last executing test programs: 3.5008473s ago: executing program 2 (id=723): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x10000}) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)=@newsa={0xf0, 0x1a, 0x7, 0x0, 0x0, {{@in6=@dev={0xfe, 0x80, '\x00', 0x1b}, @in=@multicast1, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x2, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x40}}, 0x0, 0x2b}, @in=@multicast1, {0x300, 0x7, 0x2, 0xfeffff7f00000000, 0x0, 0x0, 0x4}, {0x0, 0x200000, 0x7, 0xfffffffffffffffd}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x20}}, 0xf0}}, 0x0) 3.428575077s ago: executing program 1 (id=725): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x3c, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100003}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = getpgrp(0x0) r3 = syz_pidfd_open(r2, 0x0) fsetxattr$trusted_overlay_nlink(r3, &(0x7f00000018c0), 0x0, 0x0, 0x3) 3.346817875s ago: executing program 1 (id=726): mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) syz_emit_ethernet(0x46, &(0x7f0000000840)={@multicast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c6dd00", 0x10, 0x3a, 0xff, @remote={0xfe, 0xe0}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x3, 0x401, 0x63, 0x8}}}}}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000140000e5b7030000000700008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x80003, 0x0) r6 = socket$inet6(0xa, 0x80002, 0x0) ioctl$FS_IOC_GETFSUUID(r5, 0x80111500, 0x0) setsockopt$inet6_mreq(r6, 0x29, 0x1b, 0x0, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) 3.338470636s ago: executing program 2 (id=727): socket(0x28, 0x5, 0x0) r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r0, 0x4) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x1632, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 3.1003314s ago: executing program 3 (id=729): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) close(r0) r1 = syz_io_uring_setup(0x112, &(0x7f00000002c0)={0x0, 0xf59b, 0x100, 0x10003, 0x0, 0x0, r0}, &(0x7f0000000140), &(0x7f0000000280)) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 3.023448517s ago: executing program 2 (id=730): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000440)={[{@grpid}, {@discard}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5e}}, {@noauto_da_alloc}, {@nogrpid}, {@auto_da_alloc}, {@grpid}, {@data_err_ignore}]}, 0x1, 0x476, &(0x7f0000000540)="$eJzs3M1vFOUfAPDvzLblx2v7Q3wBUavE2PjS0oLKwYtGEw8YTfSAN2tbCKFQQ2sihEg1Bi8mhkTP6tHEv8CbF6OeTLzq3ZAQ5QJ6qpnZmbK7dLctLLuF/XySZZ9n5pl9nm9nnp1n5pklgJ41nP2TRGyLiN8jYrCarS8wXH27duXc1D9Xzk0lsbT05l9JXu7qlXNTZdFyu61FZiSNSD9JikrqzZ85e2JydnbmdJEfWzj53tj8mbPPHD85eWzm2MypiUOHDh4Yf/65iWfbEmcW19U9H87t3f3q2xdfmzpy8d2fv8vau61YXxtHg00N72s2nAX+91JueWFafXt83RFsbNtr0klfFxvCulQiIttd/Xn/H4xKXN95g/HKx11tHHBbZeemFie2xSXgLpZEt1sAdEd5os+uf8tXh4YeG8LlF6sXQFnc14pXdU1feameXxttv031D0fEkcV/v8pe0fo+BABAW3w29eXheHql8V8a99WU21HMoQxFxP8jYmdE3BMRuyLi3oi87P0R8cDqVaa1mcapoRvHP+mlmw5uDbLx3wvF3Fb9+G+5mUOVIrc9j78/OXp8dmZ/8TcZif5NWX68RR0/vPzb583W1Y7/sldWfzkWLNpxqa/hBt305MJkPihtg8sfRezpWyn+ZHkmIImI3RGxZ30fvaNMHH/y273NCq0efwttmGda+ibiier+X4yG+EtJ6/nJsf/F7Mz+sfKouNEvv154o1n9txR/G2T7f0v98d9YZCipna+dX38dF/74tOk1zc0e/wPJW/m2A8WyDyYXFk6PRwwkh/N83fKJ69uW+bJ8Fv/IvpX7/85imyz+ByMiO4gfioiHI+KRou2PRsRjEbGvRfw/vdR8XX38m7d1Y/9PN3z/bc7XLB//Dft//YnKiR+/X7n2r99Z2/4/mKdGiiX5998q1trAW/zzAQAAwB0hzZ+BT9LR5XSajo5Wn+HfFVvS2bn5haeOzr1/arr6rPxQ9Kflna7Bmvuh48li8YnV/ERxr7hcf6C4b/xFZXOeH52am53ucuzQ67Y26f+ZPyvdbh1w2600jzYx0IWGAB3X2P/T+uz51zvZGKCjmj5Hs6Wz7QA6b5Xn6NJOtQPoPP9fC/Sulfr/+Ya8uQC4Ozn/Q+/S/6F36f/Qu/R/6Emr/Ui+cou//Ze44xLJ2gpH2v2mboxEf0S05QMHNkQ4RaLb30wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADt8V8AAAD//5qI6jE=") setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) 1.815305089s ago: executing program 3 (id=732): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a01020000000000000000010020000c00024000000000000000010900010073797a310000000020000480"], 0xe8}, 0x1, 0x0, 0x0, 0x40040000}, 0x0) mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x0) 1.372963402s ago: executing program 3 (id=734): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040084) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x6, 0x4, 0x7, 0x8}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) r1 = syz_io_uring_setup(0x3e, &(0x7f0000000640)={0x0, 0xaddb, 0x10100, 0x1, 0x92}, &(0x7f00000001c0)=0x0, &(0x7f00000003c0)=0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/183, 0xb7}], 0x1, 0x0, 0x30}, 0x0, 0x80002101}) io_uring_enter(r1, 0xd81, 0x0, 0x0, 0x0, 0x0) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCMIWAIT(r6, 0x545c, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r5) 1.163106123s ago: executing program 2 (id=736): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4e, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f00000002c0)='mm_page_alloc\x00', r1}, 0x10) set_mempolicy(0x3, &(0x7f0000000000)=0x4000000ffb, 0x8) socket$netlink(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) 986.322681ms ago: executing program 0 (id=738): r0 = socket(0x28, 0x5, 0x0) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0x1632, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) 849.618435ms ago: executing program 0 (id=739): r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x0, 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x18) close_range(r1, 0xffffffffffffffff, 0x0) r4 = memfd_create(&(0x7f0000000b40)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b \x00\x00\x00\x00\x00\x00\x01\x00\x00\xf7\xffg\xf5\x12oP\xfe\xe6\xd2SLR\xa1\x00\x00\x17\x1f$^\xe1\x00\x00\x00\x00\x00\x00\a\xff;\xeb\xf1\xd0\xce\xe5\x19\x12\b\x01\xd9\xae>/\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xdcc\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x05\x00\xfd\xc7\x00\x00\x00\x00\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4h$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T\x826`M\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?P\xac\x86\x13b\xa8D\x0f\x93\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\x9b\xcc\x9b\f\xa7\x8f9\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xd9\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5\xf4\x8b\x03Ca8\x1e\xe9\\#\xf8O\fw\xd9\xf5cF\xcc\x1a2ex\xb4\x0fi$\x97\x81.\x02\x04m\xfbT2\xd4\"\x1e\xf0\x16\x0f\x97\xe6j}J\xca\xb8)f\xd5\xfd>\x9bU\xb0\x03Zt0\xc0b\xad\xef@o\xc1\xd6\x17T\f\xc30\xe2\x89\xf6L\x1b1\x9c\t\xa7\x80\x1b:\xbb\x04\xd7\xd1\x06\xa0\xe9\xbah\xb6\xb2\xea/{Q\xca\x14\x13\x9ajWt\xc9\xecd\r\xd5)\x1d\xaf\n\xc0\xc1\x1d}DY\x95&\xe7\xf4U\xff\xcd&\a\x9f\x1bg\xe5|~\xc1\xc5n\x12%ur\xa1\x9e`\xc2\x01\b,\x18\xaf\xccD\xdeag\xc6\xf3\xd6\x94\x9d\xae\x8bl\xee\x7fu\xe5bu\x84\x04\xb3@\xa1\xf7\xc6\x13\xf9I\xfa\x12\xfc\x96\",aT\xfd\"\x01\x92\xb1\xbf\x8a\x15\x88\xfd\x8f\x88\x87\x82\x9c:L\xd2\xb8\xfa5\x066\x82\xf3_LUr\xfa\xd2\x99d \x97c9G\x99\xe3\xcc$\x96cu\x97\xe7\xc7a\tm\xe8F\xc7j\xf8\x98\x81\xe7\xf7\xab3F\xf4u\xdaav\xd21\v\x99HG\xdfx\x1cPl\t#\xc1\x8e\xddW\x00'/668, 0x6) fcntl$addseals(r4, 0x409, 0xc) ioctl$FS_IOC_RESVSP(r4, 0x40305829, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x80}) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='kfree\x00', r5, 0x0, 0x1}, 0xb) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r6}, 0x10) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000600142603600e1208000f0000000401a80016002000024006000a00035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6cc", 0xd8}], 0x1}, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000100)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/vmstat\x00', 0x0, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x200, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x2007, @fd=r8, 0x6, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1}) io_uring_enter(0xffffffffffffffff, 0xfd0, 0x4c1, 0x43, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 685.957191ms ago: executing program 0 (id=740): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c) syz_emit_ethernet(0x4e, &(0x7f0000000180)={@random="5b685c7e778f", @multicast, @void, {@ipv6={0x86dd, @udp={0xa, 0x6, '\x00', 0x18, 0x11, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, {[], {0x4e1d, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0x4, 0x1}}}}}}}, 0x0) 673.031003ms ago: executing program 1 (id=741): r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000300), 0x1, 0x0) write$binfmt_register(r0, &(0x7f0000000580)={0x3a, 'syz0', 0x3a, 'M', 0x3a, 0x7fffffffffffffff, 0x3a, 'vfat\x00', 0x3a, 'f\xe1\x96\'Ss\xe6mN\xa3T\x18EV\xc4t\x1f\xdc\xac4\x93\xb5v\x92\xbf\xa2M\x13\xdb\xd7\xd1\x14&\xd1U\x00'/45, 0x3a, './file0'}, 0x59) 604.776479ms ago: executing program 0 (id=742): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r0, @ANYBLOB="0000000002000000b70500000800000085000000c200000095"], &(0x7f0000000300)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) 456.434964ms ago: executing program 1 (id=743): r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) getsockopt$llc_int(r0, 0x10c, 0x8, &(0x7f0000000080), &(0x7f00000001c0)=0x4) 449.020265ms ago: executing program 0 (id=744): bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) connect$qrtr(0xffffffffffffffff, &(0x7f0000000100)={0x2a, 0x3, 0xfffffffe}, 0xc) socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x18}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x8, 0x0, 0x2, 0x8, 0xc, 0x7}, {0x1, 0x0, 0x9, 0x401, 0x0, 0x7fffffff}, 0x2000001, 0x1000, 0x575}}, @TCA_TBF_RATE64={0xc, 0x4, 0x274bdcb7db3981e2}, @TCA_TBF_PRATE64={0xc, 0x5, 0xe1e31d5aa9748ab8}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x404}, 0x0) 445.041426ms ago: executing program 2 (id=745): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000a0db000000000000000000850000000e000000c50000002a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r1, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000010c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010300000020000000ee15660000080006000200000018000180140002007665746830"], 0x34}}, 0x44800) 312.606328ms ago: executing program 3 (id=746): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYRES32=r3, @ANYBLOB="0100000001"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newqdisc={0x58, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0x8}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x8000, 0x7, 0x49, 0x8001, 0x800, 0xffffffff, 0x9, 0xc000000, 0x8001}}}}]}, 0x58}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@newtfilter={0x38, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xc}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x2, 0x2e}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000010}, 0x10000840) 288.027681ms ago: executing program 1 (id=747): r0 = socket(0x28, 0x5, 0x0) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0x1632, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) 254.047335ms ago: executing program 0 (id=748): r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x0, 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x18) close_range(r1, 0xffffffffffffffff, 0x0) r4 = memfd_create(&(0x7f0000000b40)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b \x00\x00\x00\x00\x00\x00\x01\x00\x00\xf7\xffg\xf5\x12oP\xfe\xe6\xd2SLR\xa1\x00\x00\x17\x1f$^\xe1\x00\x00\x00\x00\x00\x00\a\xff;\xeb\xf1\xd0\xce\xe5\x19\x12\b\x01\xd9\xae>/\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xdcc\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x05\x00\xfd\xc7\x00\x00\x00\x00\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4h$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T\x826`M\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?P\xac\x86\x13b\xa8D\x0f\x93\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\x9b\xcc\x9b\f\xa7\x8f9\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xd9\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5\xf4\x8b\x03Ca8\x1e\xe9\\#\xf8O\fw\xd9\xf5cF\xcc\x1a2ex\xb4\x0fi$\x97\x81.\x02\x04m\xfbT2\xd4\"\x1e\xf0\x16\x0f\x97\xe6j}J\xca\xb8)f\xd5\xfd>\x9bU\xb0\x03Zt0\xc0b\xad\xef@o\xc1\xd6\x17T\f\xc30\xe2\x89\xf6L\x1b1\x9c\t\xa7\x80\x1b:\xbb\x04\xd7\xd1\x06\xa0\xe9\xbah\xb6\xb2\xea/{Q\xca\x14\x13\x9ajWt\xc9\xecd\r\xd5)\x1d\xaf\n\xc0\xc1\x1d}DY\x95&\xe7\xf4U\xff\xcd&\a\x9f\x1bg\xe5|~\xc1\xc5n\x12%ur\xa1\x9e`\xc2\x01\b,\x18\xaf\xccD\xdeag\xc6\xf3\xd6\x94\x9d\xae\x8bl\xee\x7fu\xe5bu\x84\x04\xb3@\xa1\xf7\xc6\x13\xf9I\xfa\x12\xfc\x96\",aT\xfd\"\x01\x92\xb1\xbf\x8a\x15\x88\xfd\x8f\x88\x87\x82\x9c:L\xd2\xb8\xfa5\x066\x82\xf3_LUr\xfa\xd2\x99d \x97c9G\x99\xe3\xcc$\x96cu\x97\xe7\xc7a\tm\xe8F\xc7j\xf8\x98\x81\xe7\xf7\xab3F\xf4u\xdaav\xd21\v\x99HG\xdfx\x1cPl\t#\xc1\x8e\xddW\x00'/668, 0x6) fcntl$addseals(r4, 0x409, 0xc) ioctl$FS_IOC_RESVSP(r4, 0x40305829, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x80}) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='kfree\x00', r5, 0x0, 0x1}, 0xb) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r6}, 0x10) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000600142603600e1208000f0000000401a80016002000024006000a00035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6cc", 0xd8}], 0x1}, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000100)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/vmstat\x00', 0x0, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x200, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x2007, @fd=r8, 0x6, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1}) io_uring_enter(0xffffffffffffffff, 0xfd0, 0x4c1, 0x43, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 164.717023ms ago: executing program 2 (id=749): r0 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f0000002180), 0x0) bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x48) r1 = getpid() syz_pidfd_open(r1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x80078b, &(0x7f0000000680)={[{@nodioread_nolock}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@sysvgroups}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x47e, &(0x7f0000000b80)="$eJzs3M1rXFUbAPDn3ny0ffuRvH37qq1Vo0UIikmTVu3CjaIgoijooi5jMi2h00aaKLYWm4q4EqSg6+JS9C9wJ4KoK8GtK1dSKNpNP1aRe+fedDKZJNZOcmPn94PJPWfuSe7zzP06c85MAuhaQ9mPJGJHRPwaEQON6tIGQ43F9avnJm9cPTeZxMLC638kebtrV89Nlk3L39teVIbTiPSjpNjIUrNnzp6YqNdrp4v66NzJt0dnz5x94t2TE8drx2unxo8cOXxo7Omnxp/sSJ5ZXtf2fTCzf++Lb158ZfLoxbd+/DqLd0exvjmPThnKEv9zIde67tFOb6xiO5vKSW+FgXBbeiIi2119+fk/ED1xa+cNxAsfVhocsK6ye9OWlVfPLwB3sSSqjgCoRnmjz97/lo8N6npsCleebbwByvK+Xjwaa3ojLdr0tby/7aShiDg6f/NS9oh1GocAAGj2yeTnL2fL92989VLW9xhYXJPGPfnyt/znrmIOZTAi/hsRuyPifxGxJyL+H5G3vTci7rvDeJb3f9LLd/gnV5X1/54p5raW9v/K3l8M9hS1nXn+fcmx6XrtYPGaDEfflqw+tso2vn3+l09XWtfc/zs6fzOPo+wLFnFc7m0ZoJuamJvIO6UdcOVCxL7edvknizMBSUTsjYh9t/end5WF6ce+3N+2xbZl+V9anv8qOjDPtPBFlt58lv98tORfSprnJ6eXzU+Obo167eBoeVQs99PPH7+20vbvKP8OuFJrLJv2f2uTwaR5vna2s9tfO/+2x3/an7zRmGcuvDcxN3d6LKI/yS9n0d/8/HhLu/Fb7bPjf/hA+/N/d/E7Wf73R0R2ED8QEQ9GxENF7A9HxCMRcWCVHH94bu38I61o/1+ImGp7/Vs8/lv2f/vCfNG4XZueE99/s9L2/97+P5yXhotn8uvfGtpFml0uWmP/p68bAAAA/Juk+Wfgk3RksZymIyONz/Dvif+k9ZnZucePzbxzaqrxWfnB6EvLka6BYjy0Pl2vjSXlCEBjfHS8GCsux0sPFePGn/Vsy+sjkzP1qYpzh263fYXzP/N7T9XRAetsW9tnx/s3PBCgAq3z6OnS6vlXw8UA7la+rw3da43zP92oOICN5/4P3avd+X++pW4uAO5O7v/QvZz/0KXS76qOAKiQ+z90pbW+119RYeuGbGv5vwPYFIXNulPyQkRZSDdFPArrVKj6ygQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAZfwUAAP//3aTh7A==") prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil) brk(0x400000ffc000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) 164.536413ms ago: executing program 3 (id=750): r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e1d, 0x9, @local, 0x2}, 0x1c) syz_emit_ethernet(0x4e, &(0x7f0000000180)={@random="5b685c7e778f", @multicast, @void, {@ipv6={0x86dd, @udp={0xa, 0x6, '\x00', 0x18, 0x11, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, {[], {0x4e1d, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0x4, 0x1}}}}}}}, 0x0) 86.469412ms ago: executing program 1 (id=751): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x13, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r1}, &(0x7f0000000540), &(0x7f0000000580)=r2}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='net_dev_xmit\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='net_dev_xmit\x00', r4}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00"/2566], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x8, 0x60000000}, 0x1e) 0s ago: executing program 3 (id=752): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008000000"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r0, @ANYBLOB="0000000002000000b70500000800000085000000c200000095"], &(0x7f0000000300)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) kernel console output (not intermixed with test programs): : unexpected cc 0x0c23 length: 249 > 4 [ 85.528160][ T5797] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.538620][ T50] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.546264][ T50] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.567392][ T50] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.575979][ T5104] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.878322][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 86.064435][ T5791] chnl_net:caif_netlink_parms(): no params data found [ 86.189032][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.196371][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.204420][ T5787] bridge_slave_0: entered allmulticast mode [ 86.212358][ T5787] bridge_slave_0: entered promiscuous mode [ 86.241159][ T5793] chnl_net:caif_netlink_parms(): no params data found [ 86.257292][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.264637][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.271980][ T5787] bridge_slave_1: entered allmulticast mode [ 86.278984][ T5787] bridge_slave_1: entered promiscuous mode [ 86.381888][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.389156][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.396521][ T5791] bridge_slave_0: entered allmulticast mode [ 86.405342][ T5791] bridge_slave_0: entered promiscuous mode [ 86.426188][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.440536][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.449846][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.460506][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.467835][ T5791] bridge_slave_1: entered allmulticast mode [ 86.477138][ T5791] bridge_slave_1: entered promiscuous mode [ 86.528313][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 86.559258][ T5787] team0: Port device team_slave_0 added [ 86.575046][ T5787] team0: Port device team_slave_1 added [ 86.591287][ T5791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.654725][ T5791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.677414][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.684702][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.710980][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.724854][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.732053][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.758856][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.789907][ T5793] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.797596][ T5793] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.805134][ T5793] bridge_slave_0: entered allmulticast mode [ 86.812558][ T5793] bridge_slave_0: entered promiscuous mode [ 86.855578][ T5793] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.863036][ T5793] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.870313][ T5793] bridge_slave_1: entered allmulticast mode [ 86.878121][ T5793] bridge_slave_1: entered promiscuous mode [ 86.903474][ T5791] team0: Port device team_slave_0 added [ 86.957849][ T5793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.969011][ T5791] team0: Port device team_slave_1 added [ 86.987684][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.995727][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.003387][ T5792] bridge_slave_0: entered allmulticast mode [ 87.010881][ T5792] bridge_slave_0: entered promiscuous mode [ 87.020247][ T5793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.051509][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.058785][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.066589][ T5792] bridge_slave_1: entered allmulticast mode [ 87.073790][ T5792] bridge_slave_1: entered promiscuous mode [ 87.115570][ T5787] hsr_slave_0: entered promiscuous mode [ 87.123909][ T5787] hsr_slave_1: entered promiscuous mode [ 87.132366][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.139762][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.166621][ T5791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.179973][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.191721][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.221614][ T5791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.333686][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.355266][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.368070][ T5793] team0: Port device team_slave_0 added [ 87.427359][ T5791] hsr_slave_0: entered promiscuous mode [ 87.438995][ T5791] hsr_slave_1: entered promiscuous mode [ 87.446516][ T5791] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.459751][ T5791] Cannot create hsr debugfs directory [ 87.462628][ T5790] Bluetooth: hci0: command tx timeout [ 87.514080][ T5793] team0: Port device team_slave_1 added [ 87.549480][ T5792] team0: Port device team_slave_0 added [ 87.611825][ T5790] Bluetooth: hci3: command tx timeout [ 87.612896][ T50] Bluetooth: hci1: command tx timeout [ 87.624071][ T5104] Bluetooth: hci2: command tx timeout [ 87.650224][ T5792] team0: Port device team_slave_1 added [ 87.715329][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.722456][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.749564][ T5793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.796100][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.803206][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.829852][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.848807][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.856241][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.882664][ T5793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.913801][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.920815][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.946892][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.057927][ T5793] hsr_slave_0: entered promiscuous mode [ 88.064644][ T5793] hsr_slave_1: entered promiscuous mode [ 88.070863][ T5793] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.079168][ T5793] Cannot create hsr debugfs directory [ 88.136854][ T5792] hsr_slave_0: entered promiscuous mode [ 88.143408][ T5792] hsr_slave_1: entered promiscuous mode [ 88.149822][ T5792] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.157831][ T5792] Cannot create hsr debugfs directory [ 88.406948][ T5787] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.419628][ T5787] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.451255][ T5787] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.463868][ T5787] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.587272][ T5791] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.599551][ T5791] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.610637][ T5791] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.656727][ T5791] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.706559][ T5793] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.730700][ T5793] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.760960][ T5793] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.772205][ T5793] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.855869][ T5792] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.871248][ T5792] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.887419][ T5792] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.900462][ T5792] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.924452][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.968316][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.007074][ T34] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.014535][ T34] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.032126][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.039303][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.161313][ T5787] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 89.173720][ T5787] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.205207][ T5791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.270516][ T5791] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.296697][ T5793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.315904][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.323179][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.358537][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.365809][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.421884][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.431558][ T5793] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.459975][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.467205][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.508734][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.516005][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.533009][ T50] Bluetooth: hci0: command tx timeout [ 89.550677][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.602894][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.610175][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.636853][ T1086] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.644147][ T1086] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.664120][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.692876][ T50] Bluetooth: hci3: command tx timeout [ 89.698350][ T50] Bluetooth: hci1: command tx timeout [ 89.712206][ T5104] Bluetooth: hci2: command tx timeout [ 89.918443][ T5787] veth0_vlan: entered promiscuous mode [ 89.956469][ T5787] veth1_vlan: entered promiscuous mode [ 90.056677][ T5787] veth0_macvtap: entered promiscuous mode [ 90.084481][ T5787] veth1_macvtap: entered promiscuous mode [ 90.120136][ T5791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.194352][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.238771][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.299271][ T5787] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.314525][ T5787] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.326503][ T5787] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.336529][ T5787] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.360129][ T5791] veth0_vlan: entered promiscuous mode [ 90.389404][ T5793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.428674][ T5791] veth1_vlan: entered promiscuous mode [ 90.452088][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.587049][ T5791] veth0_macvtap: entered promiscuous mode [ 90.607985][ T1096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.624134][ T5792] veth0_vlan: entered promiscuous mode [ 90.638018][ T1096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.662894][ T5791] veth1_macvtap: entered promiscuous mode [ 90.707845][ T5793] veth0_vlan: entered promiscuous mode [ 90.719185][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.723633][ T5793] veth1_vlan: entered promiscuous mode [ 90.739864][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.755682][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.766871][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.779084][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.791457][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.802257][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.815428][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.826928][ T5791] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.836123][ T5791] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.845476][ T5791] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.858164][ T5791] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.878664][ T5792] veth1_vlan: entered promiscuous mode [ 91.009219][ T5792] veth0_macvtap: entered promiscuous mode [ 91.076327][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.104479][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.125468][ T5792] veth1_macvtap: entered promiscuous mode [ 91.168862][ T5793] veth0_macvtap: entered promiscuous mode [ 91.193566][ T1136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.201490][ T1136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.218197][ T5793] veth1_macvtap: entered promiscuous mode [ 91.265389][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.301769][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.324230][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.341469][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.374731][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.441346][ T5884] syz.1.6[5884]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 91.459603][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.490758][ T5884] loop1: detected capacity change from 0 to 512 [ 91.504382][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.523115][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.544873][ T5884] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 91.560635][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.572753][ T5884] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 91.583234][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.597249][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.613362][ T50] Bluetooth: hci0: command tx timeout [ 91.626845][ T5884] EXT4-fs (loop1): 1 truncate cleaned up [ 91.650069][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.665088][ T5884] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 91.706345][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.740724][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.772780][ T50] Bluetooth: hci1: command tx timeout [ 91.772992][ T5104] Bluetooth: hci2: command tx timeout [ 91.778226][ T5790] Bluetooth: hci3: command tx timeout [ 91.779648][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.840294][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.856996][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.879278][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.897733][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.918757][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.930008][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.942946][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.954807][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.976336][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.988269][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.000216][ T5793] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.010203][ T5793] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.036638][ T5793] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.061640][ T5793] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.089064][ T5792] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.106106][ T5792] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.115216][ T5792] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.124277][ T5792] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.249842][ T5892] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 92.263009][ T8] cfg80211: failed to load regulatory.db [ 92.280453][ T5892] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 92.350957][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.398160][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.505734][ T1136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.541647][ T1136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.732512][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.740404][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.828439][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.860727][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.065491][ T5905] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3'. [ 93.128934][ T5905] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3'. [ 93.231731][ T28] audit: type=1326 audit(1760024506.276:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5906 comm="syz.0.1" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f131418eec9 code=0x0 [ 93.437919][ T5912] netlink: 24 bytes leftover after parsing attributes in process `syz.1.11'. [ 93.497072][ T5890] syz.3.7: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 93.551560][ T5890] CPU: 0 PID: 5890 Comm: syz.3.7 Not tainted syzkaller #0 [ 93.558794][ T5890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 93.568944][ T5890] Call Trace: [ 93.572321][ T5890] [ 93.575337][ T5890] dump_stack_lvl+0x16c/0x230 [ 93.580219][ T5890] ? show_regs_print_info+0x20/0x20 [ 93.585496][ T5890] ? load_image+0x3b0/0x3b0 [ 93.590079][ T5890] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 93.596674][ T5890] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 93.603331][ T5890] warn_alloc+0x210/0x300 [ 93.607846][ T5890] ? zone_watermark_ok_safe+0x230/0x230 [ 93.613502][ T5890] ? _raw_spin_unlock+0x28/0x40 [ 93.618616][ T5890] __vmalloc_node_range+0x662/0x1320 [ 93.624538][ T5890] ? free_vm_area+0x50/0x50 [ 93.629116][ T5890] ? _raw_spin_unlock+0x28/0x40 [ 93.634321][ T5890] ? __kasan_kmalloc+0x8f/0xa0 [ 93.639171][ T5890] __vmalloc_node_range+0x568/0x1320 [ 93.644586][ T5890] ? hash_netiface_create+0x361/0xff0 [ 93.650081][ T5890] ? __asan_memset+0x22/0x40 [ 93.654946][ T5890] ? free_vm_area+0x50/0x50 [ 93.659717][ T5890] ? kvmalloc_node+0x70/0x180 [ 93.664478][ T5890] ? rcu_is_watching+0x15/0xb0 [ 93.669353][ T5890] ? kvmalloc_node+0x70/0x180 [ 93.674545][ T5890] ? trace_kmalloc+0x1f/0xa0 [ 93.679209][ T5890] kvmalloc_node+0x13f/0x180 [ 93.679777][ T5908] xt_CT: You must specify a L4 protocol and not use inversions on it [ 93.683841][ T5890] ? hash_netiface_create+0x361/0xff0 [ 93.683905][ T5890] hash_netiface_create+0x361/0xff0 [ 93.683934][ T5890] ? __lock_acquire+0x7c80/0x7c80 [ 93.707816][ T5890] ? __nla_parse+0x40/0x50 [ 93.712326][ T5890] ? hash_netport6_gc+0x570/0x570 [ 93.717545][ T5890] ip_set_create+0xa87/0x18e0 [ 93.722334][ T5890] ? ip_set_create+0x4b2/0x18e0 [ 93.726439][ T5104] Bluetooth: hci0: command tx timeout [ 93.727234][ T5890] ? ip_set_protocol+0x5d0/0x5d0 [ 93.737664][ T5890] ? trace_contention_end+0x39/0xe0 [ 93.743000][ T5890] nfnetlink_rcv_msg+0xb49/0x1130 [ 93.748103][ T5890] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 93.755568][ T5890] ? nfnetlink_rcv_msg+0x20e/0x1130 [ 93.760881][ T5890] ? nfnetlink_unbind+0x160/0x160 [ 93.766032][ T5890] ? __dev_queue_xmit+0x1a64/0x35a0 [ 93.771315][ T5890] ? __netlink_deliver_tap+0x5ab/0x830 [ 93.777355][ T5890] ? netlink_deliver_tap+0x19c/0x1b0 [ 93.782721][ T5890] ? netlink_unicast+0x72c/0x8d0 [ 93.787758][ T5890] ? netlink_sendmsg+0x8c1/0xbe0 [ 93.792794][ T5890] ? ____sys_sendmsg+0x5bf/0x950 [ 93.798012][ T5890] ? ___sys_sendmsg+0x220/0x290 [ 93.803030][ T5890] ? __se_sys_sendmsg+0x1a5/0x270 [ 93.808224][ T5890] ? do_syscall_64+0x55/0xb0 [ 93.813082][ T5890] netlink_rcv_skb+0x216/0x480 [ 93.818054][ T5890] ? nfnetlink_unbind+0x160/0x160 [ 93.823416][ T5890] ? netlink_ack+0x1110/0x1110 [ 93.828734][ T5890] ? apparmor_capable+0x137/0x1a0 [ 93.833877][ T5890] ? bpf_lsm_capable+0x9/0x10 [ 93.838728][ T5890] ? security_capable+0x89/0xb0 [ 93.843681][ T5890] nfnetlink_rcv+0x274/0x2180 [ 93.848425][ T5890] ? __local_bh_enable_ip+0x12e/0x1c0 [ 93.852188][ T5104] Bluetooth: hci1: command tx timeout [ 93.853863][ T5890] ? lockdep_hardirqs_on+0x98/0x150 [ 93.859287][ T5104] Bluetooth: hci3: command tx timeout [ 93.864466][ T5890] ? __local_bh_enable_ip+0x12e/0x1c0 [ 93.864492][ T5890] ? _local_bh_enable+0xa0/0xa0 [ 93.864521][ T5890] ? __dev_queue_xmit+0x245/0x35a0 [ 93.864550][ T5890] ? nfnetlink_net_exit_batch+0xa0/0xa0 [ 93.892131][ T5890] ? __dev_queue_xmit+0x245/0x35a0 [ 93.897458][ T5890] ? ref_tracker_free+0x634/0x7d0 [ 93.902856][ T5890] ? __copy_skb_header+0xa7/0x550 [ 93.909342][ T5890] ? refcount_inc+0x70/0x70 [ 93.914098][ T5890] ? __skb_clone+0x63/0x790 [ 93.918840][ T5890] ? __skb_clone+0x480/0x790 [ 93.923528][ T5890] ? __netlink_deliver_tap+0x7e8/0x830 [ 93.929057][ T5890] ? netlink_deliver_tap+0x2e/0x1b0 [ 93.934509][ T5890] ? __lock_acquire+0x7c80/0x7c80 [ 93.939597][ T5890] ? netlink_deliver_tap+0x2e/0x1b0 [ 93.944906][ T5890] netlink_unicast+0x751/0x8d0 [ 93.949748][ T5890] netlink_sendmsg+0x8c1/0xbe0 [ 93.954677][ T5890] ? netlink_getsockopt+0x580/0x580 [ 93.959940][ T5890] ? aa_sock_msg_perm+0x94/0x150 [ 93.964949][ T5890] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 93.970294][ T5890] ? security_socket_sendmsg+0x80/0xa0 [ 93.975897][ T5890] ? netlink_getsockopt+0x580/0x580 [ 93.981211][ T5890] ____sys_sendmsg+0x5bf/0x950 [ 93.986077][ T5890] ? __asan_memset+0x22/0x40 [ 93.990736][ T5890] ? __sys_sendmsg_sock+0x30/0x30 [ 93.995836][ T5890] ? __import_iovec+0x5f2/0x860 [ 94.000771][ T5890] ? import_iovec+0x73/0xa0 [ 94.005355][ T5890] ___sys_sendmsg+0x220/0x290 [ 94.010146][ T5890] ? __sys_sendmsg+0x270/0x270 [ 94.015040][ T5890] ? debug_mutex_init+0x38/0x70 [ 94.020000][ T5890] __se_sys_sendmsg+0x1a5/0x270 [ 94.024956][ T5890] ? __x64_sys_sendmsg+0x80/0x80 [ 94.030295][ T5890] ? lockdep_hardirqs_on+0x98/0x150 [ 94.035845][ T5890] do_syscall_64+0x55/0xb0 [ 94.040416][ T5890] ? clear_bhb_loop+0x40/0x90 [ 94.045161][ T5890] ? clear_bhb_loop+0x40/0x90 [ 94.050155][ T5890] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 94.056409][ T5890] RIP: 0033:0x7f7dff38eec9 [ 94.061207][ T5890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.081835][ T5890] RSP: 002b:00007f7e0025d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 94.090328][ T5890] RAX: ffffffffffffffda RBX: 00007f7dff5e5fa0 RCX: 00007f7dff38eec9 [ 94.098559][ T5890] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000005 [ 94.106609][ T5890] RBP: 00007f7dff411f91 R08: 0000000000000000 R09: 0000000000000000 [ 94.114734][ T5890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 94.122771][ T5890] R13: 00007f7dff5e6038 R14: 00007f7dff5e5fa0 R15: 00007ffcd98842f8 [ 94.130835][ T5890] [ 94.137209][ T5104] Bluetooth: hci2: command tx timeout [ 94.170426][ T5890] Mem-Info: [ 94.180252][ T5922] netlink: 'syz.2.14': attribute type 21 has an invalid length. [ 94.188480][ T5922] netlink: 132 bytes leftover after parsing attributes in process `syz.2.14'. [ 94.197764][ T5922] netlink: 20 bytes leftover after parsing attributes in process `syz.2.14'. [ 94.278233][ T5890] active_anon:5461 inactive_anon:0 isolated_anon:0 [ 94.278233][ T5890] active_file:1092 inactive_file:39870 isolated_file:0 [ 94.278233][ T5890] unevictable:768 dirty:577 writeback:0 [ 94.278233][ T5890] slab_reclaimable:9961 slab_unreclaimable:90002 [ 94.278233][ T5890] mapped:26581 shmem:1361 pagetables:594 [ 94.278233][ T5890] sec_pagetables:0 bounce:0 [ 94.278233][ T5890] kernel_misc_reclaimable:0 [ 94.278233][ T5890] free:1338232 free_pcp:8388 free_cma:0 [ 94.372024][ T5890] Node 0 active_anon:21844kB inactive_anon:0kB active_file:4368kB inactive_file:159276kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:97424kB dirty:2304kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11144kB pagetables:2276kB sec_pagetables:0kB all_unreclaimable? no [ 94.451757][ T5890] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 94.500778][ T5890] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 94.543653][ T5890] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 94.549725][ T5890] Node 0 DMA32 free:1446840kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:22000kB inactive_anon:0kB active_file:4468kB inactive_file:157960kB unevictable:1536kB writepending:2300kB present:3129332kB managed:2589604kB mlocked:0kB bounce:0kB free_pcp:12196kB local_pcp:5184kB free_cma:0kB [ 94.556427][ T5927] loop0: detected capacity change from 0 to 512 [ 94.591039][ T5890] lowmem_reserve[]: 0 0 1 1 1 [ 94.597911][ T5890] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1316kB unevictable:0kB writepending:4kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 94.626459][ T5890] lowmem_reserve[]: 0 0 0 0 0 [ 94.631433][ T5890] Node 1 Normal free:3889316kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:23232kB local_pcp:10560kB free_cma:0kB [ 94.666618][ T5890] lowmem_reserve[]: 0 0 0 0 0 [ 94.672107][ T5890] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 94.687156][ T5890] Node 0 DMA32: 1*4kB (U) 1*8kB (U) 1*16kB (U) 2*32kB (UM) 0*64kB 1*128kB (E) 1*256kB (U) 2*512kB (ME) 1*1024kB (E) 3*2048kB (UME) 351*4096kB (M) = 1446364kB [ 94.713231][ T5927] EXT4-fs (loop0): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 94.798959][ T5890] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 94.830705][ T5935] netlink: 20 bytes leftover after parsing attributes in process `syz.1.19'. [ 94.839680][ T5890] Node 1 Normal: 263*4kB (UE) 47*8kB (UME) 35*16kB (UME) 53*32kB (UME) 23*64kB (UE) 7*128kB (UME) 1*256kB (E) 2*512kB (ME) 1*1024kB (E) 1*2048kB (E) 947*4096kB (M) = 3889316kB [ 94.859857][ T5890] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 94.869533][ T5927] Quota error (device loop0): v2_read_file_info: Free block number 58381 out of range (1, 6). [ 94.870815][ T5927] EXT4-fs warning (device loop0): ext4_enable_quotas:7175: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 94.880800][ T5890] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 94.908271][ T5890] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 94.918004][ T5890] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 94.927525][ T5890] 42398 total pagecache pages [ 94.932762][ T5890] 0 pages in swap cache [ 94.936981][ T5890] Free swap = 124996kB [ 94.941270][ T5890] Total swap = 124996kB [ 94.945672][ T5890] 2097051 pages RAM [ 94.950628][ T5890] 0 pages HighMem/MovableOnly [ 94.955479][ T5890] 416136 pages reserved [ 94.959682][ T5890] 0 pages cma reserved [ 94.989334][ T5792] EXT4-fs (loop0): unmounting filesystem 00800000-0000-0000-0000-000000000000. [ 95.300912][ T5893] Process accounting resumed [ 95.416967][ T5944] netlink: 'syz.0.23': attribute type 21 has an invalid length. [ 95.425042][ T5944] netlink: 132 bytes leftover after parsing attributes in process `syz.0.23'. [ 95.435286][ T5944] netlink: 20 bytes leftover after parsing attributes in process `syz.0.23'. [ 95.556851][ T5946] loop0: detected capacity change from 0 to 512 [ 95.569709][ T5946] ======================================================= [ 95.569709][ T5946] WARNING: The mand mount option has been deprecated and [ 95.569709][ T5946] and is ignored by this kernel. Remove the mand [ 95.569709][ T5946] option from the mount to silence this warning. [ 95.569709][ T5946] ======================================================= [ 96.050865][ T5946] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.067624][ T5946] ext4 filesystem being mounted at /6/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 96.120206][ T5946] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #2: comm syz.0.24: corrupted inode contents [ 96.158613][ T5946] EXT4-fs error (device loop0): ext4_dirty_inode:6106: inode #2: comm syz.0.24: mark_inode_dirty error [ 96.178895][ T5946] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #2: comm syz.0.24: corrupted inode contents [ 96.208716][ T5946] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #2: comm syz.0.24: corrupted inode contents [ 96.227793][ T5946] EXT4-fs error (device loop0): ext4_dirty_inode:6106: inode #2: comm syz.0.24: mark_inode_dirty error [ 96.240089][ T5946] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #2: comm syz.0.24: corrupted inode contents [ 96.276428][ T5946] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz.0.24: mark_inode_dirty error [ 96.295789][ T5946] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #2: comm syz.0.24: corrupted inode contents [ 96.309153][ T5946] EXT4-fs error (device loop0): ext4_dirty_inode:6106: inode #2: comm syz.0.24: mark_inode_dirty error [ 96.386636][ T5792] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.801548][ T5958] loop0: detected capacity change from 0 to 512 [ 96.818391][ T5958] EXT4-fs: inline encryption not supported [ 96.827276][ T5958] EXT4-fs: Ignoring removed nobh option [ 96.848179][ T5958] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 96.870888][ T5958] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it [ 96.881851][ T5958] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.28: Corrupt directory, running e2fsck is recommended [ 96.907528][ T5958] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 96.916293][ T5958] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2244: inode #15: comm syz.0.28: corrupted in-inode xattr: invalid ea_ino [ 96.935576][ T5958] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.28: couldn't read orphan inode 15 (err -117) [ 96.956467][ T5958] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.985532][ T5958] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 97.012962][ T5958] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it [ 97.049018][ T5958] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.28: Corrupt directory, running e2fsck is recommended [ 97.075506][ T5960] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 97.087809][ T5960] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it [ 97.100219][ T5960] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.28: Corrupt directory, running e2fsck is recommended [ 97.116415][ T5958] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 97.133805][ T5958] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it [ 97.145727][ T5958] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.28: Corrupt directory, running e2fsck is recommended [ 97.162718][ T5958] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 97.202049][ T5792] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.367421][ T5964] ieee802154 phy0 wpan0: encryption failed: -22 [ 97.471008][ T5966] netlink: 8 bytes leftover after parsing attributes in process `syz.0.31'. [ 97.486245][ T28] audit: type=1326 audit(1760024510.536:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5965 comm="syz.0.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 97.520115][ T28] audit: type=1326 audit(1760024510.566:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5965 comm="syz.0.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=63 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 97.544742][ T28] audit: type=1326 audit(1760024510.566:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5965 comm="syz.0.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 97.568732][ T28] audit: type=1326 audit(1760024510.566:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5965 comm="syz.0.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=441 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 97.593653][ T28] audit: type=1326 audit(1760024510.566:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5965 comm="syz.0.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 97.630068][ T28] audit: type=1326 audit(1760024510.566:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5965 comm="syz.0.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 97.657663][ T28] audit: type=1326 audit(1760024510.566:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5965 comm="syz.0.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 97.704652][ T28] audit: type=1326 audit(1760024510.566:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5965 comm="syz.0.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 98.210847][ T5968] loop1: detected capacity change from 0 to 512 [ 98.247867][ T5970] syzkaller0: entered promiscuous mode [ 98.257418][ T28] kauditd_printk_skb: 102 callbacks suppressed [ 98.257432][ T28] audit: type=1326 audit(1760024511.306:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5965 comm="syz.0.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1314185d67 code=0x7ffc0000 [ 98.259665][ T5968] EXT4-fs error (device loop1): ext4_orphan_get:1425: comm syz.1.32: bad orphan inode 13 [ 98.298811][ T28] audit: type=1326 audit(1760024511.306:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5965 comm="syz.0.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f131412af79 code=0x7ffc0000 [ 98.299980][ T5970] syzkaller0: entered allmulticast mode [ 98.349889][ T5968] ext4_test_bit(bit=12, block=4) = 1 [ 98.360989][ T5968] is_bad_inode(inode)=0 [ 98.365461][ T5968] NEXT_ORPHAN(inode)=0 [ 98.369573][ T5968] max_ino=32 [ 98.373323][ T5968] i_nlink=1 [ 98.377932][ T5968] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.399514][ T5968] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.32: Unrecognised inode hash code 20 [ 98.411146][ T5968] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.32: Corrupt directory, running e2fsck is recommended [ 98.426042][ T5968] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.32: Unrecognised inode hash code 20 [ 98.438549][ T5968] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.32: Corrupt directory, running e2fsck is recommended [ 98.453698][ T28] audit: type=1326 audit(1760024511.306:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5965 comm="syz.0.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 98.516446][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.540223][ T28] audit: type=1326 audit(1760024511.316:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5965 comm="syz.0.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1314185d67 code=0x7ffc0000 [ 98.627233][ T28] audit: type=1326 audit(1760024511.316:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5965 comm="syz.0.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f131412af79 code=0x7ffc0000 [ 98.700499][ T28] audit: type=1326 audit(1760024511.316:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5965 comm="syz.0.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 98.770789][ T28] audit: type=1326 audit(1760024511.316:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5965 comm="syz.0.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1314185d67 code=0x7ffc0000 [ 98.841414][ T28] audit: type=1326 audit(1760024511.316:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5965 comm="syz.0.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f131412af79 code=0x7ffc0000 [ 98.905266][ T28] audit: type=1326 audit(1760024511.316:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5965 comm="syz.0.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 98.985024][ T28] audit: type=1326 audit(1760024511.336:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5965 comm="syz.0.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1314185d67 code=0x7ffc0000 [ 100.241780][ T5993] netlink: 8 bytes leftover after parsing attributes in process `syz.2.41'. [ 100.959563][ T6000] loop2: detected capacity change from 0 to 512 [ 100.993275][ T6000] EXT4-fs (loop2): bad s_min_extra_isize: 2336 [ 101.127777][ T6002] program syz.2.45 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 101.624203][ T6013] netlink: 8 bytes leftover after parsing attributes in process `syz.2.50'. [ 102.096721][ T6017] netlink: 4 bytes leftover after parsing attributes in process `syz.2.51'. [ 102.179640][ T6017] loop2: detected capacity change from 0 to 512 [ 102.238749][ T6017] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 102.299776][ T6019] netlink: 12 bytes leftover after parsing attributes in process `syz.1.52'. [ 102.392046][ T6017] EXT4-fs error (device loop2): ext4_init_orphan_info:612: comm syz.2.51: orphan file block 0: bad magic [ 102.549975][ T6017] EXT4-fs (loop2): mount failed [ 103.645595][ T6019] DRBG: could not allocate digest TFM handle: hmac(sha512) [ 105.233414][ T6063] Zero length message leads to an empty skb [ 105.423458][ T6070] syz.0.70[6070] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 105.423631][ T6070] syz.0.70[6070] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 105.438349][ T6069] netlink: 'syz.1.68': attribute type 21 has an invalid length. [ 105.466310][ T6069] netlink: 132 bytes leftover after parsing attributes in process `syz.1.68'. [ 105.477537][ T6069] netlink: 20 bytes leftover after parsing attributes in process `syz.1.68'. [ 105.505034][ T28] kauditd_printk_skb: 45 callbacks suppressed [ 105.505049][ T28] audit: type=1326 audit(1760024518.556:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6068 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 105.542903][ T28] audit: type=1326 audit(1760024518.556:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6068 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 105.570436][ T28] audit: type=1326 audit(1760024518.586:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6068 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 105.707855][ T28] audit: type=1326 audit(1760024518.586:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6068 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 105.795843][ T28] audit: type=1326 audit(1760024518.586:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6068 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 105.882928][ T6083] netlink: 'syz.0.74': attribute type 1 has an invalid length. [ 105.884762][ T28] audit: type=1326 audit(1760024518.586:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6068 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 105.969000][ T6085] netlink: 8 bytes leftover after parsing attributes in process `syz.3.75'. [ 105.975333][ T28] audit: type=1326 audit(1760024518.586:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6068 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 106.071770][ T28] audit: type=1326 audit(1760024518.586:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6068 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 106.102133][ T6087] netlink: 12 bytes leftover after parsing attributes in process `syz.1.76'. [ 106.175599][ T28] audit: type=1326 audit(1760024518.596:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6068 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 106.232788][ T28] audit: type=1326 audit(1760024518.596:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6068 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f131418d710 code=0x7ffc0000 [ 106.376563][ T6091] loop0: detected capacity change from 0 to 8192 [ 106.662883][ T6104] netlink: 'syz.1.81': attribute type 21 has an invalid length. [ 106.682703][ T6104] netlink: 132 bytes leftover after parsing attributes in process `syz.1.81'. [ 106.711952][ T6104] netlink: 20 bytes leftover after parsing attributes in process `syz.1.81'. [ 106.899236][ T6108] loop3: detected capacity change from 0 to 2048 [ 107.005794][ T6108] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.748282][ T34] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm kworker/u4:2: bg 0: block 234: padding at end of block bitmap is not set [ 107.749401][ T6133] netlink: 'syz.2.92': attribute type 10 has an invalid length. [ 107.802283][ T34] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 107.803636][ T6133] team0: Port device dummy0 added [ 107.845055][ T34] EXT4-fs (loop3): This should not happen!! Data will be lost [ 107.845055][ T34] [ 107.864537][ T34] EXT4-fs (loop3): Total free blocks count 0 [ 107.871149][ T34] EXT4-fs (loop3): Free/Dirty block details [ 107.877562][ T6133] netlink: 'syz.2.92': attribute type 10 has an invalid length. [ 107.886587][ T34] EXT4-fs (loop3): free_blocks=0 [ 107.892393][ T34] EXT4-fs (loop3): dirty_blocks=3824 [ 107.897748][ T34] EXT4-fs (loop3): Block reservation details [ 107.905443][ T34] EXT4-fs (loop3): i_reserved_data_blocks=239 [ 107.938804][ T6133] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 107.977075][ T6133] team0: Failed to send options change via netlink (err -105) [ 107.986253][ T6133] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 107.996399][ T6133] team0: Port device dummy0 removed [ 108.006625][ T6133] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 108.015581][ T6137] netlink: 72 bytes leftover after parsing attributes in process `syz.1.96'. [ 108.040540][ T34] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 1768 with error 28 [ 108.060180][ T6138] netlink: 72 bytes leftover after parsing attributes in process `syz.1.96'. [ 108.185633][ T6141] loop0: detected capacity change from 0 to 512 [ 108.219030][ T6141] EXT4-fs: test_dummy_encryption requires encrypt feature [ 108.548469][ T6151] syz.0.101 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 109.954313][ T6166] netlink: 12 bytes leftover after parsing attributes in process `syz.0.107'. [ 109.996633][ T6167] netlink: 8 bytes leftover after parsing attributes in process `syz.1.106'. [ 110.408481][ T6163] loop3: detected capacity change from 0 to 1764 [ 110.552357][ T6163] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 110.711583][ C0] sched: RT throttling activated [ 110.872739][ T6163] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 111.003187][ T6179] __nla_validate_parse: 2 callbacks suppressed [ 111.003207][ T6179] netlink: 4 bytes leftover after parsing attributes in process `syz.0.112'. [ 111.148943][ T6183] RDS: rds_bind could not find a transport for ::ffff:100.1.1.0, load rds_tcp or rds_rdma? [ 111.493424][ T6179] team0 (unregistering): Port device team_slave_0 removed [ 111.533358][ T6179] team0 (unregistering): Port device team_slave_1 removed [ 111.578877][ T6183] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.114'. [ 111.588962][ T6192] netlink: 12 bytes leftover after parsing attributes in process `syz.3.118'. [ 111.598798][ T6194] netlink: 72 bytes leftover after parsing attributes in process `syz.1.119'. [ 111.639281][ T6194] netlink: 72 bytes leftover after parsing attributes in process `syz.1.119'. [ 112.357534][ T6216] netlink: 'syz.0.125': attribute type 142 has an invalid length. [ 112.390748][ T6220] netlink: 12 bytes leftover after parsing attributes in process `syz.3.129'. [ 112.417433][ T6218] loop2: detected capacity change from 0 to 512 [ 112.445927][ T6218] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 112.649823][ T6227] netlink: 72 bytes leftover after parsing attributes in process `syz.1.131'. [ 112.694837][ T6227] netlink: 72 bytes leftover after parsing attributes in process `syz.1.131'. [ 112.809547][ T6229] (null): rxe_set_mtu: Set mtu to 1024 [ 113.166187][ T28] kauditd_printk_skb: 571 callbacks suppressed [ 113.166202][ T28] audit: type=1326 audit(1760024526.216:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6236 comm="syz.1.137" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa342d8eec9 code=0x0 [ 113.217821][ T6240] netlink: 'syz.1.137': attribute type 10 has an invalid length. [ 113.239073][ T6240] veth1_macvtap: left promiscuous mode [ 113.279653][ T6229] infiniband syz!: set active [ 113.295033][ T6229] infiniband syz!: added team_slave_0 [ 113.467742][ T6229] RDS/IB: syz!: added [ 113.490800][ T6229] smc: adding ib device syz! with port count 1 [ 113.532075][ T6229] smc: ib device syz! port 1 has pnetid [ 114.005871][ T6250] netlink: 12 bytes leftover after parsing attributes in process `syz.0.141'. [ 114.198904][ T6258] netlink: 72 bytes leftover after parsing attributes in process `syz.3.144'. [ 114.437544][ T6265] loop0: detected capacity change from 0 to 512 [ 114.472954][ T6265] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 114.966078][ T6273] netlink: 'syz.1.151': attribute type 21 has an invalid length. [ 116.617054][ T6303] netlink: 'syz.1.162': attribute type 21 has an invalid length. [ 116.635863][ T6303] __nla_validate_parse: 8 callbacks suppressed [ 116.635882][ T6303] netlink: 132 bytes leftover after parsing attributes in process `syz.1.162'. [ 116.680573][ T6303] netlink: 20 bytes leftover after parsing attributes in process `syz.1.162'. [ 116.834796][ T6308] tap0: tun_chr_ioctl cmd 2147767521 [ 117.151198][ T6312] loop1: detected capacity change from 0 to 8192 [ 117.623213][ T6321] netlink: 8 bytes leftover after parsing attributes in process `syz.1.169'. [ 117.650899][ T6321] netlink: 36 bytes leftover after parsing attributes in process `syz.1.169'. [ 117.714654][ T6321] netlink: 8 bytes leftover after parsing attributes in process `syz.1.169'. [ 117.729504][ T6321] netlink: 36 bytes leftover after parsing attributes in process `syz.1.169'. [ 117.968185][ T6331] netlink: 12 bytes leftover after parsing attributes in process `syz.1.173'. [ 118.067160][ T28] audit: type=1326 audit(1760024531.116:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.2.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 118.110699][ T6330] loop2: detected capacity change from 0 to 512 [ 118.120519][ T6330] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 118.140553][ T28] audit: type=1326 audit(1760024531.136:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.2.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 118.164095][ T28] audit: type=1326 audit(1760024531.146:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.2.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 118.188210][ T28] audit: type=1326 audit(1760024531.146:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.2.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 118.227648][ T28] audit: type=1326 audit(1760024531.146:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.2.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 118.250455][ T28] audit: type=1326 audit(1760024531.146:755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.2.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 118.265444][ T6330] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2867: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 118.274126][ T28] audit: type=1326 audit(1760024531.146:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.2.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 118.319930][ T6330] EXT4-fs (loop2): 1 truncate cleaned up [ 118.335593][ T6330] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.373715][ T28] audit: type=1326 audit(1760024531.146:757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.2.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 118.382019][ T6338] netlink: 'syz.1.174': attribute type 39 has an invalid length. [ 118.410830][ T28] audit: type=1326 audit(1760024531.156:758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.2.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 118.439910][ T28] audit: type=1326 audit(1760024531.156:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.2.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 118.467001][ T28] audit: type=1326 audit(1760024531.156:760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.2.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ff84db8ef03 code=0x7ffc0000 [ 118.515496][ T28] audit: type=1326 audit(1760024531.156:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.2.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7ff84db8d97f code=0x7ffc0000 [ 118.544498][ T28] audit: type=1326 audit(1760024531.156:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.2.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7ff84db8ef57 code=0x7ffc0000 [ 118.928981][ T6345] bond0: (slave veth1_to_bond): Error: Device can not be enslaved while up [ 119.363192][ T6358] netlink: 12 bytes leftover after parsing attributes in process `syz.3.182'. [ 119.613145][ T6361] macvlan1: entered promiscuous mode [ 119.657965][ T6361] ipvlan0: entered promiscuous mode [ 119.670638][ T6361] ipvlan0: left promiscuous mode [ 119.690844][ T6361] macvlan1: left promiscuous mode [ 119.833450][ T5793] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.297539][ T6383] loop3: detected capacity change from 0 to 1024 [ 120.381354][ T6383] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 120.402681][ T6388] netlink: 8 bytes leftover after parsing attributes in process `syz.0.194'. [ 120.427055][ T6388] netlink: 8 bytes leftover after parsing attributes in process `syz.0.194'. [ 120.544992][ T6391] loop2: detected capacity change from 0 to 512 [ 120.583351][ T6391] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 120.620710][ T5791] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.632500][ T6391] EXT4-fs (loop2): orphan cleanup on readonly fs [ 120.640939][ T6391] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:512: comm syz.2.196: Block bitmap for bg 0 marked uninitialized [ 120.668789][ T6391] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6637: Corrupt filesystem [ 120.681750][ T6391] EXT4-fs (loop2): 1 orphan inode deleted [ 120.692591][ T6391] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 120.830203][ T6391] : renamed from vlan1 (while UP) [ 120.875299][ T6400] IPv6: Can't replace route, no match found [ 120.935682][ T6391] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.702085][ T6423] __nla_validate_parse: 3 callbacks suppressed [ 121.702101][ T6423] netlink: 28 bytes leftover after parsing attributes in process `syz.0.209'. [ 121.731658][ T6423] netem: change failed [ 121.742270][ T5779] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 121.959610][ T5779] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 121.988941][ T5779] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.003148][ T5779] usb 2-1: Product: syz [ 122.012544][ T5779] usb 2-1: Manufacturer: syz [ 122.017293][ T5779] usb 2-1: SerialNumber: syz [ 122.054011][ T5779] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 122.104685][ T9] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 122.355677][ T6443] netlink: 8 bytes leftover after parsing attributes in process `syz.0.217'. [ 122.375451][ T6443] netlink: 8 bytes leftover after parsing attributes in process `syz.0.217'. [ 122.405686][ T6443] netlink: 8 bytes leftover after parsing attributes in process `syz.0.217'. [ 122.467433][ T6443] netlink: 8 bytes leftover after parsing attributes in process `syz.0.217'. [ 122.528043][ T6446] loop1: detected capacity change from 0 to 2048 [ 122.554785][ T6446] FAT-fs (loop1): Unrecognized mount option "time_offset=-xfffffffffffffbc3" or missing value [ 122.628974][ T6451] netlink: 12 bytes leftover after parsing attributes in process `syz.3.221'. [ 123.820533][ T6458] syz.2.220 (6458) used greatest stack depth: 17352 bytes left [ 123.931863][ T9] usb 2-1: Service connection timeout for: 256 [ 123.938291][ T9] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services [ 123.997014][ T9] ath9k_htc: Failed to initialize the device [ 124.013460][ T9] usb 2-1: ath9k_htc: USB layer deinitialized [ 124.274781][ T28] kauditd_printk_skb: 137 callbacks suppressed [ 124.274796][ T28] audit: type=1326 audit(1760024537.326:900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6475 comm="syz.2.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 124.320755][ T28] audit: type=1326 audit(1760024537.356:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6475 comm="syz.2.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 124.348095][ T28] audit: type=1326 audit(1760024537.356:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6475 comm="syz.2.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 124.413329][ T28] audit: type=1326 audit(1760024537.366:903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6475 comm="syz.2.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 124.506735][ T28] audit: type=1326 audit(1760024537.366:904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6475 comm="syz.2.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 124.574332][ T28] audit: type=1326 audit(1760024537.366:905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6475 comm="syz.2.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 124.603003][ T786] usb 2-1: USB disconnect, device number 2 [ 124.652900][ T6479] loop2: detected capacity change from 0 to 512 [ 124.682635][ T28] audit: type=1326 audit(1760024537.366:906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6475 comm="syz.2.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 124.766944][ T6479] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 124.807273][ T6479] ext4 filesystem being mounted at /51/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 124.821353][ T6479] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.376469][ T6505] netlink: 60 bytes leftover after parsing attributes in process `syz.0.241'. [ 125.435813][ T6505] netlink: 40 bytes leftover after parsing attributes in process `syz.0.241'. [ 126.124072][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805fae8800: rx timeout, send abort [ 126.403510][ T6541] loop3: detected capacity change from 0 to 512 [ 126.536367][ T6541] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 126.545881][ T6541] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2 [ 126.560497][ T6541] EXT4-fs (loop3): 1 truncate cleaned up [ 126.567818][ T6541] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.625119][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805faeb800: rx timeout, send abort [ 126.633612][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805fae8800: abort rx timeout. Force session deactivation [ 127.133443][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805faeb800: abort rx timeout. Force session deactivation [ 128.021027][ T6564] dummy0: entered allmulticast mode [ 128.028265][ T6564] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 129.068033][ T6488] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 129.089820][ T6564] wireguard0: entered promiscuous mode [ 129.121181][ T6564] wireguard0: entered allmulticast mode [ 129.142500][ T5791] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.256929][ T6567] netlink: 2 bytes leftover after parsing attributes in process `syz.1.262'. [ 129.780828][ T6567] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.790304][ T6567] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.282730][ T6567] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 130.340345][ T6567] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 130.800832][ T6567] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.809972][ T6567] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.820322][ T6567] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.829486][ T6567] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.965496][ T6563] dummy0: left allmulticast mode [ 130.975989][ T6571] netlink: 8 bytes leftover after parsing attributes in process `syz.3.266'. [ 130.989914][ T6571] netlink: 8 bytes leftover after parsing attributes in process `syz.3.266'. [ 131.008337][ T6575] netlink: 8 bytes leftover after parsing attributes in process `syz.3.266'. [ 131.035124][ T6575] netlink: 8 bytes leftover after parsing attributes in process `syz.3.266'. [ 131.178390][ T6590] loop1: detected capacity change from 0 to 512 [ 131.206367][ T6590] EXT4-fs: Ignoring removed mblk_io_submit option [ 131.247734][ T6590] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 131.340449][ T28] audit: type=1326 audit(1760024544.386:907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6595 comm="syz.0.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 131.391041][ T28] audit: type=1326 audit(1760024544.386:908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6595 comm="syz.0.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 131.419652][ T28] audit: type=1326 audit(1760024544.436:909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6595 comm="syz.0.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 131.544762][ T28] audit: type=1326 audit(1760024544.436:910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6595 comm="syz.0.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 131.603796][ T6602] netlink: 12 bytes leftover after parsing attributes in process `syz.1.277'. [ 131.605569][ T28] audit: type=1326 audit(1760024544.436:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6595 comm="syz.0.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 131.923075][ T6614] netlink: 8 bytes leftover after parsing attributes in process `syz.0.281'. [ 131.952436][ T6614] netlink: 8 bytes leftover after parsing attributes in process `syz.0.281'. [ 131.979627][ T6614] netlink: 8 bytes leftover after parsing attributes in process `syz.0.281'. [ 132.009472][ T6614] netlink: 8 bytes leftover after parsing attributes in process `syz.0.281'. [ 133.225166][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.418560][ T6649] loop3: detected capacity change from 0 to 512 [ 133.440185][ T6651] pim6reg1: entered promiscuous mode [ 133.476567][ T6651] pim6reg1: entered allmulticast mode [ 133.478155][ T6649] EXT4-fs (loop3): too many log groups per flexible block group [ 133.501950][ T6649] EXT4-fs (loop3): failed to initialize mballoc (-12) [ 133.525072][ T6649] EXT4-fs (loop3): mount failed [ 133.833375][ T28] audit: type=1326 audit(1760024546.876:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6660 comm="syz.0.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 133.863502][ T28] audit: type=1326 audit(1760024546.876:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6660 comm="syz.0.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 133.929500][ T28] audit: type=1326 audit(1760024546.896:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6660 comm="syz.0.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=65 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 133.977508][ T6668] loop2: detected capacity change from 0 to 128 [ 133.992184][ T28] audit: type=1326 audit(1760024546.896:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6660 comm="syz.0.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 134.032967][ T6668] FAT-fs (loop2): Unrecognized mount option "shortnameRlower" or missing value [ 134.067410][ T28] audit: type=1326 audit(1760024546.936:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6660 comm="syz.0.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131418eec9 code=0x7ffc0000 [ 134.108334][ T6670] netlink: 'syz.1.305': attribute type 4 has an invalid length. [ 134.139162][ T6670] netlink: 'syz.1.305': attribute type 2 has an invalid length. [ 134.155862][ T5804] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 134.213768][ T6675] sd 0:0:1:0: device reset [ 134.428099][ T6579] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 134.479156][ T6579] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 134.731855][ T6687] __nla_validate_parse: 3 callbacks suppressed [ 134.731874][ T6687] netlink: 204 bytes leftover after parsing attributes in process `syz.1.312'. [ 135.111390][ T5159] udevd[5159]: worker [5788] terminated by signal 33 (Unknown signal 33) [ 135.137750][ T5159] udevd[5159]: worker [5788] failed while handling '/devices/virtual/vc/vcsa20' [ 135.339573][ T6704] netlink: 20 bytes leftover after parsing attributes in process `syz.1.320'. [ 135.377965][ T6703] loop2: detected capacity change from 0 to 512 [ 135.412637][ T6703] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 135.475661][ T6703] EXT4-fs (loop2): 1 truncate cleaned up [ 135.488739][ T6703] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.569579][ T6703] EXT4-fs (loop2): shut down requested (0) [ 135.596185][ T6712] loop0: detected capacity change from 0 to 512 [ 135.610264][ T6712] EXT4-fs: Ignoring removed mblk_io_submit option [ 135.618710][ T6712] EXT4-fs: Ignoring removed nomblk_io_submit option [ 135.638413][ T6712] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 135.668969][ T6712] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 135.683400][ T5793] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.725594][ T6712] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4031: comm syz.0.323: Allocating blocks 41-42 which overlap fs metadata [ 135.832791][ T6712] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4031: comm syz.0.323: Allocating blocks 41-42 which overlap fs metadata [ 135.869793][ T6712] EXT4-fs error (device loop0): ext4_acquire_dquot:6940: comm syz.0.323: Failed to acquire dquot type 1 [ 135.887570][ T6712] EXT4-fs error (device loop0): mb_free_blocks:1938: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 135.905165][ T6712] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #12: comm syz.0.323: corrupted inode contents [ 135.940410][ T6712] EXT4-fs error (device loop0): ext4_dirty_inode:6106: inode #12: comm syz.0.323: mark_inode_dirty error [ 135.954432][ T6712] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #12: comm syz.0.323: corrupted inode contents [ 135.971240][ T6712] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #12: comm syz.0.323: mark_inode_dirty error [ 135.989781][ T6712] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #12: comm syz.0.323: corrupted inode contents [ 136.007450][ T6712] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem [ 136.020010][ T6712] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #12: comm syz.0.323: corrupted inode contents [ 136.037080][ T6712] EXT4-fs error (device loop0): ext4_truncate:4288: inode #12: comm syz.0.323: mark_inode_dirty error [ 136.048682][ T6712] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem [ 136.058552][ T6712] EXT4-fs (loop0): 1 truncate cleaned up [ 136.069631][ T6712] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 136.118881][ T6723] loop3: detected capacity change from 0 to 512 [ 136.132935][ T27] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 136.144604][ T6712] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 136.226997][ T6723] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 136.247212][ T5792] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.264105][ T6723] ext4 filesystem being mounted at /69/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 136.355449][ T27] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 136.391766][ T27] usb 3-1: config 0 interface 0 has no altsetting 0 [ 136.428095][ T27] usb 3-1: New USB device found, idVendor=056a, idProduct=0343, bcdDevice= 0.00 [ 136.442373][ T6733] mmap: syz.3.327 (6733) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 136.461726][ T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.486537][ T27] usb 3-1: config 0 descriptor?? [ 136.502612][ T6733] EXT4-fs (loop3): shut down requested (0) [ 136.540868][ T6735] loop1: detected capacity change from 0 to 512 [ 136.589272][ T6735] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.331: casefold flag without casefold feature [ 136.612005][ T6735] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.331: couldn't read orphan inode 15 (err -117) [ 136.667151][ T6735] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 136.723299][ T27] usbhid 3-1:0.0: can't add hid device: -71 [ 136.761332][ T27] usbhid: probe of 3-1:0.0 failed with error -71 [ 136.787762][ T27] usb 3-1: USB disconnect, device number 2 [ 136.789412][ T5791] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.904091][ T6742] netlink: 8 bytes leftover after parsing attributes in process `syz.0.335'. [ 136.933554][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.948624][ T6742] netlink: 8 bytes leftover after parsing attributes in process `syz.0.335'. [ 136.957951][ T6744] loop3: detected capacity change from 0 to 512 [ 136.969913][ T6744] EXT4-fs: inline encryption not supported [ 136.982961][ T6744] ext4: Unknown parameter 'smackfstransmute' [ 138.548853][ T6762] loop2: detected capacity change from 0 to 512 [ 138.632889][ T6762] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 138.641254][ T6762] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 138.654333][ T6762] EXT4-fs (loop2): 1 truncate cleaned up [ 138.683247][ T6762] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.186543][ T6757] netlink: 8 bytes leftover after parsing attributes in process `syz.3.341'. [ 139.356160][ T6759] loop3: detected capacity change from 0 to 1024 [ 139.381042][ T6770] 9pnet_fd: Insufficient options for proto=fd [ 139.413998][ T6759] EXT4-fs: Ignoring removed orlov option [ 139.530897][ T6759] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 140.345847][ T5793] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.350745][ T6776] netlink: 8 bytes leftover after parsing attributes in process `syz.1.346'. [ 140.377157][ T6776] netlink: 8 bytes leftover after parsing attributes in process `syz.1.346'. [ 140.393719][ T5791] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.810253][ T6791] loop2: detected capacity change from 0 to 128 [ 140.886434][ T6791] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 140.948797][ T6791] ext4 filesystem being mounted at /81/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 140.975552][ T6798] loop1: detected capacity change from 0 to 164 [ 141.286715][ T5793] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 141.482029][ T28] kauditd_printk_skb: 45 callbacks suppressed [ 141.482044][ T28] audit: type=1326 audit(1760024554.536:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6807 comm="syz.2.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 141.550308][ T28] audit: type=1326 audit(1760024554.576:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6807 comm="syz.2.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 141.621787][ T28] audit: type=1326 audit(1760024554.576:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6807 comm="syz.2.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=90 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 141.690043][ T28] audit: type=1326 audit(1760024554.576:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6807 comm="syz.2.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 141.796227][ T28] audit: type=1326 audit(1760024554.576:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6807 comm="syz.2.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 141.987588][ T6802] loop0: detected capacity change from 0 to 1764 [ 142.334817][ T6833] loop1: detected capacity change from 0 to 128 [ 142.474576][ T6837] loop0: detected capacity change from 0 to 512 [ 142.476236][ T6839] loop3: detected capacity change from 0 to 256 [ 142.525346][ T6839] FAT-fs (loop3): bogus number of FAT sectors [ 142.543816][ T6837] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 142.571520][ T6839] FAT-fs (loop3): Can't find a valid FAT filesystem [ 142.588704][ T6839] netlink: 'syz.3.372': attribute type 10 has an invalid length. [ 142.597243][ T6837] ext4 filesystem being mounted at /102/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 142.633937][ T6839] team0: Port device dummy0 added [ 142.650975][ T6843] netlink: 'syz.3.372': attribute type 10 has an invalid length. [ 142.727119][ T28] audit: type=1326 audit(1760024555.776:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6845 comm="syz.1.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa342d8eec9 code=0x7ffc0000 [ 142.773842][ T6843] team0: Port device dummy0 removed [ 142.801721][ T28] audit: type=1326 audit(1760024555.806:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6845 comm="syz.1.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa342d8eec9 code=0x7ffc0000 [ 142.818500][ T6843] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 142.827921][ T28] audit: type=1326 audit(1760024555.806:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6845 comm="syz.1.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fa342d8eec9 code=0x7ffc0000 [ 142.858419][ T28] audit: type=1326 audit(1760024555.806:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6845 comm="syz.1.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa342d8eec9 code=0x7ffc0000 [ 142.901792][ T6844] netlink: 24 bytes leftover after parsing attributes in process `syz.2.374'. [ 142.917288][ T5792] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.040702][ T6851] +}[@ uses obsolete (PF_INET,SOCK_PACKET) [ 143.071482][ T6853] mmap: syz.3.377 (6853): VmData 49221632 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 143.201748][ T6855] netlink: 'syz.0.376': attribute type 21 has an invalid length. [ 143.216161][ T6855] netlink: 132 bytes leftover after parsing attributes in process `syz.0.376'. [ 143.242831][ T6855] netlink: 20 bytes leftover after parsing attributes in process `syz.0.376'. [ 143.426168][ T28] audit: type=1326 audit(1760024556.476:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6861 comm="syz.2.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 143.647617][ T6865] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.705787][ T6867] : renamed from vlan1 (while UP) [ 143.883681][ T6865] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.979758][ T6879] loop3: detected capacity change from 0 to 512 [ 144.067384][ T6879] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 144.116518][ T6879] ext4 filesystem being mounted at /84/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 144.171135][ T6865] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.356794][ T5791] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.398355][ T6865] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.441069][ T6888] netlink: 'syz.1.389': attribute type 4 has an invalid length. [ 144.462902][ T6888] netlink: 17 bytes leftover after parsing attributes in process `syz.1.389'. [ 144.698186][ T6865] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.751452][ T6865] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.798914][ T6865] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.839240][ T6898] loop3: detected capacity change from 0 to 4096 [ 144.850414][ T6865] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.860500][ T6898] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 144.916282][ T6898] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 145.167815][ T5791] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.436249][ T6917] syz.0.401[6917] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 145.436432][ T6917] syz.0.401[6917] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 145.961244][ T6934] loop2: detected capacity change from 0 to 164 [ 146.006112][ T6934] Unable to read rock-ridge attributes [ 146.082962][ T6934] process 'syz.2.408' launched '/dev/fd/7' with NULL argv: empty string added [ 146.114635][ T6934] Unable to read rock-ridge attributes [ 146.125232][ T6934] syz.2.408: attempt to access beyond end of device [ 146.125232][ T6934] loop2: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 146.141051][ T6934] syz.2.408: attempt to access beyond end of device [ 146.141051][ T6934] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 146.164037][ T6939] loop3: detected capacity change from 0 to 128 [ 146.345359][ T6941] syz.3.411: attempt to access beyond end of device [ 146.345359][ T6941] loop3: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 146.628914][ T6949] loop2: detected capacity change from 0 to 256 [ 147.077124][ T28] kauditd_printk_skb: 17 callbacks suppressed [ 147.077139][ T28] audit: type=1326 audit(1760024560.126:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6960 comm="syz.1.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa342d8eec9 code=0x7ffc0000 [ 147.118923][ T28] audit: type=1326 audit(1760024560.156:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6960 comm="syz.1.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fa342d8eec9 code=0x7ffc0000 [ 147.162334][ T28] audit: type=1326 audit(1760024560.156:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6960 comm="syz.1.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fa342d8ef03 code=0x7ffc0000 [ 147.186214][ T28] audit: type=1326 audit(1760024560.156:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6960 comm="syz.1.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fa342d8ef03 code=0x7ffc0000 [ 147.214852][ T28] audit: type=1326 audit(1760024560.156:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6960 comm="syz.1.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa342d8eec9 code=0x7ffc0000 [ 147.280321][ T28] audit: type=1326 audit(1760024560.166:990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6960 comm="syz.1.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa342d8eec9 code=0x7ffc0000 [ 147.340602][ T28] audit: type=1326 audit(1760024560.166:991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6960 comm="syz.1.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa342d8eec9 code=0x7ffc0000 [ 147.395582][ T28] audit: type=1326 audit(1760024560.166:992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6960 comm="syz.1.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa342d8eec9 code=0x7ffc0000 [ 147.451991][ T6972] pim6reg: entered allmulticast mode [ 147.467861][ T28] audit: type=1326 audit(1760024560.166:993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6960 comm="syz.1.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7fa342d8eec9 code=0x7ffc0000 [ 147.493345][ T6972] pim6reg: left allmulticast mode [ 147.525763][ T28] audit: type=1326 audit(1760024560.356:994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6960 comm="syz.1.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa342d8eec9 code=0x7ffc0000 [ 147.587897][ T6977] loop2: detected capacity change from 0 to 512 [ 147.613126][ T6975] geneve0: entered allmulticast mode [ 147.619142][ T6977] EXT4-fs (loop2): too many log groups per flexible block group [ 147.672531][ T6977] EXT4-fs (loop2): failed to initialize mballoc (-12) [ 147.691933][ T6977] EXT4-fs (loop2): mount failed [ 147.873809][ T6984] syzkaller1: entered promiscuous mode [ 147.879786][ T6984] syzkaller1: entered allmulticast mode [ 147.990463][ T6987] team_slave_0: entered promiscuous mode [ 147.996848][ T6987] team_slave_1: entered promiscuous mode [ 148.008141][ T6987] vlan2: entered promiscuous mode [ 148.013592][ T6987] team0: entered promiscuous mode [ 148.489524][ T7004] kernel profiling enabled (shift: 17) [ 148.497576][ T7007] loop3: detected capacity change from 0 to 512 [ 148.509142][ T7007] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 148.552958][ T7007] EXT4-fs (loop3): 1 truncate cleaned up [ 148.583319][ T7007] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.803341][ T5791] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.095672][ T7022] loop9: detected capacity change from 0 to 7 [ 149.137131][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 149.147220][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 149.191939][ T7026] netlink: 20 bytes leftover after parsing attributes in process `syz.1.447'. [ 149.233426][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 149.243954][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 149.326470][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 149.335732][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 149.351601][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 149.361021][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 149.371057][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 149.380433][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 149.402320][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 149.411632][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 149.420035][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 149.429383][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 149.440552][ T7022] ldm_validate_partition_table(): Disk read failed. [ 149.467869][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 149.477204][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 149.553210][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 149.562544][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 149.577202][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 149.586486][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 149.597776][ T7022] Dev loop9: unable to read RDB block 0 [ 149.667853][ T7022] loop9: unable to read partition table [ 149.709693][ T7022] loop9: partition table beyond EOD, truncated [ 149.798132][ T7022] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 149.798132][ T7022] ) failed (rc=-5) [ 150.628253][ T7039] loop2: detected capacity change from 0 to 1024 [ 150.694012][ T7041] loop3: detected capacity change from 0 to 1024 [ 150.694497][ T7039] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 150.717970][ T7041] EXT4-fs: Ignoring removed orlov option [ 150.811401][ T7041] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 150.885228][ T5793] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 151.078984][ T5791] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 151.571267][ T7069] loop1: detected capacity change from 0 to 128 [ 152.475481][ T28] kauditd_printk_skb: 76 callbacks suppressed [ 152.475496][ T28] audit: type=1326 audit(1760024565.526:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7090 comm="syz.3.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dff38eec9 code=0x7ffc0000 [ 152.519049][ T28] audit: type=1326 audit(1760024565.566:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7090 comm="syz.3.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dff38eec9 code=0x7ffc0000 [ 152.571979][ T28] audit: type=1326 audit(1760024565.566:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7090 comm="syz.3.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7dff38eec9 code=0x7ffc0000 [ 152.600097][ T28] audit: type=1326 audit(1760024565.566:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7090 comm="syz.3.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dff38eec9 code=0x7ffc0000 [ 152.678346][ T28] audit: type=1326 audit(1760024565.566:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7090 comm="syz.3.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dff38eec9 code=0x7ffc0000 [ 152.726068][ T28] audit: type=1326 audit(1760024565.596:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7090 comm="syz.3.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=199 compat=0 ip=0x7f7dff38eec9 code=0x7ffc0000 [ 152.758077][ T28] audit: type=1326 audit(1760024565.596:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7090 comm="syz.3.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dff38eec9 code=0x7ffc0000 [ 152.788990][ T28] audit: type=1326 audit(1760024565.596:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7090 comm="syz.3.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dff38eec9 code=0x7ffc0000 [ 152.864991][ T7096] (null): rxe_set_mtu: Set mtu to 1024 [ 152.871328][ T7096] rdma_rxe: rxe_newlink: failed to add ipvlan1 [ 152.884895][ T7096] netlink: 'syz.3.476': attribute type 2 has an invalid length. [ 152.942430][ T7104] loop9: detected capacity change from 0 to 7 [ 152.951306][ T7104] ldm_validate_partition_table(): Disk read failed. [ 152.963773][ T7104] Dev loop9: unable to read RDB block 0 [ 152.970090][ T7104] loop9: unable to read partition table [ 152.977742][ T7104] loop9: partition table beyond EOD, truncated [ 152.988785][ T7104] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 152.988785][ T7104] ) failed (rc=-5) [ 153.021269][ T7103] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.059097][ T28] audit: type=1326 audit(1760024566.096:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7101 comm="syz.2.479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 153.124013][ T28] audit: type=1326 audit(1760024566.096:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7101 comm="syz.2.479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=30 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 153.249185][ T7103] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.372282][ T7103] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.406714][ T7113] netlink: 72 bytes leftover after parsing attributes in process `syz.0.483'. [ 153.419835][ T7113] netlink: 72 bytes leftover after parsing attributes in process `syz.0.483'. [ 153.513317][ T7103] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.750207][ T7103] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.800100][ T7103] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.837778][ T7103] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.902604][ T7103] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.330104][ T7132] loop9: detected capacity change from 0 to 7 [ 154.356056][ C1] blk_print_req_error: 28 callbacks suppressed [ 154.356075][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 154.371580][ C1] buffer_io_error: 28 callbacks suppressed [ 154.371593][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 154.385929][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 154.395242][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 154.404528][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 154.413820][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 154.422648][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 154.431911][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 154.440981][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 154.450205][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 154.464387][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 154.470484][ T7134] loop2: detected capacity change from 0 to 1024 [ 154.473588][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 154.481695][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 154.494224][ T7134] EXT4-fs: Ignoring removed nomblk_io_submit option [ 154.497037][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 154.515236][ T7134] EXT4-fs: inline encryption not supported [ 154.521380][ T7132] ldm_validate_partition_table(): Disk read failed. [ 154.522148][ T7134] EXT4-fs: Ignoring removed nomblk_io_submit option [ 154.536747][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 154.536829][ T7134] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 154.545963][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 154.547850][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 154.575046][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 154.593166][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 154.602403][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 154.616810][ T7132] Dev loop9: unable to read RDB block 0 [ 154.627538][ T7132] loop9: unable to read partition table [ 154.629689][ T7134] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 154.648518][ T7132] loop9: partition table beyond EOD, truncated [ 154.666405][ T7132] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 154.666405][ T7132] ) failed (rc=-5) [ 154.804641][ T7139] netlink: 72 bytes leftover after parsing attributes in process `syz.0.493'. [ 154.887672][ T7134] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4031: comm syz.2.492: Allocating blocks 497-513 which overlap fs metadata [ 154.913585][ T7139] netlink: 72 bytes leftover after parsing attributes in process `syz.0.493'. [ 154.946287][ T7134] EXT4-fs (loop2): pa ffff8880776350e8: logic 256, phys. 385, len 8 [ 154.955777][ T7134] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5372: group 0, free 0, pa_free 1 [ 155.019184][ T7144] vlan2: entered allmulticast mode [ 155.165454][ T5793] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 155.447543][ T7152] loop2: detected capacity change from 0 to 1024 [ 155.475131][ T7152] EXT4-fs: Ignoring removed orlov option [ 155.480868][ T7152] EXT4-fs: Ignoring removed nomblk_io_submit option [ 155.535968][ T7156] loop1: detected capacity change from 0 to 512 [ 155.544105][ T7152] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 155.594779][ T7160] loop3: detected capacity change from 0 to 128 [ 155.650233][ T7156] EXT4-fs warning (device loop1): ext4_enable_quotas:7175: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 155.753811][ T7156] EXT4-fs (loop1): mount failed [ 155.767967][ T7165] netlink: 72 bytes leftover after parsing attributes in process `syz.3.503'. [ 155.822861][ T7165] netlink: 72 bytes leftover after parsing attributes in process `syz.3.503'. [ 155.864618][ T5793] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.037264][ T7169] netlink: 14 bytes leftover after parsing attributes in process `syz.3.505'. [ 156.049057][ T7169] hsr_slave_0: left promiscuous mode [ 156.059947][ T7169] hsr_slave_1: left promiscuous mode [ 156.633593][ T7187] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.509'. [ 156.680942][ T7183] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.509'. [ 157.051395][ T7195] program syz.2.512 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 157.220007][ T7197] netlink: 72 bytes leftover after parsing attributes in process `syz.0.513'. [ 157.245142][ T7197] netlink: 72 bytes leftover after parsing attributes in process `syz.0.513'. [ 157.718526][ T7207] netlink: 28 bytes leftover after parsing attributes in process `syz.0.520'. [ 157.762811][ T7211] loop2: detected capacity change from 0 to 256 [ 157.773418][ T7211] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 157.822728][ T7211] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 158.894827][ T28] kauditd_printk_skb: 38 callbacks suppressed [ 158.894842][ T28] audit: type=1326 audit(1760024571.946:1118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7242 comm="syz.2.532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 158.981708][ T28] audit: type=1326 audit(1760024571.946:1119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7242 comm="syz.2.532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 159.071744][ T28] audit: type=1326 audit(1760024571.976:1120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7242 comm="syz.2.532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 159.157403][ T28] audit: type=1326 audit(1760024571.976:1121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7242 comm="syz.2.532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 159.351089][ T6580] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 159.384607][ T6580] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 159.402790][ T7259] xt_CT: You must specify a L4 protocol and not use inversions on it [ 159.467922][ T7261] batman_adv: batadv0: Adding interface: dummy0 [ 159.485278][ T7261] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 159.542444][ T7261] batman_adv: batadv0: Interface activated: dummy0 [ 159.576741][ T28] audit: type=1326 audit(1760024572.626:1122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7264 comm="syz.2.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 159.599050][ C1] vkms_vblank_simulate: vblank timer overrun [ 159.600626][ T7263] batadv0: mtu less than device minimum [ 159.621460][ T28] audit: type=1326 audit(1760024572.666:1123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7264 comm="syz.2.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 159.622657][ T7263] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 159.649084][ T28] audit: type=1326 audit(1760024572.666:1124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7264 comm="syz.2.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 159.657216][ T7263] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 159.689816][ T7263] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 159.702475][ T7263] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 159.715059][ T7263] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 159.727720][ T7263] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 159.740524][ T7263] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 159.753459][ T7263] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 159.761474][ T28] audit: type=1326 audit(1760024572.666:1125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7264 comm="syz.2.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 159.766282][ T7263] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 159.786645][ C1] vkms_vblank_simulate: vblank timer overrun [ 159.804088][ T28] audit: type=1326 audit(1760024572.666:1126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7264 comm="syz.2.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 159.831488][ T28] audit: type=1326 audit(1760024572.666:1127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7264 comm="syz.2.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 159.930223][ T7267] atomic_op ffff888024945998 conn xmit_atomic 0000000000000000 [ 159.951577][ T7269] __nla_validate_parse: 7 callbacks suppressed [ 159.951599][ T7269] netlink: 4 bytes leftover after parsing attributes in process `syz.0.542'. [ 159.974132][ T7269] netlink: 4 bytes leftover after parsing attributes in process `syz.0.542'. [ 160.137131][ T7274] netlink: 72 bytes leftover after parsing attributes in process `syz.0.547'. [ 160.148326][ T7274] netlink: 72 bytes leftover after parsing attributes in process `syz.0.547'. [ 160.622482][ T7276] xt_CT: You must specify a L4 protocol and not use inversions on it [ 160.753265][ T7291] netlink: 'syz.0.552': attribute type 13 has an invalid length. [ 160.827538][ T7291] gretap0: refused to change device tx_queue_len [ 161.133638][ T7300] netlink: 4 bytes leftover after parsing attributes in process `syz.3.554'. [ 161.158968][ T7300] netlink: 4 bytes leftover after parsing attributes in process `syz.3.554'. [ 161.386495][ T7311] netlink: 72 bytes leftover after parsing attributes in process `syz.0.559'. [ 161.410559][ T7311] netlink: 72 bytes leftover after parsing attributes in process `syz.0.559'. [ 161.952697][ T7328] loop0: detected capacity change from 0 to 2048 [ 162.004924][ T7328] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 162.046684][ T7328] syz.0.567[7328] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 162.046878][ T7328] syz.0.567[7328] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 162.308530][ T7340] netlink: 72 bytes leftover after parsing attributes in process `syz.1.571'. [ 162.367966][ T7342] netlink: 72 bytes leftover after parsing attributes in process `syz.1.571'. [ 162.740912][ T7335] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 162.876524][ T3475] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 162.925035][ T3475] EXT4-fs (loop0): This should not happen!! Data will be lost [ 162.925035][ T3475] [ 162.937748][ T3475] EXT4-fs (loop0): Total free blocks count 0 [ 162.947881][ T3475] EXT4-fs (loop0): Free/Dirty block details [ 162.956631][ T3475] EXT4-fs (loop0): free_blocks=2415919504 [ 162.966225][ T3475] EXT4-fs (loop0): dirty_blocks=3264 [ 162.974971][ T3475] EXT4-fs (loop0): Block reservation details [ 162.991998][ T3475] EXT4-fs (loop0): i_reserved_data_blocks=204 [ 163.092007][ T7363] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.102702][ T7363] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 163.121427][ T3475] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 1214 with error 28 [ 163.384224][ T7370] xt_CT: You must specify a L4 protocol and not use inversions on it [ 164.047539][ T7369] bridge0: entered promiscuous mode [ 164.080176][ T7379] loop2: detected capacity change from 0 to 512 [ 164.083753][ T7369] bridge0: port 3(macsec1) entered blocking state [ 164.099506][ T7369] bridge0: port 3(macsec1) entered disabled state [ 164.133963][ T7369] macsec1: entered allmulticast mode [ 164.163420][ T7369] bridge0: entered allmulticast mode [ 164.170108][ T7379] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 164.187680][ T7379] ext4 filesystem being mounted at /148/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 164.204837][ T7369] macsec1: left allmulticast mode [ 164.235990][ T7369] bridge0: left allmulticast mode [ 164.247536][ T7369] bridge0: left promiscuous mode [ 164.324154][ T7382] netlink: 'syz.1.589': attribute type 21 has an invalid length. [ 164.337672][ T5793] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 164.671912][ T7396] Driver unsupported XDP return value 0 on prog (id 309) dev N/A, expect packet loss! [ 165.782675][ T7412] netlink: 'syz.3.601': attribute type 21 has an invalid length. [ 165.844736][ T7412] __nla_validate_parse: 4 callbacks suppressed [ 165.844756][ T7412] netlink: 132 bytes leftover after parsing attributes in process `syz.3.601'. [ 165.886581][ T7412] netlink: 20 bytes leftover after parsing attributes in process `syz.3.601'. [ 166.577878][ T7433] IPv6: Can't replace route, no match found [ 166.604666][ T7435] loop1: detected capacity change from 0 to 256 [ 166.768048][ T7435] FAT-fs (loop1): Directory bread(block 64) failed [ 166.785699][ T7435] FAT-fs (loop1): Directory bread(block 65) failed [ 166.796379][ T7435] FAT-fs (loop1): Directory bread(block 66) failed [ 166.803408][ T7435] FAT-fs (loop1): Directory bread(block 67) failed [ 166.810293][ T7435] FAT-fs (loop1): Directory bread(block 68) failed [ 166.817479][ T7435] FAT-fs (loop1): Directory bread(block 69) failed [ 166.827741][ T7435] FAT-fs (loop1): Directory bread(block 70) failed [ 166.836786][ T7435] FAT-fs (loop1): Directory bread(block 71) failed [ 166.846453][ T7435] FAT-fs (loop1): Directory bread(block 72) failed [ 166.853891][ T7435] FAT-fs (loop1): Directory bread(block 73) failed [ 167.257228][ T7451] 9pnet_fd: Insufficient options for proto=fd [ 167.297834][ T7453] netlink: 4 bytes leftover after parsing attributes in process `syz.0.619'. [ 167.437807][ T7457] netlink: 'syz.2.621': attribute type 21 has an invalid length. [ 167.461819][ T7457] netlink: 132 bytes leftover after parsing attributes in process `syz.2.621'. [ 167.492951][ T7457] netlink: 20 bytes leftover after parsing attributes in process `syz.2.621'. [ 167.628150][ T7464] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 167.797126][ T7472] 9pnet_fd: Insufficient options for proto=fd [ 168.344294][ T7487] netlink: 'syz.2.634': attribute type 21 has an invalid length. [ 168.360623][ T7487] netlink: 132 bytes leftover after parsing attributes in process `syz.2.634'. [ 168.393818][ T7487] netlink: 20 bytes leftover after parsing attributes in process `syz.2.634'. [ 168.643249][ T7497] 9pnet_fd: Insufficient options for proto=fd [ 168.923472][ T7507] netlink: 8 bytes leftover after parsing attributes in process `syz.3.642'. [ 168.936161][ T28] kauditd_printk_skb: 40 callbacks suppressed [ 168.936175][ T28] audit: type=1326 audit(1760024581.986:1168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7508 comm="syz.2.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 168.986580][ T28] audit: type=1326 audit(1760024581.986:1169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7508 comm="syz.2.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 169.051090][ T28] audit: type=1326 audit(1760024582.016:1170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7508 comm="syz.2.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 169.108231][ T28] audit: type=1326 audit(1760024582.016:1171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7508 comm="syz.2.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 169.162067][ T28] audit: type=1326 audit(1760024582.016:1172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7508 comm="syz.2.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 169.202255][ T7514] netlink: 8 bytes leftover after parsing attributes in process `syz.3.644'. [ 169.232371][ T28] audit: type=1326 audit(1760024582.016:1173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7508 comm="syz.2.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 169.255769][ T7516] netlink: 'syz.2.645': attribute type 21 has an invalid length. [ 169.273475][ T7516] netlink: 132 bytes leftover after parsing attributes in process `syz.2.645'. [ 169.282971][ T28] audit: type=1326 audit(1760024582.016:1174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7508 comm="syz.2.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 169.283026][ T28] audit: type=1326 audit(1760024582.016:1175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7508 comm="syz.2.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 169.453786][ T28] audit: type=1326 audit(1760024582.016:1176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7508 comm="syz.2.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 169.533132][ T7528] 9pnet_fd: Insufficient options for proto=fd [ 169.543655][ T28] audit: type=1326 audit(1760024582.026:1177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7508 comm="syz.2.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff84db8eec9 code=0x7ffc0000 [ 169.594376][ T7527] netlink: 'syz.2.650': attribute type 5 has an invalid length. [ 170.193798][ T7553] netlink: 'syz.1.660': attribute type 21 has an invalid length. [ 170.384567][ T7560] 9pnet_fd: Insufficient options for proto=fd [ 170.385991][ T7559] RDS: rds_bind could not find a transport for ::ffff:100.1.1.0, load rds_tcp or rds_rdma? [ 170.480876][ T7562] 9pnet_fd: Insufficient options for proto=fd [ 170.997133][ T7582] netlink: 'syz.0.671': attribute type 21 has an invalid length. [ 171.005288][ T7582] __nla_validate_parse: 5 callbacks suppressed [ 171.005302][ T7582] netlink: 132 bytes leftover after parsing attributes in process `syz.0.671'. [ 171.021129][ T7582] netlink: 20 bytes leftover after parsing attributes in process `syz.0.671'. [ 171.230791][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.251713][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.289715][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.307145][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.326789][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.336918][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.345910][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.356364][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.364464][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.372381][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.380060][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.388411][ T7597] 9pnet_fd: Insufficient options for proto=fd [ 171.423826][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.459806][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.489990][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.513208][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.528751][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.547461][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.573020][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.590382][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.611708][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.634311][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.659305][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.675060][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.688014][ T7605] loop1: detected capacity change from 0 to 1024 [ 171.696961][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.723307][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.737948][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.754384][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.772654][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.794076][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.806317][ T7605] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 171.824837][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.833143][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.840817][ T7605] ext4 filesystem being mounted at /181/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 171.854472][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.864639][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.881359][ T7605] EXT4-fs error (device loop1): ext4_map_blocks:718: inode #15: comm syz.1.681: lblock 0 mapped to illegal pblock 0 (length 1) [ 171.911741][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.926452][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.928836][ T7605] EXT4-fs error (device loop1): ext4_ext_remove_space:2929: inode #15: comm syz.1.681: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 171.949325][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.985338][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 172.002968][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 172.010622][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 172.021013][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 172.028854][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 172.036823][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 172.045274][ T6580] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 172.048347][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 172.065294][ T6580] hid-generic 0000:0000:0000.0003: hidraw0: HID v8.00 Device [syz0] on syz0 [ 172.133939][ T7614] netlink: 'syz.2.684': attribute type 21 has an invalid length. [ 172.151779][ T7614] netlink: 132 bytes leftover after parsing attributes in process `syz.2.684'. [ 172.173679][ T7614] netlink: 20 bytes leftover after parsing attributes in process `syz.2.684'. [ 172.292496][ T7615] fido_id[7615]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 173.107725][ T7630] loop2: detected capacity change from 0 to 1024 [ 173.159015][ T7630] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 173.188466][ T7630] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 173.236116][ T7630] JBD2: no valid journal superblock found [ 173.251632][ T7630] EXT4-fs (loop2): Could not load journal inode [ 173.467445][ T7639] netlink: 'syz.3.695': attribute type 21 has an invalid length. [ 173.480077][ T7639] netlink: 132 bytes leftover after parsing attributes in process `syz.3.695'. [ 173.497171][ T7639] netlink: 20 bytes leftover after parsing attributes in process `syz.3.695'. [ 173.943731][ T28] kauditd_printk_skb: 506 callbacks suppressed [ 173.943745][ T28] audit: type=1326 audit(1760024586.996:1684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.1.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa342dc1785 code=0x7ffc0000 [ 173.997644][ T28] audit: type=1326 audit(1760024587.036:1685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.1.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa342d85d67 code=0x7ffc0000 [ 174.032493][ T28] audit: type=1326 audit(1760024587.036:1686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.1.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa342dc1785 code=0x7ffc0000 [ 174.061857][ T28] audit: type=1326 audit(1760024587.036:1687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.1.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa342d2af79 code=0x7ffc0000 [ 174.089308][ T28] audit: type=1326 audit(1760024587.036:1688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.1.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=76 compat=0 ip=0x7fa342d8eec9 code=0x7ffc0000 [ 174.117492][ T28] audit: type=1326 audit(1760024587.036:1689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.1.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa342dc1785 code=0x7ffc0000 [ 174.168736][ T28] audit: type=1326 audit(1760024587.036:1691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.1.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa342dc1785 code=0x7ffc0000 [ 174.213471][ T28] audit: type=1326 audit(1760024587.036:1690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.1.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa342d85d67 code=0x7ffc0000 [ 174.236424][ T28] audit: type=1326 audit(1760024587.036:1692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.1.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa342d2af79 code=0x7ffc0000 [ 174.270064][ T7659] netlink: 'syz.3.705': attribute type 4 has an invalid length. [ 174.270146][ T28] audit: type=1326 audit(1760024587.036:1693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.1.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=76 compat=0 ip=0x7fa342d8eec9 code=0x7ffc0000 [ 174.533520][ T7664] netlink: 'syz.3.707': attribute type 21 has an invalid length. [ 174.551847][ T7664] netlink: 132 bytes leftover after parsing attributes in process `syz.3.707'. [ 174.560908][ T7664] netlink: 20 bytes leftover after parsing attributes in process `syz.3.707'. [ 175.401212][ T7743] netlink: 'syz.2.719': attribute type 21 has an invalid length. [ 175.416211][ T7743] netlink: 132 bytes leftover after parsing attributes in process `syz.2.719'. [ 175.426198][ T7743] netlink: 20 bytes leftover after parsing attributes in process `syz.2.719'. [ 175.949218][ T7766] capability: warning: `syz.2.723' uses deprecated v2 capabilities in a way that may be insecure [ 176.384378][ T7781] netlink: 'syz.0.728': attribute type 21 has an invalid length. [ 176.395069][ T7781] netlink: 132 bytes leftover after parsing attributes in process `syz.0.728'. [ 176.407580][ T7781] netlink: 20 bytes leftover after parsing attributes in process `syz.0.728'. [ 177.504926][ T7784] loop2: detected capacity change from 0 to 512 [ 177.653178][ T7784] EXT4-fs error (device loop2): ext4_xattr_inode_iget:445: comm syz.2.730: error while reading EA inode 32 err=-116 [ 177.723963][ T7784] EXT4-fs error (device loop2): ext4_xattr_inode_iget:445: comm syz.2.730: error while reading EA inode 32 err=-116 [ 177.790436][ T7790] netlink: 28 bytes leftover after parsing attributes in process `syz.3.732'. [ 177.821311][ T7784] EXT4-fs (loop2): 1 orphan inode deleted [ 177.852211][ T7784] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 177.972657][ T7784] EXT4-fs error (device loop2): ext4_lookup:1862: inode #2: comm syz.2.730: deleted inode referenced: 15 [ 178.217690][ T5793] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.606717][ T7803] netlink: 'syz.0.739': attribute type 21 has an invalid length. [ 178.623114][ T7803] netlink: 132 bytes leftover after parsing attributes in process `syz.0.739'. [ 178.636644][ T7803] netlink: 20 bytes leftover after parsing attributes in process `syz.0.739'. [ 179.085197][ T7819] netlink: 4 bytes leftover after parsing attributes in process `syz.3.746'. [ 179.268241][ T7823] netlink: 'syz.0.748': attribute type 21 has an invalid length. [ 179.289470][ T7826] loop2: detected capacity change from 0 to 512 [ 179.301671][ T7823] netlink: 132 bytes leftover after parsing attributes in process `syz.0.748'. [ 179.310739][ T7823] netlink: 20 bytes leftover after parsing attributes in process `syz.0.748'. [ 179.356199][ T7826] EXT4-fs (loop2): orphan cleanup on readonly fs [ 179.373651][ T7826] ------------[ cut here ]------------ [ 179.379209][ T7826] WARNING: CPU: 0 PID: 7826 at fs/ext4/xattr.c:1923 ext4_xattr_block_set+0x2a7a/0x32a0 [ 179.389231][ T7826] Modules linked in: [ 179.393300][ T7826] CPU: 0 PID: 7826 Comm: syz.2.749 Not tainted syzkaller #0 [ 179.400638][ T7826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 179.410867][ T7826] RIP: 0010:ext4_xattr_block_set+0x2a7a/0x32a0 [ 179.417615][ T7826] Code: ff 48 8b 5c 24 18 48 8d 7b 28 be 08 00 00 00 e8 5c c4 9a ff f0 80 63 28 fd eb 1b e8 c0 6a 43 ff e9 2f f1 ff ff e8 b6 6a 43 ff <0f> 0b e9 72 d7 ff ff e8 aa 6a 43 ff 48 b8 00 00 00 00 00 fc ff df [ 179.438143][ T7826] RSP: 0018:ffffc900038b72a0 EFLAGS: 00010283 [ 179.444441][ T7826] RAX: ffffffff8242201a RBX: ffffc900038b75a8 RCX: 0000000000080000 [ 179.452908][ T7826] RDX: ffffc9000d7bc000 RSI: 00000000000126a3 RDI: 00000000000126a4 [ 179.461064][ T7826] RBP: ffffc900038b7490 R08: 00000000ffffffc3 R09: 00000000ffffffc3 [ 179.469251][ T7826] R10: ffff88807e86a400 R11: ffff88807e86a020 R12: 0000000000000000 [ 179.477407][ T7826] R13: 1ffff92000716eb6 R14: 1ffff92000716eb5 R15: ffffc900038b75b0 [ 179.485498][ T7826] FS: 00007ff84ea0f6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 179.494562][ T7826] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 179.501201][ T7826] CR2: ffffffffd88f0000 CR3: 000000001a7c1000 CR4: 00000000003506f0 [ 179.509357][ T7826] Call Trace: [ 179.512827][ T7826] [ 179.515852][ T7826] ? __might_sleep+0xe0/0xe0 [ 179.520524][ T7826] ? __getblk_gfp+0x54/0x660 [ 179.525256][ T7826] ? xattr_find_entry+0x12b/0x2f0 [ 179.530809][ T7826] ? ext4_xattr_block_find+0x350/0x350 [ 179.536621][ T7826] ? ext4_xattr_block_find+0x2d4/0x350 [ 179.542202][ T7826] ext4_expand_extra_isize_ea+0x10ea/0x19e0 [ 179.548212][ T7826] __ext4_expand_extra_isize+0x306/0x400 [ 179.554004][ T7826] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 179.559550][ T7826] ext4_evict_inode+0x7ed/0xea0 [ 179.564565][ T7826] ? _raw_spin_unlock+0x28/0x40 [ 179.569483][ T7826] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 179.575548][ T7826] ? do_raw_spin_unlock+0x121/0x230 [ 179.580821][ T7826] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 179.586879][ T7826] evict+0x486/0x870 [ 179.590832][ T7826] ? __lock_acquire+0x7c80/0x7c80 [ 179.596014][ T7826] ? proc_nr_inodes+0x230/0x230 [ 179.600923][ T7826] ? do_raw_spin_unlock+0x121/0x230 [ 179.606231][ T7826] ? _raw_spin_unlock+0x28/0x40 [ 179.611192][ T7826] ? iput+0x70a/0x920 [ 179.615317][ T7826] ext4_orphan_cleanup+0xbd4/0x1400 [ 179.620594][ T7826] ? ext4_orphan_del+0xba0/0xba0 [ 179.625775][ T7826] ? ext4_register_li_request+0x183/0x940 [ 179.632080][ T7826] ? errseq_check_and_advance+0x66/0x120 [ 179.637780][ T7826] ext4_fill_super+0x5de7/0x66c0 [ 179.643030][ T7826] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 179.649342][ T7826] ? vscnprintf+0x80/0x80 [ 179.653893][ T7826] ? down_read_killable+0x340/0x340 [ 179.659257][ T7826] ? setup_bdev_super+0x56b/0x660 [ 179.664438][ T7826] get_tree_bdev+0x3e4/0x510 [ 179.669148][ T7826] ? vfs_parse_fs_string+0x160/0x160 [ 179.674604][ T7826] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 179.680914][ T7826] ? setup_bdev_super+0x660/0x660 [ 179.686070][ T7826] ? apparmor_capable+0x137/0x1a0 [ 179.691156][ T7826] ? bpf_lsm_capable+0x9/0x10 [ 179.696374][ T7826] ? security_capable+0x89/0xb0 [ 179.701299][ T7826] vfs_get_tree+0x8c/0x280 [ 179.705875][ T7826] do_new_mount+0x24b/0xa40 [ 179.710444][ T7826] __se_sys_mount+0x2da/0x3c0 [ 179.715296][ T7826] ? __x64_sys_mount+0xc0/0xc0 [ 179.720117][ T7826] ? lockdep_hardirqs_on+0x98/0x150 [ 179.725448][ T7826] ? __x64_sys_mount+0x20/0xc0 [ 179.730350][ T7826] do_syscall_64+0x55/0xb0 [ 179.735323][ T7826] ? clear_bhb_loop+0x40/0x90 [ 179.740053][ T7826] ? clear_bhb_loop+0x40/0x90 [ 179.744948][ T7826] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 179.751058][ T7826] RIP: 0033:0x7ff84db9066a [ 179.755727][ T7826] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.775577][ T7826] RSP: 002b:00007ff84ea0ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 179.784280][ T7826] RAX: ffffffffffffffda RBX: 00007ff84ea0eef0 RCX: 00007ff84db9066a [ 179.792374][ T7826] RDX: 0000200000000180 RSI: 0000200000000000 RDI: 00007ff84ea0eeb0 [ 179.800399][ T7826] RBP: 0000200000000180 R08: 00007ff84ea0eef0 R09: 000000000080078b [ 179.808566][ T7826] R10: 000000000080078b R11: 0000000000000246 R12: 0000200000000000 [ 179.816681][ T7826] R13: 00007ff84ea0eeb0 R14: 000000000000047e R15: 0000200000000680 [ 179.824771][ T7826] [ 179.827822][ T7826] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 179.835139][ T7826] CPU: 0 PID: 7826 Comm: syz.2.749 Not tainted syzkaller #0 [ 179.842460][ T7826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 179.852541][ T7826] Call Trace: [ 179.855872][ T7826] [ 179.858833][ T7826] dump_stack_lvl+0x16c/0x230 [ 179.863624][ T7826] ? show_regs_print_info+0x20/0x20 [ 179.868869][ T7826] ? load_image+0x3b0/0x3b0 [ 179.873399][ T7826] panic+0x2c0/0x710 [ 179.877339][ T7826] ? bpf_jit_dump+0xd0/0xd0 [ 179.881907][ T7826] __warn+0x2e0/0x470 [ 179.885916][ T7826] ? ext4_xattr_block_set+0x2a7a/0x32a0 [ 179.891489][ T7826] ? ext4_xattr_block_set+0x2a7a/0x32a0 [ 179.897061][ T7826] report_bug+0x2be/0x4f0 [ 179.901410][ T7826] ? ext4_xattr_block_set+0x2a7a/0x32a0 [ 179.906977][ T7826] ? ext4_xattr_block_set+0x2a7a/0x32a0 [ 179.912541][ T7826] ? ext4_xattr_block_set+0x2a7c/0x32a0 [ 179.918106][ T7826] handle_bug+0xcf/0x120 [ 179.922373][ T7826] exc_invalid_op+0x1a/0x50 [ 179.926894][ T7826] asm_exc_invalid_op+0x1a/0x20 [ 179.931765][ T7826] RIP: 0010:ext4_xattr_block_set+0x2a7a/0x32a0 [ 179.938329][ T7826] Code: ff 48 8b 5c 24 18 48 8d 7b 28 be 08 00 00 00 e8 5c c4 9a ff f0 80 63 28 fd eb 1b e8 c0 6a 43 ff e9 2f f1 ff ff e8 b6 6a 43 ff <0f> 0b e9 72 d7 ff ff e8 aa 6a 43 ff 48 b8 00 00 00 00 00 fc ff df [ 179.958043][ T7826] RSP: 0018:ffffc900038b72a0 EFLAGS: 00010283 [ 179.964238][ T7826] RAX: ffffffff8242201a RBX: ffffc900038b75a8 RCX: 0000000000080000 [ 179.972236][ T7826] RDX: ffffc9000d7bc000 RSI: 00000000000126a3 RDI: 00000000000126a4 [ 179.980230][ T7826] RBP: ffffc900038b7490 R08: 00000000ffffffc3 R09: 00000000ffffffc3 [ 179.988215][ T7826] R10: ffff88807e86a400 R11: ffff88807e86a020 R12: 0000000000000000 [ 179.996201][ T7826] R13: 1ffff92000716eb6 R14: 1ffff92000716eb5 R15: ffffc900038b75b0 [ 180.004195][ T7826] ? ext4_xattr_block_set+0x2a7a/0x32a0 [ 180.009774][ T7826] ? __might_sleep+0xe0/0xe0 [ 180.014399][ T7826] ? __getblk_gfp+0x54/0x660 [ 180.019010][ T7826] ? xattr_find_entry+0x12b/0x2f0 [ 180.024060][ T7826] ? ext4_xattr_block_find+0x350/0x350 [ 180.029551][ T7826] ? ext4_xattr_block_find+0x2d4/0x350 [ 180.035067][ T7826] ext4_expand_extra_isize_ea+0x10ea/0x19e0 [ 180.041018][ T7826] __ext4_expand_extra_isize+0x306/0x400 [ 180.046689][ T7826] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 180.052181][ T7826] ext4_evict_inode+0x7ed/0xea0 [ 180.057055][ T7826] ? _raw_spin_unlock+0x28/0x40 [ 180.062022][ T7826] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 180.067935][ T7826] ? do_raw_spin_unlock+0x121/0x230 [ 180.073242][ T7826] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 180.079150][ T7826] evict+0x486/0x870 [ 180.083062][ T7826] ? __lock_acquire+0x7c80/0x7c80 [ 180.088112][ T7826] ? proc_nr_inodes+0x230/0x230 [ 180.092975][ T7826] ? do_raw_spin_unlock+0x121/0x230 [ 180.098196][ T7826] ? _raw_spin_unlock+0x28/0x40 [ 180.103063][ T7826] ? iput+0x70a/0x920 [ 180.107064][ T7826] ext4_orphan_cleanup+0xbd4/0x1400 [ 180.112295][ T7826] ? ext4_orphan_del+0xba0/0xba0 [ 180.117262][ T7826] ? ext4_register_li_request+0x183/0x940 [ 180.123091][ T7826] ? errseq_check_and_advance+0x66/0x120 [ 180.128747][ T7826] ext4_fill_super+0x5de7/0x66c0 [ 180.133777][ T7826] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 180.140084][ T7826] ? vscnprintf+0x80/0x80 [ 180.144434][ T7826] ? down_read_killable+0x340/0x340 [ 180.149664][ T7826] ? setup_bdev_super+0x56b/0x660 [ 180.154707][ T7826] get_tree_bdev+0x3e4/0x510 [ 180.159321][ T7826] ? vfs_parse_fs_string+0x160/0x160 [ 180.164630][ T7826] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 180.170976][ T7826] ? setup_bdev_super+0x660/0x660 [ 180.176035][ T7826] ? apparmor_capable+0x137/0x1a0 [ 180.181194][ T7826] ? bpf_lsm_capable+0x9/0x10 [ 180.185893][ T7826] ? security_capable+0x89/0xb0 [ 180.190767][ T7826] vfs_get_tree+0x8c/0x280 [ 180.195287][ T7826] do_new_mount+0x24b/0xa40 [ 180.199807][ T7826] __se_sys_mount+0x2da/0x3c0 [ 180.204508][ T7826] ? __x64_sys_mount+0xc0/0xc0 [ 180.209287][ T7826] ? lockdep_hardirqs_on+0x98/0x150 [ 180.214503][ T7826] ? __x64_sys_mount+0x20/0xc0 [ 180.219299][ T7826] do_syscall_64+0x55/0xb0 [ 180.223729][ T7826] ? clear_bhb_loop+0x40/0x90 [ 180.228507][ T7826] ? clear_bhb_loop+0x40/0x90 [ 180.233204][ T7826] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 180.239113][ T7826] RIP: 0033:0x7ff84db9066a [ 180.243542][ T7826] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 180.263249][ T7826] RSP: 002b:00007ff84ea0ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 180.271687][ T7826] RAX: ffffffffffffffda RBX: 00007ff84ea0eef0 RCX: 00007ff84db9066a [ 180.279668][ T7826] RDX: 0000200000000180 RSI: 0000200000000000 RDI: 00007ff84ea0eeb0 [ 180.287671][ T7826] RBP: 0000200000000180 R08: 00007ff84ea0eef0 R09: 000000000080078b [ 180.295778][ T7826] R10: 000000000080078b R11: 0000000000000246 R12: 0000200000000000 [ 180.303777][ T7826] R13: 00007ff84ea0eeb0 R14: 000000000000047e R15: 0000200000000680 [ 180.311782][ T7826] [ 180.315142][ T7826] Kernel Offset: disabled [ 180.319637][ T7826] Rebooting in 86400 seconds..