5489e37c7fb07ad69ad60d07747b3d7069380431087eb6b1baaf69904a056fbcd9210ec4942a8eff38f64d9254fcf620ee3f30d95f4ff1843135bbe3ea9944510eaab3cdb691dcfa857098dfd130e17be1d332b6474474591d8f2fad7272cf", 0x7c}], 0x1}}], 0x1, 0x40408e0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.163344196s ago: executing program 4 (id=1325): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='dctcp', 0x5) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000300)="a6", 0x1, 0x20000045, &(0x7f0000000140)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) gettid() fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00', @ANYRES16=r5, @ANYBLOB="0100040000000100000009000000280003800800030000000000140002007663616e3000000000000000000000000800010001000000e6c3628372cce68cbb4c173a66362e9bc107f304c171ced7ed47403118a2665e82294291c8b397d2c0a925bb890376795399c003716ae0effe8838c159fcf97651b378bc16dab2a012dfde8324bf906f7cafda339898d91f8dc69057dc5f3cccdf1599710073e1f3f0bfd7834fa35fe186592e3b7b5494143694040e7525e53ff80e3816c0da6a2d9bd8c2864ae2a25775bf0e4ba92f4485b8d164a38352c725478ffc3a8fd98780fbe5fe336d33038f5275adc80771db7f603b75dc0d7e66b5"], 0x3c}, 0x1, 0x0, 0x0, 0x48c1}, 0x0) 2.127427056s ago: executing program 5 (id=1326): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x481, 0x0) r1 = dup(r0) ioctl$PTP_EXTTS_REQUEST2(r1, 0x40603d07, &(0x7f0000000040)) 2.006953197s ago: executing program 5 (id=1327): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0xfff1, 0xb}, {0xfff9, 0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) r3 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x1, 0x3}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004) 1.991744078s ago: executing program 3 (id=1328): sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00') fchdir(r3) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000100)=r0) r4 = gettid() r5 = syz_open_procfs(r4, &(0x7f0000000040)='timerslack_ns\x00') write$khugepaged_scan(r5, &(0x7f00000000c0), 0x8) 1.974410298s ago: executing program 1 (id=1329): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @multicast2}, 0x10) socket$inet6(0xa, 0x80002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) clock_getres(0x8, &(0x7f0000000000)) 675.080123ms ago: executing program 1 (id=1330): r0 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb01"], 0x0, 0x26}, 0x28) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="4c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff000000001c0012800b0001006772657461700000", @ANYRES32, @ANYBLOB='\b\x00\r\x00\x00\x00\x00\x00\b\x00?'], 0x4c}}, 0x0) 395.379646ms ago: executing program 6 (id=1331): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x40}}, 0x10) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x9d3354bba4295a8d, {{0x41}}}, 0x10) 377.965226ms ago: executing program 1 (id=1332): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000000200)={0xfc, {"a2e3ad0e090d07f91b481a1887f70706d038e7ff7fc6e5539b203c0a8b089b3f32356c300890e0879b0a4cc6e70a9b334a959b6696048ed30af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773180acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2ff7949d1f416e56c71b1931870262f5e801119242ca026bfcc21e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae1b9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2075a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982c04000000000000005c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80c1ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843ddbd8db411d8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227fff72de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e240100c0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f7524e2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458ffff5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945fc83d38a155d5284edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295bf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e542ccea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000", 0x1000}}, 0x1006) 377.504956ms ago: executing program 4 (id=1333): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x6, 0x4, 0xfff, 0x7, 0x88}, 0xa3) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000e41621eb70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 305.846037ms ago: executing program 5 (id=1334): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="28000000140009052cbd7000fdffffff02180000", @ANYRES32=r2, @ANYBLOB="08000200e066"], 0x28}, 0x1, 0x0, 0x0, 0x871ac4b30833d133}, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x4e21, @broadcast}}) ioctl$sock_inet_SIOCSIFADDR(r3, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @empty}}) 230.506298ms ago: executing program 6 (id=1335): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xe7c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) read$FUSE(r0, 0x0, 0x0) 174.968468ms ago: executing program 4 (id=1336): r0 = socket$pptp(0x18, 0x1, 0x2) socket$packet(0x11, 0x3, 0x300) r1 = dup(0xffffffffffffffff) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043) dup(0xffffffffffffffff) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r3, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a) splice(r2, 0x0, 0xffffffffffffffff, 0x0, 0xffff, 0x2) close_range(r0, 0xffffffffffffffff, 0x0) 160.801618ms ago: executing program 5 (id=1337): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000a00)='./bus\x00', 0x0, &(0x7f0000000080)={[{@errors_remount}, {@resuid}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@noblock_validity}]}, 0x3, 0x488, &(0x7f0000001340)="$eJzs3M1vFOUfAPDvTLuF/oBfq+ILL2oVjQ1qSwGVgwc1mnjAxEQPGk9NWwhSqKE1EUIUjMGTMSbejUf/BU96MUYvJl71bkiI6QXw4prZnWl3l90tLbtdYD+fZOB55qXP99uZZ/eZeXYbQN8ay/5JIrZHxB8RMVKt1u8wVv3v2vL5mevL52eSKJff+jup7Hd1+fxMsWtx3La8Mp5GpJ8lsadJu4tnz52cnp+fO5PXJ5dOfTC5ePbcsydOTR+fOz53+uCRI4cPTb3w/MHnmgc+tL48s5iu7v54Ye+u19/96o2jX9Tl35BHh4y12/hkudzh5nprR005GexhIKzLQERkp6tU6f8jMRCrJ28kXvu0p8EBXVUul8vbWm++UG6QNq4A7mBJ1Ndv6PLAXap4o8/uf4ulcRDwUveGHz135eXqDVCW97V8qW4ZjDTfp9Rwf9tJYxHxzoV/vsmW6M5zCACAOj9k459nmo3/0nigZr//53NDoxFxT0TcGxH3RcTOiLg/orLvgxHxUOXIWBk7raVxkuTG8U96+ZYSXEM2/nsxn9sazsZ/pZV2i8LoQF7bUcm/lBw7MT93IP+djEdpS1afatPGj6/+/mWrbbXjv2zJ4ijGgnkclwe31B8zO700vfGM6125GLF7sMi1dvybrMwEJBGxKyJ2b7CNE/u/29tq29r5t9GBeabytxFPVc//hViuz7+QtJ+fnNwa83MHJour4ka//HbpzVbtV/Lfv8H8OyA7///Lr/9rzfMfTWrnaxfX38alPz9veU+z0et/KHm7Ui6mgT+aXlo6MxUxlBytBl27/uDqsUW92D/Lf3xfs/zTymtc8ZvYExHZRfxwRDwSEY/msT8WEY9HxL42+f/8yhPvN92Q3uL13wFZ/rPrOv+rhaFoXNO8MHDyp+/rGh1dLeb5X29//g9XSuP5mpt5/buZuDZ2NQMAAMCdJ42I7ZGkEyvlNJ2YqH5efmdEOr+wuPT0sYUPT89WvyMwGqW0eNI1UvM8dCq/ra/WL0ZE9aMFxfZD+XPjrweGK/WJmYX52V4nD31uW4v+n/lroNfRAV3n+1rQv/R/6F/N+v/WHsQBbD7v/9C/mvT/4V7EAWy+Zu//n7Q/5N9uxQJsrob+b9oP+sj67/9/fa8rgQCbrmX/v5v/8g9Q4fk/9KXF4Vj7S/JtC8VP2uDht0shiYiO/sAo3RZ53XqhnDQ9uZFmhdLtEKFCFwq9fV0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADolP8CAAD//3fv18M=") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) 88.956459ms ago: executing program 6 (id=1338): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x80000000, 0x3, 0x3ff, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0xf5b1, 0xffffffff, 0x10000000, 0x99, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x1], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x0, 0x5ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffff8, 0x2, 0x0, 0x2000079, 0x400, 0x0, 0x0, 0x10000, 0x40000, 0x0, 0xc0800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4771], [0x0, 0x7f, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4, 0x0, 0x0, 0x0, 0x9], [0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x4, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0xfffffffd, 0x0, 0x0, 0x0, 0x8001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0xffffe]}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 0s ago: executing program 4 (id=1339): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0f000000040000000800000001"], 0x50) r1 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x1, 0x0) fchdir(r2) unshare(0x22020600) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x8000, 0x1f7) r4 = fanotify_init(0x200, 0x0) fanotify_mark(r4, 0x201, 0x4800003e, r3, 0x0) close_range(r3, 0xffffffffffffffff, 0x2) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@generic={&(0x7f0000000000)='./file0\x00', r0}, 0x18) kernel console output (not intermixed with test programs): 2595][ T4188] device veth1_macvtap entered promiscuous mode [ 73.635674][ T4199] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.648403][ T4189] device veth1_vlan entered promiscuous mode [ 73.660976][ T4193] device veth0_vlan entered promiscuous mode [ 73.671928][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 73.682627][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 73.691943][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 73.702687][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 73.711968][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 73.723369][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 73.741304][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 73.750716][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 73.763647][ T4199] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.784665][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.797451][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.810650][ T4188] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.820146][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 73.831077][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 73.854433][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 73.863644][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 73.872865][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 73.882628][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 73.893447][ T4237] Bluetooth: hci4: command 0x040f tx timeout [ 73.901913][ T4237] Bluetooth: hci1: command 0x040f tx timeout [ 73.908689][ T4237] Bluetooth: hci0: command 0x040f tx timeout [ 73.909084][ T4193] device veth1_vlan entered promiscuous mode [ 73.915307][ T4237] Bluetooth: hci3: command 0x040f tx timeout [ 73.929312][ T4237] Bluetooth: hci2: command 0x040f tx timeout [ 73.938336][ T4199] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.950531][ T4199] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.962276][ T4199] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.972952][ T4199] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.000161][ T4197] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.009760][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.021895][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.037889][ T4188] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.068953][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 74.080328][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 74.089329][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 74.098904][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.109672][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.120838][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 74.132067][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.152112][ T4188] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.163795][ T4188] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.174783][ T4188] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.184996][ T4188] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.204858][ T4193] device veth0_macvtap entered promiscuous mode [ 74.229496][ T4189] device veth0_macvtap entered promiscuous mode [ 74.248056][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 74.264994][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 74.276322][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.300609][ T4193] device veth1_macvtap entered promiscuous mode [ 74.326037][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 74.338988][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 74.349343][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 74.359789][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 74.379555][ T4189] device veth1_macvtap entered promiscuous mode [ 74.435717][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.450307][ T1233] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.456417][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.473836][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.482803][ T1233] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.486642][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.509029][ T4193] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.545408][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.559186][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.570052][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.581856][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.592711][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.605594][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.621339][ T4189] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.632227][ T1233] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 74.642466][ T1233] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.654945][ T1233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.666161][ T1233] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.675398][ T1233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.688801][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.702682][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.713727][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.726119][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.740998][ T4193] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.759865][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.772491][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.785324][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.802398][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.814295][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.827542][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.840949][ T4189] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.852837][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.866337][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.876404][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.885785][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.901095][ T4193] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.911558][ T4193] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.921743][ T4193] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.931692][ T4193] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.949708][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.961913][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.975451][ T4189] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.987576][ T4189] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.001635][ T4189] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.014689][ T4189] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.036444][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 75.055705][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 75.067851][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 75.079306][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 75.089333][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 75.102732][ T4197] device veth0_vlan entered promiscuous mode [ 75.182306][ T4197] device veth1_vlan entered promiscuous mode [ 75.218866][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.238861][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.278056][ T1233] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 75.305653][ T1233] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 75.324683][ T1233] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 75.388707][ T1233] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 75.388921][ T4263] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.403081][ T1233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 75.422109][ T4197] device veth0_macvtap entered promiscuous mode [ 75.431074][ T4263] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.451133][ T1233] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 75.461272][ T1233] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 75.476724][ T4197] device veth1_macvtap entered promiscuous mode [ 75.497468][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.512338][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.566629][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 75.576370][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 75.592370][ T4197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.609472][ T4197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.621095][ T4197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.632224][ T4197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.643034][ T4197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.659243][ T4197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.669667][ T4197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.681553][ T4197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.694733][ T4197] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.705849][ T4197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.718118][ T4197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.731102][ T4197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.742311][ T4197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.756353][ T4197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.771646][ T4197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.782502][ T4197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.793976][ T4197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.806278][ T4197] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.822783][ T4197] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.832644][ T4197] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.843188][ T4197] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.853644][ T4197] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.878092][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 75.893078][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 75.924140][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 75.933876][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 75.950350][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.969938][ T1108] Bluetooth: hci2: command 0x0419 tx timeout [ 75.984853][ T1108] Bluetooth: hci3: command 0x0419 tx timeout [ 75.992564][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.007731][ T1108] Bluetooth: hci0: command 0x0419 tx timeout [ 76.024030][ T1108] Bluetooth: hci1: command 0x0419 tx timeout [ 76.037557][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.048760][ T1108] Bluetooth: hci4: command 0x0419 tx timeout [ 76.056399][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.080292][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 76.099945][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 76.218462][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.228720][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.260832][ T4263] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.266423][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 76.291105][ T4263] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.319695][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 76.380670][ T4279] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 76.454227][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.511466][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.613857][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 77.778283][ T4301] dns_resolver: Unsupported content type (254) [ 81.466863][ T4351] loop0: detected capacity change from 0 to 8 [ 81.608530][ T4351] Major/Minor mismatch, trying to mount newer 13.0 filesystem [ 81.649000][ T4351] Please update your kernel [ 82.106204][ T4364] loop3: detected capacity change from 0 to 8192 [ 82.343470][ T4268] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. [ 82.388120][ T4268] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 83.311726][ T4268] loop3: p2 p4 [ 83.316049][ T4268] loop3: partition table partially beyond EOD, truncated [ 83.368571][ T4268] loop3: p2 start 452985600 is beyond EOD, truncated [ 83.376720][ T4268] loop3: p4 start 8388607 is beyond EOD, truncated [ 83.455515][ T4364] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. [ 83.481810][ T4364] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 83.502476][ T4364] loop3: p2 p4 [ 83.506154][ T4364] loop3: partition table partially beyond EOD, truncated [ 83.556753][ T4364] loop3: p2 start 452985600 is beyond EOD, truncated [ 83.589301][ T4364] loop3: p4 start 8388607 is beyond EOD, truncated [ 83.620218][ T4206] Bluetooth: Frame is too long (len 16, expected len 4) [ 83.631430][ T4400] device syzkaller0 entered promiscuous mode [ 83.822750][ T4400] sch_tbf: burst 6 is lower than device syzkaller0 mtu (1514) ! [ 85.080441][ T4432] loop2: detected capacity change from 0 to 128 [ 85.539991][ T4433] loop4: detected capacity change from 0 to 1024 [ 85.691961][ T4433] ======================================================= [ 85.691961][ T4433] WARNING: The mand mount option has been deprecated and [ 85.691961][ T4433] and is ignored by this kernel. Remove the mand [ 85.691961][ T4433] option from the mount to silence this warning. [ 85.691961][ T4433] ======================================================= [ 86.011883][ T4433] EXT4-fs error (device loop4): ext4_map_blocks:631: inode #3: block 2: comm syz.4.57: lblock 2 mapped to illegal pblock 2 (length 1) [ 86.030716][ T4433] Quota error (device loop4): qtree_write_dquot: dquota write failed [ 86.039621][ T4433] EXT4-fs error (device loop4): ext4_map_blocks:631: inode #3: block 48: comm syz.4.57: lblock 0 mapped to illegal pblock 48 (length 1) [ 86.058414][ T4433] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 86.068274][ T4433] EXT4-fs error (device loop4): ext4_acquire_dquot:6236: comm syz.4.57: Failed to acquire dquot type 0 [ 86.083495][ T4433] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 86.096253][ T4433] EXT4-fs error (device loop4): ext4_evict_inode:284: inode #11: comm syz.4.57: mark_inode_dirty error [ 86.111602][ T4433] EXT4-fs warning (device loop4): ext4_evict_inode:287: couldn't mark inode dirty (err -117) [ 86.125088][ T4433] EXT4-fs (loop4): 1 orphan inode deleted [ 86.132127][ T4433] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,data_err=ignore,nouid32,nodiscard,stripe=0x0000000000000002,noauto_da_alloc,,errors=continue. Quota mode: none. [ 86.227546][ T1233] EXT4-fs error (device loop4): ext4_map_blocks:631: inode #3: block 1: comm kworker/u4:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 86.443528][ T4432] EXT4-fs (loop2): mounted filesystem without journal. Opts: data_err=ignore,,errors=continue. Quota mode: none. [ 86.525729][ T1233] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 86.628361][ T4432] ext4 filesystem being mounted at /19/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 86.648966][ T1233] EXT4-fs error (device loop4): ext4_release_dquot:6272: comm kworker/u4:4: Failed to release dquot type 0 [ 86.927081][ C0] sched: RT throttling activated [ 87.974573][ T4193] EXT4-fs error (device loop4): __ext4_get_inode_loc:4334: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 88.089792][ T4193] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 88.161340][ T4193] EXT4-fs error (device loop4): ext4_quota_off:6542: inode #3: comm syz-executor: mark_inode_dirty error [ 88.416632][ T4464] netlink: 8 bytes leftover after parsing attributes in process `syz.3.71'. [ 89.873217][ T4494] netlink: 104 bytes leftover after parsing attributes in process `syz.2.81'. [ 90.455077][ T4509] usb usb8: usbfs: process 4509 (syz.2.88) did not claim interface 0 before use [ 91.173645][ T4515] loop2: detected capacity change from 0 to 256 [ 91.847352][ T4529] x_tables: duplicate underflow at hook 4 [ 92.454674][ T4523] loop0: detected capacity change from 0 to 4096 [ 92.464343][ T23] cfg80211: failed to load regulatory.db [ 92.774989][ T4542] process 'syz.2.99' launched './file1' with NULL argv: empty string added [ 93.346941][ T4523] EXT4-fs (loop0): Test dummy encryption mode enabled [ 93.479102][ T4523] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption,barrier=0x00000000000007ff,,errors=continue. Quota mode: writeback. [ 94.594094][ T4523] fscrypt (loop0): Missing crypto API support for AES-256-CTS-CBC (API name: "cts(cbc(aes))") [ 95.448199][ T4578] Zero length message leads to an empty skb [ 95.583336][ T4580] loop1: detected capacity change from 0 to 128 [ 95.593190][ T4582] netlink: 'syz.0.110': attribute type 21 has an invalid length. [ 95.612507][ T4582] netlink: 132 bytes leftover after parsing attributes in process `syz.0.110'. [ 95.749879][ T4469] Bluetooth: hci5: Frame reassembly failed (-84) [ 95.791080][ T4580] EXT4-fs (loop1): Test dummy encryption mode enabled [ 95.832588][ T4580] EXT4-fs (loop1): mounted filesystem without journal. Opts: test_dummy_encryption=v1,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: none. [ 95.855241][ T4587] loop4: detected capacity change from 0 to 256 [ 95.883317][ T4580] ext4 filesystem being mounted at /18/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 97.110330][ T4587] FAT-fs (loop4): bogus number of FAT sectors [ 97.162036][ T4587] FAT-fs (loop4): Can't find a valid FAT filesystem [ 97.757813][ T4236] Bluetooth: hci5: command 0x1003 tx timeout [ 97.777929][ T4198] Bluetooth: hci5: sending frame failed (-49) [ 100.271744][ T4237] Bluetooth: hci5: command 0x1001 tx timeout [ 100.278906][ T4198] Bluetooth: hci5: sending frame failed (-49) [ 100.332177][ T4641] x_tables: duplicate underflow at hook 3 [ 100.360295][ T4645] capability: warning: `syz.2.130' uses deprecated v2 capabilities in a way that may be insecure [ 100.901930][ T4657] loop2: detected capacity change from 0 to 512 [ 100.952548][ T4657] EXT4-fs (loop2): Test dummy encryption mode enabled [ 100.993776][ T4657] EXT4-fs (loop2): mounted filesystem without journal. Opts: data_err=ignore,init_itable=0x0000000000000000,minixdf,prjquota,nojournal_checksum,inode_readahead_blks=0x0000000000000001,barrier,lazytime,nogrpid,test_dummy_encryption,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 101.167632][ T4657] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 101.179092][ T4657] EXT4-fs error (device loop2): ext4_add_entry:2486: inode #2: comm syz.2.135: Directory hole found for htree leaf block 0 [ 102.622477][ T4237] Bluetooth: hci5: command 0x1009 tx timeout [ 102.938696][ T4688] netlink: 4 bytes leftover after parsing attributes in process `syz.1.145'. [ 103.126870][ T4697] netlink: 'syz.2.147': attribute type 1 has an invalid length. [ 103.163405][ T4697] netlink: 'syz.2.147': attribute type 2 has an invalid length. [ 103.299607][ T4703] netlink: 'syz.2.147': attribute type 1 has an invalid length. [ 103.308001][ T4703] netlink: 'syz.2.147': attribute type 2 has an invalid length. [ 104.711284][ T4726] loop1: detected capacity change from 0 to 512 [ 105.087670][ T4726] EXT4-fs (loop1): mounted filesystem without journal. Opts: noauto_da_alloc,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 105.373038][ T4726] ext4 filesystem being mounted at /28/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 105.650678][ T4726] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1176: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 105.671966][ T4726] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 23 with error 28 [ 105.686263][ T4726] EXT4-fs (loop1): This should not happen!! Data will be lost [ 105.686263][ T4726] [ 105.696519][ T4726] EXT4-fs (loop1): Total free blocks count 0 [ 105.711070][ T4726] EXT4-fs (loop1): Free/Dirty block details [ 105.717454][ T4726] EXT4-fs (loop1): free_blocks=65280 [ 105.724476][ T4726] EXT4-fs (loop1): dirty_blocks=24 [ 105.736106][ T4726] EXT4-fs (loop1): Block reservation details [ 105.742570][ T4726] EXT4-fs (loop1): i_reserved_data_blocks=24 [ 105.879897][ T4738] netlink: 'syz.2.154': attribute type 10 has an invalid length. [ 106.077179][ T4738] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.089659][ T4738] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 106.102651][ T4738] syz.2.154 (4738) used greatest stack depth: 20656 bytes left [ 106.164916][ T4306] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 65793 with max blocks 1 with error 28 [ 106.214715][ T4740] loop4: detected capacity change from 0 to 1024 [ 106.243837][ T4306] EXT4-fs (loop1): This should not happen!! Data will be lost [ 106.243837][ T4306] [ 106.388478][ T4740] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 106.554280][ T4750] netlink: 108 bytes leftover after parsing attributes in process `syz.2.165'. [ 108.564525][ T4777] loop0: detected capacity change from 0 to 512 [ 110.261592][ T4777] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,sb=0x0000000000000001,,errors=continue. Quota mode: writeback. [ 110.279857][ T4777] ext4 filesystem being mounted at /28/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 112.966845][ T4802] netlink: 'syz.2.173': attribute type 10 has an invalid length. [ 116.208833][ T4862] netlink: 'syz.1.190': attribute type 10 has an invalid length. [ 116.306524][ T4862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.318430][ T4862] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 117.984088][ T4873] serio: Serial port ptm0 [ 120.583609][ T4900] device syzkaller0 entered promiscuous mode [ 121.972148][ T4921] netlink: 'syz.1.211': attribute type 1 has an invalid length. [ 122.144091][ T4921] 8021q: adding VLAN 0 to HW filter on device bond1 [ 122.496630][ T4921] bond1: (slave dummy0): making interface the new active one [ 122.611245][ T4921] bond1: (slave dummy0): Enslaving as an active interface with an up link [ 122.680589][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 122.731133][ T4934] device bond1 entered promiscuous mode [ 122.810440][ T4934] device dummy0 entered promiscuous mode [ 122.888832][ T4928] loop3: detected capacity change from 0 to 8192 [ 123.285901][ T4947] netlink: 'syz.1.218': attribute type 10 has an invalid length. [ 123.914765][ T4928] attempt to access beyond end of device [ 123.914765][ T4928] loop3: rw=0, want=57848, limit=8192 [ 123.957495][ T4928] Buffer I/O error on dev loop3, logical block 57847, async page read [ 123.991525][ T4928] attempt to access beyond end of device [ 123.991525][ T4928] loop3: rw=0, want=57848, limit=8192 [ 124.037692][ T4928] Buffer I/O error on dev loop3, logical block 57847, async page read [ 124.122736][ T26] audit: type=1800 audit(1778106834.236:2): pid=4928 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.214" name="file2" dev="loop3" ino=1048614 res=0 errno=0 [ 125.417545][ T4979] netlink: 'syz.2.221': attribute type 10 has an invalid length. [ 125.680158][ T4981] loop1: detected capacity change from 0 to 512 [ 126.026549][ T4985] netlink: 76 bytes leftover after parsing attributes in process `syz.4.229'. [ 127.698925][ T5011] tipc: Started in network mode [ 127.704461][ T5011] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 127.753614][ T5011] tipc: Enabling of bearer rejected, failed to enable media [ 131.946205][ T5095] netlink: 'syz.4.260': attribute type 10 has an invalid length. [ 132.458745][ T5095] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 132.497514][ T5095] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 132.507599][ T5095] syz.4.260 (5095) used greatest stack depth: 20016 bytes left [ 132.746027][ T5100] loop2: detected capacity change from 0 to 512 [ 132.884265][ T5100] EXT4-fs (loop2): Test dummy encryption mode enabled [ 132.897366][ T5100] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 132.943177][ T5100] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 133.021772][ T5100] EXT4-fs error (device loop2): ext4_orphan_get:1432: comm syz.2.263: bad orphan inode 131083 [ 133.086528][ T5100] EXT4-fs (loop2): mounted filesystem without journal. Opts: test_dummy_encryption,init_itable,noload,,errors=continue. Quota mode: none. [ 133.321161][ T5115] netlink: 'syz.4.264': attribute type 10 has an invalid length. [ 133.343650][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.350188][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.807311][ T5100] fscrypt (loop2): Missing crypto API support for AES-256-CTS-CBC (API name: "cts(cbc(aes))") [ 134.068272][ T5117] overlayfs: failed to resolve './bus': -2 [ 134.160665][ T5125] loop5: detected capacity change from 0 to 7 [ 134.212556][ T5125] Dev loop5: unable to read RDB block 7 [ 134.225455][ T5125] loop5: unable to read partition table [ 134.240833][ T5125] loop5: partition table beyond EOD, truncated [ 134.335661][ T5125] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 134.465643][ T5139] loop2: detected capacity change from 0 to 512 [ 134.580139][ T5143] input: syz1 as /devices/virtual/input/input8 [ 134.642363][ T5138] team0 (unregistering): Port device team_slave_0 removed [ 134.674857][ T5138] team0 (unregistering): Failed to send options change via netlink (err -105) [ 134.718428][ T5138] team0 (unregistering): Failed to send port change of device team_slave_1 via netlink (err -105) [ 134.743992][ T5138] team0 (unregistering): Port device team_slave_1 removed [ 134.783205][ T5139] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 134.858495][ T5139] ext4 filesystem being mounted at /66/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 140.655867][ T5209] netlink: 12 bytes leftover after parsing attributes in process `syz.1.296'. [ 142.506020][ T5205] ODEBUG: Out of memory. ODEBUG disabled [ 145.789928][ T5272] loop3: detected capacity change from 0 to 512 [ 146.183807][ T5272] EXT4-fs (loop3): mounted filesystem without journal. Opts: data_err=ignore,,errors=continue. Quota mode: writeback. [ 146.189266][ T5280] loop2: detected capacity change from 0 to 128 [ 146.201890][ T5272] ext4 filesystem being mounted at /64/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 146.600218][ T5287] netlink: 'syz.0.319': attribute type 10 has an invalid length. [ 146.735302][ T5287] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 146.745538][ T5287] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 147.588095][ T9] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.714706][ T9] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.134603][ T9] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.385154][ T9] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.128593][ T5317] netlink: 16 bytes leftover after parsing attributes in process `syz.0.338'. [ 149.534503][ T5297] chnl_net:caif_netlink_parms(): no params data found [ 149.887251][ T4237] Bluetooth: hci4: command 0x0409 tx timeout [ 149.896011][ T5297] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.937237][ T5297] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.986611][ T5297] device bridge_slave_0 entered promiscuous mode [ 150.031023][ T5297] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.066102][ T5297] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.128591][ T5297] device bridge_slave_1 entered promiscuous mode [ 150.209723][ T5297] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 150.236828][ T5297] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 151.174364][ T5362] serio: Serial port ttynull [ 151.182500][ T5297] team0: Port device team_slave_0 added [ 151.501595][ T5297] team0: Port device team_slave_1 added [ 152.067414][ T4237] Bluetooth: hci4: command 0x041b tx timeout [ 152.315918][ T5297] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 152.328679][ T5297] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 152.412613][ T5297] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 152.443690][ T5382] netlink: 'syz.3.353': attribute type 74 has an invalid length. [ 152.457947][ T5373] netlink: 'syz.4.350': attribute type 13 has an invalid length. [ 152.525896][ T5373] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 152.545701][ T5373] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 152.613162][ T5373] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 152.751587][ T5377] sch_tbf: burst 6 is lower than device gretap0 mtu (1476) ! [ 152.914052][ T5297] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 152.933156][ T5297] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.002955][ T5297] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 154.002535][ T5297] device hsr_slave_0 entered promiscuous mode [ 154.033885][ T5297] device hsr_slave_1 entered promiscuous mode [ 154.052876][ T5297] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 154.069111][ T5297] Cannot create hsr debugfs directory [ 154.228153][ T4235] Bluetooth: hci4: command 0x040f tx timeout [ 156.587063][ T4237] Bluetooth: hci4: command 0x0419 tx timeout [ 156.698336][ T5297] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 157.872916][ T5297] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 157.903843][ T5297] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 157.982894][ T5297] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 158.183148][ T9] device hsr_slave_0 left promiscuous mode [ 158.227844][ T9] device hsr_slave_1 left promiscuous mode [ 158.273351][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 158.295446][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 158.323090][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 158.353302][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 158.377953][ T9] device bridge_slave_1 left promiscuous mode [ 158.385892][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.461038][ T9] device bridge_slave_0 left promiscuous mode [ 158.477251][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.525754][ T9] device veth1_macvtap left promiscuous mode [ 158.544457][ T9] device veth0_macvtap left promiscuous mode [ 158.581820][ T9] device veth1_vlan left promiscuous mode [ 158.595638][ T9] device veth0_vlan left promiscuous mode [ 160.146547][ T9] team0 (unregistering): Port device team_slave_1 removed [ 160.314367][ T9] team0 (unregistering): Port device team_slave_0 removed [ 160.483785][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 160.570893][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 160.732629][ T9] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 160.834525][ T9] bond0 (unregistering): Released all slaves [ 161.041351][ T5297] 8021q: adding VLAN 0 to HW filter on device bond0 [ 161.164803][ T5472] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 161.471605][ T5119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 162.363191][ T5119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 162.490889][ T5297] 8021q: adding VLAN 0 to HW filter on device team0 [ 162.558294][ T5505] device syzkaller0 entered promiscuous mode [ 162.621426][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 162.640378][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 162.667617][ T4292] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.674781][ T4292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 162.773522][ T5515] loop0: detected capacity change from 0 to 512 [ 162.802129][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 162.832378][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 162.844506][ T5515] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 162.851641][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 162.901290][ T5515] EXT4-fs (loop0): 1 orphan inode deleted [ 162.907582][ T5515] EXT4-fs (loop0): 1 truncate cleaned up [ 162.913260][ T5515] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000004000000,jqfmt=vfsv0,quota,. Quota mode: writeback. [ 163.023127][ T5515] EXT4-fs error (device loop0): htree_dirblock_to_tree:1112: inode #2: block 255: comm syz.0.389: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 163.062510][ T4292] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.069816][ T4292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 163.092680][ T5515] EXT4-fs (loop0): Remounting filesystem read-only [ 163.093298][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 163.800658][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 163.829105][ T5526] netlink: 12 bytes leftover after parsing attributes in process `syz.4.390'. [ 163.853118][ T5297] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 163.863588][ T5297] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 163.906920][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 163.945150][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 164.000241][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 164.044648][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 164.093755][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 164.158029][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 164.190148][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 164.214479][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 164.498331][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 166.360748][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 166.695807][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 166.734753][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 166.762978][ T5297] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 167.141060][ T5577] netlink: 12 bytes leftover after parsing attributes in process `syz.3.403'. [ 167.596110][ T5578] 9pnet: Insufficient options for proto=fd [ 169.146662][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 169.341636][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 170.212045][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 170.232865][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 170.245531][ T1108] kernel write not supported for file /input/mice (pid: 1108 comm: kworker/0:2) [ 170.284158][ T5297] device veth0_vlan entered promiscuous mode [ 170.292375][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 170.303162][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 170.341923][ T5297] device veth1_vlan entered promiscuous mode [ 170.477259][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 170.497515][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 170.658354][ T5297] device veth0_macvtap entered promiscuous mode [ 170.722504][ T5297] device veth1_macvtap entered promiscuous mode [ 171.249016][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 171.349282][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 171.466979][ T5635] netlink: 12 bytes leftover after parsing attributes in process `syz.1.415'. [ 171.513433][ T5297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.616821][ T5297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.767080][ T5297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.804185][ T5297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.815039][ T5297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.849681][ T5297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.189256][ T5297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.485729][ T5297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.665322][ T5297] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 172.727278][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 172.744480][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 172.834667][ T5297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.864726][ T5297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.886560][ T5297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.906582][ T5297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.916912][ T5297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.937882][ T5297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.955987][ T5297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.968592][ T5297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.997066][ T5297] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 173.017760][ T5297] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.026792][ T5297] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.050330][ T5297] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.070057][ T5297] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.148377][ T4336] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 173.177525][ T4336] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 173.765836][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 173.811239][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.281943][ T4336] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 174.398619][ T5678] netlink: 12 bytes leftover after parsing attributes in process `syz.1.431'. [ 174.580108][ T4292] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.616837][ T4292] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.652537][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 175.889150][ T5724] loop0: detected capacity change from 0 to 256 [ 177.198102][ T5742] loop4: detected capacity change from 0 to 128 [ 177.398182][ T5742] FAT-fs (loop4): Directory bread(block 414) failed [ 177.405041][ T5742] FAT-fs (loop4): Directory bread(block 415) failed [ 178.325770][ T5748] loop0: detected capacity change from 0 to 1024 [ 178.332434][ T5742] FAT-fs (loop4): Directory bread(block 416) failed [ 178.372949][ T5742] FAT-fs (loop4): Directory bread(block 417) failed [ 178.412899][ T5742] FAT-fs (loop4): Directory bread(block 418) failed [ 178.477240][ T5742] FAT-fs (loop4): Directory bread(block 419) failed [ 178.504412][ T5742] FAT-fs (loop4): Directory bread(block 420) failed [ 178.537218][ T5742] FAT-fs (loop4): Directory bread(block 421) failed [ 178.633131][ T5742] FAT-fs (loop4): Directory bread(block 414) failed [ 178.650516][ T5742] FAT-fs (loop4): Directory bread(block 415) failed [ 178.730338][ T5748] EXT4-fs (loop0): mounted filesystem without journal. Opts: nouid32,nodioread_nolock,noquota,delalloc,journal_dev=0x0000000000000009,nodioread_nolock,,errors=continue. Quota mode: none. [ 178.750837][ T5748] ext4 filesystem being mounted at /86/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 178.790102][ T5748] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.449: bg 0: block 112: padding at end of block bitmap is not set [ 178.819877][ T5748] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 43 with error 28 [ 178.839458][ T5748] EXT4-fs (loop0): This should not happen!! Data will be lost [ 178.839458][ T5748] [ 178.924869][ T5748] EXT4-fs (loop0): Total free blocks count 0 [ 178.979724][ T5748] EXT4-fs (loop0): Free/Dirty block details [ 179.021021][ T5778] netlink: 40 bytes leftover after parsing attributes in process `syz.4.456'. [ 179.104173][ T5748] EXT4-fs (loop0): free_blocks=0 [ 179.224722][ T5748] EXT4-fs (loop0): dirty_blocks=48 [ 179.290125][ T5748] EXT4-fs (loop0): Block reservation details [ 179.296403][ T5748] EXT4-fs (loop0): i_reserved_data_blocks=3 [ 181.101725][ T5806] netlink: 'syz.5.452': attribute type 10 has an invalid length. [ 181.265568][ T5814] loop4: detected capacity change from 0 to 512 [ 181.306761][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 181.316735][ T5806] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 181.400946][ T5814] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsddf,max_dir_size_kb=0x0000000000000a30,grpquota,,errors=continue. Quota mode: writeback. [ 181.505063][ T5814] ext4 filesystem being mounted at /97/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 181.715239][ T5833] syz.1.470 sent an empty control message without MSG_MORE. [ 182.135696][ T5842] device syzkaller0 entered promiscuous mode [ 184.148635][ T5876] netlink: 'syz.5.479': attribute type 10 has an invalid length. [ 185.306861][ T5896] loop1: detected capacity change from 0 to 256 [ 188.027670][ T5927] device syzkaller0 entered promiscuous mode [ 188.178511][ T5933] loop5: detected capacity change from 0 to 128 [ 189.169057][ T5933] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 189.316477][ T5933] ext4 filesystem being mounted at /13/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 189.774527][ T5967] netlink: 'syz.5.503': attribute type 12 has an invalid length. [ 191.324737][ T5987] device syzkaller0 entered promiscuous mode [ 191.865406][ T4269] Bluetooth: hci2: command 0x0406 tx timeout [ 192.008174][ T4269] Bluetooth: hci1: command 0x0406 tx timeout [ 192.054955][ T4269] Bluetooth: hci0: command 0x0406 tx timeout [ 192.100409][ T4269] Bluetooth: hci3: command 0x0406 tx timeout [ 192.327774][ T5974] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 193.672647][ T6029] netlink: 'syz.0.520': attribute type 10 has an invalid length. [ 194.690765][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.700398][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.779960][ T6038] device syzkaller0 entered promiscuous mode [ 195.856454][ T6051] device syzkaller0 entered promiscuous mode [ 196.618803][ T6057] lo: Caught tx_queue_len zero misconfig [ 196.866381][ T5353] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 196.875373][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 197.259042][ T4307] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 197.268025][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 198.484562][ T4260] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 198.492943][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 198.525532][ T4236] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 198.533945][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 199.167792][ T4435] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 199.623695][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 200.347116][ T6116] syz.3.541 uses obsolete (PF_INET,SOCK_PACKET) [ 202.012547][ T6134] device syzkaller0 entered promiscuous mode [ 202.179889][ T6124] net_ratelimit: 14 callbacks suppressed [ 202.179908][ T6124] sctp: failed to load transform for md5: -2 [ 202.481413][ T5353] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 202.489829][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 202.509023][ T6148] netlink: 4 bytes leftover after parsing attributes in process `syz.3.552'. [ 202.689592][ C1] vxcan0: j1939_tp_rxtimer: 0xffff888079507400: rx timeout, send abort [ 202.847339][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 202.856340][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 203.560008][ C1] vxcan0: j1939_tp_rxtimer: 0xffff888079506800: rx timeout, send abort [ 203.568710][ C1] vxcan0: j1939_tp_rxtimer: 0xffff888079507400: abort rx timeout. Force session deactivation [ 203.647470][ T4336] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 203.739723][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 203.765964][ T5353] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 203.847099][ T6153] netlink: 'syz.0.554': attribute type 12 has an invalid length. [ 203.899659][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 203.938888][ T4235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 204.069204][ C1] vxcan0 (unregistered): j1939_tp_rxtimer: 0xffff888079506800: abort rx timeout. Force session deactivation [ 204.345611][ T6177] sch_tbf: burst 6 is lower than device syzkaller0 mtu (1514) ! [ 205.858614][ T6198] loop1: detected capacity change from 0 to 8192 [ 205.986079][ T6198] attempt to access beyond end of device [ 205.986079][ T6198] loop1: rw=0, want=57848, limit=8192 [ 206.216001][ T6198] Buffer I/O error on dev loop1, logical block 57847, async page read [ 206.502690][ T6198] attempt to access beyond end of device [ 206.502690][ T6198] loop1: rw=0, want=57848, limit=8192 [ 206.716320][ T6198] Buffer I/O error on dev loop1, logical block 57847, async page read [ 206.767398][ T26] audit: type=1800 audit(1778106916.886:3): pid=6198 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.564" name="file2" dev="loop1" ino=1048617 res=0 errno=0 [ 206.836673][ T6218] loop0: detected capacity change from 0 to 512 [ 206.984319][ T6224] device syzkaller0 entered promiscuous mode [ 206.993710][ T6218] EXT4-fs (loop0): Test dummy encryption mode enabled [ 207.014774][ T6218] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 207.085825][ T6218] EXT4-fs error (device loop0): ext4_orphan_get:1432: comm syz.0.569: bad orphan inode 131083 [ 207.124402][ T6218] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption,init_itable,noload,,errors=continue. Quota mode: none. [ 207.290380][ T6235] sch_tbf: burst 6 is lower than device syzkaller0 mtu (1514) ! [ 207.383465][ T6218] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 207.415092][ T6249] netlink: 4 bytes leftover after parsing attributes in process `syz.1.572'. [ 207.430858][ T6236] overlayfs: upper fs needs to support d_type. [ 207.714342][ T6259] netlink: 4 bytes leftover after parsing attributes in process `syz.1.576'. [ 207.911204][ T4197] EXT4-fs error (device loop0): ext4_readdir:263: inode #2: block 13: comm syz-executor: path /106/bus: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 208.185647][ T4269] net_ratelimit: 15 callbacks suppressed [ 208.185668][ T4269] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 208.199742][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 209.401920][ T4269] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 209.410746][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 209.425224][ T4596] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 209.433782][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 209.545902][ T4235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 209.554513][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 209.570307][ T6278] netlink: 12 bytes leftover after parsing attributes in process `syz.3.580'. [ 209.676937][ T6282] netlink: 20 bytes leftover after parsing attributes in process `syz.4.583'. [ 209.859621][ T4307] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.106979][ T1108] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 210.115649][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 210.168355][ T6303] sch_tbf: burst 6 is lower than device syzkaller0 mtu (1514) ! [ 210.277294][ T4307] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.812980][ T6312] bond0: (slave batadv0): Error: Slave device does not support XDP [ 210.881580][ T6317] netlink: 12 bytes leftover after parsing attributes in process `syz.1.589'. [ 211.376170][ T4307] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.269186][ T4307] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.677174][ T23] net_ratelimit: 14 callbacks suppressed [ 213.677195][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 213.691395][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 214.098941][ T6356] netlink: 16 bytes leftover after parsing attributes in process `syz.4.598'. [ 214.371885][ T4236] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 214.380344][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 214.448587][ T6344] chnl_net:caif_netlink_parms(): no params data found [ 214.490789][ T6367] device syzkaller0 entered promiscuous mode [ 214.720054][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 214.728675][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 215.253806][ T6344] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.261508][ T6344] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.603506][ T4292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 215.611853][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 215.653432][ T6344] device bridge_slave_0 entered promiscuous mode [ 215.709369][ T6344] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.766610][ T6344] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.800768][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 215.802097][ T6344] device bridge_slave_1 entered promiscuous mode [ 215.809490][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 215.831767][ T6344] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 215.857187][ T6344] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 215.887121][ T2267] Bluetooth: hci3: command 0x0409 tx timeout [ 216.369555][ T6344] team0: Port device team_slave_0 added [ 216.639592][ T6344] team0: Port device team_slave_1 added [ 216.968032][ T6344] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 217.008647][ T6344] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.197186][ T6344] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 217.256720][ T6344] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 217.273261][ T6344] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.348845][ T6344] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 217.579652][ T6344] device hsr_slave_0 entered promiscuous mode [ 217.598278][ T6344] device hsr_slave_1 entered promiscuous mode [ 217.795076][ T6468] netlink: 'syz.4.618': attribute type 10 has an invalid length. [ 218.541815][ T4269] Bluetooth: hci3: command 0x041b tx timeout [ 218.599316][ T4307] device hsr_slave_0 left promiscuous mode [ 218.607875][ T4307] device hsr_slave_1 left promiscuous mode [ 218.638235][ T4307] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 218.657321][ T4307] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 218.687209][ T4307] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 218.700041][ T4307] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 218.721323][ T4307] device bridge_slave_1 left promiscuous mode [ 218.734436][ T4307] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.784830][ T4307] device bridge_slave_0 left promiscuous mode [ 218.809478][ T4307] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.851882][ T4307] device veth1_macvtap left promiscuous mode [ 218.867207][ T4307] device veth0_macvtap left promiscuous mode [ 219.037926][ T4307] device veth1_vlan left promiscuous mode [ 219.190747][ T4307] device veth0_vlan left promiscuous mode [ 219.649244][ T4269] net_ratelimit: 14 callbacks suppressed [ 219.649262][ T4269] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 219.663529][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 220.127304][ T4235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 220.135891][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 220.287597][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 220.313543][ T4307] team0 (unregistering): Port device team_slave_1 removed [ 220.533698][ T4307] team0 (unregistering): Port device team_slave_0 removed [ 220.565430][ T4307] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 220.595932][ T4307] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 220.704010][ T4307] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 220.762778][ T23] Bluetooth: hci3: command 0x040f tx timeout [ 220.769329][ T4292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 220.777878][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 220.786119][ T4269] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 220.794561][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 220.796540][ T4307] bond0 (unregistering): Released all slaves [ 220.888587][ T6496] team0 (unregistering): Port device team_slave_0 removed [ 220.917424][ T6496] team0 (unregistering): Port device team_slave_1 removed [ 221.327300][ T6537] netlink: 8 bytes leftover after parsing attributes in process `syz.4.636'. [ 221.569621][ T4292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 222.089623][ T6344] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 222.161293][ T6344] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 222.173581][ T6544] loop3: detected capacity change from 0 to 512 [ 222.198720][ T6344] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 222.388237][ T6344] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 222.504124][ T6544] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,usrquota,minixdf,nombcache,. Quota mode: writeback. [ 222.770427][ T6544] ext4 filesystem being mounted at /145/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 222.849372][ T2267] Bluetooth: hci3: command 0x0419 tx timeout [ 224.963688][ T23] net_ratelimit: 11 callbacks suppressed [ 224.963709][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.977968][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.999104][ T6344] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.099138][ T6592] netlink: 4 bytes leftover after parsing attributes in process `syz.3.647'. [ 225.175869][ T6344] 8021q: adding VLAN 0 to HW filter on device team0 [ 225.977544][ T4235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 225.986342][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 226.228776][ T6590] team0 (unregistering): Port device team_slave_0 removed [ 226.527984][ T6590] team0 (unregistering): Port device team_slave_1 removed [ 226.646717][ T2267] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 226.655712][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 226.667121][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 226.675327][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 226.691005][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 226.691152][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 226.699748][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 226.707607][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 226.715835][ T4596] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.730675][ T4596] bridge0: port 1(bridge_slave_0) entered forwarding state [ 226.750708][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 226.763542][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 226.774719][ T4596] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.781949][ T4596] bridge0: port 2(bridge_slave_1) entered forwarding state [ 226.940503][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 226.979742][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 227.021627][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 227.065934][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 227.137321][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 227.187655][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 227.214371][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 227.282467][ T6344] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 227.311207][ T6344] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 227.327688][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 227.336217][ T4336] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 227.351398][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 227.371699][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 227.559322][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 227.719568][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 227.872832][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 228.021361][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 228.295983][ T6639] device syzkaller0 entered promiscuous mode [ 228.725832][ T6653] netlink: 'syz.5.661': attribute type 10 has an invalid length. [ 229.416712][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 229.442405][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 229.485617][ T6656] loop1: detected capacity change from 0 to 512 [ 229.511342][ T6344] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 229.721847][ T6656] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 230.529249][ T2267] net_ratelimit: 10 callbacks suppressed [ 230.529270][ T2267] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 230.543392][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 230.900681][ T6693] device syzkaller1 entered promiscuous mode [ 231.021433][ T6704] device syzkaller0 entered promiscuous mode [ 231.832986][ T4235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 231.841372][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 231.868305][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 231.876978][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 231.956759][ T6712] [U] zÍ [ 232.144307][ T6723] netlink: 'syz.1.675': attribute type 10 has an invalid length. [ 232.450421][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 232.459016][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 232.923928][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 232.932913][ T2267] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 232.941311][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 232.965025][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 232.997889][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 233.018326][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 233.041017][ T6344] device veth0_vlan entered promiscuous mode [ 233.052395][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 233.095873][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 233.211491][ T6735] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 233.253490][ T6735] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 233.316798][ T6735] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 233.356713][ T6735] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 233.426171][ T6735] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 233.468864][ T6735] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 233.621714][ T6344] device veth1_vlan entered promiscuous mode [ 233.776212][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 233.850922][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 233.918243][ T6344] device veth0_macvtap entered promiscuous mode [ 234.129229][ T6763] netlink: 4 bytes leftover after parsing attributes in process `syz.4.684'. [ 234.831965][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 234.860737][ T6344] device veth1_macvtap entered promiscuous mode [ 235.363292][ T6344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.446063][ T6344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.476448][ T6344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.512601][ T6344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.543366][ T6344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.577450][ T6344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.591842][ T23] net_ratelimit: 10 callbacks suppressed [ 235.591860][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.596540][ T6344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.598047][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.606059][ T6344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.651813][ T6344] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 235.663516][ T6344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.681260][ T6344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.692018][ T6344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.702883][ T6344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.720046][ T6344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.734305][ T6344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.749050][ T6344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.764141][ T6344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.866016][ T6344] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 235.875913][ T6778] device syzkaller0 entered promiscuous mode [ 235.904327][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 235.917932][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 236.021720][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 236.113183][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 236.149916][ T6344] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.177451][ T6344] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.216531][ T6344] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.253627][ T6344] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.403637][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 236.412127][ T4596] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 236.431262][ T4596] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 236.441457][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 236.679748][ T2239] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 236.688125][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 236.716901][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 236.730350][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 236.767752][ T4237] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 236.776086][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 237.698834][ T6817] loop6: detected capacity change from 0 to 256 [ 237.801823][ T2267] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 237.810453][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 237.896933][ T6817] FAT-fs (loop6): Directory bread(block 64) failed [ 238.639794][ T4596] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 238.648477][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 238.687355][ T6817] FAT-fs (loop6): Directory bread(block 65) failed [ 238.784302][ T6817] FAT-fs (loop6): Directory bread(block 66) failed [ 238.859446][ T6817] FAT-fs (loop6): Directory bread(block 67) failed [ 238.935146][ T6817] FAT-fs (loop6): Directory bread(block 68) failed [ 238.942105][ T6817] FAT-fs (loop6): Directory bread(block 69) failed [ 239.662323][ T6817] FAT-fs (loop6): Directory bread(block 70) failed [ 239.693607][ T6817] FAT-fs (loop6): Directory bread(block 71) failed [ 239.721673][ T6817] FAT-fs (loop6): Directory bread(block 72) failed [ 239.760313][ T6817] FAT-fs (loop6): Directory bread(block 73) failed [ 240.071244][ T6841] device syzkaller0 entered promiscuous mode [ 240.622558][ T6853] loop6: detected capacity change from 0 to 512 [ 240.699189][ T6857] device syzkaller1 entered promiscuous mode [ 240.712413][ T6859] netlink: 'syz.4.699': attribute type 10 has an invalid length. [ 240.738970][ T6857] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 240.840042][ T6853] EXT4-fs (loop6): orphan cleanup on readonly fs [ 240.866048][ T6853] EXT4-fs warning (device loop6): ext4_xattr_inode_get:506: inode #11: comm syz.6.705: EA inode hash validation failed [ 240.932750][ T6853] EXT4-fs warning (device loop6): ext4_expand_extra_isize_ea:2807: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 241.032549][ T6853] EXT4-fs (loop6): 1 orphan inode deleted [ 241.041555][ T2267] net_ratelimit: 12 callbacks suppressed [ 241.041572][ T2267] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 241.055739][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 241.087311][ T6853] EXT4-fs (loop6): mounted filesystem without journal. Opts: nodioread_nolock,journal_dev=0x00000000000000ff,debug_want_extra_isize=0x000000000000005c,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000008d55,,errors=continue. Quota mode: writeback. [ 242.289793][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 242.298298][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 242.900897][ T4236] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 242.909517][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 242.934291][ T6906] device syzkaller0 entered promiscuous mode [ 243.007514][ T6908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 243.505867][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 243.514298][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 244.017417][ T4336] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 244.495711][ T6939] loop5: detected capacity change from 0 to 2048 [ 244.575200][ T6942] netlink: 'syz.4.722': attribute type 10 has an invalid length. [ 245.396914][ T6939] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 245.544424][ T6954] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1176: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 245.634852][ T6954] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 245.718383][ T6954] EXT4-fs (loop5): This should not happen!! Data will be lost [ 245.718383][ T6954] [ 245.863738][ T6954] EXT4-fs (loop5): Total free blocks count 0 [ 245.950169][ T6954] EXT4-fs (loop5): Free/Dirty block details [ 245.956204][ T6954] EXT4-fs (loop5): free_blocks=66060288 [ 246.022034][ T6954] EXT4-fs (loop5): dirty_blocks=64 [ 246.071662][ T6954] EXT4-fs (loop5): Block reservation details [ 246.125436][ T6976] device syzkaller0 entered promiscuous mode [ 246.131773][ T6954] EXT4-fs (loop5): i_reserved_data_blocks=4 [ 246.351326][ T6983] loop1: detected capacity change from 0 to 1024 [ 246.371389][ T4336] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 2 with error 28 [ 246.406320][ T4336] EXT4-fs (loop5): This should not happen!! Data will be lost [ 246.406320][ T4336] [ 246.418573][ T6983] EXT4-fs (loop1): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 246.472181][ T6983] ext4 filesystem being mounted at /152/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 246.609606][ T6990] EXT4-fs error (device loop1): ext4_map_blocks:741: inode #15: block 3: comm syz.1.735: lblock 3 mapped to illegal pblock 3 (length 3) [ 246.676668][ T4269] net_ratelimit: 13 callbacks suppressed [ 246.676685][ T4269] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 246.690834][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 246.707148][ T6990] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 246.748418][ T6990] EXT4-fs (loop1): This should not happen!! Data will be lost [ 246.748418][ T6990] [ 246.788729][ T6983] EXT4-fs error (device loop1): ext4_map_blocks:741: inode #15: block 8: comm syz.1.735: lblock 8 mapped to illegal pblock 8 (length 8) [ 246.827304][ T6999] netlink: 16 bytes leftover after parsing attributes in process `syz.3.739'. [ 246.877423][ T6983] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 246.938466][ T6983] EXT4-fs (loop1): This should not happen!! Data will be lost [ 246.938466][ T6983] [ 246.952938][ T7003] loop5: detected capacity change from 0 to 256 [ 247.082863][ T7003] FAT-fs (loop5): Directory bread(block 64) failed [ 247.092310][ T7003] FAT-fs (loop5): Directory bread(block 65) failed [ 247.117380][ T7003] FAT-fs (loop5): Directory bread(block 66) failed [ 247.124127][ T7003] FAT-fs (loop5): Directory bread(block 67) failed [ 247.135823][ T7003] FAT-fs (loop5): Directory bread(block 68) failed [ 247.160138][ T7003] FAT-fs (loop5): Directory bread(block 69) failed [ 247.199798][ T7003] FAT-fs (loop5): Directory bread(block 70) failed [ 247.214278][ T7003] FAT-fs (loop5): Directory bread(block 71) failed [ 247.228571][ T7003] FAT-fs (loop5): Directory bread(block 72) failed [ 247.244196][ T7003] FAT-fs (loop5): Directory bread(block 73) failed [ 247.585109][ T7022] device syzkaller0 entered promiscuous mode [ 247.746138][ T4269] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 247.754837][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 247.865113][ T7037] loop1: detected capacity change from 0 to 128 [ 248.024424][ T7037] FAT-fs (loop1): Unrecognized mount option "18446744073709551615ÿÿÿ" or missing value [ 248.431351][ T7046] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 248.440411][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 248.547410][ T4237] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 248.555828][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 248.882605][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 248.890965][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 249.161434][ T7064] netlink: 156 bytes leftover after parsing attributes in process `syz.3.756'. [ 249.162624][ T7060] netlink: 'syz.6.753': attribute type 1 has an invalid length. [ 249.180232][ T7064] netlink: 4 bytes leftover after parsing attributes in process `syz.3.756'. [ 249.326825][ T7075] device syzkaller0 entered promiscuous mode [ 250.379576][ T7094] netlink: 'syz.5.754': attribute type 10 has an invalid length. [ 250.454537][ T7095] netlink: 'syz.3.765': attribute type 4 has an invalid length. [ 250.515337][ T7095] netlink: 152 bytes leftover after parsing attributes in process `syz.3.765'. [ 250.588653][ T7099] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 250.700047][ T7099] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 250.919936][ T4190] Bluetooth: hci2: unexpected event for opcode 0x0411 [ 251.129784][ T7120] overlayfs: upper fs does not support file handles, falling back to index=off. [ 251.223015][ T7124] device syzkaller0 entered promiscuous mode [ 251.241077][ T7127] netlink: 'syz.6.775': attribute type 39 has an invalid length. [ 251.970760][ T7144] loop6: detected capacity change from 0 to 512 [ 252.100018][ T7144] EXT4-fs (loop6): inline encryption not supported [ 252.511064][ T7144] EXT4-fs error (device loop6): ext4_orphan_get:1432: comm syz.6.780: bad orphan inode 15 [ 252.586930][ T7144] ext4_test_bit(bit=14, block=5) = 0 [ 252.592868][ T7144] EXT4-fs (loop6): mounted filesystem without journal. Opts: noblock_validity,stripe=0x0000000000000001,inlinecrypt,grpid,journal_ioprio=0x0000000000000002,journal_ioprio=0x0000000000000003,nolazytime,noload,,errors=continue. Quota mode: none. [ 252.617607][ T2267] net_ratelimit: 14 callbacks suppressed [ 252.617624][ T2267] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 252.631610][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 252.961915][ T7171] device syzkaller0 entered promiscuous mode [ 253.026267][ T7178] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 253.035572][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 253.184908][ T7186] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 254.047702][ T4233] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 254.056083][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 254.305217][ T2267] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 254.313917][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 254.349625][ T7207] netlink: 'syz.4.801': attribute type 4 has an invalid length. [ 254.522588][ T7216] loop1: detected capacity change from 0 to 512 [ 254.739990][ T7216] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 254.820807][ T7216] ext4 filesystem being mounted at /166/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 254.886769][ T7234] netlink: 'syz.5.799': attribute type 10 has an invalid length. [ 255.362871][ T4307] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 256.457543][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.464059][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.724033][ T7275] tipc: Enabling of bearer rejected, failed to enable media [ 256.871053][ T7282] loop4: detected capacity change from 0 to 256 [ 256.946933][ T7283] loop3: detected capacity change from 0 to 1024 [ 256.958294][ T7287] netlink: 'syz.5.822': attribute type 1 has an invalid length. [ 257.365915][ T7283] EXT4-fs warning (device loop3): read_mmp_block:115: Error -117 while reading MMP block 64 [ 257.907940][ T7287] 8021q: adding VLAN 0 to HW filter on device bond1 [ 258.647209][ T7293] bond1: (slave dummy0): making interface the new active one [ 258.675963][ T7293] bond1: (slave dummy0): Enslaving as an active interface with an up link [ 258.874834][ T7290] bond1: (slave veth3): Enslaving as an active interface with a down link [ 258.950659][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 259.213807][ T7325] loop5: detected capacity change from 0 to 512 [ 259.522536][ T7325] EXT4-fs error (device loop5): ext4_iget_extra_inode:4573: inode #15: comm syz.5.831: corrupted in-inode xattr [ 259.799693][ T7325] EXT4-fs error (device loop5): ext4_orphan_get:1411: comm syz.5.831: couldn't read orphan inode 15 (err -117) [ 259.933407][ T7325] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 260.121586][ T26] audit: type=1800 audit(1778106970.246:4): pid=7325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.831" name="file0" dev="loop5" ino=13 res=0 errno=0 [ 260.144320][ T7325] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.831: bg 0: block 465: padding at end of block bitmap is not set [ 260.203690][ T7345] netlink: 4 bytes leftover after parsing attributes in process `syz.3.834'. [ 260.224269][ T7325] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6191: Corrupt filesystem [ 260.243495][ T7325] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.831: invalid indirect mapped block 234881024 (level 0) [ 260.528770][ T7367] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 260.575046][ T7363] loop6: detected capacity change from 0 to 2048 [ 260.672404][ T7363] EXT4-fs (loop6): Test dummy encryption mode enabled [ 260.691180][ T7374] netlink: 'syz.3.844': attribute type 1 has an invalid length. [ 260.704526][ T7363] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 260.781183][ T7363] EXT4-fs (loop6): mounted filesystem without journal. Opts: errors=remount-ro,resuid=0x0000000000000000,block_validity,min_batch_time=0x0000000000000007,quota,noblock_validity,dioread_nolock,nojournal_checksum,test_dummy_encryption,errors=remount-ro,. Quota mode: writeback. [ 260.934983][ T7385] device syzkaller0 entered promiscuous mode [ 261.252453][ T9] net_ratelimit: 11 callbacks suppressed [ 261.252474][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 261.266598][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 261.277185][ T4384] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 261.285567][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 261.421815][ T7404] device syzkaller0 entered promiscuous mode [ 261.496313][ T7404] sch_tbf: burst 6 is lower than device syzkaller0 mtu (1514) ! [ 261.887768][ T4384] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 261.896072][ T4292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 261.904492][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 261.912717][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 261.915367][ T26] audit: type=1326 audit(1778106972.046:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7392 comm="syz.5.850" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde6428fdd9 code=0x7fc00000 [ 261.921438][ T4336] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 262.856568][ T4384] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 263.014827][ T7426] netlink: 'syz.4.859': attribute type 1 has an invalid length. [ 263.030729][ T7431] netlink: 8 bytes leftover after parsing attributes in process `syz.1.861'. [ 263.139083][ T7435] device syzkaller0 entered promiscuous mode [ 263.724553][ T7468] netlink: 'syz.6.876': attribute type 1 has an invalid length. [ 263.795106][ T7472] netlink: 16 bytes leftover after parsing attributes in process `syz.1.877'. [ 263.807949][ T7473] bpf: Bad value for 'mode' [ 263.973206][ T7477] netlink: 76 bytes leftover after parsing attributes in process `syz.1.879'. [ 264.000332][ T7477] netlink: 52 bytes leftover after parsing attributes in process `syz.1.879'. [ 264.013312][ T7477] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.022177][ T7477] bridge0: port 1(bridge_slave_0) entered disabled state [ 264.225082][ T7480] device syzkaller0 entered promiscuous mode [ 265.484257][ T7528] netlink: 'syz.1.894': attribute type 39 has an invalid length. [ 265.874385][ T7550] netlink: 'syz.4.901': attribute type 1 has an invalid length. [ 265.960402][ T4190] Bluetooth: Wrong link type (-22) [ 266.286212][ T7565] netlink: 'syz.5.908': attribute type 1 has an invalid length. [ 266.414728][ T4190] Bluetooth: hci2: ACL packet too small [ 266.659185][ T7581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 266.845693][ T7581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.008602][ T4307] net_ratelimit: 4 callbacks suppressed [ 267.008623][ T4307] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 267.022988][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 267.059774][ T4263] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 267.068208][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 267.159124][ T7581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 267.371638][ T7581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.381906][ T7581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 267.392707][ T7581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.402956][ T7581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 267.418086][ T7581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.439608][ T26] audit: type=1326 audit(1778106977.566:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7587 comm="syz.5.915" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fde6428fdd9 code=0x0 [ 267.463808][ T7581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 267.482428][ T7581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.549737][ T7581] batman_adv: batadv0: Adding interface: vlan2 [ 267.566242][ T7581] batman_adv: batadv0: The MTU of interface vlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 267.652358][ T4336] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 267.661054][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 267.716949][ T7581] batman_adv: batadv0: Not using interface vlan2 (retrying later): interface not active [ 268.427928][ T4292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 268.436534][ T4292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 268.453477][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 268.467726][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 268.778230][ T7612] netlink: 'syz.1.923': attribute type 1 has an invalid length. [ 270.998481][ T7639] netem: change failed [ 271.773009][ T7661] sctp: [Deprecated]: syz.6.938 (pid 7661) Use of int in max_burst socket option deprecated. [ 271.773009][ T7661] Use struct sctp_assoc_value instead [ 272.793461][ T4384] net_ratelimit: 2 callbacks suppressed [ 272.793478][ T4384] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 272.807605][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 272.816465][ T154] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 272.824759][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 272.979443][ T1108] Bluetooth: hci3: command 0x0405 tx timeout [ 273.614606][ T4336] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 273.623003][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 273.632214][ T1108] Bluetooth: hci4: command 0x0406 tx timeout [ 273.871652][ T4190] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 273.881788][ T4190] CPU: 0 PID: 4190 Comm: kworker/u5:1 Not tainted syzkaller #0 [ 273.889448][ T4190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 273.899526][ T4190] Workqueue: hci3 hci_rx_work [ 273.904243][ T4190] Call Trace: [ 273.907538][ T4190] [ 273.910634][ T4190] dump_stack_lvl+0x188/0x250 [ 273.915343][ T4190] ? show_regs_print_info+0x20/0x20 [ 273.920565][ T4190] ? load_image+0x400/0x400 [ 273.925105][ T4190] sysfs_create_dir_ns+0x26a/0x290 [ 273.930243][ T4190] ? sysfs_warn_dup+0xa0/0xa0 [ 273.934936][ T4190] ? process_one_work+0x85f/0x1010 [ 273.940083][ T4190] ? do_raw_spin_unlock+0x11d/0x230 [ 273.945324][ T4190] kobject_add_internal+0x6e0/0xd90 [ 273.950552][ T4190] kobject_add+0x160/0x230 [ 273.955003][ T4190] ? kobject_init+0x1d0/0x1d0 [ 273.959708][ T4190] ? klist_children_get+0x50/0x50 [ 273.964757][ T4190] ? get_device_parent+0x121/0x3f0 [ 273.969901][ T4190] device_add+0x483/0xfb0 [ 273.974266][ T4190] hci_conn_add_sysfs+0xd1/0x1e0 [ 273.979234][ T4190] le_conn_complete_evt+0xc48/0x15c0 [ 273.984556][ T4190] ? cs_le_create_conn+0x5e0/0x5e0 [ 273.989703][ T4190] ? __mutex_trylock_common+0x155/0x260 [ 273.995377][ T4190] hci_le_meta_evt+0x285/0x3c90 [ 274.000258][ T4190] ? hci_event_packet+0x37b/0x1370 [ 274.005397][ T4190] ? __lock_acquire+0x7d10/0x7d10 [ 274.010460][ T4190] ? hci_remote_host_features_evt+0x280/0x280 [ 274.016831][ T4190] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 274.022837][ T4190] ? mark_lock+0x94/0x320 [ 274.027188][ T4190] ? mutex_unlock+0x10/0x10 [ 274.031719][ T4190] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 274.037730][ T4190] ? lock_chain_count+0x20/0x20 [ 274.042612][ T4190] ? __rwlock_init+0x140/0x140 [ 274.047405][ T4190] hci_event_packet+0xe48/0x1370 [ 274.052371][ T4190] ? lockdep_hardirqs_on+0x94/0x140 [ 274.057611][ T4190] ? rcu_lock_release+0x20/0x20 [ 274.062498][ T4190] ? hci_send_to_monitor+0x9c/0x4a0 [ 274.067721][ T4190] hci_rx_work+0x255/0xa10 [ 274.072184][ T4190] process_one_work+0x85f/0x1010 [ 274.077174][ T4190] ? worker_detach_from_pool+0x240/0x240 [ 274.082838][ T4190] ? lockdep_hardirqs_off+0x70/0x100 [ 274.087724][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 274.088156][ T4190] ? _raw_spin_lock_irq+0xb7/0xf0 [ 274.096416][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 274.101249][ T4190] ? _raw_spin_lock_irqsave+0x100/0x100 [ 274.101277][ T4190] ? wq_worker_running+0x97/0x170 [ 274.101302][ T4190] worker_thread+0xaa6/0x1290 [ 274.115630][ T4336] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 274.120346][ T4190] kthread+0x436/0x520 [ 274.120371][ T4190] ? rcu_lock_release+0x20/0x20 [ 274.125211][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 274.133199][ T4190] ? kthread_blkcg+0xd0/0xd0 [ 274.133225][ T4190] ret_from_fork+0x1f/0x30 [ 274.133262][ T4190] [ 274.162924][ T4190] kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 274.179280][ T4190] Bluetooth: hci3: failed to register connection device [ 276.253353][ T7748] netlink: 'syz.6.955': attribute type 10 has an invalid length. [ 276.978833][ T7748] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 276.989013][ T7748] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 277.606094][ T7779] netlink: 'syz.3.971': attribute type 1 has an invalid length. [ 278.528052][ T4263] net_ratelimit: 2 callbacks suppressed [ 278.528071][ T4263] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 278.542236][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 278.552039][ T4307] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 278.560461][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 278.900576][ T7803] loop5: detected capacity change from 0 to 256 [ 279.064301][ T7803] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 279.134668][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 279.167791][ T4292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 279.168798][ T7803] FAT-fs (loop5): Filesystem has been set read-only [ 279.176197][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 279.272297][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 279.337209][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 279.377177][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 279.417566][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 279.445050][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 279.495661][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 279.548001][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 279.813122][ T4292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 279.821778][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 279.832762][ T4307] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 279.841367][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 280.121076][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 280.685179][ T4237] Bluetooth: hci3: command 0x0406 tx timeout [ 280.727146][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 280.936140][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 281.629058][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 281.704953][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 281.756554][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 281.827189][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 281.877134][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 281.911950][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 281.931909][ T7843] device syzkaller0 entered promiscuous mode [ 281.952115][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 282.014954][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 282.078045][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 282.117129][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 282.197123][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 282.206099][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 282.327942][ T7803] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 282.336694][ T26] audit: type=1800 audit(1778106992.456:7): pid=7803 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.975" name="file1" dev="loop5" ino=1048639 res=0 errno=0 [ 282.813551][ T7883] loop5: detected capacity change from 0 to 1024 [ 282.902245][ T7883] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 282.904223][ T7892] syz.6.1002 (7892): drop_caches: 4 [ 283.112630][ T7903] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 284.918288][ T4292] net_ratelimit: 2 callbacks suppressed [ 284.918306][ T4292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 284.932839][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 284.944819][ T4435] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 284.952984][ T4435] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 284.961825][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 284.970177][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 285.049509][ T7922] tipc: Started in network mode [ 285.096341][ T7922] tipc: Node identity 7f000001, cluster identity 4711 [ 285.134935][ T7922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 285.157436][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 285.196745][ T7922] tipc: Enabled bearer , priority 10 [ 285.267802][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 285.347429][ T7922] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 285.379501][ T7922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 285.423487][ T7922] tipc: Enabled bearer , priority 10 [ 285.589092][ T7955] syzkaller0: tun_chr_ioctl cmd 1074025672 [ 285.594979][ T7955] syzkaller0: ignored: set checksum disabled [ 285.646027][ T7957] netlink: 'syz.5.1024': attribute type 1 has an invalid length. [ 285.714572][ T7957] device bond2 entered promiscuous mode [ 285.733695][ T7957] 8021q: adding VLAN 0 to HW filter on device bond2 [ 285.813512][ T7964] bond2: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 285.850337][ T7964] bond2: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 285.861057][ T7964] bond2: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode [ 286.002168][ T7964] bond2: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 286.042321][ T7964] bond2: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 286.063477][ T7981] loop1: detected capacity change from 0 to 1024 [ 286.156898][ T7981] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodelalloc,norecovery,min_batch_time=0x0000000010000005,nojournal_checksum,debug_want_extra_isize=0x0000000000000080,nodelalloc,inode_readahead_blks=0x0000000000200000,resgid=0x0000000000000000,inode_readahead_blks=0x0000000,errors=continue. Quota mode: none. [ 286.400471][ T4269] tipc: Node number set to 2130706433 [ 287.295054][ T8006] loop3: detected capacity change from 0 to 2048 [ 287.427915][ T8010] device team_slave_0 entered promiscuous mode [ 287.434844][ T8010] device team_slave_1 entered promiscuous mode [ 287.479454][ T8010] device team_slave_0 left promiscuous mode [ 287.486206][ T8010] device team_slave_1 left promiscuous mode [ 287.517985][ T8006] EXT4-fs (loop3): mounted filesystem without journal. Opts: init_itable=0x0000000000000001,errors=remount-ro,resgid=0x0000000000000000,barrier,bsdgroups,inode_readahead_blks=0x0000000000002000,. Quota mode: none. [ 287.560198][ T8006] ext4 filesystem being mounted at /250/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 287.588288][ T8006] EXT4-fs (loop3): shut down requested (1) [ 289.967183][ C1] net_ratelimit: 31 callbacks suppressed [ 289.967203][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 289.981880][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 290.918366][ T4263] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 290.926690][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 290.939195][ T4263] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 290.947516][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 291.486482][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 291.494914][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 291.647857][ T4292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 291.670213][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 292.087689][ T8105] Cannot find del_set index 0 as target [ 292.205372][ T8107] loop4: detected capacity change from 0 to 2048 [ 292.307171][ T8107] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 4294967295)! [ 292.645931][ T8107] EXT4-fs (loop4): group descriptors corrupted! [ 293.399904][ T8123] loop3: detected capacity change from 0 to 2048 [ 293.825183][ T8123] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 294.605583][ T8158] tc_dump_action: action bad kind [ 294.641802][ T8159] loop1: detected capacity change from 0 to 2048 [ 294.777719][ T8170] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 294.820929][ T8159] EXT4-fs (loop1): mounted filesystem without journal. Opts: init_itable,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 295.158832][ T8186] loop6: detected capacity change from 0 to 512 [ 295.489548][ T8186] EXT4-fs (loop6): Ignoring removed nobh option [ 295.647478][ C1] net_ratelimit: 16 callbacks suppressed [ 295.647499][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 295.661573][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 295.752056][ T8186] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -13 [ 296.074702][ T8186] EXT4-fs error (device loop6): ext4_clear_blocks:883: inode #13: comm syz.6.1085: attempt to clear invalid blocks 1 len 1 [ 296.185318][ T8186] EXT4-fs (loop6): Remounting filesystem read-only [ 296.248399][ T8186] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1176: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 296.334060][ T8196] loop1: detected capacity change from 0 to 512 [ 296.350243][ T8186] EXT4-fs (loop6): Remounting filesystem read-only [ 296.408268][ T8186] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #13: comm syz.6.1085: invalid indirect mapped block 1819239214 (level 0) [ 296.433057][ T8196] EXT4-fs (loop1): Ignoring removed bh option [ 296.447504][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 296.455851][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 296.464543][ T4292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 296.473480][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 296.522490][ T8196] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 296.557786][ T8186] EXT4-fs (loop6): Remounting filesystem read-only [ 296.597466][ T8186] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #13: comm syz.6.1085: invalid indirect mapped block 1819239214 (level 1) [ 296.673343][ T8196] EXT4-fs (loop1): 1 truncate cleaned up [ 296.685241][ T8196] EXT4-fs (loop1): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000001,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none. [ 296.727313][ T8186] EXT4-fs (loop6): Remounting filesystem read-only [ 296.763246][ T8186] EXT4-fs (loop6): 1 truncate cleaned up [ 296.789537][ T8186] EXT4-fs (loop6): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000100000,resuid=0x0000000000000000,jqfmt=vfsv1,errors=remount-ro,nobh,usrjquota=... Quota mode: writeback. [ 296.916945][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 296.925511][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 296.953408][ T8186] EXT4-fs error (device loop6): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.6.1085: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 296.984620][ T8186] EXT4-fs (loop6): Remounting filesystem read-only [ 297.088167][ T4292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 297.096763][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 297.520500][ T8214] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1087'. [ 297.611894][ T4206] Bluetooth: hci3: link tx timeout [ 297.617696][ T4206] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 297.629923][ T4206] Bluetooth: hci3: link tx timeout [ 297.635185][ T4206] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 297.645446][ T4206] Bluetooth: hci3: link tx timeout [ 297.652450][ T4206] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 297.660654][ T4206] Bluetooth: hci3: link tx timeout [ 297.665944][ T4206] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 297.673844][ T4206] Bluetooth: hci3: link tx timeout [ 297.680172][ T4206] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 297.688006][ T4206] Bluetooth: hci3: link tx timeout [ 297.693185][ T4206] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 297.946588][ T8231] loop6: detected capacity change from 0 to 256 [ 298.312059][ T8231] FAT-fs (loop6): Directory bread(block 64) failed [ 298.483553][ T8231] FAT-fs (loop6): Directory bread(block 65) failed [ 298.677232][ T8231] FAT-fs (loop6): Directory bread(block 66) failed [ 298.714941][ T8231] FAT-fs (loop6): Directory bread(block 67) failed [ 298.765869][ T8248] capability: warning: `syz.4.1098' uses 32-bit capabilities (legacy support in use) [ 298.784956][ T8231] FAT-fs (loop6): Directory bread(block 68) failed [ 298.831887][ T8231] FAT-fs (loop6): Directory bread(block 69) failed [ 298.838619][ T8231] FAT-fs (loop6): Directory bread(block 70) failed [ 298.857079][ T8231] FAT-fs (loop6): Directory bread(block 71) failed [ 298.863775][ T8231] FAT-fs (loop6): Directory bread(block 72) failed [ 298.904227][ T8231] FAT-fs (loop6): Directory bread(block 73) failed [ 299.292466][ T8285] loop1: detected capacity change from 0 to 8 [ 299.385331][ T8285] SQUASHFS error: zlib decompression failed, data probably corrupt [ 299.403707][ T8285] SQUASHFS error: Failed to read block 0x9b: -5 [ 299.453073][ T8285] SQUASHFS error: Unable to read metadata cache entry [99] [ 299.487076][ T8285] SQUASHFS error: Unable to read inode 0x127 [ 299.702860][ T8049] Bluetooth: hci3: command 0x0406 tx timeout [ 301.531495][ T8335] device syzkaller1 entered promiscuous mode [ 301.568009][ T4307] net_ratelimit: 12 callbacks suppressed [ 301.568031][ T4307] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 301.582247][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 301.617368][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 301.625872][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 301.768004][ T8342] device syzkaller0 entered promiscuous mode [ 302.190694][ T8368] ieee802154 phy0 wpan0: encryption failed: -22 [ 302.257210][ T4435] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 302.265653][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 302.337369][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 302.345736][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 302.687855][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 302.696280][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 303.240364][ T8383] netlink: 256 bytes leftover after parsing attributes in process `syz.5.1138'. [ 303.491598][ T8395] device syzkaller0 entered promiscuous mode [ 303.823389][ T8414] loop6: detected capacity change from 0 to 512 [ 304.035876][ T8414] EXT4-fs error (device loop6): ext4_orphan_get:1406: inode #15: comm syz.6.1150: inode has both inline data and extents flags [ 304.052347][ T8414] EXT4-fs error (device loop6): ext4_orphan_get:1411: comm syz.6.1150: couldn't read orphan inode 15 (err -117) [ 304.065200][ T8414] EXT4-fs (loop6): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 306.856871][ C1] net_ratelimit: 12 callbacks suppressed [ 306.856889][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 306.871108][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 307.348761][ T4384] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 307.357353][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 307.886568][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 307.895289][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 307.914937][ T4469] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 307.923781][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 308.628166][ T4596] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 308.645309][ T4307] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 311.174774][ T8538] loop3: detected capacity change from 0 to 256 [ 315.783913][ T8575] loop6: detected capacity change from 0 to 512 [ 315.847977][ T8576] loop1: detected capacity change from 0 to 512 [ 315.925782][ C1] net_ratelimit: 12 callbacks suppressed [ 315.925802][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 315.940265][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 315.949552][ T4596] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 315.957809][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 315.965959][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 315.974515][ T4307] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 315.983131][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 315.994807][ T4263] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 316.024261][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 316.916351][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 317.281781][ T8575] EXT4-fs (loop6): mounted filesystem without journal. Opts: i_version,nodioread_nolock,min_batch_time=0x00000000000003ff,,errors=continue. Quota mode: none. [ 317.310434][ T8576] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 317.395387][ T8576] ext4 filesystem being mounted at /255/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 317.409774][ T8575] EXT4-fs (loop6): Online resizing not supported with sparse_super2 [ 317.565012][ T8603] Quota error (device loop1): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8 [ 317.568787][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.582468][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.604106][ T8603] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 317.621862][ T8603] EXT4-fs error (device loop1): ext4_acquire_dquot:6236: comm syz.1.1209: Failed to acquire dquot type 0 [ 317.828914][ T8616] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1224'. [ 317.848365][ T8616] sch_tbf: burst 4 is lower than device lo mtu (65550) ! [ 317.970900][ T8621] loop3: detected capacity change from 0 to 512 [ 318.257988][ T8621] EXT4-fs (loop3): Ignoring removed bh option [ 318.478510][ T8621] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 318.854309][ T8621] EXT4-fs error (device loop3): ext4_find_inline_data_nolock:163: inode #15: comm syz.3.1227: inline data xattr refers to an external xattr inode [ 318.899887][ T8621] EXT4-fs error (device loop3): ext4_orphan_get:1411: comm syz.3.1227: couldn't read orphan inode 15 (err -117) [ 318.976679][ T8626] loop5: detected capacity change from 0 to 2048 [ 319.001086][ T8621] EXT4-fs (loop3): mounted filesystem without journal. Opts: quota,resgid=0x000000000000ee00,bh,noload,data_err=ignore,abort,,errors=continue. Quota mode: writeback. [ 319.091563][ T8626] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 319.442520][ T8646] loop4: detected capacity change from 0 to 2048 [ 319.512067][ T8649] loop5: detected capacity change from 0 to 512 [ 319.683408][ T8649] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 319.724477][ T8649] EXT4-fs (loop5): invalid journal inode [ 319.731430][ T8649] EXT4-fs (loop5): can't get journal size [ 319.909567][ T8655] device syzkaller1 entered promiscuous mode [ 319.967205][ T8646] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 319.991423][ T8649] EXT4-fs (loop5): 1 truncate cleaned up [ 320.055851][ T8649] EXT4-fs (loop5): mounted filesystem without journal. Opts: norecovery,max_batch_time=0x0000000000000003,,errors=continue. Quota mode: none. [ 320.639475][ T8649] EXT4-fs warning (device loop5): verify_group_input:147: Cannot add at group 5 (only 1 groups) [ 321.165082][ C1] net_ratelimit: 10 callbacks suppressed [ 321.165099][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 321.179200][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 321.258674][ T8681] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 321.267818][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 321.405533][ T4384] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 321.413963][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 321.422979][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 321.435347][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 321.444159][ T4469] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 321.452784][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 322.792759][ T8700] loop4: detected capacity change from 0 to 128 [ 323.038295][ T8700] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 323.082227][ T8700] ext4 filesystem being mounted at /245/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 323.256612][ T8709] loop6: detected capacity change from 0 to 256 [ 323.871640][ T8727] loop1: detected capacity change from 0 to 512 [ 324.008417][ T8727] EXT4-fs (loop1): Ignoring removed orlov option [ 324.026701][ T8727] EXT4-fs (loop1): Ignoring removed nobh option [ 324.162798][ T8727] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.1263: bg 0: block 248: padding at end of block bitmap is not set [ 324.252601][ T8727] Quota error (device loop1): write_blk: dquota write failed [ 324.260218][ T8727] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 324.373624][ T8727] EXT4-fs error (device loop1): ext4_acquire_dquot:6236: comm syz.1.1263: Failed to acquire dquot type 1 [ 324.391290][ T8727] EXT4-fs (loop1): 1 truncate cleaned up [ 324.397226][ T8727] EXT4-fs (loop1): mounted filesystem without journal. Opts: dax=inode,nodiscard,noblock_validity,grpjquota=,nombcache,orlov,abort,nobh,stripe=0x0000000000000010,,errors=continue. Quota mode: writeback. [ 324.418448][ T8727] ext4 filesystem being mounted at /268/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 324.425662][ T8742] af_packet: tpacket_rcv: packet too big, clamped from 42 to 4294967286. macoff=82 [ 325.767666][ T8777] loop3: detected capacity change from 0 to 512 [ 325.812887][ T8777] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 325.857016][ T8777] ext4 filesystem being mounted at /304/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 325.944765][ T8777] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1176: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 326.031892][ T8777] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28 [ 326.064678][ T8777] EXT4-fs (loop3): This should not happen!! Data will be lost [ 326.064678][ T8777] [ 326.099611][ T8777] EXT4-fs (loop3): Total free blocks count 0 [ 326.106338][ T8777] EXT4-fs (loop3): Free/Dirty block details [ 326.112621][ T8777] EXT4-fs (loop3): free_blocks=65280 [ 326.118641][ T8777] EXT4-fs (loop3): dirty_blocks=33 [ 326.123942][ T8777] EXT4-fs (loop3): Block reservation details [ 326.134350][ T8777] EXT4-fs (loop3): i_reserved_data_blocks=33 [ 326.444274][ C1] net_ratelimit: 16 callbacks suppressed [ 326.444293][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 326.458489][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 326.667246][ T8798] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 326.675789][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 327.155979][ T4206] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 327.167647][ T4206] CPU: 1 PID: 4206 Comm: kworker/u5:9 Not tainted syzkaller #0 [ 327.175326][ T4206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 327.185409][ T4206] Workqueue: hci0 hci_rx_work [ 327.190130][ T4206] Call Trace: [ 327.193427][ T4206] [ 327.196378][ T4206] dump_stack_lvl+0x188/0x250 [ 327.201092][ T4206] ? show_regs_print_info+0x20/0x20 [ 327.206856][ T4206] ? load_image+0x400/0x400 [ 327.211450][ T4206] sysfs_create_dir_ns+0x26a/0x290 [ 327.216591][ T4206] ? sysfs_warn_dup+0xa0/0xa0 [ 327.221300][ T4206] ? process_one_work+0x85f/0x1010 [ 327.226439][ T4206] ? do_raw_spin_unlock+0x11d/0x230 [ 327.231672][ T4206] kobject_add_internal+0x6e0/0xd90 [ 327.236902][ T4206] kobject_add+0x160/0x230 [ 327.241344][ T4206] ? kobject_init+0x1d0/0x1d0 [ 327.246096][ T4206] ? klist_children_get+0x50/0x50 [ 327.251150][ T4206] ? get_device_parent+0x121/0x3f0 [ 327.256495][ T4206] device_add+0x483/0xfb0 [ 327.260888][ T4206] hci_conn_add_sysfs+0xd1/0x1e0 [ 327.265895][ T4206] le_conn_complete_evt+0xc48/0x15c0 [ 327.267818][ T4469] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 327.271228][ T4206] ? cs_le_create_conn+0x5e0/0x5e0 [ 327.280251][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 327.284436][ T4206] ? __mutex_trylock_common+0x155/0x260 [ 327.284480][ T4206] hci_le_meta_evt+0x285/0x3c90 [ 327.284508][ T4206] ? hci_event_packet+0x37b/0x1370 [ 327.296695][ T4384] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 327.298148][ T4206] ? __lock_acquire+0x7d10/0x7d10 [ 327.303319][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 327.308237][ T4206] ? hci_remote_host_features_evt+0x280/0x280 [ 327.308276][ T4206] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 327.308302][ T4206] ? mark_lock+0x94/0x320 [ 327.308322][ T4206] ? mutex_unlock+0x10/0x10 [ 327.318430][ T4307] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 327.321824][ T4206] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 327.330275][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 327.335964][ T4206] ? lock_chain_count+0x20/0x20 [ 327.336003][ T4206] ? __rwlock_init+0x140/0x140 [ 327.336030][ T4206] hci_event_packet+0xe48/0x1370 [ 327.387367][ T4206] ? lockdep_hardirqs_on+0x94/0x140 [ 327.392612][ T4206] ? rcu_lock_release+0x20/0x20 [ 327.397508][ T4206] ? hci_send_to_monitor+0x9c/0x4a0 [ 327.402740][ T4206] hci_rx_work+0x255/0xa10 [ 327.407217][ T4206] process_one_work+0x85f/0x1010 [ 327.412193][ T4206] ? worker_detach_from_pool+0x240/0x240 [ 327.417941][ T4206] ? lockdep_hardirqs_off+0x70/0x100 [ 327.423385][ T4206] ? _raw_spin_lock_irq+0xb7/0xf0 [ 327.428547][ T4206] ? _raw_spin_lock_irqsave+0x100/0x100 [ 327.434124][ T4206] ? wq_worker_running+0x97/0x170 [ 327.439181][ T4206] worker_thread+0xaa6/0x1290 [ 327.443954][ T4206] ? lockdep_hardirqs_on+0x94/0x140 [ 327.449541][ T4206] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 327.455551][ T4206] kthread+0x436/0x520 [ 327.459638][ T4206] ? rcu_lock_release+0x20/0x20 [ 327.464490][ T4206] ? kthread_blkcg+0xd0/0xd0 [ 327.469120][ T4206] ret_from_fork+0x1f/0x30 [ 327.473543][ T4206] [ 327.480288][ T4206] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 327.494955][ T4206] Bluetooth: hci0: failed to register connection device [ 327.997377][ T8822] device syzkaller0 entered promiscuous mode [ 329.000825][ T8783] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 329.191800][ T8851] loop5: detected capacity change from 0 to 1024 [ 329.265394][ T8851] EXT4-fs (loop5): Test dummy encryption mode enabled [ 329.282364][ T8851] EXT4-fs (loop5): inline encryption not supported [ 329.501761][ T8851] EXT4-fs (loop5): mounted filesystem without journal. Opts: test_dummy_encryption,i_version,noblock_validity,commit=0x0000000000000005,inlinecrypt,max_batch_time=0x0000000000000000,abort,auto_da_alloc,lazytime,noauto_da_alloc,block_validity,,errors=continue. Quota mode: writeback. [ 330.705389][ T8884] device syzkaller0 entered promiscuous mode [ 330.765377][ T8888] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1319'. [ 331.644069][ C1] net_ratelimit: 16 callbacks suppressed [ 331.644095][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 331.658394][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 332.450839][ T4307] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 332.459459][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 332.566479][ T8908] loop6: detected capacity change from 0 to 512 [ 332.600418][ T8908] EXT4-fs (loop6): feature flags set on rev 0 fs, running e2fsck is recommended [ 332.634101][ T8908] EXT4-fs (loop6): ea_inode feature is not supported for Hurd [ 332.639509][ T8911] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 332.650216][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 332.683549][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 332.692154][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 332.952802][ T4596] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 332.961416][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 334.131119][ T8923] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1330'. [ 334.154749][ T8923] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1330'. [ 334.404563][ T8931] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1334'. [ 334.588198][ T8938] loop5: detected capacity change from 0 to 512 [ 334.633597][ T8940] input: syz0 as /devices/virtual/input/input9 [ 334.638064][ T13] [ 334.638074][ T13] ====================================================== [ 334.638081][ T13] WARNING: possible circular locking dependency detected [ 334.638088][ T13] syzkaller #0 Not tainted [ 334.638098][ T13] ------------------------------------------------------ [ 334.638104][ T13] kworker/0:1/13 is trying to acquire lock: [ 334.638113][ T13] ffff888023a24c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xfa/0x210 [ 334.638166][ T13] [ 334.638166][ T13] but task is already holding lock: [ 334.638172][ T13] ffffffff8d6c5da8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_epo+0x43/0x170 [ 334.638215][ T13] [ 334.638215][ T13] which lock already depends on the new lock. [ 334.638215][ T13] [ 334.638221][ T13] [ 334.638221][ T13] the existing dependency chain (in reverse order) is: [ 334.638228][ T13] [ 334.638228][ T13] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 334.638254][ T13] __mutex_lock_common+0x1e3/0x2400 [ 334.638276][ T13] mutex_lock_nested+0x17/0x20 [ 334.638294][ T13] rfkill_register+0x33/0x980 [ 334.638313][ T13] hci_register_dev+0x452/0x970 [ 334.638339][ T13] vhci_create_device+0x32c/0x5c0 [ 334.638359][ T13] vhci_write+0x391/0x450 [ 334.638376][ T13] vfs_write+0x745/0xd60 [ 334.638392][ T13] ksys_write+0x152/0x260 [ 334.638407][ T13] do_syscall_64+0x4c/0xa0 [ 334.638424][ T13] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 334.638442][ T13] [ 334.638442][ T13] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 334.638469][ T13] __mutex_lock_common+0x1e3/0x2400 [ 334.638487][ T13] mutex_lock_nested+0x17/0x20 [ 334.638506][ T13] vhci_send_frame+0x88/0x100 [ 334.638523][ T13] hci_send_frame+0x1a9/0x2e0 [ 334.638541][ T13] hci_tx_work+0x9f9/0x1710 [ 334.638558][ T13] process_one_work+0x85f/0x1010 [ 334.638576][ T13] worker_thread+0xaa6/0x1290 [ 334.638592][ T13] kthread+0x436/0x520 [ 334.638607][ T13] ret_from_fork+0x1f/0x30 [ 334.638624][ T13] [ 334.638624][ T13] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 334.638650][ T13] __flush_work+0x116/0x210 [ 334.638665][ T13] hci_dev_do_open+0xc58/0x1270 [ 334.638681][ T13] hci_power_on+0x1c1/0x610 [ 334.638698][ T13] process_one_work+0x85f/0x1010 [ 334.638715][ T13] worker_thread+0xaa6/0x1290 [ 334.638731][ T13] kthread+0x436/0x520 [ 334.638745][ T13] ret_from_fork+0x1f/0x30 [ 334.638761][ T13] [ 334.638761][ T13] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 334.638787][ T13] __mutex_lock_common+0x1e3/0x2400 [ 334.638805][ T13] mutex_lock_nested+0x17/0x20 [ 334.638822][ T13] bg_scan_update+0x44/0x3b0 [ 334.638840][ T13] process_one_work+0x85f/0x1010 [ 334.638857][ T13] worker_thread+0xaa6/0x1290 [ 334.638874][ T13] kthread+0x436/0x520 [ 334.638888][ T13] ret_from_fork+0x1f/0x30 [ 334.638904][ T13] [ 334.638904][ T13] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 334.638930][ T13] __lock_acquire+0x2c42/0x7d10 [ 334.638950][ T13] lock_acquire+0x19e/0x400 [ 334.638968][ T13] __flush_work+0x116/0x210 [ 334.638982][ T13] __cancel_work_timer+0x3f4/0x560 [ 334.638999][ T13] hci_request_cancel_all+0xcc/0x300 [ 334.639018][ T13] hci_dev_do_close+0x4e/0x1030 [ 334.639034][ T13] hci_rfkill_set_block+0x10a/0x190 [ 334.639053][ T13] rfkill_set_block+0x1c9/0x3d0 [ 334.639070][ T13] rfkill_epo+0x75/0x170 [ 334.639087][ T13] rfkill_op_handler+0x76/0x220 [ 334.639099][ T13] process_one_work+0x85f/0x1010 [ 334.639114][ T13] worker_thread+0xaa6/0x1290 [ 334.639131][ T13] kthread+0x436/0x520 [ 334.639145][ T13] ret_from_fork+0x1f/0x30 [ 334.639162][ T13] [ 334.639162][ T13] other info that might help us debug this: [ 334.639162][ T13] [ 334.639168][ T13] Chain exists of: [ 334.639168][ T13] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 334.639168][ T13] [ 334.639200][ T13] Possible unsafe locking scenario: [ 334.639200][ T13] [ 334.639206][ T13] CPU0 CPU1 [ 334.639210][ T13] ---- ---- [ 334.639216][ T13] lock(rfkill_global_mutex); [ 334.639228][ T13] lock(&data->open_mutex); [ 334.639243][ T13] lock(rfkill_global_mutex); [ 334.639256][ T13] lock((work_completion)(&hdev->bg_scan_update)); [ 334.639269][ T13] [ 334.639269][ T13] *** DEADLOCK *** [ 334.639269][ T13] [ 334.639274][ T13] 3 locks held by kworker/0:1/13: [ 334.639285][ T13] #0: ffff888016c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x761/0x1010 [ 334.639369][ T13] #1: ffffc90000d27d00 ((rfkill_op_work).work){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 [ 334.639415][ T13] #2: ffffffff8d6c5da8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_epo+0x43/0x170 [ 334.639461][ T13] [ 334.639461][ T13] stack backtrace: [ 334.639467][ T13] CPU: 0 PID: 13 Comm: kworker/0:1 Not tainted syzkaller #0 [ 334.639485][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 334.639496][ T13] Workqueue: events rfkill_op_handler [ 334.639513][ T13] Call Trace: [ 334.639519][ T13] [ 334.639527][ T13] dump_stack_lvl+0x188/0x250 [ 334.639545][ T13] ? load_image+0x400/0x400 [ 334.639562][ T13] ? show_regs_print_info+0x20/0x20 [ 334.639583][ T13] ? print_circular_bug+0x12b/0x1a0 [ 334.639607][ T13] check_noncircular+0x296/0x330 [ 334.639624][ T13] ? look_up_lock_class+0x71/0x110 [ 334.639645][ T13] ? add_chain_block+0x940/0x940 [ 334.639661][ T13] ? lockdep_lock+0xf1/0x1f0 [ 334.639681][ T13] ? __lock_acquire+0x12e8/0x7d10 [ 334.639703][ T13] ? mark_lock+0x94/0x320 [ 334.639720][ T13] __lock_acquire+0x2c42/0x7d10 [ 334.639751][ T13] ? verify_lock_unused+0x140/0x140 [ 334.639774][ T13] ? deref_stack_reg+0xd0/0x120 [ 334.639801][ T13] lock_acquire+0x19e/0x400 [ 334.639820][ T13] ? __flush_work+0xfa/0x210 [ 334.639838][ T13] ? __lock_acquire+0x7d10/0x7d10 [ 334.639860][ T13] ? read_lock_is_recursive+0x10/0x10 [ 334.639882][ T13] ? start_flush_work+0x776/0x820 [ 334.639903][ T13] __flush_work+0x116/0x210 [ 334.639919][ T13] ? __flush_work+0xfa/0x210 [ 334.639937][ T13] ? flush_work+0x20/0x20 [ 334.639952][ T13] ? try_to_grab_pending+0xfa/0x7f0 [ 334.639971][ T13] ? mark_lock+0x94/0x320 [ 334.639988][ T13] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 334.640010][ T13] ? lock_chain_count+0x20/0x20 [ 334.640030][ T13] ? mark_lock+0x94/0x320 [ 334.640046][ T13] ? __cancel_work_timer+0x36a/0x560 [ 334.640065][ T13] __cancel_work_timer+0x3f4/0x560 [ 334.640084][ T13] ? cancel_work_sync+0x20/0x20 [ 334.640102][ T13] ? __cancel_work+0x1f9/0x2e0 [ 334.640118][ T13] ? lockdep_hardirqs_on+0x94/0x140 [ 334.640138][ T13] ? __cancel_work+0x27b/0x2e0 [ 334.640156][ T13] ? cancel_work+0x20/0x20 [ 334.640175][ T13] hci_request_cancel_all+0xcc/0x300 [ 334.640196][ T13] hci_dev_do_close+0x4e/0x1030 [ 334.640214][ T13] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 334.640232][ T13] ? _raw_spin_unlock+0x40/0x40 [ 334.640251][ T13] hci_rfkill_set_block+0x10a/0x190 [ 334.640271][ T13] ? rcu_lock_release+0x20/0x20 [ 334.640291][ T13] rfkill_set_block+0x1c9/0x3d0 [ 334.640313][ T13] rfkill_epo+0x75/0x170 [ 334.640339][ T13] rfkill_op_handler+0x76/0x220 [ 334.640356][ T13] process_one_work+0x85f/0x1010 [ 334.640380][ T13] ? worker_detach_from_pool+0x240/0x240 [ 334.640399][ T13] ? lockdep_hardirqs_off+0x70/0x100 [ 334.640420][ T13] ? _raw_spin_lock_irq+0xb7/0xf0 [ 334.640437][ T13] ? _raw_spin_lock_irqsave+0x100/0x100 [ 334.640456][ T13] ? wq_worker_running+0x97/0x170 [ 334.640474][ T13] worker_thread+0xaa6/0x1290 [ 334.640504][ T13] kthread+0x436/0x520 [ 334.640519][ T13] ? rcu_lock_release+0x20/0x20 [ 334.640537][ T13] ? kthread_blkcg+0xd0/0xd0 [ 334.640553][ T13] ret_from_fork+0x1f/0x30 [ 334.640577][ T13] [ 334.650870][ T8938] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 334.689859][ T8938] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.1337: bg 0: block 384: padding at end of block bitmap is not set [ 334.690190][ T8938] EXT4-fs (loop5): Remounting filesystem read-only [ 334.690210][ T8938] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6191: Corrupt filesystem [ 334.692761][ T8938] EXT4-fs (loop5): Remounting filesystem read-only [ 334.692793][ T8938] EXT4-fs error (device loop5): ext4_clear_blocks:883: inode #11: comm syz.5.1337: attempt to clear invalid blocks 983260 len 1 [ 335.562075][ T8938] EXT4-fs (loop5): Remounting filesystem read-only [ 335.569914][ T8938] EXT4-fs error (device loop5): __ext4_get_inode_loc:4334: comm syz.5.1337: Invalid inode table block 0 in block_group 0 [ 335.587622][ T8938] EXT4-fs (loop5): Remounting filesystem read-only [ 335.594410][ T8938] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 335.606478][ T8938] EXT4-fs (loop5): Remounting filesystem read-only [ 335.613440][ T8938] EXT4-fs error (device loop5) in ext4_orphan_del:303: Corrupt filesystem [ 335.622435][ T8938] EXT4-fs (loop5): Remounting filesystem read-only [ 335.639065][ T8938] EXT4-fs error (device loop5): __ext4_get_inode_loc:4334: comm syz.5.1337: Invalid inode table block 0 in block_group 0 [ 335.652357][ T8938] EXT4-fs (loop5): Remounting filesystem read-only [ 335.659085][ T8938] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 335.669236][ T8938] EXT4-fs (loop5): Remounting filesystem read-only [ 335.676044][ T8938] EXT4-fs error (device loop5): ext4_truncate:4286: inode #11: comm syz.5.1337: mark_inode_dirty error [ 335.687592][ T8938] EXT4-fs (loop5): Remounting filesystem read-only [ 335.694369][ T8938] EXT4-fs error (device loop5) in ext4_process_orphan:345: Corrupt filesystem [ 335.703686][ T8938] EXT4-fs (loop5): Remounting filesystem read-only [ 335.710325][ T8938] EXT4-fs (loop5): 1 truncate cleaned up [ 335.716038][ T8938] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,resuid=0x0000000000000000,max_dir_size_kb=0x00000000000001ff,noblock_validity,. Quota mode: none. [ 335.766862][ T8938] EXT4-fs error (device loop5): __ext4_get_inode_loc:4334: comm syz.5.1337: Invalid inode table block 0 in block_group 0 [ 335.780199][ T8938] EXT4-fs (loop5): Remounting filesystem read-only [ 336.842982][ C1] net_ratelimit: 16 callbacks suppressed [ 336.843002][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 336.857516][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 337.882963][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 337.891212][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 338.044453][ T4307] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 338.053092][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 338.932730][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 338.941103][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 339.323030][ T4307] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 339.331182][ T4469] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 342.052538][ C1] net_ratelimit: 10 callbacks suppressed [ 342.052559][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 342.066505][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 343.082225][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 343.090546][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 343.163730][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 343.172894][ T4435] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 343.181082][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 343.802535][ T4435] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 343.810992][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 344.122190][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog