last executing test programs: 7.270617127s ago: executing program 2 (id=801): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@remote, 0x800, 0x0, 0x3}, 0x20) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, 0x0, 0x0) sendmsg$NL80211_CMD_SET_NOACK_MAP(0xffffffffffffffff, 0x0, 0x0) msgsnd(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="f5"], 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000140)={{0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x100, 0x0, 0xffffffffffffffff}) 5.199938186s ago: executing program 2 (id=804): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r3}, 0x10) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='attr\x00') fchdir(r4) 5.190480477s ago: executing program 3 (id=805): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000180)='./file1\x00', 0x4810, &(0x7f0000000100)=ANY=[@ANYRES8=0x0, @ANYRESHEX, @ANYRESHEX], 0x11, 0x6a0, &(0x7f0000004200)="$eJzs3c1vHGcdB/DvrNcvm0qO26ZpQJUwjVRQIxI7VgrhkoAQClKFqnDgbDVOY8VJg+OitAfiAhJXDvwB5RAucAIhJCSkSOUMt4qbxakSEpee0h4YNLOz9trd9UvebMPnE80+zzPPzDO/+c3LvkTWBPi/delU2vfTyaVTr9+p2mv35pbW7s3d6NWTjCdpJe1ukeJmUnyYXEx3yheqmc1wxbDt/Grx/OWPPln7uNtqZ2O86qUzPMD2bvZitZkynWSkKR/BpvHefLjxxjeqxXpmqoSd7CUO9ttoknKTHx3f6BmkHOlrDL3egcOj6L5v9ule/1PJkSQTvTe01W5n6+lHuKM93YtWn1wcAAAAcGAcfXA3uZPJ/Y4DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADpPm+f9FM7V69ekUvef/j/U9Y39sn8MdbvvIJnqV+62nEQwAAAAAAAAAPFlfepDfXi7LyV67LOr/83+5bhyrX5/JO7mdhSzndO5kPitZyXJmk0z1DTR2Z35lZXm2t+ZnZVkOWfPswDXP7jLgzuPYawAAAAAAAAD4n3GhKX+aS5nc51gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCTIhnpFvV0rFefSqudZCLJWLXcavL3Xv0wu7/fAQAAAMBTcPRBHuROJnvtsqi/8x+vv/dP5J3czEoWs5KlLORK/VtA91t/a+3e3NLavbkb1fT5cb/17436HyZ3DKMeMd3fHgZv+US9RCdXs1jPOZ0383aWciWtes3KiV48g+N6v4qpuNBVlrtL0JWmrPb8l015MEzVGRldz8hME1uVjWe3z0T/0XmILc2mtf7Lz7E95PzCtlsp/tM7Jkd6c5Jnvrdzzkf3tDOPZGsmzvadfce3z0TylT/+7ofXlm5ev1asnjo4p9EejP9z46rZmom5vky8uOtMXL19ODOxVSsvrNcv5bv5QU5lOm9kOYv5ceazkoVM5zt1bb45n6vXqe0zdXFT642dohhrjsvIlpi+fLRbbhfTy/W6k1nM9/N2rmQhr9X/zmY2X8+5nMv5viP8wi6u+taAq/5Pw4M/+dWm0knyi6Y8GKq8PtuX1/577lTd1z+nlXK8u95zj+3euK79xaZSHYmfNeXBsJ6Jiay/S/Sie76XgdGBmfh1fVu5vXTz+vK1+Vtbxi1WB2/vlWze/T3dSEb2svBeVefLc9XBqlubz46q7/mBfbN137H1vtbWvt901vt2ulLHms9wnx/pbN334sC+ubrvRF/fxuetz8qy7H7eAuDAO/LqkbHOvzp/63zQ+XnnWuf1iW+Pf2P8pbGM/nX0m+2ZkVdaLxW/zwf5SXb+hg4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOzo9rvvXZ9fWlpY3lIpy/LukK4nUkk72TTnL3/uWyZJ/TCg3Q9YLX2xldRz2mkqewvs7sPtzvsPm4R/NMfkqST8sVQmhp4/WyuflmV5MGLeTaVsHJR4nkDl1bIst11mX29LwFNwZuXGrTO3333va4s35t9aeGvh5vlz587PnD/32tyZq4tLCzPd1/2OEngS+j6BAwAAAAAAAAAAAIfE7v44p3i0v+0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeASXTqV9P0VmZ07PVO21e3NL1dSrbyz5aZJWkmI6KT5MLqY7ZapvuGLYdlaTyx99svZxt9Vupnr51nbr7c5qM2U6yUhTDjAxaGZ5d9h4RT3OreHjbTFsL4r1viphJ3uJg/323wAAAP//H4wcFQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) lseek(r0, 0x1, 0x0) getdents64(r0, 0xfffffffffffffffe, 0x29) 4.28489554s ago: executing program 2 (id=807): socket(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000002880)={[{@user_xattr}, {@nombcache}, {@journal_dev={'journal_dev', 0x3d, 0x1}}, {@usrjquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x7e}}, {@lazytime}, {@init_itable_val={'init_itable', 0x3d, 0x5}}, {@jqfmt_vfsold}, {@grpjquota}]}, 0xfe, 0x564, &(0x7f0000002240)="$eJzs3UtvVFUcAPD/nT54KiVBoi5MExZikCltfWDiApdGiSS6x0l7aUinDOlMCa0kwkI2bAwxMUYS4wdw75L4BfwUJEpCDGl04abmTu+Ugc70MQzMyPx+yYVz7qPnnDn3nPnfuTO5AQys8eyfQsRrEfFtEnGoadtw5BvH1/dbfXhtJluSWFv7/K8kknxdY/8k//9Annk1In77JuJEYXO51eWV+VK5nC7m+YnawuWJ6vLKyYsLpbl0Lr00NT19+t3pqQ/ef69rbX3r3D8/fHb349O3jq1+/8v9w7eTOBMH823N7XgK15sz4zGevyYjceaJHSe7UFg/SXpdAToylI/zkcjmgEMxlI964MX3dUSsAQMqMf5hQDXigMa1fZeug/83Hny0fgG0uf3D65+NxN76tdH+1eSxK6PsenesC+VnZfz6553b2RLd+xwCYFvXb0TEqeHhzfNfks9/nTu1g32eLMP8B8/P3Sz+ebtV/FPYiH+iRfxzoMXY7cT2479wv8VhSbc+pc7ivw9bxr8bN63GhiLilYh4qR7zjSQXLpbTbG57OSKOx8ieLL/V/ZzTq/fW2m1rjv+yJSu/EQvm9bg/vOfxY2ZLtdLTtLnZgxsRr7eMf5ON/k9a9H/26pzbYRlH0ztvtNu2ffufrbWfI95s2f+P7mglW9+fnKifDxONs2Kzv28e/b1d+b1uf9b/+7du/1jSfL+2uvsyftr7b9puW6fn/2jyRT09mq+7WqrVFicjRpNPN6+fenRsI9/YP2v/8WNbz3+tzv99EfHlDtt/88jNtrv2Q//P7qr/d5+498lXP7Yrf2f9/049dTxfs5P5b6cVfJrXDgAAAAAAAPpNISIORlIobqQLhWJx/fsdR2J/oVyp1k5cqCxdmo36b2XHYqTQuNN9qOn7EJP592Eb+akn8tMRcTgivhvaV88XZyrl2V43HgAAAAAAAAAAAAAAAAAAAPrEgTa//8/8MdTykNHnW0PgmfLIbxhc247/bjzpCehLu3//FzHAi6Kj0byv+/UAnj/v5jCgRnpdAaCXvP/D4DL+YXAZ/zC4jH8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqnNnz2bL2urDazNZfvbK8tJ85crJ2bQ6X1xYminOVBYvF+cqlblyWpypLGz398qVyuXJqVi6OlFLq7WJ6vLK+YXK0qXa+YsLpbn0fOppQwAAAAAAAAAAAAAAAAAAALBZdXllvlQup4sSEh0lhvujGhJNiVtdGN09npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMl/AQAA///VUDYA") r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="2400000021000f0000000000000000000a"], 0x24}}, 0x0) 4.159271051s ago: executing program 3 (id=809): syz_usb_connect(0x0, 0x24, &(0x7f0000000580)=ANY=[@ANYBLOB="120100009704e940cc590d988eb40000000109021200010000000009040000000801"], 0x0) 4.118584214s ago: executing program 4 (id=811): syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000080)='./bus\x00', 0xa00010, &(0x7f0000000700)=ANY=[], 0x6, 0x641, &(0x7f00000001c0)="$eJzs3c1vHGcdB/DvrNcbO6DUbZM2oEpYjVQQFolf5IK5NCCEfKhQVQ6crcRprGxcZLvIrRAy7xInDv0DysE3TkjcI5Uz3Hr1CVVC4tKTb0EzO7vexGvXrh2vTT+f6NnnmXlmnnnmt8/MzuzGmgBfWotTaT5KkcWpNzfL6Z3tufbO9tylurqdpCw3kmYnS7GaFB8nt9NJ+Vo5s16+OGg7H64svP3JZzufdqaadaqWbxy23tFs1SmTSUbq/CmtPx2nvdFOoWznzuD2jqHo7WEZsBvdwMGwPd5n6zirn/C4Bc6DovO5uc9EcjnJWH0dkPrs0Djb3p2+Y53lAAAA4IJ6bje72cyVYfcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALpL6+f9FnRrd8mSK7vP/W/W81OUL7dGwOwAAAAAAAAAAp+Abu9nNZq50px8X1W/+r1YTV6vXr+S9rGc5a7mZzSxlIxtZy0ySib6GWptLGxtrM0dYc3bgmrNns78AAAAAAAAA8H/qN1nc+/0fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACGaaTOi06xqNPVbnkijWaSsSStcrmt5F/d8gVRDJr56Oz7AQAAACcydszlyxvi53azm81cqWf9e7So7vlfqqrH8l5Ws5GVbKSd5dyt76HLu/7GzvZce2d77mGZ9rf9g/8eqytVi72vIQZt+Xq1xHjuZaWaczN3qs7cTaNas3S925/B/fp12afijdoRe3a3L1h/PuhbhKGYqCIy2ovIdN23MhrPHx6Jz313moduaSaN3jc/V59BzC/Xebk/fxhOzEcGz+5FopEqErN9o++lwyORfPPvf/3Z/fbqg/v31qfOzzD6gp4eE3N9kXj5Qkeieczlp6tIXOtNL+bH+WmmMpm3spaV/CJL2chyHtf1S/V4Ll8nDo/U7Sem3vq8nrTq96UzeI/Sp8n8qCot5dVq3StZSZF3czfLeb36N5uZfDfzmc9C3zt87cB+V/tWHfWN4x31N75VF8aT/LHOh63zkVrG9fm+uPafcy9Vdf1z9qL0wumfG5tfrwvlNn5b5+fDxFORmOmLxIuHR+Iv1bGx3l59sHb/wKuYraemX6vzcsT9vu9TYvjjphwvL2SsPpM8OTrKuhd7Z5kn49Wqf3Hp1DX21V2r6oqie6T+5MAjtVVfw+1vabaqe3lg3VxVd72v7onrrbybdu96CIBz7PK3L7fG/zP+z/GPxn83fn/8zbEfXvrepVdaGf3H6Peb0yOvNV4p/paP8qve/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAC6+9/8GCp3V5eG1xoHFx1uoWifpDPWWxLYdiF7kMET9zg7XOxOxe6MJJkUNX5ecAY8Gzc2nj481vr73/wnZWHS+8sv7O8Ojo/vzC9MP/63K17K+3l6c5r/xpfHV5ngVO196E/uL44V4++BgAAAAAAAAAAAHK0v7d5XP//vy/8lwbD3kcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYlucSvNRisxM35wup3e259pl6pb3lmwmaTSS4pdJ8XFyO52Uib7mijcO2M6HKwtvf/LZzqd7bTWr5ctG6/wEtuqUySQjdX5a7d05cXtFbw/LgN3oBg6G7X8BAAD//3hrAA8=") openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000840)=0x5) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket(0x2, 0x3, 0xff) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r4, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) sendmmsg$unix(r4, &(0x7f0000002fc0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="643c87cf2bd21d995e613d73613b1e78334efea0", 0x14}], 0x1}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000500)="7dcc2c9d4eaf588822e6a9cc8eec13d9754bb76c", 0x14}], 0x302}}], 0x2, 0x0) listen(r0, 0x5) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r5, 0x0, 0x0, 0x24000004, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r6 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r6, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0202ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100090c10000000010000000000", 0x58}], 0x1) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000000, 0x80010, 0xffffffffffffffff, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0) close(r8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f000000a300)) ioctl$SIOCSIFHWADDR(r8, 0x8b19, &(0x7f0000000000)={'wlan0\x00', @random="7cf1e97c9e4f"}) 3.838040657s ago: executing program 2 (id=813): unshare(0x2040600) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x7, 0x5, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@map_fd], {0x95, 0x0, 0x0, 0x7100}}, &(0x7f0000000040)='syzkaller\x00', 0x3, 0xee, &(0x7f0000000340)=""/238}, 0x22) 3.034596553s ago: executing program 2 (id=815): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) connect$unix(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000080)=0x7f) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000180)=0x7) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) r5 = socket$l2tp6(0xa, 0x2, 0x73) recvfrom(r5, 0x0, 0xff25, 0x25ff, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000100)=0x20241030) bpf$PROG_LOAD(0x5, 0x0, 0x0) read$dsp(r3, &(0x7f0000002200)=""/4121, 0x1019) 3.026518423s ago: executing program 4 (id=817): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) io_submit(0x0, 0x0, 0x0) kexec_load(0x0, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x6, 0xff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x9, 0x80}, 0xe) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$SNDCTL_DSP_RESET(r5, 0x80044dff, 0x1000000000000) 2.94117999s ago: executing program 1 (id=818): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000580)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000980)=@newqdisc={0x4c, 0x24, 0xd0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, {0x6, 0x2, [0x0]}}]}]}, 0x4c}, 0x1, 0x8100000000000000}, 0x0) 1.065786233s ago: executing program 2 (id=819): socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet6_dccp(0xa, 0x6, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = accept4(r0, &(0x7f00000000c0)=@in={0x2, 0x0, @loopback}, &(0x7f0000000000)=0x80, 0x80000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$unix(0x1, 0x2, 0x0) gettid() sendmmsg$unix(r3, &(0x7f0000000600)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=[@rights={{0x14, 0x1, 0x1, [r2]}}], 0x18}}], 0x1, 0x0) unshare(0x20020c00) sendmsg$nl_route(r1, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="b80000002100000228bd7000fddbdf25e90f1467060000070800000014000100fc00000000000000000000000000000814000100fe8000000000000000000000000000bb14000200fc01000000000000000000000000000114000200ff020000000000000000000000000001080010000004000014000100fe8000000000000000000000000000aa08000f00e30d00001400010000000000000000000000000000000001140011007465616d5f736c6176655f3100000000"], 0xb8}, 0x1, 0x0, 0x0, 0x40040}, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000840)=ANY=[@ANYBLOB="88008000080211000001080211000000505050505050d0ffed08d2e19a5c24a93497d82c0c7385ab2b292684bdcc895cde6a2fd251af6056ae618e6249d81ad4d0529e852eb69f1a48d2f2021981d964d5e260677f47278d7221016f636f1c41096b873d5f8d9902a46fe0e8ee9516ef17d91841e6c70304ecf3ae73e8a7d4b8a8530dafc01ff67988f3946f31bbd4354640e7e2bf93b2"], 0x28) unshare(0x20000400) sendmsg$IPSET_CMD_HEADER(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="a3a171ee33182d1200000000000000000000000011d9a0a441c6e654350fde455f6b5c322634d16199d38e06f490fab5850591d0715f08a60c6a9473390ce28d04fe385eefc3642d31ce3394df6e3b8dfae768ebe257d12a6aff33af705e1510d009734d57bb739cc50e57ad54335cf6859087d1a678535dca9ca487ba2a1f4a2576dd8641a893a055b9dcb8a1bafc64d4f3f8423ecd65b18fad1a49115e5e2870b79966df8b25fd9503ceb26ad69a000045670b5ce57c77cdc7e02f26f3a735784bf5736f6b3e9fbefd3b870ef91e0cdcd7bf"], 0x14}}, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000fc0)={0x0, 0x0, 0x0}, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0xfffc, @remote}], 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x0, 0x0, @loopback}], 0x1c) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=ANY=[@ANYBLOB="80000000ffffffffffff0802110000005050505050500000000000000000000064000000000a02020202020201000503000000710700000000000000"], 0x3c) r5 = socket$nl_audit(0x10, 0x3, 0x9) syz_emit_ethernet(0x7a, &(0x7f0000000900)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb86dd60de5c1db12e2b29d34a85b886468c2f00fe8000000000000000000000000000aaff0200000000000000000000000000010c23853c6e8874dd20880b0000180000000800000086dd08e313cd14b3e9c7159d0088be00000000100000000100000000000000080022eb0000000000000200000000"], 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, &(0x7f0000000700)={'veth1_macvtap\x00', 0x8000}) sendmmsg$inet6(r0, &(0x7f000000cf00)=[{{&(0x7f00000084c0)={0xa, 0xfffc, 0x0, @loopback}, 0x1c, &(0x7f0000000a40)=[{&(0x7f0000008500)="88", 0x1}, {&(0x7f0000000680)="3d9138afb8d4fb737c147b3b6eea1d015d47235afd837385575b410fe5f9000800007f81993d5f7a1ae000000080000000000000000000", 0x37}, {&(0x7f0000000ac0)="6d71c392ad568d0222e6f47a66344e0840c93c1ae900eabc3a7067737b5b5e658c281d37255a635c953cc2cacf37aab230e656de8babe49d469ceefb955181b049ea641cdac0dbae44755a48a35de84f4b9bfdb5b37fc89de645985d929516e67bc8c1c27c14b5a42f38044d3fc07fab94dd0b8dbfa0a6c1e1d7cfeefeeeec3141bca67e388387ba966c7195fb570a9ce49dc0fba5d7d6b1b099382fc7da15c2c32050a37d74d65e2cff968908a86bde5493ac63894800cc8371735044f60ef8dbce64c459877a00b1d5c0c78297d68105f633d2baa01583f108c0fd0000000000", 0xc5}, {&(0x7f0000001000)="6463eff0112940c9e753e6ed06934b0249f4c0c7546cc4c502c1d1c9c6307586c8f7295bb2fc2f660c4167c3698c3957413cdb678eadec941e4c2263575ccf0a7ecfad1c72deea9c4b45f0553bee6debb7485953710159ef855ca646f6708ad7cc1bc2ac443d5575ed9e75a57154f4f06056087cc5ffcb7a12319689225a338ac37274b15319ec4257e09a1b09363b263671a55dbf18636af2f8ea13b93b68cb75ad10d904166681a7d88fd2a901db5fdfc2f610b72907405b62dc8fb5551121806bd5da4d7e2926e68e8bca5fdc4aec5ce9f6d6a2f6f23070504ed760343f45416b0715967a81d71dd6051aa6dc759880d168065b0398059bea5cad610c76be6e64097b028ef26c25643d53a30a4b2e78b2592659bb1e34af2d83d2697048f9123324a7d1942bd38ee5890bb2af2dd04064f77558b54cf5da3884006985ef176900d3088857170d57ff537bc84ad03e5198853368eeaf5cec761d2a8d7980a69b701d55c6ee16d42bf347c44854b8ae32ca9e45319b9997710da1681ddf23187c370ef6d1e30fb0740f9967a2a1dcccc722ec011573df5ab41b73487296385d0d2beb0b910e20a4332e13d413a3f7a23bdc208c34637bf2aac50fb42c0d5ec77dc4aec64862dc3727b241683a99f258bd6f666a2bce2f72114baa668a3b8b8f61b63199348b453dcc6d05025628d1258bdac999abad600082b2b310a8667c1c5a62a838f55af18437dda6032c9a90fe7d0415ba143abeba473b270073f4aec8a34f108626f6b68c7d18c40ddb11dc264da5e088301995f8560059da4fa8bd26ab0fc8bbcfdf304ca7b0f94b82015b701c6033a6c3296d9aff5fc050cd4cb634a24188965da9b897b0d36423bed87bca9b5c3872c18bb41896fcbd0df4bdda80a55c2650416101a5d9d8d00bf456366454579f9da4be782dfd9673f1c471ab5a9c753f5edfff0f2a9fa470ae37e082f0a6667e5d0deafda501da740a449e7ac4bdfd8964c98ad96991206a810921febe1e864073c513ddef69be3b63c36d23b6ca3221b98418108753ab66b49cc562c2010613f1b198f53736b780be3ebff446d29bb3cdb0122e08d911845d1284c65cde51726062fc9a4de7146d5c583ebb116952de62393e61a448d30587ddbee00ab19926b37c182726ddccef25411a571e9254bb7602b1f1b3ce5b1bffb6c4413ef7131524be67e4cc36045d5a58f9bfc9d426db3635b59693ff3cb3645b187b2fe6fc68e1527cdd68c434a5ce9406d18dfebf030906ec5f43fe1f076fbd228d1be59cd17e058e57dcde5dd83a90e36da064286028f5bbcccf2d51123b3b95b0fdf221a8a74d8e5cfca0bccefd27b7861d60c4bb454c23be2899489ebc5efd4cac8f5c43ba0063214a76338888612c3a7af62d7d1156d5c451fe0325de04a03aebd9b733362d6372c5a2c6f4d94ad4236fedec11a5ffd13c2865498b946236612f23f327e7312b05d8cde9c6b16a704b43208c17bac23e34c2ff287ca7f54b967980cfbd0a3168b172f0f3398fc3694e42c0e3335a3ec256f394e2cf464e133fe2f85bee672363b27365826cc36533e19ba09f4c0a7eb0ec1caadd078af5e8f83ccde9e0f071f36fdece273d265809e11e7ef7828fd808085a80884281df702d1f33de4834229ce5b54357fa56187a48382aae58a15d36daff8cd7a85b3beb538a0098ce23526256cb2feda2df88f1c9533f7bb7065006250dcf05e08cd6a382217998367dd1003c55245756927a387ef209b5ac851c0208fa23473e7cde97918ed296ca21d0cf02c2e871f4ea4fb0fbd760181613363d8d126913742bb9cdc5c9d56b4a1f8ffc773d03da54d032dcfb1f2dac58f0710a9497f8386ad0d3692f69ca60ffdccea02d9d803b8b4015190161aba189412242ef051e56a7d555252b4f48d4d4e4f334fa8daa14a10d05425a127dab299e79516b8b85eadf7e472b8fbfec1300ae0619fdd33017395fc8b0f9618fac4c192fd298b8b1d3ae1be5381493b8a5aaffa7ff2fe52670ae849b378ebf74ef544ae61350b3115e56b01b59b93f4c40d3160842021103ea310155fab528b1dccf03d9e9f65508e251fef80421af4fa75c09832e6eea4275d37493a83080e17da23c6a30443b752cc613b50754638eda34b21373dee658fc81cf604c37f6b732bfbfdd9c9e3014faad307f00aeeef809c064a293392ecf38109ce33fea258d91b197434e241186a196b2cd7f898a7b7167595493540bca81c0ccfc0de32696477156b193f12ca1a61990e05005da18dfd8b6a4950791cb122ff2aa7894183c5a79d3b62f5d60d736a9034467727e05a4935aca7f2a38744c9c49ee936faf4b03cec3ec3bdbfdfcadbf2eaa5e2a7a314cb77d82e04488abeb637284337ad576eb00e9c1fef3c3c8f6b7fc97da19871a635677ae9887b5367d22bce4fdf459df994a52c6f45facee0a7426e94e37831292cc40f749c7c47c4609a908d923a0a7d13735128b88ef7384f6b3e5c0c7645e29b1c4d94fe687926f83df8efd407e11e67c91e8ee736bbd0058bcbbb3d7388f865611223368ce1db6da36224853ed69b010116ac8a10834afc5e73f656164bec30e83977fa34968dc3410eb4b71923f27f6835b5c8e775209fd9f638e9bb6bc61694225b456d99e96906940db2766f32ef20ff432a770a4403de9c070426a84877909d02e6d603a2b06dce03f879f2b5e9505645f162370df1c6fb21efc39104be09c631ad85c3987eed448acbfd61cbb8ed9c071e563df53c1b997af83c3a94bd0f31dbb8b9ed86a03bd3ef2ed96334301d0c919240da015fb6ae774bce16ce047516bc4c88fc3286a3cd7e3afc7305eacfb128f0179982b61efe21c6cdb4551d0de354271af5f210891ea737f3c53b27497d82903f7e6e91f9f39483c8dbee5fd84d4eb007656ef02adb770dc88145e8930fb188870b06fb4d23b43f8a295c6ba933fd9b2e37e0723588f70e542e1600078b4dbba18752ff0e9183faf006d73da0af73a43e674d4d85deb9b8453e87c2046dec4e46ad44bc61069eeca1f6fb39295a32d6076a8b5dc2028aa96d0fc351ebc57f53ff401d1ded45b69c9021193b7e999b86ae1a431ab197c9644938181a1913055467a025318ce254d87d7b5f472336fc703b1750f466b312cc7bf1e231e86237a1b62d4816e4824b071f33bc69ecb50f45298593c5feafd572308e43ba3348c47c2c43d8256159a015de113e7dc2edc5717ad65fc9de6235df2e3c7453a92dd28053aa5161da06c03fb9a9faa2a223060df397509a5049c2ea11c260937c4793397ee81ca16ebfceff4ee1ae09e8179c3dd05b7ba19bdac5ee3a073ccfbcc1fc7c8266774bb091857d4436b9325dac89b634d87f90f7fe759bec1e6e905c2f86aa601e7cc909311c3d313d93f8e427946920220af82e859bddc33d080c4fd5d443694266e9d1c85890f54940bb9b53cfb3ea7d035e2c91fcdfc082a071712462830bdeba2d00fa7184c01f4eac4c646862fe41093bc58aa4cb37a06a80466651638a8f1b3f806db74974b46972cefb491da568dda5d4e87ac509c51d1cc022b6618c37875ac1208f9903353c4d7074f65a3fb4c2b579fc15ad87a9ca2c19ca0c1baf60126b53595a6209c2e9739584e68c7dea4a9d45c93599a2edea07af43c546d7f4e70738d78580f0efc6e5ba38941c35b17ec07edcfabb6244dc6dcb1107b3d753119a9fbda193a29f144ab310f907728477006a67c989328f6df2bfe03cb934a36a79848c723e67da6e46dd9adf8e1fcf0e97a4804ed4be8726270895b02b74372d582bd2c525f72f98a1303d71028b49c4ac62c8c6bcbf0b595846d91f713b4d7c11ffa09cfcd697c04110e4d8a0fa492c400bcaa2c6b357d1530a28a2bf00330d7a32647746c232d993ea794c68de15eced420b171459481645484e4f485dc276baeb9b850ae613009ba66bb9548bcf5238f28a84c8d11b5f556085c95e0a64e64fa7cec48328e6e0fd53064a37230054892e7625d663ebf4d1d5cd26aca9b6013f1f80d044cd5f57c6ccbe98fedc7bcad5a70e49b61f3499fa3e8ea4b0600de6d01a2ef2d8dc90c29f5b8092828a272ceffcc59ccfd016f2cd7885a14ca1d3f651073a9773232d321015c5ee2040853dbab347669400d86dda8e70d45e762c607d57637f9dc66c910e4e94d38076efd8b932e1c10f2d33ef55733cba0368f295853df8361af3784db6f4c09f5459bade6400653c790b45381c70a79f38bf7702358127f7e3f44750b57a9e91c2e11b2b3c0fde424a83ca3f2969becca5bb34ffbea5aaac0c6d99f3b1a9180239b56120935ce86b559d969471c018eec53345fc5333640f54e81fb79bb9d8f8b7af0390bbda5c9a0c3383673753a469c4c64e3fe4e6e5bf9a9add6ec3cd2edadc05875bd6278a55ea19ea6c17f98320153653d68bf626a75cfb5b721a6f24d8e47532b350dc3fcc7a72a6bcdc6957ac41f2ac8270395737a682b98a88525f021f36fc613c1a3cc44a610d34e163eb0cc625378c669238d85773c7be2803129d0a1fe4fcdf4a422ed1d292da5c2f4648aae3887a6876d485639e418ea2666c343c87dff2ffed0771789a516b0d973189c3f7b43452e082a3a453698c15b75035bef7ce0eb6b5dffcb67b1a7e595b3aba05fa0e73471ec4f4396a1c7b7f66dab147ff8fd152876c576b17c6f23a9ac8994d8731731043e9e541fd5de7b56698b9d91e5f85f82dd62ac2acb962b1c46c8808faac8dd32051a35c3f0d1751a0901d47dab32b71e00e0a08d2b122b7121c6728ae7c424761bc954bfd1a761283a2e7abe4889cc9068aff78785aa0e2a03882e3496b825b2fa0b2e55153941fd2a39edf425725a0e65f2d9b92879b605578fbbbc5382b80ccea719199b8d4019ffcd9e941e01d3374dbfee78c1dc1fca6b7d30d07f6c506fe4d1afb72953225ecc1d8d2c21078673e0394558a911ef72807b8e6008e310a2a747aa495dc7180c38551ca49357ee7aa4716a47cb1441a868bbeabeb583b661a256dc3130c28bcee2ecb30e5d2b7b638dfc4217d5971eeac20de1a4a85051f4acd874ad3658de70b2a2ce2f8659583757062e097257a685d05c179402085071015ca2f0a0d7eed50563f691415e88da162ac27267e3681007d45c87cca61d11c9c1a67a2d662dbcf14562c89cf1faf3fdd0222d2918c363b62781ae1d0dbc02d15dfd7983ff66abb98e021f6ea176ca7b9ace678c89af7b44c78551d823c1c86a5f9c868f14b688f20550143211e431b12c49b8c05d0cd84b012003d186c036a2c38fa330e3831118fac483fcb57a136bab79d923f71ab7d8903cb7f4480b1be65ba171f151961463a16efe271ba4b36feceebb1dabdd56bd05b7701d5ac012072ae9a7c2ad9573d1385ce90d83785b839073055fd68580336c9beb9604b3e8ace436262fbfbd84ae05d65fa4d84e216cc3621ac3e63151884ee24972cc886061924b65a233b31b882b4c9475ed74ae71ccc35498856ca280a5c3967976cf752a5ac064391fd9d6bb1b535485e2cf93d73f7223e9500fd946851dd5e0cdf5389151eff80ca46e2def54b867a77d8f9a657d88c910af1bac73391dade74bd47ce4b15ebf3901a3b87d184430849042c1a80aedc798bb86d84f658f37d9578700fa05ec1a6022854706c5bf688d9e1729e59a4a154d3e0d869a462e5a3b2167741f9a018e1364f444f1c58561294f56710ebf14c9eba756eea41f5ec181df28735b890689485dc4dd245b99d571f0920dd1f5a2aa83", 0x1000}, {&(0x7f0000000740)}, {&(0x7f0000000a00)="db565ef35c2d32479d", 0x9}], 0x6, 0x0, 0xfffffe3b}}], 0x1, 0x4004040) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0xe0, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000002c0)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0], 0x0, 0x281, &(0x7f0000000380)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0x4e, 0x8, 0x8, &(0x7f0000000740)}}, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000006c0)={'syztnl2\x00', &(0x7f00000004c0)={'syztnl0\x00', r6, 0x2f, 0xff, 0x40, 0x9, 0x41, @private0={0xfc, 0x0, '\x00', 0x1}, @local, 0x80, 0x40, 0x0, 0x7}}) socket$inet_smc(0x2b, 0x1, 0x0) unshare(0x42000000) r7 = socket$igmp6(0xa, 0x3, 0x2) sendmsg$tipc(r7, &(0x7f00000026c0)={0x0, 0x0, 0x0}, 0x0) 1.065619613s ago: executing program 4 (id=820): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00') preadv(r0, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0) 1.018537617s ago: executing program 3 (id=821): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) sendmsg$inet(r1, &(0x7f00000008c0)={&(0x7f00000004c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="140000000000000000000000071000000703e70000000000"], 0x18}, 0x0) unshare(0x20000400) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_TIMESTAMP(r2, 0x1, 0x0, 0x0, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, 0x0, 0x2, {0x0, 0xff}, 0xff}, 0x18) sendmsg$can_j1939(0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r3, 0x80189439, &(0x7f0000000040)) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000100), 0x4) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1800001640be11dc7c000000000000000000000004000280"], 0x18}}, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='dctcp-reno\x00', 0xb) ioctl$BTRFS_IOC_BALANCE(r0, 0x5000940c, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), 0xffffffffffffffff) r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x1, 0x20}, 0xc) syz_80211_inject_frame(&(0x7f0000000280)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="8000000f08021100000008021000000150505050505000000000000000000000640006240006020202020202010003010d060200003c0401f78c3c7100"], 0x44) ioctl$sock_SIOCGIFINDEX_802154(r11, 0x8933, &(0x7f0000000640)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_DEV(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="010300000000ffdbdf251900000008000300", @ANYRES32=r12, @ANYBLOB="5265097867f817bc837f5d8d365328fc0e1fc0028ce8ea6560ea65e150fa8aa5e0f4c03dc273afe02be33f960346855a852bd326478c3ef67a84c75233273a0bbbdcfa940f3bd507562d530f89cd9b72f3b4b2e93d184446adccd261940b0ce68e14970b5322079a5cffbe5028148b8ebd685fcb97b0871c9907c394cf23be7e66a4c1d66d55cc1f051e819fb18457d037a452d87c30d04a22c25d57a5a7f14f512bc9f2e6d1a0f73034e2114b0d4df1101c41"], 0x1c}}, 0x0) r13 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SAVE(r13, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000001780)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010007c6a6c5faa767052cf319610921c5f014000000"], 0x1c}}, 0x0) nanosleep(&(0x7f00000000c0)={r7, r8+60000000}, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) 1.018430157s ago: executing program 0 (id=822): ftruncate(0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_int(r0, 0x107, 0xa, 0xfffffffffffffffe, &(0x7f0000000000)) 950.876753ms ago: executing program 1 (id=823): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = socket$inet(0x2, 0x2, 0x0) shutdown(r1, 0x0) recvmmsg(r1, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) 939.711664ms ago: executing program 0 (id=824): openat$ipvs(0xffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000000c0)={'#! ', './file0'}, 0xf000) close_range(r0, 0xffffffffffffffff, 0x0) 586.641253ms ago: executing program 0 (id=825): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58) sendmsg$alg(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="c21504239e1dc595f0766418b856f059", 0xfffffe99}], 0x2, &(0x7f0000001a00)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmmsg(r2, &(0x7f0000005d80)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000340)=""/4096, 0x34000}], 0x1}}], 0x1, 0x0, 0x0) 583.350193ms ago: executing program 3 (id=826): ioprio_set$uid(0x3, 0x0, 0x0) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5}, 0x0) ioprio_get$uid(0x2, 0x0) 462.653552ms ago: executing program 1 (id=827): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x14, r1, 0x923}, 0x14}}, 0x0) 462.295312ms ago: executing program 3 (id=828): io_setup(0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x787, &(0x7f0000002dc0)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x3f, 0x8, 0x41, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000580), 0x1000, r1}, 0x38) write$binfmt_script(r0, &(0x7f0000000140)={'#! ', './file1'}, 0xb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) write$binfmt_elf64(r0, &(0x7f0000000fc0)=ANY=[], 0x78) syz_genetlink_get_family_id$ethtool(&(0x7f0000000600), 0xffffffffffffffff) 386.393809ms ago: executing program 1 (id=829): socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)) userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ff9000/0x3000)=nil, 0x3000}}) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4) shutdown(r1, 0x0) recvmmsg(r1, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) 246.08454ms ago: executing program 0 (id=830): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000140), 0x20) 162.615497ms ago: executing program 1 (id=831): r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) lseek(r0, 0x0, 0x0) 119.40716ms ago: executing program 0 (id=832): futex(&(0x7f000000cffc), 0xd, 0x0, 0x0, 0x0, 0x0) 108.816051ms ago: executing program 4 (id=833): userfaultfd(0x80001) r0 = syz_io_uring_setup(0x3b67, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)=0x0) syz_io_uring_setup(0x48bf, &(0x7f0000000280), &(0x7f0000000080)=0x0, &(0x7f00000000c0)) syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r0, 0xb15, 0x0, 0x0, 0x0, 0x0) 38.651377ms ago: executing program 4 (id=834): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x16, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) 38.438377ms ago: executing program 1 (id=835): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f00000002c0)={[{@jqfmt_vfsv1}, {}, {@barrier_val}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@resuid}, {@nodelalloc}, {@acl}, {@noinit_itable}]}, 0xfc, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=") ioprio_set$pid(0x1, 0x0, 0x0) r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000040)='ro\x00', 0x0, 0x0) acct(&(0x7f0000000200)='./file1\x00') fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 38.346897ms ago: executing program 0 (id=836): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=@ipv6_getroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_OIF={0x8}]}, 0x24}}, 0x0) 23.209148ms ago: executing program 4 (id=837): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) sendmsg$inet(r1, &(0x7f00000008c0)={&(0x7f00000004c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="140000000000000000000000071000000703e70000000000"], 0x18}, 0x0) unshare(0x20000400) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_TIMESTAMP(r2, 0x1, 0x0, 0x0, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, 0x0, 0x2, {0x0, 0xff}, 0xff}, 0x18) sendmsg$can_j1939(0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r3, 0x80189439, &(0x7f0000000040)) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000100), 0x4) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1800001640be11dc7c000000000000000000000004000280"], 0x18}}, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='dctcp-reno\x00', 0xb) ioctl$BTRFS_IOC_BALANCE(r0, 0x5000940c, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), 0xffffffffffffffff) r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x1, 0x20}, 0xc) syz_80211_inject_frame(&(0x7f0000000280)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="8000000f08021100000008021000000150505050505000000000000000000000640006240006020202020202010003010d060200003c0401f78c3c7100"], 0x44) ioctl$sock_SIOCGIFINDEX_802154(r11, 0x8933, &(0x7f0000000640)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_DEV(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="010300000000ffdbdf251900000008000300", @ANYRES32=r12, @ANYBLOB="5265097867f817bc837f5d8d365328fc0e1fc0028ce8ea6560ea65e150fa8aa5e0f4c03dc273afe02be33f960346855a852bd326478c3ef67a84c75233273a0bbbdcfa940f3bd507562d530f89cd9b72f3b4b2e93d184446adccd261940b0ce68e14970b5322079a5cffbe5028148b8ebd685fcb97b0871c9907c394cf23be7e66a4c1d66d55cc1f051e819fb18457d037a452d87c30d04a22c25d57a5a7f14f512bc9f2e6d1a0f73034e2114b0d4df1101c41"], 0x1c}}, 0x0) r13 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SAVE(r13, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000001780)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010007c6a6c5faa767052cf319610921c5f014000000"], 0x1c}}, 0x0) nanosleep(&(0x7f00000000c0)={r7, r8+60000000}, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) 0s ago: executing program 3 (id=838): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5}]]}, 0x24}}, 0x0) kernel console output (not intermixed with test programs): 0.139834][ T5524] exfat: Deprecated parameter 'utf8' [ 130.154688][ T5526] netlink: 14569 bytes leftover after parsing attributes in process `syz.4.376'. [ 130.251964][ T5524] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xcc9b7de9, utbl_chksum : 0xe619d30d) [ 130.263429][ T4057] Bluetooth: hci1: command 0x041b tx timeout [ 130.370675][ T5470] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.562047][ T5537] loop4: detected capacity change from 0 to 256 [ 131.408616][ T2050] ieee802154 phy0 wpan0: encryption failed: -22 [ 131.410711][ T2050] ieee802154 phy1 wpan1: encryption failed: -22 [ 131.867299][ T5470] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.965682][ T5547] loop3: detected capacity change from 0 to 2048 [ 132.114844][ T5547] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 132.264465][ T5470] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 132.335830][ T5470] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 132.347383][ T4021] Bluetooth: hci1: command 0x040f tx timeout [ 132.400637][ T5470] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 132.443529][ T5470] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 132.719156][ T5552] chnl_net:caif_netlink_parms(): no params data found [ 132.812204][ T5470] 8021q: adding VLAN 0 to HW filter on device bond0 [ 132.872600][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 132.875306][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 132.916894][ T5470] 8021q: adding VLAN 0 to HW filter on device team0 [ 132.924938][ T3278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 132.927591][ T3278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 132.930016][ T3278] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.931847][ T3278] bridge0: port 1(bridge_slave_0) entered forwarding state [ 132.935308][ T3278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 132.937976][ T3278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 132.941105][ T3278] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.943019][ T3278] bridge0: port 2(bridge_slave_1) entered forwarding state [ 132.967944][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 132.970417][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 132.973235][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 132.977148][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 132.980650][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 132.996906][ T5563] 9pnet: Insufficient options for proto=fd [ 132.998877][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 133.001693][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 133.064222][ T5552] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.066236][ T5552] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.068855][ T5552] device bridge_slave_0 entered promiscuous mode [ 133.072298][ T5552] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.112435][ T5552] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.125015][ T5552] device bridge_slave_1 entered promiscuous mode [ 133.189803][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 133.206026][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 133.208836][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 133.211672][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 133.215423][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 133.901472][ T5552] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 133.920737][ T5552] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 134.000757][ T5552] team0: Port device team_slave_0 added [ 134.032511][ T5552] team0: Port device team_slave_1 added [ 134.106078][ T5552] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 134.107910][ T5552] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 134.133386][ T5552] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 134.145268][ T5574] 9pnet: Insufficient options for proto=fd [ 134.151858][ T5552] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 134.153717][ T5552] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 134.184777][ T5552] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 134.194071][ T1956] Bluetooth: hci0: command 0x0409 tx timeout [ 134.538832][ T4022] Bluetooth: hci1: command 0x0419 tx timeout [ 134.985575][ T5552] device hsr_slave_0 entered promiscuous mode [ 135.033829][ T5552] device hsr_slave_1 entered promiscuous mode [ 135.103390][ T5552] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 135.105802][ T5552] Cannot create hsr debugfs directory [ 135.293539][ T5470] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 135.297470][ T3278] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 135.299569][ T3278] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 136.042686][ T5592] loop4: detected capacity change from 0 to 256 [ 136.070474][ T4021] Bluetooth: hci2: command 0x0409 tx timeout [ 136.108282][ T5594] loop3: detected capacity change from 0 to 2048 [ 136.248198][ T5594] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 136.263447][ T4021] Bluetooth: hci0: command 0x041b tx timeout [ 136.319766][ T5599] 9pnet: Insufficient options for proto=fd [ 137.207863][ T5565] chnl_net:caif_netlink_parms(): no params data found [ 137.331300][ T5604] 9pnet: Insufficient options for proto=fd [ 137.413037][ T5606] loop3: detected capacity change from 0 to 4096 [ 137.543982][ T5606] NILFS (loop3): invalid segment: Checksum error in segment payload [ 137.546296][ T5606] NILFS (loop3): trying rollback from an earlier position [ 138.104798][ T1956] Bluetooth: hci2: command 0x041b tx timeout [ 138.182014][ T5606] NILFS (loop3): recovery complete [ 138.243555][ T5609] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 138.343861][ T4021] Bluetooth: hci0: command 0x040f tx timeout [ 138.375639][ T613] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.408091][ T3964] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 138.410965][ T3964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 138.419139][ T5470] device veth0_vlan entered promiscuous mode [ 138.424705][ T3964] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 138.427259][ T3964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 138.432656][ T3964] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 138.436578][ T3964] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 138.524996][ T5470] device veth1_vlan entered promiscuous mode [ 138.611680][ T613] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.628336][ T3278] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 138.630989][ T3278] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 138.639383][ T3278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 138.686216][ T3278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 139.244223][ T5565] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.246149][ T5565] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.248634][ T5565] device bridge_slave_0 entered promiscuous mode [ 139.253968][ T5470] device veth0_macvtap entered promiscuous mode [ 139.258560][ T5470] device veth1_macvtap entered promiscuous mode [ 139.282083][ T5565] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.284041][ T5565] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.286564][ T5565] device bridge_slave_1 entered promiscuous mode [ 139.289607][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 139.292140][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 139.341945][ T613] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.376422][ T5470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 139.379077][ T5470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 139.384347][ T5470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 139.387162][ T5470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 139.389737][ T5470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 139.415098][ T5470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 139.417674][ T5470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 139.420192][ T5470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 139.422621][ T5470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 139.425447][ T5470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 139.429276][ T5470] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 139.520904][ T5565] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 139.535997][ T5565] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 139.565137][ T5565] team0: Port device team_slave_0 added [ 139.574339][ T5565] team0: Port device team_slave_1 added [ 139.604570][ T5565] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 139.615885][ T5565] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.622795][ T5565] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 139.639860][ T4021] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 139.642570][ T4021] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 139.652004][ T5470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 139.659012][ T5470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 139.661526][ T5470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 139.677099][ T5470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 139.759745][ T5470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 139.855846][ T5470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 139.947983][ T5470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 140.029794][ T5470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 140.095058][ T5470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 140.183377][ T1956] Bluetooth: hci2: command 0x040f tx timeout [ 140.187000][ T5470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 140.305152][ T5470] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 140.433821][ T4021] Bluetooth: hci0: command 0x0419 tx timeout [ 140.438540][ T613] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.459269][ T5565] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 140.461026][ T5565] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 140.476576][ T5565] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 140.491104][ T5625] loop4: detected capacity change from 0 to 256 [ 140.491422][ T4055] bridge0: port 3(syz_tun) entered disabled state [ 140.515554][ T4055] device syz_tun left promiscuous mode [ 140.518532][ T4055] bridge0: port 3(syz_tun) entered disabled state [ 140.558048][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 140.560761][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 140.576322][ T5470] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.578590][ T5470] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.580783][ T5470] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.582971][ T5470] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.675761][ T5565] device hsr_slave_0 entered promiscuous mode [ 140.699747][ T5627] loop4: detected capacity change from 0 to 2048 [ 140.713943][ T5565] device hsr_slave_1 entered promiscuous mode [ 140.753628][ T5565] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 140.755563][ T5565] Cannot create hsr debugfs directory [ 140.815301][ T5627] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 140.955164][ T5552] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.013815][ T659] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 141.016079][ T659] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 141.108247][ T5552] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.138841][ T4057] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 141.147498][ T659] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 141.151187][ T659] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 141.180835][ T4057] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 141.245208][ T5552] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.300916][ T5644] 9pnet: Insufficient options for proto=fd [ 141.431664][ T5552] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.506142][ T5636] chnl_net:caif_netlink_parms(): no params data found [ 142.263770][ T13] Bluetooth: hci2: command 0x0419 tx timeout [ 142.270768][ T5636] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.272758][ T5636] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.279089][ T5636] device bridge_slave_0 entered promiscuous mode [ 142.282780][ T5636] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.300470][ T5636] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.303149][ T5636] device bridge_slave_1 entered promiscuous mode [ 142.346302][ T5636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 142.356594][ T5636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 142.415301][ T5664] 9pnet: Insufficient options for proto=fd [ 142.652102][ T5636] team0: Port device team_slave_0 added [ 142.667412][ T5636] team0: Port device team_slave_1 added [ 143.338402][ T5662] loop4: detected capacity change from 0 to 40427 [ 143.405050][ T3278] Bluetooth: hci4: command 0x0409 tx timeout [ 143.440401][ T5636] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 143.442294][ T5636] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 143.455191][ T5662] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 143.456992][ T5662] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 143.472739][ T5662] F2FS-fs (loop4): invalid crc value [ 143.487805][ T5636] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 143.512605][ T5662] F2FS-fs (loop4): Found nat_bits in checkpoint [ 143.587629][ T5662] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 143.590523][ T5662] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 144.026650][ T5636] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 144.040450][ T5636] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 144.227999][ T5636] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 144.442233][ T5678] loop2: detected capacity change from 0 to 256 [ 144.446833][ T353] attempt to access beyond end of device [ 144.446833][ T353] loop4: rw=1, want=45224, limit=40427 [ 144.472988][ T3983] attempt to access beyond end of device [ 144.472988][ T3983] loop4: rw=2051, want=45224, limit=40427 [ 144.480002][ T5636] device hsr_slave_0 entered promiscuous mode [ 144.480814][ T3983] F2FS-fs (loop4): Issue discard(5637, 5637, 16) failed, ret: -5 [ 144.504372][ T5636] device hsr_slave_1 entered promiscuous mode [ 144.543738][ T5636] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 144.545759][ T5636] Cannot create hsr debugfs directory [ 144.648861][ T5686] 9pnet: Insufficient options for proto=fd [ 144.893554][ T5693] capability: warning: `syz.4.411' uses 32-bit capabilities (legacy support in use) [ 145.575736][ T5552] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 145.645995][ T3278] Bluetooth: hci4: command 0x041b tx timeout [ 145.669863][ T5552] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 145.674272][ T5708] loop4: detected capacity change from 0 to 2048 [ 145.716866][ T5552] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 146.069521][ T5708] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 146.536949][ T5552] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 146.576179][ T5721] loop2: detected capacity change from 0 to 1024 [ 146.699620][ T5565] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 146.714399][ T5721] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 146.721718][ T5721] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,bsddf,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,jqfmt=vfsold,dioread_lock,data_err=abort,,errors=continue. Quota mode: writeback. [ 146.754802][ T5721] Quota error (device loop2): find_tree_dqentry: Getting block too big (65540 >= 6) [ 146.758717][ T5721] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 146.761258][ T5721] EXT4-fs error (device loop2): ext4_acquire_dquot:6196: comm syz.2.418: Failed to acquire dquot type 1 [ 146.762230][ T5636] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.778378][ T5565] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 146.806069][ T5565] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 146.862415][ T5636] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.877923][ T5565] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 146.969952][ T5725] 9pnet: Insufficient options for proto=fd [ 147.158671][ T5636] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.728486][ T21] Bluetooth: hci4: command 0x040f tx timeout [ 147.986343][ T5636] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.020704][ T5734] loop4: detected capacity change from 0 to 256 [ 148.164285][ T5552] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.172110][ T5565] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.198510][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 148.201028][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 148.220099][ T5552] 8021q: adding VLAN 0 to HW filter on device team0 [ 148.222350][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 148.225443][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 148.230755][ T5565] 8021q: adding VLAN 0 to HW filter on device team0 [ 148.245184][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 148.247956][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 148.250439][ T4117] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.252271][ T4117] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.306932][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 148.309524][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 148.312187][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 148.316215][ T21] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.318144][ T21] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.320496][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 148.323222][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 148.326005][ T21] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.327844][ T21] bridge0: port 2(bridge_slave_1) entered forwarding state [ 148.330101][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 148.332929][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 148.346200][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 148.350420][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 148.352742][ T21] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.354739][ T21] bridge0: port 2(bridge_slave_1) entered forwarding state [ 148.357585][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 148.361152][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 148.385453][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 148.387945][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 148.392007][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 148.394525][ T5738] 9pnet: Insufficient options for proto=fd [ 148.397448][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 148.404733][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 148.558175][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 148.561586][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 148.564329][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 148.566865][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 148.578173][ T5636] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 148.598069][ T5736] loop2: detected capacity change from 0 to 40427 [ 149.248650][ T5552] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 149.251293][ T5552] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 149.271766][ T5565] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 149.283036][ T5565] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 149.303491][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 149.305997][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 149.308578][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 149.311763][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 149.314529][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 149.317112][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 149.320017][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 149.322588][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 149.326052][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 149.328635][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 149.332477][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 149.402501][ T5736] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 149.404841][ T5736] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 149.409300][ T5736] F2FS-fs (loop2): invalid crc value [ 149.427903][ T5636] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 149.444674][ T5736] F2FS-fs (loop2): Found nat_bits in checkpoint [ 149.488717][ T5748] loop4: detected capacity change from 0 to 4096 [ 149.491360][ T5736] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 149.493418][ T5736] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 149.536396][ T5636] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 149.586982][ T5636] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 149.590957][ T5753] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 149.596390][ T5747] netlink: 16 bytes leftover after parsing attributes in process `syz.4.424'. [ 149.682072][ T4021] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 149.684354][ T4021] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 149.696150][ T5565] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 149.751743][ T586] attempt to access beyond end of device [ 149.751743][ T586] loop2: rw=1, want=45224, limit=40427 [ 149.772877][ T5470] attempt to access beyond end of device [ 149.772877][ T5470] loop2: rw=2051, want=45224, limit=40427 [ 149.776418][ T5470] F2FS-fs (loop2): Issue discard(5637, 5637, 16) failed, ret: -5 [ 149.783628][ T5785] Bluetooth: hci4: command 0x0419 tx timeout [ 149.870108][ T5779] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 149.872293][ T5779] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 149.893107][ T5552] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 149.907944][ T5789] loop4: detected capacity change from 0 to 2048 [ 149.986579][ T4021] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 149.989388][ T4021] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 149.991937][ T4021] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 149.995991][ T4021] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 150.004433][ T5789] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 150.009604][ T5565] device veth0_vlan entered promiscuous mode [ 150.012163][ T5779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 150.015674][ T5779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 150.019818][ T5779] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 150.022309][ T5779] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 150.223152][ T5795] FAULT_INJECTION: forcing a failure. [ 150.223152][ T5795] name failslab, interval 1, probability 0, space 0, times 0 [ 150.227270][ T5795] CPU: 1 PID: 5795 Comm: syz.2.425 Not tainted 5.15.162-syzkaller #0 [ 150.229401][ T5795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 150.232019][ T5795] Call trace: [ 150.232887][ T5795] dump_backtrace+0x0/0x530 [ 150.234125][ T5795] show_stack+0x2c/0x3c [ 150.235223][ T5795] dump_stack_lvl+0x108/0x170 [ 150.236480][ T5795] dump_stack+0x1c/0x58 [ 150.237683][ T5795] should_fail+0x3b8/0x514 [ 150.238888][ T5795] __should_failslab+0xbc/0x110 [ 150.240177][ T5795] should_failslab+0x10/0x28 [ 150.241437][ T5795] slab_pre_alloc_hook+0x64/0xe8 [ 150.242731][ T5795] __kmalloc+0xc0/0x4c8 [ 150.243869][ T5795] genl_family_rcv_msg_attrs_parse+0xac/0x240 [ 150.245500][ T5795] genl_start+0x270/0x414 [ 150.246697][ T5795] __netlink_dump_start+0x338/0x6ec [ 150.248166][ T5795] genl_rcv_msg+0xa80/0x1018 [ 150.249420][ T5795] netlink_rcv_skb+0x20c/0x3b8 [ 150.250743][ T5795] genl_rcv+0x38/0x50 [ 150.251797][ T5795] netlink_unicast+0x664/0x938 [ 150.253113][ T5795] netlink_sendmsg+0x844/0xb38 [ 150.254376][ T5795] ____sys_sendmsg+0x584/0x870 [ 150.255624][ T5795] ___sys_sendmsg+0x214/0x294 [ 150.256923][ T5795] __arm64_sys_sendmsg+0x1ac/0x25c [ 150.258372][ T5795] invoke_syscall+0x98/0x2b8 [ 150.259683][ T5795] el0_svc_common+0x138/0x258 [ 150.260925][ T5795] do_el0_svc+0x58/0x14c [ 150.262057][ T5795] el0_svc+0x7c/0x1f0 [ 150.263123][ T5795] el0t_64_sync_handler+0x84/0xe4 [ 150.264483][ T5795] el0t_64_sync+0x1a0/0x1a4 [ 150.332284][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 150.335779][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 150.339004][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 150.345311][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 150.486752][ T5565] device veth1_vlan entered promiscuous mode [ 150.493231][ T5552] device veth0_vlan entered promiscuous mode [ 150.515445][ T5636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 150.519231][ T5552] device veth1_vlan entered promiscuous mode [ 151.304294][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 151.307159][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 151.309885][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 151.311313][ T5801] loop2: detected capacity change from 0 to 256 [ 151.312209][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 151.338449][ T5565] device veth0_macvtap entered promiscuous mode [ 151.343208][ T5565] device veth1_macvtap entered promiscuous mode [ 151.418825][ T5636] 8021q: adding VLAN 0 to HW filter on device team0 [ 151.428602][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 151.431224][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 151.443958][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 151.446698][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 151.449348][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 151.452025][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 151.455998][ T4026] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.457852][ T4026] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.467874][ T5552] device veth0_macvtap entered promiscuous mode [ 151.531863][ T5808] 9pnet: Insufficient options for proto=fd [ 151.571964][ T5565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 151.583457][ T5565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.586112][ T5565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 151.589018][ T5565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.591504][ T5565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 151.605241][ T5565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.609274][ T5565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 151.611934][ T5565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.628297][ T5565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 151.637932][ T5565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.643758][ T5565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 151.646474][ T5565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.675380][ T5565] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 151.693987][ T5783] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 151.696627][ T5783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 151.699127][ T5783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 151.701734][ T5783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 151.706795][ T5783] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.708677][ T5783] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.713922][ T5783] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 151.716819][ T5783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 151.719568][ T5783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 151.722365][ T5783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 152.375015][ T613] device hsr_slave_0 left promiscuous mode [ 152.466987][ T613] device hsr_slave_1 left promiscuous mode [ 152.575929][ T613] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 152.577890][ T613] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 152.580447][ T613] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 152.584252][ T613] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 152.594682][ T613] device bridge_slave_1 left promiscuous mode [ 152.596293][ T613] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.634977][ T5813] loop4: detected capacity change from 0 to 40427 [ 152.654930][ T613] device bridge_slave_0 left promiscuous mode [ 152.656759][ T613] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.683428][ T5813] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 152.685446][ T5813] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 152.689945][ T5813] F2FS-fs (loop4): invalid crc value [ 152.712224][ T613] device hsr_slave_0 left promiscuous mode [ 152.716064][ T5813] F2FS-fs (loop4): Found nat_bits in checkpoint [ 152.733199][ T5813] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 152.736040][ T5813] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 152.744367][ T613] device hsr_slave_1 left promiscuous mode [ 152.813587][ T613] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 152.815733][ T613] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 152.818373][ T613] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 152.820254][ T613] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 152.822635][ T613] device bridge_slave_1 left promiscuous mode [ 152.824633][ T613] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.854672][ T613] device bridge_slave_0 left promiscuous mode [ 152.856366][ T613] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.898862][ T613] device hsr_slave_0 left promiscuous mode [ 152.943697][ T613] device hsr_slave_1 left promiscuous mode [ 153.023585][ T613] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 153.025594][ T613] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 153.029101][ T613] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 153.031004][ T613] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 153.033599][ T613] device bridge_slave_1 left promiscuous mode [ 153.035270][ T613] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.084881][ T613] device bridge_slave_0 left promiscuous mode [ 153.086655][ T613] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.223753][ T613] device veth1_macvtap left promiscuous mode [ 153.225515][ T613] device veth0_macvtap left promiscuous mode [ 153.227273][ T613] device veth1_vlan left promiscuous mode [ 153.228747][ T613] device veth0_vlan left promiscuous mode [ 153.313710][ T613] device veth1_macvtap left promiscuous mode [ 153.315360][ T613] device veth0_macvtap left promiscuous mode [ 153.319054][ T613] device veth1_vlan left promiscuous mode [ 153.320654][ T613] device veth0_vlan left promiscuous mode [ 153.423674][ T613] device veth1_macvtap left promiscuous mode [ 153.425330][ T613] device veth0_macvtap left promiscuous mode [ 153.426907][ T613] device veth1_vlan left promiscuous mode [ 153.428416][ T613] device veth0_vlan left promiscuous mode [ 153.932949][ T613] team0 (unregistering): Port device team_slave_1 removed [ 153.948696][ T613] team0 (unregistering): Port device team_slave_0 removed [ 153.957299][ T613] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 154.007778][ T613] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 154.151376][ T613] bond0 (unregistering): Released all slaves [ 154.351024][ T613] team0 (unregistering): Port device team_slave_1 removed [ 154.369313][ T613] team0 (unregistering): Port device team_slave_0 removed [ 154.377964][ T613] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 154.411568][ T613] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 154.554062][ T613] bond0 (unregistering): Released all slaves [ 154.765781][ T613] team0 (unregistering): Port device team_slave_1 removed [ 154.776500][ T613] team0 (unregistering): Port device team_slave_0 removed [ 154.787523][ T613] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 154.824146][ T613] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 154.980057][ T613] bond0 (unregistering): Released all slaves [ 155.124028][ T5565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.126758][ T5565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.129201][ T5565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.131841][ T5565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.167137][ T5565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.169699][ T5565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.183869][ T5565] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 155.186745][ T5552] device veth1_macvtap entered promiscuous mode [ 155.191987][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 155.196874][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 155.199553][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 155.202775][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 155.231272][ T5552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.237509][ T5552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.240055][ T5552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.242746][ T5552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.246137][ T5552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.248990][ T5552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.251564][ T5552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.255064][ T5552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.260683][ T5552] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 155.268311][ T5565] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.281005][ T5565] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.283220][ T5565] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.288606][ T639] attempt to access beyond end of device [ 155.288606][ T639] loop4: rw=1, want=45224, limit=40427 [ 155.291101][ T5565] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.305000][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 155.308424][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 155.311075][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 155.325038][ T5552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.327671][ T5552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.330092][ T5552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.332722][ T5552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.341202][ T5552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.349771][ T3983] attempt to access beyond end of device [ 155.349771][ T3983] loop4: rw=2051, want=45224, limit=40427 [ 155.355358][ T3983] F2FS-fs (loop4): Issue discard(5637, 5637, 16) failed, ret: -5 [ 155.358644][ T5552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.369451][ T5552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.379947][ T5552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.385620][ T5552] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 155.395263][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 155.398104][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 155.400729][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 155.423873][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 155.455491][ T5552] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.457810][ T5552] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.460052][ T5552] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.483557][ T5552] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.487506][ T3278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 155.490099][ T3278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 155.492612][ T3278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 155.497281][ T3278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 155.501420][ T5636] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 156.400512][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.402822][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.425884][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 156.448180][ T639] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.450470][ T639] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.471445][ T3278] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 156.488268][ T5840] loop4: detected capacity change from 0 to 2048 [ 156.488269][ T5838] loop2: detected capacity change from 0 to 256 [ 156.495132][ T5636] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 156.513758][ T4021] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 156.515935][ T4021] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 156.547785][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.549965][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.560026][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 156.571605][ T4021] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 156.574505][ T4021] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 156.581105][ T4131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.584159][ T4131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.588744][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 156.638600][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 156.641315][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 156.644797][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 156.647269][ T5840] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 156.653721][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 156.657840][ T5636] device veth0_vlan entered promiscuous mode [ 156.669499][ T5636] device veth1_vlan entered promiscuous mode [ 156.685677][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 156.688341][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 156.690864][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 156.693550][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 156.846269][ T5636] device veth0_macvtap entered promiscuous mode [ 156.850962][ T5636] device veth1_macvtap entered promiscuous mode [ 156.866189][ T5846] netlink: 24 bytes leftover after parsing attributes in process `syz.1.393'. [ 156.976307][ T5636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.993420][ T5636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.996003][ T5636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.998684][ T5636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.999287][ T5853] 9pnet: Insufficient options for proto=fd [ 157.001171][ T5636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 157.024899][ T5636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.027374][ T5636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 157.030478][ T5636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.032966][ T5636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 157.036028][ T5636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.048365][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 157.204962][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 157.208902][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 157.211343][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 157.213984][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 157.218818][ T5636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.221827][ T5636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.238477][ T5636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.244546][ T5636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.247047][ T5636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.249660][ T5636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.252153][ T5636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.254903][ T5636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.802228][ T5636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.846852][ T5636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.878785][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 157.889478][ T5636] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.891787][ T5636] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.924165][ T5636] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.928479][ T5636] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.082325][ T3278] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 158.085744][ T3278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 158.130000][ T5867] loop1: detected capacity change from 0 to 764 [ 158.795353][ T5867] rock: directory entry would overflow storage [ 158.797028][ T5867] rock: sig=0x4654, size=5, remaining=4 [ 158.942952][ T4880] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 158.945952][ T4880] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 158.951669][ T1956] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 159.057397][ T5875] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 159.187504][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.189772][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.195250][ T4057] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 159.490302][ T5861] loop2: detected capacity change from 0 to 40427 [ 159.576706][ T5861] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 159.578838][ T5861] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 160.048784][ T5861] F2FS-fs (loop2): invalid crc value [ 160.236524][ T5861] F2FS-fs (loop2): Failed to start F2FS issue_checkpoint_thread (-12) [ 160.332467][ T5882] FAULT_INJECTION: forcing a failure. [ 160.332467][ T5882] name failslab, interval 1, probability 0, space 0, times 0 [ 160.398389][ T5882] CPU: 1 PID: 5882 Comm: syz.0.451 Not tainted 5.15.162-syzkaller #0 [ 160.400532][ T5882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 160.401705][ T5899] 9pnet: Insufficient options for proto=fd [ 160.402999][ T5882] Call trace: [ 160.403008][ T5882] dump_backtrace+0x0/0x530 [ 160.403024][ T5882] show_stack+0x2c/0x3c [ 160.403034][ T5882] dump_stack_lvl+0x108/0x170 [ 160.408819][ T5882] dump_stack+0x1c/0x58 [ 160.409945][ T5882] should_fail+0x3b8/0x514 [ 160.411209][ T5882] __should_failslab+0xbc/0x110 [ 160.412531][ T5882] should_failslab+0x10/0x28 [ 160.413762][ T5882] slab_pre_alloc_hook+0x64/0xe8 [ 160.415139][ T5882] kmem_cache_alloc+0x98/0x45c [ 160.416458][ T5882] __alloc_file+0x30/0x240 [ 160.417675][ T5882] alloc_empty_file+0xa8/0x198 [ 160.419013][ T5882] path_openat+0xdc/0x26cc [ 160.420186][ T5882] do_filp_open+0x1a8/0x3b4 [ 160.421398][ T5882] do_sys_openat2+0x128/0x3d8 [ 160.422661][ T5882] __arm64_sys_openat+0x1f0/0x240 [ 160.423996][ T5882] invoke_syscall+0x98/0x2b8 [ 160.425317][ T5882] el0_svc_common+0x138/0x258 [ 160.426609][ T5882] do_el0_svc+0x58/0x14c [ 160.427682][ T5882] el0_svc+0x7c/0x1f0 [ 160.428782][ T5882] el0t_64_sync_handler+0x84/0xe4 [ 160.430100][ T5882] el0t_64_sync+0x1a0/0x1a4 [ 160.443980][ T5891] usb usb9: usbfs: process 5891 (syz.1.450) did not claim interface 0 before use [ 160.463114][ T5897] loop3: detected capacity change from 0 to 2048 [ 160.478015][ T5891] loop1: detected capacity change from 0 to 8 [ 160.480205][ T5891] squashfs: Unknown parameter ' [ 160.480205][ T5891] ' [ 160.624079][ T5897] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 161.484677][ T5895] loop2: detected capacity change from 0 to 8192 [ 161.581444][ T5917] ptrace attach of "./syz-executor exec"[3983] was attempted by "./syz-executor exec"[5917] [ 161.588684][ T5895] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 161.591260][ T5895] REISERFS (device loop2): using ordered data mode [ 161.592950][ T5895] reiserfs: using flush barriers [ 161.623134][ T5895] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 161.644666][ T5895] REISERFS (device loop2): checking transaction log (loop2) [ 161.881972][ T5929] loop1: detected capacity change from 0 to 512 [ 161.976815][ T5929] EXT2-fs (loop1): warning: mounting ext3 filesystem as ext2 [ 162.018244][ T5895] REISERFS (device loop2): Using tea hash to sort names [ 162.018494][ T5895] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 162.082528][ T5929] EXT2-fs (loop1): error: ext2_valid_block_bitmap: Invalid block bitmap - block_group = 0, block = 252 [ 162.083659][ T5929] EXT2-fs (loop1): error: ext2_new_blocks: Allocating block in system zone - blocks from 4, length 1 [ 162.083842][ T5929] EXT2-fs (loop1): error: ext2_new_blocks: Allocating block in system zone - blocks from 5, length 1 [ 162.085565][ T5929] EXT2-fs (loop1): error: ext2_new_blocks: Allocating block in system zone - blocks from 6, length 1 [ 162.085909][ T5929] EXT2-fs (loop1): error: ext2_new_blocks: Allocating block in system zone - blocks from 7, length 1 [ 162.086088][ T5929] EXT2-fs (loop1): error: ext2_new_blocks: Allocating block in system zone - blocks from 8, length 1 [ 162.086242][ T5929] EXT2-fs (loop1): error: ext2_new_blocks: Allocating block in system zone - blocks from 9, length 1 [ 163.076505][ T5945] 9pnet: Insufficient options for proto=fd [ 163.081830][ T5944] netlink: 236 bytes leftover after parsing attributes in process `syz.3.471'. [ 163.949524][ T5944] loop3: detected capacity change from 0 to 4096 [ 163.979456][ T5960] loop1: detected capacity change from 0 to 64 [ 164.084932][ T5961] cgroup: none used incorrectly [ 164.157004][ T5925] loop4: detected capacity change from 0 to 40427 [ 164.221477][ T5925] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 164.230194][ T5925] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 164.241961][ T5925] F2FS-fs (loop4): invalid crc value [ 164.266564][ T5925] F2FS-fs (loop4): Found nat_bits in checkpoint [ 164.342239][ T5925] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 164.350594][ T5925] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 164.398705][ T5970] loop1: detected capacity change from 0 to 256 [ 164.451484][ T5972] loop3: detected capacity change from 0 to 256 [ 164.521848][ T696] attempt to access beyond end of device [ 164.521848][ T696] loop4: rw=1, want=45224, limit=40427 [ 164.572292][ T3983] attempt to access beyond end of device [ 164.572292][ T3983] loop4: rw=2051, want=45224, limit=40427 [ 164.592257][ T3983] F2FS-fs (loop4): Issue discard(5637, 5637, 16) failed, ret: -5 [ 164.831650][ T5976] loop3: detected capacity change from 0 to 4096 [ 165.705145][ T5976] FAULT_INJECTION: forcing a failure. [ 165.705145][ T5976] name failslab, interval 1, probability 0, space 0, times 0 [ 165.709488][ T5976] CPU: 0 PID: 5976 Comm: syz.3.480 Not tainted 5.15.162-syzkaller #0 [ 165.711528][ T5976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 165.714041][ T5976] Call trace: [ 165.714834][ T5976] dump_backtrace+0x0/0x530 [ 165.715924][ T5976] show_stack+0x2c/0x3c [ 165.716972][ T5976] dump_stack_lvl+0x108/0x170 [ 165.718103][ T5976] dump_stack+0x1c/0x58 [ 165.719202][ T5976] should_fail+0x3b8/0x514 [ 165.720277][ T5976] __should_failslab+0xbc/0x110 [ 165.721574][ T5976] should_failslab+0x10/0x28 [ 165.722731][ T5976] slab_pre_alloc_hook+0x64/0xe8 [ 165.723941][ T5976] kmem_cache_alloc+0x98/0x45c [ 165.725202][ T5976] ntfs_create_inode+0x344/0x2a0c [ 165.726326][ T5976] ntfs_symlink+0x5c/0x7c [ 165.727401][ T5976] vfs_symlink+0x244/0x3a8 [ 165.728617][ T5976] do_symlinkat+0x364/0x6b0 [ 165.729840][ T5976] __arm64_sys_symlinkat+0xa4/0xbc [ 165.731088][ T5976] invoke_syscall+0x98/0x2b8 [ 165.732196][ T5976] el0_svc_common+0x138/0x258 [ 165.733321][ T5976] do_el0_svc+0x58/0x14c [ 165.734356][ T5976] el0_svc+0x7c/0x1f0 [ 165.735419][ T5976] el0t_64_sync_handler+0x84/0xe4 [ 165.736556][ T5976] el0t_64_sync+0x1a0/0x1a4 [ 165.772673][ T5987] 9pnet: Insufficient options for proto=fd [ 165.967629][ T5991] loop1: detected capacity change from 0 to 64 [ 166.026430][ T5993] loop3: detected capacity change from 0 to 16 [ 166.081493][ T5993] erofs: (device loop3): mounted with root inode @ nid 36. [ 166.118643][ T5993] attempt to access beyond end of device [ 166.118643][ T5993] loop3: rw=0, want=40, limit=16 [ 166.163861][ T5995] attempt to access beyond end of device [ 166.163861][ T5995] loop3: rw=0, want=40, limit=16 [ 166.188167][ T5993] attempt to access beyond end of device [ 166.188167][ T5993] loop3: rw=0, want=40, limit=16 [ 166.196876][ T5993] attempt to access beyond end of device [ 166.196876][ T5993] loop3: rw=0, want=40, limit=16 [ 166.224156][ T5995] attempt to access beyond end of device [ 166.224156][ T5995] loop3: rw=0, want=40, limit=16 [ 166.245182][ T5993] attempt to access beyond end of device [ 166.245182][ T5993] loop3: rw=0, want=40, limit=16 [ 166.491812][ T6006] loop3: detected capacity change from 0 to 256 [ 167.868308][ T6004] loop4: detected capacity change from 0 to 40427 [ 168.045697][ T6001] loop1: detected capacity change from 0 to 32768 [ 168.123800][ T6004] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 168.131294][ T6004] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 168.142278][ T6021] loop2: detected capacity change from 0 to 2048 [ 168.151061][ T6004] F2FS-fs (loop4): invalid crc value [ 168.795804][ T6004] F2FS-fs (loop4): Found nat_bits in checkpoint [ 168.909824][ T6021] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 168.946250][ T6004] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 168.948099][ T6004] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 169.608233][ T6037] loop2: detected capacity change from 0 to 256 [ 169.627753][ T6037] exfat: Unknown parameter '@' [ 169.815278][ T6044] loop4: detected capacity change from 0 to 1764 [ 169.838183][ T6045] netlink: 8 bytes leftover after parsing attributes in process `syz.0.499'. [ 169.846458][ T6047] loop2: detected capacity change from 0 to 256 [ 169.867777][ T6044] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 169.885789][ T6045] ÿÿÿÿÿÿ: renamed from syzkaller0 [ 170.176210][ T26] audit: type=1326 audit(170.080:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6054 comm="syz.4.503" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffbcc7ee68 code=0x0 [ 170.202110][ T6053] loop2: detected capacity change from 0 to 2048 [ 171.542325][ T6053] EXT4-fs (loop2): mounted filesystem without journal. Opts: abort,,errors=continue. Quota mode: none. [ 171.697430][ T6068] loop4: detected capacity change from 0 to 2048 [ 171.737358][ T6071] 9pnet: Insufficient options for proto=fd [ 171.886037][ T6040] loop1: detected capacity change from 0 to 65536 [ 171.935058][ T6068] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 172.736771][ T6083] loop4: detected capacity change from 0 to 64 [ 172.986911][ T6085] loop3: detected capacity change from 0 to 256 [ 173.049249][ T6089] capability: warning: `syz.4.511' uses deprecated v2 capabilities in a way that may be insecure [ 173.356156][ T6095] netlink: 8 bytes leftover after parsing attributes in process `syz.3.514'. [ 174.063156][ T6095] ÿÿÿÿÿÿ: renamed from syzkaller0 [ 174.069954][ T6081] loop2: detected capacity change from 0 to 32768 [ 174.094398][ T6102] FAULT_INJECTION: forcing a failure. [ 174.094398][ T6102] name failslab, interval 1, probability 0, space 0, times 0 [ 174.113455][ T6102] CPU: 1 PID: 6102 Comm: syz.1.513 Not tainted 5.15.162-syzkaller #0 [ 174.115795][ T6102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 174.118811][ T6102] Call trace: [ 174.119786][ T6102] dump_backtrace+0x0/0x530 [ 174.121235][ T6102] show_stack+0x2c/0x3c [ 174.122497][ T6102] dump_stack_lvl+0x108/0x170 [ 174.123773][ T6102] dump_stack+0x1c/0x58 [ 174.124944][ T6102] should_fail+0x3b8/0x514 [ 174.126284][ T6102] __should_failslab+0xbc/0x110 [ 174.127740][ T6102] should_failslab+0x10/0x28 [ 174.129148][ T6102] slab_pre_alloc_hook+0x64/0xe8 [ 174.130720][ T6102] kmem_cache_alloc+0x98/0x45c [ 174.132100][ T6102] pte_alloc_one+0x78/0x258 [ 174.133420][ T6102] __pte_alloc+0x84/0x2c4 [ 174.134776][ T6102] handle_mm_fault+0x2cd8/0x3424 [ 174.136114][ T6102] do_page_fault+0x700/0xb60 [ 174.137374][ T6102] do_translation_fault+0xe8/0x138 [ 174.138833][ T6102] do_mem_abort+0x70/0x1d8 [ 174.140014][ T6102] el0_da+0x94/0x20c [ 174.140950][ T6102] el0t_64_sync_handler+0xc0/0xe4 [ 174.142369][ T6102] el0t_64_sync+0x1a0/0x1a4 [ 174.170071][ T6081] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop2 scanned by syz.2.510 (6081) [ 174.202438][ T6081] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 174.203553][ T6102] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 174.214435][ T6081] BTRFS info (device loop2): using free space tree [ 174.216144][ T6081] BTRFS info (device loop2): has skinny extents [ 174.250365][ T6102] loop1: detected capacity change from 0 to 1024 [ 174.317713][ T6112] bridge0: port 3(gretap0) entered blocking state [ 174.320651][ T6112] bridge0: port 3(gretap0) entered disabled state [ 174.326135][ T6112] device gretap0 entered promiscuous mode [ 174.332890][ T6112] bridge0: port 3(gretap0) entered blocking state [ 174.334911][ T6112] bridge0: port 3(gretap0) entered forwarding state [ 175.081197][ T6102] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 175.095198][ T6102] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (29254!=20869) [ 175.113714][ T6102] EXT4-fs (loop1): journal inode is deleted [ 175.208889][ T6081] BTRFS info (device loop2): enabling ssd optimizations [ 175.236711][ T6122] loop4: detected capacity change from 0 to 2048 [ 175.284549][ T6133] 9pnet: Insufficient options for proto=fd [ 175.519824][ T6122] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 176.385205][ T26] audit: type=1326 audit(176.360:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6146 comm="syz.1.523" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff7f359e68 code=0x0 [ 176.734476][ T6156] FAULT_INJECTION: forcing a failure. [ 176.734476][ T6156] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 176.737958][ T6156] CPU: 0 PID: 6156 Comm: syz.4.525 Not tainted 5.15.162-syzkaller #0 [ 176.739971][ T6156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 176.742486][ T6156] Call trace: [ 176.743270][ T6156] dump_backtrace+0x0/0x530 [ 176.744330][ T6156] show_stack+0x2c/0x3c [ 176.745399][ T6156] dump_stack_lvl+0x108/0x170 [ 176.746564][ T6156] dump_stack+0x1c/0x58 [ 176.747621][ T6156] should_fail+0x3b8/0x514 [ 176.748811][ T6156] should_fail_usercopy+0x20/0x30 [ 176.749934][ T6156] csum_and_copy_from_iter+0x240/0xedc [ 176.751309][ T6156] kcm_sendmsg+0x9fc/0x1ed8 [ 176.752350][ T6156] ____sys_sendmsg+0x584/0x870 [ 176.753714][ T6156] ___sys_sendmsg+0x214/0x294 [ 176.754879][ T6156] __arm64_sys_sendmsg+0x1ac/0x25c [ 176.756199][ T6156] invoke_syscall+0x98/0x2b8 [ 176.757372][ T6156] el0_svc_common+0x138/0x258 [ 176.758561][ T6156] do_el0_svc+0x58/0x14c [ 176.759553][ T6156] el0_svc+0x7c/0x1f0 [ 176.760527][ T6156] el0t_64_sync_handler+0x84/0xe4 [ 176.761713][ T6156] el0t_64_sync+0x1a0/0x1a4 [ 176.765396][ T6143] chnl_net:caif_netlink_parms(): no params data found [ 176.849846][ T6160] loop2: detected capacity change from 0 to 256 [ 176.951834][ T6143] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.957383][ T6143] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.961172][ T6143] device bridge_slave_0 entered promiscuous mode [ 177.071650][ T6143] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.074938][ T6143] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.106540][ T6143] device bridge_slave_1 entered promiscuous mode [ 178.105743][ T6143] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 178.124349][ T6143] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 178.237655][ T6143] team0: Port device team_slave_0 added [ 178.358832][ T613] device hsr_slave_0 left promiscuous mode [ 178.365907][ T6177] netlink: 8 bytes leftover after parsing attributes in process `syz.1.530'. [ 178.411219][ T613] device hsr_slave_1 left promiscuous mode [ 178.423838][ T3278] Bluetooth: hci5: command 0x0409 tx timeout [ 178.523587][ T613] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 178.525691][ T613] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 178.560829][ T6181] loop4: detected capacity change from 0 to 1024 [ 178.568013][ T6169] loop2: detected capacity change from 0 to 32768 [ 178.574399][ T613] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 178.576275][ T613] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 178.579494][ T613] device bridge_slave_1 left promiscuous mode [ 178.581121][ T613] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.631858][ T613] device bridge_slave_0 left promiscuous mode [ 178.636419][ T613] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.657370][ T6169] XFS (loop2): Mounting V5 Filesystem [ 178.662282][ T295] hfsplus: b-tree write err: -5, ino 4 [ 178.742749][ T6169] XFS (loop2): Ending clean mount [ 178.747036][ T6169] XFS (loop2): Quotacheck needed: Please wait. [ 178.793702][ T613] device veth0_macvtap left promiscuous mode [ 178.795312][ T613] device veth1_vlan left promiscuous mode [ 178.796696][ T613] device veth0_vlan left promiscuous mode [ 178.803988][ T6169] XFS (loop2): Quotacheck: Done. [ 178.811380][ T6194] 9pnet: Insufficient options for proto=fd [ 179.777307][ T613] team0 (unregistering): Port device team_slave_1 removed [ 179.798105][ T613] team0 (unregistering): Port device team_slave_0 removed [ 179.845663][ T613] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 179.905887][ T613] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 179.967567][ T6198] loop4: detected capacity change from 0 to 1024 [ 180.051898][ T613] bond0 (unregistering): Released all slaves [ 180.154223][ T6143] team0: Port device team_slave_1 added [ 180.198470][ T6143] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 180.209431][ T6143] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.228643][ T6143] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 180.254111][ T6143] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 180.256384][ T6143] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.271906][ T5470] XFS (loop2): Unmounting Filesystem [ 180.277450][ T6143] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 180.356348][ T6203] loop1: detected capacity change from 0 to 2048 [ 180.415711][ T6205] loop4: detected capacity change from 0 to 256 [ 180.487218][ T6143] device hsr_slave_0 entered promiscuous mode [ 180.503447][ T4026] Bluetooth: hci5: command 0x041b tx timeout [ 180.534191][ T6143] device hsr_slave_1 entered promiscuous mode [ 180.753256][ T6143] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.630750][ T6143] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.694215][ T6203] loop1: detected capacity change from 0 to 32768 [ 181.770301][ T6143] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.837963][ T6203] XFS (loop1): Mounting V5 Filesystem [ 181.932881][ T6143] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.014809][ T6203] XFS (loop1): Ending clean mount [ 182.137883][ T6228] bridge0: port 3(gretap0) entered blocking state [ 182.139857][ T6228] bridge0: port 3(gretap0) entered disabled state [ 182.150991][ T6228] device gretap0 entered promiscuous mode [ 182.154516][ T6228] bridge0: port 3(gretap0) entered blocking state [ 182.156307][ T6228] bridge0: port 3(gretap0) entered forwarding state [ 182.608165][ T4026] Bluetooth: hci5: command 0x040f tx timeout [ 183.037381][ T5552] XFS (loop1): Unmounting Filesystem [ 183.432365][ T6143] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 183.524181][ T6143] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 183.596130][ T6143] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 183.645560][ T6143] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 183.695669][ T6234] netlink: 4 bytes leftover after parsing attributes in process `syz.0.539'. [ 183.721705][ T6212] xt_cluster: you have exceeded the maximum number of cluster nodes (4294967295 > 32) [ 183.728705][ T6212] netlink: 'syz.0.539': attribute type 10 has an invalid length. [ 183.735835][ T6212] bond0: (slave bond_slave_0): Releasing backup interface [ 183.742765][ T6216] loop4: detected capacity change from 0 to 40427 [ 183.780073][ T6216] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 183.782348][ T6216] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 183.803445][ T6216] F2FS-fs (loop4): Found nat_bits in checkpoint [ 183.824076][ T6216] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 183.825934][ T6216] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 183.899849][ T6239] FAULT_INJECTION: forcing a failure. [ 183.899849][ T6239] name failslab, interval 1, probability 0, space 0, times 0 [ 183.929875][ T6239] CPU: 0 PID: 6239 Comm: syz.4.540 Not tainted 5.15.162-syzkaller #0 [ 183.932014][ T6239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 183.934594][ T6239] Call trace: [ 183.935476][ T6239] dump_backtrace+0x0/0x530 [ 183.936608][ T6239] show_stack+0x2c/0x3c [ 183.937749][ T6239] dump_stack_lvl+0x108/0x170 [ 183.938971][ T6239] dump_stack+0x1c/0x58 [ 183.939970][ T6239] should_fail+0x3b8/0x514 [ 183.941058][ T6239] __should_failslab+0xbc/0x110 [ 183.942356][ T6239] should_failslab+0x10/0x28 [ 183.943542][ T6239] slab_pre_alloc_hook+0x64/0xe8 [ 183.944833][ T6239] kmem_cache_alloc+0x98/0x45c [ 183.946027][ T6239] f2fs_alloc_inode+0x138/0x5d8 [ 183.947165][ T6239] new_inode_pseudo+0x68/0x200 [ 183.948307][ T6239] new_inode+0x38/0x174 [ 183.949350][ T6239] f2fs_new_inode+0xe8/0x14a0 [ 183.950648][ T6239] f2fs_create+0x140/0x11d4 [ 183.951869][ T6239] path_openat+0xf18/0x26cc [ 183.953015][ T6239] do_filp_open+0x1a8/0x3b4 [ 183.954134][ T6239] do_sys_openat2+0x128/0x3d8 [ 183.955342][ T6239] __arm64_sys_openat+0x1f0/0x240 [ 183.956541][ T6239] invoke_syscall+0x98/0x2b8 [ 183.957668][ T6239] el0_svc_common+0x138/0x258 [ 183.958797][ T6239] do_el0_svc+0x58/0x14c [ 183.959858][ T6239] el0_svc+0x7c/0x1f0 [ 183.960869][ T6239] el0t_64_sync_handler+0x84/0xe4 [ 183.962088][ T6239] el0t_64_sync+0x1a0/0x1a4 [ 184.112075][ T6216] attempt to access beyond end of device [ 184.112075][ T6216] loop4: rw=2049, want=79904, limit=40427 [ 184.129052][ T6216] attempt to access beyond end of device [ 184.129052][ T6216] loop4: rw=2049, want=81920, limit=40427 [ 184.155990][ T6216] attempt to access beyond end of device [ 184.155990][ T6216] loop4: rw=2049, want=53248, limit=40427 [ 184.229495][ T6216] attempt to access beyond end of device [ 184.229495][ T6216] loop4: rw=2049, want=69448, limit=40427 [ 184.263576][ T6143] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.298307][ T6216] attempt to access beyond end of device [ 184.298307][ T6216] loop4: rw=2049, want=77824, limit=40427 [ 184.314178][ T5634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.316732][ T5634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.337151][ T6216] attempt to access beyond end of device [ 184.337151][ T6216] loop4: rw=2049, want=85880, limit=40427 [ 184.345906][ T6143] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.391419][ T5634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.394328][ T5634] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.396700][ T5634] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.398531][ T5634] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.400818][ T5634] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.415069][ T3983] attempt to access beyond end of device [ 184.415069][ T3983] loop4: rw=2049, want=40968, limit=40427 [ 184.442814][ T5634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.447910][ T5634] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.468584][ T5634] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.470485][ T5634] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.472835][ T5634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 184.484509][ T5634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 184.487397][ T5634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.490932][ T5634] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.521931][ T5634] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 184.529239][ T5634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.546667][ T5634] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.555716][ T5633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 184.558174][ T5633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 184.560683][ T5633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 184.563207][ T5633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 184.584020][ T6143] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 184.649856][ T6249] loop2: detected capacity change from 0 to 2048 [ 184.663580][ T4026] Bluetooth: hci5: command 0x0419 tx timeout [ 184.893182][ T6249] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 185.756478][ T6264] FAULT_INJECTION: forcing a failure. [ 185.756478][ T6264] name failslab, interval 1, probability 0, space 0, times 0 [ 185.759748][ T6264] CPU: 1 PID: 6264 Comm: syz.0.550 Not tainted 5.15.162-syzkaller #0 [ 185.761806][ T6264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 185.764365][ T6264] Call trace: [ 185.765198][ T6264] dump_backtrace+0x0/0x530 [ 185.766381][ T6264] show_stack+0x2c/0x3c [ 185.767449][ T6264] dump_stack_lvl+0x108/0x170 [ 185.768638][ T6264] dump_stack+0x1c/0x58 [ 185.769706][ T6264] should_fail+0x3b8/0x514 [ 185.770902][ T6264] __should_failslab+0xbc/0x110 [ 185.772220][ T6264] should_failslab+0x10/0x28 [ 185.773374][ T6264] slab_pre_alloc_hook+0x64/0xe8 [ 185.774754][ T6264] kmem_cache_alloc_node+0x9c/0x49c [ 185.776082][ T6264] alloc_vmap_area+0x158/0x16a8 [ 185.777327][ T6264] __get_vm_area_node+0x178/0x2e0 [ 185.778667][ T6264] __vmalloc_node_range+0xe4/0x8e4 [ 185.780071][ T6264] __bpf_map_area_alloc+0x1d4/0x264 [ 185.781436][ T6264] bpf_map_area_alloc+0x2c/0x3c [ 185.782707][ T6264] stack_map_alloc+0x290/0x4b8 [ 185.783968][ T6264] map_create+0x438/0xc98 [ 185.785087][ T6264] __sys_bpf+0x240/0x610 [ 185.786192][ T6264] __arm64_sys_bpf+0x80/0x98 [ 185.787374][ T6264] invoke_syscall+0x98/0x2b8 [ 185.788564][ T6264] el0_svc_common+0x138/0x258 [ 185.789812][ T6264] do_el0_svc+0x58/0x14c [ 185.790926][ T6264] el0_svc+0x7c/0x1f0 [ 185.791973][ T6264] el0t_64_sync_handler+0x84/0xe4 [ 185.793261][ T6264] el0t_64_sync+0x1a0/0x1a4 [ 185.819988][ T6143] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.822672][ T5633] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 185.825045][ T5633] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 185.874462][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 185.877187][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 185.907161][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 185.909771][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 185.912416][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 185.933881][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 185.938488][ T6143] device veth0_vlan entered promiscuous mode [ 185.947156][ T6143] device veth1_vlan entered promiscuous mode [ 186.035897][ T5779] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 186.038393][ T5779] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 186.040848][ T5779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 186.044986][ T5779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 186.074805][ T6143] device veth0_macvtap entered promiscuous mode [ 186.079310][ T6143] device veth1_macvtap entered promiscuous mode [ 186.127503][ T6243] loop1: detected capacity change from 0 to 40427 [ 186.145709][ T6143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.148363][ T6143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.150844][ T6143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.175037][ T6143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.177928][ T6143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.181289][ T6143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.240125][ T6143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.338877][ T6243] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 186.341803][ T6243] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 186.457168][ T6143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.637254][ T6143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.766000][ T6143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.039061][ T6277] netlink: 8 bytes leftover after parsing attributes in process `syz.4.546'. [ 187.065810][ T6243] F2FS-fs (loop1): invalid crc value [ 187.075358][ T6143] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 187.082052][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 187.104200][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 187.107187][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 187.131211][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 187.156208][ T6143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 187.158952][ T6143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.161437][ T6143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 187.175273][ T6243] F2FS-fs (loop1): Found nat_bits in checkpoint [ 187.187982][ T6143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.190658][ T6143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 187.203537][ T6143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.213617][ T6143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 187.216524][ T6143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.219008][ T6143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 187.221605][ T6143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.235488][ T6243] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 187.237566][ T6243] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 187.248861][ T6143] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 187.256851][ T4005] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 187.259597][ T4005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 187.262700][ T6273] ÿÿÿÿÿÿ: renamed from syzkaller0 [ 187.331233][ T6143] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.335901][ T6143] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.356981][ T6143] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.359326][ T6143] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.403885][ T6287] libceph: resolve '00' (ret=-3): failed [ 187.766527][ T295] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 187.768874][ T295] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 187.812496][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 187.864493][ T295] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 187.878313][ T295] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 187.883677][ T5783] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 188.159837][ T6303] loop3: detected capacity change from 0 to 64 [ 188.198143][ T6300] loop2: detected capacity change from 0 to 256 [ 189.286159][ T6313] loop1: detected capacity change from 0 to 512 [ 189.344597][ T6311] loop3: detected capacity change from 0 to 2048 [ 189.359394][ T6313] EXT4-fs (loop1): Ignoring removed orlov option [ 189.361216][ T6313] EXT4-fs (loop1): Unrecognized mount option "defcontext=root" or missing value [ 189.893462][ T6318] loop2: detected capacity change from 0 to 512 [ 190.642653][ T6307] loop4: detected capacity change from 0 to 262144 [ 190.666901][ T6307] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop4 scanned by syz.4.560 (6307) [ 190.720307][ T6318] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 190.771146][ T6307] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 190.773439][ T6307] BTRFS info (device loop4): enabling ssd optimizations [ 190.775181][ T6307] BTRFS info (device loop4): enabling auto defrag [ 190.776774][ T6307] BTRFS info (device loop4): using free space tree [ 190.778372][ T6307] BTRFS info (device loop4): has skinny extents [ 190.779857][ T6307] BTRFS info (device loop4): flagging fs with big metadata feature [ 190.794099][ T6318] EXT4-fs warning (device loop2): ext4_multi_mount_protect:403: Unable to create kmmpd thread for loop2. [ 190.826162][ T6311] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 191.068290][ T586] BTRFS warning (device loop4): checksum verify failed on 22036480 wanted 0x23e101be1e001a29 found 0x98e2f59226e63d74 level 0 [ 191.076357][ T6307] BTRFS info (device loop4): read error corrected: ino 0 off 22036480 (dev /dev/loop4 sector 43040) [ 191.079644][ T6307] BTRFS info (device loop4): read error corrected: ino 0 off 22040576 (dev /dev/loop4 sector 43048) [ 191.082669][ T6307] BTRFS info (device loop4): read error corrected: ino 0 off 22044672 (dev /dev/loop4 sector 43056) [ 191.085754][ T6307] BTRFS info (device loop4): read error corrected: ino 0 off 22048768 (dev /dev/loop4 sector 43064) [ 191.089903][ T586] BTRFS warning (device loop4): checksum verify failed on 30670848 wanted 0xe9f08ec94c425425 found 0x1a4a9216e61c07c8 level 0 [ 191.097233][ T6307] BTRFS info (device loop4): read error corrected: ino 0 off 30670848 (dev /dev/loop4 sector 76288) [ 191.100885][ T6307] BTRFS info (device loop4): read error corrected: ino 0 off 30674944 (dev /dev/loop4 sector 76296) [ 191.107359][ T6307] BTRFS info (device loop4): read error corrected: ino 0 off 30679040 (dev /dev/loop4 sector 76304) [ 191.110526][ T6307] BTRFS info (device loop4): read error corrected: ino 0 off 30683136 (dev /dev/loop4 sector 76312) [ 191.136216][ T5079] BTRFS warning (device loop4): checksum verify failed on 30457856 wanted 0x402e75f1de9ccfe6 found 0x64dad595b87aeca8 level 0 [ 191.204034][ T6307] BTRFS info (device loop4): read error corrected: ino 0 off 30457856 (dev /dev/loop4 sector 75872) [ 191.208416][ T6307] BTRFS info (device loop4): read error corrected: ino 0 off 30461952 (dev /dev/loop4 sector 75880) [ 191.231665][ T6307] netlink: 'syz.4.560': attribute type 8 has an invalid length. [ 191.234128][ T6307] netlink: 'syz.4.560': attribute type 7 has an invalid length. [ 191.236113][ T6307] netlink: 194488 bytes leftover after parsing attributes in process `syz.4.560'. [ 191.293924][ T6353] loop2: detected capacity change from 0 to 256 [ 191.872366][ T6362] FAULT_INJECTION: forcing a failure. [ 191.872366][ T6362] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 191.896735][ T6362] CPU: 1 PID: 6362 Comm: syz.0.570 Not tainted 5.15.162-syzkaller #0 [ 191.898824][ T6362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 191.901285][ T6362] Call trace: [ 191.902066][ T6362] dump_backtrace+0x0/0x530 [ 191.903158][ T6362] show_stack+0x2c/0x3c [ 191.904189][ T6362] dump_stack_lvl+0x108/0x170 [ 191.905365][ T6362] dump_stack+0x1c/0x58 [ 191.906444][ T6362] should_fail+0x3b8/0x514 [ 191.907643][ T6362] should_fail_alloc_page+0x74/0xa8 [ 191.909059][ T6362] prepare_alloc_pages+0x160/0x460 [ 191.910425][ T6362] __alloc_pages+0x138/0x674 [ 191.911616][ T6362] kmalloc_large_node+0x8c/0x190 [ 191.912978][ T6362] __kmalloc_node+0x368/0x5b8 [ 191.914192][ T6362] kvmalloc_node+0x88/0x204 [ 191.915325][ T6362] snd_seq_pool_init+0x74/0x310 [ 191.916651][ T6362] snd_seq_write+0x250/0x994 [ 191.917861][ T6362] vfs_write+0x280/0xb3c [ 191.918999][ T6362] ksys_write+0x15c/0x26c [ 191.920123][ T6362] __arm64_sys_write+0x7c/0x90 [ 191.921446][ T6362] invoke_syscall+0x98/0x2b8 [ 191.922688][ T6362] el0_svc_common+0x138/0x258 [ 191.923845][ T6362] do_el0_svc+0x58/0x14c [ 191.924915][ T6362] el0_svc+0x7c/0x1f0 [ 191.925962][ T6362] el0t_64_sync_handler+0x84/0xe4 [ 191.927232][ T6362] el0t_64_sync+0x1a0/0x1a4 [ 192.875640][ T6355] chnl_net:caif_netlink_parms(): no params data found [ 192.931946][ T2050] ieee802154 phy0 wpan0: encryption failed: -22 [ 192.933918][ T2050] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.842420][ T6355] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.852619][ T6355] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.861206][ T6355] device bridge_slave_0 entered promiscuous mode [ 193.893929][ T6355] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.913321][ T6355] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.922243][ T6355] device bridge_slave_1 entered promiscuous mode [ 193.944115][ T5783] Bluetooth: hci4: command 0x0409 tx timeout [ 194.055086][ T6388] loop4: detected capacity change from 0 to 2048 [ 194.076094][ T6355] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 194.080755][ T6355] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 194.081582][ T6389] loop2: detected capacity change from 0 to 4096 [ 194.120918][ T6388] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 194.159336][ T6389] ntfs: (device loop2): ntfs_read_locked_inode(): $DATA attribute is missing. [ 194.161651][ T6389] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 194.254694][ T6389] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 194.295217][ T6389] ntfs: volume version 3.1. [ 194.314649][ T6355] team0: Port device team_slave_0 added [ 194.318220][ T6355] team0: Port device team_slave_1 added [ 194.466956][ T6355] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 194.473421][ T6355] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 194.493546][ T6355] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 194.498194][ T6355] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 194.499989][ T6355] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 194.518110][ T6355] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 194.635905][ T6355] device hsr_slave_0 entered promiscuous mode [ 194.646449][ T6398] loop1: detected capacity change from 0 to 512 [ 194.664139][ T6355] device hsr_slave_1 entered promiscuous mode [ 194.704754][ T6355] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 194.706713][ T6355] Cannot create hsr debugfs directory [ 194.742656][ T6398] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.578: inode #1: comm syz.1.578: iget: illegal inode # [ 194.752020][ T6398] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.578: error while reading EA inode 1 err=-117 [ 194.781940][ T6398] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 194.786668][ T6398] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.578: inode #1: comm syz.1.578: iget: illegal inode # [ 194.797206][ T6398] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.578: error while reading EA inode 1 err=-117 [ 194.854818][ T6398] EXT4-fs (loop1): 1 orphan inode deleted [ 194.857312][ T6398] EXT4-fs (loop1): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,grpquota,usrjquota=,,errors=continue. Quota mode: writeback. [ 194.879901][ T6398] FAULT_INJECTION: forcing a failure. [ 194.879901][ T6398] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 194.883264][ T6398] CPU: 0 PID: 6398 Comm: syz.1.578 Not tainted 5.15.162-syzkaller #0 [ 194.885477][ T6398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 194.888114][ T6398] Call trace: [ 194.888950][ T6398] dump_backtrace+0x0/0x530 [ 194.890083][ T6398] show_stack+0x2c/0x3c [ 194.892675][ T6398] dump_stack_lvl+0x108/0x170 [ 194.892695][ T6398] dump_stack+0x1c/0x58 [ 194.892705][ T6398] should_fail+0x3b8/0x514 [ 194.892717][ T6398] should_fail_usercopy+0x20/0x30 [ 194.892728][ T6398] do_vfs_ioctl+0x9d8/0x2a38 [ 194.898743][ T6398] __arm64_sys_ioctl+0xe4/0x1c8 [ 194.900060][ T6398] invoke_syscall+0x98/0x2b8 [ 194.901295][ T6398] el0_svc_common+0x138/0x258 [ 194.901313][ T6398] do_el0_svc+0x58/0x14c [ 194.901323][ T6398] el0_svc+0x7c/0x1f0 [ 194.901334][ T6398] el0t_64_sync_handler+0x84/0xe4 [ 194.901343][ T6398] el0t_64_sync+0x1a0/0x1a4 [ 194.972710][ T5470] ntfs: (device loop2): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 195.136704][ T6409] 9pnet: Insufficient options for proto=fd [ 195.326404][ T613] device hsr_slave_0 left promiscuous mode [ 195.363738][ T613] device hsr_slave_1 left promiscuous mode [ 195.795978][ T613] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 195.799216][ T613] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 195.869750][ T613] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 195.963810][ T613] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 195.968759][ T613] device bridge_slave_1 left promiscuous mode [ 195.970400][ T613] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.023764][ T5782] Bluetooth: hci4: command 0x041b tx timeout [ 196.054979][ T613] device bridge_slave_0 left promiscuous mode [ 196.056703][ T613] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.191613][ T613] device veth1_macvtap left promiscuous mode [ 196.193229][ T613] device veth0_macvtap left promiscuous mode [ 196.196093][ T613] device veth1_vlan left promiscuous mode [ 196.197592][ T613] device veth0_vlan left promiscuous mode [ 196.308571][ T6404] loop4: detected capacity change from 0 to 40427 [ 196.326466][ T6404] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 196.328474][ T6404] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 196.464372][ T6404] F2FS-fs (loop4): invalid crc value [ 196.501524][ T6404] F2FS-fs (loop4): Found nat_bits in checkpoint [ 196.521419][ T6404] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 196.524137][ T6404] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 197.373164][ T613] team0 (unregistering): Port device team_slave_1 removed [ 197.382540][ T613] team0 (unregistering): Port device team_slave_0 removed [ 197.401783][ T613] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 197.522096][ T613] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 198.324641][ T5782] Bluetooth: hci4: command 0x040f tx timeout [ 198.440254][ T613] bond0 (unregistering): Released all slaves [ 198.558887][ T6355] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.716277][ T6355] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.762825][ T6438] loop1: detected capacity change from 0 to 2048 [ 198.786336][ T6440] loop2: detected capacity change from 0 to 512 [ 198.850872][ T6355] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.904951][ T6438] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 198.928762][ T6440] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.592: inode #1: comm syz.2.592: iget: illegal inode # [ 198.938125][ T6440] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.592: error while reading EA inode 1 err=-117 [ 198.948049][ T6440] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.592: inode #1: comm syz.2.592: iget: illegal inode # [ 198.972564][ T6440] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.592: error while reading EA inode 1 err=-117 [ 198.980090][ T6440] EXT4-fs (loop2): 1 orphan inode deleted [ 198.981557][ T6440] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,grpquota,usrjquota=,,errors=continue. Quota mode: writeback. [ 199.075886][ T6355] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.236098][ T6447] loop2: detected capacity change from 0 to 64 [ 199.388389][ T6355] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 199.455853][ T6355] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 199.459893][ T6454] FAULT_INJECTION: forcing a failure. [ 199.459893][ T6454] name failslab, interval 1, probability 0, space 0, times 0 [ 199.466831][ T6454] CPU: 0 PID: 6454 Comm: syz.2.595 Not tainted 5.15.162-syzkaller #0 [ 199.469037][ T6454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 199.471602][ T6454] Call trace: [ 199.472480][ T6454] dump_backtrace+0x0/0x530 [ 199.473683][ T6454] show_stack+0x2c/0x3c [ 199.474756][ T6454] dump_stack_lvl+0x108/0x170 [ 199.475937][ T6454] dump_stack+0x1c/0x58 [ 199.477011][ T6454] should_fail+0x3b8/0x514 [ 199.478148][ T6454] __should_failslab+0xbc/0x110 [ 199.479380][ T6454] should_failslab+0x10/0x28 [ 199.480535][ T6454] slab_pre_alloc_hook+0x64/0xe8 [ 199.481761][ T6454] __kmalloc+0xc0/0x4c8 [ 199.482716][ T6454] tomoyo_realpath_from_path+0xd0/0x508 [ 199.484166][ T6454] tomoyo_path_number_perm+0x1f8/0x6b0 [ 199.485638][ T6454] tomoyo_path_mknod+0x168/0x1b0 [ 199.486864][ T6454] security_path_mknod+0xf8/0x14c [ 199.488270][ T6454] do_mknodat+0x250/0x694 [ 199.489312][ T6454] __arm64_sys_mknodat+0xb0/0xcc [ 199.490520][ T6454] invoke_syscall+0x98/0x2b8 [ 199.491736][ T6454] el0_svc_common+0x138/0x258 [ 199.493011][ T6454] do_el0_svc+0x58/0x14c [ 199.494162][ T6454] el0_svc+0x7c/0x1f0 [ 199.495187][ T6454] el0t_64_sync_handler+0x84/0xe4 [ 199.496566][ T6454] el0t_64_sync+0x1a0/0x1a4 [ 199.597296][ T6355] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 199.629704][ T6454] ERROR: Out of memory at tomoyo_realpath_from_path. [ 199.697805][ T6355] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 199.732572][ T6462] 9pnet: Insufficient options for proto=fd [ 200.677928][ T5782] Bluetooth: hci4: command 0x0419 tx timeout [ 201.039151][ T6482] loop1: detected capacity change from 0 to 64 [ 201.041019][ T6355] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.066033][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.068472][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.094537][ T6355] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.122119][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.125071][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.127668][ T4026] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.129506][ T4026] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.132515][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.164031][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.166652][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.179392][ T4026] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.181288][ T4026] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.194267][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.197126][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.247515][ T6484] loop1: detected capacity change from 0 to 256 [ 201.319893][ T6355] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 201.322606][ T6355] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 201.369438][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.372787][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.376125][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.380037][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.382727][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.399145][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.401841][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 201.417105][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 201.443864][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 201.460645][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 201.488524][ T6459] loop4: detected capacity change from 0 to 32768 [ 201.600093][ T6490] loop1: detected capacity change from 0 to 2048 [ 201.691685][ T6459] XFS (loop4): Mounting V5 Filesystem [ 201.762474][ T6490] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 201.895014][ T6355] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.897469][ T4057] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 201.899503][ T4057] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 201.914492][ T6459] XFS (loop4): Ending clean mount [ 201.954367][ T6476] loop2: detected capacity change from 0 to 40427 [ 201.993210][ T26] audit: type=1326 audit(201.960:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.4.597" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbcc7ee68 code=0x7ffc0000 [ 201.997624][ T4005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 201.999095][ T26] audit: type=1326 audit(201.960:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.4.597" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffbcc7ee68 code=0x7ffc0000 [ 202.001612][ T4005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 202.035384][ T6476] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 202.037432][ T6476] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 202.042954][ T26] audit: type=1326 audit(201.960:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.4.597" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbcc7ee68 code=0x7ffc0000 [ 202.046973][ T6476] F2FS-fs (loop2): invalid crc value [ 202.069768][ T4005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 202.072788][ T4005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 202.076550][ T4005] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 202.081183][ T6476] F2FS-fs (loop2): Found nat_bits in checkpoint [ 202.098342][ T26] audit: type=1326 audit(201.960:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.4.597" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=200 compat=0 ip=0xffffbcc7ee68 code=0x7ffc0000 [ 202.117316][ T4005] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 202.131707][ T6355] device veth0_vlan entered promiscuous mode [ 202.153967][ T3983] XFS (loop4): Unmounting Filesystem [ 202.159880][ T6355] device veth1_vlan entered promiscuous mode [ 202.166365][ T6476] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 202.168457][ T6476] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 202.190400][ T4020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 202.193719][ T4020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 202.199979][ T6355] device veth0_macvtap entered promiscuous mode [ 202.206188][ T6355] device veth1_macvtap entered promiscuous mode [ 202.218313][ T6355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 202.221345][ T6355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.232647][ T6355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 202.245530][ T6355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.253804][ T6355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 202.264488][ T6355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.273657][ T6355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 202.283716][ T6355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.289619][ T6355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 202.295604][ T6355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.308240][ T6355] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 202.315094][ T4005] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 202.317830][ T4005] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 202.320649][ T4005] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 202.324606][ T4005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 202.337010][ T6355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 202.343039][ T6355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.357082][ T6355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 202.363162][ T6355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.372401][ T6355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 202.381365][ T6355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.387589][ T6355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 202.390831][ T6355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.397732][ T6355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 202.400221][ T6355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.409041][ T6355] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 202.461758][ T4020] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 202.464661][ T4020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 202.468280][ T6355] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.474149][ T6355] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.489136][ T6355] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.491354][ T6355] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.609803][ T6510] 9pnet: Insufficient options for proto=fd [ 203.585528][ T5079] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.587843][ T5079] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.593170][ T4020] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 203.727212][ T295] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.729598][ T295] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.754013][ T5779] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 203.801864][ T6518] 9pnet: p9_fd_create_tcp (6518): problem connecting socket to 127.0.0.1 [ 205.386150][ T6535] loop1: detected capacity change from 0 to 64 [ 205.520590][ T6543] loop3: detected capacity change from 0 to 512 [ 205.616525][ T6543] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 205.624341][ T6548] 9pnet: Insufficient options for proto=fd [ 205.632546][ T6543] EXT4-fs error (device loop3): __ext4_iget:4861: inode #11: block 1: comm syz.3.618: invalid block [ 205.650750][ T6543] EXT4-fs (loop3): Remounting filesystem read-only [ 205.652539][ T6543] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.618: couldn't read orphan inode 11 (err -117) [ 205.667332][ T6543] EXT4-fs (loop3): mounted filesystem without journal. Opts: noauto_da_alloc,errors=continue,max_dir_size_kb=0x0000000000000009,data_err=abort,errors=remount-ro,noinit_itable,mblk_io_submit,i_version,acl,. Quota mode: none. [ 206.672562][ T6561] loop1: detected capacity change from 0 to 64 [ 207.642711][ T6549] loop4: detected capacity change from 0 to 40427 [ 208.146604][ T6579] 9pnet: p9_fd_create_tcp (6579): problem connecting socket to 127.0.0.1 [ 208.246764][ T6582] loop3: detected capacity change from 0 to 256 [ 208.249021][ T6582] exfat: Deprecated parameter 'namecase' [ 208.250481][ T6582] exfat: Deprecated parameter 'namecase' [ 208.258836][ T6549] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 208.260828][ T6549] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 208.288637][ T6549] F2FS-fs (loop4): invalid crc value [ 208.315708][ T6582] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 208.334792][ T6549] F2FS-fs (loop4): Found nat_bits in checkpoint [ 208.412461][ T6549] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 208.414628][ T6549] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 208.624010][ T6593] loop3: detected capacity change from 0 to 64 [ 208.676839][ T6596] loop1: detected capacity change from 0 to 2048 [ 208.758291][ T6596] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 209.243019][ T6621] netlink: 32 bytes leftover after parsing attributes in process `syz.0.641'. [ 209.345342][ T6616] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 209.415646][ T6621] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 210.395166][ T6644] loop3: detected capacity change from 0 to 64 [ 210.467550][ T6649] udc-core: couldn't find an available UDC or it's busy [ 210.469340][ T6649] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 210.595177][ T6660] udc-core: couldn't find an available UDC or it's busy [ 210.596993][ T6660] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 210.639384][ T6663] loop1: detected capacity change from 0 to 1024 [ 210.730686][ T6660] loop2: detected capacity change from 0 to 4096 [ 210.767982][ T6660] ntfs3: loop2: Different NTFS' sector size (2048) and media sector size (512) [ 210.793429][ T6660] ntfs3: loop2: ino=4, Correct links count -> 2. [ 211.040899][ T6665] loop4: detected capacity change from 0 to 32768 [ 211.079276][ T6665] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz.4.661 (6665) [ 211.142644][ T6665] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 211.150302][ T6665] BTRFS info (device loop4): force zlib compression, level 3 [ 211.158127][ T6665] BTRFS info (device loop4): force clearing of disk cache [ 211.166610][ T6665] BTRFS info (device loop4): setting nodatasum [ 211.171884][ T6665] BTRFS info (device loop4): allowing degraded mounts [ 211.181957][ T6665] BTRFS info (device loop4): enabling disk space caching [ 211.188637][ T6665] BTRFS info (device loop4): disk space caching is enabled [ 211.196790][ T6665] BTRFS info (device loop4): has skinny extents [ 211.413522][ T6665] BTRFS info (device loop4): clearing free space tree [ 211.416082][ T6665] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 211.418814][ T6665] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 211.463738][ T25] Bluetooth: hci4: command 0x0405 tx timeout [ 211.474799][ T6668] loop3: detected capacity change from 0 to 32768 [ 211.505485][ T6702] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 211.530163][ T6701] netlink: 32 bytes leftover after parsing attributes in process `syz.0.667'. [ 211.535083][ T6668] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by syz.3.662 (6668) [ 211.536260][ T6701] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 211.551241][ T6665] BTRFS error (device loop4): balance: mixed groups data and metadata options must be the same [ 211.605284][ T6701] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 211.779575][ T613] device hsr_slave_0 left promiscuous mode [ 211.795067][ T613] device hsr_slave_1 left promiscuous mode [ 211.965029][ T613] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 211.966983][ T613] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 211.972819][ T613] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 211.979293][ T613] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 211.989280][ T613] device bridge_slave_1 left promiscuous mode [ 212.003913][ T613] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.031161][ T6729] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 212.040671][ T613] device bridge_slave_0 left promiscuous mode [ 212.042261][ T613] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.168692][ T613] device veth1_macvtap left promiscuous mode [ 212.170325][ T613] device veth0_macvtap left promiscuous mode [ 212.174020][ T613] device veth1_vlan left promiscuous mode [ 212.175603][ T613] device veth0_vlan left promiscuous mode [ 212.364344][ T6755] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 212.801449][ T6766] netlink: 32 bytes leftover after parsing attributes in process `syz.3.698'. [ 213.003512][ T6769] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 213.079780][ T6770] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 213.130136][ T613] team0 (unregistering): Port device team_slave_1 removed [ 213.178282][ T613] team0 (unregistering): Port device team_slave_0 removed [ 213.214075][ T613] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 213.261373][ T613] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 213.385104][ T5782] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 213.387366][ T5782] Bluetooth: hci2: Injecting HCI hardware error event [ 213.389470][ T3974] Bluetooth: hci2: hardware error 0x00 [ 213.466636][ T6788] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 213.546584][ T613] bond0 (unregistering): Released all slaves [ 213.670192][ T6800] loop4: detected capacity change from 0 to 512 [ 213.699190][ T6800] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 213.711984][ T6800] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 213.730131][ T6800] EXT4-fs (loop4): failed to initialize system zone (-117) [ 213.732000][ T6800] EXT4-fs (loop4): mount failed [ 213.755856][ T26] audit: type=1326 audit(213.730:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6810 comm="syz.2.718" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa39cbe68 code=0x7ffc0000 [ 213.761793][ T26] audit: type=1326 audit(213.730:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6810 comm="syz.2.718" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffa39cbe68 code=0x7ffc0000 [ 213.787259][ T26] audit: type=1326 audit(213.730:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6810 comm="syz.2.718" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa39cbe68 code=0x7ffc0000 [ 213.796241][ T6804] netlink: 8 bytes leftover after parsing attributes in process `syz.1.714'. [ 213.841188][ T26] audit: type=1326 audit(213.730:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6810 comm="syz.2.718" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffa39cbe68 code=0x7ffc0000 [ 213.866296][ T26] audit: type=1326 audit(213.730:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6810 comm="syz.2.718" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa39cbe68 code=0x7ffc0000 [ 213.903123][ T26] audit: type=1326 audit(213.730:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6810 comm="syz.2.718" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffa39cbe68 code=0x7ffc0000 [ 213.921646][ T26] audit: type=1326 audit(213.730:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6810 comm="syz.2.718" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa39cbe68 code=0x7ffc0000 [ 213.941909][ T26] audit: type=1326 audit(213.730:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6810 comm="syz.2.718" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=52 compat=0 ip=0xffffa39cbe68 code=0x7ffc0000 [ 213.963731][ T26] audit: type=1326 audit(213.730:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6810 comm="syz.2.718" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa39cbe68 code=0x7ffc0000 [ 213.996506][ T6819] bridge0: port 3(gretap0) entered disabled state [ 213.998250][ T6819] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.001020][ T6819] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.033044][ T6821] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 214.042281][ T6822] bridge0: port 3(gretap0) entered blocking state [ 214.043989][ T6822] bridge0: port 3(gretap0) entered forwarding state [ 214.047728][ T6822] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.049686][ T6822] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.051601][ T6822] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.053418][ T6822] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.081891][ T6822] device bridge0 entered promiscuous mode [ 214.273128][ T6843] loop1: detected capacity change from 0 to 2048 [ 214.431010][ T6843] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,nodelalloc,nouid32,errors=remount-ro,. Quota mode: writeback. [ 214.605062][ T6852] netlink: 32 bytes leftover after parsing attributes in process `syz.4.735'. [ 214.632128][ T6852] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 214.714797][ T6854] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 214.814534][ T6864] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 214.998221][ T6828] loop3: detected capacity change from 0 to 40427 [ 215.070438][ T6881] tipc: Started in network mode [ 215.072309][ T6881] tipc: Node identity f7, cluster identity 4711 [ 215.075533][ T6881] tipc: Node number set to 247 [ 215.118132][ T6828] F2FS-fs (loop3): Invalid log sectors per block(3) log sectorsize(10) [ 215.120373][ T6828] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 215.172487][ T6828] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045589454292453) [ 215.180539][ T6887] udc-core: couldn't find an available UDC or it's busy [ 215.182315][ T6887] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 215.199025][ T26] audit: type=1107 audit(215.170:18): pid=6885 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 215.234276][ T6828] F2FS-fs (loop3): recover fsync data on readonly fs [ 215.236827][ T6828] F2FS-fs (loop3): Try to recover 1th superblock, ret: -30 [ 215.238645][ T6828] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 215.420285][ T4026] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 216.273955][ T4026] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 216.281048][ T4026] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 216.291090][ T4026] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 216.307023][ T4026] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.367255][ T4026] usb 1-1: config 0 descriptor?? [ 217.354925][ T6917] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 217.434543][ T25] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 217.436732][ T25] Bluetooth: hci4: Injecting HCI hardware error event [ 217.438811][ T3978] Bluetooth: hci4: hardware error 0x00 [ 217.566854][ T6926] netlink: 32 bytes leftover after parsing attributes in process `syz.3.765'. [ 217.584600][ T6926] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 217.643645][ T4026] hid-led: probe of 0003:27B8:01ED.0001 failed with error -71 [ 217.659138][ T6926] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 217.679040][ T4026] usb 1-1: USB disconnect, device number 2 [ 219.078981][ T6949] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 219.126370][ T6945] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 219.188184][ T6945] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 219.231340][ T6952] udc-core: couldn't find an available UDC or it's busy [ 219.233234][ T6952] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 220.209584][ T6958] netlink: 56 bytes leftover after parsing attributes in process `syz.4.777'. [ 220.216565][ T6958] netlink: 'syz.4.777': attribute type 5 has an invalid length. [ 220.231863][ T6958] netlink: 44 bytes leftover after parsing attributes in process `syz.4.777'. [ 220.431362][ T6966] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 220.463048][ T4880] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 220.465953][ T4880] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 220.504807][ T6969] udc-core: couldn't find an available UDC or it's busy [ 220.506957][ T6969] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 220.509855][ T6966] netlink: 40 bytes leftover after parsing attributes in process `syz.0.781'. [ 221.449308][ T6974] loop4: detected capacity change from 0 to 1024 [ 221.684954][ T6974] EXT4-fs (loop4): Test dummy encryption mode enabled [ 221.686869][ T6974] EXT4-fs (loop4): Ignoring removed orlov option [ 223.421201][ T6995] netlink: 24 bytes leftover after parsing attributes in process `syz.0.789'. [ 223.448840][ T6974] EXT4-fs (loop4): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback. [ 223.590627][ T7004] loop3: detected capacity change from 0 to 1024 [ 223.633766][ T7008] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 223.638678][ T6974] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-ce" [ 223.704203][ T7004] hfsplus: failed to load root directory [ 223.872523][ T7024] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 223.926354][ T7024] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 226.856709][ T7046] loop3: detected capacity change from 0 to 1024 [ 226.860939][ T7051] loop1: detected capacity change from 0 to 512 [ 226.888554][ T7051] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 226.926213][ T7051] EXT4-fs (loop1): 1 orphan inode deleted [ 226.927781][ T7051] EXT4-fs (loop1): 1 truncate cleaned up [ 226.929090][ T7051] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000010000,block_validity,quota,. Quota mode: writeback. [ 226.980399][ T7052] loop2: detected capacity change from 0 to 1024 [ 227.047780][ T7063] udc-core: couldn't find an available UDC or it's busy [ 227.049649][ T7063] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 227.050977][ T7061] loop4: detected capacity change from 0 to 1024 [ 227.062127][ T7051] EXT4-fs error (device loop1): ext4_search_dir:1548: inode #12: block 7: comm syz.1.806: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=784, size=56 fake=0 [ 227.089033][ T7051] EXT4-fs (loop1): Remounting filesystem read-only [ 227.091455][ T7061] hfsplus: failed to load root directory [ 227.091916][ T7051] EXT4-fs error (device loop1): ext4_inlinedir_to_tree:1439: inode #12: block 7: comm syz.1.806: path /82/bus/file0: bad entry in directory: directory entry overrun - offset=788, inode=13, rec_len=784, size=60 fake=0 [ 227.260249][ T7052] EXT4-fs (loop2): mounted filesystem without journal. Opts: user_xattr,nombcache,journal_dev=0x0000000000000001,usrjquota=,debug_want_extra_isize=0x000000000000007e,lazytime,init_itable=0x0000000000000005,jqfmt=vfsold,grpjquota=,,errors=continue. Quota mode: none. [ 227.271971][ T7052] netlink: 8 bytes leftover after parsing attributes in process `syz.2.807'. [ 228.089976][ T7077] loop1: detected capacity change from 0 to 512 [ 230.150074][ T7097] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 230.194458][ T7100] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 230.219743][ T7097] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 230.759360][ T7123] loop3: detected capacity change from 0 to 2048 [ 230.774955][ T7128] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 230.852417][ T7123] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 230.932777][ T7121] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 231.115399][ T7146] loop1: detected capacity change from 0 to 1024 [ 231.131337][ T5123] ------------[ cut here ]------------ [ 231.133086][ T5123] kernel BUG at fs/ext4/inode.c:2722! [ 231.134799][ T5123] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 231.136877][ T5123] Modules linked in: [ 231.137879][ T5123] CPU: 1 PID: 5123 Comm: kworker/u4:15 Not tainted 5.15.162-syzkaller #0 [ 231.140125][ T5123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 231.142901][ T5123] Workqueue: writeback wb_workfn (flush-7:3) [ 231.144580][ T5123] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 231.146766][ T5123] pc : ext4_writepages+0x35d8/0x36fc [ 231.148286][ T5123] lr : ext4_writepages+0x35d8/0x36fc [ 231.149721][ T5123] sp : ffff80001d406d80 [ 231.150781][ T5123] x29: ffff80001d407140 x28: ffff80001d407040 x27: ffff80001d407590 [ 231.152994][ T5123] x26: ffff0000e084ae60 x25: 0000000000000001 x24: ffff800011bf6340 [ 231.155134][ T5123] x23: ffff0000d7526000 x22: ffff80001d406f60 x21: dfff800000000000 [ 231.157316][ T5123] x20: ffff0000e084a830 x19: 000000c410000000 x18: ffff80001d407a94 [ 231.159511][ T5123] x17: 0000000000000000 x16: ffff8000082ea13c x15: 0000000000000012 [ 231.161675][ T5123] x14: 1ffff0000292a06a x13: dfff800000000000 x12: 000000000a2d1a21 [ 231.163856][ T5123] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff0000cd333680 [ 231.165968][ T5123] x8 : ffff800008d9d590 x7 : ffff800008d9a148 x6 : 0000000000000000 [ 231.168091][ T5123] x5 : 0000000000000080 x4 : 0000000000000000 x3 : 0000000000000001 [ 231.170283][ T5123] x2 : 0000000000000000 x1 : 0000008000000000 x0 : 0000000000000000 [ 231.172484][ T5123] Call trace: [ 231.173377][ T5123] ext4_writepages+0x35d8/0x36fc [ 231.174738][ T5123] do_writepages+0x39c/0x5ec [ 231.175988][ T5123] __writeback_single_inode+0x148/0x13a4 [ 231.177515][ T5123] writeback_sb_inodes+0x94c/0x1654 [ 231.178953][ T5123] wb_writeback+0x3fc/0xfc8 [ 231.180117][ T5123] wb_workfn+0x3a4/0x1070 [ 231.181264][ T5123] process_one_work+0x790/0x11b8 [ 231.182619][ T5123] worker_thread+0x910/0x1034 [ 231.183893][ T5123] kthread+0x37c/0x45c [ 231.185042][ T5123] ret_from_fork+0x10/0x20 [ 231.186221][ T5123] Code: 17fff31d 97dc9c0c 17fff364 97dc9c0a (d4210000) [ 231.188152][ T5123] ---[ end trace 32bab415eefff136 ]--- [ 231.203869][ T7149] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 231.793261][ T5123] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 231.795201][ T5123] SMP: stopping secondary CPUs [ 231.796548][ T5123] Kernel Offset: disabled [ 231.797644][ T5123] CPU features: 0x0,000081c1,21302e40 [ 231.799098][ T5123] Memory Limit: none [ 232.332112][ T5123] Rebooting in 86400 seconds..